Platform: Rename device ID to be aligned with PSA SM
Details:
- Rename device ID to instance ID to be aligned with PSA
Security Model (PSA SM)
- Modify dummy implementation to use the hash of attestation
public key as instance ID
- Update relevant functions and defines in initial
attestation service and in its test suite
Change-Id: Icd7f3666b7ee02e4890736441fc4b233987b9979
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
diff --git a/app/CMakeLists.txt b/app/CMakeLists.txt
index 5428086..11706de 100755
--- a/app/CMakeLists.txt
+++ b/app/CMakeLists.txt
@@ -76,7 +76,7 @@
set(BUILD_UART_STDOUT Off)
set(BUILD_FLASH Off)
set(BUILD_BOOT_SEED Off)
-set(BUILD_DEVICE_ID On)
+set(BUILD_DEVICE_ID Off)
if(NOT DEFINED PLATFORM_CMAKE_FILE)
message (FATAL_ERROR "Platform specific CMake is not defined. Please set PLATFORM_CMAKE_FILE.")
elseif(NOT EXISTS ${PLATFORM_CMAKE_FILE})
diff --git a/platform/ext/target/mps2/an519/dummy_device_id.c b/platform/ext/target/mps2/an519/dummy_device_id.c
index f7bbfe0..9faf71d 100644
--- a/platform/ext/target/mps2/an519/dummy_device_id.c
+++ b/platform/ext/target/mps2/an519/dummy_device_id.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018 ARM Limited
+ * Copyright (c) 2018-2019 ARM Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -15,41 +15,56 @@
*/
#include "platform/include/tfm_plat_device_id.h"
-
-/*!
- * \def DEVICE_ID_SIZE
- *
- * \brief Size of device ID in bytes
+#include <stddef.h>
+/*
+ * NOTE: Functions in this file must be ported per target platform.
*/
-#define DEVICE_ID_SIZE (16)
-/*!
- * \def DEVICE_ID
+extern const uint8_t initial_attestation_raw_public_key_hash[];
+extern const uint32_t initial_attestation_raw_public_key_hash_size;
+
+
+/**
+ * \brief Copy the device specific ID to the destination buffer
*
- * \brief Fixed value for device ID.
+ * \param[out] p_dst Pointer to buffer where to store ID
+ * \param[in] p_src Pointer to the ID
+ * \param[in] size Length of the ID
*/
-#define DEVICE_ID 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, \
- 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF
-
-static const uint8_t device_id[DEVICE_ID_SIZE] = {DEVICE_ID};
-
-int32_t tfm_plat_get_device_id(uint32_t size, uint8_t *buf)
+static inline void copy_id(uint8_t *p_dst, const uint8_t *p_src, size_t size)
{
- /* FixMe: This getter function must be ported per target platform. */
-
uint32_t i;
- uint8_t *p_dst = buf;
- const uint8_t *p_src = device_id;
- if (size < DEVICE_ID_SIZE) {
- return -1;
- }
-
- for (i = DEVICE_ID_SIZE; i > 0; i--) {
+ for (i = size; i > 0; i--) {
*p_dst = *p_src;
p_src++;
p_dst++;
}
+}
- return DEVICE_ID_SIZE;
+/**
+ * Instance ID is mapped to EAT Universal Entity ID (UEID)
+ * This implementation creates the instance ID as follows:
+ * - byte 0: 0x01 indicates the type of UEID to be GUID
+ * - byte 1-32: Hash of attestation public key. Public key is hashed in raw
+ * format without any encoding.
