diff options
29 files changed, 601 insertions, 65 deletions
diff --git a/components/config/interface/platform_config.h b/components/config/interface/platform_config.h new file mode 100644 index 000000000..d11f0eb80 --- /dev/null +++ b/components/config/interface/platform_config.h @@ -0,0 +1,54 @@ +/* + * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef TS_CONFIG_INTERFACE_PLATFORM_CONFIG_H +#define TS_CONFIG_INTERFACE_PLATFORM_CONFIG_H + +#include <platform/interface/device_region.h> +#include <stddef.h> + +/** + * Provides a common interface for retrieving platform configuration + * data for initializing platform provided devices or services. + */ + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief Query platform configuartion for a particular device_region + * + * \param[in] dev_class Class of device (e.g. 'trng') + * \param[in] dev_instance The instance of the class of a device on platform + * + * \return Pointer to device_region or NULL if no qualifying configuration + */ +struct device_region *platform_config_device_query(const char *dev_class, + int dev_instance); + +/** + * \brief Frees a device region returned by platform_config_device_query() + * + * \param[in] device_region Device region object to free. Can be NULL. + */ +void platform_config_device_query_free(struct device_region *device_region); + +/** + * \brief Add a device_region to the platform configuration + * + * \param[in] device_region The device_region object to add + * + * \return 0 if successful + */ +int platform_config_device_add(const struct device_region *device_region); + + +#ifdef __cplusplus +} +#endif + +#endif /* TS_CONFIG_INTERFACE_PLATFORM_CONFIG_H */ diff --git a/components/config/ramstore/component.cmake b/components/config/ramstore/component.cmake new file mode 100644 index 000000000..3fb8540af --- /dev/null +++ b/components/config/ramstore/component.cmake @@ -0,0 +1,14 @@ +#------------------------------------------------------------------------------- +# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. +# +# SPDX-License-Identifier: BSD-3-Clause +# +#------------------------------------------------------------------------------- +if (NOT DEFINED TGT) + message(FATAL_ERROR "mandatory parameter TGT is not defined.") +endif() + +target_sources(${TGT} PRIVATE + "${CMAKE_CURRENT_LIST_DIR}/config_ramstore.c" + ) + diff --git a/components/config/ramstore/config_ramstore.c b/components/config/ramstore/config_ramstore.c new file mode 100644 index 000000000..548ba4b02 --- /dev/null +++ b/components/config/ramstore/config_ramstore.c @@ -0,0 +1,116 @@ +/* + * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include "config_ramstore.h" +#include <config/interface/platform_config.h> +#include <stdlib.h> +#include <string.h> +#include <stdint.h> + +/** + * Variable length container for a configuration object. + */ +struct config_container +{ + size_t size; + struct config_container *next; +}; + +static struct config_container *config_container_create(const void *data, size_t size) +{ + struct config_container *container = malloc(sizeof(struct config_container) + size); + + if (container) { + + container->size = size; + container->next = NULL; + + memcpy((uint8_t*)container + sizeof(struct config_container), data, size); + } + + return container; +} + +static void config_container_destroy(struct config_container *container) +{ + free(container); +} + +static const void *config_container_data(const struct config_container *container) +{ + return (const uint8_t*)container + sizeof(struct config_container); +} + +/** + * Singleton config_ramstore instance + */ +static struct config_ramstore +{ + struct config_container *device_region_list; +} ramstore = {0}; + + +void config_ramstore_init(void) +{ + ramstore.device_region_list = NULL; +} + +void config_ramstore_deinit(void) +{ + while (ramstore.device_region_list) { + + struct config_container *next = ramstore.device_region_list->next; + free(ramstore.device_region_list); + ramstore.device_region_list = next; + } +} + +int platform_config_device_add(const struct device_region *device_region) +{ + struct config_container *container; + + container = config_container_create(device_region, sizeof(struct device_region)); + if (!container) return -1; + + container->next = ramstore.device_region_list; + ramstore.device_region_list = container; + + return 0; +} + +struct device_region *platform_config_device_query(const char *dev_class, + int dev_instance) +{ + struct device_region *result = NULL; + const struct config_container *container = ramstore.device_region_list; + + while (container) { + + const struct device_region *candidate; + candidate = (const struct device_region*)config_container_data(container); + + if ((candidate->dev_instance == dev_instance) && + (strcmp(candidate->dev_class, dev_class) == 0)) { + + result = malloc(container->size); + if (result) { + + memcpy(result, candidate, container->size); + } + + break; + } + + container = container->next; + } + + return result; +} + +void platform_config_device_query_free(struct device_region *device_region) +{ + free(device_region); +} diff --git a/components/config/ramstore/config_ramstore.h b/components/config/ramstore/config_ramstore.h new file mode 100644 index 000000000..5df18381a --- /dev/null +++ b/components/config/ramstore/config_ramstore.h @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/** + * A config store that implements the common config interface that + * saves configuration data in ram. This may be used in environments + * that are configured at run-time e.g. from device tree. The + * config_ramstore is a singleton. + */ +#ifndef CONFIG_RAMSTORE_H +#define CONFIG_RAMSTORE_H + +#include <stddef.h> +#include <platform/interface/device_region.h> +#include <config/interface/platform_config.h> + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief Initializes the singleton store + * + */ +void config_ramstore_init(void); + +/** + * \brief Clean-up the config_ramstore after use + */ +void config_ramstore_deinit(void); + + +#ifdef __cplusplus +} +#endif + +#endif /* CONFIG_RAMSTORE_H */ diff --git a/components/service/crypto/provider/mbedcrypto/entropy_adapter/linux/component.cmake b/components/config/ramstore/test/component.cmake index 9be89d127..7f1df7615 100644 --- a/components/service/crypto/provider/mbedcrypto/entropy_adapter/linux/component.cmake +++ b/components/config/ramstore/test/component.cmake @@ -9,5 +9,5 @@ if (NOT DEFINED TGT) endif() target_sources(${TGT} PRIVATE - "${CMAKE_CURRENT_LIST_DIR}/linux_entropy_adapter.c" + "${CMAKE_CURRENT_LIST_DIR}/ramstore_tests.cpp" ) diff --git a/components/config/ramstore/test/ramstore_tests.cpp b/components/config/ramstore/test/ramstore_tests.cpp new file mode 100644 index 000000000..c597b571a --- /dev/null +++ b/components/config/ramstore/test/ramstore_tests.cpp @@ -0,0 +1,93 @@ +/* + * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include <cstring> +#include <config/ramstore/config_ramstore.h> +#include <CppUTest/TestHarness.h> + +TEST_GROUP(ConfigRamstoreTests) +{ + void setup() + { + config_ramstore_init(); + } + + void teardown() + { + config_ramstore_deinit(); + } +}; + +TEST(ConfigRamstoreTests, checkEmptyConfig) +{ + /* Expect queries to an empty store to return gracefully */ + struct device_region *query_result = platform_config_device_query("flash", 0); + CHECK(!query_result); + + /* Expect freeing a null pointer to be harmless */ + platform_config_device_query_free(query_result); +} + +TEST(ConfigRamstoreTests, checkSingleConfig) +{ + struct device_region config; + + /* This would be external configuration, obtained say from device tree */ + strcpy(config.dev_class, "fs"); + config.dev_instance = 2; + config.base_addr = (uint8_t*)0x0f000010; + config.io_region_size = 0x100; + + /* Add the configuration object */ + int status = platform_config_device_add(&config); + CHECK_EQUAL(0, status); + + /* Expect query find the config object */ + struct device_region *query_result = platform_config_device_query(config.dev_class, config.dev_instance); + CHECK(query_result); + CHECK(strcmp(config.dev_class, query_result->dev_class) == 0); + CHECK_EQUAL(config.dev_instance, query_result->dev_instance); + CHECK_EQUAL(config.base_addr, query_result->base_addr); + CHECK_EQUAL(config.io_region_size, query_result->io_region_size); + + platform_config_device_query_free(query_result); +} + +TEST(ConfigRamstoreTests, checkMultipleConfig) +{ + int status; + + /* Add first config object */ + struct device_region config1; + + strcpy(config1.dev_class, "flash"); + config1.dev_instance = 0; + config1.base_addr = (uint8_t*)0x0f000010; + config1.io_region_size = 0x100; + + status = platform_config_device_add(&config1); + CHECK_EQUAL(0, status); + + /* Add second config object */ + struct device_region config2; + + strcpy(config2.dev_class, "flash"); + config2.dev_instance = 1; + config2.base_addr = (uint8_t*)0x0f000010; + config2.io_region_size = 0x100; + + status = platform_config_device_add(&config2); + CHECK_EQUAL(0, status); + + /* Expect queries for both objects to work */ + struct device_region *query1_result = platform_config_device_query(config1.dev_class, config1.dev_instance); + CHECK(query1_result); + + struct device_region *query2_result = platform_config_device_query(config2.dev_class, config2.dev_instance); + CHECK(query2_result); + + platform_config_device_query_free(query2_result); +}
