Merge remote-tracking branch 'origin/master' into feature-cc-psa-crypto-drivers
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: I60c51e7da4ed81437c5dec8ce1a4a4e3f6e74df6
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 060beba..5ad39c3 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -7,7 +7,7 @@
cmake_minimum_required(VERSION 3.15)
-set(TFM_VERSION 1.3.0)
+set(TFM_VERSION 1.4.0)
############################ CONFIGURATION #####################################
@@ -71,6 +71,15 @@
project("Trusted Firmware M" VERSION ${TFM_VERSION} LANGUAGES C ASM)
tfm_toolchain_reload_compiler()
+# Synchronise the install path variables. If CMAKE_INSTALL_PREFIX is manually
+# set then set both to the value of that, else set both to the value of
+# TFM_INSTALL_PATH. This has to be done after the call to `project()`.
+if(CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT)
+ set(CMAKE_INSTALL_PREFIX ${TFM_INSTALL_PATH} CACHE PATH "" FORCE)
+else()
+ set(TFM_INSTALL_PATH ${CMAKE_INSTALL_PREFIX} CACHE PATH "Path to which to install TF-M files" FORCE)
+endif()
+
############################ Config Check ######################################
include(${CMAKE_SOURCE_DIR}/config/check_config.cmake)
@@ -97,7 +106,7 @@
endif()
add_subdirectory(platform)
-if(NS AND (TEST_S OR TEST_NS))
+if(NS AND TFM_TEST)
# Set to ${TFM_TEST_REPO_PATH}/test by default
add_subdirectory(${TFM_TEST_PATH} ${CMAKE_CURRENT_BINARY_DIR}/test)
endif()
diff --git a/bl2/CMakeLists.txt b/bl2/CMakeLists.txt
index cbdd796..049d1e5 100644
--- a/bl2/CMakeLists.txt
+++ b/bl2/CMakeLists.txt
@@ -10,8 +10,9 @@
project("Bootloader" VERSION 0.1.0 LANGUAGES C ASM)
add_executable(bl2
- src/security_cnt.c
src/flash_map.c
+ $<$<BOOL:${DEFAULT_MCUBOOT_SECURITY_COUNTERS}>:src/security_cnt.c>
+ $<$<BOOL:${DEFAULT_MCUBOOT_FLASH_MAP}>:src/default_flash_map.c>
$<$<BOOL:${MCUBOOT_DATA_SHARING}>:src/shared_data.c>
)
@@ -41,6 +42,11 @@
$<$<C_COMPILER_ID:IAR>:--map\;${CMAKE_BINARY_DIR}/bin/bl2.map>
)
+target_compile_definitions(bl2
+ PRIVATE
+ $<$<BOOL:${DEFAULT_MCUBOOT_FLASH_MAP}>:DEFAULT_MCUBOOT_FLASH_MAP>
+)
+
add_convert_to_bin_target(bl2)
############################### BOOT HAL # #####################################
@@ -101,6 +107,11 @@
bl2_mbedcrypto_config
)
+target_include_directories(bl2_mbedcrypto
+ PUBLIC
+ ${MBEDCRYPTO_PATH}/library
+)
+
############################### CODE SHARING ###################################
if (TFM_CODE_SHARING)
diff --git a/bl2/ext/mcuboot/CMakeLists.txt b/bl2/ext/mcuboot/CMakeLists.txt
index 4548515..4a0a5c7 100644
--- a/bl2/ext/mcuboot/CMakeLists.txt
+++ b/bl2/ext/mcuboot/CMakeLists.txt
@@ -27,6 +27,11 @@
bl2_mbedcrypto
)
+target_compile_definitions(bootutil
+ PRIVATE
+ $<$<BOOL:${DEFAULT_MCUBOOT_FLASH_MAP}>:DEFAULT_MCUBOOT_FLASH_MAP>
+)
+
target_include_directories(mcuboot_config
INTERFACE
$<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}> # for mcuboot_config.h only
diff --git a/bl2/ext/mcuboot/bl2_main.c b/bl2/ext/mcuboot/bl2_main.c
index ab77052..9876239 100644
--- a/bl2/ext/mcuboot/bl2_main.c
+++ b/bl2/ext/mcuboot/bl2_main.c
@@ -1,6 +1,6 @@
/*
* Copyright (c) 2012-2014 Wind River Systems, Inc.
- * Copyright (c) 2017-2020 Arm Limited.
+ * Copyright (c) 2017-2021 Arm Limited.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -36,7 +36,7 @@
#endif
#ifdef MCUBOOT_ENCRYPT_RSA
-#define BL2_MBEDTLS_MEM_BUF_LEN 0x225C
+#define BL2_MBEDTLS_MEM_BUF_LEN 0x3000
#else
#define BL2_MBEDTLS_MEM_BUF_LEN 0x2000
#endif
diff --git a/bl2/ext/mcuboot/config/mcuboot-mbedtls-cfg.h b/bl2/ext/mcuboot/config/mcuboot-mbedtls-cfg.h
index 244a34b..9c505e0 100644
--- a/bl2/ext/mcuboot/config/mcuboot-mbedtls-cfg.h
+++ b/bl2/ext/mcuboot/config/mcuboot-mbedtls-cfg.h
@@ -1,7 +1,7 @@
/*
* Minimal configuration for using TLS in the bootloader
*
- * Copyright (C) 2006-2020, Arm Limited. All rights reserved.
+ * Copyright (C) 2006-2021, Arm Limited. All rights reserved.
* Copyright (C) 2016, Linaro Ltd
*
* SPDX-License-Identifier: Apache-2.0
@@ -56,6 +56,7 @@
#define MBEDTLS_MD_C
#define MBEDTLS_OID_C
#define MBEDTLS_SHA256_C
+#define MBEDTLS_SHA224_C
#define MBEDTLS_AES_C
#define MBEDTLS_CIPHER_MODE_CTR
diff --git a/bl2/ext/mcuboot/include/flash_map_backend/flash_map_backend.h b/bl2/ext/mcuboot/include/flash_map_backend/flash_map_backend.h
index cd68c74..cf25654 100644
--- a/bl2/ext/mcuboot/include/flash_map_backend/flash_map_backend.h
+++ b/bl2/ext/mcuboot/include/flash_map_backend/flash_map_backend.h
@@ -1,7 +1,7 @@
/*
* Copyright (c) 2018 Nordic Semiconductor ASA
* Copyright (c) 2015 Runtime Inc
- * Copyright (c) 2020 Arm Limited.
+ * Copyright (c) 2020-2021 Arm Limited.
*
* SPDX-License-Identifier: Apache-2.0
*/
@@ -73,6 +73,37 @@
int flash_area_read_is_empty(const struct flash_area *fa, uint32_t off,
void *dst, uint32_t len);
+static inline uint8_t flash_area_get_id(const struct flash_area *fa)
+{
+ return fa->fa_id;
+}
+
+static inline uint8_t flash_area_get_device_id(const struct flash_area *fa)
+{
+ return fa->fa_device_id;
+}
+
+static inline uint32_t flash_area_get_off(const struct flash_area *fa)
+{
+ return fa->fa_off;
+}
+
+static inline uint32_t flash_area_get_size(const struct flash_area *fa)
+{
+ return fa->fa_size;
+}
+
+static inline uint32_t flash_sector_get_off(const struct flash_sector *fs)
+{
+ return fs->fs_off;
+}
+
+static inline uint32_t flash_sector_get_size(const struct flash_sector *fs)
+{
+ return fs->fs_size;
+}
+
+
#ifdef __cplusplus
}
#endif
diff --git a/bl2/ext/mcuboot/include/sysflash/sysflash.h b/bl2/ext/mcuboot/include/sysflash/sysflash.h
index 33f9290..b5d166d 100644
--- a/bl2/ext/mcuboot/include/sysflash/sysflash.h
+++ b/bl2/ext/mcuboot/include/sysflash/sysflash.h
@@ -4,7 +4,7 @@
* Original code taken from mcuboot project at:
* https://github.com/mcu-tools/mcuboot
* Git SHA of the original version: ac55554059147fff718015be9f4bd3108123f50a
- * Modifications are Copyright (c) 2020 Arm Limited.
+ * Modifications are Copyright (c) 2020-2021 Arm Limited.
*/
#ifndef __SYSFLASH_H__
@@ -16,6 +16,8 @@
extern "C" {
#endif
+#ifdef DEFAULT_MCUBOOT_FLASH_MAP
+
#if (MCUBOOT_IMAGE_NUMBER == 1)
/*
* NOTE: the definition below returns the same values for true/false on
@@ -43,6 +45,8 @@
#define FLASH_AREA_IMAGE_SCRATCH FLASH_AREA_SCRATCH_ID
+#endif /* DEFAULT_MCUBOOT_FLASH_MAP */
+
#ifdef __cplusplus
}
#endif
diff --git a/bl2/ext/mcuboot/include/target.h b/bl2/ext/mcuboot/include/target.h
index 9ead129..a32dbf2 100644
--- a/bl2/ext/mcuboot/include/target.h
+++ b/bl2/ext/mcuboot/include/target.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2017, Linaro Ltd
- * Copyright (c) 2018-2020, Arm Limited.
+ * Copyright (c) 2018-2021, Arm Limited.
*
* SPDX-License-Identifier: Apache-2.0
*/
@@ -19,6 +19,9 @@
*/
#include "flash_layout.h"
+#ifdef DEFAULT_MCUBOOT_FLASH_MAP
+/* No need to check the platform defines if custom flash map is used */
+
#ifndef FLASH_BASE_ADDRESS
#error "FLASH_BASE_ADDRESS must be defined by the target"
#endif
@@ -118,4 +121,6 @@
#error "MCUBOOT_MAX_IMG_SECTORS must be defined by the target"
#endif
+#endif /* DEFAULT_MCUBOOT_FLASH_MAP */
+
#endif /* H_TARGETS_TARGET_ */
diff --git a/bl2/src/default_flash_map.c b/bl2/src/default_flash_map.c
new file mode 100644
index 0000000..4c8fcde
--- /dev/null
+++ b/bl2/src/default_flash_map.c
@@ -0,0 +1,92 @@
+/*
+ * Copyright (c) 2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include <stdbool.h>
+#include "flash_map/flash_map.h"
+#include "target.h"
+#include "Driver_Flash.h"
+
+/* When undefined FLASH_DEV_NAME_0 or FLASH_DEVICE_ID_0 , default */
+#if !defined(FLASH_DEV_NAME_0) || !defined(FLASH_DEVICE_ID_0)
+#define FLASH_DEV_NAME_0 FLASH_DEV_NAME
+#define FLASH_DEVICE_ID_0 FLASH_DEVICE_ID
+#endif
+
+/* When undefined FLASH_DEV_NAME_1 or FLASH_DEVICE_ID_1 , default */
+#if !defined(FLASH_DEV_NAME_1) || !defined(FLASH_DEVICE_ID_1)
+#define FLASH_DEV_NAME_1 FLASH_DEV_NAME
+#define FLASH_DEVICE_ID_1 FLASH_DEVICE_ID
+#endif
+
+/* When undefined FLASH_DEV_NAME_2 or FLASH_DEVICE_ID_2 , default */
+#if !defined(FLASH_DEV_NAME_2) || !defined(FLASH_DEVICE_ID_2)
+#define FLASH_DEV_NAME_2 FLASH_DEV_NAME
+#define FLASH_DEVICE_ID_2 FLASH_DEVICE_ID
+#endif
+
+/* When undefined FLASH_DEV_NAME_3 or FLASH_DEVICE_ID_3 , default */
+#if !defined(FLASH_DEV_NAME_3) || !defined(FLASH_DEVICE_ID_3)
+#define FLASH_DEV_NAME_3 FLASH_DEV_NAME
+#define FLASH_DEVICE_ID_3 FLASH_DEVICE_ID
+#endif
+
+/* When undefined FLASH_DEV_NAME_SCRATCH or FLASH_DEVICE_ID_SCRATCH , default */
+#if !defined(FLASH_DEV_NAME_SCRATCH) || !defined(FLASH_DEVICE_ID_SCRATCH)
+#define FLASH_DEV_NAME_SCRATCH FLASH_DEV_NAME
+#define FLASH_DEVICE_ID_SCRATCH FLASH_DEVICE_ID
+#endif
+
+#define ARRAY_SIZE(arr) (sizeof(arr)/sizeof((arr)[0]))
+
+/* Flash device names must be specified by target */
+extern ARM_DRIVER_FLASH FLASH_DEV_NAME_0;
+extern ARM_DRIVER_FLASH FLASH_DEV_NAME_1;
+extern ARM_DRIVER_FLASH FLASH_DEV_NAME_2;
+extern ARM_DRIVER_FLASH FLASH_DEV_NAME_3;
+extern ARM_DRIVER_FLASH FLASH_DEV_NAME_SCRATCH;
+
+const struct flash_area flash_map[] = {
+ {
+ .fa_id = FLASH_AREA_0_ID,
+ .fa_device_id = FLASH_DEVICE_ID_0,
+ .fa_driver = &FLASH_DEV_NAME_0,
+ .fa_off = FLASH_AREA_0_OFFSET,
+ .fa_size = FLASH_AREA_0_SIZE,
+ },
+ {
+ .fa_id = FLASH_AREA_2_ID,
+ .fa_device_id = FLASH_DEVICE_ID_2,
+ .fa_driver = &FLASH_DEV_NAME_2,
+ .fa_off = FLASH_AREA_2_OFFSET,
+ .fa_size = FLASH_AREA_2_SIZE,
+ },
+#if (MCUBOOT_IMAGE_NUMBER == 2)
+ {
+ .fa_id = FLASH_AREA_1_ID,
+ .fa_device_id = FLASH_DEVICE_ID_1,
+ .fa_driver = &FLASH_DEV_NAME_1,
+ .fa_off = FLASH_AREA_1_OFFSET,
+ .fa_size = FLASH_AREA_1_SIZE,
+ },
+ {
+ .fa_id = FLASH_AREA_3_ID,
+ .fa_device_id = FLASH_DEVICE_ID_3,
+ .fa_driver = &FLASH_DEV_NAME_3,
+ .fa_off = FLASH_AREA_3_OFFSET,
+ .fa_size = FLASH_AREA_3_SIZE,
+ },
+#endif
+ {
+ .fa_id = FLASH_AREA_SCRATCH_ID,
+ .fa_device_id = FLASH_DEVICE_ID_SCRATCH,
+ .fa_driver = &FLASH_DEV_NAME_SCRATCH,
+ .fa_off = FLASH_AREA_SCRATCH_OFFSET,
+ .fa_size = FLASH_AREA_SCRATCH_SIZE,
+ },
+};
+
+const int flash_map_entry_num = ARRAY_SIZE(flash_map);
diff --git a/bl2/src/flash_map.c b/bl2/src/flash_map.c
index ffb04ee..a45355a 100644
--- a/bl2/src/flash_map.c
+++ b/bl2/src/flash_map.c
@@ -13,86 +13,8 @@
#include "bootutil/bootutil_log.h"
#include "Driver_Flash.h"
-/* When undefined FLASH_DEV_NAME_0 or FLASH_DEVICE_ID_0 , default */
-#if !defined(FLASH_DEV_NAME_0) || !defined(FLASH_DEVICE_ID_0)
-#define FLASH_DEV_NAME_0 FLASH_DEV_NAME
-#define FLASH_DEVICE_ID_0 FLASH_DEVICE_ID
-#endif
-
-/* When undefined FLASH_DEV_NAME_1 or FLASH_DEVICE_ID_1 , default */
-#if !defined(FLASH_DEV_NAME_1) || !defined(FLASH_DEVICE_ID_1)
-#define FLASH_DEV_NAME_1 FLASH_DEV_NAME
-#define FLASH_DEVICE_ID_1 FLASH_DEVICE_ID
-#endif
-
-/* When undefined FLASH_DEV_NAME_2 or FLASH_DEVICE_ID_2 , default */
-#if !defined(FLASH_DEV_NAME_2) || !defined(FLASH_DEVICE_ID_2)
-#define FLASH_DEV_NAME_2 FLASH_DEV_NAME
-#define FLASH_DEVICE_ID_2 FLASH_DEVICE_ID
-#endif
-
-/* When undefined FLASH_DEV_NAME_3 or FLASH_DEVICE_ID_3 , default */
-#if !defined(FLASH_DEV_NAME_3) || !defined(FLASH_DEVICE_ID_3)
-#define FLASH_DEV_NAME_3 FLASH_DEV_NAME
-#define FLASH_DEVICE_ID_3 FLASH_DEVICE_ID
-#endif
-
-/* When undefined FLASH_DEV_NAME_SCRATCH or FLASH_DEVICE_ID_SCRATCH , default */
-#if !defined(FLASH_DEV_NAME_SCRATCH) || !defined(FLASH_DEVICE_ID_SCRATCH)
-#define FLASH_DEV_NAME_SCRATCH FLASH_DEV_NAME
-#define FLASH_DEVICE_ID_SCRATCH FLASH_DEVICE_ID
-#endif
-
-#define ARRAY_SIZE(arr) (sizeof(arr)/sizeof((arr)[0]))
-
-/* Flash device names must be specified by target */
-extern ARM_DRIVER_FLASH FLASH_DEV_NAME_0;
-extern ARM_DRIVER_FLASH FLASH_DEV_NAME_1;
-extern ARM_DRIVER_FLASH FLASH_DEV_NAME_2;
-extern ARM_DRIVER_FLASH FLASH_DEV_NAME_3;
-extern ARM_DRIVER_FLASH FLASH_DEV_NAME_SCRATCH;
-
-static const struct flash_area flash_map[] = {
- {
- .fa_id = FLASH_AREA_0_ID,
- .fa_device_id = FLASH_DEVICE_ID_0,
- .fa_driver = &FLASH_DEV_NAME_0,
- .fa_off = FLASH_AREA_0_OFFSET,
- .fa_size = FLASH_AREA_0_SIZE,
- },
- {
- .fa_id = FLASH_AREA_2_ID,
- .fa_device_id = FLASH_DEVICE_ID_2,
- .fa_driver = &FLASH_DEV_NAME_2,
- .fa_off = FLASH_AREA_2_OFFSET,
- .fa_size = FLASH_AREA_2_SIZE,
- },
-#if (MCUBOOT_IMAGE_NUMBER == 2)
- {
- .fa_id = FLASH_AREA_1_ID,
- .fa_device_id = FLASH_DEVICE_ID_1,
- .fa_driver = &FLASH_DEV_NAME_1,
- .fa_off = FLASH_AREA_1_OFFSET,
- .fa_size = FLASH_AREA_1_SIZE,
- },
- {
- .fa_id = FLASH_AREA_3_ID,
- .fa_device_id = FLASH_DEVICE_ID_3,
- .fa_driver = &FLASH_DEV_NAME_3,
- .fa_off = FLASH_AREA_3_OFFSET,
- .fa_size = FLASH_AREA_3_SIZE,
- },
-#endif
- {
- .fa_id = FLASH_AREA_SCRATCH_ID,
- .fa_device_id = FLASH_DEVICE_ID_SCRATCH,
- .fa_driver = &FLASH_DEV_NAME_SCRATCH,
- .fa_off = FLASH_AREA_SCRATCH_OFFSET,
- .fa_size = FLASH_AREA_SCRATCH_SIZE,
- },
-};
-
-static const int flash_map_entry_num = ARRAY_SIZE(flash_map);
+extern const struct flash_area flash_map[];
+extern const int flash_map_entry_num;
/*
* Check the target address in the flash_area_xxx operation.
diff --git a/config/check_config.cmake b/config/check_config.cmake
index a069a4d..7a800bf 100644
--- a/config/check_config.cmake
+++ b/config/check_config.cmake
@@ -28,9 +28,9 @@
tfm_invalid_config(TFM_ISOLATION_LEVEL GREATER 1 AND NOT TFM_PSA_API)
tfm_invalid_config(TFM_MULTI_CORE_TOPOLOGY AND NOT TFM_PSA_API)
+tfm_invalid_config(TFM_PLAT_SPECIFIC_MULTI_CORE_COMM AND NOT TFM_MULTI_CORE_TOPOLOGY)
-tfm_invalid_config(TEST_S AND TEST_PSA_API)
-tfm_invalid_config(TEST_NS AND TEST_PSA_API)
+tfm_invalid_config(TFM_TEST AND TEST_PSA_API)
tfm_invalid_config(TFM_PARTITION_PROTECTED_STORAGE AND NOT TFM_PARTITION_INTERNAL_TRUSTED_STORAGE)
tfm_invalid_config((TFM_PARTITION_PROTECTED_STORAGE AND PS_ROLLBACK_PROTECTION) AND NOT TFM_PARTITION_PLATFORM)
@@ -80,7 +80,13 @@
tfm_invalid_config(TFM_PARTITION_AUDIT_LOG AND TFM_PSA_API)
-########################### TF-M Tests #####################################
+########################### TF-M crypto ########################################
-tfm_invalid_config(TFM_ENABLE_SLIH_TEST AND NOT TFM_PSA_API)
-tfm_invalid_config(TFM_ENABLE_SLIH_TEST AND TFM_ENABLE_FLIH_TEST)
+tfm_invalid_config(PLATFORM_DUMMY_NV_SEED AND CRYPTO_HW_ACCELERATOR)
+tfm_invalid_config(NOT PLATFORM_DUMMY_NV_SEED AND NOT CRYPTO_HW_ACCELERATOR)
+
+########################### Test check config ##################################
+
+if(TFM_TEST)
+ include(config/tests/check_config.cmake)
+endif()
diff --git a/config/config_default.cmake b/config/config_default.cmake
index 74bd4d8..60fc1f6 100644
--- a/config/config_default.cmake
+++ b/config/config_default.cmake
@@ -24,6 +24,8 @@
set(TFM_NS_CLIENT_IDENTIFICATION OFF CACHE BOOL "Enable NS client identification")
set(TFM_EXTRA_CONFIG_PATH "" CACHE PATH "Path to extra cmake config file")
+
+set(TFM_MANIFEST_LIST ${CMAKE_SOURCE_DIR}/tools/tfm_manifest_list.yaml CACHE FILEPATH "TF-M native Secure Partition manifests list file")
set(TFM_EXTRA_MANIFEST_LIST_PATH "" CACHE PATH "Path to extra manifest file, used to declare extra partitions. Appended to standard TFM manifest")
set(TFM_EXTRA_GENERATED_FILE_LIST_PATH "" CACHE PATH "Path to extra generated file list. Appended to stardard TFM generated file list.")
@@ -45,6 +47,9 @@
########################## BL2 #################################################
+set(DEFAULT_MCUBOOT_SECURITY_COUNTERS ON CACHE BOOL "Whether to use the default security counter configuration defined by TF-M project")
+set(DEFAULT_MCUBOOT_FLASH_MAP ON CACHE BOOL "Whether to use the default flash map defined by TF-M project")
+
set(MCUBOOT_IMAGE_NUMBER 2 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each seperately")
set(MCUBOOT_EXECUTION_SLOT 1 CACHE STRING "Slot from which to execute the image, used for XIP mode")
set(MCUBOOT_LOG_LEVEL "INFO" CACHE STRING "Level of logging to use for MCUboot [OFF, ERROR, WARNING, INFO, DEBUG]")
@@ -79,6 +84,7 @@
set(TFM_MULTI_CORE_TOPOLOGY OFF CACHE BOOL "Whether to build for a dual-cpu architecture")
set(NUM_MAILBOX_QUEUE_SLOT 1 CACHE BOOL "Number of mailbox queue slots")
+set(TFM_PLAT_SPECIFIC_MULTI_CORE_COMM OFF CACHE BOOL "Whether to use a platform specific inter-core communication instead of mailbox in dual-cpu topology")
set(DEBUG_AUTHENTICATION CHIP_DEFAULT CACHE STRING "Debug authentication setting. [CHIP_DEFAULT, NONE, NS_ONLY, FULL")
set(SECURE_UART1 OFF CACHE BOOL "Enable secure UART1")
@@ -92,7 +98,7 @@
set(PLATFORM_DUMMY_ROTPK TRUE CACHE BOOL "Use dummy root of trust public key. Dummy key is the public key for the default keys in bl2. Should not be used in production.")
set(PLATFORM_DUMMY_IAK TRUE CACHE BOOL "Use dummy initial attestation_key. Should not be used in production.")
set(PLATFORM_DEFAULT_UART_STDOUT TRUE CACHE BOOL "Use default uart stdout implementation.")
-set(PLATFORM_DUMMY_NV_SEED FALSE CACHE BOOL "Use dummy NV seed implementation. Should not be used in production.")
+set(PLATFORM_DUMMY_NV_SEED TRUE CACHE BOOL "Use dummy NV seed implementation. Should not be used in production.")
############################ Partitions ########################################
@@ -128,9 +134,6 @@
set(CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED FALSE CACHE BOOL "Disable PSA Crypto asymmetric key encryption module")
set(CRYPTO_KEY_DERIVATION_MODULE_DISABLED FALSE CACHE BOOL "Disable PSA Crypto key derivation module")
set(CRYPTO_IOVEC_BUFFER_SIZE 5120 CACHE STRING "Default size of the internal scratch buffer used for PSA FF IOVec allocations")
-# TODO CRYPTO_KEY_ID_ENCODES_OWNER shall be aligned with underlying crypto
-# library key ID encoding configuration
-set(CRYPTO_KEY_ID_ENCODES_OWNER ON CACHE BOOL "Encode client ID into Crypto PSA key ID")
set(TFM_PARTITION_INITIAL_ATTESTATION ON CACHE BOOL "Enable Initial Attestation partition")
set(SYMMETRIC_INITIAL_ATTESTATION OFF CACHE BOOL "Use symmetric crypto for inital attestation")
@@ -148,8 +151,6 @@
################################## Tests #######################################
set(TFM_INTERACTIVE_TEST OFF CACHE BOOL "Enable interactive tests")
-set(TFM_ENABLE_SLIH_TEST OFF CACHE BOOL "Enable Second-Level Interrupt Handling tests")
-set(TFM_ENABLE_FLIH_TEST OFF CACHE BOOL "Enable First-Level Interrupt Handling tests")
set(TFM_PERIPH_ACCESS_TEST OFF CACHE BOOL "Enable peripheral access tests")
set(PS_TEST_NV_COUNTERS ON CACHE BOOL "Use the test NV counters to test Protected Storage rollback scenarios")
@@ -160,33 +161,32 @@
set(TFM_CRYPTO_TEST_ALG_CTR ON CACHE BOOL "Test CTR cryptography mode")
set(TFM_CRYPTO_TEST_ALG_GCM ON CACHE BOOL "Test GCM cryptography mode")
set(TFM_CRYPTO_TEST_ALG_SHA_512 ON CACHE BOOL "Test SHA-512 cryptography algorithm")
-set(TFM_CRYPTO_TEST_HKDF ON CACHE BOOL "Test SHA-512 cryptography algorithm")
-
+set(TFM_CRYPTO_TEST_HKDF ON CACHE BOOL "Test the HKDF key derivation algorithm")
+set(TFM_CRYPTO_TEST_ECDH ON CACHE BOOL "Test the ECDH key agreement algorithm")
set(TFM_FWU_TEST_REQUEST_REBOOT OFF CACHE BOOL "Test psa_fwu_request_reboot")
set(TFM_FWU_TEST_WRITE_WITH_NULL OFF CACHE BOOL "Test psa_fwu_write with data block NULL")
set(TFM_FWU_TEST_QUERY_WITH_NULL OFF CACHE BOOL "Test psa_fwu_query with info NULL")
-set(TFM_FWU_TEST_SECURE OFF CACHE BOOL "Enable the secure firmware update tests")
set(ATTEST_TEST_GET_PUBLIC_KEY OFF CACHE BOOL "Require to retrieve Initial Attestation public in runtime for test purpose")
################################## Dependencies ################################
set(MBEDCRYPTO_PATH "DOWNLOAD" CACHE PATH "Path to Mbed Crypto (or DOWNLOAD to fetch automatically")
-set(MBEDCRYPTO_VERSION "mbedtls-2.26.0" CACHE STRING "The version of Mbed Crypto to use")
+set(MBEDCRYPTO_VERSION "mbedtls-3.0.0" CACHE STRING "The version of Mbed Crypto to use")
set(MBEDCRYPTO_GIT_REMOTE "https://github.com/ARMmbed/mbedtls.git" CACHE STRING "The URL (or path) to retrieve MbedTLS from.")
set(MBEDCRYPTO_BUILD_TYPE "${CMAKE_BUILD_TYPE}" CACHE STRING "Build type of Mbed Crypto library")
set(TFM_MBEDCRYPTO_CONFIG_PATH "${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_default.h" CACHE PATH "Config to use for Mbed Crypto")
set(TFM_MBEDCRYPTO_PLATFORM_EXTRA_CONFIG_PATH "" CACHE PATH "Config to append to standard Mbed Crypto config, used by platforms to cnfigure feature support")
set(TFM_TEST_REPO_PATH "DOWNLOAD" CACHE PATH "Path to TFM-TEST repo (or DOWNLOAD to fetch automatically")
-set(TFM_TEST_REPO_VERSION "b0c06b4" CACHE STRING "The version of tf-m-tests to use")
+set(TFM_TEST_REPO_VERSION "2a20b57" CACHE STRING "The version of tf-m-tests to use")
set(CMSIS_5_PATH "DOWNLOAD" CACHE PATH "Path to CMSIS_5 (or DOWNLOAD to fetch automatically")
-set(MCUBOOT_PATH "DOWNLOAD" CACHE PATH "Path to MCUboot (or DOWNLOAD to fetch automatically")
-set(MCUBOOT_VERSION "fbeef9b" CACHE STRING "The version of MCUboot to use")
+set(MCUBOOT_PATH "DOWNLOAD" CACHE PATH "Path to MCUboot (or DOWNLOAD to fetch automatically")
+set(MCUBOOT_VERSION "TF-Mv1.4-integ" CACHE STRING "The version of MCUboot to use")
set(PSA_ARCH_TESTS_PATH "DOWNLOAD" CACHE PATH "Path to PSA arch tests (or DOWNLOAD to fetch automatically")
-set(PSA_ARCH_TESTS_VERSION "02d145d" CACHE STRING "The version of PSA arch tests to use")
+set(PSA_ARCH_TESTS_VERSION "51ff2bd" CACHE STRING "The version of PSA arch tests to use")
################################################################################
################################################################################
diff --git a/config/profile/profile_large.cmake b/config/profile/profile_large.cmake
index bcef94f..b1ee510 100644
--- a/config/profile/profile_large.cmake
+++ b/config/profile/profile_large.cmake
@@ -35,7 +35,8 @@
set(TFM_CRYPTO_TEST_ALG_CTR OFF CACHE BOOL "Test CTR cryptography mode")
set(TFM_CRYPTO_TEST_ALG_GCM ON CACHE BOOL "Test GCM cryptography mode")
set(TFM_CRYPTO_TEST_ALG_SHA_512 ON CACHE BOOL "Test SHA-512 cryptography algorithm")
-set(TFM_CRYPTO_TEST_HKDF ON CACHE BOOL "Test SHA-512 cryptography algorithm")
+set(TFM_CRYPTO_TEST_HKDF ON CACHE BOOL "Test the HKDF key derivation algorithm")
+set(TFM_CRYPTO_TEST_ECDH ON CACHE BOOL "Test the ECDH key agreement algorithm")
################################## Dependencies ################################
diff --git a/config/profile/profile_medium.cmake b/config/profile/profile_medium.cmake
index 16f9c22..25ebd4b 100644
--- a/config/profile/profile_medium.cmake
+++ b/config/profile/profile_medium.cmake
@@ -28,7 +28,8 @@
set(TFM_CRYPTO_TEST_ALG_CTR OFF CACHE BOOL "Test CTR cryptography mode")
set(TFM_CRYPTO_TEST_ALG_GCM OFF CACHE BOOL "Test GCM cryptography mode")
set(TFM_CRYPTO_TEST_ALG_SHA_512 OFF CACHE BOOL "Test SHA-512 cryptography algorithm")
-set(TFM_CRYPTO_TEST_HKDF OFF CACHE BOOL "Test SHA-512 cryptography algorithm")
+set(TFM_CRYPTO_TEST_HKDF OFF CACHE BOOL "Test the HKDF key derivation algorithm")
+set(TFM_CRYPTO_TEST_ECDH ON CACHE BOOL "Test the ECDH key agreement algorithm")
################################## Dependencies ################################
diff --git a/config/profile/profile_small.cmake b/config/profile/profile_small.cmake
index 4ce6f6f..73ba284 100644
--- a/config/profile/profile_small.cmake
+++ b/config/profile/profile_small.cmake
@@ -27,9 +27,6 @@
set(CRYPTO_ENGINE_BUF_SIZE 0x800 CACHE STRING "Heap size for the crypto backend")
set(CRYPTO_ASYM_SIGN_MODULE_DISABLED ON CACHE BOOL "Disable PSA Crypto asymmetric key signature module")
set(CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED ON CACHE BOOL "Disable PSA Crypto asymmetric key encryption module")
-# TODO CRYPTO_KEY_ID_ENCODES_OWNER shall be aligned with underlying crypto
-# library key ID encoding configuration
-set(CRYPTO_KEY_ID_ENCODES_OWNER OFF CACHE BOOL "Encode client ID into Crypto PSA key ID")
set(SYMMETRIC_INITIAL_ATTESTATION ON CACHE BOOL "Use symmetric crypto for inital attestation")
@@ -48,7 +45,8 @@
set(TFM_CRYPTO_TEST_ALG_CTR OFF CACHE BOOL "Test CTR cryptography mode")
set(TFM_CRYPTO_TEST_ALG_GCM OFF CACHE BOOL "Test GCM cryptography mode")
set(TFM_CRYPTO_TEST_ALG_SHA_512 OFF CACHE BOOL "Test SHA-512 cryptography algorithm")
-set(TFM_CRYPTO_TEST_HKDF OFF CACHE BOOL "Test SHA-512 cryptography algorithm")
+set(TFM_CRYPTO_TEST_HKDF OFF CACHE BOOL "Test the HKDF key derivation algorithm")
+set(TFM_CRYPTO_TEST_ECDH OFF CACHE BOOL "Test the ECDH key agreement algorithm")
################################## Dependencies ################################
diff --git a/config/set_config.cmake b/config/set_config.cmake
index 86988e0..cd3b05c 100644
--- a/config/set_config.cmake
+++ b/config/set_config.cmake
@@ -1,5 +1,5 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2020, Arm Limited. All rights reserved.
+# Copyright (c) 2020-2021, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -26,7 +26,7 @@
endif()
# Load platform config, setting options not already set
-if (EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/platform/ext/target/${TFM_PLATFORM}/config.cmake)
+if (EXISTS ${CMAKE_SOURCE_DIR}/platform/ext/target/${TFM_PLATFORM}/config.cmake)
include(platform/ext/target/${TFM_PLATFORM}/config.cmake)
endif()
@@ -49,3 +49,34 @@
# Load defaults, setting options not already set
include(config/config_default.cmake)
+
+# Load TF-M test suites setting
+if (TEST_S OR
+ TEST_NS OR
+ TEST_NS_ATTESTATION OR
+ TEST_NS_T_COSE OR
+ TEST_NS_QCBOR OR
+ TEST_NS_AUDIT OR
+ TEST_NS_CORE OR
+ TEST_NS_CRYPTO OR
+ TEST_NS_ITS OR
+ TEST_NS_PS OR
+ TEST_NS_PLATFORM OR
+ TEST_NS_FWU OR
+ TEST_NS_IPC OR
+ TEST_NS_SLIH_IRQ OR
+ TEST_NS_FLIH_IRQ OR
+ TEST_NS_MULTI_CORE OR
+ TEST_S_ATTESTATION OR
+ TEST_S_AUDIT OR
+ TEST_S_CRYPTO OR
+ TEST_S_ITS OR
+ TEST_S_PS OR
+ TEST_S_PLATFORM OR
+ TEST_S_FWU OR
+ TEST_S_IPC)
+
+ # TFM_TEST is an internal cmake temporary value to manage tf-m-tests source
+ set(TFM_TEST ON)
+ include(config/tests/set_config.cmake)
+endif()
diff --git a/config/tests/check_config.cmake b/config/tests/check_config.cmake
new file mode 100644
index 0000000..60f3c17
--- /dev/null
+++ b/config/tests/check_config.cmake
@@ -0,0 +1,55 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2021, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+########################## TEST Configuration ##################################
+
+message(STATUS "---------- Display TEST Configuration - start --------------")
+
+message(STATUS "TEST_NS is set as ${TEST_NS}")
+message(STATUS "TEST_S is set as ${TEST_S}")
+message(STATUS "TEST_NS_ATTESTATION is set as ${TEST_NS_ATTESTATION}")
+message(STATUS "TEST_NS_AUDIT is set as ${TEST_NS_AUDIT}")
+message(STATUS "TEST_NS_CORE is set as ${TEST_NS_CORE}")
+message(STATUS "TEST_NS_CRYPTO is set as ${TEST_NS_CRYPTO}")
+message(STATUS "TEST_NS_ITS is set as ${TEST_NS_ITS}")
+message(STATUS "TEST_NS_QCBOR is set as ${TEST_NS_QCBOR}")
+message(STATUS "TEST_NS_PS is set as ${TEST_NS_PS}")
+message(STATUS "TEST_NS_T_COSE is set as ${TEST_NS_T_COSE}")
+message(STATUS "TEST_NS_PLATFORM is set as ${TEST_NS_PLATFORM}")
+message(STATUS "TEST_NS_FWU is set as ${TEST_NS_FWU}")
+message(STATUS "TEST_NS_IPC is set as ${TEST_NS_IPC}")
+message(STATUS "TEST_NS_SLIH_IRQ is set as ${TEST_NS_SLIH_IRQ}")
+message(STATUS "TEST_NS_FLIH_IRQ is set as ${TEST_NS_FLIH_IRQ}")
+message(STATUS "TEST_NS_MULTI_CORE is set as ${TEST_NS_MULTI_CORE}")
+message(STATUS "TEST_S_ATTESTATION is set as ${TEST_S_ATTESTATION}")
+message(STATUS "TEST_S_AUDIT is set as ${TEST_S_AUDIT}")
+message(STATUS "TEST_S_CRYPTO is set as ${TEST_S_CRYPTO}")
+message(STATUS "TEST_S_ITS is set as ${TEST_S_ITS}")
+message(STATUS "TEST_S_PS is set as ${TEST_S_PS}")
+message(STATUS "TEST_S_PLATFORM is set as ${TEST_S_PLATFORM}")
+message(STATUS "TEST_S_FWU is set as ${TEST_S_FWU}")
+message(STATUS "TEST_S_IPC is set as ${TEST_S_IPC}")
+
+message(STATUS "---------- Display TEST Configuration - stop ---------------")
+
+########################## Check Flags Input ###################################
+
+tfm_invalid_config((NOT TFM_PARTITION_PROTECTED_STORAGE AND NOT FORWARD_PROT_MSG) AND (TEST_NS_PS OR TEST_S_PS))
+tfm_invalid_config((NOT TFM_PARTITION_INTERNAL_TRUSTED_STORAGE AND NOT FORWARD_PROT_MSG) AND (TEST_NS_ITS OR TEST_S_ITS OR TEST_NS_PS))
+tfm_invalid_config((NOT TFM_PARTITION_CRYPTO AND NOT FORWARD_PROT_MSG) AND (TEST_NS_CRYPTO OR TEST_S_CRYPTO))
+tfm_invalid_config((NOT TFM_PARTITION_INITIAL_ATTESTATION AND NOT FORWARD_PROT_MSG) AND (TEST_NS_ATTESTATION OR TEST_S_ATTESTATION OR TEST_NS_QCBOR OR TEST_NS_T_COSE))
+tfm_invalid_config((NOT TFM_PARTITION_PLATFORM AND NOT FORWARD_PROT_MSG) AND (TEST_NS_PLATFORM OR TEST_S_PLATFORM))
+tfm_invalid_config(NOT TFM_PARTITION_FIRMWARE_UPDATE AND (TEST_NS_FWU OR TEST_S_FWU))
+tfm_invalid_config(NOT TFM_PARTITION_AUDIT_LOG AND (TEST_NS_AUDIT OR TEST_S_AUDIT))
+tfm_invalid_config((NOT TFM_PSA_API) AND (TEST_NS_IPC OR TEST_S_IPC OR TEST_NS_SLIH_IRQ OR TEST_NS_FLIH_IRQ))
+tfm_invalid_config((NOT TFM_MULTI_CORE_TOPOLOGY) AND TEST_NS_MULTI_CORE)
+tfm_invalid_config(TEST_NS_T_COSE AND SYMMETRIC_INITIAL_ATTESTATION)
+
+########################## Check suites dependence #############################
+
+tfm_invalid_config(TEST_NS_PS AND NOT TEST_NS_ITS)
+tfm_invalid_config(TEST_NS_SLIH_IRQ AND TEST_NS_FLIH_IRQ)
diff --git a/config/tests/default_ns_test_config.cmake b/config/tests/default_ns_test_config.cmake
new file mode 100644
index 0000000..e0ff37c
--- /dev/null
+++ b/config/tests/default_ns_test_config.cmake
@@ -0,0 +1,27 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2021, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+########################## NS test framework ###################################
+
+set(TEST_FRAMEWORK_NS ON CACHE BOOL "Whether to build NS regression tests framework")
+
+########################## NS test suites ######################################
+
+set(TEST_NS_ATTESTATION ON CACHE BOOL "Whether to build NS regression Attestation tests")
+set(TEST_NS_T_COSE ON CACHE BOOL "Whether to build NS regression t_cose tests")
+set(TEST_NS_QCBOR ON CACHE BOOL "Whether to build NS regression QCBOR tests")
+set(TEST_NS_AUDIT ON CACHE BOOL "Whether to build NS regression Audit log tests")
+set(TEST_NS_CORE ON CACHE BOOL "Whether to build NS regression Core tests")
+set(TEST_NS_CRYPTO ON CACHE BOOL "Whether to build NS regression Crypto tests")
+set(TEST_NS_ITS ON CACHE BOOL "Whether to build NS regression ITS tests")
+set(TEST_NS_PS ON CACHE BOOL "Whether to build NS regression PS tests")
+set(TEST_NS_PLATFORM ON CACHE BOOL "Whether to build NS regression Platform tests")
+set(TEST_NS_FWU ON CACHE BOOL "Whether to build NS regression FWU tests")
+set(TEST_NS_IPC ON CACHE BOOL "Whether to build NS regression IPC tests")
+set(TEST_NS_SLIH_IRQ OFF CACHE BOOL "Whether to build NS regression Second-Level Interrupt Handling tests")
+set(TEST_NS_FLIH_IRQ OFF CACHE BOOL "Whether to build NS regression First-Level Interrupt Handling tests")
+set(TEST_NS_MULTI_CORE ON CACHE BOOL "Whether to build NS regression multi-core tests")
diff --git a/config/tests/default_s_test_config.cmake b/config/tests/default_s_test_config.cmake
new file mode 100644
index 0000000..4a38da7
--- /dev/null
+++ b/config/tests/default_s_test_config.cmake
@@ -0,0 +1,21 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2021, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+########################## S test framework ####################################
+
+set(TEST_FRAMEWORK_S ON CACHE BOOL "Whether to build S regression tests framework")
+
+########################## S test suites #######################################
+
+set(TEST_S_ATTESTATION ON CACHE BOOL "Whether to build S regression Attestation tests")
+set(TEST_S_AUDIT ON CACHE BOOL "Whether to build S regression Audit log tests")
+set(TEST_S_CRYPTO ON CACHE BOOL "Whether to build S regression Crypto tests")
+set(TEST_S_ITS ON CACHE BOOL "Whether to build S regression ITS tests")
+set(TEST_S_PS ON CACHE BOOL "Whether to build S regression PS tests")
+set(TEST_S_PLATFORM ON CACHE BOOL "Whether to build S regression Platform tests")
+set(TEST_S_FWU OFF CACHE BOOL "Whether to build S regression FWU tests")
+set(TEST_S_IPC ON CACHE BOOL "Whether to build S regression IPC tests")
diff --git a/config/tests/default_test_config.cmake b/config/tests/default_test_config.cmake
new file mode 100644
index 0000000..7d38666
--- /dev/null
+++ b/config/tests/default_test_config.cmake
@@ -0,0 +1,42 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2021, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+########################## NS test framework ###################################
+
+set(TEST_FRAMEWORK_NS OFF CACHE BOOL "Whether to build NS regression tests framework")
+
+########################## NS test suites ######################################
+
+set(TEST_NS_ATTESTATION OFF CACHE BOOL "Whether to build NS regression Attestation tests")
+set(TEST_NS_T_COSE OFF CACHE BOOL "Whether to build NS regression t_cose tests")
+set(TEST_NS_QCBOR OFF CACHE BOOL "Whether to build NS regression QCBOR tests")
+set(TEST_NS_AUDIT OFF CACHE BOOL "Whether to build NS regression Audit log tests")
+set(TEST_NS_CORE OFF CACHE BOOL "Whether to build NS regression Core tests")
+set(TEST_NS_CRYPTO OFF CACHE BOOL "Whether to build NS regression Crypto tests")
+set(TEST_NS_ITS OFF CACHE BOOL "Whether to build NS regression ITS tests")
+set(TEST_NS_PS OFF CACHE BOOL "Whether to build NS regression PS tests")
+set(TEST_NS_PLATFORM OFF CACHE BOOL "Whether to build NS regression Platform tests")
+set(TEST_NS_FWU OFF CACHE BOOL "Whether to build NS regression FWU tests")
+set(TEST_NS_IPC OFF CACHE BOOL "Whether to build NS regression IPC tests")
+set(TEST_NS_SLIH_IRQ OFF CACHE BOOL "Whether to build NS regression Second-Level Interrupt Handling tests")
+set(TEST_NS_FLIH_IRQ OFF CACHE BOOL "Whether to build NS regression First-Level Interrupt Handling tests")
+set(TEST_NS_MULTI_CORE OFF CACHE BOOL "Whether to build NS regression multi-core tests")
+
+########################## S test framework ####################################
+
+set(TEST_FRAMEWORK_S OFF CACHE BOOL "Whether to build S regression tests framework")
+
+########################## S test suites #######################################
+
+set(TEST_S_ATTESTATION OFF CACHE BOOL "Whether to build S regression Attestation tests")
+set(TEST_S_AUDIT OFF CACHE BOOL "Whether to build S regression Audit log tests")
+set(TEST_S_CRYPTO OFF CACHE BOOL "Whether to build S regression Crypto tests")
+set(TEST_S_ITS OFF CACHE BOOL "Whether to build S regression ITS tests")
+set(TEST_S_PS OFF CACHE BOOL "Whether to build S regression PS tests")
+set(TEST_S_PLATFORM OFF CACHE BOOL "Whether to build S regression Platform tests")
+set(TEST_S_FWU OFF CACHE BOOL "Whether to build S regression FWU tests")
+set(TEST_S_IPC OFF CACHE BOOL "Whether to build S regression IPC tests")
diff --git a/config/tests/set_config.cmake b/config/tests/set_config.cmake
new file mode 100644
index 0000000..cf6e2df
--- /dev/null
+++ b/config/tests/set_config.cmake
@@ -0,0 +1,107 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2021, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+########################## TEST SYNC ###########################################
+
+if ((NOT TFM_PARTITION_PROTECTED_STORAGE AND NOT FORWARD_PROT_MSG))
+ set(TEST_NS_PS OFF CACHE BOOL "Whether to build NS regression PS tests")
+ set(TEST_S_PS OFF CACHE BOOL "Whether to build S regression PS tests")
+endif()
+
+if (NOT TFM_PARTITION_INTERNAL_TRUSTED_STORAGE AND NOT FORWARD_PROT_MSG)
+ set(TEST_NS_ITS OFF CACHE BOOL "Whether to build NS regression ITS tests")
+ set(TEST_S_ITS OFF CACHE BOOL "Whether to build S regression ITS tests")
+
+ # TEST_NS_PS relies on TEST_NS_ITS
+ set(TEST_NS_PS OFF CACHE BOOL "Whether to build NS regression PS tests")
+endif()
+
+if (NOT TFM_PARTITION_CRYPTO AND NOT FORWARD_PROT_MSG)
+ set(TEST_NS_CRYPTO OFF CACHE BOOL "Whether to build NS regression Crypto tests")
+ set(TEST_S_CRYPTO OFF CACHE BOOL "Whether to build S regression Crypto tests")
+endif()
+
+if (NOT TFM_PARTITION_INITIAL_ATTESTATION AND NOT FORWARD_PROT_MSG)
+ set(TEST_NS_ATTESTATION OFF CACHE BOOL "Whether to build NS regression Attestation tests")
+ set(TEST_S_ATTESTATION OFF CACHE BOOL "Whether to build S regression Attestation tests")
+ set(TEST_NS_QCBOR OFF CACHE BOOL "Whether to build NS regression QCBOR tests")
+ set(TEST_NS_T_COSE OFF CACHE BOOL "Whether to build NS regression t_cose tests")
+endif()
+
+if (SYMMETRIC_INITIAL_ATTESTATION)
+ set(TEST_NS_T_COSE OFF CACHE BOOL "Whether to build NS regression t_cose tests")
+endif()
+
+if (NOT TFM_PARTITION_PLATFORM AND NOT FORWARD_PROT_MSG)
+ set(TEST_NS_PLATFORM OFF CACHE BOOL "Whether to build NS regression Platform tests")
+ set(TEST_S_PLATFORM OFF CACHE BOOL "Whether to build S regression Platform tests")
+endif()
+
+if (NOT TFM_PARTITION_FIRMWARE_UPDATE)
+ set(TEST_NS_FWU OFF CACHE BOOL "Whether to build NS regression FWU tests")
+ set(TEST_S_FWU OFF CACHE BOOL "Whether to build S regression FWU tests")
+endif()
+
+if (NOT TFM_PARTITION_AUDIT_LOG)
+ set(TEST_NS_AUDIT OFF CACHE BOOL "Whether to build NS regression Audit log tests")
+ set(TEST_S_AUDIT OFF CACHE BOOL "Whether to build S regression Audit log tests")
+endif()
+
+if (NOT TFM_PSA_API)
+ set(TEST_NS_IPC OFF CACHE BOOL "Whether to build NS regression IPC tests")
+ set(TEST_S_IPC OFF CACHE BOOL "Whether to build S regression IPC tests")
+
+ set(TEST_NS_SLIH_IRQ OFF CACHE BOOL "Whether to build NS regression Second-Level Interrupt Handling tests")
+ set(TEST_NS_FLIH_IRQ OFF CACHE BOOL "Whether to build NS regression First-Level Interrupt Handling tests")
+endif()
+
+if (NOT TFM_MULTI_CORE_TOPOLOGY)
+ set(TEST_NS_MULTI_CORE OFF CACHE BOOL "Whether to build NS regression multi-core tests")
+endif()
+
+########################## Test framework sync #################################
+
+# Force TEST_NS ON if single NS test ON
+if (TEST_NS_ATTESTATION OR
+ TEST_NS_T_COSE OR
+ TEST_NS_QCBOR OR
+ TEST_NS_AUDIT OR
+ TEST_NS_CORE OR
+ TEST_NS_CRYPTO OR
+ TEST_NS_ITS OR
+ TEST_NS_PS OR
+ TEST_NS_PLATFORM OR
+ TEST_NS_FWU OR
+ TEST_NS_IPC OR
+ TEST_NS_SLIH_IRQ OR
+ TEST_NS_FLIH_IRQ OR
+ TEST_NS_MULTI_CORE)
+ set(TEST_FRAMEWORK_NS ON CACHE BOOL "Whether to build NS regression tests framework")
+endif()
+
+# Force TEST_S ON if single S test ON
+if (TEST_S_ATTESTATION OR
+ TEST_S_AUDIT OR
+ TEST_S_CRYPTO OR
+ TEST_S_ITS OR
+ TEST_S_PS OR
+ TEST_S_PLATFORM OR
+ TEST_S_FWU OR
+ TEST_S_IPC)
+ set(TEST_FRAMEWORK_S ON CACHE BOOL "Whether to build S regression tests framework")
+endif()
+
+########################## Load default config #################################
+
+if (TEST_S)
+ include(config/tests/default_s_test_config.cmake)
+endif()
+if (TEST_NS)
+ include(config/tests/default_ns_test_config.cmake)
+endif()
+
+include(config/tests/default_test_config.cmake)
diff --git a/config/tfm_ipc_config_default.cmake b/config/tfm_ipc_config_default.cmake
index b18be1f..14512e9 100644
--- a/config/tfm_ipc_config_default.cmake
+++ b/config/tfm_ipc_config_default.cmake
@@ -8,4 +8,3 @@
############################ Partitions ########################################
set(TFM_PARTITION_AUDIT_LOG OFF CACHE BOOL "Enable Audit Log partition")
-set(TFM_PARTITION_FFM11 ON CACHE BOOL "Enable the FFM1.1 partition")
diff --git a/docs/CMakeLists.txt b/docs/CMakeLists.txt
index 950f49b..78b7570 100644
--- a/docs/CMakeLists.txt
+++ b/docs/CMakeLists.txt
@@ -1,5 +1,5 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2020, Arm Limited. All rights reserved.
