commit aefbe08fb68dc0c8c4e37e44abf703dc44ee16c5
author Raef Coles <raef.coles@arm.com> Fri Jun 18 08:53:43 2021 +0100
committer Raef Coles <raef.coles@arm.com> Thu Oct 07 09:10:40 2021 +0100
tree c43f6604049d32bba8fbb52374623940e1db3de2
parent 148b947b24e59e2a4535102df4e4b387ad03da6b

Platform: Add provisioning api and implementation

Provision data and secrets to OTP memory, where they can later be
retrieved. Used for all data that should be changed on a per-device /
per-implementation basis. Add a cmake option to replace with
platform-specific implementation. Update provisioning documentation.

Change-Id: I0f2e85e93c12bd47b9f68490672d0fc0695e1612
Signed-off-by: Raef Coles <raef.coles@arm.com>

secure_fw/spm/cmsis_func/main.c

diff --git a/secure_fw/spm/cmsis_func/main.c b/secure_fw/spm/cmsis_func/main.c
index c889748..d8dadbc 100644
--- a/secure_fw/spm/cmsis_func/main.c
+++ b/secure_fw/spm/cmsis_func/main.c
@@ -18,6 +18,8 @@
 #include "tfm_spm_hal.h"
 #include "tfm_spm_log.h"
 #include "tfm_version.h"
+#include "tfm_plat_otp.h"
+#include "tfm_plat_provisioning.h"
 
 /*
  * Avoids the semihosting issue
@@ -94,6 +96,21 @@
         FIH_RET(fih_int_encode(TFM_ERROR_GENERIC));
     }
 
+    plat_err = tfm_plat_otp_init();
+    if (plat_err != TFM_PLAT_ERR_SUCCESS) {
+            FIH_RET(fih_int_encode(TFM_ERROR_GENERIC));
+    }
+
+    /* Perform provisioning. */
+    if (tfm_plat_provisioning_is_required()) {
+        plat_err = tfm_plat_provisioning_perform();
+        if (plat_err != TFM_PLAT_ERR_SUCCESS) {
+            FIH_RET(fih_int_encode(TFM_ERROR_GENERIC));
+        }
+    } else {
+        tfm_plat_provisioning_check_for_dummy_keys();
+    }
+
     /* Configures architecture */
     tfm_arch_config_extensions();