Build: Add conditional build for secure partitions
This is already the mechanism to build secure partitions conditionally.
Only audit log and platform service partitions were using it.
This patch applies it to the reset of the secure partitions and
takes care of the dependencies.
Change-Id: Icc94db113cf90ed20c84c57a52e85756dba342f0
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
diff --git a/CommonConfig.cmake b/CommonConfig.cmake
index f0ce1b6..9d5f175 100644
--- a/CommonConfig.cmake
+++ b/CommonConfig.cmake
@@ -148,6 +148,15 @@
option(TFM_PARTITION_AUDIT_LOG "Enable the TF-M Audit Log partition" ON)
option(TFM_PARTITION_PLATFORM "Enable the TF-M Platform partition" ON)
+option(TFM_PARTITION_SECURE_STORAGE "Enable the TF-M secure storage partition" ON)
+option(TFM_PARTITION_INTERNAL_TRUSTED_STORAGE "Enable the TF-M internal trusted storage partition" ON)
+option(TFM_PARTITION_CRYPTO "Enable the TF-M crypto partition" ON)
+option(TFM_PARTITION_INITIAL_ATTESTATION "Enable the TF-M initial attestation partition" ON)
+
+if (TFM_PARTITION_INITIAL_ATTESTATION OR TFM_PARTITION_SECURE_STORAGE)
+ #PSA Initial Attestation and Protected storage rely on Cryptography API
+ set(TFM_PARTITION_CRYPTO ON)
+endif()
if(${TARGET_PLATFORM} STREQUAL "AN521" OR ${TARGET_PLATFORM} STREQUAL "AN519" OR ${TARGET_PLATFORM} STREQUAL "AN539")
set (REFERENCE_PLATFORM ON)
@@ -264,6 +273,22 @@
add_definitions(-DTFM_PARTITION_PLATFORM)
endif()
+if (TFM_PARTITION_SECURE_STORAGE)
+ add_definitions(-DTFM_PARTITION_SECURE_STORAGE)
+endif()
+
+if (TFM_PARTITION_INTERNAL_TRUSTED_STORAGE)
+ add_definitions(-DTFM_PARTITION_INTERNAL_TRUSTED_STORAGE)
+endif()
+
+if (TFM_PARTITION_CRYPTO)
+ add_definitions(-DTFM_PARTITION_CRYPTO)
+endif()
+
+if (TFM_PARTITION_INITIAL_ATTESTATION)
+ add_definitions(-DTFM_PARTITION_INITIAL_ATTESTATION)
+endif()
+
if (TFM_PARTITION_TEST_CORE)
add_definitions(-DTFM_PARTITION_TEST_CORE)
endif()
diff --git a/app/CMakeLists.txt b/app/CMakeLists.txt
index 72c4c1c..c371ec2 100644
--- a/app/CMakeLists.txt
+++ b/app/CMakeLists.txt
@@ -48,6 +48,22 @@
message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_PLATFORM is undefined.")
endif()
+if (NOT DEFINED TFM_PARTITION_SECURE_STORAGE)
+ message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_SECURE_STORAGE is undefined.")
+endif()
+
+if (NOT DEFINED TFM_PARTITION_INTERNAL_TRUSTED_STORAGE)
+ message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_INTERNAL_TRUSTED_STORAGE is undefined.")
+endif()
+
+if (NOT DEFINED TFM_PARTITION_CRYPTO)
+ message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_CRYPTO is undefined.")
+endif()
+
+if (NOT DEFINED TFM_PARTITION_INITIAL_ATTESTATION)
+ message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_INITIAL_ATTESTATION is undefined.")
+endif()
+
if (NOT DEFINED TFM_PSA_API)
message(FATAL_ERROR "Incomplete build configuration: TFM_PSA_API is undefined.")
endif()
@@ -63,22 +79,6 @@
list(APPEND NS_APP_SRC "${INTERFACE_DIR}/src/tfm_ns_interface.c")
endif()
-if (TFM_PSA_API)
- list(APPEND NS_APP_SRC
- "${INTERFACE_DIR}/src/tfm_sst_ipc_api.c"
- "${INTERFACE_DIR}/src/tfm_its_ipc_api.c"
- "${INTERFACE_DIR}/src/tfm_crypto_ipc_api.c"
- "${INTERFACE_DIR}/src/tfm_initial_attestation_ipc_api.c"
- )
-else()
- list(APPEND NS_APP_SRC
- "${INTERFACE_DIR}/src/tfm_sst_func_api.c"
- "${INTERFACE_DIR}/src/tfm_its_func_api.c"
- "${INTERFACE_DIR}/src/tfm_crypto_func_api.c"
- "${INTERFACE_DIR}/src/tfm_initial_attestation_func_api.c"
- )
-endif()
-
if (TFM_PARTITION_AUDIT_LOG)
if (TFM_PSA_API)
message(FATAL_ERROR "Audit log has not been supported in IPC model yet.")
@@ -95,6 +95,38 @@
endif()
endif()
+if (TFM_PARTITION_SECURE_STORAGE)
+ if (TFM_PSA_API)
+ list(APPEND NS_APP_SRC "${INTERFACE_DIR}/src/tfm_sst_ipc_api.c")
+ else()
+ list(APPEND NS_APP_SRC "${INTERFACE_DIR}/src/tfm_sst_func_api.c")
+ endif()
+endif()
+
+if (TFM_PARTITION_INTERNAL_TRUSTED_STORAGE)
+ if (TFM_PSA_API)
+ list(APPEND NS_APP_SRC "${INTERFACE_DIR}/src/tfm_its_ipc_api.c")
+ else()
+ list(APPEND NS_APP_SRC "${INTERFACE_DIR}/src/tfm_its_func_api.c")
+ endif()
+endif()
+
+if (TFM_PARTITION_CRYPTO)
+ if (TFM_PSA_API)
+ list(APPEND NS_APP_SRC "${INTERFACE_DIR}/src/tfm_crypto_ipc_api.c")
+ else()
+ list(APPEND NS_APP_SRC "${INTERFACE_DIR}/src/tfm_crypto_func_api.c")
+ endif()
+endif()
+
+if (TFM_PARTITION_INITIAL_ATTESTATION)
+ if (TFM_PSA_API)
+ list(APPEND NS_APP_SRC "${INTERFACE_DIR}/src/tfm_initial_attestation_ipc_api.c")
+ else()
+ list(APPEND NS_APP_SRC "${INTERFACE_DIR}/src/tfm_initial_attestation_func_api.c")
+ endif()
+endif()
+
if (NOT DEFINED TFM_NS_CLIENT_IDENTIFICATION)
message(FATAL_ERROR "Incomplete build configuration: TFM_NS_CLIENT_IDENTIFICATION is undefined.")
elseif (TFM_NS_CLIENT_IDENTIFICATION)
diff --git a/interface/include/tfm_veneers.h b/interface/include/tfm_veneers.h
index a2cc495..1eefbf0 100644
--- a/interface/include/tfm_veneers.h
+++ b/interface/include/tfm_veneers.h
@@ -16,18 +16,22 @@
extern "C" {
#endif
+#ifdef TFM_PARTITION_SECURE_STORAGE
/******** TFM_SP_STORAGE ********/
psa_status_t tfm_tfm_sst_set_req_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
psa_status_t tfm_tfm_sst_get_req_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
psa_status_t tfm_tfm_sst_get_info_req_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
psa_status_t tfm_tfm_sst_remove_req_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
psa_status_t tfm_tfm_sst_get_support_req_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+#endif /* TFM_PARTITION_SECURE_STORAGE */
+#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
/******** TFM_SP_ITS ********/
psa_status_t tfm_tfm_its_set_req_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
psa_status_t tfm_tfm_its_get_req_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
psa_status_t tfm_tfm_its_get_info_req_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
psa_status_t tfm_tfm_its_remove_req_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+#endif /* TFM_PARTITION_INTERNAL_TRUSTED_STORAGE */
#ifdef TFM_PARTITION_AUDIT_LOG
/******** TFM_SP_AUDIT_LOG ********/
@@ -38,6 +42,7 @@
psa_status_t tfm_audit_core_delete_record_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
#endif /* TFM_PARTITION_AUDIT_LOG */
+#ifdef TFM_PARTITION_CRYPTO
/******** TFM_SP_CRYPTO ********/
psa_status_t tfm_tfm_crypto_allocate_key_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
psa_status_t tfm_tfm_crypto_open_key_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
@@ -84,6 +89,7 @@
psa_status_t tfm_tfm_crypto_key_agreement_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
psa_status_t tfm_tfm_crypto_generate_random_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
