aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--components/service/crypto/client/test/mock/mock_crypto_client.cpp6
-rw-r--r--components/service/crypto/client/test/standalone/standalone_crypto_client.cpp4
-rw-r--r--components/service/crypto/provider/mbedcrypto/crypto_provider.c7
-rw-r--r--components/service/crypto/provider/mbedcrypto/crypto_provider.h3
-rw-r--r--components/service/crypto/provider/mbedcrypto/entropy_adapter/entropy_adapter.h40
-rw-r--r--components/service/crypto/provider/mbedcrypto/entropy_adapter/linux/component.cmake (renamed from components/service/crypto/provider/mbedcrypto/entropy_source/mock/component.cmake)4
-rw-r--r--components/service/crypto/provider/mbedcrypto/entropy_adapter/linux/linux_entropy_adapter.c43
-rw-r--r--components/service/crypto/provider/mbedcrypto/entropy_adapter/platform/component.cmake17
-rw-r--r--components/service/crypto/provider/mbedcrypto/entropy_adapter/platform/platform_entropy_adapter.c43
-rw-r--r--components/service/crypto/provider/mbedcrypto/entropy_source/mock/mock_entropy_source.c25
-rw-r--r--components/service/locator/standalone/services/crypto/crypto_service_context.cpp6
-rw-r--r--deployments/component-test/arm-linux/CMakeLists.txt13
-rw-r--r--deployments/component-test/component-test.cmake1
-rw-r--r--deployments/component-test/linux-pc/CMakeLists.txt11
-rw-r--r--deployments/crypto/opteesp/CMakeLists.txt27
-rw-r--r--deployments/crypto/opteesp/crypto_sp.c5
-rw-r--r--deployments/deployment.cmake26
-rw-r--r--deployments/libts/linux-pc/CMakeLists.txt2
-rw-r--r--platform/drivers/mock/mock_entropy.c42
-rw-r--r--platform/interface/entropy.h70
-rw-r--r--platform/providers/arm/fvp/fvp_base_revc-2xaemv8a/platform.cmake18
-rw-r--r--platform/providers/ts/mock/platform.cmake21
-rw-r--r--platform/providers/ts/vanilla/platform.cmake23
-rw-r--r--tools/cmake/common/AddPlatform.cmake45
24 files changed, 456 insertions, 46 deletions
diff --git a/components/service/crypto/client/test/mock/mock_crypto_client.cpp b/components/service/crypto/client/test/mock/mock_crypto_client.cpp
index 4ca482a5e..69e74787c 100644
--- a/components/service/crypto/client/test/mock/mock_crypto_client.cpp
+++ b/components/service/crypto/client/test/mock/mock_crypto_client.cpp
@@ -31,12 +31,12 @@ bool mock_crypto_client::init()
struct rpc_interface *storage_ep = mock_store_provider_init(&m_storage_provider);
struct rpc_caller *storage_caller = direct_caller_init_default(&m_storage_caller,
- storage_ep);
+ storage_ep);
struct rpc_interface *crypto_ep = mbed_crypto_provider_init(&m_crypto_provider,
- storage_caller);
+ storage_caller, NULL);
struct rpc_caller *crypto_caller = direct_caller_init_default(&m_crypto_caller,
- crypto_ep);
+ crypto_ep);
mbed_crypto_provider_register_serializer(&m_crypto_provider,
TS_RPC_ENCODING_PROTOBUF, pb_crypto_provider_serializer_instance());
diff --git a/components/service/crypto/client/test/standalone/standalone_crypto_client.cpp b/components/service/crypto/client/test/standalone/standalone_crypto_client.cpp
index 343bec1ad..15986c63c 100644
--- a/components/service/crypto/client/test/standalone/standalone_crypto_client.cpp
+++ b/components/service/crypto/client/test/standalone/standalone_crypto_client.cpp
@@ -52,9 +52,9 @@ bool standalone_crypto_client::init()
}
struct rpc_interface *crypto_ep = mbed_crypto_provider_init(&m_crypto_provider,
- storage_caller);
+ storage_caller, NULL);
struct rpc_caller *crypto_caller = direct_caller_init_default(&m_crypto_caller,
- crypto_ep);
+ crypto_ep);
