SST: Rename SST(Secure STorage) to PS(Protected Storage)
This patches renames SST(Secure STorage) to
PS(Protected Storage) for files, folders and any contents
in files to align with the PSA Storage API spec.
Change-Id: Icf991f59512875780c159f22737b521b3b2d4924
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
diff --git a/secure_fw/CMakeLists.txt b/secure_fw/CMakeLists.txt
index 8bd5d18..5dc4cfc 100644
--- a/secure_fw/CMakeLists.txt
+++ b/secure_fw/CMakeLists.txt
@@ -41,8 +41,8 @@
message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_PLATFORM is undefined.")
endif()
-if (NOT DEFINED TFM_PARTITION_SECURE_STORAGE)
- message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_SECURE_STORAGE is undefined.")
+if (NOT DEFINED TFM_PARTITION_PROTECTED_STORAGE)
+ message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_PROTECTED_STORAGE is undefined.")
endif()
if (NOT DEFINED TFM_PARTITION_INTERNAL_TRUSTED_STORAGE)
@@ -69,8 +69,8 @@
message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_TEST_SECURE_SERVICES is undefined. ")
endif()
-if (NOT DEFINED TFM_PARTITION_TEST_SST)
- message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_TEST_SST is undefined.")
+if (NOT DEFINED TFM_PARTITION_TEST_PS)
+ message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_TEST_PS is undefined.")
endif()
if (NOT DEFINED TEST_FRAMEWORK_S)
@@ -241,9 +241,9 @@
embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_INITIAL_ATTESTATION")
endif()
- if (TFM_PARTITION_SECURE_STORAGE)
+ if (TFM_PARTITION_PROTECTED_STORAGE)
target_link_libraries(${EXE_NAME} tfm_storage)
- embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_SECURE_STORAGE")
+ embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_PROTECTED_STORAGE")
endif()
if (TFM_PARTITION_CRYPTO)
@@ -287,8 +287,8 @@
embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_TEST_CORE_IPC")
endif()
- if (TFM_PARTITION_TEST_SST)
- embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_TEST_SST")
+ if (TFM_PARTITION_TEST_PS)
+ embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_TEST_PS")
endif()
if (TEST_FRAMEWORK_S)
@@ -400,14 +400,14 @@
DESTINATION ${EXPORT_SRC_DIR})
endif()
- if (TFM_PARTITION_SECURE_STORAGE)
+ if (TFM_PARTITION_PROTECTED_STORAGE)
install(FILES ${INTERFACE_INC_DIR}/psa/protected_storage.h
DESTINATION ${EXPORT_INC_DIR}/psa)
if (TFM_PSA_API)
- install(FILES ${INTERFACE_SRC_DIR}/tfm_sst_ipc_api.c
+ install(FILES ${INTERFACE_SRC_DIR}/tfm_ps_ipc_api.c
DESTINATION ${EXPORT_SRC_DIR})
else()
- install(FILES ${INTERFACE_SRC_DIR}/tfm_sst_func_api.c
+ install(FILES ${INTERFACE_SRC_DIR}/tfm_ps_func_api.c
DESTINATION ${EXPORT_SRC_DIR})
endif()
endif()
@@ -506,9 +506,9 @@
add_subdirectory(${SECURE_FW_DIR}/partitions/crypto)
endif()
-#Add the secure storage library target
-if (TFM_PARTITION_SECURE_STORAGE)
- add_subdirectory(${SECURE_FW_DIR}/partitions/secure_storage)
+#Add the protected storage library target
+if (TFM_PARTITION_PROTECTED_STORAGE)
+ add_subdirectory(${SECURE_FW_DIR}/partitions/protected_storage)
endif()
#Add the internal trusted storage library target
diff --git a/secure_fw/partitions/audit_logging/psa_manifest/tfm_audit_logging.h b/secure_fw/partitions/audit_logging/psa_manifest/tfm_audit_logging.h
index 0cbfca6..3ca63bd 100644
--- a/secure_fw/partitions/audit_logging/psa_manifest/tfm_audit_logging.h
+++ b/secure_fw/partitions/audit_logging/psa_manifest/tfm_audit_logging.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
diff --git a/secure_fw/partitions/crypto/crypto_key_derivation.c b/secure_fw/partitions/crypto/crypto_key_derivation.c
index a789ec4..a4cd862 100644
--- a/secure_fw/partitions/crypto/crypto_key_derivation.c
+++ b/secure_fw/partitions/crypto/crypto_key_derivation.c
@@ -24,9 +24,9 @@
#include "tfm_plat_crypto_keys.h"
-#ifdef TFM_PARTITION_TEST_SST
+#ifdef TFM_PARTITION_TEST_PS
#include "psa_manifest/pid.h"
-#endif /* TFM_PARTITION_TEST_SST */
+#endif /* TFM_PARTITION_TEST_PS */
#ifndef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
static psa_status_t tfm_crypto_huk_derivation_setup(
@@ -58,14 +58,14 @@
return status;
}
-#ifdef TFM_PARTITION_TEST_SST
- /* The SST tests run some operations under the wrong partition ID - this
+#ifdef TFM_PARTITION_TEST_PS
+ /* The PS tests run some operations under the wrong partition ID - this
* causes the key derivation to change.
*/
- if (partition_id == TFM_SP_SST_TEST) {
- partition_id = TFM_SP_STORAGE;
+ if (partition_id == TFM_SP_PS_TEST) {
+ partition_id = TFM_SP_PS;
}
-#endif /* TFM_PARTITION_TEST_SST */
+#endif /* TFM_PARTITION_TEST_PS */
/* Put the label in the tls12_prf ctx to make it available in the output key
* step.
diff --git a/secure_fw/partitions/crypto/psa_manifest/tfm_crypto.h b/secure_fw/partitions/crypto/psa_manifest/tfm_crypto.h
index 87b44a1..bf80429 100644
--- a/secure_fw/partitions/crypto/psa_manifest/tfm_crypto.h
+++ b/secure_fw/partitions/crypto/psa_manifest/tfm_crypto.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
diff --git a/secure_fw/partitions/initial_attestation/psa_manifest/tfm_initial_attestation.h b/secure_fw/partitions/initial_attestation/psa_manifest/tfm_initial_attestation.h
index 203765d..dfe6f58 100644
--- a/secure_fw/partitions/initial_attestation/psa_manifest/tfm_initial_attestation.h
+++ b/secure_fw/partitions/initial_attestation/psa_manifest/tfm_initial_attestation.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
diff --git a/secure_fw/partitions/internal_trusted_storage/CMakeLists.inc b/secure_fw/partitions/internal_trusted_storage/CMakeLists.inc
index 2d0345b..a044be0 100644
--- a/secure_fw/partitions/internal_trusted_storage/CMakeLists.inc
+++ b/secure_fw/partitions/internal_trusted_storage/CMakeLists.inc
@@ -53,9 +53,9 @@
"${INTERNAL_TRUSTED_STORAGE_DIR}/flash_fs/its_flash_fs_mblock.c"
)
-# If either ITS or SST requires metadata to be validated, then compile the
+# If either ITS or PS requires metadata to be validated, then compile the
# validation code.
-if (ITS_VALIDATE_METADATA_FROM_FLASH OR SST_VALIDATE_METADATA_FROM_FLASH)
+if (ITS_VALIDATE_METADATA_FROM_FLASH OR PS_VALIDATE_METADATA_FROM_FLASH)
set_property(SOURCE ${INTERNAL_TRUSTED_STORAGE_C_SRC} APPEND PROPERTY COMPILE_DEFINITIONS ITS_VALIDATE_METADATA_FROM_FLASH)
endif()
@@ -71,20 +71,20 @@
set_property(SOURCE ${INTERNAL_TRUSTED_STORAGE_C_SRC} APPEND PROPERTY COMPILE_DEFINITIONS ITS_BUF_SIZE=${ITS_BUF_SIZE})
endif()
-# Also set SST definitions
-if (SST_ENCRYPTION)
- set_property(SOURCE ${INTERNAL_TRUSTED_STORAGE_C_SRC} APPEND PROPERTY COMPILE_DEFINITIONS SST_ENCRYPTION)
- if (SST_ROLLBACK_PROTECTION)
- set_property(SOURCE ${INTERNAL_TRUSTED_STORAGE_C_SRC} APPEND PROPERTY COMPILE_DEFINITIONS SST_ROLLBACK_PROTECTION)
+# Also set PS definitions
+if (PS_ENCRYPTION)
+ set_property(SOURCE ${INTERNAL_TRUSTED_STORAGE_C_SRC} APPEND PROPERTY COMPILE_DEFINITIONS PS_ENCRYPTION)
+ if (PS_ROLLBACK_PROTECTION)
+ set_property(SOURCE ${INTERNAL_TRUSTED_STORAGE_C_SRC} APPEND PROPERTY COMPILE_DEFINITIONS PS_ROLLBACK_PROTECTION)
endif()
endif()
-if (SST_CREATE_FLASH_LAYOUT)
- set_property(SOURCE ${INTERNAL_TRUSTED_STORAGE_C_SRC} APPEND PROPERTY COMPILE_DEFINITIONS SST_CREATE_FLASH_LAYOUT)
+if (PS_CREATE_FLASH_LAYOUT)
+ set_property(SOURCE ${INTERNAL_TRUSTED_STORAGE_C_SRC} APPEND PROPERTY COMPILE_DEFINITIONS PS_CREATE_FLASH_LAYOUT)
endif()
-if (SST_RAM_FS)
- set_property(SOURCE ${INTERNAL_TRUSTED_STORAGE_C_SRC} APPEND PROPERTY COMPILE_DEFINITIONS SST_RAM_FS)
+if (PS_RAM_FS)
+ set_property(SOURCE ${INTERNAL_TRUSTED_STORAGE_C_SRC} APPEND PROPERTY COMPILE_DEFINITIONS PS_RAM_FS)
endif()
#Append all our source files to global lists.
@@ -107,7 +107,7 @@
embedded_include_directories(PATH ${TFM_ROOT_DIR} ABSOLUTE)
embedded_include_directories(PATH ${TFM_ROOT_DIR}/interface/include ABSOLUTE)
embedded_include_directories(PATH ${TFM_ROOT_DIR}/platform/ext/driver ABSOLUTE)
-embedded_include_directories(PATH ${TFM_ROOT_DIR}/secure_fw/partitions/secure_storage ABSOLUTE)
+embedded_include_directories(PATH ${TFM_ROOT_DIR}/secure_fw/partitions/protected_storage ABSOLUTE)
set(BUILD_CMSIS_CORE Off)
set(BUILD_RETARGET Off)
diff --git a/secure_fw/partitions/internal_trusted_storage/flash/its_flash.h b/secure_fw/partitions/internal_trusted_storage/flash/its_flash.h
index de6a4bf..6ee1740 100644
--- a/secure_fw/partitions/internal_trusted_storage/flash/its_flash.h
+++ b/secure_fw/partitions/internal_trusted_storage/flash/its_flash.h
@@ -29,10 +29,10 @@
#define ITS_FLASH_ALIGNMENT 1
#endif
-#if (SST_FLASH_PROGRAM_UNIT <= 16)
-#define SST_FLASH_ALIGNMENT SST_FLASH_PROGRAM_UNIT
+#if (PS_FLASH_PROGRAM_UNIT <= 16)
+#define PS_FLASH_ALIGNMENT PS_FLASH_PROGRAM_UNIT
#else
-#define SST_FLASH_ALIGNMENT 1
+#define PS_FLASH_ALIGNMENT 1
#endif
/**
@@ -40,7 +40,7 @@
* by any flash device that can be accessed through this interface.
*/
#define ITS_FLASH_MAX_ALIGNMENT ITS_UTILS_MAX(ITS_FLASH_ALIGNMENT, \
- SST_FLASH_ALIGNMENT)
+ PS_FLASH_ALIGNMENT)
/**
* \brief Enumerates the available flash devices.
diff --git a/secure_fw/partitions/internal_trusted_storage/flash/its_flash_info_external.c b/secure_fw/partitions/internal_trusted_storage/flash/its_flash_info_external.c
index 03d2d2d..6b083c3 100644
--- a/secure_fw/partitions/internal_trusted_storage/flash/its_flash_info_external.c
+++ b/secure_fw/partitions/internal_trusted_storage/flash/its_flash_info_external.c
@@ -10,42 +10,42 @@
#include "Driver_Flash.h"
#include "flash_layout.h"
#include "its_utils.h"
-#include "sst_object_defs.h"
+#include "ps_object_defs.h"
-#ifndef SST_FLASH_DEV_NAME
-#error "SST_FLASH_DEV_NAME must be defined by the target in flash_layout.h"
+#ifndef PS_FLASH_DEV_NAME
+#error "PS_FLASH_DEV_NAME must be defined by the target in flash_layout.h"
#endif
-#ifndef SST_FLASH_AREA_ADDR
-#error "SST_FLASH_AREA_ADDR must be defined by the target in flash_layout.h"
+#ifndef PS_FLASH_AREA_ADDR
+#error "PS_FLASH_AREA_ADDR must be defined by the target in flash_layout.h"
#endif
/* Adjust to a size that will allow all assets to fit */
-#ifndef SST_FLASH_AREA_SIZE
-#error "SST_FLASH_AREA_SIZE must be defined by the target in flash_layout.h"
+#ifndef PS_FLASH_AREA_SIZE
+#error "PS_FLASH_AREA_SIZE must be defined by the target in flash_layout.h"
#endif
/* Adjust to match the size of the flash device's physical erase unit */
-#ifndef SST_SECTOR_SIZE
-#error "SST_SECTOR_SIZE must be defined by the target in flash_layout.h"
+#ifndef PS_SECTOR_SIZE
+#error "PS_SECTOR_SIZE must be defined by the target in flash_layout.h"
#endif
/* Adjust so that the maximum required asset size will fit in one block */
-#ifndef SST_SECTORS_PER_BLOCK
-#error "SST_SECTORS_PER_BLOCK must be defined by the target in flash_layout.h"
+#ifndef PS_SECTORS_PER_BLOCK
+#error "PS_SECTORS_PER_BLOCK must be defined by the target in flash_layout.h"
#endif
/* Adjust to match the size of the flash device's physical program unit */
-#ifndef SST_FLASH_PROGRAM_UNIT
-#error "SST_FLASH_PROGRAM_UNIT must be defined by the target in flash_layout.h"
-#elif (SST_FLASH_PROGRAM_UNIT < 1 || SST_FLASH_PROGRAM_UNIT > SST_SECTOR_SIZE)
-#error "SST_FLASH_PROGRAM_UNIT must be between 1 and SST_SECTOR_SIZE inclusive"
-#elif (SST_FLASH_PROGRAM_UNIT & (SST_FLASH_PROGRAM_UNIT - 1) != 0)
-#error "SST_FLASH_PROGRAM_UNIT must be a power of two"
+#ifndef PS_FLASH_PROGRAM_UNIT
+#error "PS_FLASH_PROGRAM_UNIT must be defined by the target in flash_layout.h"
+#elif (PS_FLASH_PROGRAM_UNIT < 1 || PS_FLASH_PROGRAM_UNIT > PS_SECTOR_SIZE)
+#error "PS_FLASH_PROGRAM_UNIT must be between 1 and PS_SECTOR_SIZE inclusive"
+#elif (PS_FLASH_PROGRAM_UNIT & (PS_FLASH_PROGRAM_UNIT - 1) != 0)
+#error "PS_FLASH_PROGRAM_UNIT must be a power of two"
#endif
/* Include the correct flash interface implementation */
-#ifdef SST_RAM_FS
+#ifdef PS_RAM_FS
#include "its_flash_ram.h"
#define FLASH_INFO_INIT its_flash_ram_init
#define FLASH_INFO_READ its_flash_ram_read
@@ -53,7 +53,7 @@
#define FLASH_INFO_FLUSH its_flash_ram_flush
#define FLASH_INFO_ERASE its_flash_ram_erase
-#elif (SST_FLASH_PROGRAM_UNIT <= 16)
+#elif (PS_FLASH_PROGRAM_UNIT <= 16)
#include "its_flash_nor.h"
#define FLASH_INFO_INIT its_flash_nor_init
#define FLASH_INFO_READ its_flash_nor_read
@@ -62,7 +62,7 @@
#define FLASH_INFO_ERASE its_flash_nor_erase
/* Require each file in the filesystem to be aligned to the program unit */
-#define SST_FLASH_ALIGNMENT SST_FLASH_PROGRAM_UNIT
+#define PS_FLASH_ALIGNMENT PS_FLASH_PROGRAM_UNIT
#else
#include "its_flash_nand.h"
@@ -75,31 +75,31 @@
/* The flash block is programmed in one shot, so no filesystem alignment is
* required.
*/
-#define SST_FLASH_ALIGNMENT 1
+#define PS_FLASH_ALIGNMENT 1
#endif
/* Calculate the block layout */
-#define FLASH_INFO_BLOCK_SIZE (SST_SECTOR_SIZE * SST_SECTORS_PER_BLOCK)
-#define FLASH_INFO_NUM_BLOCKS (SST_FLASH_AREA_SIZE / FLASH_INFO_BLOCK_SIZE)
+#define FLASH_INFO_BLOCK_SIZE (PS_SECTOR_SIZE * PS_SECTORS_PER_BLOCK)
+#define FLASH_INFO_NUM_BLOCKS (PS_FLASH_AREA_SIZE / FLASH_INFO_BLOCK_SIZE)
/* Maximum file size */
-#define FLASH_INFO_MAX_FILE_SIZE ITS_UTILS_ALIGN(SST_MAX_OBJECT_SIZE, \
- SST_FLASH_ALIGNMENT)
+#define FLASH_INFO_MAX_FILE_SIZE ITS_UTILS_ALIGN(PS_MAX_OBJECT_SIZE, \
+ PS_FLASH_ALIGNMENT)
/* Maximum number of files */
-#define FLASH_INFO_MAX_NUM_FILES SST_MAX_NUM_OBJECTS
+#define FLASH_INFO_MAX_NUM_FILES PS_MAX_NUM_OBJECTS
/* Default value of each byte in the flash when erased */
#define FLASH_INFO_ERASE_VAL 0xFFU
-#ifdef SST_RAM_FS
+#ifdef PS_RAM_FS
/* Allocate a static buffer to emulate storage in RAM */
-static uint8_t sst_block_data[FLASH_INFO_BLOCK_SIZE * FLASH_INFO_NUM_BLOCKS];
-#define FLASH_INFO_DEV sst_block_data
+static uint8_t ps_block_data[FLASH_INFO_BLOCK_SIZE * FLASH_INFO_NUM_BLOCKS];
+#define FLASH_INFO_DEV ps_block_data
#else
/* Import the CMSIS flash device driver */
-extern ARM_DRIVER_FLASH SST_FLASH_DEV_NAME;
-#define FLASH_INFO_DEV &SST_FLASH_DEV_NAME
+extern ARM_DRIVER_FLASH PS_FLASH_DEV_NAME;
+#define FLASH_INFO_DEV &PS_FLASH_DEV_NAME
#endif
const struct its_flash_info_t its_flash_info_external = {
@@ -109,11 +109,11 @@
.flush = FLASH_INFO_FLUSH,
.erase = FLASH_INFO_ERASE,
.flash_dev = (void *)FLASH_INFO_DEV,
- .flash_area_addr = SST_FLASH_AREA_ADDR,
- .sector_size = SST_SECTOR_SIZE,
+ .flash_area_addr = PS_FLASH_AREA_ADDR,
+ .sector_size = PS_SECTOR_SIZE,
.block_size = FLASH_INFO_BLOCK_SIZE,
.num_blocks = FLASH_INFO_NUM_BLOCKS,
- .program_unit = SST_FLASH_ALIGNMENT,
+ .program_unit = PS_FLASH_ALIGNMENT,
.max_file_size = FLASH_INFO_MAX_FILE_SIZE,
.max_num_files = FLASH_INFO_MAX_NUM_FILES,
.erase_val = FLASH_INFO_ERASE_VAL,
diff --git a/secure_fw/partitions/internal_trusted_storage/psa_manifest/tfm_internal_trusted_storage.h b/secure_fw/partitions/internal_trusted_storage/psa_manifest/tfm_internal_trusted_storage.h
index fc8f5d6..c8f7699 100644
--- a/secure_fw/partitions/internal_trusted_storage/psa_manifest/tfm_internal_trusted_storage.h
+++ b/secure_fw/partitions/internal_trusted_storage/psa_manifest/tfm_internal_trusted_storage.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
diff --git a/secure_fw/partitions/internal_trusted_storage/tfm_internal_trusted_storage.c b/secure_fw/partitions/internal_trusted_storage/tfm_internal_trusted_storage.c
index 6bcdb10..4b079ac 100644
--- a/secure_fw/partitions/internal_trusted_storage/tfm_internal_trusted_storage.c
+++ b/secure_fw/partitions/internal_trusted_storage/tfm_internal_trusted_storage.c
@@ -33,11 +33,11 @@
static struct its_file_info_t g_file_info;
static its_flash_fs_ctx_t fs_ctx_its;
-static its_flash_fs_ctx_t fs_ctx_sst;
+static its_flash_fs_ctx_t fs_ctx_ps;
static its_flash_fs_ctx_t *get_fs_ctx(int32_t client_id)
{
- return (client_id == TFM_SP_STORAGE) ? &fs_ctx_sst : &fs_ctx_its;
+ return (client_id == TFM_SP_PS) ? &fs_ctx_ps : &fs_ctx_its;
}
/**
@@ -89,35 +89,35 @@
}
#endif /* ITS_CREATE_FLASH_LAYOUT */
- /* Initialise the SST context */
- status = its_flash_fs_prepare(&fs_ctx_sst,
+ /* Initialise the PS context */
+ status = its_flash_fs_prepare(&fs_ctx_ps,
its_flash_get_info(ITS_FLASH_ID_EXTERNAL));
-#ifdef SST_CREATE_FLASH_LAYOUT
- /* If SST_CREATE_FLASH_LAYOUT is set, it indicates that it is required to
- * create a SST flash layout. SST service will generate an empty and valid
- * SST flash layout to store assets. It will erase all data located in the
- * assigned SST memory area before generating the SST layout.
- * This flag is required to be set if the SST memory area is located in
+#ifdef PS_CREATE_FLASH_LAYOUT
+ /* If PS_CREATE_FLASH_LAYOUT is set, it indicates that it is required to
+ * create a PS flash layout. PS service will generate an empty and valid
+ * PS flash layout to store assets. It will erase all data located in the
+ * assigned PS memory area before generating the PS layout.
+ * This flag is required to be set if the PS memory area is located in
* non-persistent memory.
- * This flag can be set if the SST memory area is located in persistent
- * memory without a previous valid SST flash layout in it. That is the case
- * when it is the first time in the device life that the SST service is
+ * This flag can be set if the PS memory area is located in persistent
+ * memory without a previous valid PS flash layout in it. That is the case
+ * when it is the first time in the device life that the PS service is
* executed.
*/
if (status != PSA_SUCCESS) {
- /* Remove all data in the SST memory area and create a valid SST flash
+ /* Remove all data in the PS memory area and create a valid PS flash
* layout in that area.
*/
- status = its_flash_fs_wipe_all(&fs_ctx_sst);
+ status = its_flash_fs_wipe_all(&fs_ctx_ps);
if (status != PSA_SUCCESS) {
return status;
}
/* Attempt to initialise again */
- status = its_flash_fs_prepare(&fs_ctx_sst,
+ status = its_flash_fs_prepare(&fs_ctx_ps,
its_flash_get_info(ITS_FLASH_ID_EXTERNAL));
}
-#endif /* SST_CREATE_FLASH_LAYOUT */
+#endif /* PS_CREATE_FLASH_LAYOUT */
return status;
}
@@ -219,12 +219,12 @@
psa_status_t status;
size_t read_size;
-#ifdef TFM_PARTITION_TEST_SST
- /* The SST test partiton can call tfm_its_get() through SST code. Treat it
- * as if it were SST.
+#ifdef TFM_PARTITION_TEST_PS
+ /* The PS test partition can call tfm_its_get() through PS code. Treat it
+ * as if it were PS.
*/
- if (client_id == TFM_SP_SST_TEST) {
- client_id = TFM_SP_STORAGE;
+ if (client_id == TFM_SP_PS_TEST) {
+ client_id = TFM_SP_PS;
}
#endif
@@ -312,12 +312,12 @@
{
psa_status_t status;
-#ifdef TFM_PARTITION_TEST_SST
- /* The SST test partiton can call tfm_its_remove() through SST code. Treat
- * it as if it were SST.
+#ifdef TFM_PARTITION_TEST_PS
+ /* The PS test partition can call tfm_its_remove() through PS code. Treat
+ * it as if it were PS.
*/
- if (client_id == TFM_SP_SST_TEST) {
- client_id = TFM_SP_STORAGE;
+ if (client_id == TFM_SP_PS_TEST) {
+ client_id = TFM_SP_PS;
}
#endif
diff --git a/secure_fw/partitions/internal_trusted_storage/tfm_its_req_mngr.c b/secure_fw/partitions/internal_trusted_storage/tfm_its_req_mngr.c
index 79f2b63..9506545 100644
--- a/secure_fw/partitions/internal_trusted_storage/tfm_its_req_mngr.c
+++ b/secure_fw/partitions/internal_trusted_storage/tfm_its_req_mngr.c
@@ -12,7 +12,7 @@
#include "psa/storage_common.h"
#include "tfm_internal_trusted_storage.h"
#include "its_utils.h"
-#include "sst_object_defs.h"
+#include "ps_object_defs.h"
#ifdef TFM_PSA_API
#include "psa/service.h"
diff --git a/secure_fw/partitions/manifestfilename.template b/secure_fw/partitions/manifestfilename.template
index eebbd6d..8d2f982 100644
--- a/secure_fw/partitions/manifestfilename.template
+++ b/secure_fw/partitions/manifestfilename.template
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
diff --git a/secure_fw/partitions/platform/platform_sp.c b/secure_fw/partitions/platform/platform_sp.c
index 4d53267..331bdb7 100644
--- a/secure_fw/partitions/platform/platform_sp.c
+++ b/secure_fw/partitions/platform/platform_sp.c
@@ -18,9 +18,9 @@
/* Access map using NVCOUNTER_IDX -> tfm_partition-id key-value pairs */
static const int32_t nv_counter_access_map[NV_COUNTER_MAP_SIZE] = {
- [PLAT_NV_COUNTER_0] = TFM_SP_STORAGE,
- [PLAT_NV_COUNTER_1] = TFM_SP_STORAGE,
- [PLAT_NV_COUNTER_2] = TFM_SP_STORAGE
+ [PLAT_NV_COUNTER_0] = TFM_SP_PS,
+ [PLAT_NV_COUNTER_1] = TFM_SP_PS,
+ [PLAT_NV_COUNTER_2] = TFM_SP_PS
};
#ifdef TFM_PSA_API
diff --git a/secure_fw/partitions/protected_storage/CMakeLists.inc b/secure_fw/partitions/protected_storage/CMakeLists.inc
new file mode 100644
index 0000000..de489f3
--- /dev/null
+++ b/secure_fw/partitions/protected_storage/CMakeLists.inc
@@ -0,0 +1,135 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2017-2020, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+#Definitions to compile the "protected_storage" module.
+#This file assumes it will be included from a project specific cmakefile, and
+#will not create a library or executable.
+#Inputs:
+# TFM_ROOT_DIR - root directory of the TF-M repository.
+#Outputs:
+# Will modify include directories to make the source compile.
+# ALL_SRC_C: C source files to be compiled will be added to this list. This shall be added to your add_executable or add_library command.
+# ALL_SRC_CXX: C++ source files to be compiled will be added to this list. This shall be added to your add_executable or add_library command.
+# ALL_SRC_ASM: assembly source files to be compiled will be added to this list. This shall be added to your add_executable or add_library command.
+# Include directories will be modified by using the include_directories() commands as needed.
+
+#Get the current directory where this file is located.
+set(PROTECTED_STORAGE_DIR ${CMAKE_CURRENT_LIST_DIR})
+
+#Check input variables
+if (NOT DEFINED TFM_ROOT_DIR)
+ message(FATAL_ERROR "Please set TFM_ROOT_DIR before including this file.")
+endif()
+
+if (NOT DEFINED PS_ENCRYPTION)
+ message(FATAL_ERROR "Incomplete build configuration: PS_ENCRYPTION is undefined. ")
+endif()
+
+if (NOT DEFINED PS_ROLLBACK_PROTECTION)
+ message(FATAL_ERROR "Incomplete build configuration: PS_ROLLBACK_PROTECTION is undefined.")
+endif()
+
+if (NOT DEFINED PS_CREATE_FLASH_LAYOUT)
+ message(FATAL_ERROR "Incomplete build configuration: PS_CREATE_FLASH_LAYOUT is undefined. ")
+endif()
+
+if (NOT DEFINED PS_VALIDATE_METADATA_FROM_FLASH)
+ message(FATAL_ERROR "Incomplete build configuration: PS_VALIDATE_METADATA_FROM_FLASH is undefined. ")
+endif()
+
+if (NOT DEFINED PS_RAM_FS)
+ message(FATAL_ERROR "Incomplete build configuration: PS_RAM_FS is undefined. ")
+endif()
+
+if (NOT DEFINED PS_TEST_NV_COUNTERS)
+ message(FATAL_ERROR "Incomplete build configuration: PS_TEST_NV_COUNTERS is undefined.")
+endif()
+
+set (PROTECTED_STORAGE_C_SRC
+ "${PROTECTED_STORAGE_DIR}/tfm_ps_secure_api.c"
+ "${PROTECTED_STORAGE_DIR}/tfm_ps_req_mngr.c"
+ "${PROTECTED_STORAGE_DIR}/tfm_protected_storage.c"
+ "${PROTECTED_STORAGE_DIR}/ps_object_system.c"
+ "${PROTECTED_STORAGE_DIR}/ps_object_table.c"
+ "${PROTECTED_STORAGE_DIR}/ps_utils.c"
+)
+
+if (PS_ENCRYPTION)
+ list(APPEND PROTECTED_STORAGE_C_SRC
+ "${PROTECTED_STORAGE_DIR}/crypto/ps_crypto_interface.c"
+ "${PROTECTED_STORAGE_DIR}/ps_encrypted_object.c"
+ )
+ set_property(SOURCE ${PROTECTED_STORAGE_C_SRC} APPEND PROPERTY COMPILE_DEFINITIONS PS_ENCRYPTION)
+
+ if (PS_ROLLBACK_PROTECTION)
+ # Only build the NV counters implementation if the PS_TEST_NV_COUNTERS
+ # flag is off. When this flag is on, a virtual implementation of the PS
+ # NV counters interface is used instead. Full documentation for this
+ # flag can be found in the PS Integration Guide.
+ if (NOT PS_TEST_NV_COUNTERS)
+ list(APPEND PROTECTED_STORAGE_C_SRC
+ "${PROTECTED_STORAGE_DIR}/nv_counters/ps_nv_counters.c")
+ endif()
+ set_property(SOURCE ${PROTECTED_STORAGE_C_SRC} APPEND PROPERTY COMPILE_DEFINITIONS PS_ROLLBACK_PROTECTION)
+ endif()
+endif()
+
+if (PS_VALIDATE_METADATA_FROM_FLASH)
+ set_property(SOURCE ${PROTECTED_STORAGE_C_SRC} APPEND PROPERTY COMPILE_DEFINITIONS PS_VALIDATE_METADATA_FROM_FLASH)
+endif()
+
+if (PS_CREATE_FLASH_LAYOUT)
+ set_property(SOURCE ${PROTECTED_STORAGE_C_SRC} APPEND PROPERTY COMPILE_DEFINITIONS PS_CREATE_FLASH_LAYOUT)
+endif()
+
+if (PS_RAM_FS)
+ set_property(SOURCE ${PROTECTED_STORAGE_C_SRC} APPEND PROPERTY COMPILE_DEFINITIONS PS_RAM_FS)
+endif()
+
+#Append all our source files to global lists.
+list(APPEND ALL_SRC_C ${PROTECTED_STORAGE_C_SRC})
+unset(PROTECTED_STORAGE_C_SRC)
+
+#Inform the user about PS service features selected based on the PS service cmake flags
+message("The PS service compile configuration is as follows:")
+message("- PS_ENCRYPTION: " ${PS_ENCRYPTION})
+if (PS_ENCRYPTION)
+ message("- PS_ROLLBACK_PROTECTION: " ${PS_ROLLBACK_PROTECTION})
+else()
+ message("- PS_ROLLBACK_PROTECTION: N/A")
+endif()
+message("- PS_VALIDATE_METADATA_FROM_FLASH: " ${PS_VALIDATE_METADATA_FROM_FLASH})
+message("- PS_CREATE_FLASH_LAYOUT: " ${PS_CREATE_FLASH_LAYOUT})
+message("- PS_RAM_FS: " ${PS_RAM_FS})
+message("- PS_TEST_NV_COUNTERS: " ${PS_TEST_NV_COUNTERS})
+
+#Setting include directories
+embedded_include_directories(PATH ${TFM_ROOT_DIR} ABSOLUTE)
+embedded_include_directories(PATH ${TFM_ROOT_DIR}/interface/include ABSOLUTE)
+embedded_include_directories(PATH ${TFM_ROOT_DIR}/secure_fw/spm ABSOLUTE)
+embedded_include_directories(PATH ${TFM_ROOT_DIR}/secure_fw/core/include ABSOLUTE)
+embedded_include_directories(PATH ${TFM_ROOT_DIR}/platform/ext/common ABSOLUTE)
+embedded_include_directories(PATH ${TFM_ROOT_DIR}/platform/ext/driver ABSOLUTE)
+set(BUILD_CMSIS_CORE Off)
+set(BUILD_RETARGET Off)
+set(BUILD_NATIVE_DRIVERS Off)
+set(BUILD_STARTUP Off)
+set(BUILD_TARGET_CFG Off)
+set(BUILD_TARGET_HARDWARE_KEYS Off)
+set(BUILD_TARGET_NV_COUNTERS Off)
+set(BUILD_CMSIS_DRIVERS Off)
+set(BUILD_TIME Off)
+set(BUILD_UART_STDOUT Off)
+set(BUILD_FLASH Off)
+set(BUILD_PLAT_TEST Off)
+if(NOT DEFINED PLATFORM_CMAKE_FILE)
+ message (FATAL_ERROR "Platform specific CMake is not defined. Please set PLATFORM_CMAKE_FILE.")
+elseif(NOT EXISTS ${PLATFORM_CMAKE_FILE})
+ message (FATAL_ERROR "Platform specific CMake \"${PLATFORM_CMAKE_FILE}\" file does not exist. Please fix value of PLATFORM_CMAKE_FILE.")
+else()
+ include(${PLATFORM_CMAKE_FILE})
+endif()
diff --git a/secure_fw/partitions/secure_storage/CMakeLists.txt b/secure_fw/partitions/protected_storage/CMakeLists.txt
similarity index 85%
rename from secure_fw/partitions/secure_storage/CMakeLists.txt
rename to secure_fw/partitions/protected_storage/CMakeLists.txt
index 94053f0..c376ce1 100644
--- a/secure_fw/partitions/secure_storage/CMakeLists.txt
+++ b/secure_fw/partitions/protected_storage/CMakeLists.txt
@@ -11,8 +11,8 @@
list(APPEND CMAKE_MODULE_PATH ${CMAKE_CURRENT_LIST_DIR}/../../../cmake)
###Some project global settings
-set (SECURE_STORAGE_DIR "${CMAKE_CURRENT_LIST_DIR}")
-get_filename_component(TFM_ROOT_DIR "${SECURE_STORAGE_DIR}/../../.." ABSOLUTE)
+set (PROTECTED_STORAGE_DIR "${CMAKE_CURRENT_LIST_DIR}")
+get_filename_component(TFM_ROOT_DIR "${PROTECTED_STORAGE_DIR}/../../.." ABSOLUTE)
#Include common stuff to control cmake.
include("Common/BuildSys")
@@ -29,7 +29,7 @@
message(FATAL_ERROR "Incomplete build configuration: TFM_LVL is undefined. ")
endif()
-# Specify what we build (for the secure storage service, build as a static library)
+# Specify what we build (for the protected storage service, build as a static library)
add_library(tfm_storage STATIC ${ALL_SRC_ASM} ${ALL_SRC_C})
#Set common compiler and linker flags
diff --git a/secure_fw/partitions/protected_storage/crypto/ps_crypto_interface.c b/secure_fw/partitions/protected_storage/crypto/ps_crypto_interface.c
new file mode 100644
index 0000000..28fc9c4
--- /dev/null
+++ b/secure_fw/partitions/protected_storage/crypto/ps_crypto_interface.c
@@ -0,0 +1,235 @@
+/*
+ * Copyright (c) 2017-2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "ps_crypto_interface.h"
+
+#include <stdbool.h>
+
+#include "tfm_crypto_defs.h"
+#include "psa/crypto.h"
+#include "tfm_memory_utils.h"
+
+/* The PSA key type used by this implementation */
+#define PS_KEY_TYPE PSA_KEY_TYPE_AES
+/* The PSA key usage required by this implementation */
+#define PS_KEY_USAGE (PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT)
+/* The PSA algorithm used by this implementation */
+#define PS_CRYPTO_ALG \
+ PSA_ALG_AEAD_WITH_TAG_LENGTH(PSA_ALG_GCM, PS_TAG_LEN_BYTES)
+
+static const uint8_t ps_key_label[] = "storage_key";
+static psa_key_handle_t ps_key_handle;
+static uint8_t ps_crypto_iv_buf[PS_IV_LEN_BYTES];
+
+psa_status_t ps_crypto_init(void)
+{
+ /* Currently, no initialisation is required. This may change if key
+ * handling is changed.