+# Copyright (c) 2020-2021, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -49,7 +49,7 @@
add_custom_command(OUTPUT "${SPHINXCFG_OUTPUT_PATH}/html/index.html"
OUTPUT "${SPHINXCFG_OUTPUT_PATH}/html/"
- COMMAND "${SPHINX_EXECUTABLE}" -b html "${SPHINX_TMP_DOC_DIR}" "${SPHINXCFG_OUTPUT_PATH}/html"
+ COMMAND "${SPHINX_EXECUTABLE}" -W -b html "${SPHINX_TMP_DOC_DIR}" "${SPHINXCFG_OUTPUT_PATH}/html"
WORKING_DIRECTORY "${CMAKE_SOURCE_DIR}"
DEPENDS tfm_docs_sphinx_cfg
DEPENDS ${SPHINXCFG_DOC_FILES}
diff --git a/docs/contributing/code_review_guide.rst b/docs/contributing/code_review_guide.rst
index e9ed969..08d72a28 100644
--- a/docs/contributing/code_review_guide.rst
+++ b/docs/contributing/code_review_guide.rst
@@ -15,7 +15,7 @@
- Read the :doc:`Contributing Process </docs/contributing/contributing_process>`
to know basic concepts.
-- Read the :doc:`Source Structure </docs/technical_references/source_structure>`
+- Read the :doc:`Source Structure </docs/technical_references/design_docs/source_structure>`
for structure related reference.
The review guidelines consist of these items:
diff --git a/docs/getting_started/tfm_getting_started.rst b/docs/getting_started/tfm_getting_started.rst
index b6c52a4..4e32ec3 100644
--- a/docs/getting_started/tfm_getting_started.rst
+++ b/docs/getting_started/tfm_getting_started.rst
@@ -356,7 +356,7 @@
"click",,"Firmware"
"imgtool",,"Firmware"
"Doxygen",">1.8","Reference manual"
- "Sphinx","=1.7.9","User Guide"
+ "Sphinx","=2.0.1","User Guide"
"sphinxcontrib-plantuml",,"User Guide"
"sphinxcontrib-svg2pdfconverter",,"User Guide"
"sphinx-rtd-theme",,"User Guide"
@@ -367,6 +367,7 @@
"Java runtime environment (JRE)",">1.8","Reference Manual, User Guide"
"LaTex",,"pdf version of Reference Manual and User Guide"
"PdfLaTex",,"pdf version of Reference Manual and User Guide"
+ "librsvg2-bin",, "User Guide"
Dependency chain:
@@ -399,6 +400,7 @@
state LaTex as "LaTex" <<pdf>>
state PdfLaTex as "PdfLaTex" <<<<pdf>>>>
state Doxygen as "Doxygen" <<doc>>
+ state librsvg as "librsvg2-bin" <<doc>>
[*] --> fw
fw --> c_comp
@@ -431,6 +433,7 @@
tabs --> Python3
sphnix_puml --> Python3
sphnix_svg --> Python3
+ sphnix_svg --> librsvg
Sphinx --> PlantUML
PlantUML --> JRE
PlantUML --> gwiz
diff --git a/docs/integration_guide/os_migration_guide_armv8m.rst b/docs/integration_guide/os_migration_guide_armv8m.rst
index 1ca4e3d..a3b5806 100644
--- a/docs/integration_guide/os_migration_guide_armv8m.rst
+++ b/docs/integration_guide/os_migration_guide_armv8m.rst
@@ -24,7 +24,7 @@
then it also have to use the
``enum tfm_status_e tfm_register_client_id (int32_t ns_client_id)``
API function provided by TF-M, as described in
- :doc:`NS client identification documentation </docs/technical_references/tfm_ns_client_identification>`.
+ :doc:`NS client identification documentation </docs/technical_references/design_docs/tfm_ns_client_identification>`.
- if the OS doesn't support the API mentioned above, it should set
``TFM_NS_CLIENT_IDENTIFICATION`` to ``OFF`` in the cmake system.
- .. Note::
diff --git a/docs/integration_guide/porting_TFM_to_a_new_hardware.rst b/docs/integration_guide/porting_TFM_to_a_new_hardware.rst
index 661d7d7..13600c7 100644
--- a/docs/integration_guide/porting_TFM_to_a_new_hardware.rst
+++ b/docs/integration_guide/porting_TFM_to_a_new_hardware.rst
@@ -18,13 +18,13 @@
Building environnement
======================
Make sure you have a working build environnement and that you can build
-TF-M on AN521 following the build instructions
-:doc:`Build instructions </docs/getting_started/tfm_build_instruction>`.
+TF-M on AN521 following the
+:doc:`Build instructions </docs/technical_references/instructions/tfm_build_instruction>`.
Toolchains and software requirements
====================================
-Please follow the :doc:`SW requirements guide </docs/getting_started/tfm_sw_requirement>`.
+Please follow the :doc:`Getting started guide </docs/getting_started/tfm_getting_started>`.
CMSIS Drivers
=============
@@ -59,7 +59,8 @@
#. Running the regression tests
- - :doc:`Regression tests </docs/getting_started/tfm_build_instruction>`.
+ - See :doc:`Running TF-M on Arm platforms </docs/technical_references/instructions/run_tfm_examples_on_arm_platforms>`
+ as an example
*****************
diff --git a/docs/integration_guide/services/tfm_crypto_integration_guide.rst b/docs/integration_guide/services/tfm_crypto_integration_guide.rst
index a124bdf..3baacc0 100644
--- a/docs/integration_guide/services/tfm_crypto_integration_guide.rst
+++ b/docs/integration_guide/services/tfm_crypto_integration_guide.rst
@@ -82,11 +82,9 @@
.. Note::
The default entropy source configured for MbedTLS is
- MBEDTLS_TEST_NULL_ENTROPY and this does not provide randomness
- for production devices. It is required for production devices to select
- either a hardware entropy source via MBEDTLS_ENTROPY_HARDWARE_ALT or
- provision a unique seed for the device during production and use the
- MBEDTLS_ENTROPY_NV_SEED option.
+ MBEDTLS_ENTROPY_NV_SEED with unique seed. For production devices,
+ it can also select a hardware entropy source via
+ MBEDTLS_ENTROPY_HARDWARE_ALT
**************************
Crypto service integration
@@ -115,4 +113,4 @@
--------------
-*Copyright (c) 2018-2020, Arm Limited. All rights reserved.*
+*Copyright (c) 2018-2021, Arm Limited. All rights reserved.*
diff --git a/docs/integration_guide/services/tfm_ps_integration_guide.rst b/docs/integration_guide/services/tfm_ps_integration_guide.rst
index 2c6da7b..50c83a4 100644
--- a/docs/integration_guide/services/tfm_ps_integration_guide.rst
+++ b/docs/integration_guide/services/tfm_ps_integration_guide.rst
@@ -293,7 +293,7 @@
processing environment. It provides a dedicated API to retrieve the client ID
which performs the service request.
-:doc:`NS client identification documentation </docs/technical_references/tfm_ns_client_identification>`
+:doc:`NS client identification documentation </docs/technical_references/design_docs/tfm_ns_client_identification>`
provides further details on how client identification works.
PS service uses that TF-M core API to retrieve the client ID and associate it
diff --git a/docs/integration_guide/services/tfm_psa_proxy_integration_guide.rst b/docs/integration_guide/services/tfm_psa_proxy_integration_guide.rst
index 9b8ed3d..4fb467f 100644
--- a/docs/integration_guide/services/tfm_psa_proxy_integration_guide.rst
+++ b/docs/integration_guide/services/tfm_psa_proxy_integration_guide.rst
@@ -9,7 +9,7 @@
to a Secure Enclave, this way virtually providing all the PSA RoT services.
Proxy can only be used in IPC model, for context and design details please
check the
-:doc:`Secure Enclave design document </docs/technical_references/secure_enclave_solution>`.
+:doc:`Secure Enclave design document </docs/technical_references/design_docs/secure_enclave_solution>`.
Currently to forward the PSA Client call parameters Proxy must read them with
``psa_read`` into a memory area shared with the Secure Enclave. (Similarily
diff --git a/docs/integration_guide/services/tfm_secure_partition_addition.rst b/docs/integration_guide/services/tfm_secure_partition_addition.rst
index 534d4bc..e932c35 100644
--- a/docs/integration_guide/services/tfm_secure_partition_addition.rst
+++ b/docs/integration_guide/services/tfm_secure_partition_addition.rst
@@ -179,7 +179,6 @@
tfm_slih_test_service 0x0000F 0x0A0-0x0AF
tfm_flih_test_service 0x0000F 0x0B0-0x0BF
tfm_ps_test_service 0x0000F 0x0C0-0x0DF
- tfm_ff11_partition 0x0000F 0x120-0x13F
=========================== ====================== ========================
RoT Service Stateless Handle Distribution
@@ -199,6 +198,9 @@
**Partition name** **Stateless Handle**
=============================== =======================
TFM_SP_CRYPTO 1
+ TFM_SP_PS 2
+ TFM_SP_ITS 3
+ TFM_SP_INITIAL_ATTESTATION 4
=============================== =======================
mmio_regions
diff --git a/docs/integration_guide/tfm_integration_guide.rst b/docs/integration_guide/tfm_integration_guide.rst
index a543fd0..f0f2a1e 100644
--- a/docs/integration_guide/tfm_integration_guide.rst
+++ b/docs/integration_guide/tfm_integration_guide.rst
@@ -112,7 +112,7 @@
TF-M provides a reference implementation of NS mailbox on multi-core platforms,
under folder ``interface/src/multi_core``.
-See :doc:`Mailbox design </docs/technical_references/dual-cpu/mailbox_design_on_dual_core_system>`
+See :doc:`Mailbox design </docs/technical_references/design_docs/dual-cpu/mailbox_design_on_dual_core_system>`
for TF-M multi-core mailbox design.
Interface with non-secure world regression tests
@@ -135,7 +135,7 @@
NS client Identification
========================
See
-:doc:`ns client identification documentation </docs/technical_references/tfm_ns_client_identification>`.
+:doc:`ns client identification documentation </docs/technical_references/design_docs/tfm_ns_client_identification>`.
*********************
Non-secure interrupts
diff --git a/docs/releases/1.3.0.rst b/docs/releases/1.3.0.rst
index 9e281cb..0f4984f 100644
--- a/docs/releases/1.3.0.rst
+++ b/docs/releases/1.3.0.rst
@@ -160,11 +160,11 @@
.. [3] :doc:`TF-M generic threat model </docs/security/threat_models/generic_threat_model>`
- .. [4] :doc:`TF-M physical attack mitigation </docs/technical_references/tfm_physical_attack_mitigation>`
+ .. [4] :doc:`TF-M physical attack mitigation </docs/technical_references/design_docs/tfm_physical_attack_mitigation>`
- .. [5] :doc:`TF-M Profile Large design </docs/technical_references/profiles/tfm_profile_large>`
+ .. [5] :doc:`TF-M Profile Large design </docs/technical_references/design_docs/profiles/tfm_profile_large>`
- .. [6] :doc:`Code sharing between independently linked XIP binaries </docs/technical_references/code_sharing>`
+ .. [6] :doc:`Code sharing between independently linked XIP binaries </docs/technical_references/design_docs/code_sharing>`
.. [7] :doc:`Security Handling </docs/security/security>`
diff --git a/docs/releases/1.4.0.rst b/docs/releases/1.4.0.rst
new file mode 100644
index 0000000..d604aee
--- /dev/null
+++ b/docs/releases/1.4.0.rst
@@ -0,0 +1,124 @@
+*************
+Version 1.4.0
+*************
+
+New major features
+==================
+
+ - Documentation restructure and enhancements.
+ - PSA Crypto migrates to Mbed TLS 'v3.0.0'.
+ - First-Level Interrupt Handling (FLIH) [1]_ proof of concept on AN521 and MUSCA-B1.
+ - Firmware Update service enhancement to support image update with dependencies.
+ - Partitions get loaded with `Static Load` mechanism.
+ - Decouple NS RTOS specific implementation from NS interface.
+ - PSA Crypto API interface updated to be based on `Stateless Handle`.
+ - MCUboot updated to version 'TF-Mv1.4-integ' to support multiple images in RAM_LOAD and DIRECT_XIP upgrade strategies.
+ - New platforms added.
+ See :ref:`docs/releases/1.4.0:New platforms supported` for details.
+
+New security advisories
+=======================
+
+'abort' function may not take effect in some TF-M Crypto multi-part operations
+------------------------------------------------------------------------------
+
+Refer to :doc:`Advisory TFMV-3 </docs/security/security_advisories/crypto_multi_part_ops_abort_fail>`
+for more details.
+The mitigation is included in this release.
+
+New platforms supported
+=======================
+
+ - Cortex-M33 based system:
+
+ - `BL5340 DVK.
+ <https://www.lairdconnect.com/wireless-modules/bluetooth-modules/bluetooth-5-modules/bl5340-series-multi-core-bluetooth-52-802154-nfc-modules>`_
+
+Deprecated platforms
+====================
+
+The following platforms have been removed from TF-M code base.
+
+ - nRF5340 PDK
+ - Musca_A
+
+See :doc:`Platform deprecation and removal </platform/ext/platform_deprecation>`
+for other platforms under deprecation process.
+
+Tested platforms
+================
+
+The following platforms are successfully tested in this release.
+
+- AN519
+- AN521
+- AN524
+- AN547
+- LPCXpresso55S69
+- Musca-B1
+- Musca-B1 Secure Enclave
+- Musca-S1
+- M2351
+- M2354
+- NUCLEO-L552ZE-Q
+- nrf5340dk
+- nrf9160dk
+- PSoC 64
+- STM32L562E-DK
+
+Known issues
+============
+
+Some open issues are not fixed in this release.
+
+.. list-table::
+
+ * - **Descriptions**
+ - **Issue links**
+
+ * - | PSA Arch Crypto test suite have several known failures.
+ - See this `link <https://developer.trustedfirmware.org/w/tf_m/release/psa_arch_crypto_test_failure_analysis_in_tf-m_v1.4_release/>`_
+ for detailed analysis of the failures.
+
+ * - | Protected Storage Regression test 4001 is stuck on SSE-300 in isolation
+ | level 2 when PXN is enabled.
+ - https://developer.trustedfirmware.org/T902
+
+ * - | NS interrupt masking prevents from executing PSA calls.
+ - https://developer.trustedfirmware.org/T950
+
+ * - | Image size overflow on Musca-B1 PSA Arch test suite debug build.
+ - https://developer.trustedfirmware.org/T952
+
+ * - | Build errors in PSA api tests for initial attestation.
+ - https://developer.trustedfirmware.org/T953
+
+ * - | Non Secure Image size overflow on STM32L562E-DK PSA Arch Crypto.
+ - https://developer.trustedfirmware.org/T954
+
+Issues fixed since 1.3.0
+========================
+
+Issues fixed by TF-M since v1.3.0 are listed below.
+
+.. list-table::
+
+ * - **Descriptions**
+ - **Issue links**
+
+ * - | IPC Regression test fail when non-secure regression test is enabled and
+ | secure regression test is disabled.
+ - https://developer.trustedfirmware.org/T903
+
+ * - | Panic test in PSA Arch IPC test suite generates inconsistent results
+ | between Armclang and GNUARM.
+ - https://developer.trustedfirmware.org/T909
+
+Reference
+=========
+
+ .. [1] `Arm Firmware Framework for M 1.1 Extensions <https://developer.arm.com/documentation/aes0039/latest>`_
+
+--------------
+
+*Copyright (c) 2021, Arm Limited. All rights reserved.*
diff --git a/docs/releases/index.rst b/docs/releases/index.rst
index baed156..06258ec 100644
--- a/docs/releases/index.rst
+++ b/docs/releases/index.rst
@@ -8,6 +8,7 @@
1.1
1.2.0
1.3.0
+ 1.4.0
release_process
+--------------------------------------+--------------+--------------------+-------------------+
@@ -29,23 +30,21 @@
+--------------------------------------+--------------+--------------------+-------------------+
| :doc:`v1.3.0 </docs/releases/1.3.0>` | 2021-04-07 | 1.3.0 release | b0635d9 |
+--------------------------------------+--------------+--------------------+-------------------+
+| :doc:`v1.4.0 </docs/releases/1.4.0>` | 2021-08-03 | 1.4.0 release | 51ff2bd |
++--------------------------------------+--------------+--------------------+-------------------+
Future release plans
-====================
+--------------------
The dates below are tentative and subject to change.
-+--------------------------------------+--------------+--------------------+
-| Version | Date | Description |
-+======================================+==============+====================+
-| v1.4.0 | 2021-07-16 | Code freeze |
-| | | |
-| | 2021-07-30 | Release |
-+--------------------------------------+--------------+--------------------+
-| v1.5.0 | 2021-11-12 | Code freeze |
-| | | |
-| | 2021-11-26 | Release |
-+--------------------------------------+--------------+--------------------+
++--------------------------------------+--------------+---------------+
+| Version | Code Freeze | Release |
++======================================+==============+===============+
+| v1.5.0 | 2021-11-12 | 2021-11-26 |
++--------------------------------------+--------------+---------------+
+| v1.6.0 | 2022-4-1 | 2022-4-15 |
++--------------------------------------+--------------+---------------+
Please refer to
:ref:`docs/releases/release_process:Release Cadence and Process` for
diff --git a/docs/security/security.rst b/docs/security/security.rst
index bab72f2..0ec39bc 100644
--- a/docs/security/security.rst
+++ b/docs/security/security.rst
@@ -49,12 +49,16 @@
| |TFMV-2| | Invoking Secure functions from handler mode may cause TF-M IPC |
| | model to behave unexpectedly. |
+------------+-----------------------------------------------------------------+
+| |TFMV-3| | ``abort()`` function may not take effect in TF-M Crypto |
+| | multi-part MAC/hashing/cipher operations. |
++------------+-----------------------------------------------------------------+
.. _issue tracker: https://developer.trustedfirmware.org/project/view/2/
.. _mailing list: https://lists.trustedfirmware.org/mailman/listinfo/tf-m
.. |TFMV-1| replace:: :ref:`docs/security/security_advisories/stack_seal_vulnerability:Advisory TFMV-1`
.. |TFMV-2| replace:: :ref:`docs/security/security_advisories/svc_caller_sp_fetching_vulnerability:Advisory TFMV-2`
+.. |TFMV-3| replace:: :ref:`docs/security/security_advisories/crypto_multi_part_ops_abort_fail:Advisory TFMV-3`
.. _TrustedFirmware.org security incident process: https://developer.trustedfirmware.org/w/collaboration/security_center/
diff --git a/docs/security/threat_models/generic_threat_model.rst b/docs/security/threat_models/generic_threat_model.rst
index 6356951..94f510b 100644
--- a/docs/security/threat_models/generic_threat_model.rst
+++ b/docs/security/threat_models/generic_threat_model.rst
@@ -1107,7 +1107,7 @@
.. [FF-M] `Arm® Platform Security Architecture Firmware Framework 1.0 <https://developer.arm.com/-/media/Files/pdf/PlatformSecurityArchitecture/Architect/DEN0063-PSA_Firmware_Framework-1.0.0-2.pdf?revision=2d1429fa-4b5b-461a-a60e-4ef3d8f7f4b4>`_
-.. [DUAL-CPU-BOOT] :doc:`Booting a dual core system </docs/technical_references/dual-cpu/booting_a_dual_core_system>`
+.. [DUAL-CPU-BOOT] :doc:`Booting a dual core system </docs/technical_references/design_docs/dual-cpu/booting_a_dual_core_system>`
.. [CVSS] `Common Vulnerability Scoring System Version 3.1 Calculator <https://www.first.org/cvss/calculator/3.1>`_
@@ -1115,9 +1115,9 @@
.. [STRIDE] `The STRIDE Threat Model <https://docs.microsoft.com/en-us/previous-versions/commerce-server/ee823878(v=cs.20)?redirectedfrom=MSDN>`_
-.. [SECURE-BOOT] :doc:`Secure boot </docs/technical_references/tfm_secure_boot>`
+.. [SECURE-BOOT] :doc:`Secure boot </docs/technical_references/design_docs/tfm_secure_boot>`
-.. [ROLLBACK-PROTECT] :doc:`Rollback protection in TF-M secure boot </docs/technical_references/secure_boot_rollback_protection>`
+.. [ROLLBACK-PROTECT] :doc:`Rollback protection in TF-M secure boot </docs/technical_references/design_docs/secure_boot_rollback_protection>`
.. [STACK-SEAL] `Armv8-M processor Secure software Stack Sealing vulnerability <https://developer.arm.com/support/arm-security-updates/armv8-m-stack-sealing>`_
diff --git a/docs/technical_references/code_sharing.rst b/docs/technical_references/design_docs/code_sharing.rst
similarity index 100%
rename from docs/technical_references/code_sharing.rst
rename to docs/technical_references/design_docs/code_sharing.rst
diff --git a/docs/technical_references/dual-cpu/booting_a_dual_core_system.rst b/docs/technical_references/design_docs/dual-cpu/booting_a_dual_core_system.rst
similarity index 100%
rename from docs/technical_references/dual-cpu/booting_a_dual_core_system.rst
rename to docs/technical_references/design_docs/dual-cpu/booting_a_dual_core_system.rst
diff --git a/docs/technical_references/dual-cpu/communication_prototype_between_nspe_and_spe_in_dual_core_systems.rst b/docs/technical_references/design_docs/dual-cpu/communication_prototype_between_nspe_and_spe_in_dual_core_systems.rst
similarity index 100%
rename from docs/technical_references/dual-cpu/communication_prototype_between_nspe_and_spe_in_dual_core_systems.rst
rename to docs/technical_references/design_docs/dual-cpu/communication_prototype_between_nspe_and_spe_in_dual_core_systems.rst
diff --git a/docs/technical_references/dual-cpu/dual_core_mailbox_arch.png b/docs/technical_references/design_docs/dual-cpu/dual_core_mailbox_arch.png
similarity index 100%
rename from docs/technical_references/dual-cpu/dual_core_mailbox_arch.png
rename to docs/technical_references/design_docs/dual-cpu/dual_core_mailbox_arch.png
Binary files differ
diff --git a/docs/technical_references/dual-cpu/index.rst b/docs/technical_references/design_docs/dual-cpu/index.rst
similarity index 100%
rename from docs/technical_references/dual-cpu/index.rst
rename to docs/technical_references/design_docs/dual-cpu/index.rst
diff --git a/docs/technical_references/dual-cpu/mailbox_design_on_dual_core_system.rst b/docs/technical_references/design_docs/dual-cpu/mailbox_design_on_dual_core_system.rst
similarity index 100%
rename from docs/technical_references/dual-cpu/mailbox_design_on_dual_core_system.rst
rename to docs/technical_references/design_docs/dual-cpu/mailbox_design_on_dual_core_system.rst
diff --git a/docs/technical_references/dual-cpu/tfm_multi_core_access_check.rst b/docs/technical_references/design_docs/dual-cpu/tfm_multi_core_access_check.rst
similarity index 100%
rename from docs/technical_references/dual-cpu/tfm_multi_core_access_check.rst
rename to docs/technical_references/design_docs/dual-cpu/tfm_multi_core_access_check.rst
diff --git a/docs/technical_references/enum_implicit_casting.rst b/docs/technical_references/design_docs/enum_implicit_casting.rst
similarity index 100%
rename from docs/technical_references/enum_implicit_casting.rst
rename to docs/technical_references/design_docs/enum_implicit_casting.rst
diff --git a/docs/technical_references/ff_isolation.rst b/docs/technical_references/design_docs/ff_isolation.rst
similarity index 100%
rename from docs/technical_references/ff_isolation.rst
rename to docs/technical_references/design_docs/ff_isolation.rst
diff --git a/docs/technical_references/hardware_abstraction_layer.rst b/docs/technical_references/design_docs/hardware_abstraction_layer.rst
similarity index 99%
rename from docs/technical_references/hardware_abstraction_layer.rst
rename to docs/technical_references/design_docs/hardware_abstraction_layer.rst
index 645426f..b574a3d 100644
--- a/docs/technical_references/hardware_abstraction_layer.rst
+++ b/docs/technical_references/design_docs/hardware_abstraction_layer.rst
@@ -61,7 +61,7 @@
- There is a non-secure :term:`HAL` that focuses on the mailbox operation API
for Dual-core topology. For more information about it, please refer to
:doc:`Mailbox Design in TF-M on Dual-core System
- </docs/technical_references/dual-cpu/mailbox_design_on_dual_core_system>`.
+ </docs/technical_references/design_docs/dual-cpu/mailbox_design_on_dual_core_system>`.
- The minimal set of :term:`TF-M` :term:`HAL` is sufficient for Secure
Partitions by using customized peripheral interfaces. To provide easier
portability for the Secure Partitions, a Secure Partition :term:`HAL` is
diff --git a/docs/technical_references/design_docs/index.rst b/docs/technical_references/design_docs/index.rst
new file mode 100644
index 0000000..3566e03
--- /dev/null
+++ b/docs/technical_references/design_docs/index.rst
@@ -0,0 +1,13 @@
+Design documents
+================
+
+.. toctree::
+ :maxdepth: 2
+ :glob:
+
+ */index
+ *
+
+--------------
+
+*Copyright (c) 2021, Arm Limited. All rights reserved.*
diff --git a/docs/technical_references/media/hal_structure.png b/docs/technical_references/design_docs/media/hal_structure.png
similarity index 100%
rename from docs/technical_references/media/hal_structure.png
rename to docs/technical_references/design_docs/media/hal_structure.png
Binary files differ
diff --git a/docs/technical_references/media/symmetric_initial_attest/attest_token_finish.png b/docs/technical_references/design_docs/media/symmetric_initial_attest/attest_token_finish.png
similarity index 100%
rename from docs/technical_references/media/symmetric_initial_attest/attest_token_finish.png
rename to docs/technical_references/design_docs/media/symmetric_initial_attest/attest_token_finish.png
Binary files differ
diff --git a/docs/technical_references/media/symmetric_initial_attest/attest_token_start.png b/docs/technical_references/design_docs/media/symmetric_initial_attest/attest_token_start.png
similarity index 100%
rename from docs/technical_references/media/symmetric_initial_attest/attest_token_start.png
rename to docs/technical_references/design_docs/media/symmetric_initial_attest/attest_token_start.png
Binary files differ
diff --git a/docs/technical_references/media/symmetric_initial_attest/ia_service_flow.png b/docs/technical_references/design_docs/media/symmetric_initial_attest/ia_service_flow.png
similarity index 100%
rename from docs/technical_references/media/symmetric_initial_attest/ia_service_flow.png
rename to docs/technical_references/design_docs/media/symmetric_initial_attest/ia_service_flow.png
Binary files differ
diff --git a/docs/technical_references/media/symmetric_initial_attest/iat_decode.png b/docs/technical_references/design_docs/media/symmetric_initial_attest/iat_decode.png
similarity index 100%
rename from docs/technical_references/media/symmetric_initial_attest/iat_decode.png
rename to docs/technical_references/design_docs/media/symmetric_initial_attest/iat_decode.png
Binary files differ
diff --git a/docs/technical_references/media/symmetric_initial_attest/overall_diagram.png b/docs/technical_references/design_docs/media/symmetric_initial_attest/overall_diagram.png
similarity index 100%
rename from docs/technical_references/media/symmetric_initial_attest/overall_diagram.png
rename to docs/technical_references/design_docs/media/symmetric_initial_attest/overall_diagram.png
Binary files differ
diff --git a/docs/technical_references/media/tfm_crypto_design.png b/docs/technical_references/design_docs/media/tfm_crypto_design.png
similarity index 100%
rename from docs/technical_references/media/tfm_crypto_design.png
rename to docs/technical_references/design_docs/media/tfm_crypto_design.png
Binary files differ
diff --git a/docs/technical_references/profiles/index.rst b/docs/technical_references/design_docs/profiles/index.rst
similarity index 100%
rename from docs/technical_references/profiles/index.rst
rename to docs/technical_references/design_docs/profiles/index.rst
diff --git a/docs/technical_references/profiles/tfm_profile_large.rst b/docs/technical_references/design_docs/profiles/tfm_profile_large.rst
similarity index 97%
rename from docs/technical_references/profiles/tfm_profile_large.rst
rename to docs/technical_references/design_docs/profiles/tfm_profile_large.rst
index 45e51f4..dd64e00 100644
--- a/docs/technical_references/profiles/tfm_profile_large.rst
+++ b/docs/technical_references/design_docs/profiles/tfm_profile_large.rst
@@ -383,6 +383,8 @@
+--------------------------------------------+---------------+-----------------------------------------+
| ``TFM_CRYPTO_TEST_ALG_CTR`` | ``OFF`` | Test CTR cryptography mode |
+--------------------------------------------+---------------+-----------------------------------------+
+ | ``TFM_CRYPTO_TEST_ECDH`` | ``ON`` | Test ECDH key agreement algorithm |
+ +--------------------------------------------+---------------+-----------------------------------------+
****************
Platform support
@@ -436,9 +438,9 @@
Reference
*********
-.. [1] :doc:`Trusted Firmware-M Profile Small Design </docs/technical_references/profiles/tfm_profile_small>`
+.. [1] :doc:`Trusted Firmware-M Profile Small Design </docs/technical_references/design_docs/profiles/tfm_profile_small>`
-.. [2] :doc:`Trusted Firmware-M Profile Medium Design </docs/technical_references/profiles/tfm_profile_medium>`
+.. [2] :doc:`Trusted Firmware-M Profile Medium Design </docs/technical_references/design_docs/profiles/tfm_profile_medium>`
.. [3] `PSA Certified Level 3 Lightweight Protection Profile <https://www.psacertified.org/app/uploads/2020/12/JSADEN009-PSA_Certified_Level_3_LW_PP-1.0-BET02.pdf>`_
@@ -446,9 +448,9 @@
.. [5] `The Transport Layer Security (TLS) Protocol Version 1.2 <https://tools.ietf.org/html/rfc5246>`_
-.. [6] :doc:`Physical attack mitigation in Trusted Firmware-M </docs/technical_references/tfm_physical_attack_mitigation>`
+.. [6] :doc:`Physical attack mitigation in Trusted Firmware-M </docs/technical_references/design_docs/tfm_physical_attack_mitigation>`
-.. [7] :doc:`Crypto design </docs/technical_references/tfm_crypto_design>`
+.. [7] :doc:`Crypto design </docs/technical_references/design_docs/tfm_crypto_design>`
.. [8] :doc:`ITS integration guide </docs/integration_guide/services/tfm_its_integration_guide>`
diff --git a/docs/technical_references/profiles/tfm_profile_medium.rst b/docs/technical_references/design_docs/profiles/tfm_profile_medium.rst
similarity index 98%
rename from docs/technical_references/profiles/tfm_profile_medium.rst
rename to docs/technical_references/design_docs/profiles/tfm_profile_medium.rst
index 6b384c7..c7c7516 100644
--- a/docs/technical_references/profiles/tfm_profile_medium.rst
+++ b/docs/technical_references/design_docs/profiles/tfm_profile_medium.rst
@@ -313,6 +313,8 @@
+--------------------------------------------+---------------+--------------------------------+
| ``TFM_CRYPTO_TEST_HKDF`` | ``OFF`` | Disable HKDF algorithm test |
+--------------------------------------------+---------------+--------------------------------+
+ | ``TFM_CRYPTO_TEST_ECDH`` | ``ON`` | Enable ECDH key agreement test |
+ +--------------------------------------------+---------------+--------------------------------+
Device configuration extension
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -470,7 +472,7 @@
.. [RFC7925] `Transport Layer Security (TLS) / Datagram Transport Layer Security (DTLS) Profiles for the Internet of Things <https://tools.ietf.org/html/rfc7925>`_
-.. [PROFILE-S] :doc:`Trusted Firmware-M Profile Small Design </docs/technical_references/profiles/tfm_profile_small>`
+.. [PROFILE-S] :doc:`Trusted Firmware-M Profile Small Design </docs/technical_references/design_docs/profiles/tfm_profile_small>`
.. [RFC7252] `The Constrained Application Protocol (CoAP) <https://tools.ietf.org/html/rfc7252>`_
@@ -478,7 +480,7 @@
.. [RFC7251] `AES-CCM Elliptic Curve Cryptography (ECC) Cipher Suites for TLS <https://tools.ietf.org/html/rfc7251>`_
-.. [CRYPTO-DESIGN] :doc:`Crypto design </docs/technical_references/tfm_crypto_design>`
+.. [CRYPTO-DESIGN] :doc:`Crypto design </docs/technical_references/design_docs/tfm_crypto_design>`
.. [ITS-INTEGRATE] :doc:`ITS integration guide </docs/integration_guide/services/tfm_its_integration_guide>`
diff --git a/docs/technical_references/profiles/tfm_profile_small.rst b/docs/technical_references/design_docs/profiles/tfm_profile_small.rst
similarity index 97%
rename from docs/technical_references/profiles/tfm_profile_small.rst
rename to docs/technical_references/design_docs/profiles/tfm_profile_small.rst
index 17f6f49..5a02cde 100644
--- a/docs/technical_references/profiles/tfm_profile_small.rst
+++ b/docs/technical_references/design_docs/profiles/tfm_profile_small.rst
@@ -437,7 +437,9 @@
+--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
| ``TFM_CRYPTO_TEST_ALG_SHA_512`` | ``OFF`` | Test SHA-512 cryptography algorithm |
+--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
- | ``TFM_CRYPTO_TEST_HKDF`` | ``OFF`` | Test SHA-512 cryptography algorithm |
+ | ``TFM_CRYPTO_TEST_HKDF`` | ``OFF`` | Test HKDF key derivation algorithm |
+ +--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
+ | ``TFM_CRYPTO_TEST_ECDH`` | ``OFF`` | Test ECDH key agreement algorithm |
+--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
Device configuration extension
@@ -636,9 +638,9 @@
.. [8] `PSA Attestation API 1.0 (ARM IHI 0085) <https://developer.arm.com/-/media/Files/pdf/PlatformSecurityArchitecture/Implement/IHI0085-PSA_Attestation_API-1.0.2.pdf?revision=eef78753-c77e-4b24-bcf0-65596213b4c1&la=en&hash=E5E0353D612077AFDCE3F2F3708A50C77A74B2A3>`_
-.. [9] :doc:`Secure boot </docs/technical_references/tfm_secure_boot>`
+.. [9] :doc:`Secure boot </docs/technical_references/design_docs/tfm_secure_boot>`
-.. [10] :doc:`Crypto design </docs/technical_references/tfm_crypto_design>`
+.. [10] :doc:`Crypto design </docs/technical_references/design_docs/tfm_crypto_design>`
.. [11] :doc:`TF-M build instruction </docs/technical_references/instructions/tfm_build_instruction>`
diff --git a/docs/technical_references/ps_key_management.rst b/docs/technical_references/design_docs/ps_key_management.rst
similarity index 100%
rename from docs/technical_references/ps_key_management.rst
rename to docs/technical_references/design_docs/ps_key_management.rst
diff --git a/docs/technical_references/secure_boot_hw_key_integration.rst b/docs/technical_references/design_docs/secure_boot_hw_key_integration.rst
similarity index 100%
rename from docs/technical_references/secure_boot_hw_key_integration.rst
rename to docs/technical_references/design_docs/secure_boot_hw_key_integration.rst
diff --git a/docs/technical_references/secure_boot_rollback_protection.rst b/docs/technical_references/design_docs/secure_boot_rollback_protection.rst
similarity index 100%
rename from docs/technical_references/secure_boot_rollback_protection.rst
rename to docs/technical_references/design_docs/secure_boot_rollback_protection.rst
diff --git a/docs/technical_references/secure_enclave_solution.rst b/docs/technical_references/design_docs/secure_enclave_solution.rst
similarity index 100%
rename from docs/technical_references/secure_enclave_solution.rst
rename to docs/technical_references/design_docs/secure_enclave_solution.rst
diff --git a/docs/technical_references/source_structure.rst b/docs/technical_references/design_docs/source_structure.rst
similarity index 100%
rename from docs/technical_references/source_structure.rst
rename to docs/technical_references/design_docs/source_structure.rst
diff --git a/docs/technical_references/stateless_rot_service.rst b/docs/technical_references/design_docs/stateless_rot_service.rst
similarity index 100%
rename from docs/technical_references/stateless_rot_service.rst
rename to docs/technical_references/design_docs/stateless_rot_service.rst
diff --git a/docs/technical_references/symmetric_initial_attest.rst b/docs/technical_references/design_docs/symmetric_initial_attest.rst
similarity index 99%
rename from docs/technical_references/symmetric_initial_attest.rst
rename to docs/technical_references/design_docs/symmetric_initial_attest.rst
index b53ab3c..c139d64 100644
--- a/docs/technical_references/symmetric_initial_attest.rst
+++ b/docs/technical_references/design_docs/symmetric_initial_attest.rst
@@ -588,7 +588,7 @@
.. [1] `PSA Attestation API 1.0 (ARM IHI 0085) <https://developer.arm.com/-/media/Files/pdf/PlatformSecurityArchitecture/Implement/IHI0085-PSA_Attestation_API-1.0.2.pdf?revision=eef78753-c77e-4b24-bcf0-65596213b4c1&la=en&hash=E5E0353D612077AFDCE3F2F3708A50C77A74B2A3>`_
-.. [2] :doc:`Trusted Firmware-M Profile Small Design </docs/technical_references/profiles/tfm_profile_small>`
+.. [2] :doc:`Trusted Firmware-M Profile Small Design </docs/technical_references/design_docs/profiles/tfm_profile_small>`
.. [3] :doc:`Initial Attestation Service Integration Guide </docs/integration_guide/services/tfm_attestation_integration_guide>`
diff --git a/docs/technical_references/tfm_code_generation_with_jinja2.rst b/docs/technical_references/design_docs/tfm_code_generation_with_jinja2.rst
similarity index 100%
rename from docs/technical_references/tfm_code_generation_with_jinja2.rst
rename to docs/technical_references/design_docs/tfm_code_generation_with_jinja2.rst
diff --git a/docs/technical_references/tfm_cooperative_scheduling_rules.rst b/docs/technical_references/design_docs/tfm_cooperative_scheduling_rules.rst
similarity index 100%
rename from docs/technical_references/tfm_cooperative_scheduling_rules.rst
rename to docs/technical_references/design_docs/tfm_cooperative_scheduling_rules.rst
diff --git a/docs/technical_references/tfm_crypto_design.rst b/docs/technical_references/design_docs/tfm_crypto_design.rst
similarity index 100%
rename from docs/technical_references/tfm_crypto_design.rst
rename to docs/technical_references/design_docs/tfm_crypto_design.rst
diff --git a/docs/technical_references/tfm_fwu_service.rst b/docs/technical_references/design_docs/tfm_fwu_service.rst
similarity index 100%
rename from docs/technical_references/tfm_fwu_service.rst
rename to docs/technical_references/design_docs/tfm_fwu_service.rst
diff --git a/docs/technical_references/tfm_its_512_flash.rst b/docs/technical_references/design_docs/tfm_its_512_flash.rst
similarity index 100%
rename from docs/technical_references/tfm_its_512_flash.rst
rename to docs/technical_references/design_docs/tfm_its_512_flash.rst
diff --git a/docs/technical_references/tfm_its_service.rst b/docs/technical_references/design_docs/tfm_its_service.rst
similarity index 100%
rename from docs/technical_references/tfm_its_service.rst
rename to docs/technical_references/design_docs/tfm_its_service.rst
diff --git a/docs/technical_references/tfm_log_system_design_document.rst b/docs/technical_references/design_docs/tfm_log_system_design_document.rst
similarity index 100%
rename from docs/technical_references/tfm_log_system_design_document.rst
rename to docs/technical_references/design_docs/tfm_log_system_design_document.rst
diff --git a/docs/technical_references/tfm_non_secure_client_management.rst b/docs/technical_references/design_docs/tfm_non_secure_client_management.rst
similarity index 100%
rename from docs/technical_references/tfm_non_secure_client_management.rst
rename to docs/technical_references/design_docs/tfm_non_secure_client_management.rst
diff --git a/docs/technical_references/tfm_ns_client_identification.rst b/docs/technical_references/design_docs/tfm_ns_client_identification.rst
similarity index 100%
rename from docs/technical_references/tfm_ns_client_identification.rst
rename to docs/technical_references/design_docs/tfm_ns_client_identification.rst
diff --git a/docs/technical_references/tfm_partition_and_service_design_document.rst b/docs/technical_references/design_docs/tfm_partition_and_service_design_document.rst
similarity index 100%
rename from docs/technical_references/tfm_partition_and_service_design_document.rst
rename to docs/technical_references/design_docs/tfm_partition_and_service_design_document.rst
diff --git a/docs/technical_references/tfm_physical_attack_mitigation.rst b/docs/technical_references/design_docs/tfm_physical_attack_mitigation.rst
similarity index 100%
rename from docs/technical_references/tfm_physical_attack_mitigation.rst
rename to docs/technical_references/design_docs/tfm_physical_attack_mitigation.rst
diff --git a/docs/technical_references/tfm_psa_inter_process_communication.rst b/docs/technical_references/design_docs/tfm_psa_inter_process_communication.rst
similarity index 100%
rename from docs/technical_references/tfm_psa_inter_process_communication.rst
rename to docs/technical_references/design_docs/tfm_psa_inter_process_communication.rst
diff --git a/docs/technical_references/tfm_secure_boot.rst b/docs/technical_references/design_docs/tfm_secure_boot.rst
similarity index 100%
rename from docs/technical_references/tfm_secure_boot.rst
rename to docs/technical_references/design_docs/tfm_secure_boot.rst
diff --git a/docs/technical_references/tfm_secure_irq_handling.rst b/docs/technical_references/design_docs/tfm_secure_irq_handling.rst
similarity index 100%
rename from docs/technical_references/tfm_secure_irq_handling.rst
rename to docs/technical_references/design_docs/tfm_secure_irq_handling.rst
diff --git a/docs/technical_references/tfm_secure_partition_interrupt_handling.rst b/docs/technical_references/design_docs/tfm_secure_partition_interrupt_handling.rst
similarity index 98%
rename from docs/technical_references/tfm_secure_partition_interrupt_handling.rst
rename to docs/technical_references/design_docs/tfm_secure_partition_interrupt_handling.rst
index 79dea0c..f58fb96 100644
--- a/docs/technical_references/tfm_secure_partition_interrupt_handling.rst
+++ b/docs/technical_references/design_docs/tfm_secure_partition_interrupt_handling.rst
@@ -40,7 +40,7 @@
]}
See
-:doc:`secure IRQ handling </docs/technical_references/tfm_secure_irq_handling>`
+:doc:`secure IRQ handling </docs/technical_references/design_docs/tfm_secure_irq_handling>`
for further information on IRQ source and signal.
