Platform: Enable CC312 integration
Add platform cc312 directory. Add cmake for building. Add utility
functions to platform dir. Add supplementary mbedtls config file. Add
redirect for logging (GNUARM only).
Change-Id: I9fe7632c0db0a2ef5ee9756a0e743508a6b19559
Signed-off-by: Raef Coles <raef.coles@arm.com>
diff --git a/docs/user_guides/tfm_build_instruction.rst b/docs/user_guides/tfm_build_instruction.rst
index 04de8a5..70c5358 100644
--- a/docs/user_guides/tfm_build_instruction.rst
+++ b/docs/user_guides/tfm_build_instruction.rst
@@ -224,7 +224,9 @@
- ``Relwithdebinfo``
- ``Minsizerel``
* - -DMBEDCRYPTO_DEBUG=<ON|OFF>
- - Enables debug symbols for Mbed Crypto library.
+ - Enables debug symbols for Mbed Crypto library. If a cryptographic
+ accelerator is enabled then this will also enable debug symbols and
+ logging for any accelerator libraries.
* - -DBUILD_DWARF_VERSION=<dwarf version>
- Configures DWARF version.
The possible values are:
diff --git a/platform/ext/common/cc312/BuildCC312.cmake b/platform/ext/common/cc312/BuildCC312.cmake
new file mode 100644
index 0000000..38c66cf
--- /dev/null
+++ b/platform/ext/common/cc312/BuildCC312.cmake
@@ -0,0 +1,139 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2019, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+#When included, this file will add a target to build the cc312 libraries with
+#the same compilation setting as used by the file including this one.
+cmake_minimum_required(VERSION 3.7)
+
+if (CMAKE_HOST_WIN32)
+ message(FATAL_ERROR "CC312 build is not supported on windows")
+endif()
+
+if (NOT DEFINED CC312_SOURCE_DIR)
+ message(FATAL_ERROR "Please set CC312_SOURCE_DIR before including this file.")
+endif()
+
+if (NOT DEFINED CC312_TARGET_NAME)
+ set(CC312_TARGET_NAME "${PROJECT_NAME}_cc312_lib" PARENT_SCOPE)
+ set(CC312_TARGET_NAME "${PROJECT_NAME}_cc312_lib")
+ message(WARNING "Using default CC312_TARGET_NAME ${CC312_TARGET_NAME}")
+endif()
+
+if (NOT DEFINED CC312_BUILD_DIR)
+ set(CC312_BUILD_DIR "${CMAKE_CURRENT_BINARY_DIR}/cryptocell/build")
+ message(WARNING "Using default CC312_BUILD_DIR ${CC312_BUILD_DIR}")
+endif()
+
+if (NOT DEFINED CC312_INSTALL_DIR)
+ set(CC312_INSTALL_DIR ${CMAKE_CURRENT_BINARY_DIR}/cryptocell/install PARENT_SCOPE)
+ set(CC312_INSTALL_DIR ${CMAKE_CURRENT_BINARY_DIR}/cryptocell/install)
+ message(WARNING "Using default CC312_INSTALL_DIR ${CC312_INSTALL_DIR}")
+endif()
+
+
+# CC312 needs to know what config mbedtls was built with
+if (NOT DEFINED MBEDTLS_CONFIG_FILE)
+ message(FATAL_ERROR "Please set MBEDTLS_CONFIG_FILE before including this file.")
+endif()
+if (NOT DEFINED MBEDTLS_CONFIG_PATH)
+ message(FATAL_ERROR "Please set MBEDTLS_CONFIG_PATH before including this file.")
+endif()
+
+#FIXME This is bad, but it _does_ work.