+ */
+ return PSA_SUCCESS;
+}
+
+psa_status_t ps_crypto_setkey(void)
+{
+ psa_status_t status;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_derivation_operation_t op = PSA_KEY_DERIVATION_OPERATION_INIT;
+
+ /* Set the key attributes for the storage key */
+ psa_set_key_usage_flags(&attributes, PS_KEY_USAGE);
+ psa_set_key_algorithm(&attributes, PS_CRYPTO_ALG);
+ psa_set_key_type(&attributes, PS_KEY_TYPE);
+ psa_set_key_bits(&attributes, PSA_BYTES_TO_BITS(PS_KEY_LEN_BYTES));
+
+ /* Set up a key derivation operation with HUK derivation as the alg */
+ status = psa_key_derivation_setup(&op, TFM_CRYPTO_ALG_HUK_DERIVATION);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+
+ /* Supply the PS key label as an input to the key derivation */
+ status = psa_key_derivation_input_bytes(&op, PSA_KEY_DERIVATION_INPUT_LABEL,
+ ps_key_label,
+ sizeof(ps_key_label));
+ if (status != PSA_SUCCESS) {
+ goto err_release_op;
+ }
+
+ /* Create the storage key from the key derivation operation */
+ status = psa_key_derivation_output_key(&attributes, &op, &ps_key_handle);
+ if (status != PSA_SUCCESS) {
+ goto err_release_op;
+ }
+
+ /* Free resources associated with the key derivation operation */
+ status = psa_key_derivation_abort(&op);
+ if (status != PSA_SUCCESS) {
+ goto err_release_key;
+ }
+
+ return PSA_SUCCESS;
+
+err_release_key:
+ (void)psa_destroy_key(ps_key_handle);
+
+err_release_op:
+ (void)psa_key_derivation_abort(&op);
+
+ return PSA_ERROR_GENERIC_ERROR;
+}
+
+psa_status_t ps_crypto_destroykey(void)
+{
+ psa_status_t status;
+
+ /* Destroy the transient key */
+ status = psa_destroy_key(ps_key_handle);
+ if (status != PSA_SUCCESS) {
+ return PSA_ERROR_GENERIC_ERROR;
+ }
+
+ return PSA_SUCCESS;
+}
+
+void ps_crypto_set_iv(const union ps_crypto_t *crypto)
+{
+ (void)tfm_memcpy(ps_crypto_iv_buf, crypto->ref.iv, PS_IV_LEN_BYTES);
+}
+
+void ps_crypto_get_iv(union ps_crypto_t *crypto)
+{
+ /* IV characteristic is algorithm dependent.
+ * For GCM it is essential that it doesn't get repeated.
+ * A simple increment will suffice.
+ * FIXME:
+ * Since IV is predictable in this case,
+ * If there is no rollback protection, an attacker could
+ * try to rollback the storage and encrypt another plaintext
+ * block with same IV/Key pair; this breaks GCM usage rules.
+ * One potential fix would be to generate IV through RNG
+ */
+
+ /* Logic:
+ * IV is a 12 byte value. Read the old value and increment it by 1.
+ * since there is no standard C support for 12 byte integer mathematics,
+ * the increment need to performed manually. Increment the lower 8byte
+ * as uint64_t value and then if the new value is 0, increment the upper
+ * 4 bytes as uint32_t
+ * Endian order doesn't really matter as objective is not to perform
+ * machine accurate increment operation but to generate a non-repetitive
+ * iv value.
+ */
+
+ uint64_t iv_l;
+ uint32_t iv_h;
+
+ (void)tfm_memcpy(&iv_l, ps_crypto_iv_buf, sizeof(iv_l));
+ (void)tfm_memcpy(&iv_h, (ps_crypto_iv_buf+sizeof(iv_l)), sizeof(iv_h));
+ iv_l++;
+ /* If overflow, increment the MSBs */
+ if (iv_l == 0) {
+ iv_h++;
+ }
+
+ /* Update the local buffer */
+ (void)tfm_memcpy(ps_crypto_iv_buf, &iv_l, sizeof(iv_l));
+ (void)tfm_memcpy((ps_crypto_iv_buf + sizeof(iv_l)), &iv_h, sizeof(iv_h));
+ /* Update the caller buffer */
+ (void)tfm_memcpy(crypto->ref.iv, ps_crypto_iv_buf, PS_IV_LEN_BYTES);
+}
+
+psa_status_t ps_crypto_encrypt_and_tag(union ps_crypto_t *crypto,
+ const uint8_t *add,
+ size_t add_len,
+ const uint8_t *in,
+ size_t in_len,
+ uint8_t *out,
+ size_t out_size,
+ size_t *out_len)
+{
+ psa_status_t status;
+
+ status = psa_aead_encrypt(ps_key_handle, PS_CRYPTO_ALG,
+ crypto->ref.iv, PS_IV_LEN_BYTES,
+ add, add_len,
+ in, in_len,
+ out, out_size, out_len);
+ if (status != PSA_SUCCESS) {
+ return PSA_ERROR_GENERIC_ERROR;
+ }
+
+ /* Copy the tag out of the output buffer */
+ *out_len -= PS_TAG_LEN_BYTES;
+ (void)tfm_memcpy(crypto->ref.tag, (out + *out_len), PS_TAG_LEN_BYTES);
+
+ return PSA_SUCCESS;
+}
+
+psa_status_t ps_crypto_auth_and_decrypt(const union ps_crypto_t *crypto,
+ const uint8_t *add,
+ size_t add_len,
+ uint8_t *in,
+ size_t in_len,
+ uint8_t *out,
+ size_t out_size,
+ size_t *out_len)
+{
+ psa_status_t status;
+
+ /* Copy the tag into the input buffer */
+ (void)tfm_memcpy((in + in_len), crypto->ref.tag, PS_TAG_LEN_BYTES);
+ in_len += PS_TAG_LEN_BYTES;
+
+ status = psa_aead_decrypt(ps_key_handle, PS_CRYPTO_ALG,
+ crypto->ref.iv, PS_IV_LEN_BYTES,
+ add, add_len,
+ in, in_len,
+ out, out_size, out_len);
+ if (status != PSA_SUCCESS) {
+ return PSA_ERROR_INVALID_SIGNATURE;
+ }
+
+ return PSA_SUCCESS;
+}
+
+psa_status_t ps_crypto_generate_auth_tag(union ps_crypto_t *crypto,
+ const uint8_t *add,
+ uint32_t add_len)
+{
+ psa_status_t status;
+ size_t out_len;
+
+ status = psa_aead_encrypt(ps_key_handle, PS_CRYPTO_ALG,
+ crypto->ref.iv, PS_IV_LEN_BYTES,
+ add, add_len,
+ 0, 0,
+ crypto->ref.tag, PS_TAG_LEN_BYTES, &out_len);
+ if (status != PSA_SUCCESS || out_len != PS_TAG_LEN_BYTES) {
+ return PSA_ERROR_GENERIC_ERROR;
+ }
+
+ return PSA_SUCCESS;
+}
+
+psa_status_t ps_crypto_authenticate(const union ps_crypto_t *crypto,
+ const uint8_t *add,
+ uint32_t add_len)
+{
+ psa_status_t status;
+ size_t out_len;
+
+ status = psa_aead_decrypt(ps_key_handle, PS_CRYPTO_ALG,
+ crypto->ref.iv, PS_IV_LEN_BYTES,
+ add, add_len,
+ crypto->ref.tag, PS_TAG_LEN_BYTES,
+ 0, 0, &out_len);
+ if (status != PSA_SUCCESS || out_len != 0) {
+ return PSA_ERROR_INVALID_SIGNATURE;
+ }
+
+ return PSA_SUCCESS;
+}
diff --git a/secure_fw/partitions/secure_storage/crypto/sst_crypto_interface.h b/secure_fw/partitions/protected_storage/crypto/ps_crypto_interface.h
similarity index 68%
rename from secure_fw/partitions/secure_storage/crypto/sst_crypto_interface.h
rename to secure_fw/partitions/protected_storage/crypto/ps_crypto_interface.h
index 7b10b55..2fda956 100644
--- a/secure_fw/partitions/secure_storage/crypto/sst_crypto_interface.h
+++ b/secure_fw/partitions/protected_storage/crypto/ps_crypto_interface.h
@@ -5,8 +5,8 @@
*
*/
-#ifndef __SST_CRYPTO_INTERFACE_H__
-#define __SST_CRYPTO_INTERFACE_H__
+#ifndef __PS_CRYPTO_INTERFACE_H__
+#define __PS_CRYPTO_INTERFACE_H__
#include <stddef.h>
#include <stdint.h>
@@ -17,18 +17,18 @@
extern "C" {
#endif
-#define SST_KEY_LEN_BYTES 16
-#define SST_TAG_LEN_BYTES 16
-#define SST_IV_LEN_BYTES 12
+#define PS_KEY_LEN_BYTES 16
+#define PS_TAG_LEN_BYTES 16
+#define PS_IV_LEN_BYTES 12
/* Union containing crypto policy implementations. The ref member provides the
* reference implementation. Further members can be added to the union to
* provide alternative implementations.
*/
-union sst_crypto_t {
+union ps_crypto_t {
struct {
- uint8_t tag[SST_TAG_LEN_BYTES]; /*!< MAC value of AEAD object */
- uint8_t iv[SST_IV_LEN_BYTES]; /*!< IV value of AEAD object */
+ uint8_t tag[PS_TAG_LEN_BYTES]; /*!< MAC value of AEAD object */
+ uint8_t iv[PS_IV_LEN_BYTES]; /*!< IV value of AEAD object */
} ref;
};
@@ -37,21 +37,21 @@
*
* \return Returns values as described in \ref psa_status_t
*/
-psa_status_t sst_crypto_init(void);
+psa_status_t ps_crypto_init(void);
/**
* \brief Sets the key to use for crypto operations for the current client.
*
* \return Returns values as described in \ref psa_status_t
*/
-psa_status_t sst_crypto_setkey(void);
+psa_status_t ps_crypto_setkey(void);
/**
* \brief Destroys the transient key used for crypto operations.
*
* \return Returns values as described in \ref psa_status_t
*/
-psa_status_t sst_crypto_destroykey(void);
+psa_status_t ps_crypto_destroykey(void);
/**
* \brief Encrypts and tags the given plaintext data.
@@ -67,14 +67,14 @@
*
* \return Returns values as described in \ref psa_status_t
*/
-psa_status_t sst_crypto_encrypt_and_tag(union sst_crypto_t *crypto,
- const uint8_t *add,
- size_t add_len,
- const uint8_t *in,
- size_t in_len,
- uint8_t *out,
- size_t out_size,
- size_t *out_len);
+psa_status_t ps_crypto_encrypt_and_tag(union ps_crypto_t *crypto,
+ const uint8_t *add,
+ size_t add_len,
+ const uint8_t *in,
+ size_t in_len,
+ uint8_t *out,
+ size_t out_size,
+ size_t *out_len);
/**
* \brief Decrypts and authenticates the given encrypted data.
@@ -90,14 +90,14 @@
*
* \return Returns values as described in \ref psa_status_t
*/
-psa_status_t sst_crypto_auth_and_decrypt(const union sst_crypto_t *crypto,
- const uint8_t *add,
- size_t add_len,
- uint8_t *in,
- size_t in_len,
- uint8_t *out,
- size_t out_size,
- size_t *out_len);
+psa_status_t ps_crypto_auth_and_decrypt(const union ps_crypto_t *crypto,
+ const uint8_t *add,
+ size_t add_len,
+ uint8_t *in,
+ size_t in_len,
+ uint8_t *out,
+ size_t out_size,
+ size_t *out_len);
/**
* \brief Generates authentication tag for given data.
@@ -108,9 +108,9 @@
*
* \return Returns values as described in \ref psa_status_t
*/
-psa_status_t sst_crypto_generate_auth_tag(union sst_crypto_t *crypto,
- const uint8_t *add,
- uint32_t add_len);
+psa_status_t ps_crypto_generate_auth_tag(union ps_crypto_t *crypto,
+ const uint8_t *add,
+ uint32_t add_len);
/**
* \brief Authenticate given data against the tag.
@@ -121,26 +121,26 @@
*
* \return Returns values as described in \ref psa_status_t
*/
-psa_status_t sst_crypto_authenticate(const union sst_crypto_t *crypto,
- const uint8_t *add,
- uint32_t add_len);
+psa_status_t ps_crypto_authenticate(const union ps_crypto_t *crypto,
+ const uint8_t *add,
+ uint32_t add_len);
/**
* \brief Provides current IV value to crypto layer.
*
* \param[in] crypto Pointer to the crypto union
*/
-void sst_crypto_set_iv(const union sst_crypto_t *crypto);
+void ps_crypto_set_iv(const union ps_crypto_t *crypto);
/**
* \brief Gets a new IV value into the crypto union.
*
* \param[out] crypto Pointer to the crypto union
*/
-void sst_crypto_get_iv(union sst_crypto_t *crypto);
+void ps_crypto_get_iv(union ps_crypto_t *crypto);
#ifdef __cplusplus
}
#endif
-#endif /* __SST_CRYPTO_INTERFACE_H__ */
+#endif /* __PS_CRYPTO_INTERFACE_H__ */
diff --git a/secure_fw/partitions/protected_storage/dir_protected_storage.dox b/secure_fw/partitions/protected_storage/dir_protected_storage.dox
new file mode 100644
index 0000000..8d4e9d1
--- /dev/null
+++ b/secure_fw/partitions/protected_storage/dir_protected_storage.dox
@@ -0,0 +1,17 @@
+/*
+ * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+//This file holds description for the current directory. This documentation
+//will be included in the Doxygen output.
+
+/*!
+\dir
+\brief Source code for the Protected Storage service.
+\details The protected storage service is responsible to hold sensitive
+information in a protected storage.
+
+*/
diff --git a/secure_fw/partitions/secure_storage/nv_counters/sst_nv_counters.c b/secure_fw/partitions/protected_storage/nv_counters/ps_nv_counters.c
similarity index 75%
rename from secure_fw/partitions/secure_storage/nv_counters/sst_nv_counters.c
rename to secure_fw/partitions/protected_storage/nv_counters/ps_nv_counters.c
index 276a40f..1c3a346 100644
--- a/secure_fw/partitions/secure_storage/nv_counters/sst_nv_counters.c
+++ b/secure_fw/partitions/protected_storage/nv_counters/ps_nv_counters.c
@@ -5,15 +5,15 @@
*
*/
-#include "sst_nv_counters.h"
+#include "ps_nv_counters.h"
#include "tfm_platform_api.h"
-psa_status_t sst_read_nv_counter(enum tfm_nv_counter_t counter_id,
- uint32_t *val)
+psa_status_t ps_read_nv_counter(enum tfm_nv_counter_t counter_id,
+ uint32_t *val)
{
enum tfm_platform_err_t err;
- err = tfm_platform_nv_counter_read(counter_id, SST_NV_COUNTER_SIZE,
+ err = tfm_platform_nv_counter_read(counter_id, PS_NV_COUNTER_SIZE,
(uint8_t *)val);
if (err != TFM_PLATFORM_ERR_SUCCESS) {
return PSA_ERROR_GENERIC_ERROR;
@@ -22,12 +22,12 @@
return PSA_SUCCESS;
}
-psa_status_t sst_increment_nv_counter(enum tfm_nv_counter_t counter_id)
+psa_status_t ps_increment_nv_counter(enum tfm_nv_counter_t counter_id)
{
enum tfm_platform_err_t err;
/* NOTE: tfm_plat_increment_nv_counter returns TFM_PLAT_ERR_MAX_VALUE when
- * the counter reaches its maximum value. The current SST
+ * the counter reaches its maximum value. The current PS
* implementation treats this condition as an error as, from that
* moment onwards, the rollback protection can not be achieved based
* on the NV counters.
diff --git a/secure_fw/partitions/secure_storage/nv_counters/sst_nv_counters.h b/secure_fw/partitions/protected_storage/nv_counters/ps_nv_counters.h
similarity index 61%
rename from secure_fw/partitions/secure_storage/nv_counters/sst_nv_counters.h
rename to secure_fw/partitions/protected_storage/nv_counters/ps_nv_counters.h
index 31b9afb..df32034 100644
--- a/secure_fw/partitions/secure_storage/nv_counters/sst_nv_counters.h
+++ b/secure_fw/partitions/protected_storage/nv_counters/ps_nv_counters.h
@@ -5,14 +5,14 @@
*
*/
-#ifndef __SST_NV_COUNTERS_H__
-#define __SST_NV_COUNTERS_H__
+#ifndef __PS_NV_COUNTERS_H__
+#define __PS_NV_COUNTERS_H__
-/* NOTE: This API abstracts SST NV counters operations. This API detaches the
+/* NOTE: This API abstracts PS NV counters operations. This API detaches the
* use of NV counters from the TF-M NV counters implementation, provided
* by the platform, and provides a mechanism to compile in a different
- * API implementation for test purposes. A SST test suite may provide
- * its own custom implementation to be able to test different SST service
+ * API implementation for test purposes. A PS test suite may provide
+ * its own custom implementation to be able to test different PS service
* use cases.
*/
@@ -20,11 +20,11 @@
#include "psa/protected_storage.h"
#include "tfm_plat_nv_counters.h"
-#define TFM_SST_NV_COUNTER_1 PLAT_NV_COUNTER_0
-#define TFM_SST_NV_COUNTER_2 PLAT_NV_COUNTER_1
-#define TFM_SST_NV_COUNTER_3 PLAT_NV_COUNTER_2
+#define TFM_PS_NV_COUNTER_1 PLAT_NV_COUNTER_0
+#define TFM_PS_NV_COUNTER_2 PLAT_NV_COUNTER_1
+#define TFM_PS_NV_COUNTER_3 PLAT_NV_COUNTER_2
-#define SST_NV_COUNTER_SIZE 4 /* In bytes */
+#define PS_NV_COUNTER_SIZE 4 /* In bytes */
#ifdef __cplusplus
extern "C" {
@@ -39,8 +39,8 @@
* \return PSA_SUCCESS if the value is read correctly, otherwise
* PSA_ERROR_GENERIC_ERROR
*/
-psa_status_t sst_read_nv_counter(enum tfm_nv_counter_t counter_id,
- uint32_t *val);
+psa_status_t ps_read_nv_counter(enum tfm_nv_counter_t counter_id,
+ uint32_t *val);
/**
* \brief Increments the given non-volatile (NV) counter.
@@ -50,10 +50,10 @@
* \return If the counter is incremented correctly, it returns
* PSA_SUCCESS. Otherwise, PSA_ERROR_GENERIC_ERROR.
*/
-psa_status_t sst_increment_nv_counter(enum tfm_nv_counter_t counter_id);
+psa_status_t ps_increment_nv_counter(enum tfm_nv_counter_t counter_id);
#ifdef __cplusplus
}
#endif
-#endif /* __SST_NV_COUNTERS_H__ */
+#endif /* __PS_NV_COUNTERS_H__ */
diff --git a/secure_fw/partitions/secure_storage/sst_encrypted_object.c b/secure_fw/partitions/protected_storage/ps_encrypted_object.c
similarity index 62%
rename from secure_fw/partitions/secure_storage/sst_encrypted_object.c
rename to secure_fw/partitions/protected_storage/ps_encrypted_object.c
index 0be7d3b..4e5a2f4 100644
--- a/secure_fw/partitions/secure_storage/sst_encrypted_object.c
+++ b/secure_fw/partitions/protected_storage/ps_encrypted_object.c
@@ -5,32 +5,32 @@
*
*/
-#include "sst_encrypted_object.h"
+#include "ps_encrypted_object.h"
#include <stddef.h>
-#include "crypto/sst_crypto_interface.h"
+#include "crypto/ps_crypto_interface.h"
#include "psa/internal_trusted_storage.h"
#include "tfm_memory_utils.h"
-#include "sst_object_defs.h"
-#include "sst_utils.h"
+#include "ps_object_defs.h"
+#include "ps_utils.h"
/* Gets the size of data to encrypt */
-#define SST_ENCRYPT_SIZE(plaintext_size) \
- ((plaintext_size) + SST_OBJECT_HEADER_SIZE - sizeof(union sst_crypto_t))
+#define PS_ENCRYPT_SIZE(plaintext_size) \
+ ((plaintext_size) + PS_OBJECT_HEADER_SIZE - sizeof(union ps_crypto_t))
-#define SST_OBJECT_START_POSITION 0
+#define PS_OBJECT_START_POSITION 0
/* Buffer to store the maximum encrypted object */
/* FIXME: Do partial encrypt/decrypt to reduce the size of internal buffer */
-#define SST_MAX_ENCRYPTED_OBJ_SIZE SST_ENCRYPT_SIZE(SST_MAX_OBJECT_DATA_SIZE)
+#define PS_MAX_ENCRYPTED_OBJ_SIZE PS_ENCRYPT_SIZE(PS_MAX_OBJECT_DATA_SIZE)
/* FIXME: add the tag length to the crypto buffer size to account for the tag
* being appended to the ciphertext by the crypto layer.
*/
-#define SST_CRYPTO_BUF_LEN (SST_MAX_ENCRYPTED_OBJ_SIZE + SST_TAG_LEN_BYTES)
+#define PS_CRYPTO_BUF_LEN (PS_MAX_ENCRYPTED_OBJ_SIZE + PS_TAG_LEN_BYTES)
-static uint8_t sst_crypto_buf[SST_CRYPTO_BUF_LEN];
+static uint8_t ps_crypto_buf[PS_CRYPTO_BUF_LEN];
/**
* \brief Performs authenticated decryption on object data, with the header as
@@ -45,40 +45,40 @@
*
* \return Returns error code as specified in \ref psa_status_t
*/
-static psa_status_t sst_object_auth_decrypt(uint32_t fid,
- uint32_t cur_size,
- struct sst_object_t *obj)
+static psa_status_t ps_object_auth_decrypt(uint32_t fid,
+ uint32_t cur_size,
+ struct ps_object_t *obj)
{
psa_status_t err;
uint8_t *p_obj_data = (uint8_t *)&obj->header.info;
size_t out_len;
- err = sst_crypto_setkey();
+ err = ps_crypto_setkey();
if (err != PSA_SUCCESS) {
return err;
}
- (void)tfm_memcpy(sst_crypto_buf, p_obj_data, cur_size);
+ (void)tfm_memcpy(ps_crypto_buf, p_obj_data, cur_size);
/* Use File ID as a part of the associated data to authenticate
* the object in the FS. The tag will be stored in the object table and
* not as a part of the object's data stored in the FS.
*/
- err = sst_crypto_auth_and_decrypt(&obj->header.crypto,
- (const uint8_t *)&fid,
- sizeof(fid),
- sst_crypto_buf,
- cur_size,
- p_obj_data,
- sizeof(*obj) - sizeof(obj->header.crypto),
- &out_len);
+ err = ps_crypto_auth_and_decrypt(&obj->header.crypto,
+ (const uint8_t *)&fid,
+ sizeof(fid),
+ ps_crypto_buf,
+ cur_size,
+ p_obj_data,
+ sizeof(*obj) - sizeof(obj->header.crypto),
+ &out_len);
if (err != PSA_SUCCESS || out_len != cur_size) {
- (void)sst_crypto_destroykey();
+ (void)ps_crypto_destroykey();
return PSA_ERROR_GENERIC_ERROR;
}
- return sst_crypto_destroykey();
+ return ps_crypto_destroykey();
}
/**
@@ -92,55 +92,55 @@
*
* \return Returns error code as specified in \ref psa_status_t
*/
-static psa_status_t sst_object_auth_encrypt(uint32_t fid,
- uint32_t cur_size,
- struct sst_object_t *obj)
+static psa_status_t ps_object_auth_encrypt(uint32_t fid,
+ uint32_t cur_size,
+ struct ps_object_t *obj)
{
psa_status_t err;
uint8_t *p_obj_data = (uint8_t *)&obj->header.info;
size_t out_len;
- err = sst_crypto_setkey();
+ err = ps_crypto_setkey();
if (err != PSA_SUCCESS) {
return err;
}
/* FIXME: should have an IV per object with key diversification */
/* Get a new IV for each encryption */
- sst_crypto_get_iv(&obj->header.crypto);
+ ps_crypto_get_iv(&obj->header.crypto);
/* Use File ID as a part of the associated data to authenticate
* the object in the FS. The tag will be stored in the object table and
* not as a part of the object's data stored in the FS.
*/
- err = sst_crypto_encrypt_and_tag(&obj->header.crypto,
- (const uint8_t *)&fid,
- sizeof(fid),
- p_obj_data,
- cur_size,
- sst_crypto_buf,
- sizeof(sst_crypto_buf),
- &out_len);
+ err = ps_crypto_encrypt_and_tag(&obj->header.crypto,
+ (const uint8_t *)&fid,
+ sizeof(fid),
+ p_obj_data,
+ cur_size,
+ ps_crypto_buf,
+ sizeof(ps_crypto_buf),
+ &out_len);
if (err != PSA_SUCCESS || out_len != cur_size) {
- (void)sst_crypto_destroykey();
+ (void)ps_crypto_destroykey();
return PSA_ERROR_GENERIC_ERROR;
}
- (void)tfm_memcpy(p_obj_data, sst_crypto_buf, cur_size);
+ (void)tfm_memcpy(p_obj_data, ps_crypto_buf, cur_size);
- return sst_crypto_destroykey();
+ return ps_crypto_destroykey();
}
-psa_status_t sst_encrypted_object_read(uint32_t fid, struct sst_object_t *obj)
+psa_status_t ps_encrypted_object_read(uint32_t fid, struct ps_object_t *obj)
{
psa_status_t err;
uint32_t decrypt_size;
size_t data_length;
/* Read the encrypted object from the the persistent area */
- err = psa_its_get(fid, SST_OBJECT_START_POSITION,
- SST_MAX_OBJECT_SIZE,
+ err = psa_its_get(fid, PS_OBJECT_START_POSITION,
+ PS_MAX_OBJECT_SIZE,
(void *)obj->header.crypto.ref.iv,
&data_length);
if (err != PSA_SUCCESS) {
@@ -151,7 +151,7 @@
decrypt_size = data_length - sizeof(obj->header.crypto.ref.iv);
/* Decrypt the object data */
- err = sst_object_auth_decrypt(fid, decrypt_size, obj);
+ err = ps_object_auth_decrypt(fid, decrypt_size, obj);
if (err != PSA_SUCCESS) {
return err;
}
@@ -159,15 +159,15 @@
return PSA_SUCCESS;
}
-psa_status_t sst_encrypted_object_write(uint32_t fid, struct sst_object_t *obj)
+psa_status_t ps_encrypted_object_write(uint32_t fid, struct ps_object_t *obj)
{
psa_status_t err;
uint32_t wrt_size;
- wrt_size = SST_ENCRYPT_SIZE(obj->header.info.current_size);
+ wrt_size = PS_ENCRYPT_SIZE(obj->header.info.current_size);
/* Authenticate and encrypt the object */
- err = sst_object_auth_encrypt(fid, wrt_size, obj);
+ err = ps_object_auth_encrypt(fid, wrt_size, obj);
if (err != PSA_SUCCESS) {
return err;
}
diff --git a/secure_fw/partitions/secure_storage/sst_encrypted_object.h b/secure_fw/partitions/protected_storage/ps_encrypted_object.h
similarity index 70%
rename from secure_fw/partitions/secure_storage/sst_encrypted_object.h
rename to secure_fw/partitions/protected_storage/ps_encrypted_object.h
index eed82af..1aa19a0 100644
--- a/secure_fw/partitions/secure_storage/sst_encrypted_object.h
+++ b/secure_fw/partitions/protected_storage/ps_encrypted_object.h
@@ -5,11 +5,11 @@
*
*/
-#ifndef __SST_ENCRYPTED_OBJECT_H__
-#define __SST_ENCRYPTED_OBJECT_H__
+#ifndef __PS_ENCRYPTED_OBJECT_H__
+#define __PS_ENCRYPTED_OBJECT_H__
#include <stdint.h>
-#include "sst_object_defs.h"
+#include "ps_object_defs.h"
#include "psa/protected_storage.h"
#ifdef __cplusplus
@@ -24,12 +24,12 @@
*
* \return Returns error code specified in \ref psa_status_t
*/
-psa_status_t sst_encrypted_object_read(uint32_t fid,
- struct sst_object_t *obj);
+psa_status_t ps_encrypted_object_read(uint32_t fid,
+ struct ps_object_t *obj);
/**
* \brief Creates and writes a new encrypted object based on the given
- * sst_object_t structure data.
+ * ps_object_t structure data.
*
* \param[in] fid File ID
* \param[in,out] obj Pointer to the object structure to write.
@@ -41,11 +41,11 @@
*
* \return Returns error code specified in \ref psa_status_t
*/
-psa_status_t sst_encrypted_object_write(uint32_t fid,
- struct sst_object_t *obj);
+psa_status_t ps_encrypted_object_write(uint32_t fid,
+ struct ps_object_t *obj);
#ifdef __cplusplus
}
#endif
-#endif /* __SST_ENCRYPTED_OBJECT_H__ */
+#endif /* __PS_ENCRYPTED_OBJECT_H__ */
diff --git a/secure_fw/partitions/protected_storage/ps_object_defs.h b/secure_fw/partitions/protected_storage/ps_object_defs.h
new file mode 100644
index 0000000..815c859
--- /dev/null
+++ b/secure_fw/partitions/protected_storage/ps_object_defs.h
@@ -0,0 +1,73 @@
+/*
+ * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __PS_OBJECT_DEFS_H__
+#define __PS_OBJECT_DEFS_H__
+
+#include <stdint.h>
+
+#include "flash_layout.h"
+#include "psa/protected_storage.h"
+
+#ifdef PS_ENCRYPTION
+#include "crypto/ps_crypto_interface.h"
+#endif
+
+/*!
+ * \struct ps_object_info_t
+ *
+ * \brief Object information.
+ */
+struct ps_object_info_t {
+ uint32_t current_size; /*!< Current size of the object content in bytes */
+ uint32_t max_size; /*!< Maximum size of the object content in bytes */
+ psa_storage_create_flags_t create_flags; /*!< Object creation flags */
+};
+
+/*!
+ * \struct ps_obj_header_t
+ *
+ * \brief Metadata attached as a header to object data before storage.
+ */
+struct ps_obj_header_t {
+#ifdef PS_ENCRYPTION
+ union ps_crypto_t crypto; /*!< Crypto metadata */
+#else
+ uint32_t version; /*!< Object version */
+ uint32_t fid; /*!< File ID */
+#endif
+ struct ps_object_info_t info; /*!< Object information */
+};
+
+
+#define PS_MAX_OBJECT_DATA_SIZE PS_MAX_ASSET_SIZE
+
+/*!
+ * \struct ps_object_t
+ *
+ * \brief The object to be written to the file system below. Made up of the
+ * object header and the object data.
+ */
+struct ps_object_t {
+ struct ps_obj_header_t header; /*!< Object header */
+ uint8_t data[PS_MAX_OBJECT_DATA_SIZE]; /*!< Object data */
+};
+
+
+#define PS_OBJECT_HEADER_SIZE sizeof(struct ps_obj_header_t)
+#define PS_MAX_OBJECT_SIZE sizeof(struct ps_object_t)
+
+/*!
+ * \def PS_MAX_NUM_OBJECTS
+ *
+ * \brief Specifies the maximum number of objects in the system, which is the
+ * number of defined assets, the object table and 2 temporary objects to
+ * store the temporary object table and temporary updated object.
+ */
+#define PS_MAX_NUM_OBJECTS (PS_NUM_ASSETS + 3)
+
+#endif /* __PS_OBJECT_DEFS_H__ */
diff --git a/secure_fw/partitions/protected_storage/ps_object_system.c b/secure_fw/partitions/protected_storage/ps_object_system.c
new file mode 100644
index 0000000..17724d3
--- /dev/null
+++ b/secure_fw/partitions/protected_storage/ps_object_system.c
@@ -0,0 +1,532 @@
+/*
+ * Copyright (c) 2017-2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "ps_object_system.h"
+
+#include <stddef.h>
+
+#include "cmsis_compiler.h"
+#include "psa/internal_trusted_storage.h"
+#include "tfm_memory_utils.h"
+#ifdef PS_ENCRYPTION
+#include "ps_encrypted_object.h"
+#endif
+#include "ps_object_defs.h"
+#include "ps_object_table.h"
+#include "ps_utils.h"
+#include "tfm_ps_req_mngr.h"
+
+#ifndef PS_ENCRYPTION
+/* Gets the size of object written to the object system below */
+#define PS_OBJECT_SIZE(max_size) (PS_OBJECT_HEADER_SIZE + (max_size))
+#define PS_OBJECT_START_POSITION 0
+#endif /* PS_ENCRYPTION */
+
+/* Allocate static variables to process objects */
+static struct ps_object_t g_ps_object;
+static struct ps_obj_table_info_t g_obj_tbl_info;
+
+/**
+ * \brief Initialize g_ps_object based on the input parameters and empty data.
+ *
+ * \param[in] create_flags Object create flags
+ * \param[in] size Object size
+ * \param[out] obj Object to initialize
+ *
+ */
+__attribute__ ((always_inline))
+__STATIC_INLINE void ps_init_empty_object(
+ psa_storage_create_flags_t create_flags,
+ uint32_t size,
+ struct ps_object_t *obj)
+{
+ /* Set all object data to 0 */
+ (void)tfm_memset(obj, PS_DEFAULT_EMPTY_BUFF_VAL, PS_MAX_OBJECT_SIZE);
+
+#ifndef PS_ENCRYPTION
+ /* Initialize object version */
+ obj->header.version = 0;
+#endif
+
+ /* Set object header based on input parameters */
+ obj->header.info.max_size = size;
+ obj->header.info.create_flags = create_flags;
+}
+
+/**
+ * \brief Removes the old object table and object from the file system.
+ *
+ * \param[in] old_fid Old file ID to remove.
+ *
+ * \return Returns error code as specified in \ref psa_status_t
+ */
+static psa_status_t ps_remove_old_data(uint32_t old_fid)
+{
+ psa_status_t err;
+
+ /* Delete old object table from the persistent area */
+ err = ps_object_table_delete_old_table();
+ if (err != PSA_SUCCESS) {
+ return err;
+ }
+
+ /* Delete old file from the persistent area */
+ return psa_its_remove(old_fid);
+}
+
+#ifndef PS_ENCRYPTION
+enum read_type_t {
+ READ_HEADER_ONLY = 0,
+ READ_ALL_OBJECT,
+};
+
+/**
+ * \brief Reads and validates an object header based on its object table info
+ * stored in g_obj_tbl_info.
+ *
+ * \param[in] type Read type as specified in \ref read_type_t
+ *
+ * \return Returns error code as specified in \ref psa_status_t
+ */
+static psa_status_t ps_read_object(enum read_type_t type)
+{
+ psa_status_t err;
+ size_t data_length;
+
+ /* Read object header */
+ err = psa_its_get(g_obj_tbl_info.fid,
+ PS_OBJECT_START_POSITION,
+ PS_OBJECT_HEADER_SIZE,
+ (void *)&g_ps_object.header,
+ &data_length);
+ if (err != PSA_SUCCESS) {
+ return err;
+ }
+
+ /* As PS encryption support is not enabled, check file ID and version to
+ * detect inconsistency after read the object header from flash.
+ */
+ if (g_ps_object.header.fid != g_obj_tbl_info.fid ||
+ g_ps_object.header.version != g_obj_tbl_info.version) {
+ return PSA_PS_ERROR_DATA_CORRUPT;
+ }
+
+ /* Read object data if any */
+ if (type == READ_ALL_OBJECT && g_ps_object.header.info.current_size > 0) {
+ err = psa_its_get(g_obj_tbl_info.fid,
+ PS_OBJECT_HEADER_SIZE,
+ g_ps_object.header.info.current_size,
+ (void *)g_ps_object.data,
+ &data_length);
+ if (err != PSA_SUCCESS) {
+ return err;
+ }
+ }
+
+ return PSA_SUCCESS;
+}
+
+/**
+ * \brief Writes an object based on its object table info stored in
+ * g_obj_tbl_info and the input parameter.
+ *
+ * \param[in] wrt_size Number of bytes to write
+ *
+ * \return Returns error code as specified in \ref psa_status_t
+ */
+static psa_status_t ps_write_object(uint32_t wrt_size)
+{
+ /* Add object identification and increase object version */
+ g_ps_object.header.fid = g_obj_tbl_info.fid;
+ g_ps_object.header.version++;
+
+ /* Save object version to be stored in the object table */
+ g_obj_tbl_info.version = g_ps_object.header.version;
+
+ return psa_its_set(g_obj_tbl_info.fid, wrt_size,
+ (const void *)&g_ps_object,
+ PSA_STORAGE_FLAG_NONE);
+}
+
+#endif /* !PS_ENCRYPTION */
+
+psa_status_t ps_system_prepare(void)
+{
+ psa_status_t err;
+
+ /* Reuse the allocated g_ps_object.data to store a temporary object table
+ * data to be validate inside the function.
+ * The stored date will be cleaned up when the g_ps_object.data will
+ * be used for the first time in the object system.
+ */
+ err = ps_object_table_init(g_ps_object.data);
+
+#ifdef PS_ENCRYPTION
+ g_obj_tbl_info.tag = g_ps_object.header.crypto.ref.tag;
+#endif
+
+ return err;
+}
+
+psa_status_t ps_object_read(psa_storage_uid_t uid, int32_t client_id,
+ uint32_t offset, uint32_t size,
+ size_t *p_data_length)
+{
+ psa_status_t err;
+
+ /* Retrieve the object information from the object table if the object
+ * exists.
