Platform: Get device lifecycle from CC312 on Musca-B1
CryptoCell lifecycle includes:
- CM: Chip manufacture lifecycle, belongs to IC vendor
- DM: Device manufacture lifecycle, belongs to OEM
- SE: Secure enable lifecycle, belongs to end user
- RMA: Return to manufacture and analyze, belongs to ICV or OEM debug
Mapping PSA lifecycle to CryptoCell lifecycle:
- TFM_SLC_ASSEMBLY_AND_TEST – CM
- TFM_SLC_PSA_ROT_PROVISIONING - DM
- TFM_SLC_SECURED – SE
- TFM_SLC_DECOMMISSIONED – RMA
If the chip is not yet provisioned, it is CM lifecycle.
Change-Id: I7d39c7f0d5b09be7a669a1970fcafc669763ebfb
Signed-off-by: Xu Yong <yong.xu@arm.com>
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
diff --git a/platform/ext/common/cc312/cc312.c b/platform/ext/common/cc312/cc312.c
index 7dc8556..a5c417d 100644
--- a/platform/ext/common/cc312/cc312.c
+++ b/platform/ext/common/cc312/cc312.c
@@ -13,6 +13,7 @@
#include "mbedtls/platform.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/entropy.h"
+#include "mbedtls_cc_mng_int.h"
#include "arm_cmse.h"
CCRndContext_t* CC312_pRndCtx = NULL;
@@ -96,3 +97,8 @@
return 0;
}
+
+int crypto_hw_accelerator_get_lcs(uint32_t *lcs)
+{
+ return mbedtls_mng_lcsGet(lcs);
+}
diff --git a/platform/ext/common/cc312/crypto_hw.h b/platform/ext/common/cc312/crypto_hw.h
index b5baa8b..2d577cd 100644
--- a/platform/ext/common/cc312/crypto_hw.h
+++ b/platform/ext/common/cc312/crypto_hw.h
@@ -8,6 +8,8 @@
#ifndef __CRYPTO_HW_H__
#define __CRYPTO_HW_H__
+#include <stdint.h>
+
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
@@ -44,6 +46,14 @@
*/
int crypto_hw_accelerator_otp_provisioning(void);
+/** \brief Retrieve the device lifecycle
+ *
+ * \param[out] lcs Pointer to store lifecycle state
+ *
+ * \return 0 on success, non-zero otherwise
+ */
+int crypto_hw_accelerator_get_lcs(uint32_t *lcs);
+
#ifdef __cplusplus
}
#endif /* __cplusplus */
diff --git a/platform/ext/musca_b1.cmake b/platform/ext/musca_b1.cmake
index 8f9633c..3b7e56f 100644
--- a/platform/ext/musca_b1.cmake
+++ b/platform/ext/musca_b1.cmake
@@ -258,4 +258,7 @@
embedded_include_directories(PATH "${CC312_SOURCE_DIR}/shared/hw/include/musca_b1" ABSOLUTE)
embedded_include_directories(PATH "${CMAKE_CURRENT_BINARY_DIR}/services/crypto/cryptocell/install/include" ABSOLUTE)
embedded_include_directories(PATH "${PLATFORM_DIR}/common/cc312/" ABSOLUTE)
+
+ #Compiling this file requires to disable warning: -Wunused-local-typedefs
+ set_source_files_properties("${PLATFORM_DIR}/target/musca_b1/dummy_crypto_keys.c" PROPERTIES COMPILE_FLAGS -Wno-unused-local-typedefs)
endif()
diff --git a/platform/ext/target/musca_b1/attest_hal.c b/platform/ext/target/musca_b1/attest_hal.c
index d4d2407..7b682a8 100644
--- a/platform/ext/target/musca_b1/attest_hal.c
+++ b/platform/ext/target/musca_b1/attest_hal.c
@@ -8,15 +8,57 @@
#include "platform/include/tfm_attest_hal.h"
#include <stdint.h>
+#ifdef CRYPTO_HW_ACCELERATOR
+#include "crypto_hw.h"
+#include "mbedtls_cc_mng_int.h"
+#endif /* CRYPTO_HW_ACCELERATOR */
+
/* Example verification service URL for initial attestation token */
static const char verification_service_url[] = "www.trustedfirmware.org";
/* Example profile definition document for initial attestation token */
static const char attestation_profile_definition[] = "PSA_IOT_PROFILE_1";
+#ifdef CRYPTO_HW_ACCELERATOR
+static enum tfm_security_lifecycle_t
+map_cc312_to_tfm_lifecycle(uint32_t cc312_lcs)
+{
+ enum tfm_security_lifecycle_t tfm_lcs;
+
+ if (cc312_lcs == CC_MNG_LCS_CM) {
+ tfm_lcs = TFM_SLC_ASSEMBLY_AND_TEST;
+ } else if (cc312_lcs == CC_MNG_LCS_DM) {
+ tfm_lcs = TFM_SLC_PSA_ROT_PROVISIONING;
+ } else if (cc312_lcs == CC_MNG_LCS_SEC_ENABLED) {
+ tfm_lcs = TFM_SLC_SECURED;
+ } else if (cc312_lcs == CC_MNG_LCS_RMA) {
+ tfm_lcs = TFM_SLC_DECOMMISSIONED;
+ } else {
+ tfm_lcs = TFM_SLC_UNKNOWN;
+ }
+
+ return tfm_lcs;
+}
+#endif
+
enum tfm_security_lifecycle_t tfm_attest_hal_get_security_lifecycle(void)
{
+#ifdef CRYPTO_HW_ACCELERATOR
+ int rc;
+ uint32_t cc312_lcs;
+ enum tfm_security_lifecycle_t tfm_lcs;
+
+ rc = crypto_hw_accelerator_get_lcs(&cc312_lcs);
+ if (rc) {
+ return TFM_SLC_UNKNOWN;
+ }
+
+ tfm_lcs = map_cc312_to_tfm_lifecycle(cc312_lcs);
+
+ return tfm_lcs;
+#else
return TFM_SLC_SECURED;
+#endif
}
const char *