\ No newline at end of file diff --git a/components/service/crypto/client/test/mock/mock_crypto_client.cpp b/components/service/crypto/client/test/mock/mock_crypto_client.cpp index 69e74787c..96195a8dc 100644 --- a/components/service/crypto/client/test/mock/mock_crypto_client.cpp +++ b/components/service/crypto/client/test/mock/mock_crypto_client.cpp @@ -34,7 +34,7 @@ bool mock_crypto_client::init() storage_ep); struct rpc_interface *crypto_ep = mbed_crypto_provider_init(&m_crypto_provider, - storage_caller, NULL); + storage_caller, 0); struct rpc_caller *crypto_caller = direct_caller_init_default(&m_crypto_caller, crypto_ep); diff --git a/components/service/crypto/client/test/standalone/standalone_crypto_client.cpp b/components/service/crypto/client/test/standalone/standalone_crypto_client.cpp index 15986c63c..86fd42047 100644 --- a/components/service/crypto/client/test/standalone/standalone_crypto_client.cpp +++ b/components/service/crypto/client/test/standalone/standalone_crypto_client.cpp @@ -52,7 +52,7 @@ bool standalone_crypto_client::init() } struct rpc_interface *crypto_ep = mbed_crypto_provider_init(&m_crypto_provider, - storage_caller, NULL); + storage_caller, 0); struct rpc_caller *crypto_caller = direct_caller_init_default(&m_crypto_caller, crypto_ep); diff --git a/components/service/crypto/provider/mbedcrypto/crypto_provider.c b/components/service/crypto/provider/mbedcrypto/crypto_provider.c index a12f6252a..4d5a0a330 100644 --- a/components/service/crypto/provider/mbedcrypto/crypto_provider.c +++ b/components/service/crypto/provider/mbedcrypto/crypto_provider.c @@ -7,7 +7,7 @@ #include <stdlib.h> #include <protocols/service/crypto/packed-c/opcodes.h> #include <service/crypto/provider/mbedcrypto/crypto_provider.h> -#include <service/crypto/provider/mbedcrypto/entropy_adapter/entropy_adapter.h> +#include <service/crypto/provider/mbedcrypto/trng_adapter/trng_adapter.h> #include <service/secure_storage/client/psa/its/its_client.h> #include <protocols/rpc/common/packed-c/status.h> #include <psa/crypto.h> @@ -46,11 +46,11 @@ static const struct service_handler handler_table[] = { struct rpc_interface *mbed_crypto_provider_init(struct mbed_crypto_provider *context, struct rpc_caller *storage_provider, - void *entropy_adapter_config) + int trng_instance) { struct rpc_interface *rpc_interface = NULL; - entropy_adapter_init(entropy_adapter_config); + trng_adapter_init(trng_instance); /* * A storage provider is required for persistent key storage. As this @@ -76,7 +76,7 @@ struct rpc_interface *mbed_crypto_provider_init(struct mbed_crypto_provider *con void mbed_crypto_provider_deinit(struct mbed_crypto_provider *context) { (void)context; - entropy_adapter_deinit(); + trng_adapter_deinit(); } void mbed_crypto_provider_register_serializer(struct mbed_crypto_provider *context, diff --git a/components/service/crypto/provider/mbedcrypto/crypto_provider.h b/components/service/crypto/provider/mbedcrypto/crypto_provider.h index 5ffd0c34e..0a7666f7d 100644 --- a/components/service/crypto/provider/mbedcrypto/crypto_provider.h +++ b/components/service/crypto/provider/mbedcrypto/crypto_provider.h @@ -35,7 +35,7 @@ struct mbed_crypto_provider */ struct rpc_interface *mbed_crypto_provider_init(struct mbed_crypto_provider *context, struct rpc_caller *storage_provider, - void *entropy_adapter_config); + int trng_instance); /* * When operation of the provider is no longer required, this function diff --git a/components/service/crypto/provider/mbedcrypto/trng_adapter/linux/component.cmake b/components/service/crypto/provider/mbedcrypto/trng_adapter/linux/component.cmake new file mode 100644 index 000000000..89056e291 --- /dev/null +++ b/components/service/crypto/provider/mbedcrypto/trng_adapter/linux/component.cmake @@ -0,0 +1,13 @@ +#------------------------------------------------------------------------------- +# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. +# +# SPDX-License-Identifier: BSD-3-Clause +# +#------------------------------------------------------------------------------- +if (NOT DEFINED TGT) + message(FATAL_ERROR "mandatory parameter TGT is not defined.") +endif() + +target_sources(${TGT} PRIVATE + "${CMAKE_CURRENT_LIST_DIR}/linux_trng_adapter.c" + ) diff --git a/components/service/crypto/provider/mbedcrypto/entropy_adapter/linux/linux_entropy_adapter.c b/components/service/crypto/provider/mbedcrypto/trng_adapter/linux/linux_trng_adapter.c index 83899b162..15a875ae9 100644 --- a/components/service/crypto/provider/mbedcrypto/entropy_adapter/linux/linux_entropy_adapter.c +++ b/components/service/crypto/provider/mbedcrypto/trng_adapter/linux/linux_trng_adapter.c @@ -5,7 +5,9 @@ */ #include <mbedtls/entropy.h> #include <mbedtls/entropy_poll.h> -#include <service/crypto/provider/mbedcrypto/entropy_adapter/entropy_adapter.h> +#include <service/crypto/provider/mbedcrypto/trng_adapter/trng_adapter.h> +#include <unistd.h> +#include <sys/syscall.h> #include <errno.h> #include <sys/syscall.h> #include <unistd.h> @@ -15,13 +17,12 @@ * function to the Linux getrandom system call. */ -int entropy_adapter_init(void *config) +int trng_adapter_init(int instance) { - (void)config; - return 0; + (void)instance; } -void entropy_adapter_deinit(void) +void trng_adapter_deinit() { } diff --git a/components/service/crypto/provider/mbedcrypto/entropy_adapter/platform/component.cmake b/components/service/crypto/provider/mbedcrypto/trng_adapter/platform/component.cmake index d178f1fc0..575ac22ea 100644 --- a/components/service/crypto/provider/mbedcrypto/entropy_adapter/platform/component.cmake +++ b/components/service/crypto/provider/mbedcrypto/trng_adapter/platform/component.cmake @@ -9,9 +9,9 @@ if (NOT DEFINED TGT) endif() target_sources(${TGT} PRIVATE - "${CMAKE_CURRENT_LIST_DIR}/platform_entropy_adapter.c" + "${CMAKE_CURRENT_LIST_DIR}/platform_trng_adapter.c" ) set_property(TARGET ${TGT} APPEND_STRING PROPERTY TS_PLATFORM_DRIVER_DEPENDENCIES - "entropy" + "trng" ) diff --git a/components/service/crypto/provider/mbedcrypto/entropy_adapter/platform/platform_entropy_adapter.c b/components/service/crypto/provider/mbedcrypto/trng_adapter/platform/platform_trng_adapter.c index 8bf3ec472..29628d11a 100644 --- a/components/service/crypto/provider/mbedcrypto/entropy_adapter/platform/platform_entropy_adapter.c +++ b/components/service/crypto/provider/mbedcrypto/trng_adapter/platform/platform_trng_adapter.c @@ -5,25 +5,33 @@ */ #include <mbedtls/entropy.h> #include <mbedtls/entropy_poll.h> -#include <platform/interface/entropy.h> -#include <service/crypto/provider/mbedcrypto/entropy_adapter/entropy_adapter.h> +#include <platform/interface/trng.h> +#include <service/crypto/provider/mbedcrypto/trng_adapter/trng_adapter.h> +#include <config/interface/platform_config.h> #include <stddef.h> /* * An mbed tls compatibile hardware entropy source that adapts the mbed tls hardware poll - * function to a platform entropy driver. The actual realization of the driver + * function to a platform trng driver. The actual realization of the driver * will depend on the platform selected at build-time. */ -static struct ts_plat_entropy_driver driver = {0}; +static struct platform_trng_driver driver = {0}; -int entropy_adapter_init(void *config) +int trng_adapter_init(int instance) { - return ts_plat_entropy_create(&driver, config); + int status; + struct device_region *device_region; + + device_region = platform_config_device_query("trng", instance); + status = platform_trng_create(&driver, device_region); + platform_config_device_query_free(device_region); + + return status; } -void entropy_adapter_deinit(void) +void trng_adapter_deinit() { - ts_plat_entropy_destroy(&driver); + platform_trng_destroy(&driver); driver.iface = NULL; driver.context = NULL; diff --git a/components/service/crypto/provider/mbedcrypto/entropy_adapter/entropy_adapter.h b/components/service/crypto/provider/mbedcrypto/trng_adapter/trng_adapter.h index 48bb741ae..f1e725458 100644 --- a/components/service/crypto/provider/mbedcrypto/entropy_adapter/entropy_adapter.h +++ b/components/service/crypto/provider/mbedcrypto/trng_adapter/trng_adapter.h @@ -3,8 +3,8 @@ * * SPDX-License-Identifier: BSD-3-Clause */ -#ifndef MBED_CRYPTO_ENTROPY_ADAPTER_H -#define MBED_CRYPTO_ENTROPY_ADAPTER_H +#ifndef MBED_CRYPTO_TRNG_ADAPTER_H +#define MBED_CRYPTO_TRNG_ADAPTER_H /* * The build-time configuration of Mbed Crypto creates a dependency on a @@ -20,21 +20,21 @@ extern "C" { #endif /** - * \brief Initialise