commit 5d231707fe03f4601da4af80ccf6cd3b8c2b8975
author Tamas Ban <tamas.ban@arm.com> Tue Mar 10 16:24:58 2020 +0100
committer Tamas Ban <tamas.ban@arm.com> Mon Apr 20 09:42:50 2020 +0000
tree ef12c2d121897ac888fe7b7572e9316a68e3315f
parent 761ebafd13794f59da82e38f799def651a394949

Attest: Checks device lifecycle max value

Fix the check of the maximum value of PSA RoT lifecycle to
be compliant with definition: Lifecycle state is represented
by an integer that is divided to convey a major state[15:8]
and a minor state[7:0]. Major state is mandatory and defined
by PSA-SM. Minor state is optional and implementation defined.

Change-Id: Ie4ac823d7380a03d2ca4c515358e0a9fc30804f5
Signed-off-by: Tamas Ban <tamas.ban@arm.com>

platform/include/tfm_attest_hal.h

diff --git a/platform/include/tfm_attest_hal.h b/platform/include/tfm_attest_hal.h
index b43b109..0d77da0 100644
--- a/platform/include/tfm_attest_hal.h
+++ b/platform/include/tfm_attest_hal.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  *
@@ -25,6 +25,7 @@
     TFM_SLC_NON_PSA_ROT_DEBUG         = 0x4000u,
     TFM_SLC_RECOVERABLE_PSA_ROT_DEBUG = 0x5000u,
     TFM_SLC_DECOMMISSIONED            = 0x6000u,
+    TFM_SLC_MAX_VALUE                 = 0x60FFu,
 };
 
 /**

secure_fw/services/initial_attestation/attestation_core.c

diff --git a/secure_fw/services/initial_attestation/attestation_core.c b/secure_fw/services/initial_attestation/attestation_core.c
index 4ebe29e..37da079 100644
--- a/secure_fw/services/initial_attestation/attestation_core.c
+++ b/secure_fw/services/initial_attestation/attestation_core.c
@@ -748,7 +748,7 @@
     }
 
     /* Sanity check */
-    if (security_lifecycle > TFM_SLC_DECOMMISSIONED) {
+    if (security_lifecycle > TFM_SLC_MAX_VALUE) {
         return PSA_ATTEST_ERR_GENERAL;
     }