psa_status_t tfm_tfm_crypto_generate_key_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+#endif /* TFM_PARTITION_CRYPTO */
#ifdef TFM_PARTITION_PLATFORM
/******** TFM_SP_PLATFORM ********/
@@ -91,10 +97,12 @@
psa_status_t tfm_platform_sp_ioctl_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
#endif /* TFM_PARTITION_PLATFORM */
+#ifdef TFM_PARTITION_INITIAL_ATTESTATION
/******** TFM_SP_INITIAL_ATTESTATION ********/
psa_status_t tfm_initial_attest_get_token_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
psa_status_t tfm_initial_attest_get_token_size_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
psa_status_t tfm_initial_attest_get_public_key_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+#endif /* TFM_PARTITION_INITIAL_ATTESTATION */
#ifdef TFM_PARTITION_TEST_CORE
/******** TFM_SP_CORE_TEST ********/
diff --git a/platform/ext/common/armclang/tfm_common_s.sct b/platform/ext/common/armclang/tfm_common_s.sct
index 5c53ee1..c150b2b 100644
--- a/platform/ext/common/armclang/tfm_common_s.sct
+++ b/platform/ext/common/armclang/tfm_common_s.sct
@@ -46,15 +46,19 @@
TFM_PSA_CODE_START +0 ALIGN 32 EMPTY 0x0 {
}
+#ifdef TFM_PARTITION_SECURE_STORAGE
TFM_SP_STORAGE_LINKER +0 ALIGN 32 {
*tfm_storage* (+RO)
*(TFM_SP_STORAGE_ATTR_FN)
}
+#endif /* TFM_PARTITION_SECURE_STORAGE */
+#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
TFM_SP_ITS_LINKER +0 ALIGN 32 {
*tfm_internal_trusted_storage* (+RO)
*(TFM_SP_ITS_ATTR_FN)
}
+#endif /* TFM_PARTITION_INTERNAL_TRUSTED_STORAGE */
#ifdef TFM_PARTITION_AUDIT_LOG
TFM_SP_AUDIT_LOG_LINKER +0 ALIGN 32 {
@@ -63,10 +67,12 @@
}
#endif /* TFM_PARTITION_AUDIT_LOG */
+#ifdef TFM_PARTITION_CRYPTO
TFM_SP_CRYPTO_LINKER +0 ALIGN 32 {
*tfm_crypto* (+RO)
*(TFM_SP_CRYPTO_ATTR_FN)
}
+#endif /* TFM_PARTITION_CRYPTO */
#ifdef TFM_PARTITION_PLATFORM
TFM_SP_PLATFORM_LINKER +0 ALIGN 32 {
@@ -75,10 +81,12 @@
}
#endif /* TFM_PARTITION_PLATFORM */
+#ifdef TFM_PARTITION_INITIAL_ATTESTATION
TFM_SP_INITIAL_ATTESTATION_LINKER +0 ALIGN 32 {
*tfm_attest* (+RO)
*(TFM_SP_INITIAL_ATTESTATION_ATTR_FN)
}
+#endif /* TFM_PARTITION_INITIAL_ATTESTATION */
#ifdef TFM_PARTITION_TEST_CORE
TFM_SP_CORE_TEST_LINKER +0 ALIGN 32 {
@@ -314,6 +322,7 @@
TFM_PSA_RW_STACK_START +0 ALIGN 32 EMPTY 0x0 {
}
+#ifdef TFM_PARTITION_SECURE_STORAGE
TFM_SP_STORAGE_LINKER_DATA +0 ALIGN 32 {
*tfm_storage* (+RW +ZI)
*(TFM_SP_STORAGE_ATTR_RW)
@@ -324,7 +333,9 @@
TFM_SP_STORAGE_LINKER_STACK +0 ALIGN 128 EMPTY 0xA00 {
}
#endif
+#endif /* TFM_PARTITION_SECURE_STORAGE */
+#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
TFM_SP_ITS_LINKER_DATA +0 ALIGN 32 {
*tfm_internal_trusted_storage* (+RW +ZI)
*(TFM_SP_ITS_ATTR_RW)
@@ -335,6 +346,7 @@
TFM_SP_ITS_LINKER_STACK +0 ALIGN 128 EMPTY 0x500 {
}
#endif
+#endif /* TFM_PARTITION_INTERNAL_TRUSTED_STORAGE */
#ifdef TFM_PARTITION_AUDIT_LOG
TFM_SP_AUDIT_LOG_LINKER_DATA +0 ALIGN 32 {
@@ -349,6 +361,7 @@
#endif
#endif /* TFM_PARTITION_AUDIT_LOG */
+#ifdef TFM_PARTITION_CRYPTO
TFM_SP_CRYPTO_LINKER_DATA +0 ALIGN 32 {
*tfm_crypto* (+RW +ZI)
*(TFM_SP_CRYPTO_ATTR_RW)
@@ -359,6 +372,7 @@
TFM_SP_CRYPTO_LINKER_STACK +0 ALIGN 128 EMPTY 0x2000 {
}
#endif
+#endif /* TFM_PARTITION_CRYPTO */
#ifdef TFM_PARTITION_PLATFORM
TFM_SP_PLATFORM_LINKER_DATA +0 ALIGN 32 {
@@ -373,6 +387,7 @@
#endif
#endif /* TFM_PARTITION_PLATFORM */
+#ifdef TFM_PARTITION_INITIAL_ATTESTATION
TFM_SP_INITIAL_ATTESTATION_LINKER_DATA +0 ALIGN 32 {
*tfm_attest* (+RW +ZI)
*(TFM_SP_INITIAL_ATTESTATION_ATTR_RW)
@@ -383,6 +398,7 @@
TFM_SP_INITIAL_ATTESTATION_LINKER_STACK +0 ALIGN 128 EMPTY 0x0A00 {
}
#endif
+#endif /* TFM_PARTITION_INITIAL_ATTESTATION */
#ifdef TFM_PARTITION_TEST_CORE
TFM_SP_CORE_TEST_LINKER_DATA +0 ALIGN 32 {
diff --git a/platform/ext/common/gcc/tfm_common_s.ld b/platform/ext/common/gcc/tfm_common_s.ld
index 5d74c2d..d97c9a8 100644
--- a/platform/ext/common/gcc/tfm_common_s.ld
+++ b/platform/ext/common/gcc/tfm_common_s.ld
@@ -64,28 +64,36 @@
LONG (ADDR(.TFM_UNPRIV_DATA))
LONG (SIZEOF(.TFM_UNPRIV_DATA))
#endif /* TFM_LVL != 1 */
+#ifdef TFM_PARTITION_SECURE_STORAGE
LONG (LOADADDR(.TFM_SP_STORAGE_LINKER_DATA))
LONG (ADDR(.TFM_SP_STORAGE_LINKER_DATA))
LONG (SIZEOF(.TFM_SP_STORAGE_LINKER_DATA))
+#endif /* TFM_PARTITION_SECURE_STORAGE */
+#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
LONG (LOADADDR(.TFM_SP_ITS_LINKER_DATA))
LONG (ADDR(.TFM_SP_ITS_LINKER_DATA))
LONG (SIZEOF(.TFM_SP_ITS_LINKER_DATA))
+#endif /* TFM_PARTITION_INTERNAL_TRUSTED_STORAGE */
#ifdef TFM_PARTITION_AUDIT_LOG
LONG (LOADADDR(.TFM_SP_AUDIT_LOG_LINKER_DATA))
LONG (ADDR(.TFM_SP_AUDIT_LOG_LINKER_DATA))
LONG (SIZEOF(.TFM_SP_AUDIT_LOG_LINKER_DATA))
#endif /* TFM_PARTITION_AUDIT_LOG */
+#ifdef TFM_PARTITION_CRYPTO
LONG (LOADADDR(.TFM_SP_CRYPTO_LINKER_DATA))
LONG (ADDR(.TFM_SP_CRYPTO_LINKER_DATA))
LONG (SIZEOF(.TFM_SP_CRYPTO_LINKER_DATA))
+#endif /* TFM_PARTITION_CRYPTO */
#ifdef TFM_PARTITION_PLATFORM
LONG (LOADADDR(.TFM_SP_PLATFORM_LINKER_DATA))
LONG (ADDR(.TFM_SP_PLATFORM_LINKER_DATA))
LONG (SIZEOF(.TFM_SP_PLATFORM_LINKER_DATA))
#endif /* TFM_PARTITION_PLATFORM */
+#ifdef TFM_PARTITION_INITIAL_ATTESTATION
LONG (LOADADDR(.TFM_SP_INITIAL_ATTESTATION_LINKER_DATA))
LONG (ADDR(.TFM_SP_INITIAL_ATTESTATION_LINKER_DATA))
LONG (SIZEOF(.TFM_SP_INITIAL_ATTESTATION_LINKER_DATA))
+#endif /* TFM_PARTITION_INITIAL_ATTESTATION */
#ifdef TFM_PARTITION_TEST_CORE
LONG (LOADADDR(.TFM_SP_CORE_TEST_LINKER_DATA))
LONG (ADDR(.TFM_SP_CORE_TEST_LINKER_DATA))
@@ -143,18 +151,22 @@
LONG (ADDR(.TFM_SECURE_STACK))
LONG (SIZEOF(.TFM_SECURE_STACK))
#endif /* !defined(TFM_PSA_API) */
+#ifdef TFM_PARTITION_SECURE_STORAGE
LONG (ADDR(.TFM_SP_STORAGE_LINKER_BSS))
LONG (SIZEOF(.TFM_SP_STORAGE_LINKER_BSS))
#if defined(TFM_PSA_API)
LONG (ADDR(.TFM_SP_STORAGE_LINKER_STACK))
LONG (SIZEOF(.TFM_SP_STORAGE_LINKER_STACK))
#endif
+#endif /* TFM_PARTITION_SECURE_STORAGE */
+#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
LONG (ADDR(.TFM_SP_ITS_LINKER_BSS))
LONG (SIZEOF(.TFM_SP_ITS_LINKER_BSS))
#if defined(TFM_PSA_API)
LONG (ADDR(.TFM_SP_ITS_LINKER_STACK))
LONG (SIZEOF(.TFM_SP_ITS_LINKER_STACK))
#endif
+#endif /* TFM_PARTITION_INTERNAL_TRUSTED_STORAGE */
#ifdef TFM_PARTITION_AUDIT_LOG
LONG (ADDR(.TFM_SP_AUDIT_LOG_LINKER_BSS))
LONG (SIZEOF(.TFM_SP_AUDIT_LOG_LINKER_BSS))
@@ -163,12 +175,14 @@
LONG (SIZEOF(.TFM_SP_AUDIT_LOG_LINKER_STACK))
#endif
#endif /* TFM_PARTITION_AUDIT_LOG */
+#ifdef TFM_PARTITION_CRYPTO
LONG (ADDR(.TFM_SP_CRYPTO_LINKER_BSS))
LONG (SIZEOF(.TFM_SP_CRYPTO_LINKER_BSS))
#if defined(TFM_PSA_API)
LONG (ADDR(.TFM_SP_CRYPTO_LINKER_STACK))
LONG (SIZEOF(.TFM_SP_CRYPTO_LINKER_STACK))
#endif
+#endif /* TFM_PARTITION_CRYPTO */
#ifdef TFM_PARTITION_PLATFORM
LONG (ADDR(.TFM_SP_PLATFORM_LINKER_BSS))
LONG (SIZEOF(.TFM_SP_PLATFORM_LINKER_BSS))
@@ -177,12 +191,14 @@
LONG (SIZEOF(.TFM_SP_PLATFORM_LINKER_STACK))
#endif
#endif /* TFM_PARTITION_PLATFORM */