the entropy adapter + * \brief Initialise the trng adapter * - * \param config Entropy adapter specific configuration or NULL if none. + * \param instance Deployment specific trng instance. * * \return 0 if successful. */ -int entropy_adapter_init(void *config); +int trng_adapter_init(int instance); /** - * \brief Cleans-up the entropy adapter. + * \brief Cleans-up the trng adapter. */ -void entropy_adapter_deinit(void); +void trng_adapter_deinit(); #ifdef __cplusplus } /* extern "C" */ #endif -#endif /* MBED_CRYPTO_ENTROPY_ADAPTER_H */ +#endif /* MBED_CRYPTO_TRNG_ADAPTER_H */ diff --git a/components/service/locator/standalone/services/crypto/crypto_service_context.cpp b/components/service/locator/standalone/services/crypto/crypto_service_context.cpp index e76122480..7a49d267f 100644 --- a/components/service/locator/standalone/services/crypto/crypto_service_context.cpp +++ b/components/service/locator/standalone/services/crypto/crypto_service_context.cpp @@ -26,9 +26,9 @@ void crypto_service_context::do_init() { struct rpc_interface *storage_ep = sfs_provider_init(&m_storage_provider); struct rpc_caller *storage_caller = direct_caller_init_default(&m_storage_caller, - storage_ep); + storage_ep); struct rpc_interface *crypto_ep = mbed_crypto_provider_init(&m_crypto_provider, - storage_caller, NULL); + storage_caller, 0); mbed_crypto_provider_register_serializer(&m_crypto_provider, TS_RPC_ENCODING_PROTOBUF, pb_crypto_provider_serializer_instance()); diff --git a/deployments/component-test/arm-linux/CMakeLists.txt b/deployments/component-test/arm-linux/CMakeLists.txt index a0ad971f7..a3609d808 100644 --- a/deployments/component-test/arm-linux/CMakeLists.txt +++ b/deployments/component-test/arm-linux/CMakeLists.txt @@ -36,7 +36,7 @@ add_components( TARGET "component-test" BASE_DIR ${TS_ROOT} COMPONENTS - "components/service/crypto/provider/mbedcrypto/entropy_adapter/linux" + "components/service/crypto/provider/mbedcrypto/trng_adapter/linux" ) #------------------------------------------------------------------------------- diff --git a/deployments/component-test/component-test.cmake b/deployments/component-test/component-test.cmake index dcb0d2d57..2d7c21af4 100644 --- a/deployments/component-test/component-test.cmake +++ b/deployments/component-test/component-test.cmake @@ -20,6 +20,8 @@ add_components( "components/common/uuid/test" "components/common/tlv" "components/common/tlv/test" + "components/config/ramstore" + "components/config/ramstore/test" "components/rpc/common/caller" "components/rpc/common/interface" "components/rpc/common/test/protocol" diff --git a/deployments/component-test/linux-pc/CMakeLists.txt b/deployments/component-test/linux-pc/CMakeLists.txt index a3ed94977..2f0e19a87 100644 --- a/deployments/component-test/linux-pc/CMakeLists.txt +++ b/deployments/component-test/linux-pc/CMakeLists.txt @@ -71,7 +71,7 @@ add_components( TARGET "component-test" BASE_DIR ${TS_ROOT} COMPONENTS - "components/service/crypto/provider/mbedcrypto/entropy_adapter/linux" + "components/service/crypto/provider/mbedcrypto/trng_adapter/linux" ) #------------------------------------------------------------------------------- diff --git a/deployments/crypto/opteesp/CMakeLists.txt b/deployments/crypto/opteesp/CMakeLists.txt index 13447b14a..356d0d366 100644 --- a/deployments/crypto/opteesp/CMakeLists.txt +++ b/deployments/crypto/opteesp/CMakeLists.txt @@ -35,6 +35,7 @@ add_components(TARGET "crypto-sp" BASE_DIR ${TS_ROOT} COMPONENTS "components/common/tlv" + "components/config/ramstore" "components/messaging/ffa/libsp" "components/rpc/ffarpc/endpoint" "components/rpc/ffarpc/caller/sp" @@ -45,7 +46,7 @@ add_components(TARGET "crypto-sp" "components/service/common/serializer/protobuf" "components/service/common/provider" "components/service/crypto/provider/mbedcrypto" - "components/service/crypto/provider/mbedcrypto/entropy_adapter/platform" + "components/service/crypto/provider/mbedcrypto/trng_adapter/platform" "components/service/crypto/provider/serializer/protobuf" "components/service/crypto/provider/serializer/packed-c" "components/service/secure_storage/client/psa" @@ -66,7 +67,7 @@ target_sources(crypto-sp PRIVATE # temporarily force platform - with this change, the build interface to # an external builder such as a Yocto recipe is unchanged. Should remove # once the build interface is published. -set(TS_PLATFORM "ts/mock" CACHE STRING "Overridden" FORCE) +set(TS_PLATFORM "arm/fvp/fvp_base_revc-2xaemv8a" CACHE