+if (${PROJECT_NAME} STREQUAL "mcuboot")
+ # because these are used in the mbedtls config they need to be defined for
+ # CC312 as well (as it includes the config
+ if (MCUBOOT_SIGNATURE_TYPE STREQUAL "RSA-3072")
+ string(APPEND CC312_C_FLAGS " -DMCUBOOT_SIGN_RSA_LEN=3072")
+ elseif(MCUBOOT_SIGNATURE_TYPE STREQUAL "RSA-2048")
+ string(APPEND CC312_C_FLAGS " -DMCUBOOT_SIGN_RSA_LEN=2048")
+ endif()
+endif()
+
+
+list(APPEND ALL_SRC_C "${PLATFORM_DIR}/common/cc312/cc312.c")
+
+embedded_include_directories(PATH "${PLATFORM_DIR}/common/cc312/" ABSOLUTE)
+
+embedded_include_directories(PATH "${CC312_INSTALL_DIR}/include")
+string(APPEND MBEDCRYPTO_C_FLAGS " -I ${CC312_INSTALL_DIR}/include")
+string(APPEND CC312_C_FLAGS " -I ${CC312_INSTALL_DIR}/include")
+
+string(APPEND MBEDCRYPTO_C_FLAGS " -I ${PLATFORM_DIR}/common/cc312")
+string(APPEND MBEDTLS_C_FLAGS " -DUSE_MBEDTLS_CRYPTOCELL")
+string(APPEND MBEDCRYPTO_C_FLAGS " -DCRYPTO_HW_ACCELERATOR")
+
+string(APPEND MBEDCRYPTO_C_FLAGS " -DMBEDTLS_ECDH_LEGACY_CONTEXT")
+
+string(APPEND CC312_C_FLAGS " -DMBEDTLS_CONFIG_FILE=\'\\\\\\\"${MBEDTLS_CONFIG_FILE}\\\\\\\"\'")
+string(APPEND CC312_C_FLAGS " -I ${MBEDTLS_CONFIG_PATH}")
+string(APPEND CC312_C_FLAGS " -I ${PLATFORM_DIR}/common/cc312")
+
+string(APPEND CC312_C_FLAGS " -DUSE_MBEDTLS_CRYPTOCELL")
+string(APPEND CC312_C_FLAGS " -DCRYPTO_HW_ACCELERATOR")
+
+if (MBEDCRYPTO_DEBUG)
+ if (${COMPILER} STREQUAL "GNUARM")
+ list(APPEND ALL_SRC_C "${PLATFORM_DIR}/common/cc312/cc312_log.c")
+ string(APPEND CC312_C_FLAGS " -DDEBUG -DCC_PAL_MAX_LOG_LEVEL=3")
+ else()
+ # Can't set DEBUG (because of stdout issues)
+ message(WARNING "${COMPILER} does not support CC312 debug logging")
+ endif()
+ string(APPEND CC312_C_FLAGS " -g -O0")
+endif()
+
+set(CC312_COMPILER ${CMAKE_C_COMPILER})
+
+if (${COMPILER} STREQUAL "ARMCLANG")
+ set(CC312_CROSSCOMPILE armclang)
+elseif(${COMPILER} STREQUAL "GNUARM")
+ set(CC312_CROSSCOMPILE arm-none-eabi-)
+else()
+ message(FATAL_ERROR "Compiler ${COMPILER} is not supported by CC312")
+endif()
+
+# Because a makefile is being called anything defined here will prevent
+# modification in the makefile. Due to this the extra flags are included as part
+# of the compiler directive (which won't be modified, where the actual CFLAGS
+# variable will).
+#
+# Variables split between here and CC312_CFG.mk. Anything that depends on a
+# cmake variable is set here.
+set(CC312_ENV "\
+ ARCH=arm\
+ CC='${CC312_COMPILER} ${CC312_C_FLAGS}'\
+ CROSS_COMPILE=${CC312_CROSSCOMPILE}\
+ MBEDCRYPTO_ROOT_DIR=${MBEDCRYPTO_SOURCE_DIR}\
+ MBEDCRYPTO_ROOT=${MBEDCRYPTO_SOURCE_DIR}\
+ PROJ_CFG_PATH=${PLATFORM_DIR}/common/cc312/cc312_proj_cfg.mk\
+ BUILDDIR=${CC312_BUILD_DIR}/\
+ RELEASE_LIBDIR=${CC312_INSTALL_DIR}/lib/\
+ RELEASE_INCDIR=${CC312_INSTALL_DIR}/include/\
+ LOGFILE=${CMAKE_CURRENT_BINARY_DIR}/cc312_makelog.txt\
+")
+
+if (TARGET ${CC312_TARGET_NAME})
+ message(FATAL_ERROR "A target with name ${CC312_TARGET_NAME} is already\
+defined. Please set CC312_TARGET_NAME to a unique value.")
+endif()
+
+#Build CC312 as external project.