+ */
+enum tfm_plat_err_t tfm_plat_get_instance_id(uint32_t *size, uint8_t *buf)
+{
+ uint8_t *p_dst;
+ const uint8_t *p_src = initial_attestation_raw_public_key_hash;
+
+ if (*size < INSTANCE_ID_MAX_SIZE) {
+ return TFM_PLAT_ERR_SYSTEM_ERR;
+ }
+
+ buf[0] = 0x01; /* First byte is type byte: 0x01 indicates GUID */
+ p_dst = &buf[1];
+
+ copy_id(p_dst, p_src, initial_attestation_raw_public_key_hash_size);
+
+ /* Instance ID size: 1 type byte + size of public key hash */
+ *size = initial_attestation_raw_public_key_hash_size + 1;
+
+ return TFM_PLAT_ERR_SUCCESS;
}
diff --git a/platform/ext/target/mps2/an521/dummy_device_id.c b/platform/ext/target/mps2/an521/dummy_device_id.c
index f7bbfe0..9faf71d 100644
--- a/platform/ext/target/mps2/an521/dummy_device_id.c
+++ b/platform/ext/target/mps2/an521/dummy_device_id.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018 ARM Limited
+ * Copyright (c) 2018-2019 ARM Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -15,41 +15,56 @@
*/
#include "platform/include/tfm_plat_device_id.h"
-
-/*!
- * \def DEVICE_ID_SIZE
- *
- * \brief Size of device ID in bytes
+#include <stddef.h>
+/*
+ * NOTE: Functions in this file must be ported per target platform.
*/
-#define DEVICE_ID_SIZE (16)
-/*!
- * \def DEVICE_ID
+extern const uint8_t initial_attestation_raw_public_key_hash[];
+extern const uint32_t initial_attestation_raw_public_key_hash_size;
+
+
+/**
+ * \brief Copy the device specific ID to the destination buffer
*
- * \brief Fixed value for device ID.
+ * \param[out] p_dst Pointer to buffer where to store ID
+ * \param[in] p_src Pointer to the ID
+ * \param[in] size Length of the ID
*/
-#define DEVICE_ID 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, \
- 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF
-
-static const uint8_t device_id[DEVICE_ID_SIZE] = {DEVICE_ID};
-
-int32_t tfm_plat_get_device_id(uint32_t size, uint8_t *buf)
+static inline void copy_id(uint8_t *p_dst, const uint8_t *p_src, size_t size)
{
- /* FixMe: This getter function must be ported per target platform. */
-
uint32_t i;
- uint8_t *p_dst = buf;
- const uint8_t *p_src = device_id;
- if (size < DEVICE_ID_SIZE) {
- return -1;
- }
-
- for (i = DEVICE_ID_SIZE; i > 0; i--) {
+ for (i = size; i > 0; i--) {
*p_dst = *p_src;
p_src++;
p_dst++;
}
+}
- return DEVICE_ID_SIZE;
+/**
+ * Instance ID is mapped to EAT Universal Entity ID (UEID)
+ * This implementation creates the instance ID as follows:
+ * - byte 0: 0x01 indicates the type of UEID to be GUID
+ * - byte 1-32: Hash of attestation public key. Public key is hashed in raw
+ * format without any encoding.
+ */
+enum tfm_plat_err_t tfm_plat_get_instance_id(uint32_t *size, uint8_t *buf)
+{
+ uint8_t *p_dst;
+ const uint8_t *p_src = initial_attestation_raw_public_key_hash;
+
+ if (*size < INSTANCE_ID_MAX_SIZE) {
+ return TFM_PLAT_ERR_SYSTEM_ERR;
+ }
+
+ buf[0] = 0x01; /* First byte is type byte: 0x01 indicates GUID */
+ p_dst = &buf[1];
+
+ copy_id(p_dst, p_src, initial_attestation_raw_public_key_hash_size);
+
+ /* Instance ID size: 1 type byte + size of public key hash */
+ *size = initial_attestation_raw_public_key_hash_size + 1;
+
+ return TFM_PLAT_ERR_SUCCESS;
}
diff --git a/platform/ext/target/musca_a/dummy_device_id.c b/platform/ext/target/musca_a/dummy_device_id.c
index f7bbfe0..9faf71d 100644
--- a/platform/ext/target/musca_a/dummy_device_id.c
+++ b/platform/ext/target/musca_a/dummy_device_id.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018 ARM Limited
+ * Copyright (c) 2018-2019 ARM Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -15,41 +15,56 @@
*/
#include "platform/include/tfm_plat_device_id.h"
-
-/*!