mbed_crypto_provider_register_serializer(&m_crypto_provider,
TS_RPC_ENCODING_PROTOBUF, pb_crypto_provider_serializer_instance());
diff --git a/components/service/crypto/provider/mbedcrypto/crypto_provider.c b/components/service/crypto/provider/mbedcrypto/crypto_provider.c
index bbbf16961..a12f6252a 100644
--- a/components/service/crypto/provider/mbedcrypto/crypto_provider.c
+++ b/components/service/crypto/provider/mbedcrypto/crypto_provider.c
@@ -7,6 +7,7 @@
#include <stdlib.h>
#include <protocols/service/crypto/packed-c/opcodes.h>
#include <service/crypto/provider/mbedcrypto/crypto_provider.h>
+#include <service/crypto/provider/mbedcrypto/entropy_adapter/entropy_adapter.h>
#include <service/secure_storage/client/psa/its/its_client.h>
#include <protocols/rpc/common/packed-c/status.h>
#include <psa/crypto.h>
@@ -44,10 +45,13 @@ static const struct service_handler handler_table[] = {
};
struct rpc_interface *mbed_crypto_provider_init(struct mbed_crypto_provider *context,
- struct rpc_caller *storage_provider)
+ struct rpc_caller *storage_provider,
+ void *entropy_adapter_config)
{
struct rpc_interface *rpc_interface = NULL;
+ entropy_adapter_init(entropy_adapter_config);
+
/*
* A storage provider is required for persistent key storage. As this
* is a mandatory feature of the crypto service, insist on a storage
@@ -72,6 +76,7 @@ struct rpc_interface *mbed_crypto_provider_init(struct mbed_crypto_provider *con
void mbed_crypto_provider_deinit(struct mbed_crypto_provider *context)
{
(void)context;
+ entropy_adapter_deinit();
}
void mbed_crypto_provider_register_serializer(struct mbed_crypto_provider *context,
diff --git a/components/service/crypto/provider/mbedcrypto/crypto_provider.h b/components/service/crypto/provider/mbedcrypto/crypto_provider.h
index 4a94be71c..5ffd0c34e 100644
--- a/components/service/crypto/provider/mbedcrypto/crypto_provider.h
+++ b/components/service/crypto/provider/mbedcrypto/crypto_provider.h
@@ -34,7 +34,8 @@ struct mbed_crypto_provider
* a pointer to the rpc_interface for the service is returned.
*/
struct rpc_interface *mbed_crypto_provider_init(struct mbed_crypto_provider *context,
- struct rpc_caller *storage_provider);
+ struct rpc_caller *storage_provider,
+ void *entropy_adapter_config);
/*
* When operation of the provider is no longer required, this function
diff --git a/components/service/crypto/provider/mbedcrypto/entropy_adapter/entropy_adapter.h b/components/service/crypto/provider/mbedcrypto/entropy_adapter/entropy_adapter.h
new file mode 100644
index 000000000..48bb741ae
--- /dev/null
+++ b/components/service/crypto/provider/mbedcrypto/entropy_adapter/entropy_adapter.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+#ifndef MBED_CRYPTO_ENTROPY_ADAPTER_H
+#define MBED_CRYPTO_ENTROPY_ADAPTER_H
+
+/*
+ * The build-time configuration of Mbed Crypto creates a dependency on a
+ * hardware-based entropy source that provides an implementation of the
+ * mbedtls_hardware_poll function. Depending on the environment, this
+ * could be realized in different ways e.g. via a native environment
+ * specific service or using a platform specific driver. This header
+ * file defines the common interface for initializing and configuring
+ * the adapter that provides the entropy source.
+ */
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief Initialise the entropy adapter
+ *
+ * \param config Entropy adapter specific configuration or NULL if none.
+ *
+ * \return 0 if successful.
+ */
+int entropy_adapter_init(void *config);
+
+/**
+ * \brief Cleans-up the entropy adapter.