STRING "Overridden" FORCE) add_platform(TARGET "crypto-sp") diff --git a/deployments/crypto/opteesp/crypto_sp.c b/deployments/crypto/opteesp/crypto_sp.c index 39039b302..6b376b792 100644 --- a/deployments/crypto/opteesp/crypto_sp.c +++ b/deployments/crypto/opteesp/crypto_sp.c @@ -3,6 +3,7 @@ * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. */ +#include <config/ramstore/config_ramstore.h> #include <rpc/ffarpc/caller/sp/ffarpc_caller.h> #include <rpc/ffarpc/endpoint/ffarpc_call_ep.h> #include <rpc/dummy/dummy_caller.h> @@ -43,6 +44,10 @@ void __noreturn sp_main(struct ffa_init_info *init_info) if (sp_init(&own_id) != 0) goto fatal_error; + /* Read config data */ + config_ramstore_init(); + // ~ read here + /* Establish RPC session with secure storage SP */ storage_caller = ffarpc_caller_init(&ffarpc_caller); @@ -60,7 +65,7 @@ void __noreturn sp_main(struct ffa_init_info *init_info) } /* Initialize the crypto service */ - crypto_iface = mbed_crypto_provider_init(&crypto_provider, storage_caller, NULL); + crypto_iface = mbed_crypto_provider_init(&crypto_provider, storage_caller, 0); mbed_crypto_provider_register_serializer(&crypto_provider, TS_RPC_ENCODING_PROTOBUF, pb_crypto_provider_serializer_instance()); diff --git a/deployments/libts/linux-pc/CMakeLists.txt b/deployments/libts/linux-pc/CMakeLists.txt index ff1e1392c..7924f7c6c 100644 --- a/deployments/libts/linux-pc/CMakeLists.txt +++ b/deployments/libts/linux-pc/CMakeLists.txt @@ -37,7 +37,7 @@ add_components( "components/service/locator/standalone" "components/service/locator/standalone/services/crypto" "components/service/crypto/provider/mbedcrypto" - "components/service/crypto/provider/mbedcrypto/entropy_adapter/linux" + "components/service/crypto/provider/mbedcrypto/trng_adapter/linux" "components/service/crypto/provider/serializer/protobuf" "components/service/crypto/provider/serializer/packed-c" "components/service/secure_storage/client/psa" diff --git a/platform/drivers/arm/tztrng/driver.cmake b/platform/drivers/arm/tztrng/driver.cmake new file mode 100644 index 000000000..58d98c88a --- /dev/null +++ b/platform/drivers/arm/tztrng/driver.cmake @@ -0,0 +1,68 @@ +#------------------------------------------------------------------------------- +# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. +# +# SPDX-License-Identifier: BSD-3-Clause +# +#------------------------------------------------------------------------------- + +# Driver source location and version +set(ARM_TZTRNG_URL "https://github.com/ARM-software/TZ-TRNG.git" CACHE STRING "Arm TZ-TRNG driver repository URL") +set(ARM_TZTRNG_REFSPEC "1.0.0" CACHE STRING "Arm TZ-TRNG driver git refspec") + +# Fetch driver source code from remote repository +include(FetchContent) + +FetchContent_Declare( + arm-tztrng + GIT_REPOSITORY ${ARM_TZTRNG_URL} + GIT_TAG ${ARM_TZTRNG_REFSPEC} + GIT_SHALLOW TRUE +) + +# FetchContent_GetProperties exports arm-tztrng_SOURCE_DIR and arm-tztrng_BINARY_DIR variables +FetchContent_GetProperties(arm-tztrng) +if(NOT arm-tztrng_POPULATED) + message(STATUS "Fetching arm-tztrng") + FetchContent_Populate(arm-tztrng) +endif() + +# The driver has no cmake build support so it is necessary to bridge cmake variables to +# driver build parameters. + +# Determine ARCH parameter +if (CMAKE_SYSTEM_PROCESSOR STREQUAL "arm") + set(_arm-tztrng_ARCH "arm64") + set(_arm-tztrng_builddir "build-aarch64-linux-gnu") +else() + message(FATAL_ERROR "Only arm builds of TZ-TRNG supported.") +endif() + +# Determine the full path for the generated library and public header +set(_arm-tztrng_genlib "${arm-tztrng_SOURCE_DIR}/host/src/tztrng_lib/${_arm-tztrng_builddir}/libcc_tztrng.a") +set(_arm-tztrng_host_incpath "${arm-tztrng_SOURCE_DIR}/host/src/tztrng_lib/include") +set(_arm-tztrng_shared_incpath "${arm-tztrng_SOURCE_DIR}/shared/hw/include") + +# Set HOST_PROJ_ROOT parameter to use TS provided build defines +set(_arm-tztrng_HOST_PROJ_ROOT ${CMAKE_CURRENT_LIST_DIR}) + +# Add custom command to build the driver library using the TZ-TRNG provided makefile +add_custom_command( + OUTPUT ${_arm-tztrng_genlib} + COMMAND make ARGS "ARCH=${_arm-tztrng_ARCH}" + WORKING_DIRECTORY "${arm-tztrng_SOURCE_DIR}/host/src/tztrng_lib/" +) + +# Define target for the library +add_custom_target( + libcc_tztrng + DEPENDS ${_arm-tztrng_genlib} +) + +# Add generated library to build target +target_include_directories(${TGT} PRIVATE "${_arm-tztrng_host_incpath}") +target_include_directories(${TGT} PRIVATE "${_arm-tztrng_shared_incpath}") +target_link_libraries(${TGT} PRIVATE ${_arm-tztrng_genlib}) +add_dependencies(${TGT} libcc_tztrng) + +# Add adapter to map platform trng interface to tz-trng driver +target_sources(${TGT} PRIVATE "${CMAKE_CURRENT_LIST_DIR}/tztrng_trng.c") diff --git a/platform/drivers/arm/tztrng/tztrng_trng.c b/platform/drivers/arm/tztrng/tztrng_trng.c new file mode 100644 index 000000000..f52eeaa56 --- /dev/null +++ b/platform/drivers/arm/tztrng/tztrng_trng.c @@ -0,0 +1,79 @@ +/* + * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ +#include <platform/interface/trng.h> +#include <platform/interface/device_region.h> +#include <tztrng.h> +#include <tztrng_defs.h> +#include <stdlib.h> +#include <limits.h> + +/* + * A platform trng driver that uses the tz-trng driver to provide a + * hardware entropy source. + */ +struct tztrng_instance +{ + struct device_region trng_device_region; +}; + + +static int trng_poll(void *context, unsigned char *output, size_t nbyte, size_t *len) +{ + struct tztrng_instance *this_instance = (struct tztrng_instance*)context; + int status = 0; + + *len = 0; + + if (nbyte >= sizeof(unsigned char)) { + + if (this_instance) { + + status = CC_TrngGetSource((unsigned long)this_instance->trng_device_region.base_addr, + output, len, nbyte * CHAR_BIT); + } + else { + /* No context for TRNG instance */ + /* status = LLF_RND_STATE_PTR_INVALID_ERROR; @todo mbedcrypto segfaults when an error is returned */ + *len = sizeof(unsigned char); + } + } + + return status; +} + +int platform_trng_create(struct platform_trng_driver *driver, + const struct device_region *device_region) +{ + static const struct platform_trng_iface iface = { .poll = trng_poll }; + + /* + * Default to leaving the driver in a safe but inoperable state. + */ + driver->iface = &iface; + driver->context = NULL; + + if (device_region) { + + /* + * A device region has been provided, possibly from an external configuation. + * Check that it's a sensible size to defend against a bogus configuration. + */ + struct tztrng_instance *new_instance = malloc(sizeof(struct tztrng_instance)); + + if (new_instance) { + + new_instance->trng_device_region = *device_region; + driver->context = new_instance; + } + } + + return 0; +} + +void platform_trng_destroy(struct platform_trng_driver *driver) +{ + free(driver->context); +} diff --git a/platform/drivers/mock/mock_entropy.c b/platform/drivers/mock/mock_trng.c index 56e90545d..24b14c0b2 100644 --- a/platform/drivers/mock/mock_entropy.c +++ b/platform/drivers/mock/mock_trng.c @@ -3,10 +3,10 @@ * * SPDX-License-Identifier: BSD-3-Clause */ -#include <platform/interface/entropy.h> +#include <platform/interface/trng.h> /* - * A platform entropy driver that provides a mock implementation that + * A platform trng driver that provides a mock implementation that * always returns a fixed value. Intended for test purposes only. */ static int mock_poll(void *context, unsigned char *output, size_t nbyte, size_t *len) @@ -24,11 +24,12 @@ static int mock_poll(void *context, unsigned char *output, size_t nbyte, size_t return 0; } -int ts_plat_entropy_create(struct ts_plat_entropy_driver *driver, void *config) +int platform_trng_create(struct platform_trng_driver *driver, + const struct device_region *device_region) { - static const struct ts_plat_entropy_iface iface = { .poll = mock_poll }; + static const struct platform_trng_iface iface = { .poll = mock_poll }; - (void)config; + (void)device_region; driver->context = NULL; driver->iface = &iface; @@ -36,7 +37,7 @@ int ts_plat_entropy_create(struct ts_plat_entropy_driver *driver, void *config) return 0; } -void ts_plat_entropy_destroy(struct ts_plat_entropy_driver *driver) +void platform_trng_destroy(struct platform_trng_driver *driver) { (void)driver; } diff --git a/platform/interface/device_region.h b/platform/interface/device_region.h new file mode 100644 index 000000000..1ad1721bc --- /dev/null +++ b/platform/interface/device_region.h @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef TS_PLATFORM_INTERFACE_DEVICE_REGION_H +#define TS_PLATFORM_INTERFACE_DEVICE_REGION_H + +#include <stddef.h> +#include <stdint.h> + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * Defines a structure for describing a contiguous IO memory region + * and other configuration information about a peripheral. This may be based on + * buildtime or runtime configuration information e.g. from device tree. + */ +struct device_region +{ + char dev_class[16]; /**< Identifier for class of device e.g. 