Partition ISR function
diff --git a/docs/technical_references/tfm_secure_partition_runtime_library.rst b/docs/technical_references/design_docs/tfm_secure_partition_runtime_library.rst
similarity index 100%
rename from docs/technical_references/tfm_secure_partition_runtime_library.rst
rename to docs/technical_references/design_docs/tfm_secure_partition_runtime_library.rst
diff --git a/docs/technical_references/tfm_uniform_secure_service_signature.rst b/docs/technical_references/design_docs/tfm_uniform_secure_service_signature.rst
similarity index 100%
rename from docs/technical_references/tfm_uniform_secure_service_signature.rst
rename to docs/technical_references/design_docs/tfm_uniform_secure_service_signature.rst
diff --git a/docs/technical_references/index.rst b/docs/technical_references/index.rst
index b98df23..eabc0e1 100644
--- a/docs/technical_references/index.rst
+++ b/docs/technical_references/index.rst
@@ -5,11 +5,9 @@
:maxdepth: 2
:titlesonly:
:glob:
- :numbered:
*/index
/tools/index
- *
--------------
diff --git a/docs/technical_references/index.rst.in b/docs/technical_references/index.rst.in
deleted file mode 100644
index b5cf149..0000000
--- a/docs/technical_references/index.rst.in
+++ /dev/null
@@ -1,30 +0,0 @@
-Design Documents
-================
-
-.. toctree::
- :maxdepth: 1
- :caption: Accepted design documents
- :glob:
- :numbered:
-
- @ACCEPTED_DD_LIST@
-
-.. toctree::
- :maxdepth: 1
- :caption: Draft design documents
- :glob:
- :numbered:
-
- @DRAFT_DD_LIST@
-
-.. toctree::
- :maxdepth: 1
- :caption: Rejected design documents
- :glob:
- :numbered:
-
- @REJECTED_DD_LIST@
-
---------------
-
-*Copyright (c) 2019, Arm Limited. All rights reserved.*
diff --git a/docs/technical_references/instructions/documentation_generation.rst b/docs/technical_references/instructions/documentation_generation.rst
index da21dee..e6b4fc5 100644
--- a/docs/technical_references/instructions/documentation_generation.rst
+++ b/docs/technical_references/instructions/documentation_generation.rst
@@ -127,6 +127,8 @@
- Java runtime environment 1.8 or later (for running PlantUML)
- LaTeX - for PDF generation only
- PdfLaTeX - for PDF generation only
+ - librsvg2-bin - a SVG pictures renderer library to support
+ sphinxcontrib-svg2pdfconverter
.. tabs::
diff --git a/docs/technical_references/instructions/run_tfm_examples_on_arm_platforms.rst b/docs/technical_references/instructions/run_tfm_examples_on_arm_platforms.rst
index 965d3e9..256147f 100644
--- a/docs/technical_references/instructions/run_tfm_examples_on_arm_platforms.rst
+++ b/docs/technical_references/instructions/run_tfm_examples_on_arm_platforms.rst
@@ -4,7 +4,7 @@
Instructions for how to run TF-M and example test application on Arm platforms.
Follow :doc:`build instruction <tfm_build_instruction>` to build the binaries.
-Follow :doc:`secure boot </docs/technical_references/tfm_secure_boot>` to build the
+Follow :doc:`secure boot </docs/technical_references/design_docs/tfm_secure_boot>` to build the
binaries with or without BL2 bootloader.
****************************************************************
@@ -562,7 +562,7 @@
Firmware upgrade and image validation with BL2 bootloader
=========================================================
High level operation of BL2 bootloader and instructions for testing firmware
-upgrade is described in :doc:`secure boot </docs/technical_references/tfm_secure_boot>`.
+upgrade is described in :doc:`secure boot </docs/technical_references/design_docs/tfm_secure_boot>`.
--------------
diff --git a/docs/technical_references/instructions/tfm_build_instruction.rst b/docs/technical_references/instructions/tfm_build_instruction.rst
index 49bdeff..9136c4c 100644
--- a/docs/technical_references/instructions/tfm_build_instruction.rst
+++ b/docs/technical_references/instructions/tfm_build_instruction.rst
@@ -60,6 +60,13 @@
7. If it exists, TFM Profile specific config is applied from
``config/profile/<tfm_profile>.cmake``.
8. ``config/config_default.cmake`` is loaded.
+ 9. If ``TEST_S`` or ``TEST_NS`` or other single test suite config like
+ ``TEST_NS_ATTESTATION`` (see `Regression test configuration`_)is set, then
+ config from ``${TFM_TEST_REPO_PATH}/test/config/set_config.cmake`` and
+ ``${TFM_TEST_REPO_PATH}/test/config/default_ns_test_config.cmake`` or
+ ``${TFM_TEST_REPO_PATH}/test/config/default_s_test_config.cmake`` or
+ ``${TFM_TEST_REPO_PATH}/test/config/default_test_config.cmake`` is
+ applied.
.. Warning::
This means that command-line settings are not applied when they conflict
@@ -132,14 +139,69 @@
Regression test configuration
-----------------------------
-Regression test configuration is controlled entirely by the ``TEST_S`` and
-``TEST_NS`` cmake variables.
+Regression test configuration is controlled entirely by ``TEST_NS`` or
+``TEST_S`` or single test suite configuration. The group test
+configurations and single test suite configurations are listed below, all of
+them are disabled by default.
+
++---------------------+--------------------------------------------------------------------+
+| Parameter | Description |
++=====================+====================================================================+
+| TEST_NS_ATTESTATION | Build non-secure regression Attestation tests. |
++---------------------+--------------------------------------------------------------------+
+| TEST_NS_T_COSE | Build non-secure regression t_cose tests. |
++---------------------+--------------------------------------------------------------------+
+| TEST_NS_QCBOR | Build non-secure regression QCBOR tests. |
++---------------------+--------------------------------------------------------------------+
+| TEST_NS_AUDIT | Build non-secure regression Audit log tests. |
++---------------------+--------------------------------------------------------------------+
+| TEST_NS_CORE | Build non-secure regression Core tests. |
++---------------------+--------------------------------------------------------------------+
+| TEST_NS_CRYPTO | Build non-secure regression Crypto tests. |
++---------------------+--------------------------------------------------------------------+
+| TEST_NS_ITS | Build non-secure regression ITS tests. |
++---------------------+--------------------------------------------------------------------+
+| TEST_NS_PS | Build non-secure regression PS tests. |
++---------------------+--------------------------------------------------------------------+
+| TEST_NS_PLATFORM | Build non-secure regression Platform tests. |
++---------------------+--------------------------------------------------------------------+
+| TEST_NS_FWU | Build non-secure regression FWU tests. |
++---------------------+--------------------------------------------------------------------+
+| TEST_NS_IPC | Build non-secure regression IPC tests. |
++---------------------+--------------------------------------------------------------------+
+| TEST_NS_SLIH_IRQ | Build non-secure regression Second-Level Interrupt Handling tests. |
++---------------------+--------------------------------------------------------------------+
+| TEST_NS_FLIH_IRQ | Build non-secure regression First-Level Interrupt Handling tests. |
++---------------------+--------------------------------------------------------------------+
+| TEST_NS_MULTI_CORE | Build non-secure regression multi-core tests. |
++---------------------+--------------------------------------------------------------------+
+| TEST_S_ATTESTATION | Build secure regression Attestation tests. |
++---------------------+--------------------------------------------------------------------+
+| TEST_S_AUDIT | Build secure regression Audit log tests. |
++---------------------+--------------------------------------------------------------------+
+| TEST_S_CRYPTO | Build secure regression Crypto tests. |
++---------------------+--------------------------------------------------------------------+
+| TEST_S_ITS | Build secure regression ITS tests. |
++---------------------+--------------------------------------------------------------------+
+| TEST_S_PS | Build secure regression PS tests. |
++---------------------+--------------------------------------------------------------------+
+| TEST_S_PLATFORM | Build secure regression Platform tests. |
++---------------------+--------------------------------------------------------------------+
+| TEST_S_FWU | Build secure regression FWU tests. |
++---------------------+--------------------------------------------------------------------+
+| TEST_S_IPC | Build secure regression IPC tests. |
++---------------------+--------------------------------------------------------------------+
+
+The single test suite can be opened when their dependencies like partitions or
+other specific configurations are set. On the one hand, some test suites depend
+on other test suites. On the other hand, some test suites have confict with
+other test suites. Test configurations and dependencies will be
+checked in ``${TFM_TEST_REPO_PATH}/test/config/check_config.cmake``.
If regression testing is enabled, it will then enable all tests for the enabled
secure partitions. If IPC mode is enabled via ``TFM_PSA_API`` the IPC tests will
-be enabled. QCBOR and T_COSE tests are linked to the Initial Attestation
-partition, as they are only used there. Multicore tests will be enabled if
-``TFM_MULTI_CORE_TOPOLOGY`` is enabled.
+be enabled. Multicore tests will be enabled if ``TFM_MULTI_CORE_TOPOLOGY`` is
+enabled.
Some cryptographic tests can be enabled and disabled. This is done to prevent
false failures from being reported when a smaller Mbed Crypto config is being
@@ -160,7 +222,9 @@
+-----------------------------+-------------------------------------+---------------+
| TFM_CRYPTO_TEST_ALG_SHA_512 | Test SHA-512 cryptography algorithm | ON |
+-----------------------------+-------------------------------------+---------------+
-| TFM_CRYPTO_TEST_HKDF | Test SHA-512 cryptography algorithm | ON |
+| TFM_CRYPTO_TEST_HKDF | Test HKDF key derivation algorithm | ON |
++-----------------------------+-------------------------------------+---------------+
+| TFM_CRYPTO_TEST_ECDH | Test ECDH key agreement algorithm | ON |
+-----------------------------+-------------------------------------+---------------+
TF-M Profiles
diff --git a/interface/include/psa/crypto.h b/interface/include/psa/crypto.h
index 0099baa..5ccc5e7 100644
--- a/interface/include/psa/crypto.h
+++ b/interface/include/psa/crypto.h
@@ -95,18 +95,6 @@
* @{
*/
-/** \def PSA_KEY_ATTRIBUTES_INIT
- *
- * This macro returns a suitable initializer for a key attribute structure
- * of type #psa_key_attributes_t.
- */
-#ifdef __DOXYGEN_ONLY__
-/* This is an example definition for documentation purposes.
- * Implementations should define a suitable value in `crypto_struct.h`.
- */
-#define PSA_KEY_ATTRIBUTES_INIT {0}
-#endif
-
/** Return an initial value for a key attributes structure.
*/
static psa_key_attributes_t psa_key_attributes_init(void);
@@ -677,6 +665,8 @@
* For Weierstrass curves, this is the content of the `privateKey` field of
* the `ECPrivateKey` format defined by RFC 5915. For Montgomery curves,
* the format is defined by RFC 7748, and output is masked according to §5.
+ * For twisted Edwards curves, the private key is as defined by RFC 8032
+ * (a 32-byte string for Edwards25519, a 57-byte string for Edwards448).
* - For Diffie-Hellman key exchange key pairs (key types for which
* #PSA_KEY_TYPE_IS_DH_KEY_PAIR is true), the
* format is the representation of the private key `x` as a big-endian byte
@@ -742,7 +732,12 @@
* modulus INTEGER, -- n
* publicExponent INTEGER } -- e
* ```
- * - For elliptic curve public keys (key types for which
+ * - For elliptic curve keys on a twisted Edwards curve (key types for which
+ * #PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY is true and #PSA_KEY_TYPE_ECC_GET_FAMILY
+ * returns #PSA_ECC_FAMILY_TWISTED_EDWARDS), the public key is as defined
+ * by RFC 8032
+ * (a 32-byte string for Edwards25519, a 57-byte string for Edwards448).
+ * - For other elliptic curve public keys (key types for which
* #PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY is true), the format is the uncompressed
* representation defined by SEC1 §2.3.3 as the content of an ECPoint.
* Let `m` be the bit size associated with the curve, i.e. the bit size of
@@ -899,22 +894,10 @@
* \endcode
*
* This is an implementation-defined \c struct. Applications should not
- * make any assumptions about the content of this structure except
- * as directed by the documentation of a specific implementation. */
+ * make any assumptions about the content of this structure.
+ * Implementation details can change in future versions without notice. */
typedef struct psa_hash_operation_s psa_hash_operation_t;
-/** \def PSA_HASH_OPERATION_INIT
- *
- * This macro returns a suitable initializer for a hash operation object
- * of type #psa_hash_operation_t.
- */
-#ifdef __DOXYGEN_ONLY__
-/* This is an example definition for documentation purposes.
- * Implementations should define a suitable value in `crypto_struct.h`.
- */
-#define PSA_HASH_OPERATION_INIT {0}
-#endif
-
/** Return an initial value for a hash operation object.
*/
static psa_hash_operation_t psa_hash_operation_init(void);
@@ -1268,22 +1251,11 @@
* operation = psa_mac_operation_init();
* \endcode
*
- * This is an implementation-defined \c struct. Applications should not
- * make any assumptions about the content of this structure except
- * as directed by the documentation of a specific implementation. */
-typedef struct psa_mac_operation_s psa_mac_operation_t;
-
-/** \def PSA_MAC_OPERATION_INIT
*
- * This macro returns a suitable initializer for a MAC operation object of type
- * #psa_mac_operation_t.
- */
-#ifdef __DOXYGEN_ONLY__
-/* This is an example definition for documentation purposes.
- * Implementations should define a suitable value in `crypto_struct.h`.
- */
-#define PSA_MAC_OPERATION_INIT {0}
-#endif
+ * This is an implementation-defined \c struct. Applications should not
+ * make any assumptions about the content of this structure.
+ * Implementation details can change in future versions without notice. */
+typedef struct psa_mac_operation_s psa_mac_operation_t;
/** Return an initial value for a MAC operation object.
*/
@@ -1693,22 +1665,10 @@
* \endcode
*
* This is an implementation-defined \c struct. Applications should not
- * make any assumptions about the content of this structure except
- * as directed by the documentation of a specific implementation. */
+ * make any assumptions about the content of this structure.
+ * Implementation details can change in future versions without notice. */
typedef struct psa_cipher_operation_s psa_cipher_operation_t;
-/** \def PSA_CIPHER_OPERATION_INIT
- *
- * This macro returns a suitable initializer for a cipher operation object of
- * type #psa_cipher_operation_t.
- */
-#ifdef __DOXYGEN_ONLY__
-/* This is an example definition for documentation purposes.
- * Implementations should define a suitable value in `crypto_struct.h`.
- */
-#define PSA_CIPHER_OPERATION_INIT {0}
-#endif
-
/** Return an initial value for a cipher operation object.
*/
static psa_cipher_operation_t psa_cipher_operation_init(void);
@@ -2074,9 +2034,16 @@
* authentication tag is appended to the
* encrypted data.
* \param ciphertext_size Size of the \p ciphertext buffer in bytes.
- * This must be at least
- * #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\p alg,
- * \p plaintext_length).
+ * This must be appropriate for the selected
+ * algorithm and key:
+ * - A sufficient output size is
+ * #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\c key_type,
+ * \p alg, \p plaintext_length) where
+ * \c key_type is the type of \p key.
+ * - #PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(\p
+ * plaintext_length) evaluates to the maximum
+ * ciphertext size of any supported AEAD
+ * encryption.
* \param[out] ciphertext_length On success, the size of the output
* in the \p ciphertext buffer.
*
@@ -2090,7 +2057,11 @@
* \p alg is not supported or is not an AEAD algorithm.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
- * \p ciphertext_size is too small
+ * \p ciphertext_size is too small.
+ * #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\c key_type, \p alg,
+ * \p plaintext_length) or
+ * #PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(\p plaintext_length) can be used to
+ * determine the required buffer size.
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
@@ -2134,9 +2105,16 @@
* \param ciphertext_length Size of \p ciphertext in bytes.
* \param[out] plaintext Output buffer for the decrypted data.
* \param plaintext_size Size of the \p plaintext buffer in bytes.
- * This must be at least
- * #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\p alg,
- * \p ciphertext_length).
+ * This must be appropriate for the selected
+ * algorithm and key:
+ * - A sufficient output size is
+ * #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\c key_type,
+ * \p alg, \p ciphertext_length) where
+ * \c key_type is the type of \p key.
+ * - #PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(\p
+ * ciphertext_length) evaluates to the maximum
+ * plaintext size of any supported AEAD
+ * decryption.
* \param[out] plaintext_length On success, the size of the output
* in the \p plaintext buffer.
*
@@ -2152,7 +2130,11 @@
* \p alg is not supported or is not an AEAD algorithm.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
- * \p plaintext_size or \p nonce_length is too small
+ * \p plaintext_size is too small.
+ * #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\c key_type, \p alg,
+ * \p ciphertext_length) or
+ * #PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(\p ciphertext_length) can be used
+ * to determine the required buffer size.
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
@@ -2200,22 +2182,10 @@
* \endcode
*
* This is an implementation-defined \c struct. Applications should not
- * make any assumptions about the content of this structure except
- * as directed by the documentation of a specific implementation. */
+ * make any assumptions about the content of this structure.
+ * Implementation details can change in future versions without notice. */
typedef struct psa_aead_operation_s psa_aead_operation_t;
-/** \def PSA_AEAD_OPERATION_INIT
- *
- * This macro returns a suitable initializer for an AEAD operation object of
- * type #psa_aead_operation_t.
- */
-#ifdef __DOXYGEN_ONLY__
-/* This is an example definition for documentation purposes.
- * Implementations should define a suitable value in `crypto_struct.h`.
- */
-#define PSA_AEAD_OPERATION_INIT {0}
-#endif
-
/** Return an initial value for an AEAD operation object.
*/
static psa_aead_operation_t psa_aead_operation_init(void);
@@ -2573,10 +2543,18 @@
* \param input_length Size of the \p input buffer in bytes.
* \param[out] output Buffer where the output is to be written.
* \param output_size Size of the \p output buffer in bytes.
- * This must be at least
- * #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c alg,
- * \p input_length) where \c alg is the
- * algorithm that is being calculated.
+ * This must be appropriate for the selected
+ * algorithm and key:
+ * - A sufficient output size is
+ * #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type,
+ * \c alg, \p input_length) where
+ * \c key_type is the type of key and \c alg is
+ * the algorithm that were used to set up the
+ * operation.
+ * - #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p
+ * input_length) evaluates to the maximum
+ * output size of any supported AEAD
+ * algorithm.
* \param[out] output_length On success, the number of bytes
* that make up the returned output.
*
@@ -2587,9 +2565,9 @@
* set, and have lengths set if required by the algorithm).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p output buffer is too small.
- * You can determine a sufficient buffer size by calling
- * #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c alg, \p input_length)
- * where \c alg is the algorithm that is being calculated.
+ * #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type, \c alg, \p input_length) or
+ * #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p input_length) can be used to
+ * determine the required buffer size.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The total length of input to psa_aead_update_ad() so far is
* less than the additional data length that was previously
@@ -2626,9 +2604,7 @@
* This function has two output buffers:
* - \p ciphertext contains trailing ciphertext that was buffered from
* preceding calls to psa_aead_update().
- * - \p tag contains the authentication tag. Its length is always
- * #PSA_AEAD_TAG_LENGTH(\c alg) where \c alg is the AEAD algorithm
- * that the operation performs.
+ * - \p tag contains the authentication tag.
*
* When this function returns successfuly, the operation becomes inactive.
* If this function returns an error status, the operation enters an error
@@ -2638,18 +2614,32 @@
* \param[out] ciphertext Buffer where the last part of the ciphertext
* is to be written.
* \param ciphertext_size Size of the \p ciphertext buffer in bytes.
- * This must be at least
- * #PSA_AEAD_FINISH_OUTPUT_SIZE(\c alg) where
- * \c alg is the algorithm that is being
- * calculated.
+ * This must be appropriate for the selected
+ * algorithm and key:
+ * - A sufficient output size is
+ * #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type,
+ * \c alg) where \c key_type is the type of key
+ * and \c alg is the algorithm that were used to
+ * set up the operation.
+ * - #PSA_AEAD_FINISH_OUTPUT_MAX_SIZE evaluates to
+ * the maximum output size of any supported AEAD
+ * algorithm.
* \param[out] ciphertext_length On success, the number of bytes of
* returned ciphertext.
* \param[out] tag Buffer where the authentication tag is
* to be written.
* \param tag_size Size of the \p tag buffer in bytes.
- * This must be at least
- * #PSA_AEAD_TAG_LENGTH(\c alg) where \c alg is
- * the algorithm that is being calculated.
+ * This must be appropriate for the selected
+ * algorithm and key:
+ * - The exact tag size is #PSA_AEAD_TAG_LENGTH(\c
+ * key_type, \c key_bits, \c alg) where
+ * \c key_type and \c key_bits are the type and
+ * bit-size of the key, and \c alg is the
+ * algorithm that were used in the call to
+ * psa_aead_encrypt_setup().
+ * - #PSA_AEAD_TAG_MAX_SIZE evaluates to the
+ * maximum tag size of any supported AEAD
+ * algorithm.
* \param[out] tag_length On success, the number of bytes
* that make up the returned tag.
*
@@ -2660,11 +2650,11 @@
* operation with a nonce set).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p ciphertext or \p tag buffer is too small.
- * You can determine a sufficient buffer size for \p ciphertext by
- * calling #PSA_AEAD_FINISH_OUTPUT_SIZE(\c alg)
- * where \c alg is the algorithm that is being calculated.
- * You can determine a sufficient buffer size for \p tag by
- * calling #PSA_AEAD_TAG_LENGTH(\c alg).
+ * #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type, \c alg) or
+ * #PSA_AEAD_FINISH_OUTPUT_MAX_SIZE can be used to determine the
+ * required \p ciphertext buffer size. #PSA_AEAD_TAG_LENGTH(\c key_type,
+ * \c key_bits, \c alg) or #PSA_AEAD_TAG_MAX_SIZE can be used to
+ * determine the required \p tag buffer size.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The total length of input to psa_aead_update_ad() so far is
* less than the additional data length that was previously
@@ -2723,10 +2713,15 @@
* that could not be processed until the end
* of the input.
* \param plaintext_size Size of the \p plaintext buffer in bytes.
- * This must be at least
- * #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c alg) where
- * \c alg is the algorithm that is being
- * calculated.
+ * This must be appropriate for the selected algorithm and key:
+ * - A sufficient output size is
+ * #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type,
+ * \c alg) where \c key_type is the type of key
+ * and \c alg is the algorithm that were used to
+ * set up the operation.
+ * - #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE evaluates to
+ * the maximum output size of any supported AEAD
+ * algorithm.
* \param[out] plaintext_length On success, the number of bytes of
* returned plaintext.
* \param[in] tag Buffer containing the authentication tag.
@@ -2742,9 +2737,9 @@
* operation with a nonce set).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p plaintext buffer is too small.
- * You can determine a sufficient buffer size for \p plaintext by
- * calling #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c alg)
- * where \c alg is the algorithm that is being calculated.
+ * #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type, \c alg) or
+ * #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE can be used to determine the
+ * required buffer size.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The total length of input to psa_aead_update_ad() so far is
* less than the additional data length that was previously
@@ -2804,11 +2799,129 @@
*/
/**
+ * \brief Sign a message with a private key. For hash-and-sign algorithms,
+ * this includes the hashing step.
+ *
+ * \note To perform a multi-part hash-and-sign signature algorithm, first use
+ * a multi-part hash operation and then pass the resulting hash to
+ * psa_sign_hash(). PSA_ALG_GET_HASH(\p alg) can be used to determine the
+ * hash algorithm to use.
+ *
+ * \param[in] key Identifier of the key to use for the operation.
+ * It must be an asymmetric key pair. The key must
+ * allow the usage #PSA_KEY_USAGE_SIGN_MESSAGE.
+ * \param[in] alg An asymmetric signature algorithm (PSA_ALG_XXX
+ * value such that #PSA_ALG_IS_SIGN_MESSAGE(\p alg)
+ * is true), that is compatible with the type of
+ * \p key.
+ * \param[in] input The input message to sign.
+ * \param[in] input_length Size of the \p input buffer in bytes.
+ * \param[out] signature Buffer where the signature is to be written.
+ * \param[in] signature_size Size of the \p signature buffer in bytes. This
+ * must be appropriate for the selected
+ * algorithm and key:
+ * - The required signature size is
+ * #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+ * where \c key_type and \c key_bits are the type and
+ * bit-size respectively of key.
+ * - #PSA_SIGNATURE_MAX_SIZE evaluates to the
+ * maximum signature size of any supported
+ * signature algorithm.
+ * \param[out] signature_length On success, the number of bytes that make up
+ * the returned signature value.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * The key does not have the #PSA_KEY_USAGE_SIGN_MESSAGE flag,
+ * or it does not permit the requested algorithm.
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p signature buffer is too small. You can
+ * determine a sufficient buffer size by calling
+ * #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+ * where \c key_type and \c key_bits are the type and bit-size
+ * respectively of \p key.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_DATA_CORRUPT
+ * \retval #PSA_ERROR_DATA_INVALID
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_sign_message( psa_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t * input,
+ size_t input_length,
+ uint8_t * signature,
+ size_t signature_size,
+ size_t * signature_length );
+
+/** \brief Verify the signature of a message with a public key, using
+ * a hash-and-sign verification algorithm.
+ *
+ * \note To perform a multi-part hash-and-sign signature verification
+ * algorithm, first use a multi-part hash operation to hash the message
+ * and then pass the resulting hash to psa_verify_hash().
+ * PSA_ALG_GET_HASH(\p alg) can be used to determine the hash algorithm
+ * to use.
+ *
+ * \param[in] key Identifier of the key to use for the operation.
+ * It must be a public key or an asymmetric key
+ * pair. The key must allow the usage
+ * #PSA_KEY_USAGE_VERIFY_MESSAGE.
+ * \param[in] alg An asymmetric signature algorithm (PSA_ALG_XXX
+ * value such that #PSA_ALG_IS_SIGN_MESSAGE(\p alg)
+ * is true), that is compatible with the type of
+ * \p key.
+ * \param[in] input The message whose signature is to be verified.
+ * \param[in] input_length Size of the \p input buffer in bytes.
+ * \param[out] signature Buffer containing the signature to verify.
+ * \param[in] signature_length Size of the \p signature buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * The key does not have the #PSA_KEY_USAGE_SIGN_MESSAGE flag,
+ * or it does not permit the requested algorithm.
+ * \retval #PSA_ERROR_INVALID_SIGNATURE
+ * The calculation was performed successfully, but the passed signature
+ * is not a valid signature.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_DATA_CORRUPT
+ * \retval #PSA_ERROR_DATA_INVALID
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_verify_message( psa_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t * input,
+ size_t input_length,
+ const uint8_t * signature,
+ size_t signature_length );
+
+/**
* \brief Sign a hash or short message with a private key.
*
* Note that to perform a hash-and-sign signature algorithm, you must
* first calculate the hash by calling psa_hash_setup(), psa_hash_update()
- * and psa_hash_finish(). Then pass the resulting hash as the \p hash
+ * and psa_hash_finish(), or alternatively by calling psa_hash_compute().
+ * Then pass the resulting hash as the \p hash
* parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg)
* to determine the hash algorithm to use.
*
@@ -2855,11 +2968,12 @@
size_t *signature_length);
/**
- * \brief Verify the signature a hash or short message using a public key.
+ * \brief Verify the signature of a hash or short message using a public key.
*
* Note that to perform a hash-and-sign signature algorithm, you must
* first calculate the hash by calling psa_hash_setup(), psa_hash_update()
- * and psa_hash_finish(). Then pass the resulting hash as the \p hash
+ * and psa_hash_finish(), or alternatively by calling psa_hash_compute().
+ * Then pass the resulting hash as the \p hash
* parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg)
* to determine the hash algorithm to use.
*
@@ -3055,23 +3169,11 @@
* \endcode
*
* This is an implementation-defined \c struct. Applications should not
- * make any assumptions about the content of this structure except
- * as directed by the documentation of a specific implementation.
+ * make any assumptions about the content of this structure.
+ * Implementation details can change in future versions without notice.
*/
typedef struct psa_key_derivation_s psa_key_derivation_operation_t;
-/** \def PSA_KEY_DERIVATION_OPERATION_INIT
- *
- * This macro returns a suitable initializer for a key derivation operation
- * object of type #psa_key_derivation_operation_t.
- */
-#ifdef __DOXYGEN_ONLY__
-/* This is an example definition for documentation purposes.
- * Implementations should define a suitable value in `crypto_struct.h`.
- */
-#define PSA_KEY_DERIVATION_OPERATION_INIT {0}
-#endif
-
/** Return an initial value for a key derivation operation object.
*/
static psa_key_derivation_operation_t psa_key_derivation_operation_init(void);
@@ -3249,6 +3351,50 @@
const uint8_t *data,
size_t data_length);
+/** Provide a numeric input for key derivation or key agreement.
+ *
+ * Which inputs are required and in what order depends on the algorithm.
+ * However, when an algorithm requires a particular order, numeric inputs
+ * usually come first as they tend to be configuration parameters.
+ * Refer to the documentation of each key derivation or key agreement
+ * algorithm for information.
+ *
+ * This function is used for inputs which are fixed-size non-negative
+ * integers.
+ *
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling psa_key_derivation_abort().
+ *
+ * \param[in,out] operation The key derivation operation object to use.
+ * It must have been set up with
+ * psa_key_derivation_setup() and must not
+ * have produced any output yet.
+ * \param step Which step the input data is for.
+ * \param[in] value The value of the numeric input.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \c step is not compatible with the operation's algorithm.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \c step does not allow numeric inputs.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid for this input \p step.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_key_derivation_input_integer(
+ psa_key_derivation_operation_t *operation,
+ psa_key_derivation_step_t step,
+ uint64_t value);
+
/** Provide an input for key derivation in the form of a key.
*
* Which inputs are required and in what order depends on the algorithm.
@@ -3273,12 +3419,29 @@
* \param step Which step the input data is for.
* \param key Identifier of the key. It must have an
* appropriate type for step and must allow the
- * usage #PSA_KEY_USAGE_DERIVE.
+ * usage #PSA_KEY_USAGE_DERIVE or
+ * #PSA_KEY_USAGE_VERIFY_DERIVATION (see note)
+ * and the algorithm used by the operation.
+ *
+ * \note Once all inputs steps are completed, the operations will allow:
+ * - psa_key_derivation_output_bytes() if each input was either a direct input
+ * or a key with #PSA_KEY_USAGE_DERIVE set;
+ * - psa_key_derivation_output_key() if the input for step
+ * #PSA_KEY_DERIVATION_INPUT_SECRET or #PSA_KEY_DERIVATION_INPUT_PASSWORD
+ * was from a key slot with #PSA_KEY_USAGE_DERIVE and each other input was
+ * either a direct input or a key with #PSA_KEY_USAGE_DERIVE set;
+ * - psa_key_derivation_verify_bytes() if each input was either a direct input
+ * or a key with #PSA_KEY_USAGE_VERIFY_DERIVATION set;
+ * - psa_key_derivation_verify_key() under the same conditions as
+ * psa_key_derivation_verify_bytes().
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_NOT_PERMITTED
+ * The key allows neither #PSA_KEY_USAGE_DERIVE nor
+ * #PSA_KEY_USAGE_VERIFY_DERIVATION, or it doesn't allow this
+ * algorithm.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \c step is not compatible with the operation's algorithm.
* \retval #PSA_ERROR_INVALID_ARGUMENT
@@ -3391,6 +3554,9 @@
* \param output_length Number of bytes to output.
*
* \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * One of the inputs was a key whose policy didn't allow
+ * #PSA_KEY_USAGE_DERIVE.
* \retval #PSA_ERROR_INSUFFICIENT_DATA
* The operation's capacity was less than
* \p output_length bytes. Note that in this case,
@@ -3433,7 +3599,8 @@
* state and must be aborted by calling psa_key_derivation_abort().
*
* How much output is produced and consumed from the operation, and how
- * the key is derived, depends on the key type:
+ * the key is derived, depends on the key type and on the key size
+ * (denoted \c bits below):
*
* - For key types for which the key is an arbitrary sequence of bytes
* of a given size, this function is functionally equivalent to
@@ -3443,14 +3610,14 @@
* if the implementation provides an isolation boundary then
* the key material is not exposed outside the isolation boundary.
* As a consequence, for these key types, this function always consumes
- * exactly (\p bits / 8) bytes from the operation.
+ * exactly (\c bits / 8) bytes from the operation.
* The following key types defined in this specification follow this scheme:
*
* - #PSA_KEY_TYPE_AES;
- * - #PSA_KEY_TYPE_ARC4;
* - #PSA_KEY_TYPE_CAMELLIA;
* - #PSA_KEY_TYPE_DERIVE;
- * - #PSA_KEY_TYPE_HMAC.
+ * - #PSA_KEY_TYPE_HMAC;
+ * - #PSA_KEY_TYPE_PASSWORD_HASH.
*
* - For ECC keys on a Montgomery elliptic curve
* (#PSA_KEY_TYPE_ECC_KEY_PAIR(\c curve) where \c curve designates a
@@ -3464,8 +3631,8 @@
* string and process it as specified in RFC 7748 §5.
*
* - For key types for which the key is represented by a single sequence of
- * \p bits bits with constraints as to which bit sequences are acceptable,
- * this function draws a byte string of length (\p bits / 8) bytes rounded
+ * \c bits bits with constraints as to which bit sequences are acceptable,
+ * this function draws a byte string of length (\c bits / 8) bytes rounded
* up to the nearest whole number of bytes. If the resulting byte string
* is acceptable, it becomes the key, otherwise the drawn bytes are discarded.
* This process is repeated until an acceptable byte string is drawn.
@@ -3512,6 +3679,10 @@
* on the derived key based on the attributes and strength of the secret key.
*
* \param[in] attributes The attributes for the new key.
+ * If the key type to be created is
+ * #PSA_KEY_TYPE_PASSWORD_HASH then the algorithm in
+ * the policy must be the same as in the current
+ * operation.
* \param[in,out] operation The key derivation operation object to read from.
* \param[out] key On success, an identifier for the newly created
* key. For persistent keys, this is the key
@@ -3536,8 +3707,10 @@
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The provided key attributes are not valid for the operation.
* \retval #PSA_ERROR_NOT_PERMITTED
- * The #PSA_KEY_DERIVATION_INPUT_SECRET input was not provided through
- * a key.
+ * The #PSA_KEY_DERIVATION_INPUT_SECRET or
+ * #PSA_KEY_DERIVATION_INPUT_PASSWORD input was not provided through a
+ * key; or one of the inputs was a key whose policy didn't allow
+ * #PSA_KEY_USAGE_DERIVE.
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be active and completed
* all required input steps).
@@ -3559,6 +3732,129 @@
psa_key_derivation_operation_t *operation,
psa_key_id_t *key);
+/** Compare output data from a key derivation operation to an expected value.
+ *
+ * This function calculates output bytes from a key derivation algorithm and
+ * compares those bytes to an expected value in constant time.
+ * If you view the key derivation's output as a stream of bytes, this
+ * function destructively reads the expected number of bytes from the
+ * stream before comparing them.
+ * The operation's capacity decreases by the number of bytes read.
+ *
+ * This is functionally equivalent to the following code:
+ * \code
+ * psa_key_derivation_output_bytes(operation, tmp, output_length);
+ * if (memcmp(output, tmp, output_length) != 0)
+ * return PSA_ERROR_INVALID_SIGNATURE;
+ * \endcode
+ * except (1) it works even if the key's policy does not allow outputting the
+ * bytes, and (2) the comparison will be done in constant time.
+ *
+ * If this function returns an error status other than
+ * #PSA_ERROR_INSUFFICIENT_DATA or #PSA_ERROR_INVALID_SIGNATURE,
+ * the operation enters an error state and must be aborted by calling
+ * psa_key_derivation_abort().
+ *
+ * \param[in,out] operation The key derivation operation object to read from.
+ * \param[in] expected_output Buffer containing the expected derivation output.
+ * \param output_length Length ot the expected output; this is also the
+ * number of bytes that will be read.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INVALID_SIGNATURE
+ * The output was read successfully, but it differs from the expected
+ * output.
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * One of the inputs was a key whose policy didn't allow
+ * #PSA_KEY_USAGE_VERIFY_DERIVATION.
+ * \retval #PSA_ERROR_INSUFFICIENT_DATA
+ * The operation's capacity was less than
+ * \p output_length bytes. Note that in this case,
+ * the operation's capacity is set to 0, thus
+ * subsequent calls to this function will not
+ * succeed, even with a smaller expected output.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (it must be active and completed
+ * all required input steps).
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_key_derivation_verify_bytes(
+ psa_key_derivation_operation_t *operation,
+ const uint8_t *expected_output,
+ size_t output_length);
+
+/** Compare output data from a key derivation operation to an expected value
+ * stored in a key object.
+ *
+ * This function calculates output bytes from a key derivation algorithm and
+ * compares those bytes to an expected value, provided as key of type
+ * #PSA_KEY_TYPE_PASSWORD_HASH.
+ * If you view the key derivation's output as a stream of bytes, this
+ * function destructively reads the number of bytes corresponding the the
+ * length of the expected value from the stream before comparing them.
+ * The operation's capacity decreases by the number of bytes read.
+ *
+ * This is functionally equivalent to exporting the key and calling
+ * psa_key_derivation_verify_bytes() on the result, except that it
+ * works even if the key cannot be exported.
+ *
+ * If this function returns an error status other than
+ * #PSA_ERROR_INSUFFICIENT_DATA or #PSA_ERROR_INVALID_SIGNATURE,
+ * the operation enters an error state and must be aborted by calling
+ * psa_key_derivation_abort().
+ *
+ * \param[in,out] operation The key derivation operation object to read from.
+ * \param[in] expected A key of type #PSA_KEY_TYPE_PASSWORD_HASH
+ * containing the expected output. Its policy must
+ * include the #PSA_KEY_USAGE_VERIFY_DERIVATION flag
+ * and the permitted algorithm must match the
+ * operation. The value of this key was likely
+ * computed by a previous call to
+ * psa_key_derivation_output_key().
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INVALID_SIGNATURE
+ * The output was read successfully, but if differs from the expected
+ * output.
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * The key passed as the expected value does not exist.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The key passed as the expected value has an invalid type.
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * The key passed as the expected value does not allow this usage or
+ * this algorithm; or one of the inputs was a key whose policy didn't
+ * allow #PSA_KEY_USAGE_VERIFY_DERIVATION.
+ * \retval #PSA_ERROR_INSUFFICIENT_DATA
+ * The operation's capacity was less than
+ * the length of the expected value. In this case,
+ * the operation's capacity is set to 0, thus
+ * subsequent calls to this function will not
+ * succeed, even with a smaller expected output.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (it must be active and completed
+ * all required input steps).
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_key_derivation_verify_key(
+ psa_key_derivation_operation_t *operation,
+ psa_key_id_t expected);
+
/** Abort a key derivation operation.