+ */
+void entropy_adapter_deinit(void);
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* MBED_CRYPTO_ENTROPY_ADAPTER_H */
diff --git a/components/service/crypto/provider/mbedcrypto/entropy_source/mock/component.cmake b/components/service/crypto/provider/mbedcrypto/entropy_adapter/linux/component.cmake
index cb48329b5..9be89d127 100644
--- a/components/service/crypto/provider/mbedcrypto/entropy_source/mock/component.cmake
+++ b/components/service/crypto/provider/mbedcrypto/entropy_adapter/linux/component.cmake
@@ -1,5 +1,5 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -9,5 +9,5 @@ if (NOT DEFINED TGT)
endif()
target_sources(${TGT} PRIVATE
- "${CMAKE_CURRENT_LIST_DIR}/mock_entropy_source.c"
+ "${CMAKE_CURRENT_LIST_DIR}/linux_entropy_adapter.c"
)
diff --git a/components/service/crypto/provider/mbedcrypto/entropy_adapter/linux/linux_entropy_adapter.c b/components/service/crypto/provider/mbedcrypto/entropy_adapter/linux/linux_entropy_adapter.c
new file mode 100644
index 000000000..83899b162
--- /dev/null
+++ b/components/service/crypto/provider/mbedcrypto/entropy_adapter/linux/linux_entropy_adapter.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+#include <mbedtls/entropy.h>
+#include <mbedtls/entropy_poll.h>
+#include <service/crypto/provider/mbedcrypto/entropy_adapter/entropy_adapter.h>
+#include <errno.h>
+#include <sys/syscall.h>
+#include <unistd.h>
+
+/*
+ * An mbed tls compatibile hardware entropy source that adapts the mbed tls hardware poll
+ * function to the Linux getrandom system call.
+ */
+
+int entropy_adapter_init(void *config)
+{
+ (void)config;
+ return 0;
+}
+
+void entropy_adapter_deinit(void)
+{
+
+}
+
+int mbedtls_hardware_poll(void *data, unsigned char *output, size_t len, size_t *olen)
+{
+ int status = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+ *olen = 0;
+
+ int num_output = syscall(SYS_getrandom, output, len, 0);
+
+ if (num_output >= 0) {
+
+ *olen = num_output;
+ status = 0;
+ }
+
+ return status;
+}
diff --git a/components/service/crypto/provider/mbedcrypto/entropy_adapter/platform/component.cmake b/components/service/crypto/provider/mbedcrypto/entropy_adapter/platform/component.cmake
new file mode 100644
index 000000000..d178f1fc0
--- /dev/null
+++ b/components/service/crypto/provider/mbedcrypto/entropy_adapter/platform/component.cmake
@@ -0,0 +1,17 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+if (NOT DEFINED TGT)
+ message(FATAL_ERROR "mandatory parameter TGT is not defined.")
+endif()
+
+target_sources(${TGT} PRIVATE
+ "${CMAKE_CURRENT_LIST_DIR}/platform_entropy_adapter.c"
+ )
+
+set_property(TARGET ${TGT} APPEND_STRING PROPERTY TS_PLATFORM_DRIVER_DEPENDENCIES
+ "entropy"
+ )
diff --git a/components/service/crypto/provider/mbedcrypto/entropy_adapter/platform/platform_entropy_adapter.c b/components/service/crypto/provider/mbedcrypto/entropy_adapter/platform/platform_entropy_adapter.c
new file mode 100644
index 000000000..8bf3ec472
--- /dev/null
+++ b/components/service/crypto/provider/mbedcrypto/entropy_adapter/platform/platform_entropy_adapter.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+#include <mbedtls/entropy.h>
+#include <mbedtls/entropy_poll.h>
+#include <platform/interface/entropy.h>
+#include <service/crypto/provider/mbedcrypto/entropy_adapter/entropy_adapter.h>
+#include <stddef.h>
+
+/*
+ * An mbed tls compatibile hardware entropy source that adapts the mbed tls hardware poll
+ * function to a platform entropy driver. The actual realization of the driver
+ * will depend on the platform selected at build-time.