+include(ExternalProject)
+set(_static_lib_command ${CMAKE_C_CREATE_STATIC_LIBRARY})
+externalproject_add(${CC312_TARGET_NAME}
+ SOURCE_DIR ${CC312_SOURCE_DIR}/host/src
+ CMAKE_ARGS -DCMAKE_BUILD_TYPE=${CC312_BUILD_TYPE}
+ BUILD_IN_SOURCE 1
+ DOWNLOAD_COMMAND ""
+ UPDATE_COMMAND ""
+ WORKING_DIRECTORY ${CC312_SOURCE_DIR}/host/src
+ CONFIGURE_COMMAND ${CMAKE_COMMAND} -E make_directory ${CC312_SOURCE_DIR}/mbedtls
+ COMMAND ${CMAKE_COMMAND} -E copy_directory ${MBEDCRYPTO_SOURCE_DIR} ${CC312_SOURCE_DIR}/mbedtls
+ INSTALL_COMMAND ""
+ BUILD_ALWAYS TRUE
+ BUILD_COMMAND bash -c "make -C ${CC312_SOURCE_DIR}/host/src ${CC312_ENV}")
diff --git a/platform/ext/common/cc312/LinkCC312.cmake b/platform/ext/common/cc312/LinkCC312.cmake
new file mode 100644
index 0000000..6344e64
--- /dev/null
+++ b/platform/ext/common/cc312/LinkCC312.cmake
@@ -0,0 +1,34 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2019, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+#When included, this file will add a target to link the cc312 libraries. It will
+#also add the dependency between the project and the cc312 build target.
+cmake_minimum_required(VERSION 3.7)
+
+add_dependencies(${PROJECT_NAME} ${CC312_TARGET_NAME})
+
+# generate cc312 before tfm_s_obj_lib, so the incdir gets generated before
+# anything that tries to use it
+if (PROJECT_NAME STREQUAL "tfm_crypto")
+add_dependencies(tfm_s_obj_lib ${CC312_TARGET_NAME})
+endif()
+
+#Build the CC312 install header dir before mbedtls
+add_dependencies(${MBEDCRYPTO_TARGET_NAME} ${CC312_TARGET_NAME})
+
+get_target_property(TARGET_TYPE ${PROJECT_NAME} TYPE)
+
+if (TARGET_TYPE STREQUAL "EXECUTABLE")
+ target_link_libraries(${PROJECT_NAME} "${CC312_INSTALL_DIR}/lib/${CMAKE_STATIC_LIBRARY_PREFIX_C}libcc_312${CMAKE_STATIC_LIBRARY_SUFFIX_C}")
+ target_link_libraries(${PROJECT_NAME} "${CC312_INSTALL_DIR}/lib/${CMAKE_STATIC_LIBRARY_PREFIX_C}libpal_no_os${CMAKE_STATIC_LIBRARY_SUFFIX_C}")
+ target_link_libraries(${PROJECT_NAME} "${MBEDCRYPTO_INSTALL_DIR}/lib/${CMAKE_STATIC_LIBRARY_PREFIX_C}mbedcrypto${CMAKE_STATIC_LIBRARY_SUFFIX_C}")
+elseif (TARGET_TYPE STREQUAL "STATIC_LIBRARY")
+ compiler_merge_library(DEST ${PROJECT_NAME} LIBS "${CC312_INSTALL_DIR}/lib/${CMAKE_STATIC_LIBRARY_PREFIX_C}libcc_312${CMAKE_STATIC_LIBRARY_SUFFIX_C}")
+ compiler_merge_library(DEST ${PROJECT_NAME} LIBS "${CC312_INSTALL_DIR}/lib/${CMAKE_STATIC_LIBRARY_PREFIX_C}libpal_no_os${CMAKE_STATIC_LIBRARY_SUFFIX_C}")
+else()
+ message(FATAL_ERROR "Unknown target type ${TARGET_TYPE}")
+endif()
diff --git a/platform/ext/common/cc312/cc312.c b/platform/ext/common/cc312/cc312.c
new file mode 100644
index 0000000..7dc8556
--- /dev/null
+++ b/platform/ext/common/cc312/cc312.c
@@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 2019, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "crypto_hw.h"
+
+#include "cc_lib.h"
+#include "cc_pal_buff_attr.h"