*
* Aborting an operation frees all associated resources except for the \c
diff --git a/interface/include/psa/crypto_compat.h b/interface/include/psa/crypto_compat.h
index 17dcee2..9a7de89 100644
--- a/interface/include/psa/crypto_compat.h
+++ b/interface/include/psa/crypto_compat.h
@@ -43,217 +43,6 @@
return(handle == 0);
}
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-
-/*
- * Mechanism for declaring deprecated values
- */
-#if defined(MBEDTLS_DEPRECATED_WARNING) && !defined(MBEDTLS_PSA_DEPRECATED)
-#define MBEDTLS_PSA_DEPRECATED __attribute__((deprecated))
-#else
-#define MBEDTLS_PSA_DEPRECATED
-#endif
-
-typedef MBEDTLS_PSA_DEPRECATED size_t mbedtls_deprecated_size_t;
-typedef MBEDTLS_PSA_DEPRECATED psa_status_t mbedtls_deprecated_psa_status_t;
-typedef MBEDTLS_PSA_DEPRECATED psa_key_usage_t mbedtls_deprecated_psa_key_usage_t;
-typedef MBEDTLS_PSA_DEPRECATED psa_ecc_family_t mbedtls_deprecated_psa_ecc_family_t;
-typedef MBEDTLS_PSA_DEPRECATED psa_dh_family_t mbedtls_deprecated_psa_dh_family_t;
-typedef MBEDTLS_PSA_DEPRECATED psa_ecc_family_t psa_ecc_curve_t;
-typedef MBEDTLS_PSA_DEPRECATED psa_dh_family_t psa_dh_group_t;
-typedef MBEDTLS_PSA_DEPRECATED psa_algorithm_t mbedtls_deprecated_psa_algorithm_t;
-
-#define PSA_KEY_TYPE_GET_CURVE PSA_KEY_TYPE_ECC_GET_FAMILY
-#define PSA_KEY_TYPE_GET_GROUP PSA_KEY_TYPE_DH_GET_FAMILY
-
-#define MBEDTLS_DEPRECATED_CONSTANT( type, value ) \
- ( (mbedtls_deprecated_##type) ( value ) )
-
-/*
- * Deprecated PSA Crypto error code definitions (PSA Crypto API <= 1.0 beta2)
- */
-#define PSA_ERROR_UNKNOWN_ERROR \
- MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_GENERIC_ERROR )
-#define PSA_ERROR_OCCUPIED_SLOT \
- MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_ALREADY_EXISTS )
-#define PSA_ERROR_EMPTY_SLOT \
- MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_DOES_NOT_EXIST )
-#define PSA_ERROR_INSUFFICIENT_CAPACITY \
- MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_INSUFFICIENT_DATA )
-#define PSA_ERROR_TAMPERING_DETECTED \
- MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_CORRUPTION_DETECTED )
-
-/*
- * Deprecated PSA Crypto numerical encodings (PSA Crypto API <= 1.0 beta3)
- */
-#define PSA_KEY_USAGE_SIGN \
- MBEDTLS_DEPRECATED_CONSTANT( psa_key_usage_t, PSA_KEY_USAGE_SIGN_HASH )
-#define PSA_KEY_USAGE_VERIFY \
- MBEDTLS_DEPRECATED_CONSTANT( psa_key_usage_t, PSA_KEY_USAGE_VERIFY_HASH )
-
-/*
- * Deprecated PSA Crypto size calculation macros (PSA Crypto API <= 1.0 beta3)
- */
-#define PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE \
- MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_SIGNATURE_MAX_SIZE )
-#define PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( key_type, key_bits, alg ) \
- MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg ) )
-#define PSA_KEY_EXPORT_MAX_SIZE( key_type, key_bits ) \
- MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_EXPORT_KEY_OUTPUT_SIZE( key_type, key_bits ) )
-#define PSA_BLOCK_CIPHER_BLOCK_SIZE( type ) \
- MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_BLOCK_CIPHER_BLOCK_LENGTH( type ) )
-#define PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE \
- MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE )
-#define PSA_HASH_SIZE( alg ) \
- MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_HASH_LENGTH( alg ) )
-#define PSA_MAC_FINAL_SIZE( key_type, key_bits, alg ) \
- MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_MAC_LENGTH( key_type, key_bits, alg ) )
-#define PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN \
- MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE )
-/*
- * Deprecated PSA Crypto function names (PSA Crypto API <= 1.0 beta3)
- */
-MBEDTLS_PSA_DEPRECATED psa_status_t psa_asymmetric_sign( psa_key_handle_t key,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- uint8_t *signature,
- size_t signature_size,
- size_t *signature_length );
-
-MBEDTLS_PSA_DEPRECATED psa_status_t psa_asymmetric_verify( psa_key_handle_t key,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- const uint8_t *signature,
- size_t signature_length );
-
-
-/*
- * Size-specific elliptic curve families.
- */
-#define PSA_ECC_CURVE_SECP160K1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1 )
-#define PSA_ECC_CURVE_SECP192K1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1 )
-#define PSA_ECC_CURVE_SECP224K1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1 )
-#define PSA_ECC_CURVE_SECP256K1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1 )
-#define PSA_ECC_CURVE_SECP160R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 )
-#define PSA_ECC_CURVE_SECP192R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 )
-#define PSA_ECC_CURVE_SECP224R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 )
-#define PSA_ECC_CURVE_SECP256R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 )
-#define PSA_ECC_CURVE_SECP384R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 )
-#define PSA_ECC_CURVE_SECP521R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 )
-#define PSA_ECC_CURVE_SECP160R2 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R2 )
-#define PSA_ECC_CURVE_SECT163K1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 )
-#define PSA_ECC_CURVE_SECT233K1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 )
-#define PSA_ECC_CURVE_SECT239K1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 )
-#define PSA_ECC_CURVE_SECT283K1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 )
-#define PSA_ECC_CURVE_SECT409K1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 )
-#define PSA_ECC_CURVE_SECT571K1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 )
-#define PSA_ECC_CURVE_SECT163R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 )
-#define PSA_ECC_CURVE_SECT193R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 )
-#define PSA_ECC_CURVE_SECT233R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 )
-#define PSA_ECC_CURVE_SECT283R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 )
-#define PSA_ECC_CURVE_SECT409R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 )
-#define PSA_ECC_CURVE_SECT571R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 )
-#define PSA_ECC_CURVE_SECT163R2 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R2 )
-#define PSA_ECC_CURVE_SECT193R2 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R2 )
-#define PSA_ECC_CURVE_BRAINPOOL_P256R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_BRAINPOOL_P_R1 )
-#define PSA_ECC_CURVE_BRAINPOOL_P384R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_BRAINPOOL_P_R1 )
-#define PSA_ECC_CURVE_BRAINPOOL_P512R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_BRAINPOOL_P_R1 )
-#define PSA_ECC_CURVE_CURVE25519 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_MONTGOMERY )
-#define PSA_ECC_CURVE_CURVE448 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_MONTGOMERY )
-
-/*
- * Curves that changed name due to PSA specification.
- */
-#define PSA_ECC_CURVE_SECP_K1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1 )
-#define PSA_ECC_CURVE_SECP_R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 )
-#define PSA_ECC_CURVE_SECP_R2 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R2 )
-#define PSA_ECC_CURVE_SECT_K1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 )
-#define PSA_ECC_CURVE_SECT_R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 )
-#define PSA_ECC_CURVE_SECT_R2 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R2 )
-#define PSA_ECC_CURVE_BRAINPOOL_P_R1 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_BRAINPOOL_P_R1 )
-#define PSA_ECC_CURVE_MONTGOMERY \
- MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_MONTGOMERY )
-
-/*
- * Finite-field Diffie-Hellman families.
- */
-#define PSA_DH_GROUP_FFDHE2048 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 )
-#define PSA_DH_GROUP_FFDHE3072 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 )
-#define PSA_DH_GROUP_FFDHE4096 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 )
-#define PSA_DH_GROUP_FFDHE6144 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 )
-#define PSA_DH_GROUP_FFDHE8192 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 )
-
-/*
- * Diffie-Hellman families that changed name due to PSA specification.
- */
-#define PSA_DH_GROUP_RFC7919 \
- MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 )
-#define PSA_DH_GROUP_CUSTOM \
- MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_CUSTOM )
-
-/*
- * Deprecated PSA Crypto stream cipher algorithms (PSA Crypto API <= 1.0 beta3)
- */
-#define PSA_ALG_ARC4 \
- MBEDTLS_DEPRECATED_CONSTANT(psa_algorithm_t, PSA_ALG_STREAM_CIPHER)
-#define PSA_ALG_CHACHA20 \
- MBEDTLS_DEPRECATED_CONSTANT(psa_algorithm_t, PSA_ALG_STREAM_CIPHER)
-
-/*
- * Renamed AEAD tag length macros (PSA Crypto API <= 1.0 beta3)
- */
-#define PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH( aead_alg ) \
- MBEDTLS_DEPRECATED_CONSTANT( psa_algorithm_t, PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( aead_alg ) )
-#define PSA_ALG_AEAD_WITH_TAG_LENGTH( aead_alg, tag_length ) \
- MBEDTLS_DEPRECATED_CONSTANT( psa_algorithm_t, PSA_ALG_AEAD_WITH_SHORTENED_TAG( aead_alg, tag_length ) )
-
-
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-
/** Open a handle to an existing persistent key.
*
* Open a handle to a persistent key. A key is persistent if it was created
diff --git a/interface/include/psa/crypto_sizes.h b/interface/include/psa/crypto_sizes.h
index 0608d71..1e282e2 100644
--- a/interface/include/psa/crypto_sizes.h
+++ b/interface/include/psa/crypto_sizes.h
@@ -50,8 +50,6 @@
*/
#define PSA_HASH_LENGTH(alg) \
( \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD2 ? 16 : \
- PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD4 ? 16 : \
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16 : \
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20 : \
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20 : \
@@ -77,8 +75,13 @@
/* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226,
* 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for
* HMAC-SHA3-512. */
+#if defined(MBEDTLS_SHA512_C)
#define PSA_HASH_MAX_SIZE 64
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
+#else
+#define PSA_HASH_MAX_SIZE 32
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
+#endif
/** \def PSA_MAC_MAX_SIZE
*
@@ -94,26 +97,35 @@
*/
#define PSA_MAC_MAX_SIZE PSA_HASH_MAX_SIZE
-/** The tag size for an AEAD algorithm, in bytes.
+/** The length of a tag for an AEAD algorithm, in bytes.
*
+ * This macro can be used to allocate a buffer of sufficient size to store the
+ * tag output from psa_aead_finish().
+ *
+ * See also #PSA_AEAD_TAG_MAX_SIZE.
+ *
+ * \param key_type The type of the AEAD key.
+ * \param key_bits The size of the AEAD key in bits.
* \param alg An AEAD algorithm
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_AEAD(\p alg) is true).
*
- * \return The tag size for the specified algorithm.
+ * \return The tag length for the specified algorithm and key.
* If the AEAD algorithm does not have an identified
* tag that can be distinguished from the rest of
* the ciphertext, return 0.
- * If the AEAD algorithm is not recognized, return 0.
+ * If the key type or AEAD algorithm is not
+ * recognized, or the parameters are incompatible,
+ * return 0.
*/
-#define PSA_AEAD_TAG_LENGTH(alg) \
- (PSA_ALG_IS_AEAD(alg) ? \
- (((alg) & PSA_ALG_AEAD_TAG_LENGTH_MASK) >> PSA_AEAD_TAG_LENGTH_OFFSET) : \
- 0)
+#define PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg) \
+ (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
+ PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
+ ((void) (key_bits), 0))
/** The maximum tag size for all supported AEAD algorithms, in bytes.
*
- * See also #PSA_AEAD_TAG_LENGTH(\p alg).
+ * See also #PSA_AEAD_TAG_LENGTH(\p key_type, \p key_bits, \p alg).
*/
#define PSA_AEAD_TAG_MAX_SIZE 16
@@ -137,7 +149,7 @@
/** This macro returns the maximum supported length of the PSK for the
* TLS-1.2 PSK-to-MS key derivation
- * (#PSA_ALG_TLS12_PSK_TO_MS(\p hash_alg)).
+ * (#PSA_ALG_TLS12_PSK_TO_MS(\c hash_alg)).
*
* The maximum supported length does not depend on the chosen hash algorithm.
*
@@ -155,7 +167,6 @@
/** The maximum size of a block cipher. */
#define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16
-
/** The size of the output of psa_mac_sign_finish(), in bytes.
*
* This is also the MAC size that psa_mac_verify_finish() expects.
@@ -190,10 +201,14 @@
* insufficient buffer size. Depending on the algorithm, the actual size of
* the ciphertext may be smaller.
*
+ * See also #PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(\p plaintext_length).
+ *
* \warning This macro may evaluate its arguments multiple times or
* zero times, so you should not pass arguments that contain
* side effects.
*
+ * \param key_type A symmetric key type that is
+ * compatible with algorithm \p alg.
* \param alg An AEAD algorithm
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_AEAD(\p alg) is true).
@@ -201,11 +216,13 @@
*
* \return The AEAD ciphertext size for the specified
* algorithm.
- * If the AEAD algorithm is not recognized, return 0.
+ * If the key type or AEAD algorithm is not
+ * recognized, or the parameters are incompatible,
+ * return 0.
*/
-#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(alg, plaintext_length) \
- (PSA_AEAD_TAG_LENGTH(alg) != 0 ? \
- (plaintext_length) + PSA_AEAD_TAG_LENGTH(alg) : \
+#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, plaintext_length) \
+ (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
+ (plaintext_length) + PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
0)
/** A sufficient output buffer size for psa_aead_encrypt(), for any of the
@@ -217,7 +234,8 @@
* \note This macro returns a compile-time constant if its arguments are
* compile-time constants.
*
- * See also #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\p alg, \p plaintext_length).
+ * See also #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\p key_type, \p alg,
+ * \p plaintext_length).
*
* \param plaintext_length Size of the plaintext in bytes.
*
@@ -236,10 +254,14 @@
* insufficient buffer size. Depending on the algorithm, the actual size of
* the plaintext may be smaller.
*
+ * See also #PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(\p ciphertext_length).
+ *
* \warning This macro may evaluate its arguments multiple times or
* zero times, so you should not pass arguments that contain
* side effects.
*
+ * \param key_type A symmetric key type that is
+ * compatible with algorithm \p alg.
* \param alg An AEAD algorithm
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_AEAD(\p alg) is true).
@@ -247,11 +269,14 @@
*
* \return The AEAD ciphertext size for the specified
* algorithm.
- * If the AEAD algorithm is not recognized, return 0.
+ * If the key type or AEAD algorithm is not
+ * recognized, or the parameters are incompatible,
+ * return 0.
*/
-#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length) \
- (PSA_AEAD_TAG_LENGTH(alg) != 0 ? \
- (ciphertext_length) - PSA_AEAD_TAG_LENGTH(alg) : \
+#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(key_type, alg, ciphertext_length) \
+ (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
+ (ciphertext_length) > PSA_ALG_AEAD_GET_TAG_LENGTH(alg) ? \
+ (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
0)
/** A sufficient output buffer size for psa_aead_decrypt(), for any of the
@@ -263,7 +288,8 @@
* \note This macro returns a compile-time constant if its arguments are
* compile-time constants.
*
- * See also #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\p alg, \p ciphertext_length).
+ * See also #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\p key_type, \p alg,
+ * \p ciphertext_length).
*
* \param ciphertext_length Size of the ciphertext in bytes.
*
@@ -300,11 +326,12 @@
* or the parameters are incompatible, return 0.
*/
#define PSA_AEAD_NONCE_LENGTH(key_type, alg) \
- (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) == 16 && \
- (PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_CCM || \
- PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_GCM) ? 12 : \
+ (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) == 16 ? \
+ MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CCM) ? 13 : \
+ MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_GCM) ? 12 : \
+ 0 : \
(key_type) == PSA_KEY_TYPE_CHACHA20 && \
- PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_CHACHA20_POLY1305 ? 12 : \
+ MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CHACHA20_POLY1305) ? 12 : \
0)
/** The maximum default nonce size among all supported pairs of key types and
@@ -318,7 +345,7 @@
* just the largest size that may be generated by
* #psa_aead_generate_nonce().
*/
-#define PSA_AEAD_NONCE_MAX_SIZE 12
+#define PSA_AEAD_NONCE_MAX_SIZE 13
/** A sufficient output buffer size for psa_aead_update().
*
@@ -327,10 +354,14 @@
* insufficient buffer size. The actual size of the output may be smaller
* in any given call.
*
+ * See also #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p input_length).
+ *
* \warning This macro may evaluate its arguments multiple times or
* zero times, so you should not pass arguments that contain
* side effects.
*
+ * \param key_type A symmetric key type that is
+ * compatible with algorithm \p alg.
* \param alg An AEAD algorithm
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_AEAD(\p alg) is true).
@@ -338,16 +369,20 @@
*
* \return A sufficient output buffer size for the specified
* algorithm.
- * If the AEAD algorithm is not recognized, return 0.
+ * If the key type or AEAD algorithm is not
+ * recognized, or the parameters are incompatible,
+ * return 0.
*/
/* For all the AEAD modes defined in this specification, it is possible
* to emit output without delay. However, hardware may not always be
* capable of this. So for modes based on a block cipher, allow the
* implementation to delay the output until it has a full block. */
-#define PSA_AEAD_UPDATE_OUTPUT_SIZE(alg, input_length) \
- (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
- PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length)) : \
- (input_length))
+#define PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
+ (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
+ PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
+ PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), (input_length)) : \
+ (input_length) : \
+ 0)
/** A sufficient output buffer size for psa_aead_update(), for any of the
* supported key types and AEAD algorithms.
@@ -355,7 +390,7 @@
* If the size of the output buffer is at least this large, it is guaranteed
* that psa_aead_update() will not fail due to an insufficient buffer size.
*
- * See also #PSA_AEAD_UPDATE_OUTPUT_SIZE(\p alg, \p input_length).
+ * See also #PSA_AEAD_UPDATE_OUTPUT_SIZE(\p key_type, \p alg, \p input_length).
*
* \param input_length Size of the input in bytes.
*/
@@ -369,23 +404,30 @@
* insufficient ciphertext buffer size. The actual size of the output may
* be smaller in any given call.
*
+ * See also #PSA_AEAD_FINISH_OUTPUT_MAX_SIZE.
+ *
+ * \param key_type A symmetric key type that is
+ compatible with algorithm \p alg.
* \param alg An AEAD algorithm
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_AEAD(\p alg) is true).
*
* \return A sufficient ciphertext buffer size for the
* specified algorithm.
- * If the AEAD algorithm is not recognized, return 0.
+ * If the key type or AEAD algorithm is not
+ * recognized, or the parameters are incompatible,
+ * return 0.
*/
-#define PSA_AEAD_FINISH_OUTPUT_SIZE(alg) \
- (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
- PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE : \
+#define PSA_AEAD_FINISH_OUTPUT_SIZE(key_type, alg) \
+ (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
+ PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
+ PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
0)
/** A sufficient ciphertext buffer size for psa_aead_finish(), for any of the
* supported key types and AEAD algorithms.
*
- * See also #PSA_AEAD_FINISH_OUTPUT_SIZE(\p alg).
+ * See also #PSA_AEAD_FINISH_OUTPUT_SIZE(\p key_type, \p alg).
*/
#define PSA_AEAD_FINISH_OUTPUT_MAX_SIZE (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
@@ -396,23 +438,30 @@
* insufficient plaintext buffer size. The actual size of the output may
* be smaller in any given call.
*
+ * See also #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE.
+ *
+ * \param key_type A symmetric key type that is
+ * compatible with algorithm \p alg.
* \param alg An AEAD algorithm
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_AEAD(\p alg) is true).
*
* \return A sufficient plaintext buffer size for the
* specified algorithm.
- * If the AEAD algorithm is not recognized, return 0.
+ * If the key type or AEAD algorithm is not
+ * recognized, or the parameters are incompatible,
+ * return 0.
*/
-#define PSA_AEAD_VERIFY_OUTPUT_SIZE(alg) \
- (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
- PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE : \
+#define PSA_AEAD_VERIFY_OUTPUT_SIZE(key_type, alg) \
+ (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
+ PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
+ PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
0)
/** A sufficient plaintext buffer size for psa_aead_verify(), for any of the
* supported key types and AEAD algorithms.
*
- * See also #PSA_AEAD_VERIFY_OUTPUT_SIZE(\p alg).
+ * See also #PSA_AEAD_VERIFY_OUTPUT_SIZE(\p key_type, \p alg).
*/
#define PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
diff --git a/interface/include/psa/crypto_values.h b/interface/include/psa/crypto_values.h
index 25c6662..dc8d81a 100644
--- a/interface/include/psa/crypto_values.h
+++ b/interface/include/psa/crypto_values.h
@@ -401,11 +401,55 @@
/** A secret for key derivation.
*
+ * This key type is for high-entropy secrets only. For low-entropy secrets,
+ * #PSA_KEY_TYPE_PASSWORD should be used instead.
+ *
+ * These keys can be used as the #PSA_KEY_DERIVATION_INPUT_SECRET or
+ * #PSA_KEY_DERIVATION_INPUT_PASSWORD input of key derivation algorithms.
+ *
* The key policy determines which key derivation algorithm the key
* can be used for.
*/
#define PSA_KEY_TYPE_DERIVE ((psa_key_type_t)0x1200)
+/** A low-entropy secret for password hashing or key derivation.
+ *
+ * This key type is suitable for passwords and passphrases which are typically
+ * intended to be memorizable by humans, and have a low entropy relative to
+ * their size. It can be used for randomly generated or derived keys with
+ * maximum or near-maximum entropy, but #PSA_KEY_TYPE_DERIVE is more suitable
+ * for such keys. It is not suitable for passwords with extremely low entropy,
+ * such as numerical PINs.
+ *
+ * These keys can be used as the #PSA_KEY_DERIVATION_INPUT_PASSWORD input of
+ * key derivation algorithms. Algorithms that accept such an input were
+ * designed to accept low-entropy secret and are known as password hashing or
+ * key stretching algorithms.
+ *
+ * These keys cannot be used as the #PSA_KEY_DERIVATION_INPUT_SECRET input of
+ * key derivation algorithms, as the algorithms that take such an input expect
+ * it to be high-entropy.
+ *
+ * The key policy determines which key derivation algorithm the key can be
+ * used for, among the permissible subset defined above.
+ */
+#define PSA_KEY_TYPE_PASSWORD ((psa_key_type_t)0x1203)
+
+/** A secret value that can be used to verify a password hash.
+ *
+ * The key policy determines which key derivation algorithm the key
+ * can be used for, among the same permissible subset as for
+ * #PSA_KEY_TYPE_PASSWORD.
+ */
+#define PSA_KEY_TYPE_PASSWORD_HASH ((psa_key_type_t)0x1205)
+
+/** A secret value that can be used in when computing a password hash.
+ *
+ * The key policy determines which key derivation algorithm the key
+ * can be used for, among the subset of algorithms that can use pepper.
+ */
+#define PSA_KEY_TYPE_PEPPER ((psa_key_type_t)0x1206)
+
/** Key for a cipher, AEAD or MAC algorithm based on the AES block cipher.
*
* The size of the key can be 16 bytes (AES-128), 24 bytes (AES-192) or
@@ -415,8 +459,8 @@
/** Key for a cipher or MAC algorithm based on DES or 3DES (Triple-DES).
*
- * The size of the key can be 8 bytes (single DES), 16 bytes (2-key 3DES) or
- * 24 bytes (3-key 3DES).
+ * The size of the key can be 64 bits (single DES), 128 bits (2-key 3DES) or
+ * 192 bits (3-key 3DES).
*
* Note that single DES and 2-key 3DES are weak and strongly
* deprecated and should only be used to decrypt legacy data. 3-key 3DES
@@ -428,12 +472,6 @@
* Camellia block cipher. */
#define PSA_KEY_TYPE_CAMELLIA ((psa_key_type_t)0x2403)
-/** Key for the RC4 stream cipher.
- *
- * Note that RC4 is weak and deprecated and should only be used in
- * legacy protocols. */
-#define PSA_KEY_TYPE_ARC4 ((psa_key_type_t)0x2002)
-
/** Key for the ChaCha20 stream cipher or the Chacha20-Poly1305 AEAD algorithm.
*
* ChaCha20 and the ChaCha20_Poly1305 construction are defined in RFC 7539.
@@ -443,9 +481,15 @@
*/
#define PSA_KEY_TYPE_CHACHA20 ((psa_key_type_t)0x2004)
-/** RSA public key. */
+/** RSA public key.
+ *
+ * The size of an RSA key is the bit size of the modulus.
+ */
#define PSA_KEY_TYPE_RSA_PUBLIC_KEY ((psa_key_type_t)0x4001)
-/** RSA key pair (private and public key). */
+/** RSA key pair (private and public key).
+ *
+ * The size of an RSA key is the bit size of the modulus.
+ */
#define PSA_KEY_TYPE_RSA_KEY_PAIR ((psa_key_type_t)0x7001)
/** Whether a key type is an RSA key (pair or public-only). */
#define PSA_KEY_TYPE_IS_RSA(type) \
@@ -456,6 +500,10 @@
#define PSA_KEY_TYPE_ECC_CURVE_MASK ((psa_key_type_t)0x00ff)
/** Elliptic curve key pair.
*
+ * The size of an elliptic curve key is the bit size associated with the curve,
+ * i.e. the bit size of *q* for a curve over a field *F<sub>q</sub>*.
+ * See the documentation of `PSA_ECC_FAMILY_xxx` curve families for details.
+ *
* \param curve A value of type ::psa_ecc_family_t that
* identifies the ECC curve to be used.
*/
@@ -463,6 +511,10 @@
(PSA_KEY_TYPE_ECC_KEY_PAIR_BASE | (curve))
/** Elliptic curve public key.
*
+ * The size of an elliptic curve public key is the same as the corresponding
+ * private key (see #PSA_KEY_TYPE_ECC_KEY_PAIR and the documentation of
+ * `PSA_ECC_FAMILY_xxx` curve families).
+ *
* \param curve A value of type ::psa_ecc_family_t that
* identifies the ECC curve to be used.
*/
@@ -561,6 +613,22 @@
*/
#define PSA_ECC_FAMILY_MONTGOMERY ((psa_ecc_family_t) 0x41)
+/** The twisted Edwards curves Ed25519 and Ed448.
+ *
+ * These curves are suitable for EdDSA (#PSA_ALG_PURE_EDDSA for both curves,
+ * #PSA_ALG_ED25519PH for the 255-bit curve,
+ * #PSA_ALG_ED448PH for the 448-bit curve).
+ *
+ * This family comprises the following twisted Edwards curves:
+ * - 255-bit: Edwards25519, the twisted Edwards curve birationally equivalent
+ * to Curve25519.
+ * Bernstein et al., _Twisted Edwards curves_, Africacrypt 2008.
+ * - 448-bit: Edwards448, the twisted Edwards curve birationally equivalent
+ * to Curve448.
+ * Hamburg, _Ed448-Goldilocks, a new elliptic curve_, NIST ECC Workshop, 2015.
+ */
+#define PSA_ECC_FAMILY_TWISTED_EDWARDS ((psa_ecc_family_t) 0x42)
+
#define PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE ((psa_key_type_t)0x4200)
#define PSA_KEY_TYPE_DH_KEY_PAIR_BASE ((psa_key_type_t)0x7200)
#define PSA_KEY_TYPE_DH_GROUP_MASK ((psa_key_type_t)0x00ff)
@@ -748,11 +816,25 @@
#define PSA_ALG_IS_KEY_DERIVATION(alg) \
(((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_DERIVATION)
+/** Whether the specified algorithm is a key stretching / password hashing
+ * algorithm.
+ *
+ * A key stretching / password hashing algorithm is a key derivation algorithm
+ * that is suitable for use with a low-entropy secret such as a password.
+ * Equivalently, it's a key derivation algorithm that uses a
+ * #PSA_KEY_DERIVATION_INPUT_PASSWORD input step.
+ *
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return 1 if \p alg is a key stretching / password hashing algorithm, 0
+ * otherwise. This macro may return either 0 or 1 if \p alg is not a
+ * supported algorithm identifier.
+ */
+#define PSA_ALG_IS_KEY_DERIVATION_STRETCHING(alg) \
+ (PSA_ALG_IS_KEY_DERIVATION(alg) && \
+ (alg) & PSA_ALG_KEY_DERIVATION_STRETCHING_FLAG)
+
#define PSA_ALG_HASH_MASK ((psa_algorithm_t)0x000000ff)
-/** MD2 */
-#define PSA_ALG_MD2 ((psa_algorithm_t)0x02000001)
-/** MD4 */
-#define PSA_ALG_MD4 ((psa_algorithm_t)0x02000002)
/** MD5 */
#define PSA_ALG_MD5 ((psa_algorithm_t)0x02000003)
/** PSA_ALG_RIPEMD160 */
@@ -779,6 +861,13 @@
#define PSA_ALG_SHA3_384 ((psa_algorithm_t)0x02000012)
/** SHA3-512 */
#define PSA_ALG_SHA3_512 ((psa_algorithm_t)0x02000013)
+/** The first 512 bits (64 bytes) of the SHAKE256 output.
+ *
+ * This is the prehashing for Ed448ph (see #PSA_ALG_ED448PH). For other
+ * scenarios where a hash function based on SHA3/SHAKE is desired, SHA3-512
+ * has the same output size and a (theoretically) higher security strength.
+ */
+#define PSA_ALG_SHAKE256_512 ((psa_algorithm_t)0x02000015)
/** In a hash-and-sign algorithm policy, allow any hash algorithm.
*
@@ -884,7 +973,7 @@
* for policy comparison purposes.
*
* \param mac_alg A MAC algorithm identifier (value of type
- * #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p alg)
+ * #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p mac_alg)
* is true). This may be a truncated or untruncated
* MAC algorithm.
* \param mac_length Desired length of the truncated MAC in bytes.
@@ -895,7 +984,7 @@
*
* \return The corresponding MAC algorithm with the specified
* length.
- * \return Unspecified if \p alg is not a supported
+ * \return Unspecified if \p mac_alg is not a supported
* MAC algorithm or if \p mac_length is too small or
* too large for the specified MAC algorithm.
*/
@@ -908,12 +997,12 @@
* MAC algorithm.
*
* \param mac_alg A MAC algorithm identifier (value of type
- * #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p alg)
+ * #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p mac_alg)
* is true). This may be a truncated or untruncated
* MAC algorithm.
*
* \return The corresponding base MAC algorithm.
- * \return Unspecified if \p alg is not a supported
+ * \return Unspecified if \p mac_alg is not a supported
* MAC algorithm.
*/
#define PSA_ALG_FULL_LENGTH_MAC(mac_alg) \
@@ -923,12 +1012,12 @@
/** Length to which a MAC algorithm is truncated.
*
* \param mac_alg A MAC algorithm identifier (value of type
- * #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p alg)
+ * #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p mac_alg)
* is true).
*
* \return Length of the truncated MAC in bytes.
- * \return 0 if \p alg is a non-truncated MAC algorithm.
- * \return Unspecified if \p alg is not a supported
+ * \return 0 if \p mac_alg is a non-truncated MAC algorithm.
+ * \return Unspecified if \p mac_alg is not a supported
* MAC algorithm.
*/
#define PSA_MAC_TRUNCATED_LENGTH(mac_alg) \
@@ -1007,7 +1096,6 @@
*
* The underlying stream cipher is determined by the key type.
* - To use ChaCha20, use a key type of #PSA_KEY_TYPE_CHACHA20.
- * - To use ARC4, use a key type of #PSA_KEY_TYPE_ARC4.
*/
#define PSA_ALG_STREAM_CIPHER ((psa_algorithm_t)0x04800100)
@@ -1138,13 +1226,13 @@
* of the ciphertext.
*
* \param aead_alg An AEAD algorithm identifier (value of type
- * #psa_algorithm_t such that #PSA_ALG_IS_AEAD(\p alg)
+ * #psa_algorithm_t such that #PSA_ALG_IS_AEAD(\p aead_alg)
* is true).
* \param tag_length Desired length of the authentication tag in bytes.
*
* \return The corresponding AEAD algorithm with the specified
* length.
- * \return Unspecified if \p alg is not a supported
+ * \return Unspecified if \p aead_alg is not a supported
* AEAD algorithm or if \p tag_length is not valid
* for the specified AEAD algorithm.
*/
@@ -1157,13 +1245,12 @@
/** Retrieve the tag length of a specified AEAD algorithm
*
* \param aead_alg An AEAD algorithm identifier (value of type
- * #psa_algorithm_t such that #PSA_ALG_IS_AEAD(\p alg)
+ * #psa_algorithm_t such that #PSA_ALG_IS_AEAD(\p aead_alg)
* is true).
*
* \return The tag length specified by the input algorithm.
- * \return Unspecified if \p alg is not a supported
- * AEAD algorithm or if \p tag_length is not valid
- * for the specified AEAD algorithm.
+ * \return Unspecified if \p aead_alg is not a supported
+ * AEAD algorithm.
*/
#define PSA_ALG_AEAD_GET_TAG_LENGTH(aead_alg) \
(((aead_alg) & PSA_ALG_AEAD_TAG_LENGTH_MASK) >> \
@@ -1172,7 +1259,7 @@
/** Calculate the corresponding AEAD algorithm with the default tag length.
*
* \param aead_alg An AEAD algorithm (\c PSA_ALG_XXX value such that
- * #PSA_ALG_IS_AEAD(\p alg) is true).
+ * #PSA_ALG_IS_AEAD(\p aead_alg) is true).
*
* \return The corresponding AEAD algorithm with the default
* tag length for that algorithm.
@@ -1337,6 +1424,94 @@
#define PSA_ALG_IS_RANDOMIZED_ECDSA(alg) \
(PSA_ALG_IS_ECDSA(alg) && !PSA_ALG_ECDSA_IS_DETERMINISTIC(alg))
+/** Edwards-curve digital signature algorithm without prehashing (PureEdDSA),
+ * using standard parameters.
+ *
+ * Contexts are not supported in the current version of this specification
+ * because there is no suitable signature interface that can take the
+ * context as a parameter. A future version of this specification may add
+ * suitable functions and extend this algorithm to support contexts.
+ *
+ * PureEdDSA requires an elliptic curve key on a twisted Edwards curve.
+ * In this specification, the following curves are supported:
+ * - #PSA_ECC_FAMILY_TWISTED_EDWARDS, 255-bit: Ed25519 as specified
+ * in RFC 8032.
+ * The curve is Edwards25519.
+ * The hash function used internally is SHA-512.
+ * - #PSA_ECC_FAMILY_TWISTED_EDWARDS, 448-bit: Ed448 as specified
+ * in RFC 8032.
+ * The curve is Edwards448.
+ * The hash function used internally is the first 114 bytes of the
+ * SHAKE256 output.
+ *
+ * This algorithm can be used with psa_sign_message() and
+ * psa_verify_message(). Since there is no prehashing, it cannot be used
+ * with psa_sign_hash() or psa_verify_hash().
+ *
+ * The signature format is the concatenation of R and S as defined by
+ * RFC 8032 §5.1.6 and §5.2.6 (a 64-byte string for Ed25519, a 114-byte
+ * string for Ed448).
+ */
+#define PSA_ALG_PURE_EDDSA ((psa_algorithm_t)0x06000800)
+
+#define PSA_ALG_HASH_EDDSA_BASE ((psa_algorithm_t)0x06000900)
+#define PSA_ALG_IS_HASH_EDDSA(alg) \
+ (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HASH_EDDSA_BASE)
+
+/** Edwards-curve digital signature algorithm with prehashing (HashEdDSA),
+ * using SHA-512 and the Edwards25519 curve.
+ *
+ * See #PSA_ALG_PURE_EDDSA regarding context support and the signature format.
+ *
+ * This algorithm is Ed25519 as specified in RFC 8032.
+ * The curve is Edwards25519.
+ * The prehash is SHA-512.
+ * The hash function used internally is SHA-512.
+ *
+ * This is a hash-and-sign algorithm: to calculate a signature,
+ * you can either:
+ * - call psa_sign_message() on the message;
+ * - or calculate the SHA-512 hash of the message
+ * with psa_hash_compute()
+ * or with a multi-part hash operation started with psa_hash_setup(),
+ * using the hash algorithm #PSA_ALG_SHA_512,
+ * then sign the calculated hash with psa_sign_hash().
+ * Verifying a signature is similar, using psa_verify_message() or
+ * psa_verify_hash() instead of the signature function.
+ */
+#define PSA_ALG_ED25519PH \
+ (PSA_ALG_HASH_EDDSA_BASE | (PSA_ALG_SHA_512 & PSA_ALG_HASH_MASK))
+
+/** Edwards-curve digital signature algorithm with prehashing (HashEdDSA),
+ * using SHAKE256 and the Edwards448 curve.
+ *
+ * See #PSA_ALG_PURE_EDDSA regarding context support and the signature format.
+ *
+ * This algorithm is Ed448 as specified in RFC 8032.
+ * The curve is Edwards448.
+ * The prehash is the first 64 bytes of the SHAKE256 output.
+ * The hash function used internally is the first 114 bytes of the
+ * SHAKE256 output.
+ *
+ * This is a hash-and-sign algorithm: to calculate a signature,
+ * you can either:
+ * - call psa_sign_message() on the message;
+ * - or calculate the first 64 bytes of the SHAKE256 output of the message
+ * with psa_hash_compute()
+ * or with a multi-part hash operation started with psa_hash_setup(),
+ * using the hash algorithm #PSA_ALG_SHAKE256_512,
+ * then sign the calculated hash with psa_sign_hash().
+ * Verifying a signature is similar, using psa_verify_message() or
+ * psa_verify_hash() instead of the signature function.
+ */
+#define PSA_ALG_ED448PH \
+ (PSA_ALG_HASH_EDDSA_BASE | (PSA_ALG_SHAKE256_512 & PSA_ALG_HASH_MASK))
+
+/* Default definition, to be overridden if the library is extended with
+ * more hash-and-sign algorithms that we want to keep out of this header
+ * file. */
+#define PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg) 0
+
/** Whether the specified algorithm is a hash-and-sign algorithm.
*
* Hash-and-sign algorithms are asymmetric (public-key) signature algorithms
@@ -1352,7 +1527,22 @@
*/
#define PSA_ALG_IS_HASH_AND_SIGN(alg) \
(PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || \
- PSA_ALG_IS_ECDSA(alg))
+ PSA_ALG_IS_ECDSA(alg) || PSA_ALG_IS_HASH_EDDSA(alg) || \
+ PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg))
+
+/** Whether the specified algorithm is a signature algorithm that can be used
+ * with psa_sign_message() and psa_verify_message().
+ *
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return 1 if alg is a signature algorithm that can be used to sign a
+ * message. 0 if \p alg is a signature algorithm that can only be used
+ * to sign an already-calculated hash. 0 if \p alg is not a signature
+ * algorithm. This macro can return either 0 or 1 if \p alg is not a
+ * supported algorithm identifier.
+ */
+#define PSA_ALG_IS_SIGN_MESSAGE(alg) \
+ (PSA_ALG_IS_HASH_AND_SIGN(alg) || (alg) == PSA_ALG_PURE_EDDSA )
/** Get the hash used by a hash-and-sign signature algorithm.
*
@@ -1534,6 +1724,67 @@
#define PSA_ALG_TLS12_PSK_TO_MS_GET_HASH(hkdf_alg) \
(PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
+/* This flag indicates whether the key derivation algorithm is suitable for
+ * use on low-entropy secrets such as password - these algorithms are also
+ * known as key stretching or password hashing schemes. These are also the
+ * algorithms that accepts inputs of type #PSA_KEY_DERIVATION_INPUT_PASSWORD.
+ *
+ * Those algorithms cannot be combined with a key agreement algorithm.
+ */
+#define PSA_ALG_KEY_DERIVATION_STRETCHING_FLAG ((psa_algorithm_t)0x00800000)
+
+#define PSA_ALG_PBKDF2_HMAC_BASE ((psa_algorithm_t)0x08800100)
+/** Macro to build a PBKDF2-HMAC password hashing / key stretching algorithm.
+ *
+ * PBKDF2 is defined by PKCS#5, republished as RFC 8018 (section 5.2).
+ * This macro specifies the PBKDF2 algorithm constructed using a PRF based on
+ * HMAC with the specified hash.
+ * For example, `PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA256)` specifies PBKDF2
+ * using the PRF HMAC-SHA-256.
+ *
+ * This key derivation algorithm uses the following inputs, which must be
+ * provided in the following order:
+ * - #PSA_KEY_DERIVATION_INPUT_COST is the iteration count.
+ * This input step must be used exactly once.
+ * - #PSA_KEY_DERIVATION_INPUT_SALT is the salt.
+ * This input step must be used one or more times; if used several times, the
+ * inputs will be concatenated. This can be used to build the final salt
+ * from multiple sources, both public and secret (also known as pepper).
+ * - #PSA_KEY_DERIVATION_INPUT_PASSWORD is the password to be hashed.
+ * This input step must be used exactly once.
+ *
+ * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_HASH(\p hash_alg) is true).
+ *
+ * \return The corresponding PBKDF2-HMAC-XXX algorithm.
+ * \return Unspecified if \p hash_alg is not a supported
+ * hash algorithm.
+ */
+#define PSA_ALG_PBKDF2_HMAC(hash_alg) \
+ (PSA_ALG_PBKDF2_HMAC_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
+
+/** Whether the specified algorithm is a PBKDF2-HMAC algorithm.
+ *
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return 1 if \c alg is a PBKDF2-HMAC algorithm, 0 otherwise.
+ * This macro may return either 0 or 1 if \c alg is not a supported
+ * key derivation algorithm identifier.
+ */
+#define PSA_ALG_IS_PBKDF2_HMAC(alg) \
+ (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_PBKDF2_HMAC_BASE)
+
+/** The PBKDF2-AES-CMAC-PRF-128 password hashing / key stretching algorithm.
+ *
+ * PBKDF2 is defined by PKCS#5, republished as RFC 8018 (section 5.2).
+ * This macro specifies the PBKDF2 algorithm constructed using the
+ * AES-CMAC-PRF-128 PRF specified by RFC 4615.
+ *
+ * This key derivation algorithm uses the same inputs as
+ * #PSA_ALG_PBKDF2_HMAC() with the same constraints.
+ */
+#define PSA_ALG_PBKDF2_AES_CMAC_PRF_128 ((psa_algorithm_t)0x08800200)
+
#define PSA_ALG_KEY_DERIVATION_MASK ((psa_algorithm_t)0xfe00ffff)
#define PSA_ALG_KEY_AGREEMENT_MASK ((psa_algorithm_t)0xffff0000)
@@ -1671,6 +1922,18 @@
(alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0 : \
(alg) == PSA_ALG_ANY_HASH)
+/** Get the hash used by a composite algorithm.
+ *
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return The underlying hash algorithm if alg is a composite algorithm that
+ * uses a hash algorithm.
+ *
+ * \return \c 0 if alg is not a composite algorithm that uses a hash.
+ */
+#define PSA_ALG_GET_HASH(alg) \
+ (((alg) & 0x000000ff) == 0 ? ((psa_algorithm_t)0) : 0x02000000 | ((alg) & 0x000000ff))
+
/**@}*/
/** \defgroup key_lifetimes Key lifetimes
@@ -1748,6 +2011,27 @@
(PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \
PSA_KEY_PERSISTENCE_VOLATILE)
+/** Whether a key lifetime indicates that the key is read-only.
+ *
+ * Read-only keys cannot be created or destroyed through the PSA Crypto API.
+ * They must be created through platform-specific means that bypass the API.
+ *
+ * Some platforms may offer ways to destroy read-only keys. For example,
+ * consider a platform with multiple levels of privilege, where a
+ * low-privilege application can use a key but is not allowed to destroy
+ * it, and the platform exposes the key to the application with a read-only
+ * lifetime. High-privilege code can destroy the key even though the
+ * application sees the key as read-only.
+ *
+ * \param lifetime The lifetime value to query (value of type
+ * ::psa_key_lifetime_t).
+ *
+ * \return \c 1 if the key is read-only, otherwise \c 0.
+ */
+#define PSA_KEY_LIFETIME_IS_READ_ONLY(lifetime) \
+ (PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \
+ PSA_KEY_PERSISTENCE_READ_ONLY)
+
/** Construct a lifetime from a persistence level and a location.
*
* \param persistence The persistence level
@@ -1843,6 +2127,26 @@
/** Whether the key may be used to sign a message.
*
+ * This flag allows the key to be used for a MAC calculation operation or for
+ * an asymmetric message signature operation, if otherwise permitted by the
+ * key’s type and policy.
+ *
+ * For a key pair, this concerns the private key.
+ */
+#define PSA_KEY_USAGE_SIGN_MESSAGE ((psa_key_usage_t)0x00000400)
+
+/** Whether the key may be used to verify a message.