+#ifdef TFM_PARTITION_INITIAL_ATTESTATION
LONG (ADDR(.TFM_SP_INITIAL_ATTESTATION_LINKER_BSS))
LONG (SIZEOF(.TFM_SP_INITIAL_ATTESTATION_LINKER_BSS))
#if defined(TFM_PSA_API)
LONG (ADDR(.TFM_SP_INITIAL_ATTESTATION_LINKER_STACK))
LONG (SIZEOF(.TFM_SP_INITIAL_ATTESTATION_LINKER_STACK))
#endif
+#endif /* TFM_PARTITION_INITIAL_ATTESTATION */
#ifdef TFM_PARTITION_TEST_CORE
LONG (ADDR(.TFM_SP_CORE_TEST_LINKER_BSS))
LONG (SIZEOF(.TFM_SP_CORE_TEST_LINKER_BSS))
@@ -273,6 +289,7 @@
/**** PSA RoT RO part (CODE + RODATA) start here */
Image$$TFM_PSA_CODE_START$$Base = .;
+#ifdef TFM_PARTITION_SECURE_STORAGE
.TFM_SP_STORAGE_LINKER : ALIGN(32)
{
*tfm_storage*:*(.text*)
@@ -284,7 +301,9 @@
Image$$TFM_SP_STORAGE_LINKER$$RO$$Limit = ADDR(.TFM_SP_STORAGE_LINKER) + SIZEOF(.TFM_SP_STORAGE_LINKER);
Image$$TFM_SP_STORAGE_LINKER$$Base = ADDR(.TFM_SP_STORAGE_LINKER);
Image$$TFM_SP_STORAGE_LINKER$$Limit = ADDR(.TFM_SP_STORAGE_LINKER) + SIZEOF(.TFM_SP_STORAGE_LINKER);
+#endif /* TFM_PARTITION_SECURE_STORAGE */
+#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
.TFM_SP_ITS_LINKER : ALIGN(32)
{
*tfm_internal_trusted_storage*:*(.text*)
@@ -296,6 +315,7 @@
Image$$TFM_SP_ITS_LINKER$$RO$$Limit = ADDR(.TFM_SP_ITS_LINKER) + SIZEOF(.TFM_SP_ITS_LINKER);
Image$$TFM_SP_ITS_LINKER$$Base = ADDR(.TFM_SP_ITS_LINKER);
Image$$TFM_SP_ITS_LINKER$$Limit = ADDR(.TFM_SP_ITS_LINKER) + SIZEOF(.TFM_SP_ITS_LINKER);
+#endif /* TFM_PARTITION_INTERNAL_TRUSTED_STORAGE */
#ifdef TFM_PARTITION_AUDIT_LOG
.TFM_SP_AUDIT_LOG_LINKER : ALIGN(32)
@@ -311,6 +331,7 @@
Image$$TFM_SP_AUDIT_LOG_LINKER$$Limit = ADDR(.TFM_SP_AUDIT_LOG_LINKER) + SIZEOF(.TFM_SP_AUDIT_LOG_LINKER);
#endif /* TFM_PARTITION_AUDIT_LOG */
+#ifdef TFM_PARTITION_CRYPTO
.TFM_SP_CRYPTO_LINKER : ALIGN(32)
{
*tfm_crypto*:*(.text*)
@@ -322,6 +343,7 @@
Image$$TFM_SP_CRYPTO_LINKER$$RO$$Limit = ADDR(.TFM_SP_CRYPTO_LINKER) + SIZEOF(.TFM_SP_CRYPTO_LINKER);
Image$$TFM_SP_CRYPTO_LINKER$$Base = ADDR(.TFM_SP_CRYPTO_LINKER);
Image$$TFM_SP_CRYPTO_LINKER$$Limit = ADDR(.TFM_SP_CRYPTO_LINKER) + SIZEOF(.TFM_SP_CRYPTO_LINKER);
+#endif /* TFM_PARTITION_CRYPTO */
#ifdef TFM_PARTITION_PLATFORM
.TFM_SP_PLATFORM_LINKER : ALIGN(32)
@@ -337,6 +359,7 @@
Image$$TFM_SP_PLATFORM_LINKER$$Limit = ADDR(.TFM_SP_PLATFORM_LINKER) + SIZEOF(.TFM_SP_PLATFORM_LINKER);
#endif /* TFM_PARTITION_PLATFORM */
+#ifdef TFM_PARTITION_INITIAL_ATTESTATION
.TFM_SP_INITIAL_ATTESTATION_LINKER : ALIGN(32)
{
*tfm_attest*:*(.text*)
@@ -348,6 +371,7 @@
Image$$TFM_SP_INITIAL_ATTESTATION_LINKER$$RO$$Limit = ADDR(.TFM_SP_INITIAL_ATTESTATION_LINKER) + SIZEOF(.TFM_SP_INITIAL_ATTESTATION_LINKER);
Image$$TFM_SP_INITIAL_ATTESTATION_LINKER$$Base = ADDR(.TFM_SP_INITIAL_ATTESTATION_LINKER);
Image$$TFM_SP_INITIAL_ATTESTATION_LINKER$$Limit = ADDR(.TFM_SP_INITIAL_ATTESTATION_LINKER) + SIZEOF(.TFM_SP_INITIAL_ATTESTATION_LINKER);
+#endif /* TFM_PARTITION_INITIAL_ATTESTATION */
#ifdef TFM_PARTITION_TEST_CORE
.TFM_SP_CORE_TEST_LINKER : ALIGN(32)
@@ -844,6 +868,7 @@
/**** PSA RoT DATA start here */
Image$$TFM_PSA_RW_STACK_START$$Base = .;
+#ifdef TFM_PARTITION_SECURE_STORAGE
.TFM_SP_STORAGE_LINKER_DATA : ALIGN(32)
{
*tfm_storage*:*(.data*)
@@ -874,7 +899,9 @@
Image$$TFM_SP_STORAGE_LINKER_STACK$$ZI$$Limit = ADDR(.TFM_SP_STORAGE_LINKER_STACK) + SIZEOF(.TFM_SP_STORAGE_LINKER_STACK);
#endif
+#endif /* TFM_PARTITION_SECURE_STORAGE */
+#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
.TFM_SP_ITS_LINKER_DATA : ALIGN(32)
{
*tfm_internal_trusted_storage*:*(.data*)
@@ -905,6 +932,7 @@
Image$$TFM_SP_ITS_LINKER_STACK$$ZI$$Limit = ADDR(.TFM_SP_ITS_LINKER_STACK) + SIZEOF(.TFM_SP_ITS_LINKER_STACK);
#endif
+#endif /* TFM_PARTITION_INTERNAL_TRUSTED_STORAGE */
#ifdef TFM_PARTITION_AUDIT_LOG
.TFM_SP_AUDIT_LOG_LINKER_DATA : ALIGN(32)
@@ -931,6 +959,7 @@
#endif /* TFM_PARTITION_AUDIT_LOG */
+#ifdef TFM_PARTITION_CRYPTO
.TFM_SP_CRYPTO_LINKER_DATA : ALIGN(32)
{
*tfm_crypto*:*(.data*)
@@ -961,6 +990,7 @@
Image$$TFM_SP_CRYPTO_LINKER_STACK$$ZI$$Limit = ADDR(.TFM_SP_CRYPTO_LINKER_STACK) + SIZEOF(.TFM_SP_CRYPTO_LINKER_STACK);
#endif
+#endif /* TFM_PARTITION_CRYPTO */
#ifdef TFM_PARTITION_PLATFORM
.TFM_SP_PLATFORM_LINKER_DATA : ALIGN(32)
@@ -995,6 +1025,7 @@
#endif /* TFM_PARTITION_PLATFORM */
+#ifdef TFM_PARTITION_INITIAL_ATTESTATION
.TFM_SP_INITIAL_ATTESTATION_LINKER_DATA : ALIGN(32)
{
*tfm_attest*:*(.data*)
@@ -1025,6 +1056,7 @@
Image$$TFM_SP_INITIAL_ATTESTATION_LINKER_STACK$$ZI$$Limit = ADDR(.TFM_SP_INITIAL_ATTESTATION_LINKER_STACK) + SIZEOF(.TFM_SP_INITIAL_ATTESTATION_LINKER_STACK);
#endif
+#endif /* TFM_PARTITION_INITIAL_ATTESTATION */
#ifdef TFM_PARTITION_TEST_CORE
.TFM_SP_CORE_TEST_LINKER_DATA : ALIGN(32)
diff --git a/secure_fw/CMakeLists.txt b/secure_fw/CMakeLists.txt
index 93ecf9f..fdc5371 100644
--- a/secure_fw/CMakeLists.txt
+++ b/secure_fw/CMakeLists.txt
@@ -41,6 +41,62 @@
message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_PLATFORM is undefined.")
endif()
+if (NOT DEFINED TFM_PARTITION_SECURE_STORAGE)
+ message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_SECURE_STORAGE is undefined.")
+endif()
+
+if (NOT DEFINED TFM_PARTITION_INTERNAL_TRUSTED_STORAGE)
+ message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_INTERNAL_TRUSTED_STORAGE is undefined.")
+endif()
+
+if (NOT DEFINED TFM_PARTITION_CRYPTO)
+ message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_CRYPTO is undefined.")
+endif()
+
+if (NOT DEFINED TFM_PARTITION_INITIAL_ATTESTATION)
+ message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_INITIAL_ATTESTATION is undefined.")
+endif()
+
+if (NOT DEFINED TFM_PARTITION_TEST_CORE)
+ message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_TEST_CORE is undefined. ")
+endif()
+
+if (NOT DEFINED TFM_PARTITION_TEST_CORE_IPC)
+ message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_TEST_CORE_IPC is undefined.")
+endif()
+
+if (NOT DEFINED TFM_PARTITION_TEST_SECURE_SERVICES)
+ message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_TEST_SECURE_SERVICES is undefined. ")
+endif()
+
+if (NOT DEFINED TFM_PARTITION_TEST_SST)
+ message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_TEST_SST is undefined.")
+endif()
+
+if (NOT DEFINED TEST_FRAMEWORK_S)
+ message(FATAL_ERROR "Incomplete build configuration: TEST_FRAMEWORK_S is undefined.")
+endif()
+
+if (NOT DEFINED TEST_FRAMEWORK_NS)
+ message(FATAL_ERROR "Incomplete build configuration: TEST_FRAMEWORK_NS is undefined.")
+endif()
+
+if (NOT DEFINED BL2)
+ message(FATAL_ERROR "Incomplete build configuration: BL2 is undefined. ")
+endif()
+
+if (NOT DEFINED TFM_PSA_API)
+ message(FATAL_ERROR "Incomplete build configuration: TFM_PSA_API is undefined. ")
+endif()
+
+if(NOT DEFINED PLATFORM_LINK_INCLUDES)
+ message(FATAL_ERROR "ERROR: Incomplete Configuration: PLATFORM_LINK_INCLUDES is not defined.")