+#include "cc_rnd_common.h"
+#include "mbedtls/platform.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/entropy.h"
+#include "arm_cmse.h"
+
+CCRndContext_t* CC312_pRndCtx = NULL;
+CCRndWorkBuff_t* CC312_pRndWorkBuff = NULL;
+mbedtls_ctr_drbg_context* CC312_pRndState = NULL;
+mbedtls_entropy_context* CC312_pMbedtlsEntropy = NULL;
+
+CCError_t CC_PalDataBufferAttrGet(const unsigned char *pDataBuffer,
+ size_t buffSize, uint8_t buffType,
+ uint8_t *pBuffNs)
+{
+ CC_UNUSED_PARAM(buffType);
+
+ *pBuffNs = DATA_BUFFER_IS_SECURE;
+ if (cmse_check_address_range((void*)pDataBuffer, buffSize, CMSE_NONSECURE)) {
+ *pBuffNs = DATA_BUFFER_IS_NONSECURE;
+ }
+
+ return CC_OK;
+}
+
+/*
+ * \brief Initialize the CC312 crypto accelerator
+ */
+
+int crypto_hw_accelerator_init(void)
+{
+ int ret = 0;
+
+ /* Allocate memory on heap */
+ CC312_pRndCtx = mbedtls_calloc(1, sizeof(CCRndContext_t));
+ CC312_pRndWorkBuff = mbedtls_calloc(1, sizeof(CCRndWorkBuff_t));
+ CC312_pRndState = mbedtls_calloc(1, sizeof(mbedtls_ctr_drbg_context));
+ CC312_pMbedtlsEntropy = mbedtls_calloc(1, sizeof(mbedtls_entropy_context));
+
+ /* Check if memory allocation was successful */
+ if ( !CC312_pRndCtx || !CC312_pRndWorkBuff
+ || !CC312_pRndState || !CC312_pMbedtlsEntropy) {
+ mbedtls_free(CC312_pRndCtx);
+ mbedtls_free(CC312_pRndWorkBuff);
+ mbedtls_free(CC312_pRndState);
+ mbedtls_free(CC312_pMbedtlsEntropy);
+
+ return -1;
+ }
+
+ /* Init Rnd context's inner members */
+ CC312_pRndCtx->rndState = CC312_pRndState;
+ CC312_pRndCtx->entropyCtx = CC312_pMbedtlsEntropy;
+
+ /* Initialise CryptoCell library */
+ ret = CC_LibInit(CC312_pRndCtx, CC312_pRndWorkBuff);
+ if (ret != CC_LIB_RET_OK) {
+ mbedtls_free(CC312_pRndCtx);
+ mbedtls_free(CC312_pRndWorkBuff);
+ mbedtls_free(CC312_pRndState);
+ mbedtls_free(CC312_pMbedtlsEntropy);
+
+ return ret;
+ }
+
+ return 0;
+}
+
+/*
+ * \brief Deallocate the CC312 crypto accelerator
+ */
+int crypto_hw_accelerator_finish(void)
+{
+ int ret = 0;
+
+ ret = CC_LibFini(CC312_pRndCtx);
+ if(ret != CC_LIB_RET_OK) {
+ return ret;
+ }
+
+ mbedtls_free(CC312_pRndCtx);
+ mbedtls_free(CC312_pRndWorkBuff);
+ mbedtls_free(CC312_pRndState);
+ mbedtls_free(CC312_pMbedtlsEntropy);
+
+ return 0;
+}
diff --git a/platform/ext/common/cc312/cc312_log.c b/platform/ext/common/cc312/cc312_log.c
new file mode 100644
index 0000000..de73c66
--- /dev/null
+++ b/platform/ext/common/cc312/cc312_log.c
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2019, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "uart_stdout.h"
+#include "stdarg.h"
+#include "string.h"
+
+/* Log level = debug */
+int CC_PAL_logLevel = 3;
+#define CC_PAL_MAX_LOG_LEVEL 3
+
+#include "cc_pal_log.h"
+
+
+#define CC312_LOG_BUF_SIZE 64
+
+uint32_t CC_PAL_logMask = 0xFFFFFFFF;
+
+void CC_PalLogInit(void){}
+
+void CC_PalLog(int level, const char* format, ...)