+ */
+ err = ps_object_table_get_obj_tbl_info(uid, client_id, &g_obj_tbl_info);
+ if (err != PSA_SUCCESS) {
+ return err;
+ }
+
+ /* Read object */
+#ifdef PS_ENCRYPTION
+ err = ps_encrypted_object_read(g_obj_tbl_info.fid, &g_ps_object);
+#else
+ /* Read object header */
+ err = ps_read_object(READ_ALL_OBJECT);
+#endif
+ if (err != PSA_SUCCESS) {
+ goto clear_data_and_return;
+ }
+
+ /* Boundary check the incoming request */
+ if (offset > g_ps_object.header.info.current_size) {
+ err = PSA_ERROR_INVALID_ARGUMENT;
+ goto clear_data_and_return;
+ }
+
+ size = PS_UTILS_MIN(size,
+ g_ps_object.header.info.current_size - offset);
+
+ /* Copy the decrypted object data to the output buffer */
+ ps_req_mngr_write_asset_data(g_ps_object.data + offset, size);
+
+ *p_data_length = size;
+
+clear_data_and_return:
+ /* Remove data stored in the object before leaving the function */
+ (void)tfm_memset(&g_ps_object, PS_DEFAULT_EMPTY_BUFF_VAL,
+ PS_MAX_OBJECT_SIZE);
+
+ return err;
+}
+
+psa_status_t ps_object_create(psa_storage_uid_t uid, int32_t client_id,
+ psa_storage_create_flags_t create_flags,
+ uint32_t size)
+{
+ psa_status_t err;
+ uint32_t old_fid = PS_INVALID_FID;
+ uint32_t fid_am_reserved = 1;
+
+#ifndef PS_ENCRYPTION
+ uint32_t wrt_size;
+#endif
+
+ /* Boundary check the incoming request */
+ if (size > PS_MAX_ASSET_SIZE) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+
+ /* Retrieve the object information from the object table if the object
+ * exists.
+ */
+ err = ps_object_table_get_obj_tbl_info(uid, client_id, &g_obj_tbl_info);
+ if (err == PSA_SUCCESS) {
+#ifdef PS_ENCRYPTION
+ /* Read the object */
+ err = ps_encrypted_object_read(g_obj_tbl_info.fid, &g_ps_object);
+#else
+ /* Read the object header */
+ err = ps_read_object(READ_HEADER_ONLY);
+#endif
+ if (err != PSA_SUCCESS) {
+ goto clear_data_and_return;
+ }
+
+ /* If the object exists and has the write once flag set, then it cannot
+ * be modified.
+ */
+ if (g_ps_object.header.info.create_flags
+ & PSA_STORAGE_FLAG_WRITE_ONCE) {
+ err = PSA_ERROR_NOT_PERMITTED;
+ goto clear_data_and_return;
+ }
+
+ /* Update the create flags and max object size */
+ g_ps_object.header.info.create_flags = create_flags;
+ g_ps_object.header.info.max_size = size;
+
+ /* Save old file ID */
+ old_fid = g_obj_tbl_info.fid;
+ } else if (err == PSA_ERROR_DOES_NOT_EXIST) {
+ /* If the object does not exist, then initialize it based on the input
+ * arguments and empty content. Requests 2 FIDs to prevent exhaustion.
+ */
+ fid_am_reserved = 2;
+ ps_init_empty_object(create_flags, size, &g_ps_object);
+ } else {
+ goto clear_data_and_return;
+ }
+
+ /* Update the object data */
+ err = ps_req_mngr_read_asset_data(g_ps_object.data, size);
+ if (err != PSA_SUCCESS) {
+ goto clear_data_and_return;
+ }
+
+ /* Update the current object size */
+ g_ps_object.header.info.current_size = size;
+
+ /* Get new file ID */
+ err = ps_object_table_get_free_fid(fid_am_reserved,
+ &g_obj_tbl_info.fid);
+ if (err != PSA_SUCCESS) {
+ goto clear_data_and_return;
+ }
+
+#ifdef PS_ENCRYPTION
+ err = ps_encrypted_object_write(g_obj_tbl_info.fid, &g_ps_object);
+#else
+ wrt_size = PS_OBJECT_SIZE(g_ps_object.header.info.current_size);
+
+ /* Write g_ps_object */
+ err = ps_write_object(wrt_size);
+#endif
+ if (err != PSA_SUCCESS) {
+ goto clear_data_and_return;
+ }
+
+ /* Update the table with the new internal ID and version for the object, and
+ * store it in the persistent area.
+ */
+ err = ps_object_table_set_obj_tbl_info(uid, client_id, &g_obj_tbl_info);
+ if (err != PSA_SUCCESS) {
+ /* Remove new object as object table is not persistent and propagate
+ * object table manipulation error.
+ */
+ (void)psa_its_remove(g_obj_tbl_info.fid);
+
+ goto clear_data_and_return;
+ }
+
+ if (old_fid == PS_INVALID_FID) {
+ /* Delete old object table from the persistent area */
+ err = ps_object_table_delete_old_table();
+ } else {
+ /* Remove old object and delete old object table */
+ err = ps_remove_old_data(old_fid);
+ }
+
+clear_data_and_return:
+ /* Remove data stored in the object before leaving the function */
+ (void)tfm_memset(&g_ps_object, PS_DEFAULT_EMPTY_BUFF_VAL,
+ PS_MAX_OBJECT_SIZE);
+
+ return err;
+}
+
+psa_status_t ps_object_write(psa_storage_uid_t uid, int32_t client_id,
+ uint32_t offset, uint32_t size)
+{
+ psa_status_t err;
+ uint32_t old_fid;
+
+#ifndef PS_ENCRYPTION
+ uint32_t wrt_size;
+#endif
+
+ /* Retrieve the object information from the object table if the object
+ * exists.
+ */
+ err = ps_object_table_get_obj_tbl_info(uid, client_id, &g_obj_tbl_info);
+ if (err != PSA_SUCCESS) {
+ return err;
+ }
+
+ /* Read the object */
+#ifdef PS_ENCRYPTION
+ err = ps_encrypted_object_read(g_obj_tbl_info.fid, &g_ps_object);
+#else
+ err = ps_read_object(READ_ALL_OBJECT);
+#endif
+ if (err != PSA_SUCCESS) {
+ goto clear_data_and_return;
+ }
+
+ /* If the object has the write once flag set, then it cannot be modified. */
+ if (g_ps_object.header.info.create_flags & PSA_STORAGE_FLAG_WRITE_ONCE) {
+ err = PSA_ERROR_NOT_PERMITTED;
+ goto clear_data_and_return;
+ }
+
+ /* Offset must not be larger than the object's current size to prevent gaps
+ * being created in the object data.
+ */
+ if (offset > g_ps_object.header.info.current_size) {
+ err = PSA_ERROR_INVALID_ARGUMENT;
+ goto clear_data_and_return;
+ }
+
+ /* Boundary check the incoming request */
+ err = ps_utils_check_contained_in(g_ps_object.header.info.max_size,
+ offset, size);
+ if (err != PSA_SUCCESS) {
+ goto clear_data_and_return;
+ }
+
+ /* Update the object data */
+ err = ps_req_mngr_read_asset_data(g_ps_object.data + offset, size);
+ if (err != PSA_SUCCESS) {
+ goto clear_data_and_return;
+ }
+
+ /* Update the current object size if necessary */
+ if ((offset + size) > g_ps_object.header.info.current_size) {
+ g_ps_object.header.info.current_size = offset + size;
+ }
+
+ /* Save old file ID */
+ old_fid = g_obj_tbl_info.fid;
+
+ /* Get new file ID */
+ err = ps_object_table_get_free_fid(1, &g_obj_tbl_info.fid);
+ if (err != PSA_SUCCESS) {
+ goto clear_data_and_return;
+ }
+
+#ifdef PS_ENCRYPTION
+ err = ps_encrypted_object_write(g_obj_tbl_info.fid, &g_ps_object);
+#else
+ wrt_size = PS_OBJECT_SIZE(g_ps_object.header.info.current_size);
+
+ /* Write g_ps_object */
+ err = ps_write_object(wrt_size);
+#endif
+ if (err != PSA_SUCCESS) {
+ goto clear_data_and_return;
+ }
+
+ /* Update the table with the new internal ID and version for the object, and
+ * store it in the persistent area.
+ */
+ err = ps_object_table_set_obj_tbl_info(uid, client_id, &g_obj_tbl_info);
+ if (err != PSA_SUCCESS) {
+ /* Remove new object as object table is not persistent and propagate
+ * object table manipulation error.
+ */
+ (void)psa_its_remove(g_obj_tbl_info.fid);
+
+ goto clear_data_and_return;
+ }
+
+ /* Remove old object table and object */
+ err = ps_remove_old_data(old_fid);
+
+clear_data_and_return:
+ /* Remove data stored in the object before leaving the function */
+ (void)tfm_memset(&g_ps_object, PS_DEFAULT_EMPTY_BUFF_VAL,
+ PS_MAX_OBJECT_SIZE);
+
+ return err;
+}
+
+psa_status_t ps_object_get_info(psa_storage_uid_t uid, int32_t client_id,
+ struct psa_storage_info_t *info)
+{
+ psa_status_t err;
+
+ /* Retrieve the object information from the object table if the object
+ * exists.
+ */
+ err = ps_object_table_get_obj_tbl_info(uid, client_id, &g_obj_tbl_info);
+ if (err != PSA_SUCCESS) {
+ return err;
+ }
+
+#ifdef PS_ENCRYPTION
+ err = ps_encrypted_object_read(g_obj_tbl_info.fid, &g_ps_object);
+#else
+ err = ps_read_object(READ_HEADER_ONLY);
+#endif
+ if (err != PSA_SUCCESS) {
+ goto clear_data_and_return;
+ }
+
+ /* Copy PS object info to the PSA PS info struct */
+ info->size = g_ps_object.header.info.current_size;
+ info->flags = g_ps_object.header.info.create_flags;
+
+clear_data_and_return:
+ /* Remove data stored in the object before leaving the function */
+ (void)tfm_memset(&g_ps_object, PS_DEFAULT_EMPTY_BUFF_VAL,
+ PS_MAX_OBJECT_SIZE);
+
+ return err;
+}
+
+psa_status_t ps_object_delete(psa_storage_uid_t uid, int32_t client_id)
+{
+ psa_status_t err;
+
+ /* Retrieve the object information from the object table if the object
+ * exists.
+ */
+ err = ps_object_table_get_obj_tbl_info(uid, client_id, &g_obj_tbl_info);
+ if (err != PSA_SUCCESS) {
+ return err;
+ }
+
+#ifdef PS_ENCRYPTION
+ err = ps_encrypted_object_read(g_obj_tbl_info.fid, &g_ps_object);
+#else
+ err = ps_read_object(READ_HEADER_ONLY);
+#endif
+ if (err != PSA_SUCCESS) {
+ goto clear_data_and_return;
+ }
+
+ /* Check that the write once flag is not set */
+ if (g_ps_object.header.info.create_flags & PSA_STORAGE_FLAG_WRITE_ONCE) {
+ err = PSA_ERROR_NOT_PERMITTED;
+ goto clear_data_and_return;
+ }
+
+ /* Delete object from the table and stores the table in the persistent
+ * area.
+ */
+ err = ps_object_table_delete_object(uid, client_id);
+ if (err != PSA_SUCCESS) {
+ goto clear_data_and_return;
+ }
+
+ /* Remove old object table and file */
+ err = ps_remove_old_data(g_obj_tbl_info.fid);
+
+clear_data_and_return:
+ /* Remove data stored in the object before leaving the function */
+ (void)tfm_memset(&g_ps_object, PS_DEFAULT_EMPTY_BUFF_VAL,
+ PS_MAX_OBJECT_SIZE);
+
+ return err;
+}
+
+psa_status_t ps_system_wipe_all(void)
+{
+ /* This function may get called as a corrective action
+ * if a system level security violation is detected.
+ * This could be asynchronous to normal system operation
+ * and state of the ps system lock is unknown. Hence
+ * this function doesn't block on the lock and directly
+ * moves to erasing the flash instead.
+ */
+ return ps_object_table_create();
+}
diff --git a/secure_fw/partitions/secure_storage/sst_object_system.h b/secure_fw/partitions/protected_storage/ps_object_system.h
similarity index 71%
rename from secure_fw/partitions/secure_storage/sst_object_system.h
rename to secure_fw/partitions/protected_storage/ps_object_system.h
index 75702c3..567b6a3 100644
--- a/secure_fw/partitions/secure_storage/sst_object_system.h
+++ b/secure_fw/partitions/protected_storage/ps_object_system.h
@@ -5,8 +5,8 @@
*
*/
-#ifndef __SST_OBJECT_SYSTEM_H__
-#define __SST_OBJECT_SYSTEM_H__
+#ifndef __PS_OBJECT_SYSTEM_H__
+#define __PS_OBJECT_SYSTEM_H__
#include <stdint.h>
@@ -17,13 +17,13 @@
#endif
/**
- * \brief Prepares the secure storage system for usage, populating internal
+ * \brief Prepares the protected storage system for usage, populating internal
* structures.
* It identifies and validates the system metadata.
*
* \return Returns error code specified in \ref psa_status_t
*/
-psa_status_t sst_system_prepare(void);
+psa_status_t ps_system_prepare(void);
/**
* \brief Creates a new object with the provided UID and client ID.
@@ -35,9 +35,9 @@
*
* \return Returns error code specified in \ref psa_status_t
*/
-psa_status_t sst_object_create(psa_storage_uid_t uid, int32_t client_id,
- psa_storage_create_flags_t create_flags,
- uint32_t size);
+psa_status_t ps_object_create(psa_storage_uid_t uid, int32_t client_id,
+ psa_storage_create_flags_t create_flags,
+ uint32_t size);
/**
* \brief Gets the data of the object with the provided UID and client ID.
@@ -51,9 +51,9 @@
*
* \return Returns error code specified in \ref psa_status_t
*/
-psa_status_t sst_object_read(psa_storage_uid_t uid, int32_t client_id,
- uint32_t offset, uint32_t size,
- size_t *p_data_length);
+psa_status_t ps_object_read(psa_storage_uid_t uid, int32_t client_id,
+ uint32_t offset, uint32_t size,
+ size_t *p_data_length);
/**
* \brief Writes data into the object with the provided UID and client ID.
@@ -65,8 +65,8 @@
*
* \return Returns error code specified in \ref psa_status_t
*/
-psa_status_t sst_object_write(psa_storage_uid_t uid, int32_t client_id,
- uint32_t offset, uint32_t size);
+psa_status_t ps_object_write(psa_storage_uid_t uid, int32_t client_id,
+ uint32_t offset, uint32_t size);
/**
* \brief Deletes the object with the provided UID and client ID.
@@ -76,7 +76,7 @@
*
* \return Returns error code specified in \ref psa_status_t
*/
-psa_status_t sst_object_delete(psa_storage_uid_t uid, int32_t client_id);
+psa_status_t ps_object_delete(psa_storage_uid_t uid, int32_t client_id);
/**
* \brief Gets the asset information for the object with the provided UID and
@@ -89,18 +89,18 @@
*
* \return Returns error code specified in \ref psa_status_t
*/
-psa_status_t sst_object_get_info(psa_storage_uid_t uid, int32_t client_id,
- struct psa_storage_info_t *info);
+psa_status_t ps_object_get_info(psa_storage_uid_t uid, int32_t client_id,
+ struct psa_storage_info_t *info);
/**
- * \brief Wipes the secure storage system and all object data.
+ * \brief Wipes the protected storage system and all object data.
*
* \return Returns error code specified in \ref psa_status_t
*/
-psa_status_t sst_system_wipe_all(void);
+psa_status_t ps_system_wipe_all(void);
#ifdef __cplusplus
}
#endif
-#endif /* __SST_OBJECT_SYSTEM_H__ */
+#endif /* __PS_OBJECT_SYSTEM_H__ */
diff --git a/secure_fw/partitions/protected_storage/ps_object_table.c b/secure_fw/partitions/protected_storage/ps_object_table.c
new file mode 100644
index 0000000..7bad2e3
--- /dev/null
+++ b/secure_fw/partitions/protected_storage/ps_object_table.c
@@ -0,0 +1,1061 @@
+/*
+ * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "ps_object_table.h"
+
+#include <stddef.h>
+
+#include "cmsis_compiler.h"
+#include "crypto/ps_crypto_interface.h"
+#include "flash_layout.h"
+#include "nv_counters/ps_nv_counters.h"
+#include "psa/internal_trusted_storage.h"
+#include "tfm_memory_utils.h"
+#include "ps_utils.h"
+#include "tfm_ps_defs.h"
+
+/* FIXME: Duplicated from flash info */
+#define PS_FLASH_DEFAULT_VAL 0xFFU
+
+/*!
+ * \def PS_OBJECT_SYSTEM_VERSION
+ *
+ * \brief Current object system version.
+ */
+#define PS_OBJECT_SYSTEM_VERSION 0x01
+
+/*!
+ * \struct ps_obj_table_info_t
+ *
+ * \brief Object table information structure.
+ */
+struct ps_obj_table_entry_t {
+#ifdef PS_ENCRYPTION
+ uint8_t tag[PS_TAG_LEN_BYTES]; /*!< MAC value of AEAD object */
+#else
+ uint32_t version; /*!< File version */
+#endif
+ psa_storage_uid_t uid; /*!< Object UID */
+ int32_t client_id; /*!< Client ID */
+};
+
+/* Specifies number of entries in the table. The number of entries is the
+ * number of assets, defined in asset_defs.h, plus one extra entry to store
+ * a new object when the code processes a change in a file.
+ */
+#define PS_OBJ_TABLE_ENTRIES (PS_NUM_ASSETS + 1)
+
+/*!
+ * \struct ps_obj_table_t
+ *
+ * \brief Object table structure.
+ */
+struct ps_obj_table_t {
+#ifdef PS_ENCRYPTION
+ union ps_crypto_t crypto; /*!< Crypto metadata. */
+#endif
+
+ uint8_t version; /*!< PS object system version. */
+
+#ifndef PS_ROLLBACK_PROTECTION
+ uint8_t swap_count; /*!< Swap counter to distinguish 2 different
+ * object tables.
+ */
+#endif /* PS_ROLLBACK_PROTECTION */
+
+ struct ps_obj_table_entry_t obj_db[PS_OBJ_TABLE_ENTRIES]; /*!< Table's
+ * entries
+ */
+};
+
+/* Object table indexes */
+#define PS_OBJ_TABLE_IDX_0 0
+#define PS_OBJ_TABLE_IDX_1 1
+
+/* Number of object tables (active and scratch) */
+#define PS_NUM_OBJ_TABLES 2
+
+/*!
+ * \def PS_TABLE_FS_ID
+ *
+ * \brief File ID to be used in order to store the object table in the
+ * file system.
+ *
+ * \param[in] idx Table index to convert into a file ID.
+ *
+ * \return Returns file ID
+ *
+ */
+#define PS_TABLE_FS_ID(idx) (idx + 1)
+
+/*!
+ * \def PS_OBJECT_FS_ID
+ *
+ * \brief File ID to be used in order to store an object in the
+ * file system.
+ *
+ * \param[in] idx Object table index to convert into a file ID.
+ *
+ * \return Returns file ID
+ */
+#define PS_OBJECT_FS_ID(idx) ((idx + 1) + \
+ PS_TABLE_FS_ID(PS_OBJ_TABLE_IDX_1))
+
+/*!
+ * \def PS_OBJECT_FS_ID_TO_IDX
+ *
+ * \brief Gets object index in the table based on the file ID.
+ *
+ * \param[in] fid File ID of an object in the object table
+ *
+ * \return Returns object table index
+ */
+#define PS_OBJECT_FS_ID_TO_IDX(fid) ((fid - 1) - \
+ PS_TABLE_FS_ID(PS_OBJ_TABLE_IDX_1))
+
+/*!
+ * \struct ps_obj_table_ctx_t
+ *
+ * \brief Object table context structure.
+ */
+struct ps_obj_table_ctx_t {
+ struct ps_obj_table_t obj_table; /*!< Object tables */
+ uint8_t active_table; /*!< Active object table */
+ uint8_t scratch_table; /*!< Scratch object table */
+};
+
+/* Object table context */
+static struct ps_obj_table_ctx_t ps_obj_table_ctx;
+
+/* Object table size */
+#define PS_OBJ_TABLE_SIZE sizeof(struct ps_obj_table_t)
+
+/* Object table entry size */
+#define PS_OBJECTS_TABLE_ENTRY_SIZE sizeof(struct ps_obj_table_entry_t)
+
+/* Size of the data that is not required to authenticate */
+#define PS_NON_AUTH_OBJ_TABLE_SIZE sizeof(union ps_crypto_t)
+
+/* Start position to store the object table data in the FS object */
+#define PS_OBJECT_TABLE_OBJECT_OFFSET 0
+
+/* The associated data is the header minus the crypto data */
+#define PS_CRYPTO_ASSOCIATED_DATA(crypto) ((uint8_t *)crypto + \
+ PS_NON_AUTH_OBJ_TABLE_SIZE)
+
+#ifdef PS_ROLLBACK_PROTECTION
+#define PS_OBJ_TABLE_AUTH_DATA_SIZE (PS_OBJ_TABLE_SIZE - \
+ PS_NON_AUTH_OBJ_TABLE_SIZE)
+
+struct ps_crypto_assoc_data_t {
+ uint8_t obj_table_data[PS_OBJ_TABLE_AUTH_DATA_SIZE];
+ uint32_t nv_counter;
+};
+
+#define PS_CRYPTO_ASSOCIATED_DATA_LEN sizeof(struct ps_crypto_assoc_data_t)
+
+#else
+
+/* The associated data is the header, minus the the tag data */
+#define PS_CRYPTO_ASSOCIATED_DATA_LEN (PS_OBJ_TABLE_SIZE - \
+ PS_NON_AUTH_OBJ_TABLE_SIZE)
+#endif /* PS_ROLLBACK_PROTECTION */
+
+/* The ps_object_table_init function uses the static memory allocated for
+ * the object data manipulation, in ps_object_table.c (g_ps_object), to load a
+ * temporary object table to be validated at that stage.
+ * To make sure the object table data fits in the static memory allocated for
+ * object manipulation, the following macro checks if the memory allocated is
+ * big enough, at compile time
+ */
+
+/* Check at compilation time if metadata fits in g_ps_object.data */
+PS_UTILS_BOUND_CHECK(OBJ_TABLE_NOT_FIT_IN_STATIC_OBJ_DATA_BUF,
+ PS_OBJ_TABLE_SIZE, PS_MAX_ASSET_SIZE);
+
+enum ps_obj_table_state {
+ PS_OBJ_TABLE_VALID = 0, /*!< Table content is valid */
+ PS_OBJ_TABLE_INVALID, /*!< Table content is invalid */
+ PS_OBJ_TABLE_NVC_1_VALID, /*!< Table content valid with NVC 1 value */
+ PS_OBJ_TABLE_NVC_3_VALID, /*!< Table content valid with NVC 3 value */
+};
+
+/* Specifies that PS NV counter value is invalid */
+#define PS_INVALID_NVC_VALUE 0
+
+/*!
+ * \struct ps_obj_table_ctx_t
+ *
+ * \brief Object table init context structure.
+ */
+struct ps_obj_table_init_ctx_t {
+ struct ps_obj_table_t *p_table[PS_NUM_OBJ_TABLES]; /*!< Pointers to
+ * object tables
+ */
+ enum ps_obj_table_state table_state[PS_NUM_OBJ_TABLES]; /*!< Array to
+ * indicate if
+ * the object
+ * table X is
+ * valid
+ */
+#ifdef PS_ROLLBACK_PROTECTION
+ uint32_t nvc_1; /*!< Non-volatile counter value 1 */
+ uint32_t nvc_3; /*!< Non-volatile counter value 3 */
+#endif /* PS_ROLLBACK_PROTECTION */
+};
+
+/**
+ * \brief Reads object table from persistent memory.
+ *
+ * \param[out] init_ctx Pointer to the init object table context
+ *
+ */
+__attribute__ ((always_inline))
+__STATIC_INLINE void ps_object_table_fs_read_table(
+ struct ps_obj_table_init_ctx_t *init_ctx)
+{
+ psa_status_t err;
+ size_t data_length;
+
+ /* Read file with the table 0 data */
+
+ err = psa_its_get(PS_TABLE_FS_ID(PS_OBJ_TABLE_IDX_0),
+ PS_OBJECT_TABLE_OBJECT_OFFSET,
+ PS_OBJ_TABLE_SIZE,
+ (void *)init_ctx->p_table[PS_OBJ_TABLE_IDX_0],
+ &data_length);
+ if (err != PSA_SUCCESS) {
+ init_ctx->table_state[PS_OBJ_TABLE_IDX_0] = PS_OBJ_TABLE_INVALID;
+ }
+
+ /* Read file with the table 1 data */
+ err = psa_its_get(PS_TABLE_FS_ID(PS_OBJ_TABLE_IDX_1),
+ PS_OBJECT_TABLE_OBJECT_OFFSET,
+ PS_OBJ_TABLE_SIZE,
+ (void *)init_ctx->p_table[PS_OBJ_TABLE_IDX_1],
+ &data_length);
+ if (err != PSA_SUCCESS) {
+ init_ctx->table_state[PS_OBJ_TABLE_IDX_1] = PS_OBJ_TABLE_INVALID;
+ }
+}
+
+/**
+ * \brief Writes object table in persistent memory.
+ *
+ * \param[in,out] obj_table Pointer to the object table to generate
+ * authentication
+ *
+ * \return Returns error code as specified in \ref psa_status_t
+ */
+__attribute__ ((always_inline))
+__STATIC_INLINE psa_status_t ps_object_table_fs_write_table(
+ struct ps_obj_table_t *obj_table)
+{
+ psa_status_t err;
+ uint32_t obj_table_id = PS_TABLE_FS_ID(ps_obj_table_ctx.scratch_table);
+ uint8_t swap_table_idxs = ps_obj_table_ctx.scratch_table;
+
+ /* Create file to store object table in the FS */
+ err = psa_its_set(obj_table_id,
+ PS_OBJ_TABLE_SIZE,
+ (const void *)obj_table,
+ PSA_STORAGE_FLAG_NONE);
+
+ if (err != PSA_SUCCESS) {
+ return err;
+ }
+
+ /* Swap active and scratch table values */
+ ps_obj_table_ctx.scratch_table = ps_obj_table_ctx.active_table;
+ ps_obj_table_ctx.active_table = swap_table_idxs;
+
+ return PSA_SUCCESS;
+}
+
+#ifdef PS_ENCRYPTION
+#ifdef PS_ROLLBACK_PROTECTION
+/**
+ * \brief Aligns all PS non-volatile counters.
+ *
+ * \param[in] nvc_1 Value of PS non-volatile counter 1
+ *
+ * \return Returns error code as specified in \ref psa_status_t
+ */
+static psa_status_t ps_object_table_align_nv_counters(uint32_t nvc_1)
+{
+ psa_status_t err;
+ uint32_t nvc_x_val = 0;
+
+ /* Align PS NVC 2 with NVC 1 */
+ err = ps_read_nv_counter(TFM_PS_NV_COUNTER_2, &nvc_x_val);
+ if (err != PSA_SUCCESS) {
+ return PSA_ERROR_GENERIC_ERROR;
+ }
+
+ for (; nvc_x_val < nvc_1; nvc_x_val++) {
+ err = ps_increment_nv_counter(TFM_PS_NV_COUNTER_2);
+ if (err != PSA_SUCCESS) {
+ return err;
+ }
+ }
+
+ /* Align PS NVC 3 with NVC 1 */
+ err = ps_read_nv_counter(TFM_PS_NV_COUNTER_3, &nvc_x_val);
+ if (err != PSA_SUCCESS) {
+ return PSA_ERROR_GENERIC_ERROR;
+ }
+
+ for (; nvc_x_val < nvc_1; nvc_x_val++) {
+ err = ps_increment_nv_counter(TFM_PS_NV_COUNTER_3);
+ if (err != PSA_SUCCESS) {
+ return err;
+ }
+ }
+
+ return PSA_SUCCESS;
+}
+
+/**
+ * \brief Generates table authentication tag.
+ *
+ * \param[in] nvc_1 Value of PS non-volatile counter 1
+ * \param[in,out] obj_table Pointer to the object table to generate
+ * authentication
+ *
+ * \return Returns error code as specified in \ref psa_status_t
+ */
+__attribute__ ((always_inline))
+__STATIC_INLINE psa_status_t ps_object_table_nvc_generate_auth_tag(
+ uint32_t nvc_1,
+ struct ps_obj_table_t *obj_table)
+{
+ struct ps_crypto_assoc_data_t assoc_data;
+ union ps_crypto_t *crypto = &obj_table->crypto;
+
+ /* Get new IV */
+ ps_crypto_get_iv(crypto);
+
+ assoc_data.nv_counter = nvc_1;
+ (void)tfm_memcpy(assoc_data.obj_table_data,
+ PS_CRYPTO_ASSOCIATED_DATA(crypto),
+ PS_OBJ_TABLE_AUTH_DATA_SIZE);
+
+ return ps_crypto_generate_auth_tag(crypto, (const uint8_t *)&assoc_data,
+ PS_CRYPTO_ASSOCIATED_DATA_LEN);
+}
+
+/**
+ * \brief Authenticates table of objects.
+ *
+ * \param[in] table_idx Table index in the init context
+ * \param[in,out] init_ctx Pointer to the object table to authenticate
+ *
+ */
+static void ps_object_table_authenticate(uint8_t table_idx,
+ struct ps_obj_table_init_ctx_t *init_ctx)
+{
+ struct ps_crypto_assoc_data_t assoc_data;
+ union ps_crypto_t *crypto = &init_ctx->p_table[table_idx]->crypto;
+ psa_status_t err;
+
+ /* Init associated data with NVC 1 */
+ assoc_data.nv_counter = init_ctx->nvc_1;
+ (void)tfm_memcpy(assoc_data.obj_table_data,
+ PS_CRYPTO_ASSOCIATED_DATA(crypto),
+ PS_OBJ_TABLE_AUTH_DATA_SIZE);
+
+ err = ps_crypto_authenticate(crypto, (const uint8_t *)&assoc_data,
+ PS_CRYPTO_ASSOCIATED_DATA_LEN);
+ if (err == PSA_SUCCESS) {
+ init_ctx->table_state[table_idx] = PS_OBJ_TABLE_NVC_1_VALID;
+ return;
+ }
+
+ if (init_ctx->nvc_3 == PS_INVALID_NVC_VALUE) {
+ init_ctx->table_state[table_idx] = PS_OBJ_TABLE_INVALID;
+ return;
+ }
+
+ /* Check with NVC 3 */
+ assoc_data.nv_counter = init_ctx->nvc_3;
+
+ err = ps_crypto_authenticate(crypto, (const uint8_t *)&assoc_data,
+ PS_CRYPTO_ASSOCIATED_DATA_LEN);
+ if (err != PSA_SUCCESS) {
+ init_ctx->table_state[table_idx] = PS_OBJ_TABLE_INVALID;
+ } else {
+ init_ctx->table_state[table_idx] = PS_OBJ_TABLE_NVC_3_VALID;
+ }
+}
+
+/**
+ * \brief Authenticates tables of objects.
+ *
+ * \param[in,out] init_ctx Pointer to the object table to authenticate
+ *
+ * \return Returns error code as specified in \ref psa_status_t
+ */
+__attribute__ ((always_inline))
+__STATIC_INLINE psa_status_t ps_object_table_nvc_authenticate(
+ struct ps_obj_table_init_ctx_t *init_ctx)
+{
+ psa_status_t err;
+ uint32_t nvc_2;
+
+ err = ps_read_nv_counter(TFM_PS_NV_COUNTER_1, &init_ctx->nvc_1);
+ if (err != PSA_SUCCESS) {
+ return err;
+ }
+
+ err = ps_read_nv_counter(TFM_PS_NV_COUNTER_2, &nvc_2);
+ if (err != PSA_SUCCESS) {
+ return err;
+ }
+
+ err = ps_read_nv_counter(TFM_PS_NV_COUNTER_3, &init_ctx->nvc_3);
+ if (err != PSA_SUCCESS) {
+ return err;
+ }
+
+ /* Check if NVC 3 value can be used to validate an object table */
+ if (init_ctx->nvc_3 != nvc_2) {
+ /* If NVC 3 is different from NVC 2, it is possible to load an old PS
+ * area image in the system by manipulating the FS to return a system
+ * error from the file system layer and triggering power fault before
+ * increasing the NVC 3. So, in that case, NVC 3 value cannot be used to
+ * validate an old object table at the init process.
+ */
+ init_ctx->nvc_3 = PS_INVALID_NVC_VALUE;
+ }
+
+ /* Authenticate table 0 if data is valid */
+ if (init_ctx->table_state[PS_OBJ_TABLE_IDX_0] != PS_OBJ_TABLE_INVALID) {
+ ps_object_table_authenticate(PS_OBJ_TABLE_IDX_0, init_ctx);
+ }
+
+ /* Authenticate table 1 if data is valid */
+ if (init_ctx->table_state[PS_OBJ_TABLE_IDX_1] != PS_OBJ_TABLE_INVALID) {
+ ps_object_table_authenticate(PS_OBJ_TABLE_IDX_1, init_ctx);
+ }
+
+ return PSA_SUCCESS;
+}
+#else /* PS_ROLLBACK_PROTECTION */
+
+/**
+ * \brief Generates table authentication
+ *
+ * \param[in,out] obj_table Pointer to the object table to generate
+ * authentication
+ *
+ * \return Returns error code as specified in \ref psa_status_t
+ */
+__attribute__ ((always_inline))
+__STATIC_INLINE psa_status_t ps_object_table_generate_auth_tag(
+ struct ps_obj_table_t *obj_table)
+{
+ union ps_crypto_t *crypto = &obj_table->crypto;
+
+ /* Get new IV */
+ ps_crypto_get_iv(crypto);
+
+ return ps_crypto_generate_auth_tag(crypto,
+ PS_CRYPTO_ASSOCIATED_DATA(crypto),
+ PS_CRYPTO_ASSOCIATED_DATA_LEN);
+}
+
+/**
+ * \brief Authenticates tables of objects.
+ *
+ * \param[in,out] init_ctx Pointer to the object table to authenticate
+ *
+ */
+__attribute__ ((always_inline))
+__STATIC_INLINE void ps_object_table_authenticate_ctx_tables(
+ struct ps_obj_table_init_ctx_t *init_ctx)
+{
+ psa_status_t err;
+ union ps_crypto_t *crypto =
+ &init_ctx->p_table[PS_OBJ_TABLE_IDX_0]->crypto;
+
+ /* Authenticate table 0 if data is valid */
+ if (init_ctx->table_state[PS_OBJ_TABLE_IDX_0] != PS_OBJ_TABLE_INVALID) {
+ err = ps_crypto_authenticate(crypto,
+ PS_CRYPTO_ASSOCIATED_DATA(crypto),
+ PS_CRYPTO_ASSOCIATED_DATA_LEN);
+ if (err != PSA_SUCCESS) {
+ init_ctx->table_state[PS_OBJ_TABLE_IDX_0] = PS_OBJ_TABLE_INVALID;
+ }
+ }
+
+ /* Authenticate table 1 if data is valid */
+ if (init_ctx->table_state[PS_OBJ_TABLE_IDX_1] != PS_OBJ_TABLE_INVALID) {
+ crypto = &init_ctx->p_table[PS_OBJ_TABLE_IDX_1]->crypto;
+
+ err = ps_crypto_authenticate(crypto,
+ PS_CRYPTO_ASSOCIATED_DATA(crypto),
+ PS_CRYPTO_ASSOCIATED_DATA_LEN);
+ if (err != PSA_SUCCESS) {
+ init_ctx->table_state[PS_OBJ_TABLE_IDX_1] = PS_OBJ_TABLE_INVALID;
+ }
+ }
+}
+#endif /* PS_ROLLBACK_PROTECTION */
+#endif /* PS_ENCRYPTION */
+
+/**
+ * \brief Saves object table in the persistent memory.
+ *
+ * \param[in,out] obj_table Pointer to the object table to save
+ *
+ * \return Returns error code as specified in \ref psa_status_t
+ */
+static psa_status_t ps_object_table_save_table(
+ struct ps_obj_table_t *obj_table)
+{
+ psa_status_t err;
+
+#ifdef PS_ROLLBACK_PROTECTION
+ uint32_t nvc_1 = 0;
+
+ err = ps_increment_nv_counter(TFM_PS_NV_COUNTER_1);
+ if (err != PSA_SUCCESS) {
+ return err;
+ }
+
+ err = ps_read_nv_counter(TFM_PS_NV_COUNTER_1, &nvc_1);
+ if (err != PSA_SUCCESS) {
+ return err;
+ }
+#else
+ obj_table->swap_count++;
+
+ if (obj_table->swap_count == PS_FLASH_DEFAULT_VAL) {
+ /* When a flash block is erased, the default value is usually 0xFF
+ * (i.e. all 1s). Since the swap count is updated last (when encryption
+ * is disabled), it is possible that due to a power failure, the swap
+ * count value in metadata header is 0xFFFF..., which mean it will
+ * appear to be most recent block.
+ */
+ obj_table->swap_count = 0;
+ }
+#endif /* PS_ROLLBACK_PROTECTION */
+
+#ifdef PS_ENCRYPTION
+ /* Set object table key */
+ err = ps_crypto_setkey();
+ if (err != PSA_SUCCESS) {
+ return err;
+ }
+
+#ifdef PS_ROLLBACK_PROTECTION
+ /* Generate authentication tag from the current table content and PS
+ * NV counter 1.
+ */
+ err = ps_object_table_nvc_generate_auth_tag(nvc_1, obj_table);
+#else
+ /* Generate authentication tag from the current table content */
+ err = ps_object_table_generate_auth_tag(obj_table);
+#endif /* PS_ROLLBACK_PROTECTION */
+
+ if (err != PSA_SUCCESS) {
+ (void)ps_crypto_destroykey();
+ return err;
+ }
+
+ err = ps_crypto_destroykey();
+ if (err != PSA_SUCCESS) {
+ return err;
+ }
+#endif /* PS_ENCRYPTION */
+
+ err = ps_object_table_fs_write_table(obj_table);
+
+#ifdef PS_ROLLBACK_PROTECTION
+ if (err != PSA_SUCCESS) {
+ return err;
+ }
+
+ /* Align PS NV counters to have the same value */
+ err = ps_object_table_align_nv_counters(nvc_1);
+#endif /* PS_ROLLBACK_PROTECTION */
+
+ return err;
+}
+
+/**
+ * \brief Checks the validity of the table version.
+ *
+ * \param[in,out] init_ctx Pointer to the init object table context
+ *
+ */
+__attribute__ ((always_inline))
+__STATIC_INLINE void ps_object_table_validate_version(
+ struct ps_obj_table_init_ctx_t *init_ctx)
+{
+ /* Looks for exact version number.