- * \def DEVICE_ID_SIZE
- *
- * \brief Size of device ID in bytes
+#include <stddef.h>
+/*
+ * NOTE: Functions in this file must be ported per target platform.
*/
-#define DEVICE_ID_SIZE (16)
-/*!
- * \def DEVICE_ID
+extern const uint8_t initial_attestation_raw_public_key_hash[];
+extern const uint32_t initial_attestation_raw_public_key_hash_size;
+
+
+/**
+ * \brief Copy the device specific ID to the destination buffer
*
- * \brief Fixed value for device ID.
+ * \param[out] p_dst Pointer to buffer where to store ID
+ * \param[in] p_src Pointer to the ID
+ * \param[in] size Length of the ID
*/
-#define DEVICE_ID 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, \
- 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF
-
-static const uint8_t device_id[DEVICE_ID_SIZE] = {DEVICE_ID};
-
-int32_t tfm_plat_get_device_id(uint32_t size, uint8_t *buf)
+static inline void copy_id(uint8_t *p_dst, const uint8_t *p_src, size_t size)
{
- /* FixMe: This getter function must be ported per target platform. */
-
uint32_t i;
- uint8_t *p_dst = buf;
- const uint8_t *p_src = device_id;
- if (size < DEVICE_ID_SIZE) {
- return -1;
- }
-
- for (i = DEVICE_ID_SIZE; i > 0; i--) {
+ for (i = size; i > 0; i--) {
*p_dst = *p_src;
p_src++;
p_dst++;
}
+}
- return DEVICE_ID_SIZE;
+/**
+ * Instance ID is mapped to EAT Universal Entity ID (UEID)
+ * This implementation creates the instance ID as follows:
+ * - byte 0: 0x01 indicates the type of UEID to be GUID
+ * - byte 1-32: Hash of attestation public key. Public key is hashed in raw
+ * format without any encoding.
+ */
+enum tfm_plat_err_t tfm_plat_get_instance_id(uint32_t *size, uint8_t *buf)
+{
+ uint8_t *p_dst;
+ const uint8_t *p_src = initial_attestation_raw_public_key_hash;
+
+ if (*size < INSTANCE_ID_MAX_SIZE) {
+ return TFM_PLAT_ERR_SYSTEM_ERR;
+ }
+
+ buf[0] = 0x01; /* First byte is type byte: 0x01 indicates GUID */
+ p_dst = &buf[1];
+
+ copy_id(p_dst, p_src, initial_attestation_raw_public_key_hash_size);
+
+ /* Instance ID size: 1 type byte + size of public key hash */
+ *size = initial_attestation_raw_public_key_hash_size + 1;
+
+ return TFM_PLAT_ERR_SUCCESS;
}
diff --git a/platform/ext/target/musca_b1/dummy_device_id.c b/platform/ext/target/musca_b1/dummy_device_id.c
index f7bbfe0..9faf71d 100644
--- a/platform/ext/target/musca_b1/dummy_device_id.c
+++ b/platform/ext/target/musca_b1/dummy_device_id.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018 ARM Limited
+ * Copyright (c) 2018-2019 ARM Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -15,41 +15,56 @@
*/
#include "platform/include/tfm_plat_device_id.h"
-
-/*!
- * \def DEVICE_ID_SIZE
- *
- * \brief Size of device ID in bytes
+#include <stddef.h>
+/*
+ * NOTE: Functions in this file must be ported per target platform.
*/
-#define DEVICE_ID_SIZE (16)
-/*!
- * \def DEVICE_ID
+extern const uint8_t initial_attestation_raw_public_key_hash[];
+extern const uint32_t initial_attestation_raw_public_key_hash_size;
+
+
+/**
+ * \brief Copy the device specific ID to the destination buffer
*
- * \brief Fixed value for device ID.