+endif()
+
+if (NOT DEFINED TFM_ENABLE_IRQ_TEST)
+ message(FATAL_ERROR "ERROR: Incomplete Configuration: TFM_ENABLE_IRQ_TEST is not defined.")
+endif()
+
include(${SECURE_FW_DIR}/spm/CMakeLists.inc)
if (NOT DEFINED TFM_MULTI_CORE_TOPOLOGY OR NOT TFM_MULTI_CORE_TOPOLOGY)
include(${SECURE_FW_DIR}/ns_callable/CMakeLists.inc)
@@ -158,97 +214,80 @@
embedded_set_target_linker_file(TARGET ${EXE_NAME} PATH "${S_SCATTER_FILE_NAME}")
- add_dependencies(${EXE_NAME} tfm_crypto)
- add_dependencies(${EXE_NAME} tfm_storage)
- add_dependencies(${EXE_NAME} tfm_internal_trusted_storage)
- add_dependencies(${EXE_NAME} tfm_secure_tests)
- add_dependencies(${EXE_NAME} tfm_attest)
- add_dependencies(${EXE_NAME} libtfmsprt)
- if (TFM_PARTITION_AUDIT_LOG)
- add_dependencies(${EXE_NAME} tfm_audit)
- endif()
- if (TFM_PARTITION_PLATFORM)
- add_dependencies(${EXE_NAME} tfm_platform)
- endif()
-
#Set macro definitions for the project.
set(TARGET_COMPILE_DEFINITIONS __thumb2__ __DOMAIN_NS=0 DOMAIN_NS=__DOMAIN_NS __ARM_FEATURE_CMSE=${ARM_FEATURE_CMSE} TFM_LVL=${TFM_LVL} ${DEBUG_AUTHENTICATION})
embedded_set_target_compile_defines(TARGET ${PROJECT_OBJ_LIB} LANGUAGE C DEFINES ${TARGET_COMPILE_DEFINITIONS} APPEND)
- if (REGRESSION OR CORE_TEST)
- if (DEFINED TFM_PARTITION_TEST_SECURE_SERVICES AND TFM_PARTITION_TEST_SECURE_SERVICES)
- target_link_libraries(${EXE_NAME} tfm_attest tfm_secure_tests tfm_attest tfm_crypto tfm_storage tfm_internal_trusted_storage tfm_attest libtfmsprt)
- else()
- target_link_libraries(${EXE_NAME} tfm_attest tfm_crypto tfm_storage tfm_internal_trusted_storage tfm_secure_tests tfm_attest libtfmsprt)
- endif()
- else()
- target_link_libraries(${EXE_NAME} tfm_attest tfm_crypto tfm_storage tfm_internal_trusted_storage tfm_attest libtfmsprt)
+ target_link_libraries(${EXE_NAME} libtfmsprt)
+
+ # The order of the libraries linked below is important for GCC
+ # Because the GCC linker will search an archive only once.
+ # If the a library has some symbols that are defined in the library which is linked before it,
+ # it will not cause the linker to search again.
+ # So please put a library before what it relies on.
+ if (CORE_TEST OR TFM_PARTITION_TEST_SECURE_SERVICES)
+ target_link_libraries(${EXE_NAME} tfm_secure_tests)
+ embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_TEST_SECURE_SERVICES")
+ endif()
+
+ if (TFM_PARTITION_INITIAL_ATTESTATION)
+ target_link_libraries(${EXE_NAME} tfm_attest)
+ embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_INITIAL_ATTESTATION")
+ endif()
+
+ if (TFM_PARTITION_SECURE_STORAGE)
+ target_link_libraries(${EXE_NAME} tfm_storage)
+ embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_SECURE_STORAGE")
+ endif()
+
+ if (TFM_PARTITION_INTERNAL_TRUSTED_STORAGE)
+ target_link_libraries(${EXE_NAME} tfm_internal_trusted_storage)
+ embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_INTERNAL_TRUSTED_STORAGE")
+ endif()
+
+ if (TFM_PARTITION_CRYPTO)
+ target_link_libraries(${EXE_NAME} tfm_crypto)
+ embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_CRYPTO")
endif()
if (TFM_PARTITION_AUDIT_LOG)
target_link_libraries(${EXE_NAME} tfm_audit)
- endif()
-
- if (TFM_PARTITION_PLATFORM)
- target_link_libraries(${EXE_NAME} tfm_platform)
- endif()
-
- embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_LVL=${TFM_LVL}")
-
- if (TFM_PARTITION_AUDIT_LOG)
embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_AUDIT_LOG")
endif()
if (TFM_PARTITION_PLATFORM)
+ target_link_libraries(${EXE_NAME} tfm_platform)
embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_PLATFORM")
endif()
- if (NOT DEFINED TFM_PARTITION_TEST_CORE)
- message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_TEST_CORE is undefined. ")
- elseif (TFM_PARTITION_TEST_CORE)
+ embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_LVL=${TFM_LVL}")
+
+ if (TFM_PARTITION_TEST_CORE)
embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_TEST_CORE")
endif()
- if (NOT DEFINED TFM_PARTITION_TEST_CORE_IPC)
- message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_TEST_CORE_IPC is undefined.")
- elseif (TFM_PARTITION_TEST_CORE_IPC)
+ if (TFM_PARTITION_TEST_CORE_IPC)
embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_TEST_CORE_IPC")
endif()
- if (NOT DEFINED TFM_PARTITION_TEST_SECURE_SERVICES)
- message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_TEST_SECURE_SERVICES is undefined. ")
- elseif (TFM_PARTITION_TEST_SECURE_SERVICES)
- embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_TEST_SECURE_SERVICES")
- endif()
-
- if (NOT DEFINED TFM_PARTITION_TEST_SST)
- message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_TEST_SST is undefined.")
- elseif (TFM_PARTITION_TEST_SST)
+ if (TFM_PARTITION_TEST_SST)
embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_TEST_SST")
endif()
- if (NOT DEFINED TEST_FRAMEWORK_S)
- message(FATAL_ERROR "Incomplete build configuration: TEST_FRAMEWORK_S is undefined.")
- elseif (TEST_FRAMEWORK_S)
+ if (TEST_FRAMEWORK_S)
embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TEST_FRAMEWORK_S")
endif()
- if (NOT DEFINED TEST_FRAMEWORK_NS)
- message(FATAL_ERROR "Incomplete build configuration: TEST_FRAMEWORK_NS is undefined.")
- elseif (TEST_FRAMEWORK_NS)
+ if (TEST_FRAMEWORK_NS)
embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TEST_FRAMEWORK_NS")
endif()
- if (NOT DEFINED BL2)
- message(FATAL_ERROR "Incomplete build configuration: BL2 is undefined. ")
- elseif (BL2)
+ if (BL2)
#Add BL2 and MCUBOOT_IMAGE_NUMBER defines to linker to resolve symbols in region_defs.h and flash_layout.h
embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "BL2" "MCUBOOT_IMAGE_NUMBER=${MCUBOOT_IMAGE_NUMBER}")
endif()
- if (NOT DEFINED TFM_PSA_API)
- message(FATAL_ERROR "Incomplete build configuration: TFM_PSA_API is undefined. ")
- elseif (TFM_PSA_API)
+ if (TFM_PSA_API)
embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PSA_API")
if (DEFINED TFM_MULTI_CORE_TOPOLOGY AND TFM_MULTI_CORE_TOPOLOGY)
embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_MULTI_CORE_TOPOLOGY")
@@ -261,14 +300,9 @@
embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_TEST_CORE")
endif()
- if(NOT DEFINED PLATFORM_LINK_INCLUDES)
- message(FATAL_ERROR "ERROR: Incomplete Configuration: PLATFORM_LINK_INCLUDES is not defined.")
- endif()
embedded_set_target_link_includes(TARGET ${EXE_NAME} INCLUDES "${PLATFORM_LINK_INCLUDES}")
- if (NOT DEFINED TFM_ENABLE_IRQ_TEST)
- message(FATAL_ERROR "ERROR: Incomplete Configuration: TFM_ENABLE_IRQ_TEST is not defined.")