'trng' */ + int dev_instance; /**< Instance of the class of device on a platform */ + uint8_t *base_addr; /**< Base address or region */ + size_t io_region_size; /**< Size of I/O region in bytes */ +}; + +#ifdef __cplusplus +} +#endif + +#endif /* TS_PLATFORM_INTERFACE_DEVICE_REGION_H */ diff --git a/platform/interface/entropy.h b/platform/interface/trng.h index d81cd608e..9c24581c4 100644 --- a/platform/interface/entropy.h +++ b/platform/interface/trng.h @@ -4,28 +4,29 @@ * SPDX-License-Identifier: BSD-3-Clause */ -#ifndef TS_PLATFORM_INTERFACE_ENTROPY_H -#define TS_PLATFORM_INTERFACE_ENTROPY_H +#ifndef TS_PLATFORM_INTERFACE_TRNG_H +#define TS_PLATFORM_INTERFACE_TRNG_H /* - * Interface definintion for a platform entropy driver. A platform provider will + * Interface definintion for a platform trng driver. A platform provider will * provide concrete implementations of this interface for each alternative * implementation supported. */ #include <stddef.h> +#include "device_region.h" #ifdef __cplusplus extern "C" { #endif /* - * Virtual interface for a platform entropy driver. A platform will provide + * Virtual interface for a platform trng driver. A platform will provide * one or more concrete implementations of this interface. */ -struct ts_plat_entropy_iface +struct platform_trng_iface { /** - * \brief Poll for bytes of entropy from a platform entropy source + * \brief Poll for bytes of entropy from a platform trng * * \param context Platform driver context * \param output Buffer for output @@ -38,33 +39,34 @@ struct ts_plat_entropy_iface }; /* - * A platform entropy driver instance. + * A platform trng driver instance. */ -struct ts_plat_entropy_driver +struct platform_trng_driver { void *context; /**< Opaque driver context */ - const struct ts_plat_entropy_iface *iface; /**< Interface methods */ + const struct platform_trng_iface *iface; /**< Interface methods */ }; /** - * \brief Factory method to construct a platform specific entropy driver + * \brief Factory method to construct a platform specific trng driver * * \param driver Pointer to driver structure to initialize on construction. - * \param config Driver specific configuration or NULL if none. + * \param device_region Pointer a device region object or NULL if none. * * \return 0 if successful. */ -int ts_plat_entropy_create(struct ts_plat_entropy_driver *driver, void *config); +int platform_trng_create(struct platform_trng_driver *driver, + const struct device_region *device_region); /** * \brief Destroy a driver constructed using the factory method * * \param driver Pointer to driver structure for constructed driver. */ -void ts_plat_entropy_destroy(struct ts_plat_entropy_driver *driver); +void platform_trng_destroy(struct platform_trng_driver *driver); #ifdef __cplusplus } #endif -#endif /* TS_PLATFORM_INTERFACE_ENTROPY_H */ +#endif /* TS_PLATFORM_INTERFACE_TRNG_H */ diff --git a/platform/providers/arm/fvp/fvp_base_revc-2xaemv8a/platform.cmake b/platform/providers/arm/fvp/fvp_base_revc-2xaemv8a/platform.cmake index 86686e306..cb0138990 100644 --- a/platform/providers/arm/fvp/fvp_base_revc-2xaemv8a/platform.cmake +++ b/platform/providers/arm/fvp/fvp_base_revc-2xaemv8a/platform.cmake @@ -13,6 +13,10 @@ get_property(_platform_driver_dependencies TARGET ${TGT} PROPERTY TS_PLATFORM_DRIVER_DEPENDENCIES ) -target_sources(${TGT} PRIVATE - "${TS_ROOT}/platform/drivers/mock/mock_entropy.c" -) +#------------------------------------------------------------------------------- +# Map platform dependencies to suitable drivers for this platform +# +#------------------------------------------------------------------------------- +if ("trng" IN_LIST _platform_driver_dependencies) + include(${TS_ROOT}/platform/drivers/arm/tztrng/driver.cmake) +endif() diff --git a/platform/providers/ts/mock/platform.cmake b/platform/providers/ts/mock/platform.cmake index 601974a7e..a4d8d3471 100644 --- a/platform/providers/ts/mock/platform.cmake +++ b/platform/providers/ts/mock/platform.cmake @@ -16,6 +16,7 @@ get_property(_platform_driver_dependencies TARGET ${TGT} PROPERTY TS_PLATFORM_DRIVER_DEPENDENCIES ) -target_sources(${TGT} PRIVATE - "${TS_ROOT}/platform/drivers/mock/mock_entropy.c" -) +# Map platform dependencies to suitable drivers for this platform +if ("trng" IN_LIST _platform_driver_dependencies) + target_sources(${TGT} PRIVATE "${TS_ROOT}/platform/drivers/mock/mock_trng.c") +endif() |