+ */
+static struct ts_plat_entropy_driver driver = {0};
+
+int entropy_adapter_init(void *config)
+{
+ return ts_plat_entropy_create(&driver, config);
+}
+
+void entropy_adapter_deinit(void)
+{
+ ts_plat_entropy_destroy(&driver);
+
+ driver.iface = NULL;
+ driver.context = NULL;
+}
+
+int mbedtls_hardware_poll(void *data, unsigned char *output, size_t len, size_t *olen)
+{
+ int status = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+ *olen = 0;
+
+ if (driver.iface) {
+
+ status = driver.iface->poll(driver.context, output, len, olen);
+ }
+
+ return status;
+}
diff --git a/components/service/crypto/provider/mbedcrypto/entropy_source/mock/mock_entropy_source.c b/components/service/crypto/provider/mbedcrypto/entropy_source/mock/mock_entropy_source.c
deleted file mode 100644
index f76448170..000000000
--- a/components/service/crypto/provider/mbedcrypto/entropy_source/mock/mock_entropy_source.c
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
- * Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-#include <mbedtls/entropy_poll.h>
-#include <stdint.h>
-
-/*
- * A mock entropy source without any hardware dependencies. Should not be
- * used in production deployments.
- */
-int mbedtls_hardware_poll(void *data, unsigned char *output, size_t len, size_t *olen)
-{
- ((void) data);
- ((void) output);
- *olen = 0;
-
- if (len < sizeof(unsigned char) )
- return (0);
-
- *olen = sizeof(unsigned char);
-
- return (0);
-}
diff --git a/components/service/locator/standalone/services/crypto/crypto_service_context.cpp b/components/service/locator/standalone/services/crypto/crypto_service_context.cpp
index bff9ac101..e76122480 100644
--- a/components/service/locator/standalone/services/crypto/crypto_service_context.cpp
+++ b/components/service/locator/standalone/services/crypto/crypto_service_context.cpp
@@ -25,8 +25,10 @@ crypto_service_context::~crypto_service_context()
void crypto_service_context::do_init()
{
struct rpc_interface *storage_ep = sfs_provider_init(&m_storage_provider);
- struct rpc_caller *storage_caller = direct_caller_init_default(&m_storage_caller, storage_ep);
- struct rpc_interface *crypto_ep = mbed_crypto_provider_init(&m_crypto_provider, storage_caller);
+ struct rpc_caller *storage_caller = direct_caller_init_default(&m_storage_caller,
+ storage_ep);
+ struct rpc_interface *crypto_ep = mbed_crypto_provider_init(&m_crypto_provider,
+ storage_caller, NULL);
mbed_crypto_provider_register_serializer(&m_crypto_provider,
TS_RPC_ENCODING_PROTOBUF, pb_crypto_provider_serializer_instance());
diff --git a/deployments/component-test/arm-linux/CMakeLists.txt b/deployments/component-test/arm-linux/CMakeLists.txt
index d96a793a3..a0ad971f7 100644
--- a/deployments/component-test/arm-linux/CMakeLists.txt
+++ b/deployments/component-test/arm-linux/CMakeLists.txt
@@ -1,5 +1,5 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -29,6 +29,17 @@ include(${TS_ROOT}/external/CppUTest/CppUTest.cmake)
target_link_libraries(component-test PRIVATE CppUTest)
#-------------------------------------------------------------------------------
+# Components that are specific to deployment in the arm-linux environment.