+ * \param[out] p_dst Pointer to buffer where to store ID
+ * \param[in] p_src Pointer to the ID
+ * \param[in] size Length of the ID
*/
-#define DEVICE_ID 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, \
- 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF
-
-static const uint8_t device_id[DEVICE_ID_SIZE] = {DEVICE_ID};
-
-int32_t tfm_plat_get_device_id(uint32_t size, uint8_t *buf)
+static inline void copy_id(uint8_t *p_dst, const uint8_t *p_src, size_t size)
{
- /* FixMe: This getter function must be ported per target platform. */
-
uint32_t i;
- uint8_t *p_dst = buf;
- const uint8_t *p_src = device_id;
- if (size < DEVICE_ID_SIZE) {
- return -1;
- }
-
- for (i = DEVICE_ID_SIZE; i > 0; i--) {
+ for (i = size; i > 0; i--) {
*p_dst = *p_src;
p_src++;
p_dst++;
}
+}
- return DEVICE_ID_SIZE;
+/**
+ * Instance ID is mapped to EAT Universal Entity ID (UEID)
+ * This implementation creates the instance ID as follows:
+ * - byte 0: 0x01 indicates the type of UEID to be GUID
+ * - byte 1-32: Hash of attestation public key. Public key is hashed in raw
+ * format without any encoding.
+ */
+enum tfm_plat_err_t tfm_plat_get_instance_id(uint32_t *size, uint8_t *buf)
+{
+ uint8_t *p_dst;
+ const uint8_t *p_src = initial_attestation_raw_public_key_hash;
+
+ if (*size < INSTANCE_ID_MAX_SIZE) {
+ return TFM_PLAT_ERR_SYSTEM_ERR;
+ }
+
+ buf[0] = 0x01; /* First byte is type byte: 0x01 indicates GUID */
+ p_dst = &buf[1];
+
+ copy_id(p_dst, p_src, initial_attestation_raw_public_key_hash_size);
+
+ /* Instance ID size: 1 type byte + size of public key hash */
+ *size = initial_attestation_raw_public_key_hash_size + 1;
+
+ return TFM_PLAT_ERR_SUCCESS;
}
diff --git a/platform/include/tfm_plat_device_id.h b/platform/include/tfm_plat_device_id.h
index eb7d1ba..cbf8338 100644
--- a/platform/include/tfm_plat_device_id.h
+++ b/platform/include/tfm_plat_device_id.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -9,10 +9,10 @@
#define __TFM_PLAT_DEVICE_ID_H__
/**
* \file tfm_plat_device_id.h
- * Provide the Universal Entity ID (UEID) of the device.
- * It identifies the entire device or a submodule or subsystem. Must be
- * universally and globally unique and immutable. Variable length with a
- * maximum size of 33 bytes: 1 type byte and 256 bits.
+ *
+ * The interfaces defined in this file are meant to provide the following
+ * attributes of the device:
+ * - Instance ID: Unique identifier of the device.
*/
/**
@@ -28,22 +28,30 @@
#endif
/**
- * \def DEVICE_ID_MAX_SIZE
+ * \def INSTANCE_ID_MAX_SIZE
*
- * \brief Maximum size of device ID in bytes
+ * \brief Maximum size of instance ID in bytes
*/
-#define DEVICE_ID_MAX_SIZE (33u)
+#define INSTANCE_ID_MAX_SIZE (33u)
/**
* \brief Get the UEID of the device.
*
- * \param[in] size The size of the buffer in bytes to store the UEID
- * \param[out] buf Pointer to the buffer to store the UEID
+ * This mandatory claim represents the unique identifier of the instance.
+ * In the PSA definition is a hash of the public attestation key of the
+ * instance. The claim will be represented by the EAT standard claim UEID
+ * of type GUID. The EAT definition of a GUID type is that it will be between
+ * 128 & 256 bits but this implementation will use the full 256 bits to
+ * accommodate a hash result.