+ *
+ * This flag allows the key to be used for a MAC verification operation or for
+ * an asymmetric message signature verification operation, if otherwise
+ * permitted by the key’s type and policy.
+ *
+ * For a key pair, this concerns the public key.
+ */
+#define PSA_KEY_USAGE_VERIFY_MESSAGE ((psa_key_usage_t)0x00000800)
+
+/** Whether the key may be used to sign a message.
+ *
* This flag allows the key to be used for a MAC calculation operation
* or for an asymmetric signature operation,
* if otherwise permitted by the key's type and policy.
@@ -1861,10 +2165,35 @@
*/
#define PSA_KEY_USAGE_VERIFY_HASH ((psa_key_usage_t)0x00002000)
-/** Whether the key may be used to derive other keys.
+/** Whether the key may be used to derive other keys or produce a password
+ * hash.
+ *
+ * This flag allows the key to be used for a key derivation operation or for
+ * a key agreement operation, if otherwise permitted by by the key's type and
+ * policy.
+ *
+ * If this flag is present on all keys used in calls to
+ * psa_key_derivation_input_key() for a key derivation operation, then it
+ * permits calling psa_key_derivation_output_bytes() or
+ * psa_key_derivation_output_key() at the end of the operation.
*/
#define PSA_KEY_USAGE_DERIVE ((psa_key_usage_t)0x00004000)
+/** Whether the key may be used to verify the result of a key derivation,
+ * including password hashing.
+ *
+ * This flag allows the key to be used:
+ *
+ * This flag allows the key to be used in a key derivation operation, if
+ * otherwise permitted by by the key's type and policy.
+ *
+ * If this flag is present on all keys used in calls to
+ * psa_key_derivation_input_key() for a key derivation operation, then it
+ * permits calling psa_key_derivation_verify_bytes() or
+ * psa_key_derivation_verify_key() at the end of the operation.
+ */
+#define PSA_KEY_USAGE_VERIFY_DERIVATION ((psa_key_usage_t)0x00008000)
+
/**@}*/
/** \defgroup derivation Key derivation
@@ -1881,10 +2210,31 @@
* The secret can also be a direct input (passed to
* key_derivation_input_bytes()). In this case, the derivation operation
* may not be used to derive keys: the operation will only allow
- * psa_key_derivation_output_bytes(), not psa_key_derivation_output_key().
+ * psa_key_derivation_output_bytes(),
+ * psa_key_derivation_verify_bytes(), or
+ * psa_key_derivation_verify_key(), but not
+ * psa_key_derivation_output_key().
*/
#define PSA_KEY_DERIVATION_INPUT_SECRET ((psa_key_derivation_step_t)0x0101)
+/** A low-entropy secret input for password hashing / key stretching.
+ *
+ * This is usually a key of type #PSA_KEY_TYPE_PASSWORD (passed to
+ * psa_key_derivation_input_key()) or a direct input (passed to
+ * psa_key_derivation_input_bytes()) that is a password or passphrase. It can
+ * also be high-entropy secret such as a key of type #PSA_KEY_TYPE_DERIVE or
+ * the shared secret resulting from a key agreement.
+ *
+ * The secret can also be a direct input (passed to
+ * key_derivation_input_bytes()). In this case, the derivation operation
+ * may not be used to derive keys: the operation will only allow
+ * psa_key_derivation_output_bytes(),
+ * psa_key_derivation_verify_bytes(), or
+ * psa_key_derivation_verify_key(), but not
+ * psa_key_derivation_output_key().
+ */
+#define PSA_KEY_DERIVATION_INPUT_PASSWORD ((psa_key_derivation_step_t)0x0102)
+
/** A label for key derivation.
*
* This should be a direct input.
@@ -1895,7 +2245,8 @@
/** A salt for key derivation.
*
* This should be a direct input.
- * It can also be a key of type #PSA_KEY_TYPE_RAW_DATA.
+ * It can also be a key of type #PSA_KEY_TYPE_RAW_DATA or
+ * #PSA_KEY_TYPE_PEPPER.
*/
#define PSA_KEY_DERIVATION_INPUT_SALT ((psa_key_derivation_step_t)0x0202)
@@ -1913,6 +2264,35 @@
*/
#define PSA_KEY_DERIVATION_INPUT_SEED ((psa_key_derivation_step_t)0x0204)
+/** A cost parameter for password hashing / key stretching.
+ *
+ * This must be a direct input, passed to psa_key_derivation_input_integer().
+ */
+#define PSA_KEY_DERIVATION_INPUT_COST ((psa_key_derivation_step_t)0x0205)
+
+/**@}*/
+
+/** \defgroup helper_macros Helper macros
+ * @{
+ */
+
+/* Helper macros */
+
+/** Check if two AEAD algorithm identifiers refer to the same AEAD algorithm
+ * regardless of the tag length they encode.
+ *
+ * \param aead_alg_1 An AEAD algorithm identifier.
+ * \param aead_alg_2 An AEAD algorithm identifier.
+ *
+ * \return 1 if both identifiers refer to the same AEAD algorithm,
+ * 0 otherwise.
+ * Unspecified if neither \p aead_alg_1 nor \p aead_alg_2 are
+ * a supported AEAD algorithm.
+ */
+#define MBEDTLS_PSA_ALG_AEAD_EQUAL(aead_alg_1, aead_alg_2) \
+ (!(((aead_alg_1) ^ (aead_alg_2)) & \
+ ~(PSA_ALG_AEAD_TAG_LENGTH_MASK | PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG)))
+
/**@}*/
#endif /* PSA_CRYPTO_VALUES_H */
diff --git a/interface/include/tfm_attest_defs.h b/interface/include/tfm_attest_defs.h
new file mode 100644
index 0000000..dad7769
--- /dev/null
+++ b/interface/include/tfm_attest_defs.h
@@ -0,0 +1,23 @@
+/*
+ * Copyright (c) 2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __TFM_ATTEST_DEFS_H__
+#define __TFM_ATTEST_DEFS_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Initial Attestation message types that distinguish Attest services. */
+#define TFM_ATTEST_GET_TOKEN 1001
+#define TFM_ATTEST_GET_TOKEN_SIZE 1002
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __TFM_ATTEST_DEFS_H__ */
diff --git a/interface/include/tfm_crypto_defs.h b/interface/include/tfm_crypto_defs.h
index b4c771f..5a860b8 100644
--- a/interface/include/tfm_crypto_defs.h
+++ b/interface/include/tfm_crypto_defs.h
@@ -103,6 +103,8 @@
TFM_CRYPTO_AEAD_FINISH_SID,
TFM_CRYPTO_AEAD_VERIFY_SID,
TFM_CRYPTO_AEAD_ABORT_SID,
+ TFM_CRYPTO_SIGN_MESSAGE_SID,
+ TFM_CRYPTO_VERIFY_MESSAGE_SID,
TFM_CRYPTO_SIGN_HASH_SID,
TFM_CRYPTO_VERIFY_HASH_SID,
TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID,
diff --git a/interface/include/tfm_its_defs.h b/interface/include/tfm_its_defs.h
index 852f8f4..a6591b1 100644
--- a/interface/include/tfm_its_defs.h
+++ b/interface/include/tfm_its_defs.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -15,6 +15,12 @@
/* Invalid UID */
#define TFM_ITS_INVALID_UID 0
+/* ITS message types that distinguish ITS services. */
+#define TFM_ITS_SET 1001
+#define TFM_ITS_GET 1002
+#define TFM_ITS_GET_INFO 1003
+#define TFM_ITS_REMOVE 1004
+
#ifdef __cplusplus
}
#endif
diff --git a/interface/include/tfm_ps_defs.h b/interface/include/tfm_ps_defs.h
index 5dcf2f1..aac2316 100644
--- a/interface/include/tfm_ps_defs.h
+++ b/interface/include/tfm_ps_defs.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2017-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -15,6 +15,13 @@
/* Invalid UID */
#define TFM_PS_INVALID_UID 0
+/* PS message types that distinguish PS services. */
+#define TFM_PS_SET 1001
+#define TFM_PS_GET 1002
+#define TFM_PS_GET_INFO 1003
+#define TFM_PS_REMOVE 1004
+#define TFM_PS_GET_SUPPORT 1005
+
#ifdef __cplusplus
}
#endif
diff --git a/interface/src/tfm_crypto_func_api.c b/interface/src/tfm_crypto_func_api.c
index f22887b..5d7826b 100644
--- a/interface/src/tfm_crypto_func_api.c
+++ b/interface/src/tfm_crypto_func_api.c
@@ -861,16 +861,60 @@
return status;
}
-psa_status_t psa_asymmetric_sign(psa_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- uint8_t *signature,
- size_t signature_size,
- size_t *signature_length)
+psa_status_t psa_sign_message(psa_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length)
{
- return psa_sign_hash(key, alg, hash, hash_length, signature,
- signature_size, signature_length);
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_SIGN_MESSAGE_SID,
+ .key_id = key,
+ .alg = alg,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = input, .len = input_length},
+ };
+ psa_outvec out_vec[] = {
+ {.base = signature, .len = signature_size},
+ };
+
+ status = API_DISPATCH(tfm_crypto_sign_message,
+ TFM_CRYPTO_SIGN_MESSAGE);
+
+ *signature_length = out_vec[0].len;
+ return status;
+}
+
+psa_status_t psa_verify_message(psa_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *signature,
+ size_t signature_length)
+{
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_VERIFY_MESSAGE_SID,
+ .key_id = key,
+ .alg = alg
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = input, .len = input_length},
+ {.base = signature, .len = signature_length}
+ };
+
+ status = API_DISPATCH_NO_OUTVEC(tfm_crypto_verify_message,
+ TFM_CRYPTO_VERIFY_MESSAGE);
+
+ return status;
}
psa_status_t psa_sign_hash(psa_key_id_t key,
@@ -904,17 +948,6 @@
return status;
}
-psa_status_t psa_asymmetric_verify(psa_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- const uint8_t *signature,
- size_t signature_length)
-{
- return psa_verify_hash(key, alg, hash, hash_length,
- signature, signature_length);
-}
-
psa_status_t psa_verify_hash(psa_key_id_t key,
psa_algorithm_t alg,
const uint8_t *hash,
@@ -1250,17 +1283,16 @@
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_MAC_COMPUTE_SID,
- .alg = alg,
.key_id = key,
+ .alg = alg,
};
psa_invec in_vec[] = {
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
- {.base = input, .len = input_length}
+ {.base = input, .len = input_length},
};
-
psa_outvec out_vec[] = {
- {.base = mac, .len = mac_size}
+ {.base = mac, .len = mac_size},
};
status = API_DISPATCH(tfm_crypto_mac_compute,
@@ -1280,14 +1312,14 @@
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_MAC_VERIFY_SID,
- .alg = alg,
.key_id = key,
+ .alg = alg,
};
psa_invec in_vec[] = {
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
{.base = input, .len = input_length},
- {.base = mac, .len = mac_length}
+ {.base = mac, .len = mac_length},
};
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_mac_verify,
@@ -1296,7 +1328,7 @@
return status;
}
-psa_status_t psa_cipher_encrypt(psa_key_id_t key_id,
+psa_status_t psa_cipher_encrypt(psa_key_id_t key,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
@@ -1310,15 +1342,14 @@
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_CIPHER_ENCRYPT_SID,
+ .key_id = key,
.alg = alg,
- .key_id = key_id
};
psa_invec in_vec[] = {
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
{.base = input, .len = input_length},
};
-
psa_outvec out_vec[] = {
{.base = output, .len = output_size},
};
@@ -1327,12 +1358,11 @@
TFM_CRYPTO_CIPHER_ENCRYPT);
*output_length = out_vec[0].len;
-
return status;
#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
-psa_status_t psa_cipher_decrypt(psa_key_id_t key_id,
+psa_status_t psa_cipher_decrypt(psa_key_id_t key,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
@@ -1346,15 +1376,14 @@
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_CIPHER_DECRYPT_SID,
+ .key_id = key,
.alg = alg,
- .key_id = key_id
};
psa_invec in_vec[] = {
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
{.base = input, .len = input_length},
};
-
psa_outvec out_vec[] = {
{.base = output, .len = output_size},
};
@@ -1363,7 +1392,6 @@
TFM_CRYPTO_CIPHER_DECRYPT);
*output_length = out_vec[0].len;
-
return status;
#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
diff --git a/interface/src/tfm_crypto_ipc_api.c b/interface/src/tfm_crypto_ipc_api.c
index 3250a7c..a396a27 100644
--- a/interface/src/tfm_crypto_ipc_api.c
+++ b/interface/src/tfm_crypto_ipc_api.c
@@ -879,15 +879,60 @@
return status;
}
-psa_status_t psa_asymmetric_sign(psa_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- uint8_t *signature,
- size_t signature_size,
- size_t *signature_length)
+psa_status_t psa_sign_message(psa_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length)
{
- return psa_sign_hash(key, alg, hash, hash_length, signature, signature_size, signature_length);
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_SIGN_MESSAGE_SID,
+ .key_id = key,
+ .alg = alg,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = input, .len = input_length},
+ };
+ psa_outvec out_vec[] = {
+ {.base = signature, .len = signature_size},
+ };
+
+ status = API_DISPATCH(tfm_crypto_sign_message,
+ TFM_CRYPTO_SIGN_MESSAGE);
+
+ *signature_length = out_vec[0].len;
+ return status;
+}
+
+psa_status_t psa_verify_message(psa_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *signature,
+ size_t signature_length)
+{
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_VERIFY_MESSAGE_SID,
+ .key_id = key,
+ .alg = alg
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = input, .len = input_length},
+ {.base = signature, .len = signature_length}
+ };
+
+ status = API_DISPATCH_NO_OUTVEC(tfm_crypto_verify_message,
+ TFM_CRYPTO_VERIFY_MESSAGE);
+
+ return status;
}
psa_status_t psa_sign_hash(psa_key_id_t key,
@@ -921,16 +966,6 @@
return status;
}
-psa_status_t psa_asymmetric_verify(psa_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- const uint8_t *signature,
- size_t signature_length)
-{
- return psa_verify_hash(key, alg, hash, hash_length, signature, signature_length);
-}
-
psa_status_t psa_verify_hash(psa_key_id_t key,
psa_algorithm_t alg,
const uint8_t *hash,
@@ -1275,17 +1310,16 @@
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_MAC_COMPUTE_SID,
- .alg = alg,
.key_id = key,
+ .alg = alg,
};
psa_invec in_vec[] = {
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
- {.base = input, .len = input_length}
+ {.base = input, .len = input_length},
};
-
psa_outvec out_vec[] = {
- {.base = mac, .len = mac_size}
+ {.base = mac, .len = mac_size},
};
status = API_DISPATCH(tfm_crypto_mac_compute,
@@ -1305,14 +1339,14 @@
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_MAC_VERIFY_SID,
- .alg = alg,
.key_id = key,
+ .alg = alg,
};
psa_invec in_vec[] = {
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
{.base = input, .len = input_length},
- {.base = mac, .len = mac_length}
+ {.base = mac, .len = mac_length},
};
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_mac_verify,
@@ -1335,24 +1369,22 @@
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_CIPHER_ENCRYPT_SID,
+ .key_id = key,
.alg = alg,
- .key_id = key
};
psa_invec in_vec[] = {
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
{.base = input, .len = input_length},
};
-
psa_outvec out_vec[] = {
- {.base = output, .len = output_size},
+ {.base = output, .len = output_size}
};
status = API_DISPATCH(tfm_crypto_cipher_encrypt,
TFM_CRYPTO_CIPHER_ENCRYPT);
*output_length = out_vec[0].len;
-
return status;
#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
@@ -1371,24 +1403,22 @@
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_CIPHER_DECRYPT_SID,
+ .key_id = key,
.alg = alg,
- .key_id = key
};
psa_invec in_vec[] = {
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
{.base = input, .len = input_length},
};
-
psa_outvec out_vec[] = {
- {.base = output, .len = output_size},
+ {.base = output, .len = output_size}
};
status = API_DISPATCH(tfm_crypto_cipher_decrypt,
TFM_CRYPTO_CIPHER_DECRYPT);
*output_length = out_vec[0].len;
-
return status;
#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
diff --git a/interface/src/tfm_initial_attestation_ipc_api.c b/interface/src/tfm_initial_attestation_ipc_api.c
index 43c9b0e..44e18da 100644
--- a/interface/src/tfm_initial_attestation_ipc_api.c
+++ b/interface/src/tfm_initial_attestation_ipc_api.c
@@ -10,6 +10,7 @@
#include "psa/client.h"
#include "psa/crypto_types.h"
#include "psa_manifest/sid.h"
+#include "tfm_attest_defs.h"
psa_status_t
psa_initial_attest_get_token(const uint8_t *auth_challenge,
@@ -18,7 +19,6 @@
size_t token_buf_size,
size_t *token_size)
{
- psa_handle_t handle = PSA_NULL_HANDLE;
psa_status_t status;
psa_invec in_vec[] = {
@@ -28,16 +28,9 @@
{token_buf, token_buf_size}
};
- handle = psa_connect(TFM_ATTEST_GET_TOKEN_SID,
- TFM_ATTEST_GET_TOKEN_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_HANDLE_TO_ERROR(handle);
- }
-
- status = psa_call(handle, PSA_IPC_CALL,
+ status = psa_call(TFM_ATTESTATION_SERVICE_HANDLE, TFM_ATTEST_GET_TOKEN,
in_vec, IOVEC_LEN(in_vec),
out_vec, IOVEC_LEN(out_vec));
- psa_close(handle);
if (status == PSA_SUCCESS) {
*token_size = out_vec[0].len;
@@ -50,7 +43,6 @@
psa_initial_attest_get_token_size(size_t challenge_size,
size_t *token_size)
{
- psa_handle_t handle = PSA_NULL_HANDLE;
psa_status_t status;
psa_invec in_vec[] = {
{&challenge_size, sizeof(challenge_size)}
@@ -59,16 +51,9 @@
{token_size, sizeof(size_t)}
};
- handle = psa_connect(TFM_ATTEST_GET_TOKEN_SIZE_SID,
- TFM_ATTEST_GET_TOKEN_SIZE_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_HANDLE_TO_ERROR(handle);
- }
-
- status = psa_call(handle, PSA_IPC_CALL,
+ status = psa_call(TFM_ATTESTATION_SERVICE_HANDLE, TFM_ATTEST_GET_TOKEN_SIZE,
in_vec, IOVEC_LEN(in_vec),
out_vec, IOVEC_LEN(out_vec));
- psa_close(handle);
return status;
}
diff --git a/interface/src/tfm_its_ipc_api.c b/interface/src/tfm_its_ipc_api.c
index 543b88f..a52197b 100644
--- a/interface/src/tfm_its_ipc_api.c
+++ b/interface/src/tfm_its_ipc_api.c
@@ -9,6 +9,7 @@
#include "psa/internal_trusted_storage.h"
#include "psa_manifest/sid.h"
#include "tfm_api.h"
+#include "tfm_its_defs.h"
psa_status_t psa_its_set(psa_storage_uid_t uid,
size_t data_length,
@@ -16,7 +17,6 @@
psa_storage_create_flags_t create_flags)
{
psa_status_t status;
- psa_handle_t handle;
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) },
@@ -24,14 +24,8 @@
{ .base = &create_flags, .len = sizeof(create_flags) }
};
- handle = psa_connect(TFM_ITS_SET_SID, TFM_ITS_SET_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_ERROR_GENERIC_ERROR;
- }
-
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), NULL, 0);
-
- psa_close(handle);
+ status = psa_call(TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE, TFM_ITS_SET,
+ in_vec, IOVEC_LEN(in_vec), NULL, 0);
return status;
}
@@ -43,7 +37,6 @@
size_t *p_data_length)
{
psa_status_t status;
- psa_handle_t handle;
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) },
@@ -58,15 +51,8 @@
return PSA_ERROR_INVALID_ARGUMENT;
}
- handle = psa_connect(TFM_ITS_GET_SID, TFM_ITS_GET_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_ERROR_GENERIC_ERROR;
- }
-
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
- IOVEC_LEN(out_vec));
-
- psa_close(handle);
+ status = psa_call(TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE, TFM_ITS_GET,
+ in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
*p_data_length = out_vec[0].len;
@@ -77,7 +63,6 @@
struct psa_storage_info_t *p_info)
{
psa_status_t status;
- psa_handle_t handle;
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) }
@@ -87,36 +72,23 @@
{ .base = p_info, .len = sizeof(*p_info) }
};
- handle = psa_connect(TFM_ITS_GET_INFO_SID, TFM_ITS_GET_INFO_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_ERROR_GENERIC_ERROR;
- }
-
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
+ status = psa_call(TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE,
+ TFM_ITS_GET_INFO, in_vec, IOVEC_LEN(in_vec), out_vec,
IOVEC_LEN(out_vec));
- psa_close(handle);
-
return status;
}
psa_status_t psa_its_remove(psa_storage_uid_t uid)
{
psa_status_t status;
- psa_handle_t handle;
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) }
};
- handle = psa_connect(TFM_ITS_REMOVE_SID, TFM_ITS_REMOVE_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_ERROR_GENERIC_ERROR;
- }
-
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), NULL, 0);
-
- psa_close(handle);
+ status = psa_call(TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE,
+ TFM_ITS_REMOVE, in_vec, IOVEC_LEN(in_vec), NULL, 0);
return status;
}
diff --git a/interface/src/tfm_ps_ipc_api.c b/interface/src/tfm_ps_ipc_api.c
index 106917e..c74c425 100644
--- a/interface/src/tfm_ps_ipc_api.c
+++ b/interface/src/tfm_ps_ipc_api.c
@@ -9,6 +9,7 @@
#include "psa/protected_storage.h"
#include "psa_manifest/sid.h"
#include "tfm_ns_interface.h"
+#include "tfm_ps_defs.h"
psa_status_t psa_ps_set(psa_storage_uid_t uid,
size_t data_length,
@@ -16,7 +17,6 @@
psa_storage_create_flags_t create_flags)
{
psa_status_t status;
- psa_handle_t handle;
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) },
@@ -24,15 +24,8 @@
{ .base = &create_flags, .len = sizeof(create_flags) }
};
- handle = psa_connect(TFM_PS_SET_SID, TFM_PS_SET_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_ERROR_GENERIC_ERROR;
- }
-
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec),
- NULL, 0);
-
- psa_close(handle);
+ status = psa_call(TFM_PROTECTED_STORAGE_SERVICE_HANDLE, TFM_PS_SET, in_vec,
+ IOVEC_LEN(in_vec), NULL, 0);
return status;
}
@@ -44,7 +37,6 @@
size_t *p_data_length)
{
psa_status_t status;
- psa_handle_t handle;
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) },
@@ -59,15 +51,8 @@
return PSA_ERROR_INVALID_ARGUMENT;
}
- handle = psa_connect(TFM_PS_GET_SID, TFM_PS_GET_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_ERROR_GENERIC_ERROR;
- }
-
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
- IOVEC_LEN(out_vec));
-
- psa_close(handle);
+ status = psa_call(TFM_PROTECTED_STORAGE_SERVICE_HANDLE, TFM_PS_GET, in_vec,
+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
*p_data_length = out_vec[0].len;
@@ -78,7 +63,6 @@
struct psa_storage_info_t *p_info)
{
psa_status_t status;
- psa_handle_t handle;
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) }
@@ -88,15 +72,8 @@
{ .base = p_info, .len = sizeof(*p_info) }
};
- handle = psa_connect(TFM_PS_GET_INFO_SID, TFM_PS_GET_INFO_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_ERROR_GENERIC_ERROR;
- }
-
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
- IOVEC_LEN(out_vec));
-
- psa_close(handle);
+ status = psa_call(TFM_PROTECTED_STORAGE_SERVICE_HANDLE, TFM_PS_GET_INFO,
+ in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
return status;
}
@@ -104,22 +81,13 @@
psa_status_t psa_ps_remove(psa_storage_uid_t uid)
{
psa_status_t status;
- psa_handle_t handle;
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) }
};
-
- handle = psa_connect(TFM_PS_REMOVE_SID, TFM_PS_REMOVE_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_ERROR_GENERIC_ERROR;
- }
-
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec),
- NULL, 0);
-
- psa_close(handle);
+ status = psa_call(TFM_PROTECTED_STORAGE_SERVICE_HANDLE, TFM_PS_REMOVE,
+ in_vec, IOVEC_LEN(in_vec), NULL, 0);
return status;
}
@@ -151,7 +119,6 @@
* uninitialised value in case the secure function fails.
*/
uint32_t support_flags = 0;
- psa_handle_t handle;
psa_outvec out_vec[] = {
{ .base = &support_flags, .len = sizeof(support_flags) }
@@ -160,14 +127,8 @@
/* The PSA API does not return an error, so any error from TF-M is
* ignored.
*/
- handle = psa_connect(TFM_PS_GET_SUPPORT_SID, TFM_PS_GET_SUPPORT_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return support_flags;
- }
-
- (void)psa_call(handle, PSA_IPC_CALL, NULL, 0, out_vec, IOVEC_LEN(out_vec));
-
- psa_close(handle);
+ (void)psa_call(TFM_PROTECTED_STORAGE_SERVICE_HANDLE, TFM_PS_GET_SUPPORT,
+ NULL, 0, out_vec, IOVEC_LEN(out_vec));
return support_flags;
}
diff --git a/lib/ext/cryptocell-312-runtime/codesafe/src/crypto_api/cc3x_sym/api/mbedtls_cc_sha512_t.c b/lib/ext/cryptocell-312-runtime/codesafe/src/crypto_api/cc3x_sym/api/mbedtls_cc_sha512_t.c
index 66585ce..09d8d78 100644
--- a/lib/ext/cryptocell-312-runtime/codesafe/src/crypto_api/cc3x_sym/api/mbedtls_cc_sha512_t.c
+++ b/lib/ext/cryptocell-312-runtime/codesafe/src/crypto_api/cc3x_sym/api/mbedtls_cc_sha512_t.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001-2020, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2001-2021, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -55,33 +55,33 @@
CC_PalAbort("mbedtls_sha512_starts: is224 must be 0 or 1");
}
- ctx->total[0] = 0;
- ctx->total[1] = 0;
+ ctx->MBEDTLS_PRIVATE(total)[0] = 0;
+ ctx->MBEDTLS_PRIVATE(total)[1] = 0;
if( is224 == 1 ) {
/* SHA-512/224 */
- ctx->state[0] = UL64(0x8C3D37C819544DA2);
- ctx->state[1] = UL64(0x73E1996689DCD4D6);
- ctx->state[2] = UL64(0x1DFAB7AE32FF9C82);
- ctx->state[3] = UL64(0x679DD514582F9FCF);
- ctx->state[4] = UL64(0x0F6D2B697BD44DA8);
- ctx->state[5] = UL64(0x77E36F7304C48942);
- ctx->state[6] = UL64(0x3F9D85A86A1D36C8);
- ctx->state[7] = UL64(0x1112E6AD91D692A1);
+ ctx->MBEDTLS_PRIVATE(state)[0] = UL64(0x8C3D37C819544DA2);
+ ctx->MBEDTLS_PRIVATE(state)[1] = UL64(0x73E1996689DCD4D6);
+ ctx->MBEDTLS_PRIVATE(state)[2] = UL64(0x1DFAB7AE32FF9C82);
+ ctx->MBEDTLS_PRIVATE(state)[3] = UL64(0x679DD514582F9FCF);
+ ctx->MBEDTLS_PRIVATE(state)[4] = UL64(0x0F6D2B697BD44DA8);
+ ctx->MBEDTLS_PRIVATE(state)[5] = UL64(0x77E36F7304C48942);
+ ctx->MBEDTLS_PRIVATE(state)[6] = UL64(0x3F9D85A86A1D36C8);
+ ctx->MBEDTLS_PRIVATE(state)[7] = UL64(0x1112E6AD91D692A1);
}
else {
/* SHA-512/256 */
- ctx->state[0] = UL64(0x22312194FC2BF72C);
- ctx->state[1] = UL64(0x9F555FA3C84C64C2);
- ctx->state[2] = UL64(0x2393B86B6F53B151);
- ctx->state[3] = UL64(0x963877195940EABD);
- ctx->state[4] = UL64(0x96283EE2A88EFFE3);
- ctx->state[5] = UL64(0xBE5E1E2553863992);
- ctx->state[6] = UL64(0x2B0199FC2C85B8AA);
- ctx->state[7] = UL64(0x0EB72DDC81C52CA2);
+ ctx->MBEDTLS_PRIVATE(state)[0] = UL64(0x22312194FC2BF72C);
+ ctx->MBEDTLS_PRIVATE(state)[1] = UL64(0x9F555FA3C84C64C2);
+ ctx->MBEDTLS_PRIVATE(state)[2] = UL64(0x2393B86B6F53B151);
+ ctx->MBEDTLS_PRIVATE(state)[3] = UL64(0x963877195940EABD);
+ ctx->MBEDTLS_PRIVATE(state)[4] = UL64(0x96283EE2A88EFFE3);
+ ctx->MBEDTLS_PRIVATE(state)[5] = UL64(0xBE5E1E2553863992);
+ ctx->MBEDTLS_PRIVATE(state)[6] = UL64(0x2B0199FC2C85B8AA);
+ ctx->MBEDTLS_PRIVATE(state)[7] = UL64(0x0EB72DDC81C52CA2);
}
- ctx->is384 = 0;
+ ctx->MBEDTLS_PRIVATE(is384) = 0;
}
@@ -90,7 +90,7 @@
if (ctx == NULL || data == NULL) {
CC_PalAbort("mbedtls_sha512_context and data buffer cannot be NULL");
}
- mbedtls_sha512_process(ctx, data);
+ mbedtls_internal_sha512_process(ctx, data);
}
/*
diff --git a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/cc_ecp_internal.c b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/cc_ecp_internal.c
index 8e4f3ac..195b63c 100644
--- a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/cc_ecp_internal.c
+++ b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/cc_ecp_internal.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2001-2021, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -102,7 +102,7 @@
return ret;
}
- X->s = 1; /*unsigned*/
+ X->MBEDTLS_PRIVATE(s) = 1; /*unsigned*/
mbedtls_free(outArr);
@@ -136,7 +136,7 @@
CC_PAL_LOG_ERR("Error - failed to reverse memcpy, status = %d\n",status);
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
- *scalarSize = (X->n * sizeof(mbedtls_mpi_uint));
+ *scalarSize = (X->MBEDTLS_PRIVATE(n) * sizeof(mbedtls_mpi_uint));
mbedtls_free(outArr);
@@ -167,7 +167,7 @@
}
mbedtls_zeroize_internal(px, CC_EC_MONT_MOD_SIZE_IN_BYTES);
- ret = ecc_conv_mpi_to_scalar(&P->X, px, &pxSize);
+ ret = ecc_conv_mpi_to_scalar(&P->MBEDTLS_PRIVATE(X), px, &pxSize);
if (ret != 0)
{
return ret;
@@ -193,14 +193,14 @@
}
/* prepare the output point R*/
/* Y is not used in the result, and Z is 1*/
- ret = mbedtls_mpi_lset( &R->Z, 1 );
+ ret = mbedtls_mpi_lset( &R->MBEDTLS_PRIVATE(Z), 1 );
if (ret != 0)
{
CC_PAL_LOG_ERR("Error - could not set R.z\n");
return MBEDTLS_ERR_ECP_ALLOC_FAILED;
}
- mbedtls_mpi_free(&R->Y);
- ret = ecc_conv_scalar_to_mpi(resPoint, resPointSize, &R->X);
+ mbedtls_mpi_free(&R->MBEDTLS_PRIVATE(Y));
+ ret = ecc_conv_scalar_to_mpi(resPoint, resPointSize, &R->MBEDTLS_PRIVATE(X));
if (ret != 0)
{
return ret;
@@ -241,7 +241,7 @@
CC_PAL_LOG_ERR("Error - failed to allocate memory for temporary buffer\n");
return MBEDTLS_ERR_ECP_ALLOC_FAILED;
}
- ret = mbedtls_mpi_grow(&R->X, CALC_FULL_32BIT_WORDS(pDomain->modSizeInBits));
+ ret = mbedtls_mpi_grow(&R->MBEDTLS_PRIVATE(X), CALC_FULL_32BIT_WORDS(pDomain->modSizeInBits));
if (ret != 0)
{
CC_PAL_LOG_ERR("Error - failed to allocate memory for R\n");
@@ -249,16 +249,16 @@
return MBEDTLS_ERR_ECP_ALLOC_FAILED;
}
- ret = mbedtls_mpi_grow(&R->Y, CALC_FULL_32BIT_WORDS(pDomain->modSizeInBits));
+ ret = mbedtls_mpi_grow(&R->MBEDTLS_PRIVATE(Y), CALC_FULL_32BIT_WORDS(pDomain->modSizeInBits));
if (ret != 0)
{
CC_PAL_LOG_ERR("Error - failed to allocate memory for R.x\n");
mbedtls_free(tmpBuf);
- mbedtls_mpi_free(&R->X);
+ mbedtls_mpi_free(&R->MBEDTLS_PRIVATE(X));
return MBEDTLS_ERR_ECP_ALLOC_FAILED;
}
- rc = PkaEcWrstScalarMult(pDomain, m->p, m->n, P->X.p, P->Y.p, R->X.p, R->Y.p, tmpBuf);
+ rc = PkaEcWrstScalarMult(pDomain, m->MBEDTLS_PRIVATE(p), m->MBEDTLS_PRIVATE(n), P->MBEDTLS_PRIVATE(X).MBEDTLS_PRIVATE(p), P->MBEDTLS_PRIVATE(Y).MBEDTLS_PRIVATE(p), R->MBEDTLS_PRIVATE(X).MBEDTLS_PRIVATE(p), R->MBEDTLS_PRIVATE(Y).MBEDTLS_PRIVATE(p), tmpBuf);
mbedtls_free(tmpBuf);
if (rc != CC_SUCCESS)
{
@@ -266,12 +266,12 @@
return error_mapping_cc_to_mbedtls_ecc(rc);
}
- ret = mbedtls_mpi_lset( &R->Z, 1 );
+ ret = mbedtls_mpi_lset( &R->MBEDTLS_PRIVATE(Z), 1 );
if (ret != 0)
{
CC_PAL_LOG_ERR("Error - failed to allocate memory for R\n");
- mbedtls_mpi_free(&R->X);
- mbedtls_mpi_free(&R->Y);
+ mbedtls_mpi_free(&R->MBEDTLS_PRIVATE(X));
+ mbedtls_mpi_free(&R->MBEDTLS_PRIVATE(Y));
return MBEDTLS_ERR_ECP_ALLOC_FAILED;
}
return (0);
@@ -298,7 +298,7 @@
}
/* Common sanity checks */
- if( mbedtls_mpi_cmp_int( &P->Z, 1 ) != 0 )
+ if( mbedtls_mpi_cmp_int( &P->MBEDTLS_PRIVATE(Z), 1 ) != 0 )
{
CC_PAL_LOG_ERR("Error - trying to multiply the infinity point\n");
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
@@ -357,7 +357,7 @@
if (G != NULL) /* Base point was supplied by application*/
{
mbedtls_zeroize_internal(px, CC_EC_MONT_MOD_SIZE_IN_BYTES);
- ret = ecc_conv_mpi_to_scalar(&G->X, px, &pxSize);
+ ret = ecc_conv_mpi_to_scalar(&G->MBEDTLS_PRIVATE(X), px, &pxSize);
if (ret != 0)
{
return ret;
@@ -401,14 +401,14 @@
}
/* prepare the output point Q*/
/* Y is not used in the result, and Z is 1*/
- ret = mbedtls_mpi_lset( &Q->Z, 1 );
+ ret = mbedtls_mpi_lset( &Q->MBEDTLS_PRIVATE(Z), 1 );
if (ret != 0)
{
CC_PAL_LOG_ERR("Error - could not set Q.z\n");
goto END;
}
- mbedtls_mpi_free(&Q->Y);
- ret = ecc_conv_scalar_to_mpi(resPoint, resPointSize, &Q->X);
+ mbedtls_mpi_free(&Q->MBEDTLS_PRIVATE(Y));
+ ret = ecc_conv_scalar_to_mpi(resPoint, resPointSize, &Q->MBEDTLS_PRIVATE(X));
if (ret != 0)
{
goto END;
@@ -497,21 +497,21 @@
pRndContext->rndGenerateVectFunc = (CCRndGenerateVectWorkFunc_t)f_rng;
pRndContext->rndState = p_rng;
- ret = mbedtls_mpi_grow(&Q->X, CALC_FULL_32BIT_WORDS(pDomain->modSizeInBits));
+ ret = mbedtls_mpi_grow(&Q->MBEDTLS_PRIVATE(X), CALC_FULL_32BIT_WORDS(pDomain->modSizeInBits));
if (ret != 0)
{
CC_PAL_LOG_ERR("Error - failed to allocate memory for R\n");
goto END;
}
- Q->X.s = 1; /*unsigned*/
+ Q->MBEDTLS_PRIVATE(X).MBEDTLS_PRIVATE(s) = 1; /*unsigned*/
- ret = mbedtls_mpi_grow(&Q->Y, CALC_FULL_32BIT_WORDS(pDomain->modSizeInBits));
+ ret = mbedtls_mpi_grow(&Q->MBEDTLS_PRIVATE(Y), CALC_FULL_32BIT_WORDS(pDomain->modSizeInBits));
if (ret != 0)
{
CC_PAL_LOG_ERR("Error - failed to allocate memory for R.x\n");
goto END;
}
- Q->Y.s = 1; /*unsigned*/
+ Q->MBEDTLS_PRIVATE(Y).MBEDTLS_PRIVATE(s) = 1; /*unsigned*/
ret = mbedtls_mpi_grow(d, CALC_FULL_32BIT_WORDS(pDomain->modSizeInBits));
if (ret != 0)
@@ -520,11 +520,11 @@
goto END;
}
- d->s = 1; /*unsigned*/
+ d->MBEDTLS_PRIVATE(s) = 1; /*unsigned*/
if (G != NULL) /* Base point was supplied by the application*/
{
- rc = CC_EcpkiKeyPairGenerateBase(pRndContext, pDomain, G->X.p, G->Y.p, pUserPrivKey, pUserPublKey, pTempBuff, NULL);
+ rc = CC_EcpkiKeyPairGenerateBase(pRndContext, pDomain, G->MBEDTLS_PRIVATE(X).MBEDTLS_PRIVATE(p), G->MBEDTLS_PRIVATE(Y).MBEDTLS_PRIVATE(p), pUserPrivKey, pUserPublKey, pTempBuff, NULL);
}
else
{
@@ -539,11 +539,11 @@
pPrivKey = (CCEcpkiPrivKey_t *)pUserPrivKey->PrivKeyDbBuff;
pPublicKey = (CCEcpkiPublKey_t *)pUserPublKey->PublKeyDbBuff;
- CC_PalMemCopy(d->p, pPrivKey->PrivKey, CALC_FULL_BYTES(pDomain->modSizeInBits));
- CC_PalMemCopy(Q->X.p, pPublicKey->x, CALC_FULL_BYTES(pDomain->modSizeInBits));
- CC_PalMemCopy(Q->Y.p, pPublicKey->y, CALC_FULL_BYTES(pDomain->modSizeInBits));
+ CC_PalMemCopy(d->MBEDTLS_PRIVATE(p), pPrivKey->PrivKey, CALC_FULL_BYTES(pDomain->modSizeInBits));
+ CC_PalMemCopy(Q->MBEDTLS_PRIVATE(X).MBEDTLS_PRIVATE(p), pPublicKey->x, CALC_FULL_BYTES(pDomain->modSizeInBits));
+ CC_PalMemCopy(Q->MBEDTLS_PRIVATE(Y).MBEDTLS_PRIVATE(p), pPublicKey->y, CALC_FULL_BYTES(pDomain->modSizeInBits));
- ret = mbedtls_mpi_lset( &Q->Z, 1 );
+ ret = mbedtls_mpi_lset( &Q->MBEDTLS_PRIVATE(Z), 1 );
if (ret != 0)
{
CC_PAL_LOG_ERR("Error - failed to allocate memory for R\n");
diff --git a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/cmac_alt.c b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/cmac_alt.c
index 7e78950..31430d1 100644
--- a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/cmac_alt.c
+++ b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/cmac_alt.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001-2020, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2001-2021, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -152,7 +152,7 @@
return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED );
}
- ctx->cmac_ctx = cmac_ctx;
+ ctx->MBEDTLS_PRIVATE(cmac_ctx) = cmac_ctx;
mbedtls_zeroize_internal( ((mbedtls_cmac_private_context_t*)cmac_ctx)->cmac_ctrl_ctx.state,
sizeof( ((mbedtls_cmac_private_context_t*)cmac_ctx)->cmac_ctrl_ctx.state ) );
@@ -189,14 +189,14 @@
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
}
- if( ctx == NULL || ctx->cipher_info == NULL || input == NULL ||
- ctx->cmac_ctx == NULL )
+ if( ctx == NULL || ctx->MBEDTLS_PRIVATE(cipher_info) == NULL || input == NULL ||
+ ctx->MBEDTLS_PRIVATE(cmac_ctx) == NULL )
{
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
}
- cmac_ctx = ctx->cmac_ctx;
- block_size = ctx->cipher_info->block_size;
+ cmac_ctx = ctx->MBEDTLS_PRIVATE(cmac_ctx);
+ block_size = ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(block_size);
/* Is there data still to process from the last call, that's greater in
* size than a block? */
@@ -287,13 +287,13 @@
CCBuffInfo_t inBuffInfo;
CCBuffInfo_t outBuffInfo;
- if( ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL ||
+ if( ctx == NULL || ctx->MBEDTLS_PRIVATE(cipher_info) == NULL || ctx->MBEDTLS_PRIVATE(cmac_ctx) == NULL ||
output == NULL )
{
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
}
- cmac_ctx = ctx->cmac_ctx;
+ cmac_ctx = ctx->MBEDTLS_PRIVATE(cmac_ctx);
ret = SetDataBuffersInfo((const uint8_t*)&((mbedtls_cmac_private_context_t*)cmac_ctx)->cmac_ctrl_ctx.unprocessed_block,
((mbedtls_cmac_private_context_t*)cmac_ctx)->cmac_ctrl_ctx.unprocessed_len,
@@ -320,7 +320,7 @@
CC_PalMemCopy(output, ((mbedtls_cmac_private_context_t*)cmac_ctx)->aes_ctx.ivBuf, AES_IV_SIZE);
- mbedtls_zeroize_internal( ctx->cmac_ctx, sizeof( mbedtls_cmac_private_context_t ) );
+ mbedtls_zeroize_internal( ctx->MBEDTLS_PRIVATE(cmac_ctx), sizeof( mbedtls_cmac_private_context_t ) );
return (0);
}
@@ -329,12 +329,12 @@
{
mbedtls_cmac_context_t* cmac_ctx = NULL;
- if( ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL )
+ if( ctx == NULL || ctx->MBEDTLS_PRIVATE(cipher_info) == NULL || ctx->MBEDTLS_PRIVATE(cmac_ctx) == NULL )
{
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
}
- cmac_ctx = ctx->cmac_ctx;
+ cmac_ctx = ctx->MBEDTLS_PRIVATE(cmac_ctx);
/* Reset the internal state */
((mbedtls_cmac_private_context_t*)cmac_ctx)->cmac_ctrl_ctx.unprocessed_len = 0;
@@ -362,7 +362,7 @@
{
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
}
- if( cipher_info->base == NULL )
+ if( cipher_info->MBEDTLS_PRIVATE(base) == NULL )
{
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
}
diff --git a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecdh_alt.c b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecdh_alt.c
index e12ee1b..087f704 100644