+#
+#-------------------------------------------------------------------------------
+add_components(
+ TARGET "component-test"
+ BASE_DIR ${TS_ROOT}
+ COMPONENTS
+ "components/service/crypto/provider/mbedcrypto/entropy_adapter/linux"
+)
+
+#-------------------------------------------------------------------------------
# Extend with components that are common across all deployments of
# component-test
#
diff --git a/deployments/component-test/component-test.cmake b/deployments/component-test/component-test.cmake
index deadf114d..dcb0d2d57 100644
--- a/deployments/component-test/component-test.cmake
+++ b/deployments/component-test/component-test.cmake
@@ -40,7 +40,6 @@ add_components(
"components/service/crypto/client/test"
"components/service/crypto/client/test/standalone"
"components/service/crypto/provider/mbedcrypto"
- "components/service/crypto/provider/mbedcrypto/entropy_source/mock"
"components/service/crypto/provider/serializer/protobuf"
"components/service/crypto/provider/serializer/packed-c"
"components/service/crypto/test/unit"
diff --git a/deployments/component-test/linux-pc/CMakeLists.txt b/deployments/component-test/linux-pc/CMakeLists.txt
index 3e56d8388..a3ed94977 100644
--- a/deployments/component-test/linux-pc/CMakeLists.txt
+++ b/deployments/component-test/linux-pc/CMakeLists.txt
@@ -64,6 +64,17 @@ unit_test_add_suite(
target_include_directories(component-test PRIVATE "${TOP_LEVEL_INCLUDE_DIRS}")
#-------------------------------------------------------------------------------
+# Components that are specific to deployment in the linux-pc environment.
+#
+#-------------------------------------------------------------------------------
+add_components(
+ TARGET "component-test"
+ BASE_DIR ${TS_ROOT}
+ COMPONENTS
+ "components/service/crypto/provider/mbedcrypto/entropy_adapter/linux"
+)
+
+#-------------------------------------------------------------------------------
# Extend with components that are common across all deployments of
# component-test
#
diff --git a/deployments/crypto/opteesp/CMakeLists.txt b/deployments/crypto/opteesp/CMakeLists.txt
index 38bc42d2a..13447b14a 100644
--- a/deployments/crypto/opteesp/CMakeLists.txt
+++ b/deployments/crypto/opteesp/CMakeLists.txt
@@ -27,7 +27,10 @@ find_package(Spdevkit REQUIRED)
sp_dev_kit_configure_linking(TARGET crypto-sp DEFINES ARM64=1)
target_link_libraries(crypto-sp PRIVATE ${SP_DEV_KIT_LIBRARIES})
-
+#-------------------------------------------------------------------------------
+# Components that are specific to deployment in the opteesp environment.
+#
+#-------------------------------------------------------------------------------
add_components(TARGET "crypto-sp"
BASE_DIR ${TS_ROOT}
COMPONENTS
@@ -42,7 +45,7 @@ add_components(TARGET "crypto-sp"
"components/service/common/serializer/protobuf"
"components/service/common/provider"
"components/service/crypto/provider/mbedcrypto"
- "components/service/crypto/provider/mbedcrypto/entropy_source/mock"
+ "components/service/crypto/provider/mbedcrypto/entropy_adapter/platform"
"components/service/crypto/provider/serializer/protobuf"
"components/service/crypto/provider/serializer/packed-c"
"components/service/secure_storage/client/psa"
@@ -56,12 +59,28 @@ target_sources(crypto-sp PRIVATE
crypto_sp.c
)
-######################################################## Build protobuf files
+#-------------------------------------------------------------------------------
+# Use the selected platform to provide drivers needed by the deployment
+#
+#-------------------------------------------------------------------------------
+# temporarily force platform - with this change, the build interface to
+# an external builder such as a Yocto recipe is unchanged. Should remove
+# once the build interface is published.