*
- * \return The size of device ID in bytes, if buffer big enough to store the
- * ID, otherwise -1.
+ * \param[in/out] size As an input value it indicates the size of the caller
+ * allocated buffer (in bytes) to store the UEID. At return
+ * its value is updated with the exact size of the UEID.
+ * \param[out] buf Pointer to the buffer to store the UEID
+ *
+ * \return Returns error code specified in \ref tfm_plat_err_t
*/
-int32_t tfm_plat_get_device_id(uint32_t size, uint8_t *buf);
+enum tfm_plat_err_t tfm_plat_get_instance_id(uint32_t *size, uint8_t *buf);
#ifdef __cplusplus
}
diff --git a/secure_fw/services/initial_attestation/attestation.h b/secure_fw/services/initial_attestation/attestation.h
index 2072cb4..3250fb2 100644
--- a/secure_fw/services/initial_attestation/attestation.h
+++ b/secure_fw/services/initial_attestation/attestation.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -17,7 +17,7 @@
/* Extension of shared data TLVs defined in bl2/include/tfm_boot_status.h */
#define TLV_MINOR_IAS_BOOT_SEED 0x0f
-#define TLV_MINOR_IAS_DEVICE_ID 0x10
+#define TLV_MINOR_IAS_INSTANCE_ID 0x10
#define TLV_MINOR_IAS_CHALLENGE 0x11
#define TLV_MINOR_IAS_CALLER_ID 0x12
diff --git a/secure_fw/services/initial_attestation/attestation_core.c b/secure_fw/services/initial_attestation/attestation_core.c
index c16d4a3..4f6a405 100644
--- a/secure_fw/services/initial_attestation/attestation_core.c
+++ b/secure_fw/services/initial_attestation/attestation_core.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -15,6 +15,7 @@
#include "tfm_secure_api.h"
#include "psa_client.h"
#include "bl2/include/tfm_boot_status.h"
+#include "platform/include/tfm_plat_defs.h"
#include "platform/include/tfm_plat_device_id.h"
#include "platform/include/tfm_plat_boot_seed.h"
@@ -243,10 +244,10 @@
*/
__attribute__ ((aligned(4)))
uint8_t boot_seed[BOOT_SEED_SIZE];
- uint32_t res;
+ enum tfm_plat_err_t res;
res = tfm_plat_get_boot_seed(sizeof(boot_seed), boot_seed);
- if (res != 0) {
+ if (res != TFM_PLAT_ERR_SUCCESS) {
return PSA_ATTEST_ERR_CLAIM_UNAVAILABLE;
}
@@ -262,8 +263,13 @@
return PSA_ATTEST_ERR_SUCCESS;
}
+/* FixMe: Remove this #if when MPU will be configured properly. Currently
+ * in case of TFM_LVL == 3 unaligned access triggers a usage fault
+ * exception.
+ */
+#if !defined(TFM_LVL) || (TFM_LVL == 1)
/*!
- * \brief Static function to add device id claim to attestation token.
+ * \brief Static function to add instance id claim to attestation token.
*
* \param[in] token_buf_size Size of token buffer in bytes
* \param[out] token_buf Pointer to buffer which stores the token
@@ -271,25 +277,26 @@
* \return Returns error code as specified in \ref psa_attest_err_t
*/
static enum psa_attest_err_t
-attest_add_device_id_claim(uint32_t token_buf_size, uint8_t *token_buf)
+attest_add_instance_id_claim(uint32_t token_buf_size, uint8_t *token_buf)
{
/* FixMe: Enforcement of 4 byte alignment can be removed as soon as memory
* type is configured in the MPU to be normal, instead of device,
* which prohibits unaligned access.