+ * FIXME: backward compatibility could be considered in future revisions.
+ */
+ if (PS_OBJECT_SYSTEM_VERSION !=
+ init_ctx->p_table[PS_OBJ_TABLE_IDX_0]->version) {
+ init_ctx->table_state[PS_OBJ_TABLE_IDX_0] = PS_OBJ_TABLE_INVALID;
+ }
+
+ if (PS_OBJECT_SYSTEM_VERSION !=
+ init_ctx->p_table[PS_OBJ_TABLE_IDX_1]->version) {
+ init_ctx->table_state[PS_OBJ_TABLE_IDX_1] = PS_OBJ_TABLE_INVALID;
+ }
+}
+
+/**
+ * \brief Sets the active object table based on the swap count and validity of
+ * the object table data.
+ *
+ * \param[in] init_ctx Pointer to the init object table context
+ *
+ * \return Returns error code as specified in \ref psa_status_t
+ */
+static psa_status_t ps_set_active_object_table(
+ const struct ps_obj_table_init_ctx_t *init_ctx)
+{
+#ifndef PS_ROLLBACK_PROTECTION
+ uint8_t table0_swap_count =
+ init_ctx->p_table[PS_OBJ_TABLE_IDX_0]->swap_count;
+ uint8_t table1_swap_count =
+ init_ctx->p_table[PS_OBJ_TABLE_IDX_1]->swap_count;
+#endif
+
+ /* Check if there is an invalid object table */
+ if ((init_ctx->table_state[PS_OBJ_TABLE_IDX_0] == PS_OBJ_TABLE_INVALID)
+ && (init_ctx->table_state[PS_OBJ_TABLE_IDX_1] ==
+ PS_OBJ_TABLE_INVALID)) {
+ /* Both tables are invalid */
+ return PSA_ERROR_GENERIC_ERROR;
+ } else if (init_ctx->table_state[PS_OBJ_TABLE_IDX_0] ==
+ PS_OBJ_TABLE_INVALID) {
+ /* Table 0 is invalid, the active one is table 1 */
+ ps_obj_table_ctx.active_table = PS_OBJ_TABLE_IDX_1;
+ ps_obj_table_ctx.scratch_table = PS_OBJ_TABLE_IDX_0;
+
+ /* As table 1 is the active object, load the content into the
+ * PS object table context.
+ */
+ (void)tfm_memcpy(&ps_obj_table_ctx.obj_table,
+ init_ctx->p_table[PS_OBJ_TABLE_IDX_1],
+ PS_OBJ_TABLE_SIZE);
+
+ return PSA_SUCCESS;
+ } else if (init_ctx->table_state[PS_OBJ_TABLE_IDX_1] ==
+ PS_OBJ_TABLE_INVALID) {
+ /* Table 1 is invalid, the active one is table 0 */
+ ps_obj_table_ctx.active_table = PS_OBJ_TABLE_IDX_0;
+ ps_obj_table_ctx.scratch_table = PS_OBJ_TABLE_IDX_1;
+
+ /* As table 0 is already in the PS object table context, it is not
+ * needed to copy the table in the context.
+ */
+
+ return PSA_SUCCESS;
+ }
+
+#ifdef PS_ROLLBACK_PROTECTION
+ if (init_ctx->table_state[PS_OBJ_TABLE_IDX_1] ==
+ PS_OBJ_TABLE_NVC_1_VALID) {
+ /* Table 0 is invalid, the active one is table 1 */
+ ps_obj_table_ctx.active_table = PS_OBJ_TABLE_IDX_1;
+ ps_obj_table_ctx.scratch_table = PS_OBJ_TABLE_IDX_0;
+ } else {
+ /* In case both tables are valid or table 0 is valid, table 0 is the
+ * valid on as it is already in the PS object table context.
+ */
+ ps_obj_table_ctx.active_table = PS_OBJ_TABLE_IDX_0;
+ ps_obj_table_ctx.scratch_table = PS_OBJ_TABLE_IDX_1;
+ }
+#else
+ /* Logic: if the swap count is 0, then it has rolled over. The object table
+ * with a swap count of 0 is the latest one, unless the other block has a
+ * swap count of 1, in which case the roll over occurred in the previous
+ * update. In all other cases, the table with the highest swap count is the
+ * latest one.
+ */
+ if ((table1_swap_count == 0) && (table0_swap_count != 1)) {
+ /* Table 1 swap count has rolled over and table 0 swap count has not,
+ * so table 1 is the latest.
+ */
+ ps_obj_table_ctx.active_table = PS_OBJ_TABLE_IDX_1;
+ ps_obj_table_ctx.scratch_table = PS_OBJ_TABLE_IDX_0;
+
+ } else if ((table0_swap_count == 0) && (table1_swap_count != 1)) {
+ /* Table 0 swap count has rolled over and table 1 swap count has not,
+ * so table 0 is the latest.
+ */
+ ps_obj_table_ctx.active_table = PS_OBJ_TABLE_IDX_0;
+ ps_obj_table_ctx.scratch_table = PS_OBJ_TABLE_IDX_1;
+
+ } else if (table1_swap_count > table0_swap_count) {
+ /* Neither swap count has just rolled over and table 1 has a
+ * higher swap count, so table 1 is the latest.
+ */
+ ps_obj_table_ctx.active_table = PS_OBJ_TABLE_IDX_1;
+ ps_obj_table_ctx.scratch_table = PS_OBJ_TABLE_IDX_0;
+
+ } else {
+ /* Neither swap count has just rolled over and table 0 has a
+ * higher or equal swap count, so table 0 is the latest.
+ */
+ ps_obj_table_ctx.active_table = PS_OBJ_TABLE_IDX_0;
+ ps_obj_table_ctx.scratch_table = PS_OBJ_TABLE_IDX_1;
+ }
+#endif /* PS_ROLLBACK_PROTECTION */
+
+ /* If active object table is table 1, then copy the content into the
+ * PS object table context.
+ */
+ if (ps_obj_table_ctx.active_table == PS_OBJ_TABLE_IDX_1) {
+ (void)tfm_memcpy(&ps_obj_table_ctx.obj_table,
+ init_ctx->p_table[PS_OBJ_TABLE_IDX_1],
+ PS_OBJ_TABLE_SIZE);
+ }
+
+ return PSA_SUCCESS;
+}
+
+/**
+ * \brief Gets table's entry index based on the given object UID and client ID.
+ *
+ * \param[in] uid Object UID
+ * \param[in] client_id Client UID
+ * \param[out] idx Pointer to store the entry's index
+ *
+ * \return Returns PSA_SUCCESS and index of the table, if object exists
+ * in the table. Otherwise, it returns PSA_ERROR_DOES_NOT_EXIST.
+ */
+static psa_status_t ps_get_object_entry_idx(psa_storage_uid_t uid,
+ int32_t client_id,
+ uint32_t *idx)
+{
+ uint32_t i;
+ struct ps_obj_table_t *p_table = &ps_obj_table_ctx.obj_table;
+
+ for (i = 0; i < PS_OBJ_TABLE_ENTRIES; i++) {
+ if (p_table->obj_db[i].uid == uid
+ && p_table->obj_db[i].client_id == client_id) {
+ *idx = i;
+ return PSA_SUCCESS;
+ }
+ }
+
+ return PSA_ERROR_DOES_NOT_EXIST;
+}
+
+/**
+ * \brief Gets free index in the table
+ *
+ * \param[in] idx_num The number of indices required to be free before one can
+ * be allocated. Primarily used to prevent index
+ * exhaustion.Note that this function will only ever return
+ * 1 index.
+ * \param[out] idx Pointer to store the free index
+ *
+ * \note The table is dimensioned to fit PS_NUM_ASSETS + 1
+ *
+ * \return Returns PSA_SUCCESS and a table index if idx_num free indices are
+ * available. Otherwise, it returns PSA_ERROR_INSUFFICIENT_STORAGE.
+ */
+__attribute__ ((always_inline))
+__STATIC_INLINE psa_status_t ps_table_free_idx(uint32_t idx_num,
+ uint32_t *idx)
+{
+ uint32_t i;
+ uint32_t last_free = 0;
+ struct ps_obj_table_t *p_table = &ps_obj_table_ctx.obj_table;
+
+ if (idx_num == 0) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+
+ for (i = 0; i < PS_OBJ_TABLE_ENTRIES && idx_num > 0; i++) {
+ if (p_table->obj_db[i].uid == TFM_PS_INVALID_UID) {
+ last_free = i;
+ idx_num--;
+ }
+ }
+
+ if (idx_num != 0) {
+ return PSA_ERROR_INSUFFICIENT_STORAGE;
+ } else {
+ *idx = last_free;
+ return PSA_SUCCESS;
+ }
+}
+
+/**
+ * \brief Deletes an entry from the table
+ *
+ * \param[in] idx Entry index to delete
+ *
+ */
+static void ps_table_delete_entry(uint32_t idx)
+{
+ /* Initialise object table entry structure */
+ (void)tfm_memset(&ps_obj_table_ctx.obj_table.obj_db[idx],
+ PS_DEFAULT_EMPTY_BUFF_VAL, PS_OBJECTS_TABLE_ENTRY_SIZE);
+}
+
+psa_status_t ps_object_table_create(void)
+{
+ struct ps_obj_table_t *p_table = &ps_obj_table_ctx.obj_table;
+
+ /* Initialize object structure */
+ (void)tfm_memset(&ps_obj_table_ctx, PS_DEFAULT_EMPTY_BUFF_VAL,
+ sizeof(struct ps_obj_table_ctx_t));
+
+ /* Invert the other in the context as ps_object_table_save_table will
+ * use the scratch index to create and store the current table.
+ */
+ ps_obj_table_ctx.active_table = PS_OBJ_TABLE_IDX_1;
+ ps_obj_table_ctx.scratch_table = PS_OBJ_TABLE_IDX_0;
+
+ p_table->version = PS_OBJECT_SYSTEM_VERSION;
+
+ /* Save object table contents */
+ return ps_object_table_save_table(p_table);
+}
+
+psa_status_t ps_object_table_init(uint8_t *obj_data)
+{
+ psa_status_t err;
+ struct ps_obj_table_init_ctx_t init_ctx = {
+ .p_table = {&ps_obj_table_ctx.obj_table, NULL},
+ .table_state = {PS_OBJ_TABLE_VALID, PS_OBJ_TABLE_VALID},
+#ifdef PS_ROLLBACK_PROTECTION
+ .nvc_1 = 0U,
+ .nvc_3 = 0U,
+#endif /* PS_ROLLBACK_PROTECTION */
+ };
+
+ init_ctx.p_table[PS_OBJ_TABLE_IDX_1] = (struct ps_obj_table_t *)obj_data;
+
+ /* Read table from the file system */
+ ps_object_table_fs_read_table(&init_ctx);
+
+#ifdef PS_ENCRYPTION
+ /* Set object table key */
+ err = ps_crypto_setkey();
+ if (err != PSA_SUCCESS) {
+ return err;
+ }
+
+#ifdef PS_ROLLBACK_PROTECTION
+ /* Authenticate table */
+ err = ps_object_table_nvc_authenticate(&init_ctx);
+ if (err != PSA_SUCCESS) {
+ (void)ps_crypto_destroykey();
+ return err;
+ }
+#else
+ ps_object_table_authenticate_ctx_tables(&init_ctx);
+#endif /* PS_ROLLBACK_PROTECTION */
+
+ err = ps_crypto_destroykey();
+ if (err != PSA_SUCCESS) {
+ return err;
+ }
+#endif /* PS_ENCRYPTION */
+
+ /* Check tables version */
+ ps_object_table_validate_version(&init_ctx);
+
+ /* Set active tables */
+ err = ps_set_active_object_table(&init_ctx);
+ if (err != PSA_SUCCESS) {
+ return err;
+ }
+
+ /* Remove the old object table file */
+ err = psa_its_remove(PS_TABLE_FS_ID(ps_obj_table_ctx.scratch_table));
+ if (err != PSA_SUCCESS && err != PSA_ERROR_DOES_NOT_EXIST) {
+ return err;
+ }
+
+#ifdef PS_ROLLBACK_PROTECTION
+ /* Align PS NV counters */
+ err = ps_object_table_align_nv_counters(init_ctx.nvc_1);
+ if (err != PSA_SUCCESS) {
+ return err;
+ }
+#endif /* PS_ROLLBACK_PROTECTION */
+
+#ifdef PS_ENCRYPTION
+ ps_crypto_set_iv(&ps_obj_table_ctx.obj_table.crypto);
+#endif
+
+ return PSA_SUCCESS;
+}
+
+psa_status_t ps_object_table_obj_exist(psa_storage_uid_t uid,
+ int32_t client_id)
+{
+ uint32_t idx = 0;
+
+ return ps_get_object_entry_idx(uid, client_id, &idx);
+}
+
+psa_status_t ps_object_table_get_free_fid(uint32_t fid_num,
+ uint32_t *p_fid)
+{
+ psa_status_t err;
+ uint32_t fid;
+ uint32_t idx;
+
+ err = ps_table_free_idx(fid_num, &idx);
+ if (err != PSA_SUCCESS) {
+ return err;
+ }
+
+ /* There first two file IDs are reserved for the active table
+ * and scratch table files.
+ */
+ fid = PS_OBJECT_FS_ID(idx);
+
+ /* If there is a file in the persistent area with that ID then remove it.
+ * That can happen when the system is rebooted (e.g. power cut, ...) in the
+ * middle of a create, write or delete operation.
+ */
+ err = psa_its_remove(fid);
+ if (err != PSA_SUCCESS && err != PSA_ERROR_DOES_NOT_EXIST) {
+ return err;
+ }
+
+ *p_fid = fid;
+
+ return PSA_SUCCESS;
+}
+
+psa_status_t ps_object_table_set_obj_tbl_info(psa_storage_uid_t uid,
+ int32_t client_id,
+ const struct ps_obj_table_info_t *obj_tbl_info)
+{
+ psa_status_t err;
+ uint32_t idx = 0;
+ uint32_t backup_idx = 0;
+ struct ps_obj_table_entry_t backup_entry = {
+#ifdef PS_ENCRYPTION
+ .tag = {0U},
+#else
+ .version = 0U,
+#endif /* PS_ENCRYPTION */
+ .uid = TFM_PS_INVALID_UID,
+ .client_id = 0,
+ };
+ struct ps_obj_table_t *p_table = &ps_obj_table_ctx.obj_table;
+
+ err = ps_get_object_entry_idx(uid, client_id, &backup_idx);
+ if (err == PSA_SUCCESS) {
+ /* If an entry exists for this UID, it creates a backup copy in case
+ * an error happens while updating the new table in the filesystem.
+ */
+ (void)tfm_memcpy(&backup_entry, &p_table->obj_db[backup_idx],
+ PS_OBJECTS_TABLE_ENTRY_SIZE);
+
+ /* Deletes old object information if it exist in the table */
+ ps_table_delete_entry(backup_idx);
+ }
+
+ idx = PS_OBJECT_FS_ID_TO_IDX(obj_tbl_info->fid);
+ p_table->obj_db[idx].uid = uid;
+ p_table->obj_db[idx].client_id = client_id;
+
+ /* Add new object information */
+#ifdef PS_ENCRYPTION
+ (void)tfm_memcpy(p_table->obj_db[idx].tag, obj_tbl_info->tag,
+ PS_TAG_LEN_BYTES);
+#else
+ p_table->obj_db[idx].version = obj_tbl_info->version;
+#endif
+
+ err = ps_object_table_save_table(p_table);
+ if (err != PSA_SUCCESS) {
+ if (backup_entry.uid != TFM_PS_INVALID_UID) {
+ /* Rollback the change in the table */
+ (void)tfm_memcpy(&p_table->obj_db[backup_idx], &backup_entry,
+ PS_OBJECTS_TABLE_ENTRY_SIZE);
+ }
+
+ ps_table_delete_entry(idx);
+ }
+
+ return err;
+}
+
+psa_status_t ps_object_table_get_obj_tbl_info(psa_storage_uid_t uid,
+ int32_t client_id,
+ struct ps_obj_table_info_t *obj_tbl_info)
+{
+ psa_status_t err;
+ uint32_t idx;
+ struct ps_obj_table_t *p_table = &ps_obj_table_ctx.obj_table;
+
+ err = ps_get_object_entry_idx(uid, client_id, &idx);
+ if (err != PSA_SUCCESS) {
+ return err;
+ }
+
+ obj_tbl_info->fid = PS_OBJECT_FS_ID(idx);
+
+#ifdef PS_ENCRYPTION
+ (void)tfm_memcpy(obj_tbl_info->tag, p_table->obj_db[idx].tag,
+ PS_TAG_LEN_BYTES);
+#else
+ obj_tbl_info->version = p_table->obj_db[idx].version;
+#endif
+
+ return PSA_SUCCESS;
+}
+
+psa_status_t ps_object_table_delete_object(psa_storage_uid_t uid,
+ int32_t client_id)
+{
+ uint32_t backup_idx = 0;
+ struct ps_obj_table_entry_t backup_entry;
+ psa_status_t err;
+ struct ps_obj_table_t *p_table = &ps_obj_table_ctx.obj_table;
+
+ /* Create a backup copy in case an error happens while updating the new
+ * table in the filesystem.
+ */
+ err = ps_get_object_entry_idx(uid, client_id, &backup_idx);
+ if (err != PSA_SUCCESS) {
+ /* If the object is not present in the table, it returns an error
+ * to not generate a new file where the table content is the same.
+ * Otherwise, that could be used by an attacker to get the encryption
+ * key.
+ */
+ return err;
+ }
+
+ (void)tfm_memcpy(&backup_entry, &p_table->obj_db[backup_idx],
+ PS_OBJECTS_TABLE_ENTRY_SIZE);
+
+ ps_table_delete_entry(backup_idx);
+
+ err = ps_object_table_save_table(p_table);
+ if (err != PSA_SUCCESS) {
+ /* Rollback the change in the table */
+ (void)tfm_memcpy(&p_table->obj_db[backup_idx], &backup_entry,
+ PS_OBJECTS_TABLE_ENTRY_SIZE);
+ }
+
+ return err;
+}
+
+psa_status_t ps_object_table_delete_old_table(void)
+{
+ uint32_t table_id = PS_TABLE_FS_ID(ps_obj_table_ctx.scratch_table);
+
+ return psa_its_remove(table_id);
+}
diff --git a/secure_fw/partitions/secure_storage/sst_object_table.h b/secure_fw/partitions/protected_storage/ps_object_table.h
similarity index 74%
rename from secure_fw/partitions/secure_storage/sst_object_table.h
rename to secure_fw/partitions/protected_storage/ps_object_table.h
index 7d5a8cf..00aba51 100644
--- a/secure_fw/partitions/secure_storage/sst_object_table.h
+++ b/secure_fw/partitions/protected_storage/ps_object_table.h
@@ -5,8 +5,8 @@
*
*/
-#ifndef __SST_OBJECT_TABLE_H__
-#define __SST_OBJECT_TABLE_H__
+#ifndef __PS_OBJECT_TABLE_H__
+#define __PS_OBJECT_TABLE_H__
#include <stdint.h>
@@ -17,13 +17,13 @@
#endif
/*!
- * \struct sst_obj_table_info_t
+ * \struct ps_obj_table_info_t
*
* \brief Object table information structure.
*/
-struct sst_obj_table_info_t {
+struct ps_obj_table_info_t {
uint32_t fid; /*!< File ID in the file system */
-#ifdef SST_ENCRYPTION
+#ifdef PS_ENCRYPTION
uint8_t *tag; /*!< Pointer to the MAC value of AEAD object */
#else
uint32_t version; /*!< Object version */
@@ -35,7 +35,7 @@
*
* \return Returns error code as specified in \ref psa_status_t
*/
-psa_status_t sst_object_table_create(void);
+psa_status_t ps_object_table_create(void);
/**
* \brief Initializes object table.
@@ -46,7 +46,7 @@
*
* \return Returns error code as specified in \ref psa_status_t
*/
-psa_status_t sst_object_table_init(uint8_t *obj_data);
+psa_status_t ps_object_table_init(uint8_t *obj_data);
/**
* \brief Checks if there is an entry in the table for the provided UID and
@@ -60,8 +60,8 @@
* \retval PSA_SUCCESS If there is a table entry for the object
* \retval PSA_ERROR_DOES_NOT_EXIST If no table entry exists for the object
*/
-psa_status_t sst_object_table_obj_exist(psa_storage_uid_t uid,
- int32_t client_id);
+psa_status_t ps_object_table_obj_exist(psa_storage_uid_t uid,
+ int32_t client_id);
/**
* \brief Gets a not in use file ID.
@@ -76,8 +76,7 @@
* are still free in the table. Otherwise, it returns an error code as
* specified in \ref psa_status_t
*/
-psa_status_t sst_object_table_get_free_fid(uint32_t fid_num,
- uint32_t *p_fid);
+psa_status_t ps_object_table_get_free_fid(uint32_t fid_num, uint32_t *p_fid);
/**
* \brief Sets object table information in the object table and stores it
@@ -86,16 +85,16 @@
* \param[in] uid Identifier for the data.
* \param[in] client_id Identifier of the asset’s owner (client)
* \param[in] obj_tbl_info Pointer to the location to store object table
- * information \ref sst_obj_table_info_t
+ * information \ref ps_obj_table_info_t
*
* \note A call to this function results in writing the table to the
* file system.
*
* \return Returns error code as specified in \ref psa_status_t
*/
-psa_status_t sst_object_table_set_obj_tbl_info(psa_storage_uid_t uid,
- int32_t client_id,
- const struct sst_obj_table_info_t *obj_tbl_info);
+psa_status_t ps_object_table_set_obj_tbl_info(psa_storage_uid_t uid,
+ int32_t client_id,
+ const struct ps_obj_table_info_t *obj_tbl_info);
/**
* \brief Gets object table information from the object table for the provided
@@ -109,9 +108,9 @@
* \return Returns PSA_SUCCESS if the object exists. Otherwise, it
* returns PSA_ERROR_DOES_NOT_EXIST.
*/
-psa_status_t sst_object_table_get_obj_tbl_info(psa_storage_uid_t uid,
- int32_t client_id,
- struct sst_obj_table_info_t *obj_tbl_info);
+psa_status_t ps_object_table_get_obj_tbl_info(psa_storage_uid_t uid,
+ int32_t client_id,
+ struct ps_obj_table_info_t *obj_tbl_info);
/**
* \brief Deletes the table entry for the provided UID and client ID pair.
@@ -121,18 +120,18 @@
*
* \return Returns error code as specified in \ref psa_status_t
*/
-psa_status_t sst_object_table_delete_object(psa_storage_uid_t uid,
- int32_t client_id);
+psa_status_t ps_object_table_delete_object(psa_storage_uid_t uid,
+ int32_t client_id);
/**
* \brief Deletes old object table from the persistent area.
*
* \return Returns error code as specified in \ref psa_status_t
*/
-psa_status_t sst_object_table_delete_old_table(void);
+psa_status_t ps_object_table_delete_old_table(void);
#ifdef __cplusplus
}
#endif
-#endif /* __SST_OBJECT_TABLE_H__ */
+#endif /* __PS_OBJECT_TABLE_H__ */
diff --git a/secure_fw/partitions/secure_storage/sst_utils.c b/secure_fw/partitions/protected_storage/ps_utils.c
similarity index 73%
rename from secure_fw/partitions/secure_storage/sst_utils.c
rename to secure_fw/partitions/protected_storage/ps_utils.c
index 6bae88d..decf690 100644
--- a/secure_fw/partitions/secure_storage/sst_utils.c
+++ b/secure_fw/partitions/protected_storage/ps_utils.c
@@ -5,11 +5,11 @@
*
*/
-#include "sst_utils.h"
+#include "ps_utils.h"
-psa_status_t sst_utils_check_contained_in(uint32_t superset_size,
- uint32_t subset_offset,
- uint32_t subset_size)
+psa_status_t ps_utils_check_contained_in(uint32_t superset_size,
+ uint32_t subset_offset,
+ uint32_t subset_size)
{
/* Check that subset_offset is valid */
if (subset_offset > superset_size) {
diff --git a/secure_fw/partitions/secure_storage/sst_utils.h b/secure_fw/partitions/protected_storage/ps_utils.h
similarity index 79%
rename from secure_fw/partitions/secure_storage/sst_utils.h
rename to secure_fw/partitions/protected_storage/ps_utils.h
index de17a75..c9a3d80 100644
--- a/secure_fw/partitions/secure_storage/sst_utils.h
+++ b/secure_fw/partitions/protected_storage/ps_utils.h
@@ -5,8 +5,8 @@
*
*/
-#ifndef __SST_UTILS_H__
-#define __SST_UTILS_H__
+#ifndef __PS_UTILS_H__
+#define __PS_UTILS_H__
#include <stdint.h>
@@ -17,8 +17,8 @@
extern "C" {
#endif
-#define SST_INVALID_FID 0
-#define SST_DEFAULT_EMPTY_BUFF_VAL 0
+#define PS_INVALID_FID 0
+#define PS_DEFAULT_EMPTY_BUFF_VAL 0
/**
* \brief Macro to check, at compilation time, if data fits in data buffer
@@ -32,13 +32,13 @@
* data_buf_size. The compilation error should be
* "... error: 'err_msg' declared as an array with a negative size"
*/
-#define SST_UTILS_BOUND_CHECK(err_msg, data_size, data_buf_size) \
+#define PS_UTILS_BOUND_CHECK(err_msg, data_size, data_buf_size) \
typedef char err_msg[(data_size <= data_buf_size)*2 - 1]
/**
* \brief Evaluates to the minimum of the two parameters.
*/
-#define SST_UTILS_MIN(x, y) (((x) < (y)) ? (x) : (y))
+#define PS_UTILS_MIN(x, y) (((x) < (y)) ? (x) : (y))
/**
* \brief Checks if a subset region is fully contained within a superset region.
@@ -58,12 +58,12 @@
* subset offset + size is greater than the
* size of the superset
*/
-psa_status_t sst_utils_check_contained_in(uint32_t superset_size,
- uint32_t subset_offset,
- uint32_t subset_size);
+psa_status_t ps_utils_check_contained_in(uint32_t superset_size,
+ uint32_t subset_offset,
+ uint32_t subset_size);
#ifdef __cplusplus
}
#endif
-#endif /* __SST_UTILS_H__ */
+#endif /* __PS_UTILS_H__ */
diff --git a/secure_fw/partitions/protected_storage/psa_manifest/tfm_protected_storage.h b/secure_fw/partitions/protected_storage/psa_manifest/tfm_protected_storage.h
new file mode 100644
index 0000000..4dd4dea
--- /dev/null
+++ b/secure_fw/partitions/protected_storage/psa_manifest/tfm_protected_storage.h
@@ -0,0 +1,27 @@
+/*
+ * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+/*********** WARNING: This is an auto-generated file. Do not edit! ***********/
+
+#ifndef __PSA_MANIFEST_TFM_PROTECTED_STORAGE_H__
+#define __PSA_MANIFEST_TFM_PROTECTED_STORAGE_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define TFM_PS_SET_SIGNAL (1U << (0 + 4))
+#define TFM_PS_GET_SIGNAL (1U << (1 + 4))
+#define TFM_PS_GET_INFO_SIGNAL (1U << (2 + 4))
+#define TFM_PS_REMOVE_SIGNAL (1U << (3 + 4))
+#define TFM_PS_GET_SUPPORT_SIGNAL (1U << (4 + 4))
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __PSA_MANIFEST_TFM_PROTECTED_STORAGE_H__ */
diff --git a/secure_fw/partitions/protected_storage/tfm_protected_storage.c b/secure_fw/partitions/protected_storage/tfm_protected_storage.c
new file mode 100644
index 0000000..0574302
--- /dev/null
+++ b/secure_fw/partitions/protected_storage/tfm_protected_storage.c
@@ -0,0 +1,128 @@
+/*
+ * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "tfm_protected_storage.h"
+#include "ps_object_system.h"
+#include "tfm_ps_defs.h"
+
+psa_status_t tfm_ps_init(void)
+{
+ psa_status_t err;
+
+ err = ps_system_prepare();
+#ifdef PS_CREATE_FLASH_LAYOUT
+ /* If PS_CREATE_FLASH_LAYOUT is set, it indicates that it is required to
+ * create a PS flash layout. PS service will generate an empty and valid
+ * PS flash layout to store assets. It will erase all data located in the
+ * assigned PS memory area before generating the PS layout.
+ * This flag is required to be set if the PS memory area is located in
+ * non-persistent memory.
+ * This flag can be set if the PS memory area is located in persistent
+ * memory without a previous valid PS flash layout in it. That is the case
+ * when it is the first time in the device life that the PS service is
+ * executed.
+ */
+ if (err != PSA_SUCCESS) {
+ /* Remove all data in the PS memory area and create a valid PS flash
+ * layout in that area.
+ */
+ err = ps_system_wipe_all();
+ if (err != PSA_SUCCESS) {
+ return err;
+ }
+
+ /* Attempt to initialise again */
+ err = ps_system_prepare();
+ }
+#endif /* PS_CREATE_FLASH_LAYOUT */
+
+ return err;
+}
+
+psa_status_t tfm_ps_set(int32_t client_id,
+ psa_storage_uid_t uid,
+ uint32_t data_length,
+ psa_storage_create_flags_t create_flags)
+{
+ /* Check that the UID is valid */
+ if (uid == TFM_PS_INVALID_UID) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+
+ /* Check that the create_flags does not contain any unsupported flags */
+ if (create_flags & ~(PSA_STORAGE_FLAG_WRITE_ONCE |
+ PSA_STORAGE_FLAG_NO_CONFIDENTIALITY |
+ PSA_STORAGE_FLAG_NO_REPLAY_PROTECTION)) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+
+ /* Create the object in the object system */
+ return ps_object_create(uid, client_id, create_flags, data_length);
+}
+
+psa_status_t tfm_ps_get(int32_t client_id,
+ psa_storage_uid_t uid,
+ uint32_t data_offset,
+ uint32_t data_size,
+ size_t *p_data_length)
+{
+ /* Check that the UID is valid */
+ if (uid == TFM_PS_INVALID_UID) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+
+ /* Read the object data from the object system */
+ return ps_object_read(uid, client_id, data_offset, data_size,
+ p_data_length);
+}
+
+psa_status_t tfm_ps_get_info(int32_t client_id, psa_storage_uid_t uid,
+ struct psa_storage_info_t *p_info)
+{
+ /* Check that the UID is valid */
+ if (uid == TFM_PS_INVALID_UID) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+
+ /* Get the info struct data from the object system */
+ return ps_object_get_info(uid, client_id, p_info);
+}
+
+psa_status_t tfm_ps_remove(int32_t client_id, psa_storage_uid_t uid)
+{
+ psa_status_t err;
+
+ /* Check that the UID is valid */
+ if (uid == TFM_PS_INVALID_UID) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+
+ /* Delete the object from the object system */
+ err = ps_object_delete(uid, client_id);
+
+ /* PSA_ERROR_INVALID_SIGNATURE is not supported by psa_ps_remove
+ * specification. So, this function returns TFM_PS_ERR_OPERATION_FAILED
+ * instead.
+ */
+ if (err == PSA_ERROR_INVALID_SIGNATURE) {
+ return PSA_ERROR_GENERIC_ERROR;
+ }
+
+ return err;
+}
+
+uint32_t tfm_ps_get_support(void)
+{
+ /*
+ * This function returns a bitmask with flags set for all of the optional
+ * features supported by the PS service implementation.
+ *
+ * PS service does not support the optional extended PSA PS API yet.
+ */
+
+ return 0;
+}
diff --git a/secure_fw/partitions/secure_storage/tfm_protected_storage.h b/secure_fw/partitions/protected_storage/tfm_protected_storage.h
similarity index 91%
rename from secure_fw/partitions/secure_storage/tfm_protected_storage.h
rename to secure_fw/partitions/protected_storage/tfm_protected_storage.h
index 4cd44a5..28dd5f6 100644
--- a/secure_fw/partitions/secure_storage/tfm_protected_storage.h
+++ b/secure_fw/partitions/protected_storage/tfm_protected_storage.h
@@ -17,7 +17,7 @@
#endif
/**
- * \brief Initializes the secure storage system.
+ * \brief Initializes the protected storage system.
*
* \return A status indicating the success/failure of the operation as specified
* in \ref psa_status_t
@@ -29,7 +29,7 @@
* \retval PSA_ERROR_GENERIC_ERROR The operation failed because of an
* unspecified internal failure
*/
-psa_status_t tfm_sst_init(void);
+psa_status_t tfm_ps_init(void);
/**
* \brief Creates a new or modifies an existing asset.
@@ -63,10 +63,10 @@
* \retval PSA_ERROR_GENERIC_ERROR The operation failed because of an
* unspecified internal failure.
*/
-psa_status_t tfm_sst_set(int32_t client_id,
- psa_storage_uid_t uid,
- uint32_t data_length,
- psa_storage_create_flags_t create_flags);
+psa_status_t tfm_ps_set(int32_t client_id,
+ psa_storage_uid_t uid,
+ uint32_t data_length,
+ psa_storage_create_flags_t create_flags);
/**
* \brief Gets the asset data for the provided uid.
*
@@ -98,11 +98,11 @@
* associated with the UID failed
* authentication
*/
-psa_status_t tfm_sst_get(int32_t client_id,
- psa_storage_uid_t uid,
- uint32_t data_offset,
- uint32_t data_size,
- size_t *p_data_length);
+psa_status_t tfm_ps_get(int32_t client_id,
+ psa_storage_uid_t uid,
+ uint32_t data_offset,
+ uint32_t data_size,
+ size_t *p_data_length);
/**
* \brief Gets the metadata for the provided uid.
*
@@ -132,8 +132,8 @@
* associated with the UID failed
* authentication
*/
-psa_status_t tfm_sst_get_info(int32_t client_id, psa_storage_uid_t uid,
- struct psa_storage_info_t *p_info);
+psa_status_t tfm_ps_get_info(int32_t client_id, psa_storage_uid_t uid,
+ struct psa_storage_info_t *p_info);
/**
* \brief Removes the provided uid and its associated data from storage.
@@ -160,7 +160,7 @@
* \retval PSA_ERROR_GENERIC_ERROR The operation failed because of an
* unspecified internal failure
*/
-psa_status_t tfm_sst_remove(int32_t client_id, psa_storage_uid_t uid);
+psa_status_t tfm_ps_remove(int32_t client_id, psa_storage_uid_t uid);
/**
* \brief Gets a bitmask with flags set for all of the optional features
@@ -169,7 +169,7 @@
* \return Bitmask value which contains all the bits set for all the optional
* features supported by the implementation
*/
-uint32_t tfm_sst_get_support(void);
+uint32_t tfm_ps_get_support(void);
#ifdef __cplusplus
}
diff --git a/secure_fw/partitions/secure_storage/tfm_secure_storage.yaml b/secure_fw/partitions/protected_storage/tfm_protected_storage.yaml
similarity index 74%
rename from secure_fw/partitions/secure_storage/tfm_secure_storage.yaml
rename to secure_fw/partitions/protected_storage/tfm_protected_storage.yaml
index 8852134..5c4e084 100644
--- a/secure_fw/partitions/secure_storage/tfm_secure_storage.yaml
+++ b/secure_fw/partitions/protected_storage/tfm_protected_storage.yaml
@@ -7,78 +7,78 @@
{
"psa_framework_version": 1.0,
- "name": "TFM_SP_STORAGE",
+ "name": "TFM_SP_PS",
"type": "APPLICATION-ROT",
"priority": "NORMAL",
- "entry_point": "tfm_sst_req_mngr_init",
+ "entry_point": "tfm_ps_req_mngr_init",
"stack_size": "0x800",
"secure_functions": [
{
- "name": "TFM_SST_SET",
- "signal": "TFM_SST_SET_REQ",
+ "name": "TFM_PS_SET",
+ "signal": "TFM_PS_SET_REQ",
"non_secure_clients": true,
"version": 1,
"version_policy": "STRICT"
},
{
- "name": "TFM_SST_GET",
- "signal": "TFM_SST_GET_REQ",
+ "name": "TFM_PS_GET",
+ "signal": "TFM_PS_GET_REQ",
"non_secure_clients": true,
"version": 1,
"version_policy": "STRICT"
},
{
- "name": "TFM_SST_GET_INFO",
- "signal": "TFM_SST_GET_INFO_REQ",
+ "name": "TFM_PS_GET_INFO",
+ "signal": "TFM_PS_GET_INFO_REQ",
"non_secure_clients": true,
"version": 1,
"version_policy": "STRICT"
},
{
- "name": "TFM_SST_REMOVE",
- "signal": "TFM_SST_REMOVE_REQ",
+ "name": "TFM_PS_REMOVE",
+ "signal": "TFM_PS_REMOVE_REQ",
"non_secure_clients": true,
"version": 1,
"version_policy": "STRICT"
},
{
- "name": "TFM_SST_GET_SUPPORT",
- "signal": "TFM_SST_GET_SUPPORT_REQ",
+ "name": "TFM_PS_GET_SUPPORT",
+ "signal": "TFM_PS_GET_SUPPORT_REQ",
"non_secure_clients": true,
"version": 1,
"version_policy": "STRICT"
}
],
"services" : [{
- "name": "TFM_SST_SET",
+ "name": "TFM_PS_SET",
"sid": "0x00000060",
"non_secure_clients": true,
"version": 1,
"version_policy": "STRICT"
},
{
- "name": "TFM_SST_GET",
+ "name": "TFM_PS_GET",
"sid": "0x00000061",
"non_secure_clients": true,
"version": 1,
"version_policy": "STRICT"
},
{
- "name": "TFM_SST_GET_INFO",
+ "name": "TFM_PS_GET_INFO",
"sid": "0x00000062",
"non_secure_clients": true,
"version": 1,
"version_policy": "STRICT"
},
{
- "name": "TFM_SST_REMOVE",
+ "name": "TFM_PS_REMOVE",
"sid": "0x00000063",
"non_secure_clients": true,
"version": 1,
"version_policy": "STRICT"
},
{
- "name": "TFM_SST_GET_SUPPORT",
+ "name": "TFM_PS_GET_SUPPORT",
"sid": "0x00000064",
"non_secure_clients": true,
"version": 1,
diff --git a/secure_fw/partitions/secure_storage/tfm_sst_req_mngr.c b/secure_fw/partitions/protected_storage/tfm_ps_req_mngr.c
similarity index 73%
rename from secure_fw/partitions/secure_storage/tfm_sst_req_mngr.c
rename to secure_fw/partitions/protected_storage/tfm_ps_req_mngr.c
index 94a0e78..5891161 100644
--- a/secure_fw/partitions/secure_storage/tfm_sst_req_mngr.c
+++ b/secure_fw/partitions/protected_storage/tfm_ps_req_mngr.c
@@ -5,7 +5,7 @@
*
*/
-#include "tfm_sst_req_mngr.h"
+#include "tfm_ps_req_mngr.h"
#include <stdbool.h>
#include <stdint.h>
@@ -16,7 +16,7 @@
#include "tfm_protected_storage.h"
#ifdef TFM_PSA_API
#include "psa/service.h"
-#include "psa_manifest/tfm_secure_storage.h"
+#include "psa_manifest/tfm_protected_storage.h"
#include "flash_layout.h"
#endif
@@ -26,34 +26,34 @@
static void *p_data;
/*
- * \brief Indicates whether SST has been initialised.