+set(TS_PLATFORM "ts/mock" CACHE STRING "Overridden" FORCE)
+
+add_platform(TARGET "crypto-sp")
+
+#-------------------------------------------------------------------------------
+# Components used from external projects
+#
+#-------------------------------------------------------------------------------
+
+# Nanopb
include(../../../external/nanopb/nanopb.cmake)
target_link_libraries(crypto-sp PRIVATE nanopb::protobuf-nanopb-static)
protobuf_generate_all(TGT "crypto-sp" NAMESPACE "protobuf" BASE_DIR "${TS_ROOT}/protocols")
-################################################################# mbedcrypto
+# Mbedcrypto
include(../../../external/mbed-crypto/mbedcrypto.cmake)
target_link_libraries(crypto-sp PRIVATE mbedcrypto)
diff --git a/deployments/crypto/opteesp/crypto_sp.c b/deployments/crypto/opteesp/crypto_sp.c
index ea60d1c70..39039b302 100644
--- a/deployments/crypto/opteesp/crypto_sp.c
+++ b/deployments/crypto/opteesp/crypto_sp.c
@@ -46,7 +46,8 @@ void __noreturn sp_main(struct ffa_init_info *init_info)
/* Establish RPC session with secure storage SP */
storage_caller = ffarpc_caller_init(&ffarpc_caller);
- if (!ffarpc_caller_discover(storage_uuid, storage_sp_ids, sizeof(storage_sp_ids)/sizeof(uint16_t)) ||
+ if (!ffarpc_caller_discover(storage_uuid, storage_sp_ids,
+ sizeof(storage_sp_ids)/sizeof(uint16_t)) ||
ffarpc_caller_open(&ffarpc_caller, storage_sp_ids[0], 0)) {
/*
* Failed to establish session. To allow the crypto service
@@ -59,7 +60,7 @@ void __noreturn sp_main(struct ffa_init_info *init_info)
}
/* Initialize the crypto service */
- crypto_iface = mbed_crypto_provider_init(&crypto_provider, storage_caller);
+ crypto_iface = mbed_crypto_provider_init(&crypto_provider, storage_caller, NULL);
mbed_crypto_provider_register_serializer(&crypto_provider,
TS_RPC_ENCODING_PROTOBUF, pb_crypto_provider_serializer_instance());
diff --git a/deployments/deployment.cmake b/deployments/deployment.cmake
index 6543318f4..ca2a5e1ca 100644
--- a/deployments/deployment.cmake
+++ b/deployments/deployment.cmake
@@ -1,5 +1,5 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -22,6 +22,7 @@ set(ENV{TS_ROOT} "${TS_ROOT}")
# Common utilities used by the build system
include(${TS_ROOT}/tools/cmake/common/Utils.cmake REQUIRED)
include(${TS_ROOT}/tools/cmake/common/AddComponents.cmake REQUIRED)
+include(${TS_ROOT}/tools/cmake/common/AddPlatform.cmake REQUIRED)
# Check build environment requirements are met
ts_verify_build_env()
@@ -31,3 +32,26 @@ set(TOP_LEVEL_INCLUDE_DIRS
"${TS_ROOT}"
"${TS_ROOT}/components"
)
+
+# Set platform provider root default to use if no commandline variable value has been specified.
+# The root path may be specified to allow an external project to provide platform definitions.
+if (DEFINED ENV{TS_PLATFORM_ROOT})
+ set(_default_platform_root ENV{TS_PLATFORM_ROOT})
+else()
+ set(_default_platform_root "${TS_ROOT}/platform/providers")
+endif()
+set(TS_PLATFORM_ROOT ${_default_platform_root} CACHE STRING "Platform provider path")
+
+# Set the default platform to use if no explict platform has been specified on the cmake commandline.
+if (DEFINED ENV{TS_PLATFORM})
+ set(_default_platform ENV{TS_PLATFORM})
+else()
+ set(_default_platform "ts/vanilla")
+endif()
+set(TS_PLATFORM ${_default_platform} CACHE STRING "Selected platform")
+
+# Custom property for defining platform feature dependencies based on components used in a deployment
+define_property(TARGET PROPERTY TS_PLATFORM_DRIVER_DEPENDENCIES
+ BRIEF_DOCS "List of platform driver interfaces used for a deployment."
+ FULL_DOCS "Used by the platform specific builder to specify a configuration for the built platform components."