+{
+ char buf[CC312_LOG_BUF_SIZE] = {0};
+ va_list args;
+ int format_len = strlen(format);
+
+ if (format_len + 2 > CC312_LOG_BUF_SIZE)
+ {
+ printf("CC312 logging error: Message too long\r\n");
+ return;
+ }
+
+
+ va_start(args, format);
+
+ /* CC312 lib doesn't insert CR characters so it's done here */
+ strcpy(buf, format);
+ buf[format_len] = '\r';
+
+ vprintf(buf, args);
+}
diff --git a/platform/ext/common/cc312/cc312_proj_cfg.mk b/platform/ext/common/cc312/cc312_proj_cfg.mk
new file mode 100644
index 0000000..fc5f171
--- /dev/null
+++ b/platform/ext/common/cc312/cc312_proj_cfg.mk
@@ -0,0 +1,56 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2019, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+# Project configuration for cc312 development host project
+PROJ_NAME = cc312
+TARGET_DIR = cc3x
+PROJ_PRD = cc3x
+HOST_LIBNAME = cc3x_lib
+
+TEE_OS = no_os
+REE_OS = no_os
+CORTEX = cortex-m33
+ARM_CPU = cortex-m33
+M_ARCH=armv8-m.main
+
+PROJ_CFG_NAME = ''
+CC_HW_VERSION = 0xFF
+CC_TEE_HW_INC_DIR = hw/include/
+DLLI_MAX_BUFF_SIZE = 0x10000
+CC_CONFIG_SB_DOUBLE_BUFFER_MAX_SIZE_IN_BYTES = 8192
+CC_CONFIG_MNG_MIN_BACKUP_SIZE_IN_BYTES = 512
+CC_CONFIG_SUPPORT_ECC_SCA_SW_PROTECT = 0
+FW_ENABLE_AES_DRIVER = 1
+CC_CONFIG_SB_INDIRECT_SRAM_ACCESS = 1
+CC_CONFIG_SB_CERT_VERSION_MAJOR = 1
+CC_CONFIG_SB_CERT_VERSION_MINOR = 0
+CC_CONFIG_SB_CC3X = 1
+
+CFLAGS_EXTRA += -DCRYPTO_HW_ACCELERATOR=1
+CFLAGS_EXTRA += -DHW_ACCELERATOR_CC312=1
+CFLAGS_EXTRA += -DUSE_MBEDTLS_CRYPTOCELL=1
+
+CFLAGS_EXTRA += -DCC_CONFIG_TRNG_MODE=0
+CFLAGS_EXTRA += -DCC_CONFIG_SUPPORT_SRP=1
+CFLAGS_EXTRA += -DCC_CONFIG_CC_CHACHA_POLY_SUPPORT=1
+CFLAGS_EXTRA += -DCC_CONFIG_SB_X509_CERT_SUPPORTED=1
+CFLAGS_EXTRA += -DCC_CONFIG_SUPPORT_EXT_DMA=0
+CFLAGS_EXTRA += -DCC_CONFIG_SUPPORT_SB_RT=0
+
+CFLAGS_EXTRA += -DDX_SCC_BASE_ADDR=0x5010B000
+
+CFLAGS_EXTRA += -DMBEDTLS_ECDH_LEGACY_CONTEXT
+CFLAGS_EXTRA += -DCC_SRAM_INDIRECT_ACCESS
+
+CFLAGS_EXTRA += -fshort-enums
+CFLAGS_EXTRA += -fshort-wchar
+CFLAGS_EXTRA += -funsigned-char
+CFLAGS_EXTRA += -ffunction-sections
+CFLAGS_EXTRA += -fdata-sections
+
+TEST_PRODUCT = cc3x
+PROJ_TARGETS += cc3x_lib pal cc3x_productionlib
diff --git a/platform/ext/common/cc312/crypto_hw.h b/platform/ext/common/cc312/crypto_hw.h
new file mode 100644
index 0000000..163070d
--- /dev/null
+++ b/platform/ext/common/cc312/crypto_hw.h
@@ -0,0 +1,33 @@
+/*
+ * Copyright (c) 2019, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __CRYPTO_HW_H__
+#define __CRYPTO_HW_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+/**
+ * \brief Initialize the CC312 crypto accelerator
+ *
+ * \return 0 on success, non-zero otherwise
+ */
+int crypto_hw_accelerator_init(void);
+
+/**
+ * \brief Deallocate the CC312 crypto accelerator
+ *
+ * \return 0 on success, non-zero otherwise
+ */
+int crypto_hw_accelerator_finish(void);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __CRYPTO_HW_H__ */
diff --git a/platform/ext/common/cc312/mbedtls_accelerator_config.h b/platform/ext/common/cc312/mbedtls_accelerator_config.h
new file mode 100644