+ * \brief Indicates whether PS has been initialised.
*/
-static bool sst_is_init = false;
+static bool ps_is_init = false;
/*
- * \brief Initialises SST, if not already initialised.
+ * \brief Initialises PS, if not already initialised.
*
* \note In library mode, initialisation is delayed until the first secure
* function call, as calls to the Crypto service are required for
* initialisation.
*
- * \return PSA_SUCCESS if SST is initialised, PSA_ERROR_GENERIC_ERROR
+ * \return PSA_SUCCESS if PS is initialised, PSA_ERROR_GENERIC_ERROR
* otherwise.
*/
-static psa_status_t sst_check_init(void)
+static psa_status_t ps_check_init(void)
{
- if (!sst_is_init) {
- if (tfm_sst_init() != PSA_SUCCESS) {
+ if (!ps_is_init) {
+ if (tfm_ps_init() != PSA_SUCCESS) {
return PSA_ERROR_GENERIC_ERROR;
}
- sst_is_init = true;
+ ps_is_init = true;
}
return PSA_SUCCESS;
}
-psa_status_t tfm_sst_set_req(psa_invec *in_vec, size_t in_len,
- psa_outvec *out_vec, size_t out_len)
+psa_status_t tfm_ps_set_req(psa_invec *in_vec, size_t in_len,
+ psa_outvec *out_vec, size_t out_len)
{
psa_storage_uid_t uid;
uint32_t data_length;
@@ -61,7 +61,7 @@
int32_t status;
psa_storage_create_flags_t create_flags;
- if (sst_check_init() != PSA_SUCCESS) {
+ if (ps_check_init() != PSA_SUCCESS) {
return PSA_ERROR_GENERIC_ERROR;
}
@@ -93,11 +93,11 @@
return PSA_ERROR_PROGRAMMER_ERROR;
}
- return tfm_sst_set(client_id, uid, data_length, create_flags);
+ return tfm_ps_set(client_id, uid, data_length, create_flags);
}
-psa_status_t tfm_sst_get_req(psa_invec *in_vec, size_t in_len,
- psa_outvec *out_vec, size_t out_len)
+psa_status_t tfm_ps_get_req(psa_invec *in_vec, size_t in_len,
+ psa_outvec *out_vec, size_t out_len)
{
uint32_t data_offset;
uint32_t data_size;
@@ -106,7 +106,7 @@
int32_t status;
size_t *p_data_length;
- if (sst_check_init() != PSA_SUCCESS) {
+ if (ps_check_init() != PSA_SUCCESS) {
return PSA_ERROR_GENERIC_ERROR;
}
@@ -139,19 +139,19 @@
return PSA_ERROR_PROGRAMMER_ERROR;
}
- return tfm_sst_get(client_id, uid, data_offset, data_size, p_data_length);
+ return tfm_ps_get(client_id, uid, data_offset, data_size, p_data_length);
}
-psa_status_t tfm_sst_get_info_req(psa_invec *in_vec, size_t in_len,
- psa_outvec *out_vec, size_t out_len)
+psa_status_t tfm_ps_get_info_req(psa_invec *in_vec, size_t in_len,
+ psa_outvec *out_vec, size_t out_len)
{
int32_t client_id;
psa_storage_uid_t uid;
struct psa_storage_info_t *p_info;
int32_t tfm_status;
- if (sst_check_init() != PSA_SUCCESS) {
+ if (ps_check_init() != PSA_SUCCESS) {
return PSA_ERROR_GENERIC_ERROR;
}
@@ -180,17 +180,17 @@
return PSA_ERROR_PROGRAMMER_ERROR;
}
- return tfm_sst_get_info(client_id, uid, p_info);
+ return tfm_ps_get_info(client_id, uid, p_info);
}
-psa_status_t tfm_sst_remove_req(psa_invec *in_vec, size_t in_len,
- psa_outvec *out_vec, size_t out_len)
+psa_status_t tfm_ps_remove_req(psa_invec *in_vec, size_t in_len,
+ psa_outvec *out_vec, size_t out_len)
{
int32_t client_id;
psa_storage_uid_t uid;
int32_t tfm_status;
- if (sst_check_init() != PSA_SUCCESS) {
+ if (ps_check_init() != PSA_SUCCESS) {
return PSA_ERROR_GENERIC_ERROR;
}
@@ -209,17 +209,17 @@
return PSA_ERROR_PROGRAMMER_ERROR;
}
- return tfm_sst_remove(client_id, uid);;
+ return tfm_ps_remove(client_id, uid);
}
-psa_status_t tfm_sst_get_support_req(psa_invec *in_vec, size_t in_len,
- psa_outvec *out_vec, size_t out_len)
+psa_status_t tfm_ps_get_support_req(psa_invec *in_vec, size_t in_len,
+ psa_outvec *out_vec, size_t out_len)
{
uint32_t *support_flags;
(void)in_vec;
- if (sst_check_init() != PSA_SUCCESS) {
+ if (ps_check_init() != PSA_SUCCESS) {
return PSA_ERROR_GENERIC_ERROR;
}
@@ -235,16 +235,16 @@
support_flags = (uint32_t *)out_vec[0].base;
- *support_flags = tfm_sst_get_support();
+ *support_flags = tfm_ps_get_support();
return PSA_SUCCESS;
}
#else /* !defined(TFM_PSA_API) */
-typedef psa_status_t (*sst_func_t)(void);
+typedef psa_status_t (*ps_func_t)(void);
static psa_msg_t msg;
-static psa_status_t tfm_sst_set_ipc(void)
+static psa_status_t tfm_ps_set_ipc(void)
{
psa_storage_uid_t uid;
int32_t client_id;
@@ -269,10 +269,10 @@
return PSA_ERROR_PROGRAMMER_ERROR;
}
- return tfm_sst_set(client_id, uid, msg.in_size[1], create_flags);
+ return tfm_ps_set(client_id, uid, msg.in_size[1], create_flags);
}
-static psa_status_t tfm_sst_get_ipc(void)
+static psa_status_t tfm_ps_get_ipc(void)
{
psa_storage_uid_t uid;
uint32_t data_offset;
@@ -295,11 +295,11 @@
return PSA_ERROR_PROGRAMMER_ERROR;
}
- return tfm_sst_get(msg.client_id, uid, data_offset, msg.out_size[0],
- &p_data_length);
+ return tfm_ps_get(msg.client_id, uid, data_offset, msg.out_size[0],
+ &p_data_length);
}
-static psa_status_t tfm_sst_get_info_ipc(void)
+static psa_status_t tfm_ps_get_info_ipc(void)
{
psa_storage_uid_t uid;
@@ -318,7 +318,7 @@
return PSA_ERROR_PROGRAMMER_ERROR;
}
- status = tfm_sst_get_info(msg.client_id, uid, &info);
+ status = tfm_ps_get_info(msg.client_id, uid, &info);
if (status == PSA_SUCCESS) {
psa_write(msg.handle, 0, &info, msg.out_size[0]);
@@ -326,7 +326,7 @@
return status;
}
-static psa_status_t tfm_sst_remove_ipc(void)
+static psa_status_t tfm_ps_remove_ipc(void)
{
psa_storage_uid_t uid;
size_t num = 0;
@@ -341,10 +341,10 @@
return PSA_ERROR_PROGRAMMER_ERROR;
}
- return tfm_sst_remove(msg.client_id, uid);
+ return tfm_ps_remove(msg.client_id, uid);
}
-static psa_status_t tfm_sst_get_support_ipc(void)
+static psa_status_t tfm_ps_get_support_ipc(void)
{
size_t out_size;
uint32_t support_flags;
@@ -355,7 +355,7 @@
return PSA_ERROR_PROGRAMMER_ERROR;
}
- support_flags = tfm_sst_get_support();
+ support_flags = tfm_ps_get_support();
psa_write(msg.handle, 0, &support_flags, out_size);
return PSA_SUCCESS;
}
@@ -370,7 +370,7 @@
;
}
-static void ps_signal_handle(psa_signal_t signal, sst_func_t pfn)
+static void ps_signal_handle(psa_signal_t signal, ps_func_t pfn)
{
psa_status_t status;
@@ -392,28 +392,28 @@
}
#endif /* !defined(TFM_PSA_API) */
-psa_status_t tfm_sst_req_mngr_init(void)
+psa_status_t tfm_ps_req_mngr_init(void)
{
#ifdef TFM_PSA_API
psa_signal_t signals = 0;
- if (tfm_sst_init() != PSA_SUCCESS) {
+ if (tfm_ps_init() != PSA_SUCCESS) {
tfm_abort();
}
while (1) {
signals = psa_wait(PSA_WAIT_ANY, PSA_BLOCK);
- if (signals & TFM_SST_SET_SIGNAL) {
- ps_signal_handle(TFM_SST_SET_SIGNAL, tfm_sst_set_ipc);
- } else if (signals & TFM_SST_GET_SIGNAL) {
- ps_signal_handle(TFM_SST_GET_SIGNAL, tfm_sst_get_ipc);
- } else if (signals & TFM_SST_GET_INFO_SIGNAL) {
- ps_signal_handle(TFM_SST_GET_INFO_SIGNAL, tfm_sst_get_info_ipc);
- } else if (signals & TFM_SST_REMOVE_SIGNAL) {
- ps_signal_handle(TFM_SST_REMOVE_SIGNAL, tfm_sst_remove_ipc);
- } else if (signals & TFM_SST_GET_SUPPORT_SIGNAL) {
- ps_signal_handle(TFM_SST_GET_SUPPORT_SIGNAL,
- tfm_sst_get_support_ipc);
+ if (signals & TFM_PS_SET_SIGNAL) {
+ ps_signal_handle(TFM_PS_SET_SIGNAL, tfm_ps_set_ipc);
+ } else if (signals & TFM_PS_GET_SIGNAL) {
+ ps_signal_handle(TFM_PS_GET_SIGNAL, tfm_ps_get_ipc);
+ } else if (signals & TFM_PS_GET_INFO_SIGNAL) {
+ ps_signal_handle(TFM_PS_GET_INFO_SIGNAL, tfm_ps_get_info_ipc);
+ } else if (signals & TFM_PS_REMOVE_SIGNAL) {
+ ps_signal_handle(TFM_PS_REMOVE_SIGNAL, tfm_ps_remove_ipc);
+ } else if (signals & TFM_PS_GET_SUPPORT_SIGNAL) {
+ ps_signal_handle(TFM_PS_GET_SUPPORT_SIGNAL,
+ tfm_ps_get_support_ipc);
} else {
tfm_abort();
}
@@ -427,10 +427,11 @@
#endif
}
-psa_status_t sst_req_mngr_read_asset_data(uint8_t *out_data, uint32_t size)
+psa_status_t ps_req_mngr_read_asset_data(uint8_t *out_data, uint32_t size)
{
#ifdef TFM_PSA_API
size_t num = 0;
+
num = psa_read(msg.handle, 1, out_data, size);
if (num != size) {
return PSA_ERROR_PROGRAMMER_ERROR;
@@ -441,7 +442,7 @@
return PSA_SUCCESS;
}
-void sst_req_mngr_write_asset_data(const uint8_t *in_data,
+void ps_req_mngr_write_asset_data(const uint8_t *in_data,
uint32_t size)
{
#ifdef TFM_PSA_API
diff --git a/secure_fw/partitions/secure_storage/tfm_sst_req_mngr.h b/secure_fw/partitions/protected_storage/tfm_ps_req_mngr.h
similarity index 78%
rename from secure_fw/partitions/secure_storage/tfm_sst_req_mngr.h
rename to secure_fw/partitions/protected_storage/tfm_ps_req_mngr.h
index e1ce2e0..1dc3a4f 100644
--- a/secure_fw/partitions/secure_storage/tfm_sst_req_mngr.h
+++ b/secure_fw/partitions/protected_storage/tfm_ps_req_mngr.h
@@ -5,8 +5,8 @@
*
*/
-#ifndef __TFM_SST_REQ_MNGR_H__
-#define __TFM_SST_REQ_MNGR_H__
+#ifndef __TFM_PS_REQ_MNGR_H__
+#define __TFM_PS_REQ_MNGR_H__
#include <stddef.h>
@@ -30,8 +30,8 @@
* \return A status indicating the success/failure of the operation as specified
* in \ref psa_status_t
*/
-psa_status_t tfm_sst_set_req(psa_invec *in_vec, size_t in_len,
- psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_ps_set_req(psa_invec *in_vec, size_t in_len,
+ psa_outvec *out_vec, size_t out_len);
/**
* \brief Handles the get request.
@@ -46,8 +46,8 @@
* \return A status indicating the success/failure of the operation as specified
* in \ref psa_status_t
*/
-psa_status_t tfm_sst_get_req(psa_invec *in_vec, size_t in_len,
- psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_ps_get_req(psa_invec *in_vec, size_t in_len,
+ psa_outvec *out_vec, size_t out_len);
/**
* \brief Handles the get info request.
@@ -62,8 +62,8 @@
* \return A status indicating the success/failure of the operation as specified
* in \ref psa_status_t
*/
-psa_status_t tfm_sst_get_info_req(psa_invec *in_vec, size_t in_len,
- psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_ps_get_info_req(psa_invec *in_vec, size_t in_len,
+ psa_outvec *out_vec, size_t out_len);
/**
* \brief Handles the remove request.
@@ -78,8 +78,8 @@
* \return A status indicating the success/failure of the operation as specified
* in \ref psa_status_t
*/
-psa_status_t tfm_sst_remove_req(psa_invec *in_vec, size_t in_len,
- psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_ps_remove_req(psa_invec *in_vec, size_t in_len,
+ psa_outvec *out_vec, size_t out_len);
/**
* \brief Handles the get support request.
@@ -95,8 +95,8 @@
* in \ref psa_status_t
*
*/
-psa_status_t tfm_sst_get_support_req(psa_invec *in_vec, size_t in_len,
- psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_ps_get_support_req(psa_invec *in_vec, size_t in_len,
+ psa_outvec *out_vec, size_t out_len);
/**
* \brief Takes an input buffer containing asset data and writes
@@ -107,8 +107,8 @@
*
*
*/
-void sst_req_mngr_write_asset_data(const uint8_t *in_data,
- uint32_t size);
+void ps_req_mngr_write_asset_data(const uint8_t *in_data,
+ uint32_t size);
/**
* \brief Writes the asset data of a client iovec onto an output buffer
@@ -120,10 +120,10 @@
* in \ref psa_status_t
*
*/
-psa_status_t sst_req_mngr_read_asset_data(uint8_t *out_data, uint32_t size);
+psa_status_t ps_req_mngr_read_asset_data(uint8_t *out_data, uint32_t size);
#ifdef __cplusplus
}
#endif
-#endif /* __TFM_SST_REQ_MNGR_H__ */
+#endif /* __TFM_PS_REQ_MNGR_H__ */
diff --git a/secure_fw/partitions/secure_storage/tfm_sst_secure_api.c b/secure_fw/partitions/protected_storage/tfm_ps_secure_api.c
similarity index 85%
rename from secure_fw/partitions/secure_storage/tfm_sst_secure_api.c
rename to secure_fw/partitions/protected_storage/tfm_ps_secure_api.c
index d403b08..6a08e50 100644
--- a/secure_fw/partitions/secure_storage/tfm_sst_secure_api.c
+++ b/secure_fw/partitions/protected_storage/tfm_ps_secure_api.c
@@ -31,7 +31,7 @@
};
#ifdef TFM_PSA_API
- handle = psa_connect(TFM_SST_SET_SID, TFM_SST_SET_VERSION);
+ handle = psa_connect(TFM_PS_SET_SID, TFM_PS_SET_VERSION);
if (!PSA_HANDLE_IS_VALID(handle)) {
return PSA_ERROR_GENERIC_ERROR;
}
@@ -42,8 +42,8 @@
psa_close(handle);
#else
- status = tfm_tfm_sst_set_req_veneer(in_vec, IOVEC_LEN(in_vec),
- NULL, 0);
+ status = tfm_tfm_ps_set_req_veneer(in_vec, IOVEC_LEN(in_vec),
+ NULL, 0);
#endif
/* A parameter with a buffer pointer pointer that has data length longer
@@ -82,7 +82,7 @@
return PSA_ERROR_INVALID_ARGUMENT;
}
#ifdef TFM_PSA_API
- handle = psa_connect(TFM_SST_GET_SID, TFM_SST_GET_VERSION);
+ handle = psa_connect(TFM_PS_GET_SID, TFM_PS_GET_VERSION);
if (!PSA_HANDLE_IS_VALID(handle)) {
return PSA_ERROR_GENERIC_ERROR;
}
@@ -93,7 +93,7 @@
psa_close(handle);
#else
- status = tfm_tfm_sst_get_req_veneer(in_vec, IOVEC_LEN(in_vec),
+ status = tfm_tfm_ps_get_req_veneer(in_vec, IOVEC_LEN(in_vec),
out_vec, IOVEC_LEN(out_vec));
#endif
@@ -129,7 +129,7 @@
};
#ifdef TFM_PSA_API
- handle = psa_connect(TFM_SST_GET_INFO_SID, TFM_SST_GET_INFO_VERSION);
+ handle = psa_connect(TFM_PS_GET_INFO_SID, TFM_PS_GET_INFO_VERSION);
if (!PSA_HANDLE_IS_VALID(handle)) {
return PSA_ERROR_GENERIC_ERROR;
}
@@ -140,8 +140,8 @@
psa_close(handle);
#else
- status = tfm_tfm_sst_get_info_req_veneer(in_vec, IOVEC_LEN(in_vec),
- out_vec, IOVEC_LEN(out_vec));
+ status = tfm_tfm_ps_get_info_req_veneer(in_vec, IOVEC_LEN(in_vec),
+ out_vec, IOVEC_LEN(out_vec));
#endif
if (status == (psa_status_t)TFM_ERROR_INVALID_PARAMETER) {
@@ -163,7 +163,7 @@
};
#ifdef TFM_PSA_API
- handle = psa_connect(TFM_SST_REMOVE_SID, TFM_SST_REMOVE_VERSION);
+ handle = psa_connect(TFM_PS_REMOVE_SID, TFM_PS_REMOVE_VERSION);
if (!PSA_HANDLE_IS_VALID(handle)) {
return PSA_ERROR_GENERIC_ERROR;
}
@@ -174,7 +174,7 @@
psa_close(handle);
#else
- status = tfm_tfm_sst_remove_req_veneer(in_vec, IOVEC_LEN(in_vec),
+ status = tfm_tfm_ps_remove_req_veneer(in_vec, IOVEC_LEN(in_vec),
NULL, 0);
#endif
@@ -227,7 +227,7 @@
* ignored.
*/
#ifdef TFM_PSA_API
- handle = psa_connect(TFM_SST_GET_SUPPORT_SID, TFM_SST_GET_SUPPORT_VERSION);
+ handle = psa_connect(TFM_PS_GET_SUPPORT_SID, TFM_PS_GET_SUPPORT_VERSION);
if (!PSA_HANDLE_IS_VALID(handle)) {
return support_flags;
}
@@ -236,8 +236,8 @@
psa_close(handle);
#else
- (void)tfm_tfm_sst_get_support_req_veneer(NULL, 0,
- out_vec, IOVEC_LEN(out_vec));
+ (void)tfm_tfm_ps_get_support_req_veneer(NULL, 0,
+ out_vec, IOVEC_LEN(out_vec));
#endif
return support_flags;
diff --git a/secure_fw/partitions/secure_storage/CMakeLists.inc b/secure_fw/partitions/secure_storage/CMakeLists.inc
deleted file mode 100644
index e17c787..0000000
--- a/secure_fw/partitions/secure_storage/CMakeLists.inc
+++ /dev/null
@@ -1,135 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright (c) 2017-2020, Arm Limited. All rights reserved.
-#
-# SPDX-License-Identifier: BSD-3-Clause
-#
-#-------------------------------------------------------------------------------
-
-#Definitions to compile the "secure_storage" module.
-#This file assumes it will be included from a project specific cmakefile, and
-#will not create a library or executable.
-#Inputs:
-# TFM_ROOT_DIR - root directory of the TF-M repository.
-#Outputs:
-# Will modify include directories to make the source compile.
-# ALL_SRC_C: C source files to be compiled will be added to this list. This shall be added to your add_executable or add_library command.
-# ALL_SRC_CXX: C++ source files to be compiled will be added to this list. This shall be added to your add_executable or add_library command.
-# ALL_SRC_ASM: assembly source files to be compiled will be added to this list. This shall be added to your add_executable or add_library command.
-# Include directories will be modified by using the include_directories() commands as needed.
-
-#Get the current directory where this file is located.
-set(SECURE_STORAGE_DIR ${CMAKE_CURRENT_LIST_DIR})
-
-#Check input variables
-if (NOT DEFINED TFM_ROOT_DIR)
- message(FATAL_ERROR "Please set TFM_ROOT_DIR before including this file.")
-endif()
-
-if (NOT DEFINED SST_ENCRYPTION)
- message(FATAL_ERROR "Incomplete build configuration: SST_ENCRYPTION is undefined. ")
-endif()
-
-if (NOT DEFINED SST_ROLLBACK_PROTECTION)
- message(FATAL_ERROR "Incomplete build configuration: SST_ROLLBACK_PROTECTION is undefined.")
-endif()
-
-if (NOT DEFINED SST_CREATE_FLASH_LAYOUT)
- message(FATAL_ERROR "Incomplete build configuration: SST_CREATE_FLASH_LAYOUT is undefined. ")
-endif()
-
-if (NOT DEFINED SST_VALIDATE_METADATA_FROM_FLASH)
- message(FATAL_ERROR "Incomplete build configuration: SST_VALIDATE_METADATA_FROM_FLASH is undefined. ")
-endif()
-
-if (NOT DEFINED SST_RAM_FS)
- message(FATAL_ERROR "Incomplete build configuration: SST_RAM_FS is undefined. ")
-endif()
-
-if (NOT DEFINED SST_TEST_NV_COUNTERS)
- message(FATAL_ERROR "Incomplete build configuration: SST_TEST_NV_COUNTERS is undefined.")
-endif()
-
-set (SECURE_STORAGE_C_SRC
- "${SECURE_STORAGE_DIR}/tfm_sst_secure_api.c"
- "${SECURE_STORAGE_DIR}/tfm_sst_req_mngr.c"
- "${SECURE_STORAGE_DIR}/tfm_protected_storage.c"
- "${SECURE_STORAGE_DIR}/sst_object_system.c"
- "${SECURE_STORAGE_DIR}/sst_object_table.c"
- "${SECURE_STORAGE_DIR}/sst_utils.c"
-)
-
-if (SST_ENCRYPTION)
- list(APPEND SECURE_STORAGE_C_SRC
- "${SECURE_STORAGE_DIR}/crypto/sst_crypto_interface.c"
- "${SECURE_STORAGE_DIR}/sst_encrypted_object.c"
- )
- set_property(SOURCE ${SECURE_STORAGE_C_SRC} APPEND PROPERTY COMPILE_DEFINITIONS SST_ENCRYPTION)
-
- if (SST_ROLLBACK_PROTECTION)
- # Only build the NV counters implementation if the SST_TEST_NV_COUNTERS
- # flag is off. When this flag is on, a virtual implementation of the SST
- # NV counters interface is used instead. Full documentation for this
- # flag can be found in the SST Integration Guide.
- if (NOT SST_TEST_NV_COUNTERS)
- list(APPEND SECURE_STORAGE_C_SRC
- "${SECURE_STORAGE_DIR}/nv_counters/sst_nv_counters.c")
- endif()
- set_property(SOURCE ${SECURE_STORAGE_C_SRC} APPEND PROPERTY COMPILE_DEFINITIONS SST_ROLLBACK_PROTECTION)
- endif()
-endif()
-
-if (SST_VALIDATE_METADATA_FROM_FLASH)
- set_property(SOURCE ${SECURE_STORAGE_C_SRC} APPEND PROPERTY COMPILE_DEFINITIONS SST_VALIDATE_METADATA_FROM_FLASH)
-endif()
-
-if (SST_CREATE_FLASH_LAYOUT)
- set_property(SOURCE ${SECURE_STORAGE_C_SRC} APPEND PROPERTY COMPILE_DEFINITIONS SST_CREATE_FLASH_LAYOUT)
-endif()
-
-if (SST_RAM_FS)
- set_property(SOURCE ${SECURE_STORAGE_C_SRC} APPEND PROPERTY COMPILE_DEFINITIONS SST_RAM_FS)
-endif()
-
-#Append all our source files to global lists.
-list(APPEND ALL_SRC_C ${SECURE_STORAGE_C_SRC})
-unset(SECURE_STORAGE_C_SRC)
-
-#Inform the user about SST service features selected based on the SST service cmake flags
-message("The SST service compile configuration is as follows:")
-message("- SST_ENCRYPTION: " ${SST_ENCRYPTION})
-if (SST_ENCRYPTION)
- message("- SST_ROLLBACK_PROTECTION: " ${SST_ROLLBACK_PROTECTION})
-else()
- message("- SST_ROLLBACK_PROTECTION: N/A")
-endif()
-message("- SST_VALIDATE_METADATA_FROM_FLASH: " ${SST_VALIDATE_METADATA_FROM_FLASH})
-message("- SST_CREATE_FLASH_LAYOUT: " ${SST_CREATE_FLASH_LAYOUT})
-message("- SST_RAM_FS: " ${SST_RAM_FS})
-message("- SST_TEST_NV_COUNTERS: " ${SST_TEST_NV_COUNTERS})
-
-#Setting include directories
-embedded_include_directories(PATH ${TFM_ROOT_DIR} ABSOLUTE)
-embedded_include_directories(PATH ${SECURE_STORAGE_DIR} ABSOLUTE)
-embedded_include_directories(PATH ${TFM_ROOT_DIR}/interface/include ABSOLUTE)
-embedded_include_directories(PATH ${TFM_ROOT_DIR}/secure_fw/spm ABSOLUTE)
-embedded_include_directories(PATH ${TFM_ROOT_DIR}/platform/ext/common ABSOLUTE)
-embedded_include_directories(PATH ${TFM_ROOT_DIR}/platform/ext/driver ABSOLUTE)
-set(BUILD_CMSIS_CORE Off)
-set(BUILD_RETARGET Off)
-set(BUILD_NATIVE_DRIVERS Off)
-set(BUILD_STARTUP Off)
-set(BUILD_TARGET_CFG Off)
-set(BUILD_TARGET_HARDWARE_KEYS Off)
-set(BUILD_TARGET_NV_COUNTERS Off)
-set(BUILD_CMSIS_DRIVERS Off)
-set(BUILD_TIME Off)
-set(BUILD_UART_STDOUT Off)
-set(BUILD_FLASH Off)
-set(BUILD_PLAT_TEST Off)
-if(NOT DEFINED PLATFORM_CMAKE_FILE)
- message (FATAL_ERROR "Platform specific CMake is not defined. Please set PLATFORM_CMAKE_FILE.")
-elseif(NOT EXISTS ${PLATFORM_CMAKE_FILE})
- message (FATAL_ERROR "Platform specific CMake \"${PLATFORM_CMAKE_FILE}\" file does not exist. Please fix value of PLATFORM_CMAKE_FILE.")
-else()
- include(${PLATFORM_CMAKE_FILE})
-endif()
diff --git a/secure_fw/partitions/secure_storage/crypto/sst_crypto_interface.c b/secure_fw/partitions/secure_storage/crypto/sst_crypto_interface.c
deleted file mode 100644
index a63f488..0000000
--- a/secure_fw/partitions/secure_storage/crypto/sst_crypto_interface.c
+++ /dev/null
@@ -1,235 +0,0 @@
-/*
- * Copyright (c) 2017-2020, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-#include "sst_crypto_interface.h"
-
-#include <stdbool.h>
-
-#include "tfm_crypto_defs.h"
-#include "psa/crypto.h"
-#include "tfm_memory_utils.h"
-
-/* The PSA key type used by this implementation */
-#define SST_KEY_TYPE PSA_KEY_TYPE_AES
-/* The PSA key usage required by this implementation */
-#define SST_KEY_USAGE (PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT)
-/* The PSA algorithm used by this implementation */
-#define SST_CRYPTO_ALG \
- PSA_ALG_AEAD_WITH_TAG_LENGTH(PSA_ALG_GCM, SST_TAG_LEN_BYTES)
-
-static const uint8_t sst_key_label[] = "storage_key";
-static psa_key_handle_t sst_key_handle;
-static uint8_t sst_crypto_iv_buf[SST_IV_LEN_BYTES];
-
-psa_status_t sst_crypto_init(void)
-{
- /* Currently, no initialisation is required. This may change if key
- * handling is changed.
- */
- return PSA_SUCCESS;
-}
-
-psa_status_t sst_crypto_setkey(void)
-{
- psa_status_t status;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_derivation_operation_t op = PSA_KEY_DERIVATION_OPERATION_INIT;
-
- /* Set the key attributes for the storage key */
- psa_set_key_usage_flags(&attributes, SST_KEY_USAGE);
- psa_set_key_algorithm(&attributes, SST_CRYPTO_ALG);
- psa_set_key_type(&attributes, SST_KEY_TYPE);
- psa_set_key_bits(&attributes, PSA_BYTES_TO_BITS(SST_KEY_LEN_BYTES));
-
- /* Set up a key derivation operation with HUK derivation as the alg */
- status = psa_key_derivation_setup(&op, TFM_CRYPTO_ALG_HUK_DERIVATION);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
- /* Supply the SST key label as an input to the key derivation */
- status = psa_key_derivation_input_bytes(&op, PSA_KEY_DERIVATION_INPUT_LABEL,
- sst_key_label,
- sizeof(sst_key_label));
- if (status != PSA_SUCCESS) {
- goto err_release_op;
- }
-
- /* Create the storage key from the key derivation operation */
- status = psa_key_derivation_output_key(&attributes, &op, &sst_key_handle);
- if (status != PSA_SUCCESS) {
- goto err_release_op;
- }
-
- /* Free resources associated with the key derivation operation */
- status = psa_key_derivation_abort(&op);
- if (status != PSA_SUCCESS) {
- goto err_release_key;
- }
-
- return PSA_SUCCESS;
-
-err_release_key:
- (void)psa_destroy_key(sst_key_handle);
-
-err_release_op:
- (void)psa_key_derivation_abort(&op);
-
- return PSA_ERROR_GENERIC_ERROR;
-}
-
-psa_status_t sst_crypto_destroykey(void)
-{
- psa_status_t status;
-
- /* Destroy the transient key */
- status = psa_destroy_key(sst_key_handle);
- if (status != PSA_SUCCESS) {
- return PSA_ERROR_GENERIC_ERROR;
- }
-
- return PSA_SUCCESS;
-}
-
-void sst_crypto_set_iv(const union sst_crypto_t *crypto)
-{
- (void)tfm_memcpy(sst_crypto_iv_buf, crypto->ref.iv, SST_IV_LEN_BYTES);
-}
-
-void sst_crypto_get_iv(union sst_crypto_t *crypto)
-{
- /* IV characteristic is algorithm dependent.
- * For GCM it is essential that it doesn't get repeated.
- * A simple increment will suffice.
- * FIXME:
- * Since IV is predictable in this case,
- * If there is no rollback protection, an attacker could
- * try to rollback the storage and encrypt another plaintext
- * block with same IV/Key pair; this breaks GCM usage rules.
- * One potential fix would be to generate IV through RNG
- */
-
- /* Logic:
- * IV is a 12 byte value. Read the old value and increment it by 1.
- * since there is no standard C support for 12 byte integer mathematics,
- * the increment need to performed manually. Increment the lower 8byte
- * as uint64_t value and then if the new value is 0, increment the upper
- * 4 bytes as uint32_t
- * Endian order doesn't really matter as objective is not to perform
- * machine accurate increment operation but to generate a non-repetitive
- * iv value.
- */
-
- uint64_t iv_l;
- uint32_t iv_h;
-
- (void)tfm_memcpy(&iv_l, sst_crypto_iv_buf, sizeof(iv_l));
- (void)tfm_memcpy(&iv_h, (sst_crypto_iv_buf+sizeof(iv_l)), sizeof(iv_h));
- iv_l++;
- /* If overflow, increment the MSBs */
- if (iv_l == 0) {
- iv_h++;
- }
-
- /* Update the local buffer */
- (void)tfm_memcpy(sst_crypto_iv_buf, &iv_l, sizeof(iv_l));
- (void)tfm_memcpy((sst_crypto_iv_buf + sizeof(iv_l)), &iv_h, sizeof(iv_h));
- /* Update the caller buffer */
- (void)tfm_memcpy(crypto->ref.iv, sst_crypto_iv_buf, SST_IV_LEN_BYTES);
-}
-
-psa_status_t sst_crypto_encrypt_and_tag(union sst_crypto_t *crypto,
- const uint8_t *add,
- size_t add_len,
- const uint8_t *in,
- size_t in_len,
- uint8_t *out,
- size_t out_size,
- size_t *out_len)
-{
- psa_status_t status;
-
- status = psa_aead_encrypt(sst_key_handle, SST_CRYPTO_ALG,
- crypto->ref.iv, SST_IV_LEN_BYTES,
- add, add_len,
- in, in_len,
- out, out_size, out_len);
- if (status != PSA_SUCCESS) {
- return PSA_ERROR_GENERIC_ERROR;
- }
-
- /* Copy the tag out of the output buffer */
- *out_len -= SST_TAG_LEN_BYTES;
- (void)tfm_memcpy(crypto->ref.tag, (out + *out_len), SST_TAG_LEN_BYTES);
-
- return PSA_SUCCESS;
-}
-
-psa_status_t sst_crypto_auth_and_decrypt(const union sst_crypto_t *crypto,
- const uint8_t *add,
- size_t add_len,
- uint8_t *in,
- size_t in_len,
- uint8_t *out,
- size_t out_size,
- size_t *out_len)
-{
- psa_status_t status;
-
- /* Copy the tag into the input buffer */
- (void)tfm_memcpy((in + in_len), crypto->ref.tag, SST_TAG_LEN_BYTES);
- in_len += SST_TAG_LEN_BYTES;
-
- status = psa_aead_decrypt(sst_key_handle, SST_CRYPTO_ALG,
- crypto->ref.iv, SST_IV_LEN_BYTES,
- add, add_len,
- in, in_len,
- out, out_size, out_len);
- if (status != PSA_SUCCESS) {
- return PSA_ERROR_INVALID_SIGNATURE;
- }
-
- return PSA_SUCCESS;
-}
-
-psa_status_t sst_crypto_generate_auth_tag(union sst_crypto_t *crypto,
- const uint8_t *add,
- uint32_t add_len)
-{
- psa_status_t status;
- size_t out_len;
-
- status = psa_aead_encrypt(sst_key_handle, SST_CRYPTO_ALG,
- crypto->ref.iv, SST_IV_LEN_BYTES,
- add, add_len,
- 0, 0,
- crypto->ref.tag, SST_TAG_LEN_BYTES, &out_len);
- if (status != PSA_SUCCESS || out_len != SST_TAG_LEN_BYTES) {
- return PSA_ERROR_GENERIC_ERROR;
- }
-
- return PSA_SUCCESS;
-}
-
-psa_status_t sst_crypto_authenticate(const union sst_crypto_t *crypto,
- const uint8_t *add,
- uint32_t add_len)
-{
- psa_status_t status;
- size_t out_len;
-
- status = psa_aead_decrypt(sst_key_handle, SST_CRYPTO_ALG,
- crypto->ref.iv, SST_IV_LEN_BYTES,
- add, add_len,
- crypto->ref.tag, SST_TAG_LEN_BYTES,
- 0, 0, &out_len);
- if (status != PSA_SUCCESS || out_len != 0) {
- return PSA_ERROR_INVALID_SIGNATURE;
- }
-
- return PSA_SUCCESS;
-}
diff --git a/secure_fw/partitions/secure_storage/dir_secure_storage.dox b/secure_fw/partitions/secure_storage/dir_secure_storage.dox
deleted file mode 100644
index 036fbce..0000000
--- a/secure_fw/partitions/secure_storage/dir_secure_storage.dox
+++ /dev/null
@@ -1,17 +0,0 @@
-/*
- * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-//This file holds description for the current directory. This documentation
-//will be included in the Doxygen output.
-
-/*!
-\dir
-\brief Source code for the Secure Storage service.
-\details The secure storage service is responsible to hold sensitive information
-in a protected storage.