--- a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecdh_alt.c
+++ b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecdh_alt.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2001-2021, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -16,7 +16,6 @@
#include "cc_ecc_internal.h"
-
const mbedtls_ecp_curve_info curve_25519_data = { MBEDTLS_ECP_DP_CURVE25519, 29, 255, "curve25519"};
#if defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT)
@@ -74,7 +73,7 @@
goto cleanup;
}
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( z, &P.X ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( z, &P.MBEDTLS_PRIVATE(X) ) );
cleanup:
mbedtls_ecp_point_free( &P );
@@ -109,8 +108,8 @@
/*
* Next two bytes are the namedcurve value
*/
- buf[0] = curve_info->tls_id >> 8;
- buf[1] = curve_info->tls_id & 0xFF;
+ buf[0] = curve_info->MBEDTLS_PRIVATE(tls_id) >> 8;
+ buf[1] = curve_info->MBEDTLS_PRIVATE(tls_id) & 0xFF;
return( 0 );
}
@@ -130,24 +129,24 @@
int ret;
size_t grp_len, pt_len;
- if( ctx == NULL || ctx->grp.pbits == 0 ||
+ if( ctx == NULL || ctx->MBEDTLS_PRIVATE(ctx).MBEDTLS_PRIVATE(mbed_ecdh).MBEDTLS_PRIVATE(grp).pbits == 0 ||
olen == NULL || buf == NULL ||
- blen <= 0 || (ctx->grp.id != MBEDTLS_ECP_DP_CURVE25519) ){
+ blen <= 0 || (ctx->MBEDTLS_PRIVATE(ctx).MBEDTLS_PRIVATE(mbed_ecdh).MBEDTLS_PRIVATE(grp).id != MBEDTLS_ECP_DP_CURVE25519) ){
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
}
- if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) )
+ if( ( ret = mbedtls_ecdh_gen_public( &ctx->MBEDTLS_PRIVATE(ctx).MBEDTLS_PRIVATE(mbed_ecdh).MBEDTLS_PRIVATE(grp), &ctx->MBEDTLS_PRIVATE(ctx).MBEDTLS_PRIVATE(mbed_ecdh).MBEDTLS_PRIVATE(d), &ctx->MBEDTLS_PRIVATE(ctx).MBEDTLS_PRIVATE(mbed_ecdh).MBEDTLS_PRIVATE(Q), f_rng, p_rng ) )
!= 0 )
return( ret );
- if( ( ret = mbedtls_ecp_tls_write_group_edwards( &ctx->grp, &grp_len, buf, blen ) )
+ if( ( ret = mbedtls_ecp_tls_write_group_edwards( &ctx->MBEDTLS_PRIVATE(ctx).MBEDTLS_PRIVATE(mbed_ecdh).MBEDTLS_PRIVATE(grp), &grp_len, buf, blen ) )
!= 0 )
return( ret );
buf += grp_len;
blen -= grp_len;
- if( ( ret = mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, ctx->point_format,
+ if( ( ret = mbedtls_ecp_tls_write_point( &ctx->MBEDTLS_PRIVATE(ctx).MBEDTLS_PRIVATE(mbed_ecdh).MBEDTLS_PRIVATE(grp), &ctx->MBEDTLS_PRIVATE(ctx).MBEDTLS_PRIVATE(mbed_ecdh).MBEDTLS_PRIVATE(Q), ctx->MBEDTLS_PRIVATE(point_format),
&pt_len, buf, blen ) ) != 0 )
return( ret );
@@ -182,10 +181,10 @@
tls_id <<= 8;
tls_id |= *(*buf)++;
- if (curve_info->tls_id != tls_id){
+ if (curve_info->MBEDTLS_PRIVATE(tls_id) != tls_id){
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
}
- return mbedtls_ecp_group_load( grp, curve_info->grp_id );
+ return mbedtls_ecp_group_load( grp, curve_info->MBEDTLS_PRIVATE(grp_id) );
}
/*
@@ -203,10 +202,10 @@
if( ctx == NULL || buf == NULL || end == NULL){
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
}
- if( ( ret = mbedtls_ecp_tls_read_group_edwards( &ctx->grp, buf, end - *buf ) ) != 0 )
+ if( ( ret = mbedtls_ecp_tls_read_group_edwards( &ctx->MBEDTLS_PRIVATE(ctx).MBEDTLS_PRIVATE(mbed_ecdh).MBEDTLS_PRIVATE(grp), buf, end - *buf ) ) != 0 )
return( ret );
- if( ( ret = mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, buf, end - *buf ) )
+ if( ( ret = mbedtls_ecp_tls_read_point( &ctx->MBEDTLS_PRIVATE(ctx).MBEDTLS_PRIVATE(mbed_ecdh).MBEDTLS_PRIVATE(grp), &ctx->MBEDTLS_PRIVATE(ctx).MBEDTLS_PRIVATE(mbed_ecdh).MBEDTLS_PRIVATE(Qp), buf, end - *buf ) )
!= 0 ){
return( ret );
}
diff --git a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecdsa_alt.c b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecdsa_alt.c
index da0c770..f500f76 100644
--- a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecdsa_alt.c
+++ b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecdsa_alt.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2001-2021, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -378,8 +378,8 @@
int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
- return( mbedtls_ecp_group_load( &ctx->grp, gid ) ||
- cc_ecp_gen_keypair( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) );
+ return( mbedtls_ecp_group_load( &ctx->MBEDTLS_PRIVATE(grp), gid ) ||
+ cc_ecp_gen_keypair( &ctx->MBEDTLS_PRIVATE(grp), &ctx->MBEDTLS_PRIVATE(d), &ctx->MBEDTLS_PRIVATE(Q), f_rng, p_rng ) );
}
#endif /* MBEDTLS_ECDSA_GENKEY_ALT */
diff --git a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecdsa_edwards.c b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecdsa_edwards.c
index 039b37e..12a547c 100644
--- a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecdsa_edwards.c
+++ b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecdsa_edwards.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2001-2021, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -95,9 +95,9 @@
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
- grp = &ctx->grp;
- d = &ctx->d;
- Q = &ctx->Q;
+ grp = &ctx->MBEDTLS_PRIVATE(grp);
+ d = &ctx->MBEDTLS_PRIVATE(d);
+ Q = &ctx->MBEDTLS_PRIVATE(Q);
pDomain = EcEdwGetDomain25519();
if (NULL == pDomain)
@@ -139,13 +139,13 @@
ret = error_mapping_cc_to_mbedtls_ecc(rc);
goto END;
}
- ret = mbedtls_mpi_read_binary(&Q->Y, pPublicKey, CALC_FULL_BYTES(pDomain->ecModSizeInBits));
+ ret = mbedtls_mpi_read_binary(&Q->MBEDTLS_PRIVATE(Y), pPublicKey, CALC_FULL_BYTES(pDomain->ecModSizeInBits));
if (ret != 0)
{
CC_PAL_LOG_ERR("Error - failed to allocate memory for Q->Y\n");
goto END;
}
- Q->Y.s = 1; /*unsigned*/
+ Q->MBEDTLS_PRIVATE(Y).MBEDTLS_PRIVATE(s) = 1; /*unsigned*/
ret = mbedtls_mpi_read_binary(d, pPrivKey, CALC_FULL_BYTES(2*pDomain->ecModSizeInBits));
if (ret != 0)
@@ -153,7 +153,7 @@
CC_PAL_LOG_ERR("Error - failed to allocate memory for Q->Y\n");
goto END;
}
- d->s = 1; /*unsigned*/
+ d->MBEDTLS_PRIVATE(s) = 1; /*unsigned*/
/* Set the group curve order used by sign & verify functions */
@@ -299,7 +299,7 @@
/* Only the Y coordinate is required */
pub_key_size = order_size;
- ret = ecdsa_export_mpi_to_buff( &Q->Y, &pub_key_size, pub_key_buf, order_size );
+ ret = ecdsa_export_mpi_to_buff( &Q->MBEDTLS_PRIVATE(Y), &pub_key_size, pub_key_buf, order_size );
if ((ret != 0) ||
(pub_key_size != order_size))
{
@@ -375,13 +375,13 @@
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
- ret = mbedtls_mpi_read_binary(&Q->Y, buf, blen);
+ ret = mbedtls_mpi_read_binary(&Q->MBEDTLS_PRIVATE(Y), buf, blen);
if (ret != 0)
{
CC_PAL_LOG_ERR("Error - failed to allocate memory for Q->Y\n");
return ret;
}
- Q->Y.s = 1; /*unsigned*/
+ Q->MBEDTLS_PRIVATE(Y).MBEDTLS_PRIVATE(s) = 1; /*unsigned*/
return CC_OK;
@@ -411,7 +411,7 @@
{
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
- ret = ecdsa_export_mpi_to_buff(&Q->Y, olen, buf, keySize);
+ ret = ecdsa_export_mpi_to_buff(&Q->MBEDTLS_PRIVATE(Y), olen, buf, keySize);
if (ret != 0)
{
CC_PAL_LOG_ERR("Error - failed to allocate memory for Q->Y\n");
diff --git a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecp_common.h b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecp_common.h
index a232d53..a87b530 100644
--- a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecp_common.h
+++ b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecp_common.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2001-2021, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -38,10 +38,10 @@
*/
static inline ecp_curve_type ecp_get_type(const mbedtls_ecp_group *grp)
{
- if (grp->G.X.p == NULL)
+ if (grp->G.MBEDTLS_PRIVATE(X).MBEDTLS_PRIVATE(p) == NULL)
return (ECP_TYPE_NONE);
- if (grp->G.Y.p == NULL)
+ if (grp->G.MBEDTLS_PRIVATE(Y).MBEDTLS_PRIVATE(p) == NULL)
return (ECP_TYPE_25519);
else
return (ECP_TYPE_SHORT_WEIERSTRASS);
diff --git a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/gcm_alt.c b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/gcm_alt.c
index 59e340e..679787c 100644
--- a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/gcm_alt.c
+++ b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/gcm_alt.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2001-2021, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -580,42 +580,59 @@
int mbedtls_gcm_starts(mbedtls_gcm_context *ctx,
int mode,
const unsigned char *iv,
- size_t iv_len,
- const unsigned char *aad,
- size_t aad_len)
+ size_t iv_len)
{
CC_UNUSED_PARAM(ctx);
CC_UNUSED_PARAM(mode);
CC_UNUSED_PARAM(iv);
CC_UNUSED_PARAM(iv_len);
- CC_UNUSED_PARAM(aad);
- CC_UNUSED_PARAM(aad_len);
return (MBEDTLS_ERR_GCM_API_IS_NOT_SUPPORTED);
}
int mbedtls_gcm_update(mbedtls_gcm_context *ctx,
- size_t length,
- const unsigned char *input,
- unsigned char *output)
+ const unsigned char *input,
+ size_t input_length,
+ unsigned char *output,
+ size_t output_size,
+ size_t *output_length)
{
CC_UNUSED_PARAM(ctx);
- CC_UNUSED_PARAM(length);
CC_UNUSED_PARAM(input);
+ CC_UNUSED_PARAM(input_length);
CC_UNUSED_PARAM(output);
+ CC_UNUSED_PARAM(output_size);
+ CC_UNUSED_PARAM(output_length);
return (MBEDTLS_ERR_GCM_API_IS_NOT_SUPPORTED);
}
int mbedtls_gcm_finish(mbedtls_gcm_context *ctx,
- unsigned char *tag,
- size_t tag_len)
+ unsigned char *output,
+ size_t output_size,
+ size_t *output_length,
+ unsigned char *tag,
+ size_t tag_len)
{
CC_UNUSED_PARAM(ctx);
+ CC_UNUSED_PARAM(output);
+ CC_UNUSED_PARAM(output_size);
+ CC_UNUSED_PARAM(output_length);
CC_UNUSED_PARAM(tag);
CC_UNUSED_PARAM(tag_len);
return (MBEDTLS_ERR_GCM_API_IS_NOT_SUPPORTED);
}
+
+int mbedtls_gcm_update_ad(mbedtls_gcm_context *ctx,
+ const unsigned char *add,
+ size_t add_len)
+{
+ CC_UNUSED_PARAM(ctx);
+ CC_UNUSED_PARAM(add);
+ CC_UNUSED_PARAM(add_len);
+
+ return (MBEDTLS_ERR_GCM_API_IS_NOT_SUPPORTED);
+}
/**************************************************************************************************/
#endif
diff --git a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/rsa_alt.c b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/rsa_alt.c
index b48c57a..507e3e6 100644
--- a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/rsa_alt.c
+++ b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/rsa_alt.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001-2020, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2001-2021, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -14,7 +14,6 @@
#if defined(MBEDTLS_RSA_C)
#include "mbedtls/rsa.h"
-#include "mbedtls/rsa_internal.h"
#include "mbedtls/oid.h"
#include "mbedtls_common.h"
#include "mbedtls/bignum.h"
@@ -135,19 +134,19 @@
{
int32_t err = 0;
- if(X == NULL || X->p != NULL || X->n != 0 || sizeInWords == 0) {
+ if(X == NULL || X->MBEDTLS_PRIVATE(p) != NULL || X->MBEDTLS_PRIVATE(n) != 0 || sizeInWords == 0) {
err = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
goto End;
}
- if( ( X->p = (uint32_t*)mbedtls_calloc( sizeInWords, sizeof(uint32_t) ) ) == NULL ) {
+ if( ( X->MBEDTLS_PRIVATE(p) = (uint32_t*)mbedtls_calloc( sizeInWords, sizeof(uint32_t) ) ) == NULL ) {
err = MBEDTLS_ERR_MPI_ALLOC_FAILED;
goto End;
}
- CC_PalMemCopy(X->p, buf, sizeInWords*CC_32BIT_WORD_SIZE);
- X->s = 1;
- X->n = sizeInWords;
+ CC_PalMemCopy(X->MBEDTLS_PRIVATE(p), buf, sizeInWords*CC_32BIT_WORD_SIZE);
+ X->MBEDTLS_PRIVATE(s) = 1;
+ X->MBEDTLS_PRIVATE(n) = sizeInWords;
End:
return err;
@@ -299,30 +298,23 @@
return ret;
}
-void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
- int padding,
- int hash_id )
+void mbedtls_rsa_init( mbedtls_rsa_context *ctx)
{
/* check input parameters and functions */
if (ctx == NULL){
CC_PalAbort("Ctx is NULL\n");
}
- if ((hash_id != MBEDTLS_MD_NONE) && ((hash_id < MBEDTLS_MD_SHA1) || (hash_id > MBEDTLS_MD_SHA512))){
- CC_PalAbort("Not valid hash id\n");
- }
CC_PalMemSetZero(ctx, sizeof( mbedtls_rsa_context));
- mbedtls_rsa_set_padding( ctx, padding, hash_id );
-
#if defined(MBEDTLS_THREADING_C)
- mbedtls_mutex_init( &ctx->mutex );
+ mbedtls_mutex_init( &ctx->MBEDTLS_PRIVATE(mutex) );
#endif
}
/*
* Set padding for an existing RSA context
*/
-void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, int hash_id )
+int mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, mbedtls_md_type_t hash_id )
{
/* check input parameters and functions */
if (ctx == NULL){
@@ -331,8 +323,10 @@
if ((hash_id != MBEDTLS_MD_NONE) && ((hash_id < MBEDTLS_MD_SHA1) || (hash_id > MBEDTLS_MD_SHA512))){
CC_PalAbort("Not valid hash id\n");
}
- ctx->padding = padding;
- ctx->hash_id = hash_id;
+ ctx->MBEDTLS_PRIVATE(padding) = padding;
+ ctx->MBEDTLS_PRIVATE(hash_id) = hash_id;
+
+ return (0);
}
#if defined(MBEDTLS_GENPRIME)
@@ -470,17 +464,17 @@
/* allocate mbedtls context internal buffers and copy data to them */
- pCtx->len = keySizeBytes; /* full size of modulus in bytes, including leading zeros*/
- MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->N, pCcPubKey->n, keySizeWords ) );
- MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->E, pCcPubKey->e, PUB_EXP_SIZE_IN_WORDS ) );
- MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->D, pCcPrivKey->PriveKeyDb.NonCrt.d, keySizeWords ) );
- MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->NP, ((RsaPubKeyDb_t*)(pCcPubKey->ccRSAIntBuff))->NP,
+ pCtx->MBEDTLS_PRIVATE(len) = keySizeBytes; /* full size of modulus in bytes, including leading zeros*/
+ MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->MBEDTLS_PRIVATE(N), pCcPubKey->n, keySizeWords ) );
+ MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->MBEDTLS_PRIVATE(E), pCcPubKey->e, PUB_EXP_SIZE_IN_WORDS ) );
+ MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->MBEDTLS_PRIVATE(D), pCcPrivKey->PriveKeyDb.NonCrt.d, keySizeWords ) );
+ MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->MBEDTLS_PRIVATE(NP), ((RsaPubKeyDb_t*)(pCcPubKey->ccRSAIntBuff))->NP,
CC_PKA_BARRETT_MOD_TAG_SIZE_IN_WORDS ) );
/* P,Q saved in the context as it is done in mbedtls independent on
* CRT compilation flag */
- MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->P, pKeyGenData->KGData.p, keySizeWords/2 ) );
- MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->Q, pKeyGenData->KGData.q, keySizeWords/2 ) );
+ MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->MBEDTLS_PRIVATE(P), pKeyGenData->KGData.p, keySizeWords/2 ) );
+ MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->MBEDTLS_PRIVATE(Q), pKeyGenData->KGData.q, keySizeWords/2 ) );
/* calculate Barrett tags for P,Q and set into context */
err = PkiCalcNp(((RsaPrivKeyDb_t *)(pCcPrivKey->ccRSAPrivKeyIntBuff))->Crt.PP,/*out*/
@@ -493,8 +487,8 @@
if (err != CC_OK) {
goto End;
}
- MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->BPP, ((RsaPrivKeyDb_t*)(pCcPrivKey->ccRSAPrivKeyIntBuff))->Crt.PP, CC_PKA_BARRETT_MOD_TAG_SIZE_IN_WORDS ) );
- MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->BQP, ((RsaPrivKeyDb_t*)(pCcPrivKey->ccRSAPrivKeyIntBuff))->Crt.QP, CC_PKA_BARRETT_MOD_TAG_SIZE_IN_WORDS ) );
+ MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->MBEDTLS_PRIVATE(BPP), ((RsaPrivKeyDb_t*)(pCcPrivKey->ccRSAPrivKeyIntBuff))->Crt.PP, CC_PKA_BARRETT_MOD_TAG_SIZE_IN_WORDS ) );
+ MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->MBEDTLS_PRIVATE(BQP), ((RsaPrivKeyDb_t*)(pCcPrivKey->ccRSAPrivKeyIntBuff))->Crt.QP, CC_PKA_BARRETT_MOD_TAG_SIZE_IN_WORDS ) );
/* calculate CRT parameters */
#if !defined(MBEDTLS_RSA_NO_CRT)
@@ -512,9 +506,9 @@
}
/* allocate mbedtls context internal buffers and copy data to them */
- MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->DP, pCcPrivKey->PriveKeyDb.Crt.dP, keySizeWords/2 ) );
- MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->DQ, pCcPrivKey->PriveKeyDb.Crt.dQ, keySizeWords/2 ) );
- MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->QP, pCcPrivKey->PriveKeyDb.Crt.qInv, keySizeWords/2 ) );
+ MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->MBEDTLS_PRIVATE(DP), pCcPrivKey->PriveKeyDb.Crt.dP, keySizeWords/2 ) );
+ MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->MBEDTLS_PRIVATE(DQ), pCcPrivKey->PriveKeyDb.Crt.dQ, keySizeWords/2 ) );
+ MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->MBEDTLS_PRIVATE(QP), pCcPrivKey->PriveKeyDb.Crt.qInv, keySizeWords/2 ) );
#endif /* MBEDTLS_RSA_NO_CRT */
#ifdef FIPS_CERTIFICATION
@@ -554,8 +548,8 @@
* P,Q need to be present or not. In this function this variable is not used */
((void) blinding_needed);
- if( ctx->len != mbedtls_mpi_size( &ctx->N ) ||
- ctx->len > MBEDTLS_MPI_MAX_SIZE )
+ if( ctx->MBEDTLS_PRIVATE(len) != mbedtls_mpi_size( &ctx->MBEDTLS_PRIVATE(N) ) ||
+ ctx->MBEDTLS_PRIVATE(len) > MBEDTLS_MPI_MAX_SIZE )
{
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
}
@@ -566,8 +560,8 @@
/* Modular exponentiation wrt. N is always used for
* RSA public key operations. */
- if( mbedtls_mpi_cmp_int( &ctx->N, 0 ) <= 0 ||
- mbedtls_mpi_get_bit( &ctx->N, 0 ) == 0 )
+ if( mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(N), 0 ) <= 0 ||
+ mbedtls_mpi_get_bit( &ctx->MBEDTLS_PRIVATE(N), 0 ) == 0 )
{
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
}
@@ -577,10 +571,10 @@
* used for private key operations and if CRT
* is used. */
if( is_priv &&
- ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) <= 0 ||
- mbedtls_mpi_get_bit( &ctx->P, 0 ) == 0 ||
- mbedtls_mpi_cmp_int( &ctx->Q, 0 ) <= 0 ||
- mbedtls_mpi_get_bit( &ctx->Q, 0 ) == 0 ) )
+ ( mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(P), 0 ) <= 0 ||
+ mbedtls_mpi_get_bit( &ctx->MBEDTLS_PRIVATE(P), 0 ) == 0 ||
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(Q), 0 ) <= 0 ||
+ mbedtls_mpi_get_bit( &ctx->MBEDTLS_PRIVATE(Q), 0 ) == 0 ) )
{
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
}
@@ -591,18 +585,18 @@
*/
/* Always need E for public key operations */
- if( mbedtls_mpi_cmp_int( &ctx->E, 0 ) <= 0 )
+ if( mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(E), 0 ) <= 0 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
#if defined(MBEDTLS_RSA_NO_CRT)
/* For private key operations, use D or DP & DQ
* as (unblinded) exponents. */
- if( is_priv && mbedtls_mpi_cmp_int( &ctx->D, 0 ) <= 0 )
+ if( is_priv && mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(D), 0 ) <= 0 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
#else
if( is_priv &&
- ( mbedtls_mpi_cmp_int( &ctx->DP, 0 ) <= 0 ||
- mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) <= 0 ) )
+ ( mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(DP), 0 ) <= 0 ||
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(DQ), 0 ) <= 0 ) )
{
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
}
@@ -612,7 +606,7 @@
* but check for QP >= 1 nonetheless. */
#if !defined(MBEDTLS_RSA_NO_CRT)
if( is_priv &&
- mbedtls_mpi_cmp_int( &ctx->QP, 0 ) <= 0 )
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(QP), 0 ) <= 0 )
{
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
}
@@ -694,7 +688,7 @@
}
if( P != NULL ) {
- ret = RsaPrimeTestCall( &ccRndCtx, &P->p[0], mbedtls_mpi_size_in_words(P),
+ ret = RsaPrimeTestCall( &ccRndCtx, &P->MBEDTLS_PRIVATE(p)[0], mbedtls_mpi_size_in_words(P),
rabinTestsCount,
&isPrime, pTempBuff/*3*modSizeWords*/,
CC_RSA_PRIME_TEST_MODE );
@@ -704,7 +698,7 @@
}
}
if( Q != NULL ) {
- ret = RsaPrimeTestCall( &ccRndCtx, &Q->p[0], mbedtls_mpi_size_in_words(Q),
+ ret = RsaPrimeTestCall( &ccRndCtx, &Q->MBEDTLS_PRIVATE(p)[0], mbedtls_mpi_size_in_words(Q),
rabinTestsCount,
&isPrime, pTempBuff/*3*modSizeWords*/,
CC_RSA_PRIME_TEST_MODE );
@@ -900,21 +894,21 @@
*/
int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx )
{
- if( ctx == NULL || !ctx->N.p || ( ctx->N.s != 1 ) || !ctx->E.p || ( ctx->E.s != 1 ) )
+ if( ctx == NULL || !ctx->MBEDTLS_PRIVATE(N).MBEDTLS_PRIVATE(p) || ( ctx->MBEDTLS_PRIVATE(N).MBEDTLS_PRIVATE(s) != 1 ) || !ctx->MBEDTLS_PRIVATE(E).MBEDTLS_PRIVATE(p) || ( ctx->MBEDTLS_PRIVATE(E).MBEDTLS_PRIVATE(s) != 1 ) )
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
/* check oddness */
- if( ( ctx->N.p[0] & 1 ) == 0 ||
- ( ctx->E.p[0] & 1 ) == 0 )
+ if( ( ctx->MBEDTLS_PRIVATE(N).MBEDTLS_PRIVATE(p)[0] & 1 ) == 0 ||
+ ( ctx->MBEDTLS_PRIVATE(E).MBEDTLS_PRIVATE(p)[0] & 1 ) == 0 )
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED);
- if( mbedtls_mpi_bitlen( &ctx->N ) < MBEDTLS_RSA_MIN_VALID_KEY_SIZE_VALUE_IN_BITS ||
- mbedtls_mpi_bitlen( &ctx->N ) > MBEDTLS_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BITS )
+ if( mbedtls_mpi_bitlen( &ctx->MBEDTLS_PRIVATE(N) ) < MBEDTLS_RSA_MIN_VALID_KEY_SIZE_VALUE_IN_BITS ||
+ mbedtls_mpi_bitlen( &ctx->MBEDTLS_PRIVATE(N) ) > MBEDTLS_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BITS )
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
- if( mbedtls_mpi_bitlen( &ctx->E ) < 2 ||
- mbedtls_mpi_cmp_mpi( &ctx->E, &ctx->N ) >= 0 )
+ if( mbedtls_mpi_bitlen( &ctx->MBEDTLS_PRIVATE(E) ) < 2 ||
+ mbedtls_mpi_cmp_mpi( &ctx->MBEDTLS_PRIVATE(E), &ctx->MBEDTLS_PRIVATE(N) ) >= 0 )
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
return( 0 );
@@ -939,15 +933,15 @@
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
}
- if( mbedtls_rsa_validate_params_alt( &ctx->N, &ctx->P, &ctx->Q,
- &ctx->D, &ctx->E, NULL, NULL ) != 0 )
+ if( mbedtls_rsa_validate_params_alt( &ctx->MBEDTLS_PRIVATE(N), &ctx->MBEDTLS_PRIVATE(P), &ctx->MBEDTLS_PRIVATE(Q),
+ &ctx->MBEDTLS_PRIVATE(D), &ctx->MBEDTLS_PRIVATE(E), NULL, NULL ) != 0 )
{
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
}
#if !defined(MBEDTLS_RSA_NO_CRT)
- if( mbedtls_rsa_validate_crt_alt( &ctx->P, &ctx->Q, &ctx->D,
- &ctx->DP, &ctx->DQ, &ctx->QP ) != 0 )
+ if( mbedtls_rsa_validate_crt_alt( &ctx->MBEDTLS_PRIVATE(P), &ctx->MBEDTLS_PRIVATE(Q), &ctx->MBEDTLS_PRIVATE(D),
+ &ctx->MBEDTLS_PRIVATE(DP), &ctx->MBEDTLS_PRIVATE(DQ), &ctx->MBEDTLS_PRIVATE(QP) ) != 0 )
{
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
}
@@ -967,8 +961,8 @@
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
}
- if( mbedtls_mpi_cmp_mpi( &pub->N, &prv->N ) != 0 ||
- mbedtls_mpi_cmp_mpi( &pub->E, &prv->E ) != 0 )
+ if( mbedtls_mpi_cmp_mpi( &pub->MBEDTLS_PRIVATE(N), &prv->MBEDTLS_PRIVATE(N) ) != 0 ||
+ mbedtls_mpi_cmp_mpi( &pub->MBEDTLS_PRIVATE(E), &prv->MBEDTLS_PRIVATE(E) ) != 0 )
{
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
}
@@ -1027,35 +1021,35 @@
GOTO_END( CC_RSA_INVALID_PRIV_KEY_STRUCT_POINTER_ERROR );
}
- if (ctx->N.p == NULL)
+ if (ctx->MBEDTLS_PRIVATE(N).MBEDTLS_PRIVATE(p) == NULL)
{
GOTO_END( CC_RSA_INVALID_MODULUS_POINTER_ERROR );
}
- if (ctx->len == 0)
+ if (ctx->MBEDTLS_PRIVATE(len) == 0)
{
GOTO_END( CC_RSA_INVALID_MODULUS_SIZE );
}
#if defined(MBEDTLS_RSA_NO_CRT)
- if (ctx->D.p == NULL)
+ if (ctx->MBEDTLS_PRIVATE(D).MBEDTLS_PRIVATE(p) == NULL)
{
GOTO_END( CC_RSA_INVALID_EXPONENT_POINTER_ERROR );
}
#else
- if (ctx->P.p == NULL)
+ if (ctx->MBEDTLS_PRIVATE(P).MBEDTLS_PRIVATE(p) == NULL)
GOTO_END( CC_RSA_INVALID_CRT_FIRST_FACTOR_POINTER_ERROR );
- if (ctx->Q.p == NULL)
+ if (ctx->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(p) == NULL)
GOTO_END( CC_RSA_INVALID_CRT_SECOND_FACTOR_POINTER_ERROR );
- if (ctx->DP.p == NULL)
+ if (ctx->MBEDTLS_PRIVATE(DP).MBEDTLS_PRIVATE(p) == NULL)
GOTO_END( CC_RSA_INVALID_CRT_FIRST_FACTOR_EXP_PTR_ERROR );
- if (ctx->DQ.p == NULL)
+ if (ctx->MBEDTLS_PRIVATE(DQ).MBEDTLS_PRIVATE(p) == NULL)
GOTO_END( CC_RSA_INVALID_CRT_SECOND_FACTOR_EXP_PTR_ERROR );
- if (ctx->QP.p == NULL)
+ if (ctx->MBEDTLS_PRIVATE(QP).MBEDTLS_PRIVATE(p) == NULL)
GOTO_END( CC_RSA_INVALID_CRT_COEFFICIENT_PTR_ERROR );
#endif
@@ -1074,14 +1068,14 @@
}
/* ...... checking the validity of the exponent pointer ............... */
- if (ctx->E.p == NULL)
+ if (ctx->MBEDTLS_PRIVATE(E).MBEDTLS_PRIVATE(p) == NULL)
GOTO_END( CC_RSA_INVALID_EXPONENT_POINTER_ERROR );
/* ...... checking the validity of the modulus pointer .............. */
- if (ctx->N.p == NULL)
+ if (ctx->MBEDTLS_PRIVATE(N).MBEDTLS_PRIVATE(p) == NULL)
GOTO_END( CC_RSA_INVALID_MODULUS_POINTER_ERROR );
- if (ctx->len == 0)
+ if (ctx->MBEDTLS_PRIVATE(len) == 0)
{
GOTO_END( CC_RSA_INVALID_MODULUS_SIZE );
}
@@ -1124,9 +1118,9 @@
/* ................. checking the validity of the pointer arguments ....... */
/* ------------------------------------------------------------------------ */
CHECK_AND_RETURN_ERR_UPON_FIPS_ERROR();
- ModulusSize = mbedtls_mpi_size(&ctx->N);
- PubExponentSize = mbedtls_mpi_size(&ctx->E);
- PrivExponentSize = mbedtls_mpi_size(&ctx->D);
+ ModulusSize = mbedtls_mpi_size(&ctx->MBEDTLS_PRIVATE(N));
+ PubExponentSize = mbedtls_mpi_size(&ctx->MBEDTLS_PRIVATE(E));
+ PrivExponentSize = mbedtls_mpi_size(&ctx->MBEDTLS_PRIVATE(D));
/* ...... checking the validity of the modulus size, private exponent can not be more than 256 bytes .............. */
if (ModulusSize > CC_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BYTES)
@@ -1148,8 +1142,8 @@
/* clear the private key db */
CC_PalMemSetZero(PrivKey_ptr, sizeof(CCRsaPrivKey_t));
- CC_PalMemCopy(PrivKey_ptr->n, ctx->N.p, ModulusSize);
- CC_PalMemCopy(PrivKey_ptr->PriveKeyDb.NonCrt.d, ctx->D.p, PrivExponentSize);
+ CC_PalMemCopy(PrivKey_ptr->n, ctx->MBEDTLS_PRIVATE(N).MBEDTLS_PRIVATE(p), ModulusSize);
+ CC_PalMemCopy(PrivKey_ptr->PriveKeyDb.NonCrt.d, ctx->MBEDTLS_PRIVATE(D).MBEDTLS_PRIVATE(p), PrivExponentSize);
/* .................. initializing local variables ................... */
/* ------------------------------------------------------------------- */
@@ -1193,8 +1187,8 @@
}
/* checking that the public exponent is an integer between 3 and modulus - 1 */
- if ( ctx->E.p != NULL ) {
- CC_PalMemCopy(PrivKey_ptr->PriveKeyDb.NonCrt.e, ctx->E.p, PubExponentSize);
+ if ( ctx->MBEDTLS_PRIVATE(E).MBEDTLS_PRIVATE(p) != NULL ) {
+ CC_PalMemCopy(PrivKey_ptr->PriveKeyDb.NonCrt.e, ctx->MBEDTLS_PRIVATE(E).MBEDTLS_PRIVATE(p), PubExponentSize);
PubExponentEffectiveSizeInBits =
CC_CommonGetWordsCounterEffectiveSizeInBits(PrivKey_ptr->PriveKeyDb.NonCrt.e, (PubExponentSize+3)/4);
@@ -1296,12 +1290,12 @@
/* ................. checking the validity of the pointer arguments ....... */
/* ------------------------------------------------------------------------ */
CHECK_AND_RETURN_ERR_UPON_FIPS_ERROR();
- PSize = mbedtls_mpi_size(&ctx->P);
- QSize = mbedtls_mpi_size(&ctx->Q);
- dPSize = mbedtls_mpi_size(&ctx->DP);
- dQSize = mbedtls_mpi_size(&ctx->DQ);
- qInvSize = mbedtls_mpi_size(&ctx->QP);
- ModulusSize = mbedtls_mpi_size(&ctx->N);
+ PSize = mbedtls_mpi_size(&ctx->MBEDTLS_PRIVATE(P));
+ QSize = mbedtls_mpi_size(&ctx->MBEDTLS_PRIVATE(Q));
+ dPSize = mbedtls_mpi_size(&ctx->MBEDTLS_PRIVATE(DP));
+ dQSize = mbedtls_mpi_size(&ctx->MBEDTLS_PRIVATE(DQ));
+ qInvSize = mbedtls_mpi_size(&ctx->MBEDTLS_PRIVATE(QP));
+ ModulusSize = mbedtls_mpi_size(&ctx->MBEDTLS_PRIVATE(N));
/* checking the input sizes */
@@ -1318,7 +1312,7 @@
/* verifying the first factor exponent is less then the first factor */
CounterCmpResult =
- CC_CommonCmpLsWordsUnsignedCounters(ctx->DP.p, mbedtls_mpi_size_in_words(&ctx->DP), ctx->P.p, mbedtls_mpi_size_in_words(&ctx->P));
+ CC_CommonCmpLsWordsUnsignedCounters(ctx->MBEDTLS_PRIVATE(DP).MBEDTLS_PRIVATE(p), mbedtls_mpi_size_in_words(&ctx->MBEDTLS_PRIVATE(DP)), ctx->MBEDTLS_PRIVATE(P).MBEDTLS_PRIVATE(p), mbedtls_mpi_size_in_words(&ctx->MBEDTLS_PRIVATE(P)));
if (CounterCmpResult != CC_COMMON_CmpCounter2GreaterThenCounter1) {
GOTO_END(CC_RSA_INVALID_CRT_FIRST_FACTOR_EXPONENT_VAL);
@@ -1326,7 +1320,7 @@
/* verifying the second factor exponent is less then the second factor */
CounterCmpResult =
- CC_CommonCmpLsWordsUnsignedCounters(ctx->DQ.p, mbedtls_mpi_size_in_words(&ctx->DQ), ctx->Q.p, mbedtls_mpi_size_in_words(&ctx->Q));
+ CC_CommonCmpLsWordsUnsignedCounters(ctx->MBEDTLS_PRIVATE(DQ).MBEDTLS_PRIVATE(p), mbedtls_mpi_size_in_words(&ctx->MBEDTLS_PRIVATE(DQ)), ctx->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(p), mbedtls_mpi_size_in_words(&ctx->MBEDTLS_PRIVATE(Q)));
if (CounterCmpResult != CC_COMMON_CmpCounter2GreaterThenCounter1) {
GOTO_END(CC_RSA_INVALID_CRT_SECOND_FACTOR_EXPONENT_VAL);
@@ -1334,7 +1328,7 @@
/* verifying the CRT coefficient is less then the first factor */
CounterCmpResult =
- CC_CommonCmpLsWordsUnsignedCounters(ctx->QP.p, mbedtls_mpi_size_in_words(&ctx->QP), ctx->P.p, mbedtls_mpi_size_in_words(&ctx->P));
+ CC_CommonCmpLsWordsUnsignedCounters(ctx->MBEDTLS_PRIVATE(QP).MBEDTLS_PRIVATE(p), mbedtls_mpi_size_in_words(&ctx->MBEDTLS_PRIVATE(QP)), ctx->MBEDTLS_PRIVATE(P).MBEDTLS_PRIVATE(p), mbedtls_mpi_size_in_words(&ctx->MBEDTLS_PRIVATE(P)));
if (CounterCmpResult != CC_COMMON_CmpCounter2GreaterThenCounter1) {
GOTO_END(CC_RSA_INVALID_CRT_COEFF_VAL);
@@ -1350,11 +1344,11 @@
/* clear the private key db */
CC_PalMemSetZero(PrivKey_ptr, sizeof(CCRsaPrivKey_t));
- CC_PalMemCopy(PrivKey_ptr->PriveKeyDb.Crt.P, ctx->P.p, PSize);
- CC_PalMemCopy(PrivKey_ptr->PriveKeyDb.Crt.Q, ctx->Q.p, QSize);
- CC_PalMemCopy(PrivKey_ptr->PriveKeyDb.Crt.dP, ctx->DP.p, dPSize);
- CC_PalMemCopy(PrivKey_ptr->PriveKeyDb.Crt.dQ, ctx->DQ.p, dQSize);
- CC_PalMemCopy(PrivKey_ptr->PriveKeyDb.Crt.qInv, ctx->QP.p, qInvSize);
+ CC_PalMemCopy(PrivKey_ptr->PriveKeyDb.Crt.P, ctx->MBEDTLS_PRIVATE(P).MBEDTLS_PRIVATE(p), PSize);
+ CC_PalMemCopy(PrivKey_ptr->PriveKeyDb.Crt.Q, ctx->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(p), QSize);
+ CC_PalMemCopy(PrivKey_ptr->PriveKeyDb.Crt.dP, ctx->MBEDTLS_PRIVATE(DP).MBEDTLS_PRIVATE(p), dPSize);
+ CC_PalMemCopy(PrivKey_ptr->PriveKeyDb.Crt.dQ, ctx->MBEDTLS_PRIVATE(DQ).MBEDTLS_PRIVATE(p), dQSize);
+ CC_PalMemCopy(PrivKey_ptr->PriveKeyDb.Crt.qInv, ctx->MBEDTLS_PRIVATE(QP).MBEDTLS_PRIVATE(p), qInvSize);
/* .................. initializing local variables ................... */
/* ------------------------------------------------------------------- */
@@ -1407,7 +1401,7 @@
GOTO_CLEANUP(CC_RSA_INTERNAL_ERROR);
}
#else
- CC_PalMemCopy(PrivKey_ptr->n, ctx->N.p, ModulusSize);
+ CC_PalMemCopy(PrivKey_ptr->n, ctx->MBEDTLS_PRIVATE(N).MBEDTLS_PRIVATE(p), ModulusSize);
#endif
ModulusEffectiveSizeInBits =
@@ -1507,15 +1501,15 @@
/* ------------------------------------------------------------------------ */
CHECK_AND_RETURN_ERR_UPON_FIPS_ERROR();
- ModulusSize = mbedtls_mpi_size(&ctx->N);
- ExponentSize = mbedtls_mpi_size(&ctx->E);
+ ModulusSize = mbedtls_mpi_size(&ctx->MBEDTLS_PRIVATE(N));
+ ExponentSize = mbedtls_mpi_size(&ctx->MBEDTLS_PRIVATE(E));
if ((ExponentSize > CC_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BYTES) ||
- (ctx->E.n == 0))
+ (ctx->MBEDTLS_PRIVATE(E).MBEDTLS_PRIVATE(n) == 0))
return CC_RSA_INVALID_EXPONENT_SIZE;
if ((ModulusSize > CC_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BYTES) ||
- (ctx->N.n == 0))
+ (ctx->MBEDTLS_PRIVATE(N).MBEDTLS_PRIVATE(n) == 0))
{
return CC_RSA_INVALID_MODULUS_SIZE;
}
@@ -1527,8 +1521,8 @@
/* clear the public key db */
CC_PalMemSetZero( PubKey_ptr, sizeof(CCRsaPubKey_t) );
- CC_PalMemCopy(PubKey_ptr->n, ctx->N.p, mbedtls_mpi_size(&ctx->N));
- CC_PalMemCopy(PubKey_ptr->e, ctx->E.p, mbedtls_mpi_size(&ctx->E));
+ CC_PalMemCopy(PubKey_ptr->n, ctx->MBEDTLS_PRIVATE(N).MBEDTLS_PRIVATE(p), mbedtls_mpi_size(&ctx->MBEDTLS_PRIVATE(N)));
+ CC_PalMemCopy(PubKey_ptr->e, ctx->MBEDTLS_PRIVATE(E).MBEDTLS_PRIVATE(p), mbedtls_mpi_size(&ctx->MBEDTLS_PRIVATE(E)));
/* .................. initializing local variables ................... */
/* ------------------------------------------------------------------- */
@@ -1626,16 +1620,16 @@
}
#if defined(MBEDTLS_THREADING_C)
- if ( (ret = mbedtls_mutex_lock(&ctx->mutex) ) != 0)
+ if ( (ret = mbedtls_mutex_lock(&ctx->MBEDTLS_PRIVATE(mutex)) ) != 0)
return( ret );
#endif
/* ...... checking the validity of the exponent pointer ............... */
- if (ctx->E.p == NULL)
+ if (ctx->MBEDTLS_PRIVATE(E).MBEDTLS_PRIVATE(p) == NULL)
return CC_RSA_INVALID_EXPONENT_POINTER_ERROR;
/* ...... checking the validity of the modulus pointer .............. */
- if (ctx->N.p == NULL)
+ if (ctx->MBEDTLS_PRIVATE(N).MBEDTLS_PRIVATE(p) == NULL)
return CC_RSA_INVALID_MODULUS_POINTER_ERROR;
UserPubKey_ptr = (CCRsaUserPubKey_t *)mbedtls_calloc(1, sizeof(CCRsaUserPubKey_t));
@@ -1655,7 +1649,7 @@
goto End;
}
- Error = CC_RsaPrimEncrypt(UserPubKey_ptr, PrimeData_ptr, (unsigned char *)input, ctx->len, output);
+ Error = CC_RsaPrimEncrypt(UserPubKey_ptr, PrimeData_ptr, (unsigned char *)input, ctx->MBEDTLS_PRIVATE(len), output);
if ( Error != CC_OK ) {
goto End;
}
@@ -1667,7 +1661,7 @@
mbedtls_free(UserPubKey_ptr);
#if defined(MBEDTLS_THREADING_C)
- if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
+ if( mbedtls_mutex_unlock( &ctx->MBEDTLS_PRIVATE(mutex) ) != 0 )
return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
#endif
@@ -1712,7 +1706,7 @@
}
#if defined(MBEDTLS_THREADING_C)
- if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
+ if( ( ret = mbedtls_mutex_lock( &ctx->MBEDTLS_PRIVATE(mutex) ) ) != 0 )
return( ret );
#endif
@@ -1736,13 +1730,13 @@
GOTO_CLEANUP(Error);
}
- Error = CC_RsaPrimDecrypt(UserPrivKey_ptr, PrimeData_ptr, (unsigned char *)input, ctx->len, output);
+ Error = CC_RsaPrimDecrypt(UserPrivKey_ptr, PrimeData_ptr, (unsigned char *)input, ctx->MBEDTLS_PRIVATE(len), output);
if ( Error != CC_OK ) {
GOTO_CLEANUP(Error);
}
Cleanup:
if ( Error != CC_OK ) {
- mbedtls_zeroize_internal(output, ctx->len);
+ mbedtls_zeroize_internal(output, ctx->MBEDTLS_PRIVATE(len));
}
mbedtls_zeroize_internal(UserPrivKey_ptr, sizeof(CCRsaUserPrivKey_t));
mbedtls_zeroize_internal(PrimeData_ptr, sizeof(CCRsaPrimeData_t));
@@ -1750,7 +1744,7 @@
mbedtls_free(UserPrivKey_ptr);
End:
#if defined(MBEDTLS_THREADING_C)
- if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
+ if( mbedtls_mutex_unlock( &ctx->MBEDTLS_PRIVATE(mutex) ) != 0 )
return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
#endif
@@ -1765,7 +1759,6 @@
int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
- int mode,
const unsigned char *label, size_t label_len,
size_t ilen,
const unsigned char *input,
@@ -1788,11 +1781,6 @@
GOTO_END( CC_RSA_INVALID_PTR_ERROR );
}
- if( mode != MBEDTLS_RSA_PUBLIC )
- {
- GOTO_END( CC_RSA_ILLEGAL_PARAMS_ACCORDING_TO_PRIV_ERROR );
- }
-
if( input == NULL || output == NULL )
{
GOTO_END( CC_RSA_INVALID_PTR_ERROR );
@@ -1814,13 +1802,13 @@
GOTO_END( Error );
}
- if (ctx->padding != MBEDTLS_RSA_PKCS_V21)
+ if (ctx->MBEDTLS_PRIVATE(padding) != MBEDTLS_RSA_PKCS_V21)
{
GOTO_END( CC_RSA_DATA_POINTER_INVALID_ERROR );
}
- if ( (Error = convert_mbedtls_md_type_to_cc_rsa_hash_opmode((mbedtls_md_type_t)ctx->hash_id,
+ if ( (Error = convert_mbedtls_md_type_to_cc_rsa_hash_opmode((mbedtls_md_type_t)ctx->MBEDTLS_PRIVATE(hash_id),
0, // HashMode - before
&hashOpMode,
&hashOutputSizeBytes)) != CC_OK )
@@ -1828,13 +1816,13 @@
GOTO_CLEANUP( Error );
}
- md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id );
+ md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->MBEDTLS_PRIVATE(hash_id) );
if( md_info == NULL )
{
GOTO_END( CC_RSA_HASH_ILLEGAL_OPERATION_MODE_ERROR );
}
- olen = ctx->len;
+ olen = ctx->MBEDTLS_PRIVATE(len);
hlen = mbedtls_md_get_size( md_info );
/* first comparison checks for overflow */
@@ -1879,7 +1867,7 @@
Cleanup:
if ( Error != CC_OK )
{
- mbedtls_zeroize_internal(output, ctx->len);
+ mbedtls_zeroize_internal(output, ctx->MBEDTLS_PRIVATE(len));
}
mbedtls_zeroize_internal(UserPubKey_ptr, sizeof(CCRsaUserPubKey_t));
mbedtls_zeroize_internal(PrimeData_ptr, sizeof(CCRsaPrimeData_t));
@@ -1897,7 +1885,6 @@
int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
- int mode,
size_t ilen,
const unsigned char *input,
unsigned char *output )
@@ -1914,11 +1901,6 @@
GOTO_END( CC_RSA_INVALID_PTR_ERROR );
}
- if( mode != MBEDTLS_RSA_PUBLIC )
- {
- GOTO_END( CC_RSA_ILLEGAL_PARAMS_ACCORDING_TO_PRIV_ERROR );
- }
-
if( input == NULL || output == NULL )
{
GOTO_END( CC_RSA_INVALID_PTR_ERROR );
@@ -1938,13 +1920,13 @@
GOTO_END( Error );
}
- if ( ctx->padding != MBEDTLS_RSA_PKCS_V15 )
+ if ( ctx->MBEDTLS_PRIVATE(padding) != MBEDTLS_RSA_PKCS_V15 )