*/
__attribute__ ((aligned(4)))
- uint8_t device_id[DEVICE_ID_MAX_SIZE];
+ uint8_t instance_id[INSTANCE_ID_MAX_SIZE];
uint32_t res;
- int32_t size;
+ enum tfm_plat_err_t res_plat;
+ uint32_t size = sizeof(instance_id);
- size = tfm_plat_get_device_id(sizeof(device_id), device_id);
- if (size < 0) {
+ res_plat = tfm_plat_get_instance_id(&size, instance_id);
+ if (res_plat != TFM_PLAT_ERR_SUCCESS) {
return PSA_ATTEST_ERR_CLAIM_UNAVAILABLE;
}
- res = attest_add_tlv(TLV_MINOR_IAS_DEVICE_ID,
+ res = attest_add_tlv(TLV_MINOR_IAS_INSTANCE_ID,
size,
- device_id,
+ instance_id,
token_buf_size,
token_buf);
if (res != 0) {
@@ -298,6 +305,7 @@
return PSA_ATTEST_ERR_SUCCESS;
}
+#endif
/*!
* \brief Static function to add caller id claim to attestation token.
@@ -432,10 +440,16 @@
goto error;
}
- attest_err = attest_add_device_id_claim(*token_buf_size, token_buf);
+ /* FixMe: Remove this #if when MPU will be configured properly. Currently
+ * in case of TFM_LVL == 3 unaligned access triggers a usage fault
+ * exception.
+ */
+#if !defined(TFM_LVL) || (TFM_LVL == 1)
+ attest_err = attest_add_instance_id_claim(*token_buf_size, token_buf);
if (attest_err != PSA_ATTEST_ERR_SUCCESS) {
goto error;
}
+#endif
if (challenge_buf_size > 0) {
attest_err = attest_add_challenge_claim(challenge_buf_size,
diff --git a/test/suites/attestation/non_secure/attestation_ns_interface_testsuite.c b/test/suites/attestation/non_secure/attestation_ns_interface_testsuite.c
index 70f9a56..0b4404b 100644
--- a/test/suites/attestation/non_secure/attestation_ns_interface_testsuite.c
+++ b/test/suites/attestation/non_secure/attestation_ns_interface_testsuite.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -123,7 +123,7 @@
* - Check the existence of the fixed set of claims:
* - Boot status
* - Boot seed
- * - Device ID
+ * - Instance ID
* - Challenge object
* - Caller ID
* - Comparing value of claims:
@@ -137,9 +137,7 @@
enum psa_attest_err_t err;
uint32_t token_size = TEST_TOKEN_SIZE;
uint8_t boot_seed_buffer[BOOT_SEED_SIZE];
- uint8_t device_id_buffer[DEVICE_ID_MAX_SIZE];
uint8_t *tlv_data_ptr;
- int32_t device_id_size;
int32_t caller_id;
uint32_t res;
@@ -166,28 +164,19 @@
return;
}
-
- /* Check DEVICE_ID */
- res = attest_get_tlv_data(TLV_MINOR_IAS_DEVICE_ID, token_buffer,
+ /* FixMe: Remove this #if when MPU will be configured properly. Currently
+ * in case of TFM_LVL == 3 unaligned access triggers a usage fault
+ * exception.
+ */
+#if !defined(TFM_LVL) || (TFM_LVL == 1)
+ /* Check INSTANCE_ID */
+ res = attest_get_tlv_data(TLV_MINOR_IAS_INSTANCE_ID, token_buffer,
&tlv_data_ptr);
if (res != 0) {
- TEST_FAIL("Missing claim: TLV_MINOR_IAS_DEVICE_ID");
+ TEST_FAIL("Missing claim: TLV_MINOR_IAS_INSTANCE_ID");
return;
}
-
- /* Get device ID directly */
- device_id_size = tfm_plat_get_device_id(sizeof(device_id_buffer),
- device_id_buffer);
- if (device_id_size < 0) {
- TEST_FAIL("Device ID unavailable");
- return;
- }
-
- /* Compare the value from token and from direct call */
- if (tfm_memcmp(tlv_data_ptr, device_id_buffer, device_id_size) != 0) {
- TEST_FAIL("Faulty claim: TLV_MINOR_IAS_DEVICE_ID");
- return;
- }
+#endif
/* Check CHALLENGE */
res = attest_get_tlv_data(TLV_MINOR_IAS_CHALLENGE, token_buffer,
diff --git a/test/suites/attestation/secure/attestation_s_interface_testsuite.c b/test/suites/attestation/secure/attestation_s_interface_testsuite.c
index 0f15157..134d37d 100644
--- a/test/suites/attestation/secure/attestation_s_interface_testsuite.c
+++ b/test/suites/attestation/secure/attestation_s_interface_testsuite.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -98,7 +98,7 @@
*
* \return Returns 0 on success. Otherwise, 1.