-
-*/
\ No newline at end of file
diff --git a/secure_fw/partitions/secure_storage/psa_manifest/tfm_secure_storage.h b/secure_fw/partitions/secure_storage/psa_manifest/tfm_secure_storage.h
deleted file mode 100644
index 5329ce2..0000000
--- a/secure_fw/partitions/secure_storage/psa_manifest/tfm_secure_storage.h
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
- * Copyright (c) 2019, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-/*********** WARNING: This is an auto-generated file. Do not edit! ***********/
-
-#ifndef __PSA_MANIFEST_TFM_SECURE_STORAGE_H__
-#define __PSA_MANIFEST_TFM_SECURE_STORAGE_H__
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define TFM_SST_SET_SIGNAL (1U << (0 + 4))
-#define TFM_SST_GET_SIGNAL (1U << (1 + 4))
-#define TFM_SST_GET_INFO_SIGNAL (1U << (2 + 4))
-#define TFM_SST_REMOVE_SIGNAL (1U << (3 + 4))
-#define TFM_SST_GET_SUPPORT_SIGNAL (1U << (4 + 4))
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __PSA_MANIFEST_TFM_SECURE_STORAGE_H__ */
diff --git a/secure_fw/partitions/secure_storage/sst_object_defs.h b/secure_fw/partitions/secure_storage/sst_object_defs.h
deleted file mode 100644
index 2ac7fd4..0000000
--- a/secure_fw/partitions/secure_storage/sst_object_defs.h
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-#ifndef __SST_OBJECT_DEFS_H__
-#define __SST_OBJECT_DEFS_H__
-
-#include <stdint.h>
-
-#include "flash_layout.h"
-#include "psa/protected_storage.h"
-
-#ifdef SST_ENCRYPTION
-#include "crypto/sst_crypto_interface.h"
-#endif
-
-/*!
- * \struct sst_object_info_t
- *
- * \brief Object information.
- */
-struct sst_object_info_t {
- uint32_t current_size; /*!< Current size of the object content in bytes */
- uint32_t max_size; /*!< Maximum size of the object content in bytes */
- psa_storage_create_flags_t create_flags; /*!< Object creation flags */
-};
-
-/*!
- * \struct sst_obj_header_t
- *
- * \brief Metadata attached as a header to object data before storage.
- */
-struct sst_obj_header_t {
-#ifdef SST_ENCRYPTION
- union sst_crypto_t crypto; /*!< Crypto metadata */
-#else
- uint32_t version; /*!< Object version */
- uint32_t fid; /*!< File ID */
-#endif
- struct sst_object_info_t info; /*!< Object information */
-};
-
-
-#define SST_MAX_OBJECT_DATA_SIZE SST_MAX_ASSET_SIZE
-
-/*!
- * \struct sst_object_t
- *
- * \brief The object to be written to the file system below. Made up of the
- * object header and the object data.
- */
-struct sst_object_t {
- struct sst_obj_header_t header; /*!< Object header */
- uint8_t data[SST_MAX_OBJECT_DATA_SIZE]; /*!< Object data */
-};
-
-
-#define SST_OBJECT_HEADER_SIZE sizeof(struct sst_obj_header_t)
-#define SST_MAX_OBJECT_SIZE sizeof(struct sst_object_t)
-
-/*!
- * \def SST_MAX_NUM_OBJECTS
- *
- * \brief Specifies the maximum number of objects in the system, which is the
- * number of defined assets, the object table and 2 temporary objects to
- * store the temporary object table and temporary updated object.
- */
-#define SST_MAX_NUM_OBJECTS (SST_NUM_ASSETS + 3)
-
-#endif /* __SST_OBJECT_DEFS_H__ */
diff --git a/secure_fw/partitions/secure_storage/sst_object_system.c b/secure_fw/partitions/secure_storage/sst_object_system.c
deleted file mode 100644
index d3d8460..0000000
--- a/secure_fw/partitions/secure_storage/sst_object_system.c
+++ /dev/null
@@ -1,532 +0,0 @@
-/*
- * Copyright (c) 2017-2020, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-#include "sst_object_system.h"
-
-#include <stddef.h>
-
-#include "cmsis_compiler.h"
-#include "psa/internal_trusted_storage.h"
-#include "tfm_memory_utils.h"
-#ifdef SST_ENCRYPTION
-#include "sst_encrypted_object.h"
-#endif
-#include "sst_object_defs.h"
-#include "sst_object_table.h"
-#include "sst_utils.h"
-#include "tfm_sst_req_mngr.h"
-
-#ifndef SST_ENCRYPTION
-/* Gets the size of object written to the object system below */
-#define SST_OBJECT_SIZE(max_size) (SST_OBJECT_HEADER_SIZE + (max_size))
-#define SST_OBJECT_START_POSITION 0
-#endif /* SST_ENCRYPTION */
-
-/* Allocate static variables to process objects */
-static struct sst_object_t g_sst_object;
-static struct sst_obj_table_info_t g_obj_tbl_info;
-
-/**
- * \brief Initialize g_sst_object based on the input parameters and empty data.
- *
- * \param[in] create_flags Object create flags
- * \param[in] size Object size
- * \param[out] obj Object to initialize
- *
- */
-__attribute__ ((always_inline))
-__STATIC_INLINE void sst_init_empty_object(
- psa_storage_create_flags_t create_flags,
- uint32_t size,
- struct sst_object_t *obj)
-{
- /* Set all object data to 0 */
- (void)tfm_memset(obj, SST_DEFAULT_EMPTY_BUFF_VAL, SST_MAX_OBJECT_SIZE);
-
-#ifndef SST_ENCRYPTION
- /* Initialize object version */
- obj->header.version = 0;
-#endif
-
- /* Set object header based on input parameters */
- obj->header.info.max_size = size;
- obj->header.info.create_flags = create_flags;
-}
-
-/**
- * \brief Removes the old object table and object from the file system.
- *
- * \param[in] old_fid Old file ID to remove.
- *
- * \return Returns error code as specified in \ref psa_status_t
- */
-static psa_status_t sst_remove_old_data(uint32_t old_fid)
-{
- psa_status_t err;
-
- /* Delete old object table from the persistent area */
- err = sst_object_table_delete_old_table();
- if (err != PSA_SUCCESS) {
- return err;
- }
-
- /* Delete old file from the persistent area */
- return psa_its_remove(old_fid);
-}
-
-#ifndef SST_ENCRYPTION
-enum read_type_t {
- READ_HEADER_ONLY = 0,
- READ_ALL_OBJECT,
-};
-
-/**
- * \brief Reads and validates an object header based on its object table info
- * stored in g_obj_tbl_info.
- *
- * \param[in] type Read type as specified in \ref read_type_t
- *
- * \return Returns error code as specified in \ref psa_status_t
- */
-static psa_status_t sst_read_object(enum read_type_t type)
-{
- psa_status_t err;
- size_t data_length;
-
- /* Read object header */
- err = psa_its_get(g_obj_tbl_info.fid,
- SST_OBJECT_START_POSITION,
- SST_OBJECT_HEADER_SIZE,
- (void *)&g_sst_object.header,
- &data_length);
- if (err != PSA_SUCCESS) {
- return err;
- }
-
- /* As SST encryption support is not enabled, check file ID and version to
- * detect inconsistency after read the object header from flash.
- */
- if (g_sst_object.header.fid != g_obj_tbl_info.fid ||
- g_sst_object.header.version != g_obj_tbl_info.version) {
- return PSA_ERROR_DATA_CORRUPT;
- }
-
- /* Read object data if any */
- if (type == READ_ALL_OBJECT && g_sst_object.header.info.current_size > 0) {
- err = psa_its_get(g_obj_tbl_info.fid,
- SST_OBJECT_HEADER_SIZE,
- g_sst_object.header.info.current_size,
- (void *)g_sst_object.data,
- &data_length);
- if (err != PSA_SUCCESS) {
- return err;
- }
- }
-
- return PSA_SUCCESS;
-}
-
-/**
- * \brief Writes an object based on its object table info stored in
- * g_obj_tbl_info and the input parameter.
- *
- * \param[in] wrt_size Number of bytes to write
- *
- * \return Returns error code as specified in \ref psa_status_t
- */
-static psa_status_t sst_write_object(uint32_t wrt_size)
-{
- /* Add object identification and increase object version */
- g_sst_object.header.fid = g_obj_tbl_info.fid;
- g_sst_object.header.version++;
-
- /* Save object version to be stored in the object table */
- g_obj_tbl_info.version = g_sst_object.header.version;
-
- return psa_its_set(g_obj_tbl_info.fid, wrt_size,
- (const void *)&g_sst_object,
- PSA_STORAGE_FLAG_NONE);
-}
-
-#endif /* !SST_ENCRYPTION */
-
-psa_status_t sst_system_prepare(void)
-{
- psa_status_t err;
-
- /* Reuse the allocated g_sst_object.data to store a temporary object table
- * data to be validate inside the function.
- * The stored date will be cleaned up when the g_sst_object.data will
- * be used for the first time in the object system.
- */
- err = sst_object_table_init(g_sst_object.data);
-
-#ifdef SST_ENCRYPTION
- g_obj_tbl_info.tag = g_sst_object.header.crypto.ref.tag;
-#endif
-
- return err;
-}
-
-psa_status_t sst_object_read(psa_storage_uid_t uid, int32_t client_id,
- uint32_t offset, uint32_t size,
- size_t *p_data_length)
-{
- psa_status_t err;
-
- /* Retrieve the object information from the object table if the object
- * exists.
- */
- err = sst_object_table_get_obj_tbl_info(uid, client_id, &g_obj_tbl_info);
- if (err != PSA_SUCCESS) {
- return err;
- }
-
- /* Read object */
-#ifdef SST_ENCRYPTION
- err = sst_encrypted_object_read(g_obj_tbl_info.fid, &g_sst_object);
-#else
- /* Read object header */
- err = sst_read_object(READ_ALL_OBJECT);
-#endif
- if (err != PSA_SUCCESS) {
- goto clear_data_and_return;
- }
-
- /* Boundary check the incoming request */
- if (offset > g_sst_object.header.info.current_size) {
- err = PSA_ERROR_INVALID_ARGUMENT;
- goto clear_data_and_return;
- }
-
- size = SST_UTILS_MIN(size,
- g_sst_object.header.info.current_size - offset);
-
- /* Copy the decrypted object data to the output buffer */
- sst_req_mngr_write_asset_data(g_sst_object.data + offset, size);
-
- *p_data_length = size;
-
-clear_data_and_return:
- /* Remove data stored in the object before leaving the function */
- (void)tfm_memset(&g_sst_object, SST_DEFAULT_EMPTY_BUFF_VAL,
- SST_MAX_OBJECT_SIZE);
-
- return err;
-}
-
-psa_status_t sst_object_create(psa_storage_uid_t uid, int32_t client_id,
- psa_storage_create_flags_t create_flags,
- uint32_t size)
-{
- psa_status_t err;
- uint32_t old_fid = SST_INVALID_FID;
- uint32_t fid_am_reserved = 1;
-
-#ifndef SST_ENCRYPTION
- uint32_t wrt_size;
-#endif
-
- /* Boundary check the incoming request */
- if (size > SST_MAX_ASSET_SIZE) {
- return PSA_ERROR_INVALID_ARGUMENT;
- }
-
- /* Retrieve the object information from the object table if the object
- * exists.
- */
- err = sst_object_table_get_obj_tbl_info(uid, client_id, &g_obj_tbl_info);
- if (err == PSA_SUCCESS) {
-#ifdef SST_ENCRYPTION
- /* Read the object */
- err = sst_encrypted_object_read(g_obj_tbl_info.fid, &g_sst_object);
-#else
- /* Read the object header */
- err = sst_read_object(READ_HEADER_ONLY);
-#endif
- if (err != PSA_SUCCESS) {
- goto clear_data_and_return;
- }
-
- /* If the object exists and has the write once flag set, then it cannot
- * be modified.
- */
- if (g_sst_object.header.info.create_flags
- & PSA_STORAGE_FLAG_WRITE_ONCE) {
- err = PSA_ERROR_NOT_PERMITTED;
- goto clear_data_and_return;
- }
-
- /* Update the create flags and max object size */
- g_sst_object.header.info.create_flags = create_flags;
- g_sst_object.header.info.max_size = size;
-
- /* Save old file ID */
- old_fid = g_obj_tbl_info.fid;
- } else if (err == PSA_ERROR_DOES_NOT_EXIST) {
- /* If the object does not exist, then initialize it based on the input
- * arguments and empty content. Requests 2 FIDs to prevent exhaustion.
- */
- fid_am_reserved = 2;
- sst_init_empty_object(create_flags, size, &g_sst_object);
- } else {
- goto clear_data_and_return;
- }
-
- /* Update the object data */
- err = sst_req_mngr_read_asset_data(g_sst_object.data, size);
- if (err != PSA_SUCCESS) {
- goto clear_data_and_return;
- }
-
- /* Update the current object size */
- g_sst_object.header.info.current_size = size;
-
- /* Get new file ID */
- err = sst_object_table_get_free_fid(fid_am_reserved,
- &g_obj_tbl_info.fid);
- if (err != PSA_SUCCESS) {
- goto clear_data_and_return;
- }
-
-#ifdef SST_ENCRYPTION
- err = sst_encrypted_object_write(g_obj_tbl_info.fid, &g_sst_object);
-#else
- wrt_size = SST_OBJECT_SIZE(g_sst_object.header.info.current_size);
-
- /* Write g_sst_object */
- err = sst_write_object(wrt_size);
-#endif
- if (err != PSA_SUCCESS) {
- goto clear_data_and_return;
- }
-
- /* Update the table with the new internal ID and version for the object, and
- * store it in the persistent area.
- */
- err = sst_object_table_set_obj_tbl_info(uid, client_id, &g_obj_tbl_info);
- if (err != PSA_SUCCESS) {
- /* Remove new object as object table is not persistent and propagate
- * object table manipulation error.
- */
- (void)psa_its_remove(g_obj_tbl_info.fid);
-
- goto clear_data_and_return;
- }
-
- if (old_fid == SST_INVALID_FID) {
- /* Delete old object table from the persistent area */
- err = sst_object_table_delete_old_table();
- } else {
- /* Remove old object and delete old object table */
- err = sst_remove_old_data(old_fid);
- }
-
-clear_data_and_return:
- /* Remove data stored in the object before leaving the function */
- (void)tfm_memset(&g_sst_object, SST_DEFAULT_EMPTY_BUFF_VAL,
- SST_MAX_OBJECT_SIZE);
-
- return err;
-}
-
-psa_status_t sst_object_write(psa_storage_uid_t uid, int32_t client_id,
- uint32_t offset, uint32_t size)
-{
- psa_status_t err;
- uint32_t old_fid;
-
-#ifndef SST_ENCRYPTION
- uint32_t wrt_size;
-#endif
-
- /* Retrieve the object information from the object table if the object
- * exists.
- */
- err = sst_object_table_get_obj_tbl_info(uid, client_id, &g_obj_tbl_info);
- if (err != PSA_SUCCESS) {
- return err;
- }
-
- /* Read the object */
-#ifdef SST_ENCRYPTION
- err = sst_encrypted_object_read(g_obj_tbl_info.fid, &g_sst_object);
-#else
- err = sst_read_object(READ_ALL_OBJECT);
-#endif
- if (err != PSA_SUCCESS) {
- goto clear_data_and_return;
- }
-
- /* If the object has the write once flag set, then it cannot be modified. */
- if (g_sst_object.header.info.create_flags & PSA_STORAGE_FLAG_WRITE_ONCE) {
- err = PSA_ERROR_NOT_PERMITTED;
- goto clear_data_and_return;
- }
-
- /* Offset must not be larger than the object's current size to prevent gaps
- * being created in the object data.
- */
- if (offset > g_sst_object.header.info.current_size) {
- err = PSA_ERROR_INVALID_ARGUMENT;
- goto clear_data_and_return;
- }
-
- /* Boundary check the incoming request */
- err = sst_utils_check_contained_in(g_sst_object.header.info.max_size,
- offset, size);
- if (err != PSA_SUCCESS) {
- goto clear_data_and_return;
- }
-
- /* Update the object data */
- err = sst_req_mngr_read_asset_data(g_sst_object.data + offset, size);
- if (err != PSA_SUCCESS) {
- goto clear_data_and_return;
- }
-
- /* Update the current object size if necessary */
- if ((offset + size) > g_sst_object.header.info.current_size) {
- g_sst_object.header.info.current_size = offset + size;
- }
-
- /* Save old file ID */
- old_fid = g_obj_tbl_info.fid;
-
- /* Get new file ID */
- err = sst_object_table_get_free_fid(1, &g_obj_tbl_info.fid);
- if (err != PSA_SUCCESS) {
- goto clear_data_and_return;
- }
-
-#ifdef SST_ENCRYPTION
- err = sst_encrypted_object_write(g_obj_tbl_info.fid, &g_sst_object);
-#else
- wrt_size = SST_OBJECT_SIZE(g_sst_object.header.info.current_size);
-
- /* Write g_sst_object */
- err = sst_write_object(wrt_size);
-#endif
- if (err != PSA_SUCCESS) {
- goto clear_data_and_return;
- }
-
- /* Update the table with the new internal ID and version for the object, and
- * store it in the persistent area.
- */
- err = sst_object_table_set_obj_tbl_info(uid, client_id, &g_obj_tbl_info);
- if (err != PSA_SUCCESS) {
- /* Remove new object as object table is not persistent and propagate
- * object table manipulation error.
- */
- (void)psa_its_remove(g_obj_tbl_info.fid);
-
- goto clear_data_and_return;
- }
-
- /* Remove old object table and object */
- err = sst_remove_old_data(old_fid);
-
-clear_data_and_return:
- /* Remove data stored in the object before leaving the function */
- (void)tfm_memset(&g_sst_object, SST_DEFAULT_EMPTY_BUFF_VAL,
- SST_MAX_OBJECT_SIZE);
-
- return err;
-}
-
-psa_status_t sst_object_get_info(psa_storage_uid_t uid, int32_t client_id,
- struct psa_storage_info_t *info)
-{
- psa_status_t err;
-
- /* Retrieve the object information from the object table if the object
- * exists.
- */
- err = sst_object_table_get_obj_tbl_info(uid, client_id, &g_obj_tbl_info);
- if (err != PSA_SUCCESS) {
- return err;
- }
-
-#ifdef SST_ENCRYPTION
- err = sst_encrypted_object_read(g_obj_tbl_info.fid, &g_sst_object);
-#else
- err = sst_read_object(READ_HEADER_ONLY);
-#endif
- if (err != PSA_SUCCESS) {
- goto clear_data_and_return;
- }
-
- /* Copy SST object info to the PSA PS info struct */
- info->size = g_sst_object.header.info.current_size;
- info->flags = g_sst_object.header.info.create_flags;
-
-clear_data_and_return:
- /* Remove data stored in the object before leaving the function */
- (void)tfm_memset(&g_sst_object, SST_DEFAULT_EMPTY_BUFF_VAL,
- SST_MAX_OBJECT_SIZE);
-
- return err;
-}
-
-psa_status_t sst_object_delete(psa_storage_uid_t uid, int32_t client_id)
-{
- psa_status_t err;
-
- /* Retrieve the object information from the object table if the object
- * exists.
- */
- err = sst_object_table_get_obj_tbl_info(uid, client_id, &g_obj_tbl_info);
- if (err != PSA_SUCCESS) {
- return err;
- }
-
-#ifdef SST_ENCRYPTION
- err = sst_encrypted_object_read(g_obj_tbl_info.fid, &g_sst_object);
-#else
- err = sst_read_object(READ_HEADER_ONLY);
-#endif
- if (err != PSA_SUCCESS) {
- goto clear_data_and_return;
- }
-
- /* Check that the write once flag is not set */
- if (g_sst_object.header.info.create_flags & PSA_STORAGE_FLAG_WRITE_ONCE) {
- err = PSA_ERROR_NOT_PERMITTED;
- goto clear_data_and_return;
- }
-
- /* Delete object from the table and stores the table in the persistent
- * area.
- */
- err = sst_object_table_delete_object(uid, client_id);
- if (err != PSA_SUCCESS) {
- goto clear_data_and_return;
- }
-
- /* Remove old object table and file */
- err = sst_remove_old_data(g_obj_tbl_info.fid);
-
-clear_data_and_return:
- /* Remove data stored in the object before leaving the function */
- (void)tfm_memset(&g_sst_object, SST_DEFAULT_EMPTY_BUFF_VAL,
- SST_MAX_OBJECT_SIZE);
-
- return err;
-}
-
-psa_status_t sst_system_wipe_all(void)
-{
- /* This function may get called as a corrective action
- * if a system level security violation is detected.
- * This could be asynchronous to normal system operation
- * and state of the sst system lock is unknown. Hence
- * this function doesn't block on the lock and directly
- * moves to erasing the flash instead.
- */
- return sst_object_table_create();
-}
diff --git a/secure_fw/partitions/secure_storage/sst_object_table.c b/secure_fw/partitions/secure_storage/sst_object_table.c
deleted file mode 100644
index 2e37a08..0000000
--- a/secure_fw/partitions/secure_storage/sst_object_table.c
+++ /dev/null
@@ -1,1061 +0,0 @@
-/*
- * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-#include "sst_object_table.h"
-
-#include <stddef.h>
-
-#include "cmsis_compiler.h"
-#include "crypto/sst_crypto_interface.h"
-#include "flash_layout.h"
-#include "nv_counters/sst_nv_counters.h"
-#include "psa/internal_trusted_storage.h"
-#include "tfm_memory_utils.h"
-#include "sst_utils.h"
-#include "tfm_sst_defs.h"
-
-/* FIXME: Duplicated from flash info */
-#define SST_FLASH_DEFAULT_VAL 0xFFU
-
-/*!
- * \def SST_OBJECT_SYSTEM_VERSION
- *
- * \brief Current object system version.
- */
-#define SST_OBJECT_SYSTEM_VERSION 0x01
-
-/*!
- * \struct sst_obj_table_info_t
- *
- * \brief Object table information structure.
- */
-struct sst_obj_table_entry_t {
-#ifdef SST_ENCRYPTION
- uint8_t tag[SST_TAG_LEN_BYTES]; /*!< MAC value of AEAD object */
-#else
- uint32_t version; /*!< File version */
-#endif
- psa_storage_uid_t uid; /*!< Object UID */
- int32_t client_id; /*!< Client ID */
-};
-
-/* Specifies number of entries in the table. The number of entries is the
- * number of assets, defined in asset_defs.h, plus one extra entry to store
- * a new object when the code processes a change in a file.
- */
-#define SST_OBJ_TABLE_ENTRIES (SST_NUM_ASSETS + 1)
-
-/*!
- * \struct sst_obj_table_t
- *
- * \brief Object table structure.
- */
-struct sst_obj_table_t {
-#ifdef SST_ENCRYPTION
- union sst_crypto_t crypto; /*!< Crypto metadata. */
-#endif
-
- uint8_t version; /*!< SST object system version. */
-
-#ifndef SST_ROLLBACK_PROTECTION
- uint8_t swap_count; /*!< Swap counter to distinguish 2 different
- * object tables.
- */
-#endif /* SST_ROLLBACK_PROTECTION */
-
- struct sst_obj_table_entry_t obj_db[SST_OBJ_TABLE_ENTRIES]; /*!< Table's
- * entries
- */
-};
-
-/* Object table indexes */
-#define SST_OBJ_TABLE_IDX_0 0
-#define SST_OBJ_TABLE_IDX_1 1
-
-/* Number of object tables (active and scratch) */
-#define SST_NUM_OBJ_TABLES 2
-
-/*!
- * \def SST_TABLE_FS_ID
- *
- * \brief File ID to be used in order to store the object table in the
- * file system.
- *
- * \param[in] idx Table index to convert into a file ID.
- *
- * \return Returns file ID
- *
- */
-#define SST_TABLE_FS_ID(idx) (idx + 1)
-
-/*!
- * \def SST_OBJECT_FS_ID
- *
- * \brief File ID to be used in order to store an object in the
- * file system.
- *
- * \param[in] idx Object table index to convert into a file ID.
- *
- * \return Returns file ID
- */
-#define SST_OBJECT_FS_ID(idx) ((idx + 1) + \
- SST_TABLE_FS_ID(SST_OBJ_TABLE_IDX_1))
-
-/*!
- * \def SST_OBJECT_FS_ID_TO_IDX
- *
- * \brief Gets object index in the table based on the file ID.
- *
- * \param[in] fid File ID of an object in the object table
- *
- * \return Returns object table index
- */
-#define SST_OBJECT_FS_ID_TO_IDX(fid) ((fid - 1) - \
- SST_TABLE_FS_ID(SST_OBJ_TABLE_IDX_1))
-
-/*!
- * \struct sst_obj_table_ctx_t
- *
- * \brief Object table context structure.
- */
-struct sst_obj_table_ctx_t {
- struct sst_obj_table_t obj_table; /*!< Object tables */
- uint8_t active_table; /*!< Active object table */
- uint8_t scratch_table; /*!< Scratch object table */
-};
-
-/* Object table context */
-static struct sst_obj_table_ctx_t sst_obj_table_ctx;
-
-/* Object table size */
-#define SST_OBJ_TABLE_SIZE sizeof(struct sst_obj_table_t)
-
-/* Object table entry size */
-#define SST_OBJECTS_TABLE_ENTRY_SIZE sizeof(struct sst_obj_table_entry_t)
-
-/* Size of the data that is not required to authenticate */
-#define SST_NON_AUTH_OBJ_TABLE_SIZE sizeof(union sst_crypto_t)
-
-/* Start position to store the object table data in the FS object */
-#define SST_OBJECT_TABLE_OBJECT_OFFSET 0
-
-/* The associated data is the header minus the crypto data */
-#define SST_CRYPTO_ASSOCIATED_DATA(crypto) ((uint8_t *)crypto + \
- SST_NON_AUTH_OBJ_TABLE_SIZE)
-
-#ifdef SST_ROLLBACK_PROTECTION
-#define SST_OBJ_TABLE_AUTH_DATA_SIZE (SST_OBJ_TABLE_SIZE - \
- SST_NON_AUTH_OBJ_TABLE_SIZE)
-
-struct sst_crypto_assoc_data_t {
- uint8_t obj_table_data[SST_OBJ_TABLE_AUTH_DATA_SIZE];
- uint32_t nv_counter;
-};
-
-#define SST_CRYPTO_ASSOCIATED_DATA_LEN sizeof(struct sst_crypto_assoc_data_t)
-
-#else
-
-/* The associated data is the header, minus the the tag data */
-#define SST_CRYPTO_ASSOCIATED_DATA_LEN (SST_OBJ_TABLE_SIZE - \
- SST_NON_AUTH_OBJ_TABLE_SIZE)
-#endif /* SST_ROLLBACK_PROTECTION */
-
-/* The sst_object_table_init function uses the static memory allocated for
- * the object data manipulation, in sst_object_table.c (g_sst_object), to load a
- * temporary object table to be validated at that stage.
- * To make sure the object table data fits in the static memory allocated for
- * object manipulation, the following macro checks if the memory allocated is
- * big enough, at compile time
- */
-
-/* Check at compilation time if metadata fits in g_sst_object.data */
-SST_UTILS_BOUND_CHECK(OBJ_TABLE_NOT_FIT_IN_STATIC_OBJ_DATA_BUF,
- SST_OBJ_TABLE_SIZE, SST_MAX_ASSET_SIZE);
-
-enum sst_obj_table_state {
- SST_OBJ_TABLE_VALID = 0, /*!< Table content is valid */
- SST_OBJ_TABLE_INVALID, /*!< Table content is invalid */
- SST_OBJ_TABLE_NVC_1_VALID, /*!< Table content valid with NVC 1 value */
- SST_OBJ_TABLE_NVC_3_VALID, /*!< Table content valid with NVC 3 value */
-};
-
-/* Specifies that SST NV counter value is invalid */
-#define SST_INVALID_NVC_VALUE 0
-
-/*!
- * \struct sst_obj_table_ctx_t
- *
- * \brief Object table init context structure.
- */
-struct sst_obj_table_init_ctx_t {
- struct sst_obj_table_t *p_table[SST_NUM_OBJ_TABLES]; /*!< Pointers to
- * object tables
- */
- enum sst_obj_table_state table_state[SST_NUM_OBJ_TABLES]; /*!< Array to
- * indicate if
- * the object
- * table X is
- * valid
- */
-#ifdef SST_ROLLBACK_PROTECTION
- uint32_t nvc_1; /*!< Non-volatile counter value 1 */
- uint32_t nvc_3; /*!< Non-volatile counter value 3 */
-#endif /* SST_ROLLBACK_PROTECTION */
-};
-
-/**
- * \brief Reads object table from persistent memory.
- *
- * \param[out] init_ctx Pointer to the init object table context
- *
- */
-__attribute__ ((always_inline))
-__STATIC_INLINE void sst_object_table_fs_read_table(
- struct sst_obj_table_init_ctx_t *init_ctx)
-{
- psa_status_t err;
- size_t data_length;
-
- /* Read file with the table 0 data */
-
- err = psa_its_get(SST_TABLE_FS_ID(SST_OBJ_TABLE_IDX_0),
- SST_OBJECT_TABLE_OBJECT_OFFSET,
- SST_OBJ_TABLE_SIZE,
- (void *)init_ctx->p_table[SST_OBJ_TABLE_IDX_0],
- &data_length);
- if (err != PSA_SUCCESS) {
- init_ctx->table_state[SST_OBJ_TABLE_IDX_0] = SST_OBJ_TABLE_INVALID;
- }
-
- /* Read file with the table 1 data */
- err = psa_its_get(SST_TABLE_FS_ID(SST_OBJ_TABLE_IDX_1),
- SST_OBJECT_TABLE_OBJECT_OFFSET,
- SST_OBJ_TABLE_SIZE,
- (void *)init_ctx->p_table[SST_OBJ_TABLE_IDX_1],
- &data_length);
- if (err != PSA_SUCCESS) {
- init_ctx->table_state[SST_OBJ_TABLE_IDX_1] = SST_OBJ_TABLE_INVALID;
- }
-}
-
-/**
- * \brief Writes object table in persistent memory.
- *
- * \param[in,out] obj_table Pointer to the object table to generate
- * authentication
- *
- * \return Returns error code as specified in \ref psa_status_t
- */
-__attribute__ ((always_inline))
-__STATIC_INLINE psa_status_t sst_object_table_fs_write_table(
- struct sst_obj_table_t *obj_table)
-{
- psa_status_t err;
- uint32_t obj_table_id = SST_TABLE_FS_ID(sst_obj_table_ctx.scratch_table);
- uint8_t swap_table_idxs = sst_obj_table_ctx.scratch_table;
-
- /* Create file to store object table in the FS */
- err = psa_its_set(obj_table_id,
- SST_OBJ_TABLE_SIZE,
- (const void *)obj_table,
- PSA_STORAGE_FLAG_NONE);
-
- if (err != PSA_SUCCESS) {
- return err;
- }
-
- /* Swap active and scratch table values */
- sst_obj_table_ctx.scratch_table = sst_obj_table_ctx.active_table;
- sst_obj_table_ctx.active_table = swap_table_idxs;
-
- return PSA_SUCCESS;
-}
-
-#ifdef SST_ENCRYPTION
-#ifdef SST_ROLLBACK_PROTECTION
-/**
- * \brief Aligns all SST non-volatile counters.
- *
- * \param[in] nvc_1 Value of SST non-volatile counter 1
- *
- * \return Returns error code as specified in \ref psa_status_t
- */
-static psa_status_t sst_object_table_align_nv_counters(uint32_t nvc_1)
-{
- psa_status_t err;
- uint32_t nvc_x_val = 0;
-
- /* Align SST NVC 2 with NVC 1 */
- err = sst_read_nv_counter(TFM_SST_NV_COUNTER_2, &nvc_x_val);
- if (err != PSA_SUCCESS) {
- return PSA_ERROR_GENERIC_ERROR;
- }
-
- for (; nvc_x_val < nvc_1; nvc_x_val++) {
- err = sst_increment_nv_counter(TFM_SST_NV_COUNTER_2);
- if (err != PSA_SUCCESS) {
- return err;
- }
- }
-
- /* Align SST NVC 3 with NVC 1 */
- err = sst_read_nv_counter(TFM_SST_NV_COUNTER_3, &nvc_x_val);
- if (err != PSA_SUCCESS) {
- return PSA_ERROR_GENERIC_ERROR;
- }
-
- for (; nvc_x_val < nvc_1; nvc_x_val++) {
- err = sst_increment_nv_counter(TFM_SST_NV_COUNTER_3);
- if (err != PSA_SUCCESS) {
- return err;
- }
- }
-
- return PSA_SUCCESS;
-}
-
-/**
- * \brief Generates table authentication tag.
- *
- * \param[in] nvc_1 Value of SST non-volatile counter 1
- * \param[in,out] obj_table Pointer to the object table to generate
- * authentication
- *
- * \return Returns error code as specified in \ref psa_status_t
- */
-__attribute__ ((always_inline))
-__STATIC_INLINE psa_status_t sst_object_table_nvc_generate_auth_tag(
- uint32_t nvc_1,
- struct sst_obj_table_t *obj_table)
-{
- struct sst_crypto_assoc_data_t assoc_data;
- union sst_crypto_t *crypto = &obj_table->crypto;
-
- /* Get new IV */
- sst_crypto_get_iv(crypto);
-
- assoc_data.nv_counter = nvc_1;
- (void)tfm_memcpy(assoc_data.obj_table_data,
- SST_CRYPTO_ASSOCIATED_DATA(crypto),
- SST_OBJ_TABLE_AUTH_DATA_SIZE);
-
- return sst_crypto_generate_auth_tag(crypto, (const uint8_t *)&assoc_data,
- SST_CRYPTO_ASSOCIATED_DATA_LEN);
-}
-
-/**
- * \brief Authenticates table of objects.
- *
- * \param[in] table_idx Table index in the init context
- * \param[in,out] init_ctx Pointer to the object table to authenticate
- *
- */
-static void sst_object_table_authenticate(uint8_t table_idx,
- struct sst_obj_table_init_ctx_t *init_ctx)
-{
- struct sst_crypto_assoc_data_t assoc_data;
- union sst_crypto_t *crypto = &init_ctx->p_table[table_idx]->crypto;
- psa_status_t err;
-
- /* Init associated data with NVC 1 */
- assoc_data.nv_counter = init_ctx->nvc_1;
- (void)tfm_memcpy(assoc_data.obj_table_data,
- SST_CRYPTO_ASSOCIATED_DATA(crypto),
- SST_OBJ_TABLE_AUTH_DATA_SIZE);
-
- err = sst_crypto_authenticate(crypto, (const uint8_t *)&assoc_data,
- SST_CRYPTO_ASSOCIATED_DATA_LEN);
- if (err == PSA_SUCCESS) {
- init_ctx->table_state[table_idx] = SST_OBJ_TABLE_NVC_1_VALID;
- return;
- }
-
- if (init_ctx->nvc_3 == SST_INVALID_NVC_VALUE) {
- init_ctx->table_state[table_idx] = SST_OBJ_TABLE_INVALID;
- return;
- }
-
- /* Check with NVC 3 */
- assoc_data.nv_counter = init_ctx->nvc_3;
-
- err = sst_crypto_authenticate(crypto, (const uint8_t *)&assoc_data,
- SST_CRYPTO_ASSOCIATED_DATA_LEN);
- if (err != PSA_SUCCESS) {
- init_ctx->table_state[table_idx] = SST_OBJ_TABLE_INVALID;
- } else {
- init_ctx->table_state[table_idx] = SST_OBJ_TABLE_NVC_3_VALID;
- }
-}
-
-/**
- * \brief Authenticates tables of objects.
- *
- * \param[in,out] init_ctx Pointer to the object table to authenticate
- *
- * \return Returns error code as specified in \ref psa_status_t
- */
-__attribute__ ((always_inline))
-__STATIC_INLINE psa_status_t sst_object_table_nvc_authenticate(
- struct sst_obj_table_init_ctx_t *init_ctx)
-{
- psa_status_t err;
- uint32_t nvc_2;
-
- err = sst_read_nv_counter(TFM_SST_NV_COUNTER_1, &init_ctx->nvc_1);
- if (err != PSA_SUCCESS) {
- return err;
- }
-
- err = sst_read_nv_counter(TFM_SST_NV_COUNTER_2, &nvc_2);
- if (err != PSA_SUCCESS) {
- return err;
- }
-
- err = sst_read_nv_counter(TFM_SST_NV_COUNTER_3, &init_ctx->nvc_3);
- if (err != PSA_SUCCESS) {
- return err;
- }
-
- /* Check if NVC 3 value can be used to validate an object table */
- if (init_ctx->nvc_3 != nvc_2) {
- /* If NVC 3 is different from NVC 2, it is possible to load an old SST
- * area image in the system by manipulating the FS to return a system
- * error from the file system layer and triggering power fault before
- * increasing the NVC 3. So, in that case, NVC 3 value cannot be used to
- * validate an old object table at the init process.
- */
- init_ctx->nvc_3 = SST_INVALID_NVC_VALUE;
- }
-
- /* Authenticate table 0 if data is valid */
- if (init_ctx->table_state[SST_OBJ_TABLE_IDX_0] != SST_OBJ_TABLE_INVALID) {
- sst_object_table_authenticate(SST_OBJ_TABLE_IDX_0, init_ctx);
- }
-
- /* Authenticate table 1 if data is valid */
- if (init_ctx->table_state[SST_OBJ_TABLE_IDX_1] != SST_OBJ_TABLE_INVALID) {
- sst_object_table_authenticate(SST_OBJ_TABLE_IDX_1, init_ctx);
- }
-
- return PSA_SUCCESS;
-}
-#else /* SST_ROLLBACK_PROTECTION */
-
-/**
- * \brief Generates table authentication
- *
- * \param[in,out] obj_table Pointer to the object table to generate
- * authentication
- *
- * \return Returns error code as specified in \ref psa_status_t
- */
-__attribute__ ((always_inline))
-__STATIC_INLINE psa_status_t sst_object_table_generate_auth_tag(
- struct sst_obj_table_t *obj_table)
-{
- union sst_crypto_t *crypto = &obj_table->crypto;
-
- /* Get new IV */
- sst_crypto_get_iv(crypto);
-
- return sst_crypto_generate_auth_tag(crypto,
- SST_CRYPTO_ASSOCIATED_DATA(crypto),
- SST_CRYPTO_ASSOCIATED_DATA_LEN);
-}
-
-/**
- * \brief Authenticates tables of objects.