- elseif (TFM_ENABLE_IRQ_TEST)
+ if (TFM_ENABLE_IRQ_TEST)
embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_ENABLE_IRQ_TEST")
endif()
@@ -293,8 +327,9 @@
set(EXPORT_INC_DIR "export/tfm/include")
set(EXPORT_SRC_DIR "export/tfm/src")
#Headers
- install(DIRECTORY ${INTERFACE_INC_DIR}/psa
- DESTINATION ${EXPORT_INC_DIR})
+ install(FILES ${INTERFACE_INC_DIR}/psa/client.h
+ ${INTERFACE_INC_DIR}/psa/error.h
+ DESTINATION ${EXPORT_INC_DIR}/psa)
install(FILES ${INTERFACE_INC_DIR}/os_wrapper/common.h
${INTERFACE_INC_DIR}/os_wrapper/mutex.h
@@ -304,12 +339,10 @@
DESTINATION ${EXPORT_INC_DIR}/psa_manifest)
install(FILES ${INTERFACE_INC_DIR}/tfm_api.h
- ${INTERFACE_INC_DIR}/tfm_crypto_defs.h
${INTERFACE_INC_DIR}/tfm_ns_interface.h
${INTERFACE_INC_DIR}/tfm_nspm_api.h
${INTERFACE_INC_DIR}/tfm_nspm_svc_handler.h
${INTERFACE_INC_DIR}/tfm_ns_svc.h
- ${INTERFACE_INC_DIR}/tfm_sst_defs.h
${INTERFACE_INC_DIR}/tfm_veneers.h
DESTINATION ${EXPORT_INC_DIR})
@@ -321,17 +354,63 @@
if(TFM_PSA_API)
install(FILES ${INTERFACE_SRC_DIR}/tfm_psa_ns_api.c
- ${INTERFACE_SRC_DIR}/tfm_crypto_ipc_api.c
- ${INTERFACE_SRC_DIR}/tfm_initial_attestation_ipc_api.c
- ${INTERFACE_SRC_DIR}/tfm_sst_ipc_api.c
- ${INTERFACE_SRC_DIR}/tfm_its_ipc_api.c
DESTINATION ${EXPORT_SRC_DIR})
- else()
- install(FILES ${INTERFACE_SRC_DIR}/tfm_crypto_func_api.c
- ${INTERFACE_SRC_DIR}/tfm_initial_attestation_func_api.c
- ${INTERFACE_SRC_DIR}/tfm_sst_func_api.c
- ${INTERFACE_SRC_DIR}/tfm_its_func_api.c
- DESTINATION ${EXPORT_SRC_DIR})
+ endif()
+
+ if (TFM_PARTITION_SECURE_STORAGE)
+ install(FILES ${INTERFACE_INC_DIR}/psa/protected_storage.h
+ DESTINATION ${EXPORT_INC_DIR}/psa)
+ if (TFM_PSA_API)
+ install(FILES ${INTERFACE_SRC_DIR}/tfm_sst_ipc_api.c
+ DESTINATION ${EXPORT_SRC_DIR})
+ else()
+ install(FILES ${INTERFACE_SRC_DIR}/tfm_sst_func_api.c
+ DESTINATION ${EXPORT_SRC_DIR})
+ endif()
+ endif()
+
+ if (TFM_PARTITION_INTERNAL_TRUSTED_STORAGE)
+ install(FILES ${INTERFACE_INC_DIR}/psa/internal_trusted_storage.h
+ ${INTERFACE_INC_DIR}/psa/storage_common.h
+ DESTINATION ${EXPORT_INC_DIR}/psa)
+ if (TFM_PSA_API)
+ install(FILES ${INTERFACE_SRC_DIR}/tfm_its_ipc_api.c
+ DESTINATION ${EXPORT_SRC_DIR})
+ else()
+ install(FILES ${INTERFACE_SRC_DIR}/tfm_its_func_api.c
+ DESTINATION ${EXPORT_SRC_DIR})
+ endif()
+ endif()
+
+ if (TFM_PARTITION_CRYPTO)
+ install(FILES ${INTERFACE_INC_DIR}/psa/crypto_extra.h
+ ${INTERFACE_INC_DIR}/psa/crypto.h
+ ${INTERFACE_INC_DIR}/psa/crypto_platform.h
+ ${INTERFACE_INC_DIR}/psa/crypto_sizes.h
+ ${INTERFACE_INC_DIR}/psa/crypto_struct.h
+ ${INTERFACE_INC_DIR}/psa/crypto_types.h
+ ${INTERFACE_INC_DIR}/psa/crypto_values.h
+ ${INTERFACE_INC_DIR}/tfm_crypto_defs.h
+ DESTINATION ${EXPORT_INC_DIR}/psa)
+ if (TFM_PSA_API)
+ install(FILES ${INTERFACE_SRC_DIR}/tfm_crypto_ipc_api.c
+ DESTINATION ${EXPORT_SRC_DIR})
+ else()
+ install(FILES ${INTERFACE_SRC_DIR}/tfm_crypto_func_api.c
+ DESTINATION ${EXPORT_SRC_DIR})
+ endif()
+ endif()
+
+ if (TFM_PARTITION_INITIAL_ATTESTATION)
+ install(FILES ${INTERFACE_INC_DIR}/psa/initial_attestation.h
+ DESTINATION ${EXPORT_INC_DIR}/psa)
+ if (TFM_PSA_API)
+ install(FILES ${INTERFACE_SRC_DIR}/tfm_initial_attestation_ipc_api.c
+ DESTINATION ${EXPORT_SRC_DIR})
+ else()
+ install(FILES ${INTERFACE_SRC_DIR}/tfm_initial_attestation_func_api.c
+ DESTINATION ${EXPORT_SRC_DIR})
+ endif()
endif()
if(TFM_PARTITION_AUDIT_LOG)
@@ -378,13 +457,19 @@
add_subdirectory(${TFM_ROOT_DIR}/test ${CMAKE_BINARY_DIR}/test/secure_test)
#Add the crypto library target
-add_subdirectory(${SECURE_FW_DIR}/services/crypto)
+if (TFM_PARTITION_CRYPTO)
+ add_subdirectory(${SECURE_FW_DIR}/services/crypto)
+endif()
#Add the secure storage library target
-add_subdirectory(${SECURE_FW_DIR}/services/secure_storage)
+if (TFM_PARTITION_SECURE_STORAGE)
+ add_subdirectory(${SECURE_FW_DIR}/services/secure_storage)
+endif()
#Add the internal trusted storage library target
-add_subdirectory(${SECURE_FW_DIR}/services/internal_trusted_storage)
+if (TFM_PARTITION_INTERNAL_TRUSTED_STORAGE)
+ add_subdirectory(${SECURE_FW_DIR}/services/internal_trusted_storage)
+endif()
#Add the platform service library target
if (TFM_PARTITION_PLATFORM)
@@ -392,7 +477,9 @@
endif()
#Add the initial attestation service library target
-add_subdirectory(${SECURE_FW_DIR}/services/initial_attestation)
+if (TFM_PARTITION_INITIAL_ATTESTATION)
+ add_subdirectory(${SECURE_FW_DIR}/services/initial_attestation)
+endif()
#Add the audit logging library target
if (TFM_PARTITION_AUDIT_LOG)
diff --git a/secure_fw/ns_callable/tfm_veneers.c b/secure_fw/ns_callable/tfm_veneers.c
index f9fa21e..a7599f2 100644
--- a/secure_fw/ns_callable/tfm_veneers.c
+++ b/secure_fw/ns_callable/tfm_veneers.c
@@ -10,18 +10,22 @@
#include "tfm_secure_api.h"
#include "secure_fw/spm/spm_partition_defs.h"
+#ifdef TFM_PARTITION_SECURE_STORAGE
/******** TFM_SP_STORAGE ********/
psa_status_t tfm_sst_set_req(psa_invec *, size_t, psa_outvec *, size_t);
psa_status_t tfm_sst_get_req(psa_invec *, size_t, psa_outvec *, size_t);
psa_status_t tfm_sst_get_info_req(psa_invec *, size_t, psa_outvec *, size_t);
psa_status_t tfm_sst_remove_req(psa_invec *, size_t, psa_outvec *, size_t);
psa_status_t tfm_sst_get_support_req(psa_invec *, size_t, psa_outvec *, size_t);
+#endif /* TFM_PARTITION_SECURE_STORAGE */
+#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
/******** TFM_SP_ITS ********/
psa_status_t tfm_its_set_req(psa_invec *, size_t, psa_outvec *, size_t);
psa_status_t tfm_its_get_req(psa_invec *, size_t, psa_outvec *, size_t);
psa_status_t tfm_its_get_info_req(psa_invec *, size_t, psa_outvec *, size_t);
psa_status_t tfm_its_remove_req(psa_invec *, size_t, psa_outvec *, size_t);
+#endif /* TFM_PARTITION_INTERNAL_TRUSTED_STORAGE */
#ifdef TFM_PARTITION_AUDIT_LOG
/******** TFM_SP_AUDIT_LOG ********/
@@ -32,6 +36,7 @@
psa_status_t audit_core_delete_record(psa_invec *, size_t, psa_outvec *, size_t);
#endif /* TFM_PARTITION_AUDIT_LOG */
+#ifdef TFM_PARTITION_CRYPTO
/******** TFM_SP_CRYPTO ********/
psa_status_t tfm_crypto_allocate_key(psa_invec *, size_t, psa_outvec *, size_t);
psa_status_t tfm_crypto_open_key(psa_invec *, size_t, psa_outvec *, size_t);
@@ -78,6 +83,7 @@
psa_status_t tfm_crypto_key_agreement(psa_invec *, size_t, psa_outvec *, size_t);
psa_status_t tfm_crypto_generate_random(psa_invec *, size_t, psa_outvec *, size_t);
psa_status_t tfm_crypto_generate_key(psa_invec *, size_t, psa_outvec *, size_t);
+#endif /* TFM_PARTITION_CRYPTO */
#ifdef TFM_PARTITION_PLATFORM
/******** TFM_SP_PLATFORM ********/
@@ -85,10 +91,12 @@
psa_status_t platform_sp_ioctl(psa_invec *, size_t, psa_outvec *, size_t);
#endif /* TFM_PARTITION_PLATFORM */
+#ifdef TFM_PARTITION_INITIAL_ATTESTATION
/******** TFM_SP_INITIAL_ATTESTATION ********/
psa_status_t initial_attest_get_token(psa_invec *, size_t, psa_outvec *, size_t);
psa_status_t initial_attest_get_token_size(psa_invec *, size_t, psa_outvec *, size_t);
psa_status_t initial_attest_get_public_key(psa_invec *, size_t, psa_outvec *, size_t);
+#endif /* TFM_PARTITION_INITIAL_ATTESTATION */
#ifdef TFM_PARTITION_TEST_CORE
/******** TFM_SP_CORE_TEST ********/
@@ -149,18 +157,22 @@
in_vec, in_len, out_vec, out_len); \
}
+#ifdef TFM_PARTITION_SECURE_STORAGE
/******** TFM_SP_STORAGE ********/
TFM_VENEER_FUNCTION(TFM_SP_STORAGE, tfm_sst_set_req)
TFM_VENEER_FUNCTION(TFM_SP_STORAGE, tfm_sst_get_req)