{
GOTO_END( CC_RSA_DATA_POINTER_INVALID_ERROR );
}
/* first comparison checks for overflow */
- if( ilen + 11 < ilen || ctx->len < ilen + 11 )
+ if( ilen + 11 < ilen || ctx->MBEDTLS_PRIVATE(len) < ilen + 11 )
{
GOTO_END( CC_RSA_INVALID_MESSAGE_DATA_SIZE );
}
@@ -1982,7 +1964,7 @@
Cleanup:
if ( Error != CC_OK )
{
- mbedtls_zeroize_internal(output, ctx->len);
+ mbedtls_zeroize_internal(output, ctx->MBEDTLS_PRIVATE(len));
}
mbedtls_zeroize_internal(UserPubKey_ptr, sizeof(CCRsaUserPubKey_t));
mbedtls_zeroize_internal(PrimeData_ptr, sizeof(CCRsaPrimeData_t));
@@ -2001,7 +1983,7 @@
int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
- int mode, size_t ilen,
+ size_t ilen,
const unsigned char *input,
unsigned char *output )
{
@@ -2010,17 +1992,17 @@
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
}
- switch( ctx->padding )
+ switch( ctx->MBEDTLS_PRIVATE(padding) )
{
#if defined(MBEDTLS_PKCS1_V15)
case MBEDTLS_RSA_PKCS_V15:
- return mbedtls_rsa_rsaes_pkcs1_v15_encrypt( ctx, f_rng, p_rng, mode, ilen,
+ return mbedtls_rsa_rsaes_pkcs1_v15_encrypt( ctx, f_rng, p_rng, ilen,
input, output );
#endif
#if defined(MBEDTLS_PKCS1_V21)
case MBEDTLS_RSA_PKCS_V21:
- return mbedtls_rsa_rsaes_oaep_encrypt( ctx, f_rng, p_rng, mode, NULL, 0,
+ return mbedtls_rsa_rsaes_oaep_encrypt( ctx, f_rng, p_rng, NULL, 0,
ilen, input, output );
#endif
@@ -2036,7 +2018,6 @@
int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
- int mode,
const unsigned char *label, size_t label_len,
size_t *olen,
const unsigned char *input,
@@ -2054,12 +2035,6 @@
CC_UNUSED_PARAM(f_rng);
CC_UNUSED_PARAM(p_rng);
- // mbedtls supports decryption with public key, CC does not
- if ( mode != MBEDTLS_RSA_PRIVATE )
- {
- GOTO_END( CC_RSA_INVALID_DECRYPRION_MODE_ERROR );
- }
-
if( input == NULL || output == NULL )
{
GOTO_END( CC_RSA_INVALID_PTR_ERROR );
@@ -2071,16 +2046,16 @@
GOTO_END( Error );
}
- if ( ctx->padding != MBEDTLS_RSA_PKCS_V21 )
+ if ( ctx->MBEDTLS_PRIVATE(padding) != MBEDTLS_RSA_PKCS_V21 )
GOTO_END( CC_RSA_DATA_POINTER_INVALID_ERROR );
// Sanity check on input length, not sure it's needed
- if( ctx->len < 16 || ctx->len > MBEDTLS_MPI_MAX_SIZE )
+ if( ctx->MBEDTLS_PRIVATE(len) < 16 || ctx->MBEDTLS_PRIVATE(len) > MBEDTLS_MPI_MAX_SIZE )
{
GOTO_END( CC_RSA_INVALID_MESSAGE_DATA_SIZE );
}
- if ( ( Error = convert_mbedtls_md_type_to_cc_rsa_hash_opmode((mbedtls_md_type_t)ctx->hash_id,
+ if ( ( Error = convert_mbedtls_md_type_to_cc_rsa_hash_opmode((mbedtls_md_type_t)ctx->MBEDTLS_PRIVATE(hash_id),
0, // HashMode - before
&hashOpMode,
&hashOutputSizeBytes) ) != CC_OK )
@@ -2089,7 +2064,7 @@
}
// checking for integer underflow
- if( 2 * hashOutputSizeBytes + 2 > ctx->len )
+ if( 2 * hashOutputSizeBytes + 2 > ctx->MBEDTLS_PRIVATE(len) )
{
GOTO_END( CC_RSA_INVALID_MESSAGE_DATA_SIZE );
}
@@ -2126,7 +2101,7 @@
label_len,
CC_PKCS1_MGF1,
(unsigned char *)input, // Need to remove the const-ness
- ctx->len,
+ ctx->MBEDTLS_PRIVATE(len),
output,
olen);
if ( Error != CC_OK)
@@ -2142,7 +2117,7 @@
Cleanup:
if ( Error != CC_OK )
{
- mbedtls_zeroize_internal(output, ctx->len);
+ mbedtls_zeroize_internal(output, ctx->MBEDTLS_PRIVATE(len));
}
mbedtls_zeroize_internal(UserPrivKey_ptr, sizeof(CCRsaUserPrivKey_t));
mbedtls_zeroize_internal(PrimeData_ptr, sizeof(CCRsaPrimeData_t));
@@ -2160,7 +2135,6 @@
int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
- int mode,
size_t *olen,
const unsigned char *input,
unsigned char *output,
@@ -2180,12 +2154,6 @@
CC_UNUSED_PARAM(f_rng);
CC_UNUSED_PARAM(p_rng);
- // mbedtls supports decryption with public key, CC does not
- if (mode != MBEDTLS_RSA_PRIVATE)
- {
- GOTO_END( CC_RSA_INVALID_DECRYPRION_MODE_ERROR );
- }
-
if( input == NULL || output == NULL )
{
GOTO_END( CC_RSA_INVALID_PTR_ERROR );
@@ -2198,13 +2166,13 @@
GOTO_END( Error );
}
- if( ctx->padding != MBEDTLS_RSA_PKCS_V15 )
+ if( ctx->MBEDTLS_PRIVATE(padding) != MBEDTLS_RSA_PKCS_V15 )
{
GOTO_END( CC_RSA_DATA_POINTER_INVALID_ERROR );
}
// Sanity check on input length, not sure it's needed
- if( ctx->len < 16 || ctx->len > MBEDTLS_MPI_MAX_SIZE )
+ if( ctx->MBEDTLS_PRIVATE(len) < 16 || ctx->MBEDTLS_PRIVATE(len) > MBEDTLS_MPI_MAX_SIZE )
{
GOTO_END( CC_RSA_INVALID_MESSAGE_DATA_SIZE );
}
@@ -2237,7 +2205,7 @@
Error = CC_RsaPkcs1V15Decrypt(UserPrivKey_ptr,
PrimeData_ptr,
(unsigned char *)input, // Need to remove the const-ness
- ctx->len,
+ ctx->MBEDTLS_PRIVATE(len),
output,
olen);
@@ -2254,7 +2222,7 @@
Cleanup:
if ( Error != CC_OK )
{
- mbedtls_zeroize_internal(output, ctx->len);
+ mbedtls_zeroize_internal(output, ctx->MBEDTLS_PRIVATE(len));
}
mbedtls_zeroize_internal(UserPrivKey_ptr, sizeof(CCRsaUserPrivKey_t));
mbedtls_zeroize_internal(PrimeData_ptr, sizeof(CCRsaPrimeData_t));
@@ -2272,7 +2240,7 @@
int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
- int mode, size_t *olen,
+ size_t *olen,
const unsigned char *input,
unsigned char *output,
size_t output_max_len)
@@ -2282,17 +2250,17 @@
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
}
- switch( ctx->padding )
+ switch( ctx->MBEDTLS_PRIVATE(padding) )
{
#if defined(MBEDTLS_PKCS1_V15)
case MBEDTLS_RSA_PKCS_V15:
- return mbedtls_rsa_rsaes_pkcs1_v15_decrypt( ctx, f_rng, p_rng, mode, olen,
+ return mbedtls_rsa_rsaes_pkcs1_v15_decrypt( ctx, f_rng, p_rng, olen,
input, output, output_max_len );
#endif
#if defined(MBEDTLS_PKCS1_V21)
case MBEDTLS_RSA_PKCS_V21:
- return mbedtls_rsa_rsaes_oaep_decrypt( ctx, f_rng, p_rng, mode, NULL, 0,
+ return mbedtls_rsa_rsaes_oaep_decrypt( ctx, f_rng, p_rng, NULL, 0,
olen, input, output,
output_max_len );
#endif
@@ -2309,7 +2277,6 @@
int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
- int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
@@ -2329,10 +2296,6 @@
if (ctx == NULL){
GOTO_END( CC_RSA_INVALID_PTR_ERROR );
}
- if (mode != MBEDTLS_RSA_PRIVATE) /* In cryptocell only private key operations are allowed with sign */
- {
- GOTO_END( CC_RSA_WRONG_PRIVATE_KEY_TYPE );
- }
if ( NULL == sig || NULL == hash )
{
GOTO_END( CC_RSA_INVALID_PTR_ERROR );
@@ -2346,7 +2309,7 @@
encoding. md_alg in the function call is the type of hash
that is encoded. According to RFC 3447 it is advised to keep
both hashes the same. */
- if ( md_alg != ( mbedtls_md_type_t ) ctx->hash_id )
+ if ( md_alg != ( mbedtls_md_type_t ) ctx->MBEDTLS_PRIVATE(hash_id) )
{
GOTO_END( CC_RSA_HASH_ILLEGAL_OPERATION_MODE_ERROR );
}
@@ -2389,7 +2352,7 @@
GOTO_CLEANUP( Error );
}
- sig_size = mbedtls_mpi_size( ( const mbedtls_mpi *)&( ctx->N ) );
+ sig_size = mbedtls_mpi_size( ( const mbedtls_mpi *)&( ctx->MBEDTLS_PRIVATE(N) ) );
Error = CC_RsaPssSign( &rndContext,
UserContext_ptr,
@@ -2421,7 +2384,6 @@
int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
- int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
@@ -2441,10 +2403,6 @@
if (ctx == NULL){
GOTO_END( CC_RSA_INVALID_PTR_ERROR );
}
- if (mode != MBEDTLS_RSA_PRIVATE) /* In cryptocell only private key operations are allowed with sign */
- {
- GOTO_END( CC_RSA_WRONG_PRIVATE_KEY_TYPE );
- }
if (NULL == sig || NULL == hash)
{
GOTO_END( CC_RSA_INVALID_PTR_ERROR );
@@ -2493,7 +2451,7 @@
GOTO_CLEANUP(Error);
}
- sig_size = mbedtls_mpi_size( (const mbedtls_mpi *)&(ctx->N) );
+ sig_size = mbedtls_mpi_size( (const mbedtls_mpi *)&(ctx->MBEDTLS_PRIVATE(N)) );
Error = CC_RsaPkcs1V15Sign(&rndContext,
UserContext_ptr,
UserPrivKey_ptr,
@@ -2518,7 +2476,6 @@
int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
- int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
@@ -2529,17 +2486,17 @@
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
}
- switch( ctx->padding )
+ switch( ctx->MBEDTLS_PRIVATE(padding) )
{
#if defined(MBEDTLS_PKCS1_V15)
case MBEDTLS_RSA_PKCS_V15:
- return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng, mode, md_alg,
+ return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng, md_alg,
hashlen, hash, sig );
#endif
#if defined(MBEDTLS_PKCS1_V21)
case MBEDTLS_RSA_PKCS_V21:
- return mbedtls_rsa_rsassa_pss_sign( ctx, f_rng, p_rng, mode, md_alg,
+ return mbedtls_rsa_rsassa_pss_sign( ctx, f_rng, p_rng, md_alg,
hashlen, hash, sig );
#endif
@@ -2553,9 +2510,6 @@
* Implementation of the PKCS#1 v2.1 RSASSA-PSS-VERIFY function
*/
int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
@@ -2570,18 +2524,11 @@
CCError_t Error = CC_OK;
mbedtls_md_type_t mdType;
- CC_UNUSED_PARAM(f_rng);
- CC_UNUSED_PARAM(p_rng);
-
/* Check input parameters */
if (ctx == NULL){
GOTO_END( CC_RSA_WRONG_PRIVATE_KEY_TYPE );
}
- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) /* In cryptocell only public key operations are allowed with verify */
- {
- GOTO_END( CC_RSA_WRONG_PRIVATE_KEY_TYPE );
- }
if (NULL == sig || NULL == hash)
{
GOTO_END( CC_RSA_INVALID_PTR_ERROR );
@@ -2639,9 +2586,6 @@
* Simplified PKCS#1 v2.1 RSASSA-PSS-VERIFY function
*/
int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
@@ -2652,10 +2596,10 @@
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
}
- if (( ctx->hash_id != MBEDTLS_MD_NONE ) && ((mbedtls_md_type_t) ctx->hash_id != md_alg)){
+ if (( ctx->MBEDTLS_PRIVATE(hash_id) != MBEDTLS_MD_NONE ) && ((mbedtls_md_type_t) ctx->MBEDTLS_PRIVATE(hash_id) != md_alg)){
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
- return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, f_rng, p_rng, mode,
+ return( mbedtls_rsa_rsassa_pss_verify_ext( ctx,
md_alg, hashlen, hash,
md_alg, MBEDTLS_RSA_SALT_LEN_ANY,
sig ) );
@@ -2665,9 +2609,6 @@
#if defined(MBEDTLS_PKCS1_V15)
int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
@@ -2679,8 +2620,6 @@
size_t hashOutputSizeBytes = 0;
CCError_t Error = CC_OK;
- CC_UNUSED_PARAM(f_rng);
- CC_UNUSED_PARAM(p_rng);
/* Check input parameters */
if (ctx == NULL){
GOTO_END( CC_RSA_INVALID_PTR_ERROR );
@@ -2702,10 +2641,6 @@
{
hashlen = hashOutputSizeBytes;
}
- if (mode != MBEDTLS_RSA_PUBLIC) /* In cryptocell only public key operations are allowed with verify */
- {
- GOTO_END( CC_RSA_WRONG_PRIVATE_KEY_TYPE );
- }
if (NULL == sig || NULL == hash)
{
GOTO_END( CC_RSA_INVALID_PTR_ERROR );
@@ -2748,9 +2683,6 @@
* Do an RSA operation and check the message digest
*/
int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
@@ -2761,17 +2693,17 @@
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
}
- switch( ctx->padding )
+ switch( ctx->MBEDTLS_PRIVATE(padding) )
{
#if defined(MBEDTLS_PKCS1_V15)
case MBEDTLS_RSA_PKCS_V15:
- return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, f_rng, p_rng, mode, md_alg,
+ return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, md_alg,
hashlen, hash, sig );
#endif
#if defined(MBEDTLS_PKCS1_V21)
case MBEDTLS_RSA_PKCS_V21:
- return mbedtls_rsa_rsassa_pss_verify( ctx, f_rng, p_rng, mode, md_alg,
+ return mbedtls_rsa_rsassa_pss_verify( ctx, md_alg,
hashlen, hash, sig );
#endif
@@ -2791,32 +2723,32 @@
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
- dst->ver = src->ver;
- dst->len = src->len;
+ dst->MBEDTLS_PRIVATE(ver) = src->MBEDTLS_PRIVATE(ver);
+ dst->MBEDTLS_PRIVATE(len) = src->MBEDTLS_PRIVATE(len);
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->N, &src->N ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->E, &src->E ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(N), &src->MBEDTLS_PRIVATE(N) ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(E), &src->MBEDTLS_PRIVATE(E) ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->D, &src->D ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->P, &src->P ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Q, &src->Q ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->DP, &src->DP ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->DQ, &src->DQ ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->QP, &src->QP ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(D), &src->MBEDTLS_PRIVATE(D) ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(P), &src->MBEDTLS_PRIVATE(P) ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(Q), &src->MBEDTLS_PRIVATE(Q) ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(DP), &src->MBEDTLS_PRIVATE(DP) ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(DQ), &src->MBEDTLS_PRIVATE(DQ) ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(QP), &src->MBEDTLS_PRIVATE(QP) ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RN, &src->RN ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RP, &src->RP ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RQ, &src->RQ ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(RN), &src->MBEDTLS_PRIVATE(RN) ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(RP), &src->MBEDTLS_PRIVATE(RP) ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(RQ), &src->MBEDTLS_PRIVATE(RQ) ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->NP, &src->NP ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->BPP, &src->BPP ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->BQP, &src->BQP ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(NP), &src->MBEDTLS_PRIVATE(NP) ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(BPP), &src->MBEDTLS_PRIVATE(BPP) ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(BQP), &src->MBEDTLS_PRIVATE(BQP) ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Vi, &src->Vi ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Vf, &src->Vf ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(Vi), &src->MBEDTLS_PRIVATE(Vi) ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(Vf), &src->MBEDTLS_PRIVATE(Vf) ) );
- dst->padding = src->padding;
- dst->hash_id = src->hash_id;
+ dst->MBEDTLS_PRIVATE(padding) = src->MBEDTLS_PRIVATE(padding);
+ dst->MBEDTLS_PRIVATE(hash_id) = src->MBEDTLS_PRIVATE(hash_id);
cleanup:
if( ret != 0 )
@@ -2831,15 +2763,15 @@
void mbedtls_rsa_free( mbedtls_rsa_context *ctx )
{
if (ctx != NULL) {
- mbedtls_mpi_free( &ctx->BQP ); mbedtls_mpi_free( &ctx->BPP ); mbedtls_mpi_free( &ctx->NP );
- mbedtls_mpi_free( &ctx->Vi ); mbedtls_mpi_free( &ctx->Vf );
- mbedtls_mpi_free( &ctx->RQ ); mbedtls_mpi_free( &ctx->RP ); mbedtls_mpi_free( &ctx->RN );
- mbedtls_mpi_free( &ctx->QP ); mbedtls_mpi_free( &ctx->DQ ); mbedtls_mpi_free( &ctx->DP );
- mbedtls_mpi_free( &ctx->Q ); mbedtls_mpi_free( &ctx->P ); mbedtls_mpi_free( &ctx->D );
- mbedtls_mpi_free( &ctx->E ); mbedtls_mpi_free( &ctx->N );
+ mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(BQP) ); mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(BPP) ); mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(NP) );
+ mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(Vi) ); mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(Vf) );
+ mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(RQ) ); mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(RP) ); mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(RN) );
+ mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(QP) ); mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(DQ) ); mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(DP) );
+ mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(Q) ); mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(P) ); mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(D) );
+ mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(E) ); mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(N) );
#if defined(MBEDTLS_THREADING_C)
- mbedtls_mutex_free( &ctx->mutex );
+ mbedtls_mutex_free( &ctx->MBEDTLS_PRIVATE(mutex) );
#endif
}
}
@@ -2856,17 +2788,17 @@
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
}
- if( ( N != NULL && ( ret = mbedtls_mpi_copy( &ctx->N, N ) ) != 0 ) ||
- ( P != NULL && ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ) ||
- ( Q != NULL && ( ret = mbedtls_mpi_copy( &ctx->Q, Q ) ) != 0 ) ||
- ( D != NULL && ( ret = mbedtls_mpi_copy( &ctx->D, D ) ) != 0 ) ||
- ( E != NULL && ( ret = mbedtls_mpi_copy( &ctx->E, E ) ) != 0 ) )
+ if( ( N != NULL && ( ret = mbedtls_mpi_copy( &ctx->MBEDTLS_PRIVATE(N), N ) ) != 0 ) ||
+ ( P != NULL && ( ret = mbedtls_mpi_copy( &ctx->MBEDTLS_PRIVATE(P), P ) ) != 0 ) ||
+ ( Q != NULL && ( ret = mbedtls_mpi_copy( &ctx->MBEDTLS_PRIVATE(Q), Q ) ) != 0 ) ||
+ ( D != NULL && ( ret = mbedtls_mpi_copy( &ctx->MBEDTLS_PRIVATE(D), D ) ) != 0 ) ||
+ ( E != NULL && ( ret = mbedtls_mpi_copy( &ctx->MBEDTLS_PRIVATE(E), E ) ) != 0 ) )
{
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret );
}
if( N != NULL )
- ctx->len = mbedtls_mpi_size( &ctx->N );
+ ctx->MBEDTLS_PRIVATE(len) = mbedtls_mpi_size( &ctx->MBEDTLS_PRIVATE(N) );
return( 0 );
}
@@ -2886,21 +2818,21 @@
if( N != NULL )
{
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->N, N, N_len ) );
- ctx->len = mbedtls_mpi_size( &ctx->N );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->MBEDTLS_PRIVATE(N), N, N_len ) );
+ ctx->MBEDTLS_PRIVATE(len) = mbedtls_mpi_size( &ctx->MBEDTLS_PRIVATE(N) );
}
if( P != NULL )
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->P, P, P_len ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->MBEDTLS_PRIVATE(P), P, P_len ) );
if( Q != NULL )
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->Q, Q, Q_len ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->MBEDTLS_PRIVATE(Q), Q, Q_len ) );
if( D != NULL )
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->D, D, D_len ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->MBEDTLS_PRIVATE(D), D, D_len ) );
if( E != NULL )
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->E, E, E_len ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->MBEDTLS_PRIVATE(E), E, E_len ) );
cleanup:
@@ -2939,8 +2871,8 @@
return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
}
- tempBufSize = P->n;
- sizeBitsP = P->n*sizeof(uint32_t)*8;
+ tempBufSize = P->MBEDTLS_PRIVATE(n);
+ sizeBitsP = P->MBEDTLS_PRIVATE(n)*sizeof(uint32_t)*8;
ret = PkaInitAndMutexLock(2*sizeBitsP, ®Count);
if (ret != 0)
@@ -2954,9 +2886,9 @@
}
PKA_SET_REG_SIZE(sizeBitsP, PLEN_ID);
- PkaCopyDataIntoPkaReg(rP, REG_LEN_ID, P->p, P->n);
- PkaCopyDataIntoPkaReg(rQ, REG_LEN_ID, Q->p, Q->n);
- PkaCopyDataIntoPkaReg(rD, REG_LEN_ID, D->p, D->n);
+ PkaCopyDataIntoPkaReg(rP, REG_LEN_ID, P->MBEDTLS_PRIVATE(p), P->MBEDTLS_PRIVATE(n));
+ PkaCopyDataIntoPkaReg(rQ, REG_LEN_ID, Q->MBEDTLS_PRIVATE(p), Q->MBEDTLS_PRIVATE(n));
+ PkaCopyDataIntoPkaReg(rD, REG_LEN_ID, D->MBEDTLS_PRIVATE(p), D->MBEDTLS_PRIVATE(n));
ret = PkaCalcNpIntoPkaReg(PLEN_ID, sizeBitsP, rP/*regN*/, regNp, rT1, rT2 );
if (ret != 0)
@@ -2979,14 +2911,14 @@
PKA_ADD_IM(MOD_LEN_ID, rP, rP, 1);
PKA_ADD_IM(MOD_LEN_ID, rQ, rQ, 1);
PKA_MOD_INV(PLEN_ID, rT3/*res*/, rQ); // rT3 = Q^-1 mod P
- PkaCopyDataFromPkaReg(pTempBuf, P->n, rT1);
- MBEDTLS_MPI_CHK(mbedtls_rsa_uint32_buf_to_mpi( DP, pTempBuf, P->n ));
+ PkaCopyDataFromPkaReg(pTempBuf, P->MBEDTLS_PRIVATE(n), rT1);
+ MBEDTLS_MPI_CHK(mbedtls_rsa_uint32_buf_to_mpi( DP, pTempBuf, P->MBEDTLS_PRIVATE(n) ));
- PkaCopyDataFromPkaReg(pTempBuf, P->n, rT2);
- MBEDTLS_MPI_CHK(mbedtls_rsa_uint32_buf_to_mpi( DQ, pTempBuf, P->n ));
+ PkaCopyDataFromPkaReg(pTempBuf, P->MBEDTLS_PRIVATE(n), rT2);
+ MBEDTLS_MPI_CHK(mbedtls_rsa_uint32_buf_to_mpi( DQ, pTempBuf, P->MBEDTLS_PRIVATE(n) ));
- PkaCopyDataFromPkaReg (pTempBuf, P->n, rT3);
- MBEDTLS_MPI_CHK(mbedtls_rsa_uint32_buf_to_mpi( QP, pTempBuf, P->n ));
+ PkaCopyDataFromPkaReg (pTempBuf, P->MBEDTLS_PRIVATE(n), rT3);
+ MBEDTLS_MPI_CHK(mbedtls_rsa_uint32_buf_to_mpi( QP, pTempBuf, P->MBEDTLS_PRIVATE(n) ));
cleanup:
PkaFinishAndMutexUnlock(regCount);
@@ -3027,14 +2959,14 @@
}
- have_N = mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0;
- have_P = mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0;
- have_Q = mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0;
- have_D = mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0;
- have_E = mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0;
- have_DP = mbedtls_mpi_cmp_int( &ctx->DP, 0 ) != 0;
- have_DQ = mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) != 0;
- have_QP = mbedtls_mpi_cmp_int( &ctx->QP, 0 ) != 0;
+ have_N = mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(N), 0 ) != 0;
+ have_P = mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(P), 0 ) != 0;
+ have_Q = mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(Q), 0 ) != 0;
+ have_D = mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(D), 0 ) != 0;
+ have_E = mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(E), 0 ) != 0;
+ have_DP = mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(DP), 0 ) != 0;
+ have_DQ = mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(DQ), 0 ) != 0;
+ have_QP = mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(QP), 0 ) != 0;
/*
* 1. The user may insert N, D, E and the complete function will not derive the P and Q from it.
@@ -3069,13 +3001,13 @@
//if N is requested to be calculated from P and Q, it will be done by sw
if( !have_N && have_P && have_Q )
{
- if( ( ret = mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P,
- &ctx->Q ) ) != 0 )
+ if( ( ret = mbedtls_mpi_mul_mpi( &ctx->MBEDTLS_PRIVATE(N), &ctx->MBEDTLS_PRIVATE(P),
+ &ctx->MBEDTLS_PRIVATE(Q) ) ) != 0 )
{
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret );
}
- ctx->len = mbedtls_mpi_size( &ctx->N );
+ ctx->MBEDTLS_PRIVATE(len) = mbedtls_mpi_size( &ctx->MBEDTLS_PRIVATE(N) );
}
/*
@@ -3087,8 +3019,8 @@
if (( is_priv ) && (crt_missing))
{
- ret = mbedtls_alt_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D,
- &ctx->DP, &ctx->DQ, &ctx->QP );
+ ret = mbedtls_alt_rsa_deduce_crt( &ctx->MBEDTLS_PRIVATE(P), &ctx->MBEDTLS_PRIVATE(Q), &ctx->MBEDTLS_PRIVATE(D),
+ &ctx->MBEDTLS_PRIVATE(DP), &ctx->MBEDTLS_PRIVATE(DQ), &ctx->MBEDTLS_PRIVATE(QP) );
if( ret != 0 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret );
}
@@ -3118,11 +3050,11 @@
/* Check if key is private or public */
is_priv =
- mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0;
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(N), 0 ) != 0 &&
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(P), 0 ) != 0 &&
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(Q), 0 ) != 0 &&
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(D), 0 ) != 0 &&
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(E), 0 ) != 0;
if( !is_priv )
{
@@ -3134,19 +3066,19 @@
}
if( N != NULL )
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->N, N, N_len ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->MBEDTLS_PRIVATE(N), N, N_len ) );
if( P != NULL )
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->P, P, P_len ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->MBEDTLS_PRIVATE(P), P, P_len ) );
if( Q != NULL )
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->Q, Q, Q_len ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->MBEDTLS_PRIVATE(Q), Q, Q_len ) );
if( D != NULL )
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->D, D, D_len ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->MBEDTLS_PRIVATE(D), D, D_len ) );
if( E != NULL )
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->E, E, E_len ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->MBEDTLS_PRIVATE(E), E, E_len ) );
cleanup:
@@ -3167,11 +3099,11 @@
/* Check if key is private or public */
is_priv =
- mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0;
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(N), 0 ) != 0 &&
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(P), 0 ) != 0 &&
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(Q), 0 ) != 0 &&
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(D), 0 ) != 0 &&
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(E), 0 ) != 0;
if( !is_priv )
{
@@ -3183,11 +3115,11 @@
}
/* Export all requested core parameters. */
- if( ( N != NULL && ( ret = mbedtls_mpi_copy( N, &ctx->N ) ) != 0 ) ||
- ( P != NULL && ( ret = mbedtls_mpi_copy( P, &ctx->P ) ) != 0 ) ||
- ( Q != NULL && ( ret = mbedtls_mpi_copy( Q, &ctx->Q ) ) != 0 ) ||
- ( D != NULL && ( ret = mbedtls_mpi_copy( D, &ctx->D ) ) != 0 ) ||
- ( E != NULL && ( ret = mbedtls_mpi_copy( E, &ctx->E ) ) != 0 ) )
+ if( ( N != NULL && ( ret = mbedtls_mpi_copy( N, &ctx->MBEDTLS_PRIVATE(N) ) ) != 0 ) ||
+ ( P != NULL && ( ret = mbedtls_mpi_copy( P, &ctx->MBEDTLS_PRIVATE(P) ) ) != 0 ) ||
+ ( Q != NULL && ( ret = mbedtls_mpi_copy( Q, &ctx->MBEDTLS_PRIVATE(Q) ) ) != 0 ) ||
+ ( D != NULL && ( ret = mbedtls_mpi_copy( D, &ctx->MBEDTLS_PRIVATE(D) ) ) != 0 ) ||
+ ( E != NULL && ( ret = mbedtls_mpi_copy( E, &ctx->MBEDTLS_PRIVATE(E) ) ) != 0 ) )
{
return( ret );
}
@@ -3208,25 +3140,25 @@
/* Check if key is private or public */
is_priv =
- mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0;
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(N), 0 ) != 0 &&
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(P), 0 ) != 0 &&
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(Q), 0 ) != 0 &&
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(D), 0 ) != 0 &&
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(E), 0 ) != 0;
if( !is_priv )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
#if !defined(MBEDTLS_RSA_NO_CRT)
/* Export all requested blinding parameters. */
- if( ( DP != NULL && ( ret = mbedtls_mpi_copy( DP, &ctx->DP ) ) != 0 ) ||
- ( DQ != NULL && ( ret = mbedtls_mpi_copy( DQ, &ctx->DQ ) ) != 0 ) ||
- ( QP != NULL && ( ret = mbedtls_mpi_copy( QP, &ctx->QP ) ) != 0 ) )
+ if( ( DP != NULL && ( ret = mbedtls_mpi_copy( DP, &ctx->MBEDTLS_PRIVATE(DP) ) ) != 0 ) ||
+ ( DQ != NULL && ( ret = mbedtls_mpi_copy( DQ, &ctx->MBEDTLS_PRIVATE(DQ) ) ) != 0 ) ||
+ ( QP != NULL && ( ret = mbedtls_mpi_copy( QP, &ctx->MBEDTLS_PRIVATE(QP) ) ) != 0 ) )
{
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret );
}
#else
- if( ( ret = mbedtls_alt_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D,
+ if( ( ret = mbedtls_alt_rsa_deduce_crt( &ctx->MBEDTLS_PRIVATE(P), &ctx->MBEDTLS_PRIVATE(Q), &ctx->MBEDTLS_PRIVATE(D),
DP, DQ, QP ) ) != 0 )
{
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret );
@@ -3246,7 +3178,7 @@
return 0;
}
- return( ctx->len );
+ return( ctx->MBEDTLS_PRIVATE(len) );
}
/**************************************************************************************/
diff --git a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/sha256_alt.c b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/sha256_alt.c
index 4b9c29e..70ed813 100644
--- a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/sha256_alt.c
+++ b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/sha256_alt.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2001-2021, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -47,7 +47,7 @@
/*
* SHA-256 context setup
*/
-int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
+int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 )
{
int ret;
@@ -84,7 +84,7 @@
}
-int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, const unsigned char *input, size_t ilen )
+int mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input, size_t ilen )
{
int ret;
@@ -101,7 +101,7 @@
/*
* SHA-256 final digest
*/
-int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, unsigned char output[32] )
+int mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] )
{
int ret;
HashContext_t *pHashCtx = NULL;
diff --git a/lib/ext/cryptocell-312-runtime/codesafe/src/psa_driver_api/src/cc3xx_psa_cipher.c b/lib/ext/cryptocell-312-runtime/codesafe/src/psa_driver_api/src/cc3xx_psa_cipher.c
index 64d0148..19673e2 100644
--- a/lib/ext/cryptocell-312-runtime/codesafe/src/psa_driver_api/src/cc3xx_psa_cipher.c
+++ b/lib/ext/cryptocell-312-runtime/codesafe/src/psa_driver_api/src/cc3xx_psa_cipher.c
@@ -41,8 +41,8 @@
psa_encrypt_or_decrypt_t dir)
{
psa_status_t ret = PSA_ERROR_CORRUPTION_DETECTED;
- psa_key_type_t key_type = attributes->core.type;
- size_t key_bits = attributes->core.bits;
+ psa_key_type_t key_type = psa_get_key_type(attributes);
+ size_t key_bits = psa_get_key_bits(attributes);
(void)key_length;
diff --git a/lib/ext/cryptocell-312-runtime/host/src/tests/integration_cc3x/runtime_integration_test/run_integration_test.c b/lib/ext/cryptocell-312-runtime/host/src/tests/integration_cc3x/runtime_integration_test/run_integration_test.c
index bdce849..f8d038e 100644
--- a/lib/ext/cryptocell-312-runtime/host/src/tests/integration_cc3x/runtime_integration_test/run_integration_test.c
+++ b/lib/ext/cryptocell-312-runtime/host/src/tests/integration_cc3x/runtime_integration_test/run_integration_test.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2001-2021, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -657,11 +657,11 @@
RUNIT_PERF_REG_API(mbedtls_sha1_update_ret , gCompConf.sha1);
RUNIT_PERF_REG_API(mbedtls_sha256 , gCompConf.sha256);
RUNIT_PERF_REG_API(mbedtls_sha256_clone , gCompConf.sha256);
- RUNIT_PERF_REG_API(mbedtls_sha256_finish_ret , gCompConf.sha256);
+ RUNIT_PERF_REG_API(mbedtls_sha256_finish , gCompConf.sha256);
RUNIT_PERF_REG_API(mbedtls_sha256_free , gCompConf.sha256);
RUNIT_PERF_REG_API(mbedtls_sha256_init , gCompConf.sha256);
- RUNIT_PERF_REG_API(mbedtls_sha256_starts_ret , gCompConf.sha256);
- RUNIT_PERF_REG_API(mbedtls_sha256_update_ret , gCompConf.sha256);
+ RUNIT_PERF_REG_API(mbedtls_sha256_starts , gCompConf.sha256);
+ RUNIT_PERF_REG_API(mbedtls_sha256_update , gCompConf.sha256);
RUNIT_PERF_REG_API(mbedtls_sha512 , gCompConf.sha512);
RUNIT_PERF_REG_API(mbedtls_sha512_clone , gCompConf.sha512);
RUNIT_PERF_REG_API(mbedtls_sha512_finish , gCompConf.sha512);
diff --git a/lib/ext/cryptocell-312-runtime/host/src/tests/integration_cc3x/runtime_integration_test/tests/run_integration_sha.c b/lib/ext/cryptocell-312-runtime/host/src/tests/integration_cc3x/runtime_integration_test/tests/run_integration_sha.c
index 20871b0..efb901c 100644
--- a/lib/ext/cryptocell-312-runtime/host/src/tests/integration_cc3x/runtime_integration_test/tests/run_integration_sha.c
+++ b/lib/ext/cryptocell-312-runtime/host/src/tests/integration_cc3x/runtime_integration_test/tests/run_integration_sha.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2001-2021, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -119,10 +119,10 @@
/* Initialize sha engine */
RUNIT_API(mbedtls_sha256_init(pCtx));
- RUNIT_ASSERT(mbedtls_sha256_starts_ret(pCtx, IS_SHA_224) == 0);
- RUNIT_ASSERT(mbedtls_sha256_update_ret(pCtx, (const unsigned char*)INPUT_MESSAGE, strlen(INPUT_MESSAGE)) == 0);
+ RUNIT_ASSERT(mbedtls_sha256_starts(pCtx, IS_SHA_224) == 0);
+ RUNIT_ASSERT(mbedtls_sha256_update(pCtx, (const unsigned char*)INPUT_MESSAGE, strlen(INPUT_MESSAGE)) == 0);
RUNIT_API(mbedtls_sha256_clone(pCtxCloned, pCtx));
- RUNIT_ASSERT(mbedtls_sha256_finish_ret(pCtxCloned, sha224sum) == 0);
+ RUNIT_ASSERT(mbedtls_sha256_finish(pCtxCloned, sha224sum) == 0);
RUNIT_PRINT_BUF(sha224sum, 28, "result");
@@ -174,10 +174,10 @@
/* Initialize sha engine */
RUNIT_API(mbedtls_sha256_init(pCtx));
- RUNIT_ASSERT(mbedtls_sha256_starts_ret(pCtx, IS_SHA_224) == 0);
- RUNIT_ASSERT(mbedtls_sha256_update_ret(pCtx, (const unsigned char*)INPUT_MESSAGE, strlen(INPUT_MESSAGE)) == 0);
+ RUNIT_ASSERT(mbedtls_sha256_starts(pCtx, IS_SHA_224) == 0);
+ RUNIT_ASSERT(mbedtls_sha256_update(pCtx, (const unsigned char*)INPUT_MESSAGE, strlen(INPUT_MESSAGE)) == 0);
RUNIT_API(mbedtls_sha256_clone(pCtxCloned, pCtx));
- RUNIT_ASSERT(mbedtls_sha256_finish_ret(pCtxCloned, sha256sum) == 0);
+ RUNIT_ASSERT(mbedtls_sha256_finish(pCtxCloned, sha256sum) == 0);
RUNIT_PRINT_BUF(sha256sum, 32, "result");
diff --git a/lib/ext/cryptocell-312-runtime/shared/hw/include/arm/diphda/dx_reg_base_host.h b/lib/ext/cryptocell-312-runtime/shared/hw/include/arm/diphda/dx_reg_base_host.h
new file mode 100644
index 0000000..0d334f0
--- /dev/null
+++ b/lib/ext/cryptocell-312-runtime/shared/hw/include/arm/diphda/dx_reg_base_host.h
@@ -0,0 +1,16 @@
+/*
+ * Copyright (c) 2001-2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef __DX_REG_BASE_DIPHDA_H__
+#define __DX_REG_BASE_DIPHDA_H__
+
+#define DX_BASE_CC 0x2F000000
+
+#define DX_BASE_HOST_RGF 0x0UL
+#define DX_BASE_CRY_KERNEL 0x0UL
+
+#define DX_BASE_RNG 0x0000UL
+#endif /* __DX_REG_BASE_DIPHDA_H__ */
diff --git a/lib/ext/cryptocell-312-runtime/shared/include/mbedtls/rsa_alt.h b/lib/ext/cryptocell-312-runtime/shared/include/mbedtls/rsa_alt.h
index 2eef069..c2f5b68 100644
--- a/lib/ext/cryptocell-312-runtime/shared/include/mbedtls/rsa_alt.h
+++ b/lib/ext/cryptocell-312-runtime/shared/include/mbedtls/rsa_alt.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2001-2021, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -29,40 +29,40 @@
*/
typedef struct
{
- int ver; /*!< always 0 */
- size_t len; /*!< size(N) in chars */
+ int MBEDTLS_PRIVATE(ver); /*!< always 0 */
+ size_t MBEDTLS_PRIVATE(len); /*!< size(N) in chars */
- mbedtls_mpi N; /*!< public modulus */
- mbedtls_mpi E; /*!< public exponent */
+ mbedtls_mpi MBEDTLS_PRIVATE(N); /*!< public modulus */
+ mbedtls_mpi MBEDTLS_PRIVATE(E); /*!< public exponent */
- mbedtls_mpi D; /*!< private exponent */
- mbedtls_mpi P; /*!< 1st prime factor */
- mbedtls_mpi Q; /*!< 2nd prime factor */
+ mbedtls_mpi MBEDTLS_PRIVATE(D); /*!< private exponent */
+ mbedtls_mpi MBEDTLS_PRIVATE(P); /*!< 1st prime factor */
+ mbedtls_mpi MBEDTLS_PRIVATE(Q); /*!< 2nd prime factor */
- mbedtls_mpi DP; /*!< D % (P - 1) */
- mbedtls_mpi DQ; /*!< D % (Q - 1) */
- mbedtls_mpi QP; /*!< 1 / (Q % P) */
+ mbedtls_mpi MBEDTLS_PRIVATE(DP); /*!< D % (P - 1) */
+ mbedtls_mpi MBEDTLS_PRIVATE(DQ); /*!< D % (Q - 1) */
+ mbedtls_mpi MBEDTLS_PRIVATE(QP); /*!< 1 / (Q % P) */
- mbedtls_mpi RN; /*!< cached R^2 mod N */
+ mbedtls_mpi MBEDTLS_PRIVATE(RN); /*!< cached R^2 mod N */
- mbedtls_mpi RP; /*!< cached R^2 mod P */
- mbedtls_mpi RQ; /*!< cached R^2 mod Q */
+ mbedtls_mpi MBEDTLS_PRIVATE(RP); /*!< cached R^2 mod P */
+ mbedtls_mpi MBEDTLS_PRIVATE(RQ); /*!< cached R^2 mod Q */
- mbedtls_mpi Vi; /*!< cached blinding value */
- mbedtls_mpi Vf; /*!< cached un-blinding value */
+ mbedtls_mpi MBEDTLS_PRIVATE(Vi); /*!< cached blinding value */
+ mbedtls_mpi MBEDTLS_PRIVATE(Vf); /*!< cached un-blinding value */
- mbedtls_mpi NP; /*!< Barrett mod N tag NP for N-modulus */
- mbedtls_mpi BQP; /*!< Barrett mod Q tag QP for Q-factor */
- mbedtls_mpi BPP; /*!< Barrett mod P tag PP for P-factor */
+ mbedtls_mpi MBEDTLS_PRIVATE(NP); /*!< Barrett mod N tag NP for N-modulus */
+ mbedtls_mpi MBEDTLS_PRIVATE(BQP); /*!< Barrett mod Q tag QP for Q-factor */
+ mbedtls_mpi MBEDTLS_PRIVATE(BPP); /*!< Barrett mod P tag PP for P-factor */
- int padding; /*!< MBEDTLS_RSA_PKCS_V15 for 1.5 padding and
+ int MBEDTLS_PRIVATE(padding); /*!< MBEDTLS_RSA_PKCS_V15 for 1.5 padding and
MBEDTLS_RSA_PKCS_v21 for OAEP/PSS */
- int hash_id; /*!< Hash identifier of mbedtls_md_type_t as
+ int MBEDTLS_PRIVATE(hash_id); /*!< Hash identifier of mbedtls_md_type_t as
specified in the mbedtls_md.h header file
for the EME-OAEP and EMSA-PSS
encoding */
#if defined(MBEDTLS_THREADING_C)
- mbedtls_threading_mutex_t mutex; /*!< Thread-safety mutex */
+ mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< Thread-safety mutex */
#endif
}
mbedtls_rsa_context;
diff --git a/lib/ext/mbedcrypto/0003-Disable-export-MbedTLSTargets.patch b/lib/ext/mbedcrypto/0003-Disable-export-MbedTLSTargets.patch
new file mode 100644
index 0000000..565a92e
--- /dev/null
+++ b/lib/ext/mbedcrypto/0003-Disable-export-MbedTLSTargets.patch
@@ -0,0 +1,54 @@
+From e109c8ed57457a2bd62afcf21b5b99dd2a30edea Mon Sep 17 00:00:00 2001
+From: Summer Qin <summer.qin@arm.com>
+Date: Tue, 13 Jul 2021 17:46:47 +0800
+Subject: [PATCH] Disable export MbedTLSTargets
+
+Disable install MbedTLSConfig.cmake, MbedTLSConfigVersion.cmake and
+MbedTLSTargets.cmake. And Disable export MbedTLSTargets since this
+needs to configure some tfm target which for mbedtls to be exported.