- *
- * \param[in,out] init_ctx Pointer to the object table to authenticate
- *
- */
-__attribute__ ((always_inline))
-__STATIC_INLINE void sst_object_table_authenticate_ctx_tables(
- struct sst_obj_table_init_ctx_t *init_ctx)
-{
- psa_status_t err;
- union sst_crypto_t *crypto =
- &init_ctx->p_table[SST_OBJ_TABLE_IDX_0]->crypto;
-
- /* Authenticate table 0 if data is valid */
- if (init_ctx->table_state[SST_OBJ_TABLE_IDX_0] != SST_OBJ_TABLE_INVALID) {
- err = sst_crypto_authenticate(crypto,
- SST_CRYPTO_ASSOCIATED_DATA(crypto),
- SST_CRYPTO_ASSOCIATED_DATA_LEN);
- if (err != PSA_SUCCESS) {
- init_ctx->table_state[SST_OBJ_TABLE_IDX_0] = SST_OBJ_TABLE_INVALID;
- }
- }
-
- /* Authenticate table 1 if data is valid */
- if (init_ctx->table_state[SST_OBJ_TABLE_IDX_1] != SST_OBJ_TABLE_INVALID) {
- crypto = &init_ctx->p_table[SST_OBJ_TABLE_IDX_1]->crypto;
-
- err = sst_crypto_authenticate(crypto,
- SST_CRYPTO_ASSOCIATED_DATA(crypto),
- SST_CRYPTO_ASSOCIATED_DATA_LEN);
- if (err != PSA_SUCCESS) {
- init_ctx->table_state[SST_OBJ_TABLE_IDX_1] = SST_OBJ_TABLE_INVALID;
- }
- }
-}
-#endif /* SST_ROLLBACK_PROTECTION */
-#endif /* SST_ENCRYPTION */
-
-/**
- * \brief Saves object table in the persistent memory.
- *
- * \param[in,out] obj_table Pointer to the object table to save
- *
- * \return Returns error code as specified in \ref psa_status_t
- */
-static psa_status_t sst_object_table_save_table(
- struct sst_obj_table_t *obj_table)
-{
- psa_status_t err;
-
-#ifdef SST_ROLLBACK_PROTECTION
- uint32_t nvc_1 = 0;
-
- err = sst_increment_nv_counter(TFM_SST_NV_COUNTER_1);
- if (err != PSA_SUCCESS) {
- return err;
- }
-
- err = sst_read_nv_counter(TFM_SST_NV_COUNTER_1, &nvc_1);
- if (err != PSA_SUCCESS) {
- return err;
- }
-#else
- obj_table->swap_count++;
-
- if (obj_table->swap_count == SST_FLASH_DEFAULT_VAL) {
- /* When a flash block is erased, the default value is usually 0xFF
- * (i.e. all 1s). Since the swap count is updated last (when encryption
- * is disabled), it is possible that due to a power failure, the swap
- * count value in metadata header is 0xFFFF..., which mean it will
- * appear to be most recent block.
- */
- obj_table->swap_count = 0;
- }
-#endif /* SST_ROLLBACK_PROTECTION */
-
-#ifdef SST_ENCRYPTION
- /* Set object table key */
- err = sst_crypto_setkey();
- if (err != PSA_SUCCESS) {
- return err;
- }
-
-#ifdef SST_ROLLBACK_PROTECTION
- /* Generate authentication tag from the current table content and SST
- * NV counter 1.
- */
- err = sst_object_table_nvc_generate_auth_tag(nvc_1, obj_table);
-#else
- /* Generate authentication tag from the current table content */
- err = sst_object_table_generate_auth_tag(obj_table);
-#endif /* SST_ROLLBACK_PROTECTION */
-
- if (err != PSA_SUCCESS) {
- (void)sst_crypto_destroykey();
- return err;
- }
-
- err = sst_crypto_destroykey();
- if (err != PSA_SUCCESS) {
- return err;
- }
-#endif /* SST_ENCRYPTION */
-
- err = sst_object_table_fs_write_table(obj_table);
-
-#ifdef SST_ROLLBACK_PROTECTION
- if (err != PSA_SUCCESS) {
- return err;
- }
-
- /* Align SST NV counters to have the same value */
- err = sst_object_table_align_nv_counters(nvc_1);
-#endif /* SST_ROLLBACK_PROTECTION */
-
- return err;
-}
-
-/**
- * \brief Checks the validity of the table version.
- *
- * \param[in,out] init_ctx Pointer to the init object table context
- *
- */
-__attribute__ ((always_inline))
-__STATIC_INLINE void sst_object_table_validate_version(
- struct sst_obj_table_init_ctx_t *init_ctx)
-{
- /* Looks for exact version number.
- * FIXME: backward compatibility could be considered in future revisions.
- */
- if (SST_OBJECT_SYSTEM_VERSION !=
- init_ctx->p_table[SST_OBJ_TABLE_IDX_0]->version) {
- init_ctx->table_state[SST_OBJ_TABLE_IDX_0] = SST_OBJ_TABLE_INVALID;
- }
-
- if (SST_OBJECT_SYSTEM_VERSION !=
- init_ctx->p_table[SST_OBJ_TABLE_IDX_1]->version) {
- init_ctx->table_state[SST_OBJ_TABLE_IDX_1] = SST_OBJ_TABLE_INVALID;
- }
-}
-
-/**
- * \brief Sets the active object table based on the swap count and validity of
- * the object table data.
- *
- * \param[in] init_ctx Pointer to the init object table context
- *
- * \return Returns error code as specified in \ref psa_status_t
- */
-static psa_status_t sst_set_active_object_table(
- const struct sst_obj_table_init_ctx_t *init_ctx)
-{
-#ifndef SST_ROLLBACK_PROTECTION
- uint8_t table0_swap_count =
- init_ctx->p_table[SST_OBJ_TABLE_IDX_0]->swap_count;
- uint8_t table1_swap_count =
- init_ctx->p_table[SST_OBJ_TABLE_IDX_1]->swap_count;
-#endif
-
- /* Check if there is an invalid object table */
- if ((init_ctx->table_state[SST_OBJ_TABLE_IDX_0] == SST_OBJ_TABLE_INVALID)
- && (init_ctx->table_state[SST_OBJ_TABLE_IDX_1] ==
- SST_OBJ_TABLE_INVALID)) {
- /* Both tables are invalid */
- return PSA_ERROR_GENERIC_ERROR;
- } else if (init_ctx->table_state[SST_OBJ_TABLE_IDX_0] ==
- SST_OBJ_TABLE_INVALID) {
- /* Table 0 is invalid, the active one is table 1 */
- sst_obj_table_ctx.active_table = SST_OBJ_TABLE_IDX_1;
- sst_obj_table_ctx.scratch_table = SST_OBJ_TABLE_IDX_0;
-
- /* As table 1 is the active object, load the content into the
- * SST object table context.
- */
- (void)tfm_memcpy(&sst_obj_table_ctx.obj_table,
- init_ctx->p_table[SST_OBJ_TABLE_IDX_1],
- SST_OBJ_TABLE_SIZE);
-
- return PSA_SUCCESS;
- } else if (init_ctx->table_state[SST_OBJ_TABLE_IDX_1] ==
- SST_OBJ_TABLE_INVALID) {
- /* Table 1 is invalid, the active one is table 0 */
- sst_obj_table_ctx.active_table = SST_OBJ_TABLE_IDX_0;
- sst_obj_table_ctx.scratch_table = SST_OBJ_TABLE_IDX_1;
-
- /* As table 0 is already in the SST object table context, it is not
- * needed to copy the table in the context.
- */
-
- return PSA_SUCCESS;
- }
-
-#ifdef SST_ROLLBACK_PROTECTION
- if (init_ctx->table_state[SST_OBJ_TABLE_IDX_1] ==
- SST_OBJ_TABLE_NVC_1_VALID) {
- /* Table 0 is invalid, the active one is table 1 */
- sst_obj_table_ctx.active_table = SST_OBJ_TABLE_IDX_1;
- sst_obj_table_ctx.scratch_table = SST_OBJ_TABLE_IDX_0;
- } else {
- /* In case both tables are valid or table 0 is valid, table 0 is the
- * valid on as it is already in the SST object table context.
- */
- sst_obj_table_ctx.active_table = SST_OBJ_TABLE_IDX_0;
- sst_obj_table_ctx.scratch_table = SST_OBJ_TABLE_IDX_1;
- }
-#else
- /* Logic: if the swap count is 0, then it has rolled over. The object table
- * with a swap count of 0 is the latest one, unless the other block has a
- * swap count of 1, in which case the roll over occurred in the previous
- * update. In all other cases, the table with the highest swap count is the
- * latest one.
- */
- if ((table1_swap_count == 0) && (table0_swap_count != 1)) {
- /* Table 1 swap count has rolled over and table 0 swap count has not,
- * so table 1 is the latest.
- */
- sst_obj_table_ctx.active_table = SST_OBJ_TABLE_IDX_1;
- sst_obj_table_ctx.scratch_table = SST_OBJ_TABLE_IDX_0;
-
- } else if ((table0_swap_count == 0) && (table1_swap_count != 1)) {
- /* Table 0 swap count has rolled over and table 1 swap count has not,
- * so table 0 is the latest.
- */
- sst_obj_table_ctx.active_table = SST_OBJ_TABLE_IDX_0;
- sst_obj_table_ctx.scratch_table = SST_OBJ_TABLE_IDX_1;
-
- } else if (table1_swap_count > table0_swap_count) {
- /* Neither swap count has just rolled over and table 1 has a
- * higher swap count, so table 1 is the latest.
- */
- sst_obj_table_ctx.active_table = SST_OBJ_TABLE_IDX_1;
- sst_obj_table_ctx.scratch_table = SST_OBJ_TABLE_IDX_0;
-
- } else {
- /* Neither swap count has just rolled over and table 0 has a
- * higher or equal swap count, so table 0 is the latest.
- */
- sst_obj_table_ctx.active_table = SST_OBJ_TABLE_IDX_0;
- sst_obj_table_ctx.scratch_table = SST_OBJ_TABLE_IDX_1;
- }
-#endif /* SST_ROLLBACK_PROTECTION */
-
- /* If active object table is table 1, then copy the content into the
- * SST object table context.
- */
- if (sst_obj_table_ctx.active_table == SST_OBJ_TABLE_IDX_1) {
- (void)tfm_memcpy(&sst_obj_table_ctx.obj_table,
- init_ctx->p_table[SST_OBJ_TABLE_IDX_1],
- SST_OBJ_TABLE_SIZE);
- }
-
- return PSA_SUCCESS;
-}
-
-/**
- * \brief Gets table's entry index based on the given object UID and client ID.
- *
- * \param[in] uid Object UID
- * \param[in] client_id Client UID
- * \param[out] idx Pointer to store the entry's index
- *
- * \return Returns PSA_SUCCESS and index of the table, if object exists
- * in the table. Otherwise, it returns PSA_ERROR_DOES_NOT_EXIST.
- */
-static psa_status_t sst_get_object_entry_idx(psa_storage_uid_t uid,
- int32_t client_id,
- uint32_t *idx)
-{
- uint32_t i;
- struct sst_obj_table_t *p_table = &sst_obj_table_ctx.obj_table;
-
- for (i = 0; i < SST_OBJ_TABLE_ENTRIES; i++) {
- if (p_table->obj_db[i].uid == uid
- && p_table->obj_db[i].client_id == client_id) {
- *idx = i;
- return PSA_SUCCESS;
- }
- }
-
- return PSA_ERROR_DOES_NOT_EXIST;
-}
-
-/**
- * \brief Gets free index in the table
- *
- * \param[in] idx_num The number of indices required to be free before one can
- * be allocated. Primarily used to prevent index
- * exhaustion.Note that this function will only ever return
- * 1 index.
- * \param[out] idx Pointer to store the free index
- *
- * \note The table is dimensioned to fit SST_NUM_ASSETS + 1
- *
- * \return Returns PSA_SUCCESS and a table index if idx_num free indices are
- * available. Otherwise, it returns PSA_ERROR_INSUFFICIENT_STORAGE.
- */
-__attribute__ ((always_inline))
-__STATIC_INLINE psa_status_t sst_table_free_idx(uint32_t idx_num,
- uint32_t *idx)
-{
- uint32_t i;
- uint32_t last_free = 0;
- struct sst_obj_table_t *p_table = &sst_obj_table_ctx.obj_table;
-
- if (idx_num == 0) {
- return PSA_ERROR_INVALID_ARGUMENT;
- }
-
- for (i = 0; i < SST_OBJ_TABLE_ENTRIES && idx_num > 0; i++) {
- if (p_table->obj_db[i].uid == TFM_SST_INVALID_UID) {
- last_free = i;
- idx_num--;
- }
- }
-
- if (idx_num != 0) {
- return PSA_ERROR_INSUFFICIENT_STORAGE;
- } else {
- *idx = last_free;
- return PSA_SUCCESS;
- }
-}
-
-/**
- * \brief Deletes an entry from the table
- *
- * \param[in] idx Entry index to delete
- *
- */
-static void sst_table_delete_entry(uint32_t idx)
-{
- /* Initialise object table entry structure */
- (void)tfm_memset(&sst_obj_table_ctx.obj_table.obj_db[idx],
- SST_DEFAULT_EMPTY_BUFF_VAL, SST_OBJECTS_TABLE_ENTRY_SIZE);
-}
-
-psa_status_t sst_object_table_create(void)
-{
- struct sst_obj_table_t *p_table = &sst_obj_table_ctx.obj_table;
-
- /* Initialize object structure */
- (void)tfm_memset(&sst_obj_table_ctx, SST_DEFAULT_EMPTY_BUFF_VAL,
- sizeof(struct sst_obj_table_ctx_t));
-
- /* Invert the other in the context as sst_object_table_save_table will
- * use the scratch index to create and store the current table.
- */
- sst_obj_table_ctx.active_table = SST_OBJ_TABLE_IDX_1;
- sst_obj_table_ctx.scratch_table = SST_OBJ_TABLE_IDX_0;
-
- p_table->version = SST_OBJECT_SYSTEM_VERSION;
-
- /* Save object table contents */
- return sst_object_table_save_table(p_table);
-}
-
-psa_status_t sst_object_table_init(uint8_t *obj_data)
-{
- psa_status_t err;
- struct sst_obj_table_init_ctx_t init_ctx = {
- .p_table = {&sst_obj_table_ctx.obj_table, NULL},
- .table_state = {SST_OBJ_TABLE_VALID, SST_OBJ_TABLE_VALID},
-#ifdef SST_ROLLBACK_PROTECTION
- .nvc_1 = 0U,
- .nvc_3 = 0U,
-#endif /* SST_ROLLBACK_PROTECTION */
- };
-
- init_ctx.p_table[SST_OBJ_TABLE_IDX_1] = (struct sst_obj_table_t *)obj_data;
-
- /* Read table from the file system */
- sst_object_table_fs_read_table(&init_ctx);
-
-#ifdef SST_ENCRYPTION
- /* Set object table key */
- err = sst_crypto_setkey();
- if (err != PSA_SUCCESS) {
- return err;
- }
-
-#ifdef SST_ROLLBACK_PROTECTION
- /* Authenticate table */
- err = sst_object_table_nvc_authenticate(&init_ctx);
- if (err != PSA_SUCCESS) {
- (void)sst_crypto_destroykey();
- return err;
- }
-#else
- sst_object_table_authenticate_ctx_tables(&init_ctx);
-#endif /* SST_ROLLBACK_PROTECTION */
-
- err = sst_crypto_destroykey();
- if (err != PSA_SUCCESS) {
- return err;
- }
-#endif /* SST_ENCRYPTION */
-
- /* Check tables version */
- sst_object_table_validate_version(&init_ctx);
-
- /* Set active tables */
- err = sst_set_active_object_table(&init_ctx);
- if (err != PSA_SUCCESS) {
- return err;
- }
-
- /* Remove the old object table file */
- err = psa_its_remove(SST_TABLE_FS_ID(sst_obj_table_ctx.scratch_table));
- if (err != PSA_SUCCESS && err != PSA_ERROR_DOES_NOT_EXIST) {
- return err;
- }
-
-#ifdef SST_ROLLBACK_PROTECTION
- /* Align SST NV counters */
- err = sst_object_table_align_nv_counters(init_ctx.nvc_1);
- if (err != PSA_SUCCESS) {
- return err;
- }
-#endif /* SST_ROLLBACK_PROTECTION */
-
-#ifdef SST_ENCRYPTION
- sst_crypto_set_iv(&sst_obj_table_ctx.obj_table.crypto);
-#endif
-
- return PSA_SUCCESS;
-}
-
-psa_status_t sst_object_table_obj_exist(psa_storage_uid_t uid,
- int32_t client_id)
-{
- uint32_t idx = 0;
-
- return sst_get_object_entry_idx(uid, client_id, &idx);
-}
-
-psa_status_t sst_object_table_get_free_fid(uint32_t fid_num,
- uint32_t *p_fid)
-{
- psa_status_t err;
- uint32_t fid;
- uint32_t idx;
-
- err = sst_table_free_idx(fid_num, &idx);
- if (err != PSA_SUCCESS) {
- return err;
- }
-
- /* There first two file IDs are reserved for the active table
- * and scratch table files.
- */
- fid = SST_OBJECT_FS_ID(idx);
-
- /* If there is a file in the persistent area with that ID then remove it.
- * That can happen when the system is rebooted (e.g. power cut, ...) in the
- * middle of a create, write or delete operation.
- */
- err = psa_its_remove(fid);
- if (err != PSA_SUCCESS && err != PSA_ERROR_DOES_NOT_EXIST) {
- return err;
- }
-
- *p_fid = fid;
-
- return PSA_SUCCESS;
-}
-
-psa_status_t sst_object_table_set_obj_tbl_info(psa_storage_uid_t uid,
- int32_t client_id,
- const struct sst_obj_table_info_t *obj_tbl_info)
-{
- psa_status_t err;
- uint32_t idx = 0;
- uint32_t backup_idx = 0;
- struct sst_obj_table_entry_t backup_entry = {
-#ifdef SST_ENCRYPTION
- .tag = {0U},
-#else
- .version = 0U,
-#endif /* SST_ENCRYPTION */
- .uid = TFM_SST_INVALID_UID,
- .client_id = 0,
- };
- struct sst_obj_table_t *p_table = &sst_obj_table_ctx.obj_table;
-
- err = sst_get_object_entry_idx(uid, client_id, &backup_idx);
- if (err == PSA_SUCCESS) {
- /* If an entry exists for this UID, it creates a backup copy in case
- * an error happens while updating the new table in the filesystem.
- */
- (void)tfm_memcpy(&backup_entry, &p_table->obj_db[backup_idx],
- SST_OBJECTS_TABLE_ENTRY_SIZE);
-
- /* Deletes old object information if it exist in the table */
- sst_table_delete_entry(backup_idx);
- }
-
- idx = SST_OBJECT_FS_ID_TO_IDX(obj_tbl_info->fid);
- p_table->obj_db[idx].uid = uid;
- p_table->obj_db[idx].client_id = client_id;
-
- /* Add new object information */
-#ifdef SST_ENCRYPTION
- (void)tfm_memcpy(p_table->obj_db[idx].tag, obj_tbl_info->tag,
- SST_TAG_LEN_BYTES);
-#else
- p_table->obj_db[idx].version = obj_tbl_info->version;
-#endif
-
- err = sst_object_table_save_table(p_table);
- if (err != PSA_SUCCESS) {
- if (backup_entry.uid != TFM_SST_INVALID_UID) {
- /* Rollback the change in the table */
- (void)tfm_memcpy(&p_table->obj_db[backup_idx], &backup_entry,
- SST_OBJECTS_TABLE_ENTRY_SIZE);
- }
-
- sst_table_delete_entry(idx);
- }
-
- return err;
-}
-
-psa_status_t sst_object_table_get_obj_tbl_info(psa_storage_uid_t uid,
- int32_t client_id,
- struct sst_obj_table_info_t *obj_tbl_info)
-{
- psa_status_t err;
- uint32_t idx;
- struct sst_obj_table_t *p_table = &sst_obj_table_ctx.obj_table;
-
- err = sst_get_object_entry_idx(uid, client_id, &idx);
- if (err != PSA_SUCCESS) {
- return err;
- }
-
- obj_tbl_info->fid = SST_OBJECT_FS_ID(idx);
-
-#ifdef SST_ENCRYPTION
- (void)tfm_memcpy(obj_tbl_info->tag, p_table->obj_db[idx].tag,
- SST_TAG_LEN_BYTES);
-#else
- obj_tbl_info->version = p_table->obj_db[idx].version;
-#endif
-
- return PSA_SUCCESS;
-}
-
-psa_status_t sst_object_table_delete_object(psa_storage_uid_t uid,
- int32_t client_id)
-{
- uint32_t backup_idx = 0;
- struct sst_obj_table_entry_t backup_entry;
- psa_status_t err;
- struct sst_obj_table_t *p_table = &sst_obj_table_ctx.obj_table;
-
- /* Create a backup copy in case an error happens while updating the new
- * table in the filesystem.
- */
- err = sst_get_object_entry_idx(uid, client_id, &backup_idx);
- if (err != PSA_SUCCESS) {
- /* If the object is not present in the table, it returns an error
- * to not generate a new file where the table content is the same.
- * Otherwise, that could be used by an attacker to get the encryption
- * key.
- */
- return err;
- }
-
- (void)tfm_memcpy(&backup_entry, &p_table->obj_db[backup_idx],
- SST_OBJECTS_TABLE_ENTRY_SIZE);
-
- sst_table_delete_entry(backup_idx);
-
- err = sst_object_table_save_table(p_table);
- if (err != PSA_SUCCESS) {
- /* Rollback the change in the table */
- (void)tfm_memcpy(&p_table->obj_db[backup_idx], &backup_entry,
- SST_OBJECTS_TABLE_ENTRY_SIZE);
- }
-
- return err;
-}
-
-psa_status_t sst_object_table_delete_old_table(void)
-{
- uint32_t table_id = SST_TABLE_FS_ID(sst_obj_table_ctx.scratch_table);
-
- return psa_its_remove(table_id);
-}
diff --git a/secure_fw/partitions/secure_storage/tfm_protected_storage.c b/secure_fw/partitions/secure_storage/tfm_protected_storage.c
deleted file mode 100644
index 674d81a..0000000
--- a/secure_fw/partitions/secure_storage/tfm_protected_storage.c
+++ /dev/null
@@ -1,128 +0,0 @@
-/*
- * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-#include "tfm_protected_storage.h"
-#include "sst_object_system.h"
-#include "tfm_sst_defs.h"
-
-psa_status_t tfm_sst_init(void)
-{
- psa_status_t err;
-
- err = sst_system_prepare();
-#ifdef SST_CREATE_FLASH_LAYOUT
- /* If SST_CREATE_FLASH_LAYOUT is set, it indicates that it is required to
- * create a SST flash layout. SST service will generate an empty and valid
- * SST flash layout to store assets. It will erase all data located in the
- * assigned SST memory area before generating the SST layout.
- * This flag is required to be set if the SST memory area is located in
- * non-persistent memory.
- * This flag can be set if the SST memory area is located in persistent
- * memory without a previous valid SST flash layout in it. That is the case
- * when it is the first time in the device life that the SST service is
- * executed.
- */
- if (err != PSA_SUCCESS) {
- /* Remove all data in the SST memory area and create a valid SST flash
- * layout in that area.
- */
- err = sst_system_wipe_all();
- if (err != PSA_SUCCESS) {
- return err;
- }
-
- /* Attempt to initialise again */
- err = sst_system_prepare();
- }
-#endif /* SST_CREATE_FLASH_LAYOUT */
-
- return err;
-}
-
-psa_status_t tfm_sst_set(int32_t client_id,
- psa_storage_uid_t uid,
- uint32_t data_length,
- psa_storage_create_flags_t create_flags)
-{
- /* Check that the UID is valid */
- if (uid == TFM_SST_INVALID_UID) {
- return PSA_ERROR_INVALID_ARGUMENT;
- }
-
- /* Check that the create_flags does not contain any unsupported flags */
- if (create_flags & ~(PSA_STORAGE_FLAG_WRITE_ONCE |
- PSA_STORAGE_FLAG_NO_CONFIDENTIALITY |
- PSA_STORAGE_FLAG_NO_REPLAY_PROTECTION)) {
- return PSA_ERROR_NOT_SUPPORTED;
- }
-
- /* Create the object in the object system */
- return sst_object_create(uid, client_id, create_flags, data_length);
-}
-
-psa_status_t tfm_sst_get(int32_t client_id,
- psa_storage_uid_t uid,
- uint32_t data_offset,
- uint32_t data_size,
- size_t *p_data_length)
-{
- /* Check that the UID is valid */
- if (uid == TFM_SST_INVALID_UID) {
- return PSA_ERROR_INVALID_ARGUMENT;
- }
-
- /* Read the object data from the object system */
- return sst_object_read(uid, client_id, data_offset, data_size,
- p_data_length);
-}
-
-psa_status_t tfm_sst_get_info(int32_t client_id, psa_storage_uid_t uid,
- struct psa_storage_info_t *p_info)
-{
- /* Check that the UID is valid */
- if (uid == TFM_SST_INVALID_UID) {
- return PSA_ERROR_INVALID_ARGUMENT;
- }
-
- /* Get the info struct data from the object system */
- return sst_object_get_info(uid, client_id, p_info);
-}
-
-psa_status_t tfm_sst_remove(int32_t client_id, psa_storage_uid_t uid)
-{
- psa_status_t err;
-
- /* Check that the UID is valid */
- if (uid == TFM_SST_INVALID_UID) {
- return PSA_ERROR_INVALID_ARGUMENT;
- }
-
- /* Delete the object from the object system */
- err = sst_object_delete(uid, client_id);
-
- /* PSA_ERROR_INVALID_SIGNATURE is not supported by psa_ps_remove
- * specification. So, this function returns TFM_SST_ERR_OPERATION_FAILED
- * instead.
- */
- if (err == PSA_ERROR_INVALID_SIGNATURE) {
- return PSA_ERROR_GENERIC_ERROR;
- }
-
- return err;
-}
-
-uint32_t tfm_sst_get_support(void)
-{
- /*
- * This function returns a bitmask with flags set for all of the optional
- * features supported by the SST service implementation.
- *
- * SST service does not support the optional extended PSA PS API yet.
- */
-
- return 0;
-}
diff --git a/secure_fw/partitions/tfm_service_list.inc b/secure_fw/partitions/tfm_service_list.inc
index ddedbc8..a0d4e72 100644
--- a/secure_fw/partitions/tfm_service_list.inc
+++ b/secure_fw/partitions/tfm_service_list.inc
@@ -10,7 +10,7 @@
#ifndef __TFM_SERVICE_LIST_INC__
#define __TFM_SERVICE_LIST_INC__
-#include "secure_fw/partitions/secure_storage/psa_manifest/tfm_secure_storage.h"
+#include "secure_fw/partitions/protected_storage/psa_manifest/tfm_protected_storage.h"
#include "secure_fw/partitions/internal_trusted_storage/psa_manifest/tfm_internal_trusted_storage.h"
#include "secure_fw/partitions/audit_logging/psa_manifest/tfm_audit_logging.h"
#include "secure_fw/partitions/crypto/psa_manifest/tfm_crypto.h"
@@ -22,60 +22,60 @@
#include "test/test_services/tfm_ipc_service/psa_manifest/tfm_ipc_service_partition.h"
#include "test/test_services/tfm_ipc_client/psa_manifest/tfm_ipc_client_partition.h"
#include "test/test_services/tfm_irq_test_service_1/psa_manifest/tfm_irq_test_service_1.h"
-#include "test/test_services/tfm_sst_test_service/psa_manifest/tfm_sst_test_service.h"
+#include "test/test_services/tfm_ps_test_service/psa_manifest/tfm_ps_test_service.h"
#include "test/test_services/tfm_secure_client_2/psa_manifest/tfm_secure_client_2.h"
#include "test/test_services/tfm_multi_core_test/psa_manifest/tfm_multi_core_test.h"
const struct tfm_spm_service_db_t service_db[] =
{
-#ifdef TFM_PARTITION_SECURE_STORAGE
- /******** TFM_SP_STORAGE ********/
+#ifdef TFM_PARTITION_PROTECTED_STORAGE
+ /******** TFM_SP_PS ********/
{
- .name = "TFM_SST_SET",
- .partition_id = TFM_SP_STORAGE,
- .signal = TFM_SST_SET_SIGNAL,
+ .name = "TFM_PS_SET",
+ .partition_id = TFM_SP_PS,
+ .signal = TFM_PS_SET_SIGNAL,
.sid = 0x00000060,
.non_secure_client = true,
.version = 1,
.version_policy = TFM_VERSION_POLICY_STRICT
},
{
- .name = "TFM_SST_GET",
- .partition_id = TFM_SP_STORAGE,
- .signal = TFM_SST_GET_SIGNAL,
+ .name = "TFM_PS_GET",
+ .partition_id = TFM_SP_PS,
+ .signal = TFM_PS_GET_SIGNAL,
.sid = 0x00000061,
.non_secure_client = true,
.version = 1,
.version_policy = TFM_VERSION_POLICY_STRICT
},
{
- .name = "TFM_SST_GET_INFO",
- .partition_id = TFM_SP_STORAGE,
- .signal = TFM_SST_GET_INFO_SIGNAL,
+ .name = "TFM_PS_GET_INFO",
+ .partition_id = TFM_SP_PS,
+ .signal = TFM_PS_GET_INFO_SIGNAL,
.sid = 0x00000062,
.non_secure_client = true,
.version = 1,
.version_policy = TFM_VERSION_POLICY_STRICT
},
{
- .name = "TFM_SST_REMOVE",
- .partition_id = TFM_SP_STORAGE,
- .signal = TFM_SST_REMOVE_SIGNAL,
+ .name = "TFM_PS_REMOVE",
+ .partition_id = TFM_SP_PS,
+ .signal = TFM_PS_REMOVE_SIGNAL,
.sid = 0x00000063,
.non_secure_client = true,
.version = 1,
.version_policy = TFM_VERSION_POLICY_STRICT
},
{
- .name = "TFM_SST_GET_SUPPORT",
- .partition_id = TFM_SP_STORAGE,
- .signal = TFM_SST_GET_SUPPORT_SIGNAL,
+ .name = "TFM_PS_GET_SUPPORT",
+ .partition_id = TFM_SP_PS,
+ .signal = TFM_PS_GET_SUPPORT_SIGNAL,
.sid = 0x00000064,
.non_secure_client = true,
.version = 1,
.version_policy = TFM_VERSION_POLICY_STRICT
},
-#endif /* TFM_PARTITION_SECURE_STORAGE */
+#endif /* TFM_PARTITION_PROTECTED_STORAGE */
#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
/******** TFM_SP_ITS ********/
@@ -477,18 +477,18 @@
},
#endif /* TFM_ENABLE_IRQ_TEST */
-#ifdef TFM_PARTITION_TEST_SST
- /******** TFM_SP_SST_TEST ********/
+#ifdef TFM_PARTITION_TEST_PS
+ /******** TFM_SP_PS_TEST ********/
{
- .name = "TFM_SST_TEST_PREPARE",
- .partition_id = TFM_SP_SST_TEST,
- .signal = TFM_SST_TEST_PREPARE_SIGNAL,
+ .name = "TFM_PS_TEST_PREPARE",
+ .partition_id = TFM_SP_PS_TEST,
+ .signal = TFM_PS_TEST_PREPARE_SIGNAL,
.sid = 0x0000F0C0,
.non_secure_client = false,
.version = 1,
.version_policy = TFM_VERSION_POLICY_STRICT
},
-#endif /* TFM_PARTITION_TEST_SST */
+#endif /* TFM_PARTITION_TEST_PS */
#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
/******** TFM_SP_SECURE_CLIENT_2 ********/
@@ -532,8 +532,8 @@
/**************************************************************************/
struct tfm_spm_service_t service[] =
{
-#ifdef TFM_PARTITION_SECURE_STORAGE
- /******** TFM_SP_STORAGE ********/
+#ifdef TFM_PARTITION_PROTECTED_STORAGE
+ /******** TFM_SP_PS ********/
{
.service_db = NULL,
.partition = NULL,
@@ -569,7 +569,7 @@
.msg_queue = {0},
.list = {0},
},
-#endif /* TFM_PARTITION_SECURE_STORAGE */
+#endif /* TFM_PARTITION_PROTECTED_STORAGE */
#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
/******** TFM_SP_ITS ********/
@@ -891,8 +891,8 @@
},
#endif /* TFM_ENABLE_IRQ_TEST */
-#ifdef TFM_PARTITION_TEST_SST
- /******** TFM_SP_SST_TEST ********/
+#ifdef TFM_PARTITION_TEST_PS
+ /******** TFM_SP_PS_TEST ********/
{
.service_db = NULL,
.partition = NULL,
@@ -900,7 +900,7 @@
.msg_queue = {0},
.list = {0},
},
-#endif /* TFM_PARTITION_TEST_SST */
+#endif /* TFM_PARTITION_TEST_PS */
#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
/******** TFM_SP_SECURE_CLIENT_2 ********/
diff --git a/secure_fw/spm/model_func/tfm_secure_irq_handlers.inc b/secure_fw/spm/model_func/tfm_secure_irq_handlers.inc
index 45418a2..8c35661 100644
--- a/secure_fw/spm/model_func/tfm_secure_irq_handlers.inc
+++ b/secure_fw/spm/model_func/tfm_secure_irq_handlers.inc
@@ -7,7 +7,7 @@
/*********** WARNING: This is an auto-generated file. Do not edit! ***********/
-#include "secure_fw/partitions/secure_storage/psa_manifest/tfm_secure_storage.h"
+#include "secure_fw/partitions/protected_storage/psa_manifest/tfm_protected_storage.h"
#include "secure_fw/partitions/internal_trusted_storage/psa_manifest/tfm_internal_trusted_storage.h"
#include "secure_fw/partitions/audit_logging/psa_manifest/tfm_audit_logging.h"
#include "secure_fw/partitions/crypto/psa_manifest/tfm_crypto.h"
@@ -19,7 +19,7 @@
#include "test/test_services/tfm_ipc_service/psa_manifest/tfm_ipc_service_partition.h"
#include "test/test_services/tfm_ipc_client/psa_manifest/tfm_ipc_client_partition.h"
#include "test/test_services/tfm_irq_test_service_1/psa_manifest/tfm_irq_test_service_1.h"
-#include "test/test_services/tfm_sst_test_service/psa_manifest/tfm_sst_test_service.h"
+#include "test/test_services/tfm_ps_test_service/psa_manifest/tfm_ps_test_service.h"
#include "test/test_services/tfm_secure_client_2/psa_manifest/tfm_secure_client_2.h"
#include "test/test_services/tfm_multi_core_test/psa_manifest/tfm_multi_core_test.h"
#include "psa_manifest/pid.h"
diff --git a/secure_fw/spm/model_func/tfm_spm_db_func.inc b/secure_fw/spm/model_func/tfm_spm_db_func.inc
index 21a76ca..6b5c42e 100644
--- a/secure_fw/spm/model_func/tfm_spm_db_func.inc
+++ b/secure_fw/spm/model_func/tfm_spm_db_func.inc
@@ -16,9 +16,9 @@
/**************************************************************************/
/** IRQ count per partition */
/**************************************************************************/
-#ifdef TFM_PARTITION_SECURE_STORAGE
-#define TFM_PARTITION_TFM_SP_STORAGE_IRQ_COUNT 0
-#endif /* TFM_PARTITION_SECURE_STORAGE */