TFM_VENEER_FUNCTION(TFM_SP_STORAGE, tfm_sst_get_info_req)
TFM_VENEER_FUNCTION(TFM_SP_STORAGE, tfm_sst_remove_req)
TFM_VENEER_FUNCTION(TFM_SP_STORAGE, tfm_sst_get_support_req)
+#endif /* TFM_PARTITION_SECURE_STORAGE */
+#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
/******** TFM_SP_ITS ********/
TFM_VENEER_FUNCTION(TFM_SP_ITS, tfm_its_set_req)
TFM_VENEER_FUNCTION(TFM_SP_ITS, tfm_its_get_req)
TFM_VENEER_FUNCTION(TFM_SP_ITS, tfm_its_get_info_req)
TFM_VENEER_FUNCTION(TFM_SP_ITS, tfm_its_remove_req)
+#endif /* TFM_PARTITION_INTERNAL_TRUSTED_STORAGE */
#ifdef TFM_PARTITION_AUDIT_LOG
/******** TFM_SP_AUDIT_LOG ********/
@@ -171,6 +183,7 @@
TFM_VENEER_FUNCTION(TFM_SP_AUDIT_LOG, audit_core_delete_record)
#endif /* TFM_PARTITION_AUDIT_LOG */
+#ifdef TFM_PARTITION_CRYPTO
/******** TFM_SP_CRYPTO ********/
TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_allocate_key)
TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_open_key)
@@ -217,6 +230,7 @@
TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_key_agreement)
TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_generate_random)
TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_generate_key)
+#endif /* TFM_PARTITION_CRYPTO */
#ifdef TFM_PARTITION_PLATFORM
/******** TFM_SP_PLATFORM ********/
@@ -224,10 +238,12 @@
TFM_VENEER_FUNCTION(TFM_SP_PLATFORM, platform_sp_ioctl)
#endif /* TFM_PARTITION_PLATFORM */
+#ifdef TFM_PARTITION_INITIAL_ATTESTATION
/******** TFM_SP_INITIAL_ATTESTATION ********/
TFM_VENEER_FUNCTION(TFM_SP_INITIAL_ATTESTATION, initial_attest_get_token)
TFM_VENEER_FUNCTION(TFM_SP_INITIAL_ATTESTATION, initial_attest_get_token_size)
TFM_VENEER_FUNCTION(TFM_SP_INITIAL_ATTESTATION, initial_attest_get_public_key)
+#endif /* TFM_PARTITION_INITIAL_ATTESTATION */
#ifdef TFM_PARTITION_TEST_CORE
/******** TFM_SP_CORE_TEST ********/
diff --git a/secure_fw/services/tfm_service_list.inc b/secure_fw/services/tfm_service_list.inc
index b9f0559..e98cfa5 100644
--- a/secure_fw/services/tfm_service_list.inc
+++ b/secure_fw/services/tfm_service_list.inc
@@ -27,6 +27,7 @@
const struct tfm_spm_service_db_t service_db[] =
{
+#ifdef TFM_PARTITION_SECURE_STORAGE
/******** TFM_SP_STORAGE ********/
{
.name = "TFM_SST_SET",
@@ -73,7 +74,9 @@
.version = 1,
.version_policy = TFM_VERSION_POLICY_STRICT
},
+#endif /* TFM_PARTITION_SECURE_STORAGE */
+#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
/******** TFM_SP_ITS ********/
{
.name = "TFM_ITS_SET",
@@ -111,7 +114,9 @@
.version = 1,
.version_policy = TFM_VERSION_POLICY_STRICT
},
+#endif /* TFM_PARTITION_INTERNAL_TRUSTED_STORAGE */
+#ifdef TFM_PARTITION_CRYPTO
/******** TFM_SP_CRYPTO ********/
{
.name = "TFM_CRYPTO",
@@ -122,6 +127,7 @@
.version = 1,
.version_policy = TFM_VERSION_POLICY_STRICT
},
+#endif /* TFM_PARTITION_CRYPTO */
#ifdef TFM_PARTITION_PLATFORM
/******** TFM_SP_PLATFORM ********/
@@ -145,6 +151,7 @@
},
#endif /* TFM_PARTITION_PLATFORM */
+#ifdef TFM_PARTITION_INITIAL_ATTESTATION
/******** TFM_SP_INITIAL_ATTESTATION ********/
{
.name = "TFM_ATTEST_GET_TOKEN",
@@ -173,6 +180,7 @@
.version = 1,
.version_policy = TFM_VERSION_POLICY_STRICT
},
+#endif /* TFM_PARTITION_INITIAL_ATTESTATION */
#ifdef TFM_PARTITION_TEST_CORE
/******** TFM_SP_CORE_TEST ********/
@@ -501,6 +509,7 @@
/**************************************************************************/
struct tfm_spm_service_t service[] =
{
+#ifdef TFM_PARTITION_SECURE_STORAGE
/******** TFM_SP_STORAGE ********/
{
.service_db = NULL,
@@ -537,7 +546,9 @@
.msg_queue = {0},
.list = {0},
},
+#endif /* TFM_PARTITION_SECURE_STORAGE */
+#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
/******** TFM_SP_ITS ********/
{
.service_db = NULL,
@@ -567,7 +578,9 @@
.msg_queue = {0},
.list = {0},
},
+#endif /* TFM_PARTITION_INTERNAL_TRUSTED_STORAGE */
+#ifdef TFM_PARTITION_CRYPTO
/******** TFM_SP_CRYPTO ********/
{
.service_db = NULL,
@@ -576,6 +589,7 @@
.msg_queue = {0},
.list = {0},
},
+#endif /* TFM_PARTITION_CRYPTO */
#ifdef TFM_PARTITION_PLATFORM
/******** TFM_SP_PLATFORM ********/
@@ -595,6 +609,7 @@
},
#endif /* TFM_PARTITION_PLATFORM */
+#ifdef TFM_PARTITION_INITIAL_ATTESTATION
/******** TFM_SP_INITIAL_ATTESTATION ********/
{
.service_db = NULL,
@@ -617,6 +632,7 @@
.msg_queue = {0},
.list = {0},
},
+#endif /* TFM_PARTITION_INITIAL_ATTESTATION */
#ifdef TFM_PARTITION_TEST_CORE
/******** TFM_SP_CORE_TEST ********/
diff --git a/secure_fw/spm/tfm_spm_db.inc b/secure_fw/spm/tfm_spm_db.inc
index 96d11bd..2fbdd90 100644
--- a/secure_fw/spm/tfm_spm_db.inc
+++ b/secure_fw/spm/tfm_spm_db.inc
@@ -16,21 +16,29 @@
/**************************************************************************/
/** IRQ count per partition */
/**************************************************************************/
+#ifdef TFM_PARTITION_SECURE_STORAGE
#define TFM_PARTITION_TFM_SP_STORAGE_IRQ_COUNT 0
+#endif /* TFM_PARTITION_SECURE_STORAGE */
+#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
#define TFM_PARTITION_TFM_SP_ITS_IRQ_COUNT 0
+#endif /* TFM_PARTITION_INTERNAL_TRUSTED_STORAGE */
#ifdef TFM_PARTITION_AUDIT_LOG
#define TFM_PARTITION_TFM_SP_AUDIT_LOG_IRQ_COUNT 0
#endif /* TFM_PARTITION_AUDIT_LOG */
+#ifdef TFM_PARTITION_CRYPTO
#define TFM_PARTITION_TFM_SP_CRYPTO_IRQ_COUNT 0
+#endif /* TFM_PARTITION_CRYPTO */
#ifdef TFM_PARTITION_PLATFORM
#define TFM_PARTITION_TFM_SP_PLATFORM_IRQ_COUNT 0
#endif /* TFM_PARTITION_PLATFORM */
+#ifdef TFM_PARTITION_INITIAL_ATTESTATION
#define TFM_PARTITION_TFM_SP_INITIAL_ATTESTATION_IRQ_COUNT 0
+#endif /* TFM_PARTITION_INITIAL_ATTESTATION */
#ifdef TFM_PARTITION_TEST_CORE
#define TFM_PARTITION_TFM_SP_CORE_TEST_IRQ_COUNT 0
@@ -71,21 +79,29 @@
extern void tfm_nspm_thread_entry(void);
#endif
+#ifdef TFM_PARTITION_SECURE_STORAGE
extern void tfm_sst_req_mngr_init(void);
+#endif /* TFM_PARTITION_SECURE_STORAGE */
+#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
extern void tfm_its_req_mngr_init(void);
+#endif /* TFM_PARTITION_INTERNAL_TRUSTED_STORAGE */
#ifdef TFM_PARTITION_AUDIT_LOG
extern void audit_core_init(void);
#endif /* TFM_PARTITION_AUDIT_LOG */
+#ifdef TFM_PARTITION_CRYPTO
extern void tfm_crypto_init(void);
+#endif /* TFM_PARTITION_CRYPTO */
#ifdef TFM_PARTITION_PLATFORM
extern void platform_sp_init(void);
#endif /* TFM_PARTITION_PLATFORM */
+#ifdef TFM_PARTITION_INITIAL_ATTESTATION
extern void attest_partition_init(void);
+#endif /* TFM_PARTITION_INITIAL_ATTESTATION */
#ifdef TFM_PARTITION_TEST_CORE
extern void core_test_init(void);
@@ -126,6 +142,7 @@
REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Base);
REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
+#ifdef TFM_PARTITION_SECURE_STORAGE
REGION_DECLARE(Image$$, TFM_SP_STORAGE_LINKER, $$Base);
REGION_DECLARE(Image$$, TFM_SP_STORAGE_LINKER, $$Limit);
REGION_DECLARE(Image$$, TFM_SP_STORAGE_LINKER, $$RO$$Base);
@@ -136,7 +153,9 @@
REGION_DECLARE(Image$$, TFM_SP_STORAGE_LINKER, _DATA$$ZI$$Limit);
REGION_DECLARE(Image$$, TFM_SP_STORAGE_LINKER, _STACK$$ZI$$Base);
REGION_DECLARE(Image$$, TFM_SP_STORAGE_LINKER, _STACK$$ZI$$Limit);
+#endif /* TFM_PARTITION_SECURE_STORAGE */
+#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
REGION_DECLARE(Image$$, TFM_SP_ITS_LINKER, $$Base);
REGION_DECLARE(Image$$, TFM_SP_ITS_LINKER, $$Limit);
REGION_DECLARE(Image$$, TFM_SP_ITS_LINKER, $$RO$$Base);
@@ -147,6 +166,7 @@
REGION_DECLARE(Image$$, TFM_SP_ITS_LINKER, _DATA$$ZI$$Limit);
REGION_DECLARE(Image$$, TFM_SP_ITS_LINKER, _STACK$$ZI$$Base);