index 0000000..2b60143
--- /dev/null
+++ b/platform/ext/common/cc312/mbedtls_accelerator_config.h
@@ -0,0 +1,113 @@
+/*
+ * Copyright (c) 2019, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef MBEDTLS_ACCELERATOR_CONF_H
+#define MBEDTLS_ACCELERATOR_CONF_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+/* RNG Config */
+#undef MBEDTLS_TEST_NULL_ENTROPY
+#undef MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+
+#define MBEDTLS_PLATFORM_ENTROPY
+#define MBEDTLS_ENTROPY_C
+#define MBEDTLS_CTR_DRBG_C
+#define MBEDTLS_AES_C
+#define MBEDTLS_ENTROPY_HARDWARE_ALT
+
+/* Main Config */
+
+/* The CC312 does not support CFB mode */
+#ifdef MBEDTLS_CIPHER_MODE_CFB
+#undef MBEDTLS_CIPHER_MODE_CFB
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+
+#ifdef MBEDTLS_AES_C
+#define MBEDTLS_AES_ALT
+#define MBEDTLS_AES_SETKEY_ENC_ALT
+#define MBEDTLS_AES_SETKEY_DEC_ALT
+#define MBEDTLS_AES_ENCRYPT_ALT
+#define MBEDTLS_AES_DECRYPT_ALT
+#endif /* MBEDTLS_AES_C */
+
+#ifdef MBEDTLS_ARIA_C
+#define MBEDTLS_ARIA_ALT
+#endif /* MBEDTLS_ARIA_C */
+
+#ifdef MBEDTLS_CCM_C
+#define MBEDTLS_CCM_ALT
+#endif /* MBEDTLS_CCM_C */
+
+#ifdef MBEDTLS_CHACHA20_C
+#define MBEDTLS_CHACHA20_ALT
+#endif /* MBEDTLS_CHACHA20_C */
+
+#ifdef MBEDTLS_CHACHAPOLY_C
+#define MBEDTLS_CHACHAPOLY_ALT
+#endif /* MBEDTLS_CHACHAPOLY_C */
+
+#ifdef MBEDTLS_CMAC_C
+#define MBEDTLS_CMAC_ALT
+#endif /* MBEDTLS_CMAC_C */
+
+#ifdef MBEDTLS_DHM_C
+#define MBEDTLS_DHM_ALT
+#endif /* MBEDTLS_DHM_C */
+
+#ifdef MBEDTLS_ECDH_C
+#define MBEDTLS_ECDH_ALT
+#define MBEDTLS_ECDH_GEN_PUBLIC_ALT
+#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT
+#endif /* MBEDTLS_ECDH_C */
+
+#ifdef MBEDTLS_ECDSA_C
+#define MBEDTLS_ECDSA_ALT
+#define MBEDTLS_ECDSA_VERIFY_ALT
+#define MBEDTLS_ECDSA_SIGN_ALT
+#define MBEDTLS_ECDSA_GENKEY_ALT
+#endif /* MBEDTLS_ECDSA_C */
+
+#ifdef MBEDTLS_GCM_C
+#define MBEDTLS_GCM_ALT
+#endif /* MBEDTLS_GCM_C */
+
+#ifdef MBEDTLS_NIST_KW_C
+#define MBEDTLS_NIST_KW_ALT
+#endif /* MBEDTLS_NIST_KW_C */
+
+#ifdef MBEDTLS_POLY1305_C
+#define MBEDTLS_POLY1305_ALT
+#endif /* MBEDTLS_POLY1305_C */
+
+#ifdef MBEDTLS_RSA_C
+#define MBEDTLS_RSA_ALT
+#define MBEDTLS_PK_RSA_ALT_SUPPORT
+#define MBEDTLS_GENPRIME
+#endif /* MBEDTLS_RSA_C */
+
+#ifdef MBEDTLS_SHA1_C
+#define MBEDTLS_SHA1_ALT
+#define MBEDTLS_SHA1_PROCESS_ALT
+#endif /* MBEDTLS_SHA1_C */
+
+#ifdef MBEDTLS_SHA256_C
+#define MBEDTLS_SHA256_ALT
+#define MBEDTLS_SHA256_PROCESS_ALT
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_ECP_C) && defined(MBEDTLS_MD_C)
+#define MBEDTLS_ECJPAKE_ALT
+#endif /* MBEDTLS_ECP_C && MBEDTLS_MD_C */
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* MBEDTLS_ACCELERATOR_CONF_H */
diff --git a/platform/ext/musca_b1.cmake b/platform/ext/musca_b1.cmake
index 600c936..b3dd021 100644
--- a/platform/ext/musca_b1.cmake
+++ b/platform/ext/musca_b1.cmake
@@ -211,3 +211,24 @@
elseif(BUILD_DEVICE_ID)
list(APPEND ALL_SRC_C "${PLATFORM_DIR}/target/musca_b1/dummy_device_id.c")
endif()
+
+#Default for Musca-B1 is to disable the CC312 due to Windows build not being
+#supported.