+#ifdef TFM_PARTITION_PROTECTED_STORAGE
+#define TFM_PARTITION_TFM_SP_PS_IRQ_COUNT 0
+#endif /* TFM_PARTITION_PROTECTED_STORAGE */
#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
#define TFM_PARTITION_TFM_SP_ITS_IRQ_COUNT 0
@@ -64,9 +64,9 @@
#define TFM_PARTITION_TFM_IRQ_TEST_1_IRQ_COUNT 1
#endif /* TFM_ENABLE_IRQ_TEST */
-#ifdef TFM_PARTITION_TEST_SST
-#define TFM_PARTITION_TFM_SP_SST_TEST_IRQ_COUNT 0
-#endif /* TFM_PARTITION_TEST_SST */
+#ifdef TFM_PARTITION_TEST_PS
+#define TFM_PARTITION_TFM_SP_PS_TEST_IRQ_COUNT 0
+#endif /* TFM_PARTITION_TEST_PS */
#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
#define TFM_PARTITION_TFM_SP_SECURE_CLIENT_2_IRQ_COUNT 0
@@ -79,9 +79,9 @@
/**************************************************************************/
/** Declarations of partition init functions */
/**************************************************************************/
-#ifdef TFM_PARTITION_SECURE_STORAGE
-extern void tfm_sst_req_mngr_init(void);
-#endif /* TFM_PARTITION_SECURE_STORAGE */
+#ifdef TFM_PARTITION_PROTECTED_STORAGE
+extern void tfm_ps_req_mngr_init(void);
+#endif /* TFM_PARTITION_PROTECTED_STORAGE */
#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
extern void tfm_its_req_mngr_init(void);
@@ -127,9 +127,9 @@
extern void tfm_irq_test_1_init(void);
#endif /* TFM_ENABLE_IRQ_TEST */
-#ifdef TFM_PARTITION_TEST_SST
-extern void tfm_sst_test_init(void);
-#endif /* TFM_PARTITION_TEST_SST */
+#ifdef TFM_PARTITION_TEST_PS
+extern void tfm_ps_test_init(void);
+#endif /* TFM_PARTITION_TEST_PS */
#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
extern void tfm_secure_client_2_init(void);
@@ -157,14 +157,14 @@
static uint32_t tfm_core_interrupt_ctx_stack[
sizeof(struct interrupted_ctx_stack_frame_t) / sizeof(uint32_t)];
-#ifdef TFM_PARTITION_SECURE_STORAGE
-static uint32_t ctx_stack_TFM_SP_STORAGE[
+#ifdef TFM_PARTITION_PROTECTED_STORAGE
+static uint32_t ctx_stack_TFM_SP_PS[
(sizeof(struct interrupted_ctx_stack_frame_t) +
- (TFM_PARTITION_TFM_SP_STORAGE_IRQ_COUNT) * (
+ (TFM_PARTITION_TFM_SP_PS_IRQ_COUNT) * (
sizeof(struct interrupted_ctx_stack_frame_t) +
sizeof(struct handler_ctx_stack_frame_t)
)) / sizeof(uint32_t)];
-#endif /* TFM_PARTITION_SECURE_STORAGE */
+#endif /* TFM_PARTITION_PROTECTED_STORAGE */
#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
static uint32_t ctx_stack_TFM_SP_ITS[
@@ -265,14 +265,14 @@
)) / sizeof(uint32_t)];
#endif /* TFM_ENABLE_IRQ_TEST */
-#ifdef TFM_PARTITION_TEST_SST
-static uint32_t ctx_stack_TFM_SP_SST_TEST[
+#ifdef TFM_PARTITION_TEST_PS
+static uint32_t ctx_stack_TFM_SP_PS_TEST[
(sizeof(struct interrupted_ctx_stack_frame_t) +
- (TFM_PARTITION_TFM_SP_SST_TEST_IRQ_COUNT) * (
+ (TFM_PARTITION_TFM_SP_PS_TEST_IRQ_COUNT) * (
sizeof(struct interrupted_ctx_stack_frame_t) +
sizeof(struct handler_ctx_stack_frame_t)
)) / sizeof(uint32_t)];
-#endif /* TFM_PARTITION_TEST_SST */
+#endif /* TFM_PARTITION_TEST_PS */
#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
static uint32_t ctx_stack_TFM_SP_SECURE_CLIENT_2[
@@ -296,9 +296,9 @@
{
ns_interrupt_ctx_stack,
tfm_core_interrupt_ctx_stack,
-#ifdef TFM_PARTITION_SECURE_STORAGE
- ctx_stack_TFM_SP_STORAGE,
-#endif /* TFM_PARTITION_SECURE_STORAGE */
+#ifdef TFM_PARTITION_PROTECTED_STORAGE
+ ctx_stack_TFM_SP_PS,
+#endif /* TFM_PARTITION_PROTECTED_STORAGE */
#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
ctx_stack_TFM_SP_ITS,
#endif /* TFM_PARTITION_INTERNAL_TRUSTED_STORAGE */
@@ -332,9 +332,9 @@
#ifdef TFM_ENABLE_IRQ_TEST
ctx_stack_TFM_IRQ_TEST_1,
#endif /* TFM_ENABLE_IRQ_TEST */
-#ifdef TFM_PARTITION_TEST_SST
- ctx_stack_TFM_SP_SST_TEST,
-#endif /* TFM_PARTITION_TEST_SST */
+#ifdef TFM_PARTITION_TEST_PS
+ ctx_stack_TFM_SP_PS_TEST,
+#endif /* TFM_PARTITION_TEST_PS */
#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
ctx_stack_TFM_SP_SECURE_CLIENT_2,
#endif /* TFM_PARTITION_TEST_SECURE_SERVICES */
@@ -346,8 +346,8 @@
/**************************************************************************/
/** Dependencies array for Secure Partition */
/**************************************************************************/
-#ifdef TFM_PARTITION_SECURE_STORAGE
-static int32_t dependencies_TFM_SP_STORAGE[] =
+#ifdef TFM_PARTITION_PROTECTED_STORAGE
+static int32_t dependencies_TFM_SP_PS[] =
{
TFM_CRYPTO_SID,
TFM_ITS_SET_SID,
@@ -356,7 +356,7 @@
TFM_ITS_REMOVE_SID,
TFM_SP_PLATFORM_NV_COUNTER_SID,
};
-#endif /* TFM_PARTITION_SECURE_STORAGE */
+#endif /* TFM_PARTITION_PROTECTED_STORAGE */
#ifdef TFM_PARTITION_CRYPTO
static int32_t dependencies_TFM_SP_CRYPTO[] =
@@ -389,11 +389,11 @@
{
TFM_SECURE_CLIENT_2_SID,
TFM_CRYPTO_SID,
- TFM_SST_SET_SID,
- TFM_SST_GET_SID,
- TFM_SST_GET_INFO_SID,
- TFM_SST_REMOVE_SID,
- TFM_SST_GET_SUPPORT_SID,
+ TFM_PS_SET_SID,
+ TFM_PS_GET_SID,
+ TFM_PS_GET_INFO_SID,
+ TFM_PS_REMOVE_SID,
+ TFM_PS_GET_SUPPORT_SID,
TFM_ITS_SET_SID,
TFM_ITS_GET_SID,
TFM_ITS_GET_INFO_SID,
@@ -401,7 +401,7 @@
TFM_ATTEST_GET_TOKEN_SID,
TFM_ATTEST_GET_TOKEN_SIZE_SID,
TFM_ATTEST_GET_PUBLIC_KEY_SID,
- TFM_SST_TEST_PREPARE_SID,
+ TFM_PS_TEST_PREPARE_SID,
TFM_SP_PLATFORM_SYSTEM_RESET_SID,
TFM_SP_PLATFORM_IOCTL_SID,
};
@@ -417,14 +417,14 @@
};
#endif /* TFM_PARTITION_TEST_CORE_IPC */
-#ifdef TFM_PARTITION_TEST_SST
-static int32_t dependencies_TFM_SP_SST_TEST[] =
+#ifdef TFM_PARTITION_TEST_PS
+static int32_t dependencies_TFM_SP_PS_TEST[] =
{
TFM_CRYPTO_SID,
TFM_ITS_GET_SID,
TFM_ITS_REMOVE_SID,
};
-#endif /* TFM_PARTITION_TEST_SST */
+#endif /* TFM_PARTITION_TEST_PS */
#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
static int32_t dependencies_TFM_SP_SECURE_CLIENT_2[] =
@@ -449,18 +449,18 @@
.partition_flags = SPM_PART_FLAG_APP_ROT | SPM_PART_FLAG_PSA_ROT,
},
-#ifdef TFM_PARTITION_SECURE_STORAGE
+#ifdef TFM_PARTITION_PROTECTED_STORAGE
{
- .partition_id = TFM_SP_STORAGE,
+ .partition_id = TFM_SP_PS,
.partition_flags = SPM_PART_FLAG_IPC
| SPM_PART_FLAG_APP_ROT
,
.partition_priority = TFM_PRIORITY(NORMAL),
- .partition_init = tfm_sst_req_mngr_init,
+ .partition_init = tfm_ps_req_mngr_init,
.dependencies_num = 6,
- .p_dependencies = dependencies_TFM_SP_STORAGE,
+ .p_dependencies = dependencies_TFM_SP_PS,
},
-#endif /* TFM_PARTITION_SECURE_STORAGE */
+#endif /* TFM_PARTITION_PROTECTED_STORAGE */
#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
{
@@ -605,18 +605,18 @@
},
#endif /* TFM_ENABLE_IRQ_TEST */
-#ifdef TFM_PARTITION_TEST_SST
+#ifdef TFM_PARTITION_TEST_PS
{
- .partition_id = TFM_SP_SST_TEST,
+ .partition_id = TFM_SP_PS_TEST,
.partition_flags = SPM_PART_FLAG_IPC
| SPM_PART_FLAG_PSA_ROT | SPM_PART_FLAG_APP_ROT
,
.partition_priority = TFM_PRIORITY(NORMAL),
- .partition_init = tfm_sst_test_init,
+ .partition_init = tfm_ps_test_init,
.dependencies_num = 3,
- .p_dependencies = dependencies_TFM_SP_SST_TEST,
+ .p_dependencies = dependencies_TFM_SP_PS_TEST,
},
-#endif /* TFM_PARTITION_TEST_SST */
+#endif /* TFM_PARTITION_TEST_PS */
#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
{
@@ -692,9 +692,9 @@
NULL,
NULL,
-#ifdef TFM_PARTITION_SECURE_STORAGE
+#ifdef TFM_PARTITION_PROTECTED_STORAGE
NULL,
-#endif /* TFM_PARTITION_SECURE_STORAGE */
+#endif /* TFM_PARTITION_PROTECTED_STORAGE */
#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
NULL,
@@ -740,9 +740,9 @@
platform_data_list_TFM_IRQ_TEST_1,
#endif /* TFM_ENABLE_IRQ_TEST */
-#ifdef TFM_PARTITION_TEST_SST
+#ifdef TFM_PARTITION_TEST_PS
NULL,
-#endif /* TFM_PARTITION_TEST_SST */
+#endif /* TFM_PARTITION_TEST_PS */
#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
NULL,
@@ -763,16 +763,16 @@
{{0}}, /* placeholder for TF-M Core internal partition */
/* -----------------------------------------------------------------------*/
- /* - Partition DB record for TFM_SP_STORAGE */
+ /* - Partition DB record for TFM_SP_PS */
/* -----------------------------------------------------------------------*/
-#ifdef TFM_PARTITION_SECURE_STORAGE
+#ifdef TFM_PARTITION_PROTECTED_STORAGE
{
/* Runtime data */
.runtime_data = {0},
.static_data = NULL,
.platform_data_list = NULL,
},
-#endif /* TFM_PARTITION_SECURE_STORAGE */
+#endif /* TFM_PARTITION_PROTECTED_STORAGE */
/* -----------------------------------------------------------------------*/
/* - Partition DB record for TFM_SP_ITS */
@@ -907,16 +907,16 @@
#endif /* TFM_ENABLE_IRQ_TEST */
/* -----------------------------------------------------------------------*/
- /* - Partition DB record for TFM_SP_SST_TEST */
+ /* - Partition DB record for TFM_SP_PS_TEST */
/* -----------------------------------------------------------------------*/
-#ifdef TFM_PARTITION_TEST_SST
+#ifdef TFM_PARTITION_TEST_PS
{
/* Runtime data */
.runtime_data = {0},
.static_data = NULL,
.platform_data_list = NULL,
},
-#endif /* TFM_PARTITION_TEST_SST */
+#endif /* TFM_PARTITION_TEST_PS */
/* -----------------------------------------------------------------------*/
/* - Partition DB record for TFM_SP_SECURE_CLIENT_2 */
diff --git a/secure_fw/spm/model_func/tfm_veneers.c b/secure_fw/spm/model_func/tfm_veneers.c
index 0da2ca9..a7a11c5 100644
--- a/secure_fw/spm/model_func/tfm_veneers.c
+++ b/secure_fw/spm/model_func/tfm_veneers.c
@@ -10,14 +10,14 @@
#include "tfm_secure_api.h"
#include "tfm/spm_partition_defs.h"
-#ifdef TFM_PARTITION_SECURE_STORAGE
-/******** TFM_SP_STORAGE ********/
-psa_status_t tfm_sst_set_req(psa_invec *, size_t, psa_outvec *, size_t);
-psa_status_t tfm_sst_get_req(psa_invec *, size_t, psa_outvec *, size_t);
-psa_status_t tfm_sst_get_info_req(psa_invec *, size_t, psa_outvec *, size_t);
-psa_status_t tfm_sst_remove_req(psa_invec *, size_t, psa_outvec *, size_t);
-psa_status_t tfm_sst_get_support_req(psa_invec *, size_t, psa_outvec *, size_t);
-#endif /* TFM_PARTITION_SECURE_STORAGE */
+#ifdef TFM_PARTITION_PROTECTED_STORAGE
+/******** TFM_SP_PS ********/
+psa_status_t tfm_ps_set_req(psa_invec *, size_t, psa_outvec *, size_t);
+psa_status_t tfm_ps_get_req(psa_invec *, size_t, psa_outvec *, size_t);
+psa_status_t tfm_ps_get_info_req(psa_invec *, size_t, psa_outvec *, size_t);
+psa_status_t tfm_ps_remove_req(psa_invec *, size_t, psa_outvec *, size_t);
+psa_status_t tfm_ps_get_support_req(psa_invec *, size_t, psa_outvec *, size_t);
+#endif /* TFM_PARTITION_PROTECTED_STORAGE */
#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
/******** TFM_SP_ITS ********/
@@ -153,10 +153,10 @@
psa_status_t spm_irq_test_1_execute_test_scenario(psa_invec *, size_t, psa_outvec *, size_t);
#endif /* TFM_ENABLE_IRQ_TEST */
-#ifdef TFM_PARTITION_TEST_SST
-/******** TFM_SP_SST_TEST ********/
-psa_status_t tfm_sst_test_prepare(psa_invec *, size_t, psa_outvec *, size_t);
-#endif /* TFM_PARTITION_TEST_SST */
+#ifdef TFM_PARTITION_TEST_PS
+/******** TFM_SP_PS_TEST ********/
+psa_status_t tfm_ps_test_prepare(psa_invec *, size_t, psa_outvec *, size_t);
+#endif /* TFM_PARTITION_TEST_PS */
#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
/******** TFM_SP_SECURE_CLIENT_2 ********/
@@ -183,14 +183,14 @@
in_vec, in_len, out_vec, out_len); \
}
-#ifdef TFM_PARTITION_SECURE_STORAGE
-/******** TFM_SP_STORAGE ********/
-TFM_VENEER_FUNCTION(TFM_SP_STORAGE, tfm_sst_set_req)
-TFM_VENEER_FUNCTION(TFM_SP_STORAGE, tfm_sst_get_req)
-TFM_VENEER_FUNCTION(TFM_SP_STORAGE, tfm_sst_get_info_req)
-TFM_VENEER_FUNCTION(TFM_SP_STORAGE, tfm_sst_remove_req)
-TFM_VENEER_FUNCTION(TFM_SP_STORAGE, tfm_sst_get_support_req)
-#endif /* TFM_PARTITION_SECURE_STORAGE */
+#ifdef TFM_PARTITION_PROTECTED_STORAGE
+/******** TFM_SP_PS ********/
+TFM_VENEER_FUNCTION(TFM_SP_PS, tfm_ps_set_req)
+TFM_VENEER_FUNCTION(TFM_SP_PS, tfm_ps_get_req)
+TFM_VENEER_FUNCTION(TFM_SP_PS, tfm_ps_get_info_req)
+TFM_VENEER_FUNCTION(TFM_SP_PS, tfm_ps_remove_req)
+TFM_VENEER_FUNCTION(TFM_SP_PS, tfm_ps_get_support_req)
+#endif /* TFM_PARTITION_PROTECTED_STORAGE */
#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
/******** TFM_SP_ITS ********/
@@ -326,10 +326,10 @@
TFM_VENEER_FUNCTION(TFM_IRQ_TEST_1, spm_irq_test_1_execute_test_scenario)
#endif /* TFM_ENABLE_IRQ_TEST */
-#ifdef TFM_PARTITION_TEST_SST
-/******** TFM_SP_SST_TEST ********/
-TFM_VENEER_FUNCTION(TFM_SP_SST_TEST, tfm_sst_test_prepare)
-#endif /* TFM_PARTITION_TEST_SST */
+#ifdef TFM_PARTITION_TEST_PS
+/******** TFM_SP_PS_TEST ********/
+TFM_VENEER_FUNCTION(TFM_SP_PS_TEST, tfm_ps_test_prepare)
+#endif /* TFM_PARTITION_TEST_PS */
#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
/******** TFM_SP_SECURE_CLIENT_2 ********/
diff --git a/secure_fw/spm/model_ipc/tfm_secure_irq_handlers_ipc.inc b/secure_fw/spm/model_ipc/tfm_secure_irq_handlers_ipc.inc
index 22f92cd..65fba46 100644
--- a/secure_fw/spm/model_ipc/tfm_secure_irq_handlers_ipc.inc
+++ b/secure_fw/spm/model_ipc/tfm_secure_irq_handlers_ipc.inc
@@ -7,7 +7,7 @@
/*********** WARNING: This is an auto-generated file. Do not edit! ***********/
-#include "secure_fw/partitions/secure_storage/psa_manifest/tfm_secure_storage.h"
+#include "secure_fw/partitions/protected_storage/psa_manifest/tfm_protected_storage.h"
#include "secure_fw/partitions/internal_trusted_storage/psa_manifest/tfm_internal_trusted_storage.h"
#include "secure_fw/partitions/audit_logging/psa_manifest/tfm_audit_logging.h"
#include "secure_fw/partitions/crypto/psa_manifest/tfm_crypto.h"
@@ -19,7 +19,7 @@
#include "test/test_services/tfm_ipc_service/psa_manifest/tfm_ipc_service_partition.h"
#include "test/test_services/tfm_ipc_client/psa_manifest/tfm_ipc_client_partition.h"
#include "test/test_services/tfm_irq_test_service_1/psa_manifest/tfm_irq_test_service_1.h"
-#include "test/test_services/tfm_sst_test_service/psa_manifest/tfm_sst_test_service.h"
+#include "test/test_services/tfm_ps_test_service/psa_manifest/tfm_ps_test_service.h"
#include "test/test_services/tfm_secure_client_2/psa_manifest/tfm_secure_client_2.h"
#include "test/test_services/tfm_multi_core_test/psa_manifest/tfm_multi_core_test.h"
#include "cmsis_compiler.h"
diff --git a/secure_fw/spm/model_ipc/tfm_spm_db_ipc.inc b/secure_fw/spm/model_ipc/tfm_spm_db_ipc.inc
index 3a99b2e..8618458 100644
--- a/secure_fw/spm/model_ipc/tfm_spm_db_ipc.inc
+++ b/secure_fw/spm/model_ipc/tfm_spm_db_ipc.inc
@@ -16,9 +16,9 @@
/**************************************************************************/
/** IRQ count per partition */
/**************************************************************************/
-#ifdef TFM_PARTITION_SECURE_STORAGE
-#define TFM_PARTITION_TFM_SP_STORAGE_IRQ_COUNT 0
-#endif /* TFM_PARTITION_SECURE_STORAGE */
+#ifdef TFM_PARTITION_PROTECTED_STORAGE
+#define TFM_PARTITION_TFM_SP_PS_IRQ_COUNT 0
+#endif /* TFM_PARTITION_PROTECTED_STORAGE */
#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
#define TFM_PARTITION_TFM_SP_ITS_IRQ_COUNT 0
@@ -64,9 +64,9 @@
#define TFM_PARTITION_TFM_IRQ_TEST_1_IRQ_COUNT 1
#endif /* TFM_ENABLE_IRQ_TEST */
-#ifdef TFM_PARTITION_TEST_SST
-#define TFM_PARTITION_TFM_SP_SST_TEST_IRQ_COUNT 0
-#endif /* TFM_PARTITION_TEST_SST */
+#ifdef TFM_PARTITION_TEST_PS
+#define TFM_PARTITION_TFM_SP_PS_TEST_IRQ_COUNT 0
+#endif /* TFM_PARTITION_TEST_PS */
#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
#define TFM_PARTITION_TFM_SP_SECURE_CLIENT_2_IRQ_COUNT 0
@@ -81,9 +81,9 @@
/**************************************************************************/
extern void tfm_nspm_thread_entry(void);
-#ifdef TFM_PARTITION_SECURE_STORAGE
-extern void tfm_sst_req_mngr_init(void);
-#endif /* TFM_PARTITION_SECURE_STORAGE */
+#ifdef TFM_PARTITION_PROTECTED_STORAGE
+extern void tfm_ps_req_mngr_init(void);
+#endif /* TFM_PARTITION_PROTECTED_STORAGE */
#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
extern void tfm_its_req_mngr_init(void);
@@ -129,9 +129,9 @@
extern void tfm_irq_test_1_init(void);
#endif /* TFM_ENABLE_IRQ_TEST */
-#ifdef TFM_PARTITION_TEST_SST
-extern void tfm_sst_test_init(void);
-#endif /* TFM_PARTITION_TEST_SST */
+#ifdef TFM_PARTITION_TEST_PS
+extern void tfm_ps_test_init(void);
+#endif /* TFM_PARTITION_TEST_PS */
#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
extern void tfm_secure_client_2_init(void);
@@ -147,18 +147,18 @@
REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Base);
REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
-#ifdef TFM_PARTITION_SECURE_STORAGE
-REGION_DECLARE(Image$$, TFM_SP_STORAGE_LINKER, $$Base);
-REGION_DECLARE(Image$$, TFM_SP_STORAGE_LINKER, $$Limit);
-REGION_DECLARE(Image$$, TFM_SP_STORAGE_LINKER, $$RO$$Base);
-REGION_DECLARE(Image$$, TFM_SP_STORAGE_LINKER, $$RO$$Limit);
-REGION_DECLARE(Image$$, TFM_SP_STORAGE_LINKER, _DATA$$RW$$Base);
-REGION_DECLARE(Image$$, TFM_SP_STORAGE_LINKER, _DATA$$RW$$Limit);
-REGION_DECLARE(Image$$, TFM_SP_STORAGE_LINKER, _DATA$$ZI$$Base);
-REGION_DECLARE(Image$$, TFM_SP_STORAGE_LINKER, _DATA$$ZI$$Limit);
-REGION_DECLARE(Image$$, TFM_SP_STORAGE_LINKER, _STACK$$ZI$$Base);
-REGION_DECLARE(Image$$, TFM_SP_STORAGE_LINKER, _STACK$$ZI$$Limit);
-#endif /* TFM_PARTITION_SECURE_STORAGE */
+#ifdef TFM_PARTITION_PROTECTED_STORAGE
+REGION_DECLARE(Image$$, TFM_SP_PS_LINKER, $$Base);
+REGION_DECLARE(Image$$, TFM_SP_PS_LINKER, $$Limit);
+REGION_DECLARE(Image$$, TFM_SP_PS_LINKER, $$RO$$Base);
+REGION_DECLARE(Image$$, TFM_SP_PS_LINKER, $$RO$$Limit);
+REGION_DECLARE(Image$$, TFM_SP_PS_LINKER, _DATA$$RW$$Base);
+REGION_DECLARE(Image$$, TFM_SP_PS_LINKER, _DATA$$RW$$Limit);
+REGION_DECLARE(Image$$, TFM_SP_PS_LINKER, _DATA$$ZI$$Base);
+REGION_DECLARE(Image$$, TFM_SP_PS_LINKER, _DATA$$ZI$$Limit);
+REGION_DECLARE(Image$$, TFM_SP_PS_LINKER, _STACK$$ZI$$Base);
+REGION_DECLARE(Image$$, TFM_SP_PS_LINKER, _STACK$$ZI$$Limit);
+#endif /* TFM_PARTITION_PROTECTED_STORAGE */
#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
REGION_DECLARE(Image$$, TFM_SP_ITS_LINKER, $$Base);
@@ -303,18 +303,18 @@
REGION_DECLARE(Image$$, TFM_IRQ_TEST_1_LINKER, _STACK$$ZI$$Limit);
#endif /* TFM_ENABLE_IRQ_TEST */
-#ifdef TFM_PARTITION_TEST_SST
-REGION_DECLARE(Image$$, TFM_SP_SST_TEST_LINKER, $$Base);
-REGION_DECLARE(Image$$, TFM_SP_SST_TEST_LINKER, $$Limit);
-REGION_DECLARE(Image$$, TFM_SP_SST_TEST_LINKER, $$RO$$Base);
-REGION_DECLARE(Image$$, TFM_SP_SST_TEST_LINKER, $$RO$$Limit);
-REGION_DECLARE(Image$$, TFM_SP_SST_TEST_LINKER, _DATA$$RW$$Base);
-REGION_DECLARE(Image$$, TFM_SP_SST_TEST_LINKER, _DATA$$RW$$Limit);
-REGION_DECLARE(Image$$, TFM_SP_SST_TEST_LINKER, _DATA$$ZI$$Base);
-REGION_DECLARE(Image$$, TFM_SP_SST_TEST_LINKER, _DATA$$ZI$$Limit);
-REGION_DECLARE(Image$$, TFM_SP_SST_TEST_LINKER, _STACK$$ZI$$Base);
-REGION_DECLARE(Image$$, TFM_SP_SST_TEST_LINKER, _STACK$$ZI$$Limit);
-#endif /* TFM_PARTITION_TEST_SST */
+#ifdef TFM_PARTITION_TEST_PS
+REGION_DECLARE(Image$$, TFM_SP_PS_TEST_LINKER, $$Base);
+REGION_DECLARE(Image$$, TFM_SP_PS_TEST_LINKER, $$Limit);
+REGION_DECLARE(Image$$, TFM_SP_PS_TEST_LINKER, $$RO$$Base);
+REGION_DECLARE(Image$$, TFM_SP_PS_TEST_LINKER, $$RO$$Limit);
+REGION_DECLARE(Image$$, TFM_SP_PS_TEST_LINKER, _DATA$$RW$$Base);
+REGION_DECLARE(Image$$, TFM_SP_PS_TEST_LINKER, _DATA$$RW$$Limit);
+REGION_DECLARE(Image$$, TFM_SP_PS_TEST_LINKER, _DATA$$ZI$$Base);
+REGION_DECLARE(Image$$, TFM_SP_PS_TEST_LINKER, _DATA$$ZI$$Limit);
+REGION_DECLARE(Image$$, TFM_SP_PS_TEST_LINKER, _STACK$$ZI$$Base);
+REGION_DECLARE(Image$$, TFM_SP_PS_TEST_LINKER, _STACK$$ZI$$Limit);
+#endif /* TFM_PARTITION_TEST_PS */
#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
REGION_DECLARE(Image$$, TFM_SP_SECURE_CLIENT_2_LINKER, $$Base);
@@ -345,8 +345,8 @@
/**************************************************************************/
/** Dependencies array for Secure Partition */
/**************************************************************************/
-#ifdef TFM_PARTITION_SECURE_STORAGE
-static int32_t dependencies_TFM_SP_STORAGE[] =
+#ifdef TFM_PARTITION_PROTECTED_STORAGE
+static int32_t dependencies_TFM_SP_PS[] =
{
TFM_CRYPTO_SID,
TFM_ITS_SET_SID,
@@ -355,7 +355,7 @@
TFM_ITS_REMOVE_SID,
TFM_SP_PLATFORM_NV_COUNTER_SID,
};
-#endif /* TFM_PARTITION_SECURE_STORAGE */
+#endif /* TFM_PARTITION_PROTECTED_STORAGE */
#ifdef TFM_PARTITION_CRYPTO
static int32_t dependencies_TFM_SP_CRYPTO[] =
@@ -388,11 +388,11 @@
{
TFM_SECURE_CLIENT_2_SID,
TFM_CRYPTO_SID,
- TFM_SST_SET_SID,
- TFM_SST_GET_SID,
- TFM_SST_GET_INFO_SID,
- TFM_SST_REMOVE_SID,
- TFM_SST_GET_SUPPORT_SID,
+ TFM_PS_SET_SID,
+ TFM_PS_GET_SID,
+ TFM_PS_GET_INFO_SID,
+ TFM_PS_REMOVE_SID,
+ TFM_PS_GET_SUPPORT_SID,
TFM_ITS_SET_SID,
TFM_ITS_GET_SID,
TFM_ITS_GET_INFO_SID,
@@ -400,7 +400,7 @@
TFM_ATTEST_GET_TOKEN_SID,
TFM_ATTEST_GET_TOKEN_SIZE_SID,
TFM_ATTEST_GET_PUBLIC_KEY_SID,
- TFM_SST_TEST_PREPARE_SID,
+ TFM_PS_TEST_PREPARE_SID,
TFM_SP_PLATFORM_SYSTEM_RESET_SID,
TFM_SP_PLATFORM_IOCTL_SID,
};
@@ -416,14 +416,14 @@
};
#endif /* TFM_PARTITION_TEST_CORE_IPC */
-#ifdef TFM_PARTITION_TEST_SST
-static int32_t dependencies_TFM_SP_SST_TEST[] =
+#ifdef TFM_PARTITION_TEST_PS
+static int32_t dependencies_TFM_SP_PS_TEST[] =
{
TFM_CRYPTO_SID,
TFM_ITS_GET_SID,
TFM_ITS_REMOVE_SID,
};
-#endif /* TFM_PARTITION_TEST_SST */
+#endif /* TFM_PARTITION_TEST_PS */
#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
static int32_t dependencies_TFM_SP_SECURE_CLIENT_2[] =
@@ -450,19 +450,19 @@
.partition_init = tfm_nspm_thread_entry,
},
-#ifdef TFM_PARTITION_SECURE_STORAGE
+#ifdef TFM_PARTITION_PROTECTED_STORAGE
{
.psa_framework_version = 0x0100,
- .partition_id = TFM_SP_STORAGE,
+ .partition_id = TFM_SP_PS,
.partition_flags = SPM_PART_FLAG_IPC
| SPM_PART_FLAG_APP_ROT
,
.partition_priority = TFM_PRIORITY(NORMAL),
- .partition_init = tfm_sst_req_mngr_init,
+ .partition_init = tfm_ps_req_mngr_init,
.dependencies_num = 6,
- .p_dependencies = dependencies_TFM_SP_STORAGE,
+ .p_dependencies = dependencies_TFM_SP_PS,
},
-#endif /* TFM_PARTITION_SECURE_STORAGE */
+#endif /* TFM_PARTITION_PROTECTED_STORAGE */
#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
{
@@ -618,19 +618,19 @@
},
#endif /* TFM_ENABLE_IRQ_TEST */
-#ifdef TFM_PARTITION_TEST_SST
+#ifdef TFM_PARTITION_TEST_PS
{
.psa_framework_version = 0x0100,
- .partition_id = TFM_SP_SST_TEST,
+ .partition_id = TFM_SP_PS_TEST,
.partition_flags = SPM_PART_FLAG_IPC
| SPM_PART_FLAG_PSA_ROT | SPM_PART_FLAG_APP_ROT
,
.partition_priority = TFM_PRIORITY(NORMAL),
- .partition_init = tfm_sst_test_init,
+ .partition_init = tfm_ps_test_init,
.dependencies_num = 3,
- .p_dependencies = dependencies_TFM_SP_SST_TEST,
+ .p_dependencies = dependencies_TFM_SP_PS_TEST,
},
-#endif /* TFM_PARTITION_TEST_SST */
+#endif /* TFM_PARTITION_TEST_PS */
#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
{
@@ -707,9 +707,9 @@
{
NULL,
-#ifdef TFM_PARTITION_SECURE_STORAGE
+#ifdef TFM_PARTITION_PROTECTED_STORAGE
NULL,
-#endif /* TFM_PARTITION_SECURE_STORAGE */
+#endif /* TFM_PARTITION_PROTECTED_STORAGE */
#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
NULL,
@@ -755,9 +755,9 @@
platform_data_list_TFM_IRQ_TEST_1,
#endif /* TFM_ENABLE_IRQ_TEST */
-#ifdef TFM_PARTITION_TEST_SST
+#ifdef TFM_PARTITION_TEST_PS
NULL,
-#endif /* TFM_PARTITION_TEST_SST */
+#endif /* TFM_PARTITION_TEST_PS */
#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
NULL,
@@ -779,20 +779,20 @@
.stack_top = PART_REGION_ADDR(ARM_LIB_STACK, $$ZI$$Limit),
.rw_start = PART_REGION_ADDR(ARM_LIB_STACK, $$ZI$$Base),
},
-#ifdef TFM_PARTITION_SECURE_STORAGE
+#ifdef TFM_PARTITION_PROTECTED_STORAGE
{
- .code_start = PART_REGION_ADDR(TFM_SP_STORAGE_LINKER, $$Base),
- .code_limit = PART_REGION_ADDR(TFM_SP_STORAGE_LINKER, $$Limit),
- .ro_start = PART_REGION_ADDR(TFM_SP_STORAGE_LINKER, $$RO$$Base),
- .ro_limit = PART_REGION_ADDR(TFM_SP_STORAGE_LINKER, $$RO$$Limit),
- .rw_start = PART_REGION_ADDR(TFM_SP_STORAGE_LINKER, _DATA$$RW$$Base),
- .rw_limit = PART_REGION_ADDR(TFM_SP_STORAGE_LINKER, _DATA$$RW$$Limit),
- .zi_start = PART_REGION_ADDR(TFM_SP_STORAGE_LINKER, _DATA$$ZI$$Base),
- .zi_limit = PART_REGION_ADDR(TFM_SP_STORAGE_LINKER, _DATA$$ZI$$Limit),
- .stack_bottom = PART_REGION_ADDR(TFM_SP_STORAGE_LINKER, _STACK$$ZI$$Base),
- .stack_top = PART_REGION_ADDR(TFM_SP_STORAGE_LINKER, _STACK$$ZI$$Limit),
+ .code_start = PART_REGION_ADDR(TFM_SP_PS_LINKER, $$Base),
+ .code_limit = PART_REGION_ADDR(TFM_SP_PS_LINKER, $$Limit),
+ .ro_start = PART_REGION_ADDR(TFM_SP_PS_LINKER, $$RO$$Base),
+ .ro_limit = PART_REGION_ADDR(TFM_SP_PS_LINKER, $$RO$$Limit),
+ .rw_start = PART_REGION_ADDR(TFM_SP_PS_LINKER, _DATA$$RW$$Base),
+ .rw_limit = PART_REGION_ADDR(TFM_SP_PS_LINKER, _DATA$$RW$$Limit),
+ .zi_start = PART_REGION_ADDR(TFM_SP_PS_LINKER, _DATA$$ZI$$Base),
+ .zi_limit = PART_REGION_ADDR(TFM_SP_PS_LINKER, _DATA$$ZI$$Limit),
+ .stack_bottom = PART_REGION_ADDR(TFM_SP_PS_LINKER, _STACK$$ZI$$Base),
+ .stack_top = PART_REGION_ADDR(TFM_SP_PS_LINKER, _STACK$$ZI$$Limit),
},
-#endif /* TFM_PARTITION_SECURE_STORAGE */
+#endif /* TFM_PARTITION_PROTECTED_STORAGE */
#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
{
@@ -959,20 +959,20 @@
},
#endif /* TFM_ENABLE_IRQ_TEST */
-#ifdef TFM_PARTITION_TEST_SST
+#ifdef TFM_PARTITION_TEST_PS
{
- .code_start = PART_REGION_ADDR(TFM_SP_SST_TEST_LINKER, $$Base),
- .code_limit = PART_REGION_ADDR(TFM_SP_SST_TEST_LINKER, $$Limit),
- .ro_start = PART_REGION_ADDR(TFM_SP_SST_TEST_LINKER, $$RO$$Base),
- .ro_limit = PART_REGION_ADDR(TFM_SP_SST_TEST_LINKER, $$RO$$Limit),
- .rw_start = PART_REGION_ADDR(TFM_SP_SST_TEST_LINKER, _DATA$$RW$$Base),
- .rw_limit = PART_REGION_ADDR(TFM_SP_SST_TEST_LINKER, _DATA$$RW$$Limit),
- .zi_start = PART_REGION_ADDR(TFM_SP_SST_TEST_LINKER, _DATA$$ZI$$Base),
- .zi_limit = PART_REGION_ADDR(TFM_SP_SST_TEST_LINKER, _DATA$$ZI$$Limit),
- .stack_bottom = PART_REGION_ADDR(TFM_SP_SST_TEST_LINKER, _STACK$$ZI$$Base),
- .stack_top = PART_REGION_ADDR(TFM_SP_SST_TEST_LINKER, _STACK$$ZI$$Limit),
+ .code_start = PART_REGION_ADDR(TFM_SP_PS_TEST_LINKER, $$Base),
+ .code_limit = PART_REGION_ADDR(TFM_SP_PS_TEST_LINKER, $$Limit),
+ .ro_start = PART_REGION_ADDR(TFM_SP_PS_TEST_LINKER, $$RO$$Base),
+ .ro_limit = PART_REGION_ADDR(TFM_SP_PS_TEST_LINKER, $$RO$$Limit),
+ .rw_start = PART_REGION_ADDR(TFM_SP_PS_TEST_LINKER, _DATA$$RW$$Base),
+ .rw_limit = PART_REGION_ADDR(TFM_SP_PS_TEST_LINKER, _DATA$$RW$$Limit),
+ .zi_start = PART_REGION_ADDR(TFM_SP_PS_TEST_LINKER, _DATA$$ZI$$Base),
+ .zi_limit = PART_REGION_ADDR(TFM_SP_PS_TEST_LINKER, _DATA$$ZI$$Limit),
+ .stack_bottom = PART_REGION_ADDR(TFM_SP_PS_TEST_LINKER, _STACK$$ZI$$Base),
+ .stack_top = PART_REGION_ADDR(TFM_SP_PS_TEST_LINKER, _STACK$$ZI$$Limit),
},
-#endif /* TFM_PARTITION_TEST_SST */
+#endif /* TFM_PARTITION_TEST_PS */
#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
{
@@ -1014,16 +1014,16 @@
{{0}}, /* placeholder for Non-secure internal partition */
/* -----------------------------------------------------------------------*/
- /* - Partition DB record for TFM_SP_STORAGE */
+ /* - Partition DB record for TFM_SP_PS */
/* -----------------------------------------------------------------------*/
-#ifdef TFM_PARTITION_SECURE_STORAGE
+#ifdef TFM_PARTITION_PROTECTED_STORAGE
{
/* Runtime data */
.runtime_data = {0},
.static_data = NULL,
.platform_data_list = NULL,
},
-#endif /* TFM_PARTITION_SECURE_STORAGE */
+#endif /* TFM_PARTITION_PROTECTED_STORAGE */
/* -----------------------------------------------------------------------*/
/* - Partition DB record for TFM_SP_ITS */
@@ -1158,16 +1158,16 @@
#endif /* TFM_ENABLE_IRQ_TEST */
/* -----------------------------------------------------------------------*/
- /* - Partition DB record for TFM_SP_SST_TEST */
+ /* - Partition DB record for TFM_SP_PS_TEST */
/* -----------------------------------------------------------------------*/
-#ifdef TFM_PARTITION_TEST_SST
+#ifdef TFM_PARTITION_TEST_PS
{
/* Runtime data */
.runtime_data = {0},
.static_data = NULL,
.platform_data_list = NULL,
},
-#endif /* TFM_PARTITION_TEST_SST */
+#endif /* TFM_PARTITION_TEST_PS */
/* -----------------------------------------------------------------------*/
/* - Partition DB record for TFM_SP_SECURE_CLIENT_2 */