REGION_DECLARE(Image$$, TFM_SP_ITS_LINKER, _STACK$$ZI$$Limit);
+#endif /* TFM_PARTITION_INTERNAL_TRUSTED_STORAGE */
#ifdef TFM_PARTITION_AUDIT_LOG
REGION_DECLARE(Image$$, TFM_SP_AUDIT_LOG_LINKER, $$Base);
@@ -161,6 +181,7 @@
REGION_DECLARE(Image$$, TFM_SP_AUDIT_LOG_LINKER, _STACK$$ZI$$Limit);
#endif /* TFM_PARTITION_AUDIT_LOG */
+#ifdef TFM_PARTITION_CRYPTO
REGION_DECLARE(Image$$, TFM_SP_CRYPTO_LINKER, $$Base);
REGION_DECLARE(Image$$, TFM_SP_CRYPTO_LINKER, $$Limit);
REGION_DECLARE(Image$$, TFM_SP_CRYPTO_LINKER, $$RO$$Base);
@@ -171,6 +192,7 @@
REGION_DECLARE(Image$$, TFM_SP_CRYPTO_LINKER, _DATA$$ZI$$Limit);
REGION_DECLARE(Image$$, TFM_SP_CRYPTO_LINKER, _STACK$$ZI$$Base);
REGION_DECLARE(Image$$, TFM_SP_CRYPTO_LINKER, _STACK$$ZI$$Limit);
+#endif /* TFM_PARTITION_CRYPTO */
#ifdef TFM_PARTITION_PLATFORM
REGION_DECLARE(Image$$, TFM_SP_PLATFORM_LINKER, $$Base);
@@ -185,6 +207,7 @@
REGION_DECLARE(Image$$, TFM_SP_PLATFORM_LINKER, _STACK$$ZI$$Limit);
#endif /* TFM_PARTITION_PLATFORM */
+#ifdef TFM_PARTITION_INITIAL_ATTESTATION
REGION_DECLARE(Image$$, TFM_SP_INITIAL_ATTESTATION_LINKER, $$Base);
REGION_DECLARE(Image$$, TFM_SP_INITIAL_ATTESTATION_LINKER, $$Limit);
REGION_DECLARE(Image$$, TFM_SP_INITIAL_ATTESTATION_LINKER, $$RO$$Base);
@@ -195,6 +218,7 @@
REGION_DECLARE(Image$$, TFM_SP_INITIAL_ATTESTATION_LINKER, _DATA$$ZI$$Limit);
REGION_DECLARE(Image$$, TFM_SP_INITIAL_ATTESTATION_LINKER, _STACK$$ZI$$Base);
REGION_DECLARE(Image$$, TFM_SP_INITIAL_ATTESTATION_LINKER, _STACK$$ZI$$Limit);
+#endif /* TFM_PARTITION_INITIAL_ATTESTATION */
#ifdef TFM_PARTITION_TEST_CORE
REGION_DECLARE(Image$$, TFM_SP_CORE_TEST_LINKER, $$Base);
@@ -321,19 +345,23 @@
static uint32_t tfm_core_interrupt_ctx_stack[
sizeof(struct interrupted_ctx_stack_frame_t) / sizeof(uint32_t)];
+#ifdef TFM_PARTITION_SECURE_STORAGE
static uint32_t ctx_stack_TFM_SP_STORAGE[
(sizeof(struct interrupted_ctx_stack_frame_t) +
(TFM_PARTITION_TFM_SP_STORAGE_IRQ_COUNT) * (
sizeof(struct interrupted_ctx_stack_frame_t) +
sizeof(struct handler_ctx_stack_frame_t)
)) / sizeof(uint32_t)];
+#endif /* TFM_PARTITION_SECURE_STORAGE */
+#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
static uint32_t ctx_stack_TFM_SP_ITS[
(sizeof(struct interrupted_ctx_stack_frame_t) +
(TFM_PARTITION_TFM_SP_ITS_IRQ_COUNT) * (
sizeof(struct interrupted_ctx_stack_frame_t) +
sizeof(struct handler_ctx_stack_frame_t)
)) / sizeof(uint32_t)];
+#endif /* TFM_PARTITION_INTERNAL_TRUSTED_STORAGE */
#ifdef TFM_PARTITION_AUDIT_LOG
static uint32_t ctx_stack_TFM_SP_AUDIT_LOG[
@@ -344,12 +372,14 @@
)) / sizeof(uint32_t)];
#endif /* TFM_PARTITION_AUDIT_LOG */
+#ifdef TFM_PARTITION_CRYPTO
static uint32_t ctx_stack_TFM_SP_CRYPTO[
(sizeof(struct interrupted_ctx_stack_frame_t) +
(TFM_PARTITION_TFM_SP_CRYPTO_IRQ_COUNT) * (
sizeof(struct interrupted_ctx_stack_frame_t) +
sizeof(struct handler_ctx_stack_frame_t)
)) / sizeof(uint32_t)];
+#endif /* TFM_PARTITION_CRYPTO */
#ifdef TFM_PARTITION_PLATFORM
static uint32_t ctx_stack_TFM_SP_PLATFORM[
@@ -360,12 +390,14 @@
)) / sizeof(uint32_t)];
#endif /* TFM_PARTITION_PLATFORM */
+#ifdef TFM_PARTITION_INITIAL_ATTESTATION
static uint32_t ctx_stack_TFM_SP_INITIAL_ATTESTATION[
(sizeof(struct interrupted_ctx_stack_frame_t) +
(TFM_PARTITION_TFM_SP_INITIAL_ATTESTATION_IRQ_COUNT) * (
sizeof(struct interrupted_ctx_stack_frame_t) +
sizeof(struct handler_ctx_stack_frame_t)
)) / sizeof(uint32_t)];
+#endif /* TFM_PARTITION_INITIAL_ATTESTATION */
#ifdef TFM_PARTITION_TEST_CORE
static uint32_t ctx_stack_TFM_SP_CORE_TEST[
@@ -444,16 +476,24 @@
{
ns_interrupt_ctx_stack,
tfm_core_interrupt_ctx_stack,
+#ifdef TFM_PARTITION_SECURE_STORAGE
ctx_stack_TFM_SP_STORAGE,
+#endif /* TFM_PARTITION_SECURE_STORAGE */
+#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
ctx_stack_TFM_SP_ITS,
+#endif /* TFM_PARTITION_INTERNAL_TRUSTED_STORAGE */
#ifdef TFM_PARTITION_AUDIT_LOG
ctx_stack_TFM_SP_AUDIT_LOG,
#endif /* TFM_PARTITION_AUDIT_LOG */
+#ifdef TFM_PARTITION_CRYPTO
ctx_stack_TFM_SP_CRYPTO,
+#endif /* TFM_PARTITION_CRYPTO */
#ifdef TFM_PARTITION_PLATFORM
ctx_stack_TFM_SP_PLATFORM,
#endif /* TFM_PARTITION_PLATFORM */
+#ifdef TFM_PARTITION_INITIAL_ATTESTATION
ctx_stack_TFM_SP_INITIAL_ATTESTATION,
+#endif /* TFM_PARTITION_INITIAL_ATTESTATION */
#ifdef TFM_PARTITION_TEST_CORE
ctx_stack_TFM_SP_CORE_TEST,
#endif /* TFM_PARTITION_TEST_CORE */
@@ -484,15 +524,19 @@
/**************************************************************************/
/** Dependencies array for Secure Partition */
/**************************************************************************/
+#ifdef TFM_PARTITION_SECURE_STORAGE
static int32_t dependencies_TFM_SP_STORAGE[] =
{
TFM_CRYPTO_SID,
};
+#endif /* TFM_PARTITION_SECURE_STORAGE */
+#ifdef TFM_PARTITION_INITIAL_ATTESTATION
static int32_t dependencies_TFM_SP_INITIAL_ATTESTATION[] =
{
TFM_CRYPTO_SID,
};
+#endif /* TFM_PARTITION_INITIAL_ATTESTATION */
#ifdef TFM_PARTITION_TEST_CORE
static int32_t dependencies_TFM_SP_CORE_TEST[] =
@@ -580,6 +624,7 @@
},
#endif
+#ifdef TFM_PARTITION_SECURE_STORAGE
{
#ifdef TFM_PSA_API
.psa_framework_version = 0x0100,
@@ -593,7 +638,9 @@
.dependencies_num = 1,
.p_dependencies = dependencies_TFM_SP_STORAGE,
},
+#endif /* TFM_PARTITION_SECURE_STORAGE */
+#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
{
#ifdef TFM_PSA_API
.psa_framework_version = 0x0100,
@@ -607,6 +654,7 @@
.dependencies_num = 0,
.p_dependencies = NULL,
},
+#endif /* TFM_PARTITION_INTERNAL_TRUSTED_STORAGE */
#ifdef TFM_PARTITION_AUDIT_LOG
{
@@ -624,6 +672,7 @@
},
#endif /* TFM_PARTITION_AUDIT_LOG */
+#ifdef TFM_PARTITION_CRYPTO
{
#ifdef TFM_PSA_API
.psa_framework_version = 0x0100,
@@ -637,6 +686,7 @@
.dependencies_num = 0,
.p_dependencies = NULL,
},
+#endif /* TFM_PARTITION_CRYPTO */
#ifdef TFM_PARTITION_PLATFORM
{
@@ -654,6 +704,7 @@
},
#endif /* TFM_PARTITION_PLATFORM */
+#ifdef TFM_PARTITION_INITIAL_ATTESTATION
{
#ifdef TFM_PSA_API
.psa_framework_version = 0x0100,
@@ -667,6 +718,7 @@
.dependencies_num = 1,
.p_dependencies = dependencies_TFM_SP_INITIAL_ATTESTATION,
},
+#endif /* TFM_PARTITION_INITIAL_ATTESTATION */
#ifdef TFM_PARTITION_TEST_CORE
{
@@ -847,21 +899,29 @@
NULL,
#endif
+#ifdef TFM_PARTITION_SECURE_STORAGE
NULL,
+#endif /* TFM_PARTITION_SECURE_STORAGE */
+#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
NULL,
+#endif /* TFM_PARTITION_INTERNAL_TRUSTED_STORAGE */
#ifdef TFM_PARTITION_AUDIT_LOG
platform_data_list_TFM_SP_AUDIT_LOG,
#endif /* TFM_PARTITION_AUDIT_LOG */
+#ifdef TFM_PARTITION_CRYPTO
NULL,
+#endif /* TFM_PARTITION_CRYPTO */
#ifdef TFM_PARTITION_PLATFORM
NULL,
#endif /* TFM_PARTITION_PLATFORM */
+#ifdef TFM_PARTITION_INITIAL_ATTESTATION
NULL,
+#endif /* TFM_PARTITION_INITIAL_ATTESTATION */
#ifdef TFM_PARTITION_TEST_CORE
platform_data_list_TFM_SP_CORE_TEST,
@@ -908,6 +968,7 @@
.stack_top = PART_REGION_ADDR(ARM_LIB_STACK, $$ZI$$Limit),
.rw_start = PART_REGION_ADDR(ARM_LIB_STACK, $$ZI$$Base),
},
+#ifdef TFM_PARTITION_SECURE_STORAGE
{
.code_start = PART_REGION_ADDR(TFM_SP_STORAGE_LINKER, $$Base),
.code_limit = PART_REGION_ADDR(TFM_SP_STORAGE_LINKER, $$Limit),
@@ -920,7 +981,9 @@
.stack_bottom = PART_REGION_ADDR(TFM_SP_STORAGE_LINKER, _STACK$$ZI$$Base),
.stack_top = PART_REGION_ADDR(TFM_SP_STORAGE_LINKER, _STACK$$ZI$$Limit),
},
+#endif /* TFM_PARTITION_SECURE_STORAGE */
+#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
{
.code_start = PART_REGION_ADDR(TFM_SP_ITS_LINKER, $$Base),