*/
-#if TFM_LVL == 1
+#if !defined(TFM_LVL) || (TFM_LVL == 1)
/* FixMe: This offset should be calculated per device */
#define USUAL_S_NS_ALIAS_OFFSET 0x10000000u
static uint32_t attest_get_s_ns_sha256(uint8_t **hash)
@@ -135,7 +135,7 @@
return 1u;
}
-#endif /* TFM_LVL == 1 */
+#endif
void
register_testsuite_s_attestation_interface(struct test_suite_t *p_test_suite)
@@ -157,7 +157,7 @@
* - Check the existence of the fixed set of claims:
* - Boot status
* - Boot seed
- * - Device ID
+ * - Instance ID
* - Challenge object
* - Caller ID
* - Comparing value of claims:
@@ -173,9 +173,7 @@
enum psa_attest_err_t err;
uint32_t token_size = TEST_TOKEN_SIZE;
uint8_t boot_seed_buffer[BOOT_SEED_SIZE];
- uint8_t device_id_buffer[DEVICE_ID_MAX_SIZE];
uint8_t *tlv_data_ptr;
- int32_t device_id_size;
int32_t caller_id;
uint32_t res;
@@ -202,7 +200,7 @@
/* Extract image hash from manifest data and compare with claim.
* This can be done only from secure side if S_MPU is not enabled.
*/
-#if TFM_LVL == 1
+#if !defined(TFM_LVL) || (TFM_LVL == 1)
uint8_t *hash_from_image;
res = attest_get_s_ns_sha256(&hash_from_image);
if (res == 0) {
@@ -211,29 +209,21 @@
return;
}
}
-#endif /* TFM_LVL == 1 */
+#endif
- /* Check DEVICE_ID */
- res = attest_get_tlv_data(TLV_MINOR_IAS_DEVICE_ID, token_buffer,
+ /* FixMe: Remove this #if when MPU will be configured properly. Currently
+ * in case of TFM_LVL == 3 unaligned access triggers a usage fault
+ * exception.
+ */
+#if !defined(TFM_LVL) || (TFM_LVL == 1)
+ /* Check INSTANCE_ID */
+ res = attest_get_tlv_data(TLV_MINOR_IAS_INSTANCE_ID, token_buffer,
&tlv_data_ptr);
if (res != 0) {
- TEST_FAIL("Missing claim: TLV_MINOR_IAS_DEVICE_ID");
+ TEST_FAIL("Missing claim: TLV_MINOR_IAS_INSTANCE_ID");
return;
}
-
- /* Get device ID directly */
- device_id_size = tfm_plat_get_device_id(sizeof(device_id_buffer),
- device_id_buffer);
- if (device_id_size < 0) {
- TEST_FAIL("Device ID unavailable");
- return;
- }
-
- /* Compare the value from token and from direct call */
- if (tfm_memcmp(tlv_data_ptr, device_id_buffer, device_id_size) != 0) {
- TEST_FAIL("Faulty claim: TLV_MINOR_IAS_DEVICE_ID");
- return;
- }
+#endif
/* Check CHALLENGE */
res = attest_get_tlv_data(TLV_MINOR_IAS_CHALLENGE, token_buffer,