+if (NOT DEFINED CRYPTO_HW_ACCELERATOR)
+ set (CRYPTO_HW_ACCELERATOR OFF)
+endif()
+
+#Enable CryptoCell-312 HW accelerator
+if (CRYPTO_HW_ACCELERATOR)
+ set(CRYPTO_HW_ACCELERATOR_CMAKE_BUILD "${PLATFORM_DIR}/common/cc312/BuildCC312.cmake" PARENT_SCOPE)
+ set(CRYPTO_HW_ACCELERATOR_CMAKE_LINK "${PLATFORM_DIR}/common/cc312/LinkCC312.cmake" PARENT_SCOPE)
+
+ get_filename_component(CC312_SOURCE_DIR "${PLATFORM_DIR}/../../lib/ext/cryptocell-312-runtime" ABSOLUTE)
+ add_definitions("-DCRYPTO_HW_ACCELERATOR")
+ add_definitions("-DCRYPTO_HW_ACCELERATOR_CC312")
+
+ add_definitions("-DCC_IOT")
+ string(APPEND CC312_C_FLAGS " -I ${CC312_SOURCE_DIR}/shared/hw/include/musca_b1")
+ embedded_include_directories(PATH "${CMAKE_CURRENT_BINARY_DIR}/services/crypto/cryptocell/install/include" ABSOLUTE)
+ embedded_include_directories(PATH "${PLATFORM_DIR}/common/cc312/" ABSOLUTE)
+endif()
diff --git a/platform/ext/readme.rst b/platform/ext/readme.rst
index a5f7e03..d88d51b 100644
--- a/platform/ext/readme.rst
+++ b/platform/ext/readme.rst
@@ -20,9 +20,51 @@
common
======
-This folder contains stdout redirection to UART, a temporary memory mapped flash
-implementation for the bootloader and ``tfm_mbedcrypto_config.h`` for all the
-targets.
+
+armclang and gcc
+----------------
+These contain the linker scripts used to configure the memory regions in TF-M
+regions.
+
+cc312
+-----
+This folder contains cmake and code files to interact with the CC312
+cryptographic accelerator. Integrating a platform with the CC312 requires some
+configuration, of which an example can be seen in the
+``platform/ext/musca_b1.cmake`` file.
+
+To configure the CC312 at build time, a few cmake arguments can be specified.
+
+- ``CRYPTO_HW_ACCELERATOR``
+ - ``ON`` All possible mbedtls cryptographic operations will be offloaded to
+ the CC312 accelerator.
+ - ``OFF`` The cryptographic accelerator will be ignored and software
+ cryptography will be used.
+
+- ``CRYPTO_HW_ACCELERATOR_OTP_STATE``
+ - ``DISABLED`` The HW accelerator will not use any data from its onboard OTP
+ (One Time Programmable) memory.
+ - ``PROVISIONING`` This special mode is used to program cryptographic
+ material into the OTP memory. When the flag is set TF-M will not boot, but
+ will instead program the hardware unique key, the root of trust private key
+ and the attestation private key into the OTP memory. This mode is not
+ compatible with
+ ``CRYPTO_HW_ACCELERATOR=ON``.
+ - ``ENABLED`` The HW accelerator will use the previously programmed data as
+ the hardware unique key, the root of trust private key and the attestation
+ private key. This mode requires ``CRYPTO_HW_ACCELERATOR=ON``.
+
+
+.. Warning::
+
+ Provisioning **can not** be reversed, and data in the OTP memory **can not**
+ be changed once set.
+
+other
+-----
+This folder also contains stdout redirection to UART, a temporary memory mapped
+flash implementation for the bootloader and ``tfm_mbedcrypto_config.h`` for all
+the targets.
drivers
=======