.code_limit = PART_REGION_ADDR(TFM_SP_ITS_LINKER, $$Limit),
@@ -933,6 +996,7 @@
.stack_bottom = PART_REGION_ADDR(TFM_SP_ITS_LINKER, _STACK$$ZI$$Base),
.stack_top = PART_REGION_ADDR(TFM_SP_ITS_LINKER, _STACK$$ZI$$Limit),
},
+#endif /* TFM_PARTITION_INTERNAL_TRUSTED_STORAGE */
#ifdef TFM_PARTITION_AUDIT_LOG
{
@@ -949,6 +1013,7 @@
},
#endif /* TFM_PARTITION_AUDIT_LOG */
+#ifdef TFM_PARTITION_CRYPTO
{
.code_start = PART_REGION_ADDR(TFM_SP_CRYPTO_LINKER, $$Base),
.code_limit = PART_REGION_ADDR(TFM_SP_CRYPTO_LINKER, $$Limit),
@@ -961,6 +1026,7 @@
.stack_bottom = PART_REGION_ADDR(TFM_SP_CRYPTO_LINKER, _STACK$$ZI$$Base),
.stack_top = PART_REGION_ADDR(TFM_SP_CRYPTO_LINKER, _STACK$$ZI$$Limit),
},
+#endif /* TFM_PARTITION_CRYPTO */
#ifdef TFM_PARTITION_PLATFORM
{
@@ -977,6 +1043,7 @@
},
#endif /* TFM_PARTITION_PLATFORM */
+#ifdef TFM_PARTITION_INITIAL_ATTESTATION
{
.code_start = PART_REGION_ADDR(TFM_SP_INITIAL_ATTESTATION_LINKER, $$Base),
.code_limit = PART_REGION_ADDR(TFM_SP_INITIAL_ATTESTATION_LINKER, $$Limit),
@@ -989,6 +1056,7 @@
.stack_bottom = PART_REGION_ADDR(TFM_SP_INITIAL_ATTESTATION_LINKER, _STACK$$ZI$$Base),
.stack_top = PART_REGION_ADDR(TFM_SP_INITIAL_ATTESTATION_LINKER, _STACK$$ZI$$Limit),
},
+#endif /* TFM_PARTITION_INITIAL_ATTESTATION */
#ifdef TFM_PARTITION_TEST_CORE
{
@@ -1126,22 +1194,26 @@
/* -----------------------------------------------------------------------*/
/* - Partition DB record for TFM_SP_STORAGE */
/* -----------------------------------------------------------------------*/
+#ifdef TFM_PARTITION_SECURE_STORAGE
{
/* Runtime data */
.runtime_data = {},
.static_data = NULL,
.platform_data_list = NULL,
},
+#endif /* TFM_PARTITION_SECURE_STORAGE */
/* -----------------------------------------------------------------------*/
/* - Partition DB record for TFM_SP_ITS */
/* -----------------------------------------------------------------------*/
+#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
{
/* Runtime data */
.runtime_data = {},
.static_data = NULL,
.platform_data_list = NULL,
},
+#endif /* TFM_PARTITION_INTERNAL_TRUSTED_STORAGE */
/* -----------------------------------------------------------------------*/
/* - Partition DB record for TFM_SP_AUDIT_LOG */
@@ -1158,12 +1230,14 @@
/* -----------------------------------------------------------------------*/
/* - Partition DB record for TFM_SP_CRYPTO */
/* -----------------------------------------------------------------------*/
+#ifdef TFM_PARTITION_CRYPTO
{
/* Runtime data */
.runtime_data = {},
.static_data = NULL,
.platform_data_list = NULL,
},
+#endif /* TFM_PARTITION_CRYPTO */
/* -----------------------------------------------------------------------*/
/* - Partition DB record for TFM_SP_PLATFORM */
@@ -1180,12 +1254,14 @@
/* -----------------------------------------------------------------------*/
/* - Partition DB record for TFM_SP_INITIAL_ATTESTATION */
/* -----------------------------------------------------------------------*/
+#ifdef TFM_PARTITION_INITIAL_ATTESTATION
{
/* Runtime data */
.runtime_data = {},
.static_data = NULL,
.platform_data_list = NULL,
},
+#endif /* TFM_PARTITION_INITIAL_ATTESTATION */
/* -----------------------------------------------------------------------*/
/* - Partition DB record for TFM_SP_CORE_TEST */
diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt
index 5078f57..926a1f0 100644
--- a/test/CMakeLists.txt
+++ b/test/CMakeLists.txt
@@ -42,6 +42,22 @@
message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_AUDIT_LOG is undefined.")
endif()
+if (NOT DEFINED TFM_PARTITION_SECURE_STORAGE)
+ message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_SECURE_STORAGE is undefined.")
+endif()
+
+if (NOT DEFINED TFM_PARTITION_INTERNAL_TRUSTED_STORAGE)
+ message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_INTERNAL_TRUSTED_STORAGE is undefined.")
+endif()
+
+if (NOT DEFINED TFM_PARTITION_CRYPTO)
+ message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_CRYPTO is undefined.")
+endif()
+
+if (NOT DEFINED TFM_PARTITION_INITIAL_ATTESTATION)
+ message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_INITIAL_ATTESTATION is undefined.")
+endif()
+
if (NOT DEFINED TFM_ENABLE_IRQ_TEST)
message(FATAL_ERROR "Incomplete build configuration: TFM_ENABLE_IRQ_TEST is undefined.")
endif()
@@ -108,10 +124,6 @@
embedded_set_target_compile_defines(TARGET tfm_non_secure_tests LANGUAGE C DEFINES ENABLE_QCBOR_TESTS APPEND)
endif()
-if (NOT TFM_PARTITION_AUDIT_LOG)
- set(ENABLE_AUDIT_LOGGING_SERVICE_TESTS FALSE)
-endif()
-
if (ENABLE_AUDIT_LOGGING_SERVICE_TESTS)
embedded_set_target_compile_defines(TARGET tfm_secure_tests LANGUAGE C DEFINES ENABLE_AUDIT_LOGGING_SERVICE_TESTS APPEND)
embedded_set_target_compile_defines(TARGET tfm_non_secure_tests LANGUAGE C DEFINES ENABLE_AUDIT_LOGGING_SERVICE_TESTS APPEND)
diff --git a/test/TestConfig.cmake b/test/TestConfig.cmake
index dd9d6f2..8d97178 100644
--- a/test/TestConfig.cmake
+++ b/test/TestConfig.cmake
@@ -12,3 +12,28 @@
option(ENABLE_ATTESTATION_SERVICE_TESTS "Option for attestation service tests" TRUE)
option(ENABLE_PLATFORM_SERVICE_TESTS "Option for platform service tests" TRUE)
option(ENABLE_QCBOR_TESTS "Option for qcbor tests" TRUE)
+
+# If a partition is not enabled, then neither should its tests.
+if (NOT TFM_PARTITION_SECURE_STORAGE)
+ set(ENABLE_SECURE_STORAGE_SERVICE_TESTS FALSE)
+endif()
+
+if (NOT TFM_PARTITION_INTERNAL_TRUSTED_STORAGE)
+ set(ENABLE_INTERNAL_TRUSTED_STORAGE_SERVICE_TESTS FALSE)
+endif()
+
+if (NOT TFM_PARTITION_CRYPTO)
+ set(ENABLE_CRYPTO_SERVICE_TESTS FALSE)
+endif()
+
+if (NOT TFM_PARTITION_INITIAL_ATTESTATION)
+ set(ENABLE_ATTESTATION_SERVICE_TESTS FALSE)
+endif()
+
+if (NOT TFM_PARTITION_PLATFORM)
+ set(ENABLE_PLATFORM_SERVICE_TESTS FALSE)
+endif()
+
+if (NOT TFM_PARTITION_AUDIT_LOG)
+ set(ENABLE_AUDIT_LOGGING_SERVICE_TESTS FALSE)
+endif()
diff --git a/tools/tfm_manifest_list.yaml b/tools/tfm_manifest_list.yaml
index c1f54cd..6a93847 100644
--- a/tools/tfm_manifest_list.yaml
+++ b/tools/tfm_manifest_list.yaml
@@ -17,6 +17,7 @@
"manifest": "secure_fw/services/secure_storage/tfm_secure_storage.yaml",
"tfm_extensions": true,
"tfm_partition_ipc": true,
+ "conditional": "TFM_PARTITION_SECURE_STORAGE",
"version_major": 0,
"version_minor": 1,
"pid": 256
@@ -27,6 +28,7 @@
"manifest": "secure_fw/services/internal_trusted_storage/tfm_internal_trusted_storage.yaml",
"tfm_extensions": true,
"tfm_partition_ipc": true,
+ "conditional": "TFM_PARTITION_INTERNAL_TRUSTED_STORAGE",
"version_major": 0,
"version_minor": 1,
"pid": 257
@@ -35,9 +37,9 @@
"name": "TFM Audit Log Service",
"short_name": "TFM_SP_AUDIT_LOG",
"manifest": "secure_fw/services/audit_logging/tfm_audit_logging.yaml",
- "conditional": "TFM_PARTITION_AUDIT_LOG",
"tfm_extensions": true,
"tfm_partition_ipc": false,
+ "conditional": "TFM_PARTITION_AUDIT_LOG",
"version_major": 0,
"version_minor": 1,
"pid": 258
@@ -48,6 +50,7 @@
"manifest": "secure_fw/services/crypto/tfm_crypto.yaml",
"tfm_extensions": true,
"tfm_partition_ipc": true,
+ "conditional": "TFM_PARTITION_CRYPTO",
"version_major": 0,
"version_minor": 1,
"pid": 259
@@ -69,6 +72,7 @@
"manifest": "secure_fw/services/initial_attestation/tfm_initial_attestation.yaml",
"tfm_extensions": true,
"tfm_partition_ipc": true,
+ "conditional": "TFM_PARTITION_INITIAL_ATTESTATION",
"version_major": 0,
"version_minor": 1,
"pid": 261