+ ) \ No newline at end of file
diff --git a/deployments/libts/linux-pc/CMakeLists.txt b/deployments/libts/linux-pc/CMakeLists.txt
index 9c798ad3e..ff1e1392c 100644
--- a/deployments/libts/linux-pc/CMakeLists.txt
+++ b/deployments/libts/linux-pc/CMakeLists.txt
@@ -37,7 +37,7 @@ add_components(
"components/service/locator/standalone"
"components/service/locator/standalone/services/crypto"
"components/service/crypto/provider/mbedcrypto"
- "components/service/crypto/provider/mbedcrypto/entropy_source/mock"
+ "components/service/crypto/provider/mbedcrypto/entropy_adapter/linux"
"components/service/crypto/provider/serializer/protobuf"
"components/service/crypto/provider/serializer/packed-c"
"components/service/secure_storage/client/psa"
diff --git a/platform/drivers/mock/mock_entropy.c b/platform/drivers/mock/mock_entropy.c
new file mode 100644
index 000000000..56e90545d
--- /dev/null
+++ b/platform/drivers/mock/mock_entropy.c
@@ -0,0 +1,42 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+#include <platform/interface/entropy.h>
+
+/*
+ * A platform entropy driver that provides a mock implementation that
+ * always returns a fixed value. Intended for test purposes only.
+ */
+static int mock_poll(void *context, unsigned char *output, size_t nbyte, size_t *len)
+{
+ (void)context;
+ (void)output;
+
+ *len = 0;
+
+ if (nbyte < sizeof(unsigned char) )
+ return 0;
+
+ *len = sizeof(unsigned char);
+
+ return 0;
+}
+
+int ts_plat_entropy_create(struct ts_plat_entropy_driver *driver, void *config)
+{
+ static const struct ts_plat_entropy_iface iface = { .poll = mock_poll };
+
+ (void)config;
+
+ driver->context = NULL;
+ driver->iface = &iface;
+
+ return 0;
+}
+
+void ts_plat_entropy_destroy(struct ts_plat_entropy_driver *driver)
+{
+ (void)driver;
+}
diff --git a/platform/interface/entropy.h b/platform/interface/entropy.h
new file mode 100644
index 000000000..d81cd608e
--- /dev/null
+++ b/platform/interface/entropy.h
@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef TS_PLATFORM_INTERFACE_ENTROPY_H
+#define TS_PLATFORM_INTERFACE_ENTROPY_H
+
+/*
+ * Interface definintion for a platform entropy driver. A platform provider will
+ * provide concrete implementations of this interface for each alternative
+ * implementation supported.
+ */
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Virtual interface for a platform entropy driver. A platform will provide
+ * one or more concrete implementations of this interface.
+ */
+struct ts_plat_entropy_iface
+{
+ /**
+ * \brief Poll for bytes of entropy from a platform entropy source
+ *
+ * \param context Platform driver context
+ * \param output Buffer for output
+ * \param nbyte Desired number of bytes
+ * \param len The number of bytes returned (could be zero)
+ *
+ * \return 0 if successful.
+ */
+ int (*poll)(void *context, unsigned char *output, size_t nbyte, size_t *len);
+};
+
+/*
+ * A platform entropy driver instance.
+ */
+struct ts_plat_entropy_driver
+{
+ void *context; /**< Opaque driver context */
+ const struct ts_plat_entropy_iface *iface; /**< Interface methods */
+};
+
+/**
+ * \brief Factory method to construct a platform specific entropy driver
+ *
+ * \param driver Pointer to driver structure to initialize on construction.
+ * \param config Driver specific configuration or NULL if none.
+ *
+ * \return 0 if successful.
+ */
+int ts_plat_entropy_create(struct ts_plat_entropy_driver *driver, void *config);
+
+/**
+ * \brief Destroy a driver constructed using the factory method
+ *
+ * \param driver Pointer to driver structure for constructed driver.
+ */
+void ts_plat_entropy_destroy(struct ts_plat_entropy_driver *driver);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* TS_PLATFORM_INTERFACE_ENTROPY_H */
diff --git a/platform/providers/arm/fvp/fvp_base_revc-2xaemv8a/platform.cmake b/platform/providers/arm/fvp/fvp_base_revc-2xaemv8a/platform.cmake
new file mode 100644
index 000000000..86686e306
--- /dev/null
+++ b/platform/providers/arm/fvp/fvp_base_revc-2xaemv8a/platform.cmake
@@ -0,0 +1,18 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+# Platform definition for the 'fvp_base_revc-2xaem8a' virtual platform.
+#-------------------------------------------------------------------------------
+if (NOT DEFINED TGT)
+ message(FATAL_ERROR "mandatory parameter TGT is not defined.")
+endif()
+
+get_property(_platform_driver_dependencies TARGET ${TGT}
+ PROPERTY TS_PLATFORM_DRIVER_DEPENDENCIES
+)
+
+target_sources(${TGT} PRIVATE
+ "${TS_ROOT}/platform/drivers/mock/mock_entropy.c"
+)
diff --git a/platform/providers/ts/mock/platform.cmake b/platform/providers/ts/mock/platform.cmake
new file mode 100644
index 000000000..601974a7e
--- /dev/null
+++ b/platform/providers/ts/mock/platform.cmake
@@ -0,0 +1,21 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+# Platform definition for the 'mock' platform. This platform provides
+# mock implementations for all platform driver dependences. This should
+# never be used for a production build but is useful build testing and for
+# running tests that don't rely on hardware backed peripherals.
+#-------------------------------------------------------------------------------
+if (NOT DEFINED TGT)
+ message(FATAL_ERROR "mandatory parameter TGT is not defined.")
+endif()
+
+get_property(_platform_driver_dependencies TARGET ${TGT}
+ PROPERTY TS_PLATFORM_DRIVER_DEPENDENCIES
+)
+
+target_sources(${TGT} PRIVATE
+ "${TS_ROOT}/platform/drivers/mock/mock_entropy.c"
+)
diff --git a/platform/providers/ts/vanilla/platform.cmake b/platform/providers/ts/vanilla/platform.cmake
new file mode 100644
index 000000000..823018123
--- /dev/null
+++ b/platform/providers/ts/vanilla/platform.cmake
@@ -0,0 +1,23 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+# Platform definition for the 'vanilla' platform. The vanilla platform
+# doesn't provide any hardware backed services so it should only be used
+# when an environment provides all necessary native services for a
+# deployment.
+#-------------------------------------------------------------------------------
+if (NOT DEFINED TGT)
+ message(FATAL_ERROR "mandatory parameter TGT is not defined.")
+endif()
+
+get_property(_platform_driver_dependencies TARGET ${TGT}
+ PROPERTY TS_PLATFORM_DRIVER_DEPENDENCIES
+)
+
+# Flag error if there are platform driver dependencies. This will happen if
+# a suitable platform has not been specified.
+if (_platform_driver_dependencies)
+ message(FATAL_ERROR "Need to specify a compatible platform. Deployment depends on platform drivers: ${_platform_driver_dependencies}")
+endif()
diff --git a/tools/cmake/common/AddPlatform.cmake b/tools/cmake/common/AddPlatform.cmake
new file mode 100644
index 000000000..ae34c6e4c
--- /dev/null
+++ b/tools/cmake/common/AddPlatform.cmake
@@ -0,0 +1,45 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+#[===[.rst:
+Add platform provided components to a build
+-------------------------------------------
+
+#]===]
+
+
+#[===[.rst:
+.. cmake:command:: add_platform
+
+ .. code:: cmake
+
+ add_platform(TARGET <target name>)
+
+ INPUTS:
+
+ ``TARGET``
+ The name of an already defined target to add platform components to.
+
+#]===]
+function(add_platform)
+ set(options )
+ set(oneValueArgs TARGET)
+ cmake_parse_arguments(MY_PARAMS "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN} )
+
+ if(NOT DEFINED MY_PARAMS_TARGET)
+ message(FATAL_ERROR "add_platform: mandatory parameter TARGET not defined!")
+ endif()
+
+ set(TGT ${MY_PARAMS_TARGET} CACHE STRING "")
+
+ # Ensure file path conforms to lowercase project convention
+ string(TOLOWER "${TS_PLATFORM_ROOT}/${TS_PLATFORM}/platform.cmake" _platdef)
+ include(${_platdef})
+ set(CMAKE_CONFIGURE_DEPENDS ${_platdef})
+
+ unset(TGT CACHE)
+endfunction()