+
+Signed-off-by: Summer Qin <summer.qin@arm.com>
+---
+ CMakeLists.txt | 26 --------------------------
+ 1 file changed, 26 deletions(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 3eef42ec..5ad56c81 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -307,32 +307,6 @@ if(ENABLE_TESTING)
+ endif()
+ endif()
+
+-configure_package_config_file(
+- "cmake/MbedTLSConfig.cmake.in"
+- "cmake/MbedTLSConfig.cmake"
+- INSTALL_DESTINATION "cmake")
+-
+-write_basic_package_version_file(
+- "cmake/MbedTLSConfigVersion.cmake"
+- COMPATIBILITY SameMajorVersion
+- VERSION 3.0.0)
+-
+-install(
+- FILES "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfig.cmake"
+- "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfigVersion.cmake"
+- DESTINATION "cmake")
+-
+-export(
+- EXPORT MbedTLSTargets
+- NAMESPACE MbedTLS::
+- FILE "cmake/MbedTLSTargets.cmake")
+-
+-install(
+- EXPORT MbedTLSTargets
+- NAMESPACE MbedTLS::
+- DESTINATION "cmake"
+- FILE "MbedTLSTargets.cmake")
+-
+ if(CMAKE_VERSION VERSION_GREATER 3.14)
+ # Do not export the package by default
+ cmake_policy(SET CMP0090 NEW)
+--
+2.17.1
+
diff --git a/lib/ext/mbedcrypto/0003-Fix-4162-Return-correct-error-type-for-invalid-key.patch b/lib/ext/mbedcrypto/0003-Fix-4162-Return-correct-error-type-for-invalid-key.patch
deleted file mode 100644
index 6e127b9..0000000
--- a/lib/ext/mbedcrypto/0003-Fix-4162-Return-correct-error-type-for-invalid-key.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From 374c93c43f8c299adcee91cfbc90a15037317d18 Mon Sep 17 00:00:00 2001
-From: Maulik Patel <Maulik.Patel@arm.com>
-Date: Mon, 15 Mar 2021 14:48:14 +0000
-Subject: [PATCH 3/3] Fix:4162 Return correct error type for invalid key
-
-Return PSA_ERROR_INVALID_HANDLE instead of
-PSA_ERROR_DOES_NOT_EXIST if invalid key is passed for some key
-operations.
-
-Signed-off-by: Maulik Patel <Maulik.Patel@arm.com>
----
- library/psa_crypto_slot_management.c | 17 +++++++++++++----
- 1 file changed, 13 insertions(+), 4 deletions(-)
-
-diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
-index dcbee31aa..b7e3442fb 100644
---- a/library/psa_crypto_slot_management.c
-+++ b/library/psa_crypto_slot_management.c
-@@ -305,13 +305,15 @@ psa_status_t psa_get_and_lock_key_slot( mbedtls_svc_key_id_t key,
-
- status = psa_load_persistent_key_into_slot( *p_slot );
- if( status != PSA_SUCCESS )
-+ {
- psa_wipe_key_slot( *p_slot );
--
-+ if( status == PSA_ERROR_DOES_NOT_EXIST )
-+ status = PSA_ERROR_INVALID_HANDLE;
-+ }
- return( status );
- #else
-- return( PSA_ERROR_DOES_NOT_EXIST );
-+ return( PSA_ERROR_INVALID_HANDLE );
- #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
--
- }
-
- psa_status_t psa_unlock_key_slot( psa_key_slot_t *slot )
-@@ -399,6 +401,9 @@ psa_status_t psa_open_key( mbedtls_svc_key_id_t key, psa_key_handle_t *handle )
- if( status != PSA_SUCCESS )
- {
- *handle = PSA_KEY_HANDLE_INIT;
-+ if( status == PSA_ERROR_INVALID_HANDLE )
-+ status = PSA_ERROR_DOES_NOT_EXIST;
-+
- return( status );
- }
-
-@@ -423,8 +428,12 @@ psa_status_t psa_close_key( psa_key_handle_t handle )
-
- status = psa_get_and_lock_key_slot_in_memory( handle, &slot );
- if( status != PSA_SUCCESS )
-- return( status );
-+ {
-+ if( status == PSA_ERROR_DOES_NOT_EXIST )
-+ status = PSA_ERROR_INVALID_HANDLE;
-
-+ return( status );
-+ }
- if( slot->lock_count <= 1 )
- return( psa_wipe_key_slot( slot ) );
- else
---
-2.25.1
-
diff --git a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_default.h b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_default.h
index 60c42c2..12737b5 100644
--- a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_default.h
+++ b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_default.h
@@ -497,23 +497,6 @@
//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT
/**
- * \def MBEDTLS_TEST_NULL_ENTROPY
- *
- * Enables testing and use of mbed TLS without any configured entropy sources.
- * This permits use of the library on platforms before an entropy source has
- * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the
- * MBEDTLS_ENTROPY_NV_SEED switches).
- *
- * WARNING! This switch MUST be disabled in production builds, and is suitable
- * only for development.
- * Enabling the switch negates any security provided by the library.
- *
- * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
- *
- */
-#define MBEDTLS_TEST_NULL_ENTROPY
-
-/**
* \def MBEDTLS_ENTROPY_HARDWARE_ALT
*
* Uncomment this macro to let mbed TLS use your own implementation of a
@@ -798,7 +781,7 @@
*
* Uncomment this macro to prevent loading of default entropy functions.
*/
-#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
/**
* \def MBEDTLS_NO_PLATFORM_ENTROPY
@@ -853,7 +836,7 @@
* \note The entropy collector will write to the seed file before entropy is
* given to an external source, to update it.
*/
-//#define MBEDTLS_ENTROPY_NV_SEED
+#define MBEDTLS_ENTROPY_NV_SEED
/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
*
@@ -1784,6 +1767,22 @@
//#define MBEDTLS_SHA1_C
/**
+ * \def MBEDTLS_SHA224_C
+ *
+ * Enable the SHA-224 cryptographic hash algorithm.
+ *
+ * Requires: MBEDTLS_SHA256_C. The library does not currently support enabling
+ * SHA-224 without SHA-256.
+ *
+ * Module: library/sha256.c
+ * Caller: library/md.c
+ * library/ssl_cookie.c
+ *
+ * This module adds support for SHA-224.
+ */
+#define MBEDTLS_SHA224_C
+
+/**
* \def MBEDTLS_SHA256_C
*
* Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
@@ -1798,6 +1797,22 @@
#define MBEDTLS_SHA256_C
/**
+ * \def MBEDTLS_SHA384_C
+ *
+ * Enable the SHA-384 cryptographic hash algorithm.
+ *
+ * Requires: MBEDTLS_SHA512_C
+ *
+ * Module: library/sha512.c
+ * Caller: library/md.c
+ * library/ssl_cli.c
+ * library/ssl_srv.c
+ *
+ * Comment to disable SHA-384
+ */
+#define MBEDTLS_SHA384_C
+
+/**
* \def MBEDTLS_SHA512_C
*
* Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
@@ -1998,6 +2013,8 @@
#ifdef CRYPTO_HW_ACCELERATOR
#include "mbedtls_accelerator_config.h"
+#elif defined(MBEDTLS_ENTROPY_NV_SEED)
+#include "mbedtls_entropy_nv_seed_config.h"
#endif
/* Target and application specific configurations
diff --git a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_large.h b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_large.h
index b9738e6..f8bcd6b 100644
--- a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_large.h
+++ b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_large.h
@@ -492,23 +492,6 @@
//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT
/**
- * \def MBEDTLS_TEST_NULL_ENTROPY
- *
- * Enables testing and use of mbed TLS without any configured entropy sources.
- * This permits use of the library on platforms before an entropy source has
- * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the
- * MBEDTLS_ENTROPY_NV_SEED switches).
- *
- * WARNING! This switch MUST be disabled in production builds, and is suitable
- * only for development.
- * Enabling the switch negates any security provided by the library.
- *
- * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
- *
- */
-#define MBEDTLS_TEST_NULL_ENTROPY
-
-/**
* \def MBEDTLS_ENTROPY_HARDWARE_ALT
*
* Uncomment this macro to let mbed TLS use your own implementation of a
@@ -793,7 +776,7 @@
*
* Uncomment this macro to prevent loading of default entropy functions.
*/
-#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
/**
* \def MBEDTLS_NO_PLATFORM_ENTROPY
@@ -848,7 +831,7 @@
* \note The entropy collector will write to the seed file before entropy is
* given to an external source, to update it.
*/
-//#define MBEDTLS_ENTROPY_NV_SEED
+#define MBEDTLS_ENTROPY_NV_SEED
/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
*
@@ -1779,6 +1762,22 @@
//#define MBEDTLS_SHA1_C
/**
+ * \def MBEDTLS_SHA224_C
+ *
+ * Enable the SHA-224 cryptographic hash algorithm.
+ *
+ * Requires: MBEDTLS_SHA256_C. The library does not currently support enabling
+ * SHA-224 without SHA-256.
+ *
+ * Module: library/sha256.c
+ * Caller: library/md.c
+ * library/ssl_cookie.c
+ *
+ * This module adds support for SHA-224.
+ */
+#define MBEDTLS_SHA224_C
+
+/**
* \def MBEDTLS_SHA256_C
*
* Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
@@ -1793,6 +1792,22 @@
#define MBEDTLS_SHA256_C
/**
+ * \def MBEDTLS_SHA384_C
+ *
+ * Enable the SHA-384 cryptographic hash algorithm.
+ *
+ * Requires: MBEDTLS_SHA512_C
+ *
+ * Module: library/sha512.c
+ * Caller: library/md.c
+ * library/ssl_cli.c
+ * library/ssl_srv.c
+ *
+ * Comment to disable SHA-384
+ */
+#define MBEDTLS_SHA384_C
+
+/**
* \def MBEDTLS_SHA512_C
*
* Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
@@ -1993,6 +2008,8 @@
#ifdef CRYPTO_HW_ACCELERATOR
#include "mbedtls_accelerator_config.h"
+#elif defined(MBEDTLS_ENTROPY_NV_SEED)
+#include "mbedtls_entropy_nv_seed_config.h"
#endif
/* Target and application specific configurations
diff --git a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_medium.h b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_medium.h
index c1663d0..eebd4b02 100644
--- a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_medium.h
+++ b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_medium.h
@@ -492,23 +492,6 @@
//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT
/**
- * \def MBEDTLS_TEST_NULL_ENTROPY
- *
- * Enables testing and use of mbed TLS without any configured entropy sources.
- * This permits use of the library on platforms before an entropy source has
- * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the
- * MBEDTLS_ENTROPY_NV_SEED switches).
- *
- * WARNING! This switch MUST be disabled in production builds, and is suitable
- * only for development.
- * Enabling the switch negates any security provided by the library.
- *
- * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
- *
- */
-#define MBEDTLS_TEST_NULL_ENTROPY
-
-/**
* \def MBEDTLS_ENTROPY_HARDWARE_ALT
*
* Uncomment this macro to let mbed TLS use your own implementation of a
@@ -793,7 +776,7 @@
*
* Uncomment this macro to prevent loading of default entropy functions.
*/
-#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
/**
* \def MBEDTLS_NO_PLATFORM_ENTROPY
@@ -848,7 +831,7 @@
* \note The entropy collector will write to the seed file before entropy is
* given to an external source, to update it.
*/
-//#define MBEDTLS_ENTROPY_NV_SEED
+#define MBEDTLS_ENTROPY_NV_SEED
/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
*
@@ -1779,6 +1762,22 @@
//#define MBEDTLS_SHA1_C
/**
+ * \def MBEDTLS_SHA224_C
+ *
+ * Enable the SHA-224 cryptographic hash algorithm.
+ *
+ * Requires: MBEDTLS_SHA256_C. The library does not currently support enabling
+ * SHA-224 without SHA-256.
+ *
+ * Module: library/sha256.c
+ * Caller: library/md.c
+ * library/ssl_cookie.c
+ *
+ * This module adds support for SHA-224.
+ */
+#define MBEDTLS_SHA224_C
+
+/**
* \def MBEDTLS_SHA256_C
*
* Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
@@ -1793,6 +1792,22 @@
#define MBEDTLS_SHA256_C
/**
+ * \def MBEDTLS_SHA384_C
+ *
+ * Enable the SHA-384 cryptographic hash algorithm.
+ *
+ * Requires: MBEDTLS_SHA512_C
+ *
+ * Module: library/sha512.c
+ * Caller: library/md.c
+ * library/ssl_cli.c
+ * library/ssl_srv.c
+ *
+ * Comment to disable SHA-384
+ */
+//#define MBEDTLS_SHA384_C
+
+/**
* \def MBEDTLS_SHA512_C
*
* Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
@@ -1993,6 +2008,8 @@
#ifdef CRYPTO_HW_ACCELERATOR
#include "mbedtls_accelerator_config.h"
+#elif defined(MBEDTLS_ENTROPY_NV_SEED)
+#include "mbedtls_entropy_nv_seed_config.h"
#endif
/* Target and application specific configurations
diff --git a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small.h b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small.h
index bbdc060..eecf026 100644
--- a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small.h
+++ b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small.h
@@ -492,23 +492,6 @@
//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT
/**
- * \def MBEDTLS_TEST_NULL_ENTROPY
- *
- * Enables testing and use of mbed TLS without any configured entropy sources.
- * This permits use of the library on platforms before an entropy source has
- * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the
- * MBEDTLS_ENTROPY_NV_SEED switches).
- *
- * WARNING! This switch MUST be disabled in production builds, and is suitable
- * only for development.
- * Enabling the switch negates any security provided by the library.
- *
- * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
- *
- */
-#define MBEDTLS_TEST_NULL_ENTROPY
-
-/**
* \def MBEDTLS_ENTROPY_HARDWARE_ALT
*
* Uncomment this macro to let mbed TLS use your own implementation of a
@@ -793,7 +776,7 @@
*
* Uncomment this macro to prevent loading of default entropy functions.
*/
-#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
/**
* \def MBEDTLS_NO_PLATFORM_ENTROPY
@@ -848,7 +831,7 @@
* \note The entropy collector will write to the seed file before entropy is
* given to an external source, to update it.
*/
-//#define MBEDTLS_ENTROPY_NV_SEED
+#define MBEDTLS_ENTROPY_NV_SEED
/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
*
@@ -863,7 +846,7 @@
* Note that this option is meant for internal use only and may be removed
* without notice.
*/
-//#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
+#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
/**
* \def MBEDTLS_MEMORY_DEBUG
@@ -1779,6 +1762,22 @@
//#define MBEDTLS_SHA1_C
/**
+ * \def MBEDTLS_SHA224_C
+ *
+ * Enable the SHA-224 cryptographic hash algorithm.
+ *
+ * Requires: MBEDTLS_SHA256_C. The library does not currently support enabling
+ * SHA-224 without SHA-256.
+ *
+ * Module: library/sha256.c
+ * Caller: library/md.c
+ * library/ssl_cookie.c
+ *
+ * This module adds support for SHA-224.
+ */
+#define MBEDTLS_SHA224_C
+
+/**
* \def MBEDTLS_SHA256_C
*
* Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
@@ -1793,6 +1792,22 @@
#define MBEDTLS_SHA256_C
/**
+ * \def MBEDTLS_SHA384_C
+ *
+ * Enable the SHA-384 cryptographic hash algorithm.
+ *
+ * Requires: MBEDTLS_SHA512_C
+ *
+ * Module: library/sha512.c
+ * Caller: library/md.c
+ * library/ssl_cli.c
+ * library/ssl_srv.c
+ *
+ * Comment to disable SHA-384
+ */
+//#define MBEDTLS_SHA384_C
+
+/**
* \def MBEDTLS_SHA512_C
*
* Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
@@ -1993,6 +2008,8 @@
#ifdef CRYPTO_HW_ACCELERATOR
#include "mbedtls_accelerator_config.h"
+#elif defined(MBEDTLS_ENTROPY_NV_SEED)
+#include "mbedtls_entropy_nv_seed_config.h"
#endif
/* Target and application specific configurations
diff --git a/lib/ext/psa_arch_tests/0001-Align-SPE-libraries-name-with-TF-M.patch b/lib/ext/psa_arch_tests/0001-Align-SPE-libraries-name-with-TF-M.patch
deleted file mode 100644
index 53880cf..0000000
--- a/lib/ext/psa_arch_tests/0001-Align-SPE-libraries-name-with-TF-M.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From a74762e09a3f0407b10d1494f2b55b034fce70bb Mon Sep 17 00:00:00 2001
-From: Shawn Shan <Shawn.Shan@arm.com>
-Date: Wed, 10 Mar 2021 17:00:30 +0800
-Subject: [PATCH] Align SPE libraries name with TF-M
-
-Change-Id: I3d0030cea15ce5d3e283d766a50d0d43b83eab7b
-Signed-off-by: Shawn Shan <Shawn.Shan@arm.com>
----
- api-tests/CMakeLists.txt | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/api-tests/CMakeLists.txt b/api-tests/CMakeLists.txt
-index c243ebd..e63a7c3 100644
---- a/api-tests/CMakeLists.txt
-+++ b/api-tests/CMakeLists.txt
-@@ -177,9 +177,9 @@ endif()
- set(PSA_TARGET_PAL_NSPE_LIB pal_nspe)
- set(PSA_TARGET_VAL_NSPE_LIB val_nspe)
- set(PSA_TARGET_TEST_COMBINE_LIB test_combine)
--set(PSA_TARGET_DRIVER_PARTITION_LIB driver_partition)
--set(PSA_TARGET_CLIENT_PARTITION_LIB client_partition)
--set(PSA_TARGET_SERVER_PARTITION_LIB server_partition)
-+set(PSA_TARGET_DRIVER_PARTITION_LIB tfm_psa_rot_partition_driver_partition)
-+set(PSA_TARGET_CLIENT_PARTITION_LIB tfm_app_rot_partition_client_partition)
-+set(PSA_TARGET_SERVER_PARTITION_LIB tfm_app_rot_partition_server_partition)
- if(${SUITE} STREQUAL "IPC")
- set(PSA_SUITE_DIR ${PSA_ROOT_DIR}/ff/${SUITE_LOWER})
- set(PSA_SUITE_OUT_DIR ${CMAKE_CURRENT_BINARY_DIR}/ff/${SUITE_LOWER})
---
-2.17.1
-
diff --git a/lib/ext/psa_arch_tests/0001-Fix-wrong-expected-return-value-in-test-46-and-47.patch b/lib/ext/psa_arch_tests/0001-Fix-wrong-expected-return-value-in-test-46-and-47.patch
new file mode 100644
index 0000000..6e7ef14
--- /dev/null
+++ b/lib/ext/psa_arch_tests/0001-Fix-wrong-expected-return-value-in-test-46-and-47.patch
@@ -0,0 +1,61 @@
+From f56b7fba26b4220882a1fe7e7539c80a4e42fc19 Mon Sep 17 00:00:00 2001
+From: Summer Qin <summer.qin@arm.com>
+Date: Wed, 28 Jul 2021 11:15:09 +0800
+Subject: [PATCH 1/4] Fix wrong expected return value in test 46 and 47
+
+Update the expected return value in test 46 and 47
+according to the PSA Crypto spec 1.0.
+
+Signed-off-by: Summer Qin <summer.qin@arm.com>
+---
+ api-tests/dev_apis/crypto/test_c046/test_data.h | 4 ++--
+ api-tests/dev_apis/crypto/test_c047/test_data.h | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/api-tests/dev_apis/crypto/test_c046/test_data.h b/api-tests/dev_apis/crypto/test_c046/test_data.h
+index bfe6553..39b2597 100644
+--- a/api-tests/dev_apis/crypto/test_c046/test_data.h
++++ b/api-tests/dev_apis/crypto/test_c046/test_data.h
+@@ -54,7 +54,7 @@ static const test_data check1[] = {
+ 0x9d, 0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68,
+ 0x4b, 0x22}, 64, 28,
+ PSA_KEY_USAGE_SIGN_HASH, PSA_ALG_CMAC,
+- PSA_ERROR_NOT_SUPPORTED
++ PSA_ERROR_INVALID_ARGUMENT
+ },
+
+ {"Test psa_mac_compute - Invalid usage\n", PSA_KEY_TYPE_HMAC,
+@@ -65,7 +65,7 @@ static const test_data check1[] = {
+ 0x9d, 0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68,
+ 0x4b, 0x22}, 64, 28,
+ PSA_KEY_USAGE_EXPORT, PSA_ALG_HMAC(PSA_ALG_SHA_224),
+- PSA_ERROR_NOT_SUPPORTED
++ PSA_ERROR_NOT_PERMITTED
+ },
+
+ {"Test psa_mac_compute - truncated MAC too small\n", PSA_KEY_TYPE_HMAC,
+diff --git a/api-tests/dev_apis/crypto/test_c047/test_data.h b/api-tests/dev_apis/crypto/test_c047/test_data.h
+index 3c250dc..54f6a28 100644
+--- a/api-tests/dev_apis/crypto/test_c047/test_data.h
++++ b/api-tests/dev_apis/crypto/test_c047/test_data.h
+@@ -66,7 +66,7 @@ static const test_data check1[] = {
+ 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9,
+ 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7}, 32,
+ PSA_KEY_USAGE_VERIFY_HASH, PSA_ALG_CMAC,
+- PSA_ERROR_NOT_SUPPORTED
++ PSA_ERROR_INVALID_ARGUMENT
+ },
+
+ {"Test psa_mac_verify - Invalid usage\n", PSA_KEY_TYPE_HMAC,
+@@ -77,7 +77,7 @@ static const test_data check1[] = {
+ 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9,
+ 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7}, 32,
+ PSA_KEY_USAGE_EXPORT, PSA_ALG_HMAC(PSA_ALG_SHA_256),
+- PSA_ERROR_NOT_SUPPORTED
++ PSA_ERROR_NOT_PERMITTED
+ },
+
+ {"Test psa_mac_verify - Truncated MAC too large\n", PSA_KEY_TYPE_HMAC,
+--
+2.17.1
+
diff --git a/lib/ext/psa_arch_tests/0002-Enable-Crypto-1.0-test-cases.patch b/lib/ext/psa_arch_tests/0002-Enable-Crypto-1.0-test-cases.patch
new file mode 100644
index 0000000..a7bff3d
--- /dev/null
+++ b/lib/ext/psa_arch_tests/0002-Enable-Crypto-1.0-test-cases.patch
@@ -0,0 +1,116 @@
+From 2685e6d9c8dd9f0d4fcddc2ed49195b6372a63ac Mon Sep 17 00:00:00 2001
+From: Summer Qin <summer.qin@arm.com>
+Date: Wed, 28 Jul 2021 11:16:11 +0800
+Subject: [PATCH 2/4] Enable Crypto 1.0 test cases
+
+psa_cipher_encrypt(), psa_cipher_decrypt(), psa_sign_message(),
+psa_verify_message(), psa_mac_compute() and psa_mac_verify() are
+supported now in tfm and mbedtls-3.0.0.
+Enable the test case for them.
+
+Signed-off-by: Summer Qin <summer.qin@arm.com>
+---
+ api-tests/dev_apis/crypto/common/test_crypto_common.h | 2 ++
+ .../targets/common/nspe/crypto/pal_crypto_intf.c | 10 ----------
+ 2 files changed, 2 insertions(+), 10 deletions(-)
+
+diff --git a/api-tests/dev_apis/crypto/common/test_crypto_common.h b/api-tests/dev_apis/crypto/common/test_crypto_common.h
+index c213b7d..b1c6e65 100644
+--- a/api-tests/dev_apis/crypto/common/test_crypto_common.h
++++ b/api-tests/dev_apis/crypto/common/test_crypto_common.h
+@@ -38,6 +38,8 @@
+ #define INPUT_SEED_LEN 4
+ #define INPUT_LABEL_LEN 5
+
++#define CRYPTO_1_0
++
+ extern const uint8_t key_data[];
+
+ extern const uint8_t rsa_128_key_pair[];
+diff --git a/api-tests/platform/targets/common/nspe/crypto/pal_crypto_intf.c b/api-tests/platform/targets/common/nspe/crypto/pal_crypto_intf.c
+index 7d8e633..8ef5e99 100644
+--- a/api-tests/platform/targets/common/nspe/crypto/pal_crypto_intf.c
++++ b/api-tests/platform/targets/common/nspe/crypto/pal_crypto_intf.c
+@@ -267,7 +267,6 @@ int32_t pal_crypto_function(int type, va_list valist)
+ cipher_operation = va_arg(valist, psa_cipher_operation_t *);
+ return psa_cipher_abort(cipher_operation);
+ break;
+-#if HOST_GCC_MISSING_CRYPTO_1_0 == 0
+ case PAL_CRYPTO_CIPHER_DECRYPT:
+ key = va_arg(valist, psa_key_id_t);
+ alg = va_arg(valist, psa_algorithm_t);
+@@ -284,7 +283,6 @@ int32_t pal_crypto_function(int type, va_list valist)
+ output_size,
+ p_output_length);
+ break;
+-#endif
+ case PAL_CRYPTO_CIPHER_DECRYPT_SETUP:
+ cipher_operation = va_arg(valist, psa_cipher_operation_t *);
+ key = va_arg(valist, psa_key_id_t);
+@@ -293,7 +291,6 @@ int32_t pal_crypto_function(int type, va_list valist)
+ key,
+ alg);
+ break;
+-#if HOST_GCC_MISSING_CRYPTO_1_0 == 0
+ case PAL_CRYPTO_CIPHER_ENCRYPT:
+ key = va_arg(valist, psa_key_id_t);
+ alg = va_arg(valist, psa_algorithm_t);
+@@ -310,7 +307,6 @@ int32_t pal_crypto_function(int type, va_list valist)
+ output_size,
+ p_output_length);
+ break;
+-#endif
+ case PAL_CRYPTO_CIPHER_ENCRYPT_SETUP:
+ cipher_operation = va_arg(valist, psa_cipher_operation_t *);
+ key = va_arg(valist, psa_key_id_t);
+@@ -648,7 +644,6 @@ int32_t pal_crypto_function(int type, va_list valist)
+ mac_operation = va_arg(valist, psa_mac_operation_t *);
+ return psa_mac_abort(mac_operation);
+ break;
+-#ifdef CRYPTO_1_0
+ case PAL_CRYPTO_MAC_COMPUTE:
+ key = va_arg(valist, psa_key_id_t);
+ alg = va_arg(valist, psa_algorithm_t);
+@@ -665,7 +660,6 @@ int32_t pal_crypto_function(int type, va_list valist)
+ output_size,
+ p_output_length);
+ break;
+-#endif
+ case PAL_CRYPTO_MAC_OPERATION_INIT:
+ mac_operation = va_arg(valist, psa_mac_operation_t *);
+ mac_operation_temp = psa_mac_operation_init();
+@@ -699,7 +693,6 @@ int32_t pal_crypto_function(int type, va_list valist)
+ input,
+ input_length);
+ break;
+-#if HOST_GCC_MISSING_CRYPTO_1_0 == 0
+ case PAL_CRYPTO_MAC_VERIFY:
+ key = va_arg(valist, psa_key_id_t);
+ alg = va_arg(valist, psa_algorithm_t);
+@@ -714,7 +707,6 @@ int32_t pal_crypto_function(int type, va_list valist)
+ input1,
+ input_length1);
+ break;
+-#endif
+ case PAL_CRYPTO_MAC_VERIFY_FINISH:
+ mac_operation = va_arg(valist, psa_mac_operation_t *);
+ input = va_arg(valist, const uint8_t *);
+@@ -814,7 +806,6 @@ int32_t pal_crypto_function(int type, va_list valist)
+ output_size,
+ p_output_length);
+ break;
+-#ifdef CRYPTO_1_0
+ case PAL_CRYPTO_SIGN_MESSAGE:
+ key = va_arg(valist, psa_key_id_t);
+ alg = va_arg(valist, psa_algorithm_t);
+@@ -845,7 +836,6 @@ int32_t pal_crypto_function(int type, va_list valist)
+ input1,
+ input_length1);
+ break;
+-#endif
+ case PAL_CRYPTO_VERIFY_HASH:
+ key = va_arg(valist, psa_key_id_t);
+ alg = va_arg(valist, psa_algorithm_t);
+--
+2.17.1
+
diff --git a/lib/ext/psa_arch_tests/0002-Fix-psa-arch-test-failures.patch b/lib/ext/psa_arch_tests/0002-Fix-psa-arch-test-failures.patch
deleted file mode 100644
index a7626cb..0000000
--- a/lib/ext/psa_arch_tests/0002-Fix-psa-arch-test-failures.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From 9e3049ccfda24cadd29f67a09c42f6caccd45be2 Mon Sep 17 00:00:00 2001
-From: Maulik Patel <Maulik.Patel@arm.com>
-Date: Wed, 24 Mar 2021 11:01:49 +0000
-Subject: [PATCH] Fix psa arch test failures.
-
-Update expected return value of psa_cipher_finish Decrypt test
-with short input to PSA_ERROR_INVALID_ARGUMENT as per PSA Crypto 1.0.0
-Also update the invalid hash algorithm mask as per Mbedtls 2.25.0.
-
-Signed-off-by: Maulik Patel <maulik.patel@arm.com>
----
- api-tests/dev_apis/crypto/test_c037/test_data.h | 4 ++--
- api-tests/val/nspe/val_crypto.h | 4 ++--
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/api-tests/dev_apis/crypto/test_c037/test_data.h b/api-tests/dev_apis/crypto/test_c037/test_data.h
-index 36e05f0..317ed75 100644
---- a/api-tests/dev_apis/crypto/test_c037/test_data.h
-+++ b/api-tests/dev_apis/crypto/test_c037/test_data.h
-@@ -1,5 +1,5 @@
- /** @file
-- * Copyright (c) 2019-2020, Arm Limited or its affiliates. All rights reserved.
-+ * Copyright (c) 2019-2021, Arm Limited or its affiliates. All rights reserved.
- * SPDX-License-Identifier : Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
-@@ -269,7 +269,7 @@ static const test_data check1[] = {
- .output_size = 0,
- .expected_output = NULL,
- .expected_output_length = 0,
-- .expected_status = PSA_ERROR_BAD_STATE
-+ .expected_status = PSA_ERROR_INVALID_ARGUMENT
- },
-
- #endif
-diff --git a/api-tests/val/nspe/val_crypto.h b/api-tests/val/nspe/val_crypto.h
-index 7270a40..5045a3f 100644
---- a/api-tests/val/nspe/val_crypto.h
-+++ b/api-tests/val/nspe/val_crypto.h
-@@ -1,5 +1,5 @@
- /** @file
-- * Copyright (c) 2018-2020, Arm Limited or its affiliates. All rights reserved.
-+ * Copyright (c) 2018-2021, Arm Limited or its affiliates. All rights reserved.
- * SPDX-License-Identifier : Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
-@@ -48,7 +48,7 @@
-
- #define PSA_KEY_LIFETIME_INVALID 0xFFFFFFFF
- #define PSA_KEY_USAGE_INVALID 0xFFFFFFFF
--#define PSA_HASH_ALG_INVALID 0x01FFFFFF
-+#define PSA_HASH_ALG_INVALID 0x02FFFFFF
- #define PSA_ALG_INVALID 0xFFFFFFFF
- #define PSA_KEY_DERIVATION_STEP_INVALID 0x0000FFFF
-
---
-2.17.1
-
diff --git a/lib/ext/psa_arch_tests/0003-Update-test-cases-for-psa-mac-sign-and-verify.patch b/lib/ext/psa_arch_tests/0003-Update-test-cases-for-psa-mac-sign-and-verify.patch
deleted file mode 100644
index 9f1be4c..0000000
--- a/lib/ext/psa_arch_tests/0003-Update-test-cases-for-psa-mac-sign-and-verify.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-From 9c4d00b01062dbb2e0f124027e19562b3c2a3538 Mon Sep 17 00:00:00 2001
-From: Maulik Patel <Maulik.Patel@arm.com>
-Date: Fri, 7 May 2021 13:42:20 +0100
-Subject: [PATCH] Update test cases for psa mac sign and verify.
-
-Update test cases for psa_mac_sign_setup (226) and
-psa_mac_verify_setup (229) against unknown MAC algorithm such that
-key passed is valid but the algorithm is unknown.
-Also, as per PSA Crypto Spec 1.0.0, fix the expected return value to PSA_ERROR_INVALID_ARGUMENT for incompatible key to MAC algorithm.
-
-Change-Id: I8f42736a9e5bd7fbf604146b43ef28180e741fc3
-Signed-off-by: Maulik Patel <maulik.patel@arm.com>
----
- api-tests/dev_apis/crypto/test_c026/test_data.h | 15 +++++++++------
- api-tests/dev_apis/crypto/test_c029/test_data.h | 15 +++++++++------
- 2 files changed, 18 insertions(+), 12 deletions(-)
-
-diff --git a/api-tests/dev_apis/crypto/test_c026/test_data.h b/api-tests/dev_apis/crypto/test_c026/test_data.h
-index 306522a..39619f0 100644
---- a/api-tests/dev_apis/crypto/test_c026/test_data.h
-+++ b/api-tests/dev_apis/crypto/test_c026/test_data.h
-@@ -67,7 +67,7 @@ static const test_data check1[] = {
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
- 0x0D, 0x0E, 0x0F},
- AES_16B_KEY_SIZE, PSA_KEY_USAGE_SIGN, PSA_ALG_CMAC,
-- PSA_ERROR_NOT_SUPPORTED
-+ PSA_ERROR_INVALID_ARGUMENT
- },
- #endif
-
-@@ -116,11 +116,14 @@ static const test_data check1[] = {
- #endif
- #endif
-
--#ifdef ARCH_TEST_AES_128
--{"Test psa_mac_sign_setup bad algorithm (unknown MAC algorithm)\n", PSA_KEY_TYPE_AES,
--{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
-- 0x5F, 0xC9, 0x00},
-- AES_16B_KEY_SIZE, PSA_KEY_USAGE_SIGN, PSA_ALG_HMAC(0),
-+#ifdef ARCH_TEST_HMAC
-+{"Test psa_mac_sign_setup bad algorithm (unknown MAC algorithm)\n", PSA_KEY_TYPE_HMAC,
-+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
-+ 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
-+ 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26,
-+ 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33,
-+ 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f},
-+ 64, PSA_KEY_USAGE_SIGN, PSA_ALG_HMAC(0),
- PSA_ERROR_NOT_SUPPORTED
- },
- #endif
-diff --git a/api-tests/dev_apis/crypto/test_c029/test_data.h b/api-tests/dev_apis/crypto/test_c029/test_data.h
-index 3b4b121..1b85212 100644
---- a/api-tests/dev_apis/crypto/test_c029/test_data.h
-+++ b/api-tests/dev_apis/crypto/test_c029/test_data.h
-@@ -68,7 +68,7 @@ static const test_data check1[] = {
- {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
- 0x0D, 0x0E, 0x0F},
- AES_16B_KEY_SIZE, PSA_KEY_USAGE_VERIFY, PSA_ALG_CMAC,
-- PSA_ERROR_NOT_SUPPORTED
-+ PSA_ERROR_INVALID_ARGUMENT
- },
- #endif
-
-@@ -116,11 +116,14 @@ static const test_data check1[] = {
- },
- #endif
-
--#ifdef ARCH_TEST_AES_128
--{"Test psa_mac_verify_setup bad algorithm (unknown MAC algorithm)\n", PSA_KEY_TYPE_AES,
--{0x49, 0x8E, 0xC7, 0x7D, 0x01, 0x95, 0x0D, 0x94, 0x2C, 0x16, 0xA5, 0x3E, 0x99,
-- 0x5F, 0xC9, 0x00},
-- AES_16B_KEY_SIZE, PSA_KEY_USAGE_VERIFY, PSA_ALG_HMAC(0),
-+#ifdef ARCH_TEST_HMAC
-+{"Test psa_mac_verify_setup bad algorithm (unknown MAC algorithm)\n", PSA_KEY_TYPE_HMAC,
-+{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
-+ 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
-+ 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26,
-+ 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33,
-+ 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f},
-+ 64, PSA_KEY_USAGE_VERIFY, PSA_ALG_HMAC(0),
- PSA_ERROR_NOT_SUPPORTED
- },
- #endif
---
-2.17.1
-
diff --git a/lib/ext/psa_arch_tests/0004-Workaround-for-removal-of-initial-attest-get-public-.patch b/lib/ext/psa_arch_tests/0003-Workaround-for-removal-of-initial-attest-get-public-.patch
similarity index 76%
rename from lib/ext/psa_arch_tests/0004-Workaround-for-removal-of-initial-attest-get-public-.patch
rename to lib/ext/psa_arch_tests/0003-Workaround-for-removal-of-initial-attest-get-public-.patch
index bebe183..121ad55 100644
--- a/lib/ext/psa_arch_tests/0004-Workaround-for-removal-of-initial-attest-get-public-.patch
+++ b/lib/ext/psa_arch_tests/0003-Workaround-for-removal-of-initial-attest-get-public-.patch
@@ -1,7 +1,8 @@
-From d2a1b0816667392b771193abfa532deb24699204 Mon Sep 17 00:00:00 2001
-From: David Hu <david.hu@arm.com>
-Date: Thu, 3 Jun 2021 15:03:33 +0800
-Subject: [PATCH] Workaround for removal of initial attest get public key API
+From b19f2e11134d687174b7df89cedc9d73218e01b9 Mon Sep 17 00:00:00 2001
+From: Summer Qin <summer.qin@arm.com>
+Date: Wed, 28 Jul 2021 11:17:30 +0800
+Subject: [PATCH 3/4] Workaround for removal of initial attest get public key
+ API
TF-M self-defined API of getting initial attestation public key has been
removed to optimize initial attestation interface and implementation.
@@ -10,28 +11,29 @@
enable attestation test suite to fetch Initial Attestation public key.
Signed-off-by: David Hu <david.hu@arm.com>
+Signed-off-by: Summer Qin <summer.qin@arm.com>
---
api-tests/CMakeLists.txt | 4 ++++
.../pal_attestation_crypto.c | 23 +++++++++++++++----
2 files changed, 22 insertions(+), 5 deletions(-)
diff --git a/api-tests/CMakeLists.txt b/api-tests/CMakeLists.txt
-index 07f78fe..06d9207 100644
+index 31b7ef7..a8d9c58 100644
--- a/api-tests/CMakeLists.txt
+++ b/api-tests/CMakeLists.txt
-@@ -472,6 +472,10 @@ endif()
+@@ -613,6 +613,10 @@ endif()
# Build PAL NSPE LIB
include(${PSA_ROOT_DIR}/platform/targets/${TARGET}/target.cmake)
+# Import dummy Initial Attestation public key from TF-M for test
+if (${SUITE} STREQUAL "INITIAL_ATTESTATION")
-+ target_sources(${PSA_TARGET_PAL_NSPE_LIB} PRIVATE ${CMAKE_SOURCE_DIR}/platform/ext/common/template/tfm_initial_attest_pub_key.c)
++ target_sources(${PSA_TARGET_PAL_NSPE_LIB} PRIVATE ${CMAKE_SOURCE_DIR}/platform/ext/common/template/tfm_initial_attest_pub_key.c)
+endif()
# Build VAL NSPE LIB
#add_definitions(-DVAL_NSPE_BUILD)
include(${PSA_ROOT_DIR}/val/val_nspe.cmake)
diff --git a/api-tests/platform/targets/common/nspe/initial_attestation/pal_attestation_crypto.c b/api-tests/platform/targets/common/nspe/initial_attestation/pal_attestation_crypto.c
-index 7f748c2..a45355e 100644
+index 4a25a20..04d9f42 100644
--- a/api-tests/platform/targets/common/nspe/initial_attestation/pal_attestation_crypto.c
+++ b/api-tests/platform/targets/common/nspe/initial_attestation/pal_attestation_crypto.c
@@ -17,9 +17,14 @@
@@ -50,15 +52,15 @@
static inline struct q_useful_buf_c useful_buf_head(struct q_useful_buf_c buf,
size_t amount)
{
-@@ -201,10 +206,18 @@ static int32_t pal_attest_get_public_key(uint8_t *public_key_buff, size_t public
+@@ -203,10 +208,18 @@ static int32_t pal_attest_get_public_key(uint8_t *public_key_buff,
memcpy(public_key_buff, (void *)&attest_public_key, *public_key_len);
status = PSA_SUCCESS;
#else
- status = tfm_initial_attest_get_public_key(public_key_buff,
- public_key_buf_size,
- public_key_len,
-- elliptic_curve_type);
-+ if (initial_attest_curve_type != PSA_ECC_CURVE_SECP256R1)
+- elliptic_family_type);
++ if (initial_attest_curve_type != PSA_ECC_FAMILY_SECP_R1)
+ return PAL_ATTEST_ERR_KEY_FAIL;
+
+ if (public_key_buf_size < initial_attest_pub_key_size)
@@ -67,12 +69,12 @@
+ memcpy(public_key_buff, initial_attest_pub_key,
+ initial_attest_pub_key_size);
+ *public_key_len = initial_attest_pub_key_size;
-+ *elliptic_curve_type = initial_attest_curve_type;
++ *elliptic_family_type = initial_attest_curve_type;
+
+ status = PSA_SUCCESS;
#endif
return status;
--
-2.25.1
+2.17.1
diff --git a/lib/ext/psa_arch_tests/0004-Align-with-mbedtls-3.0.0.patch b/lib/ext/psa_arch_tests/0004-Align-with-mbedtls-3.0.0.patch
new file mode 100644
index 0000000..c024093
--- /dev/null
+++ b/lib/ext/psa_arch_tests/0004-Align-with-mbedtls-3.0.0.patch
@@ -0,0 +1,28 @@
+From 7e4ed5386dc1e8f6c452ef8b58a2750051f437af Mon Sep 17 00:00:00 2001
+From: Summer Qin <summer.qin@arm.com>
+Date: Wed, 28 Jul 2021 11:19:12 +0800
+Subject: [PATCH 4/4] Align with mbedtls-3.0.0
+
+PSA_ALG_MD4 is removed from mbedtls-3.0.0. Use PSA_ALG_MD5 instead.
+
+Signed-off-by: Summer Qin <summer.qin@arm.com>
+---
+ .../common/nspe/initial_attestation/pal_attestation_crypto.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/api-tests/platform/targets/common/nspe/initial_attestation/pal_attestation_crypto.c b/api-tests/platform/targets/common/nspe/initial_attestation/pal_attestation_crypto.c
+index 04d9f42..daf7842 100644
+--- a/api-tests/platform/targets/common/nspe/initial_attestation/pal_attestation_crypto.c
++++ b/api-tests/platform/targets/common/nspe/initial_attestation/pal_attestation_crypto.c
+@@ -41,7 +41,7 @@ static psa_algorithm_t cose_hash_alg_id_to_psa(int32_t cose_hash_alg_id)
+ status = PSA_ALG_SHA_256;
+ break;
+ default:
+- status = PSA_ALG_MD4;
++ status = PSA_ALG_MD5;
+ break;
+ }
+
+--
+2.17.1
+
diff --git a/lib/ext/qcbor/CMakeLists.txt b/lib/ext/qcbor/CMakeLists.txt
index ad29a21..10c891d 100644
--- a/lib/ext/qcbor/CMakeLists.txt
+++ b/lib/ext/qcbor/CMakeLists.txt
@@ -27,7 +27,7 @@
target_link_libraries(tfm_qcbor
PRIVATE
tfm_attestation_defs
- tfm_t_cose
+ tfm_t_cose_defs
)
############################ qcbor test ########################################
diff --git a/lib/ext/t_cose/CMakeLists.txt b/lib/ext/t_cose/CMakeLists.txt
index 762ad05..cd780ad 100644
--- a/lib/ext/t_cose/CMakeLists.txt
+++ b/lib/ext/t_cose/CMakeLists.txt
@@ -7,33 +7,18 @@
cmake_minimum_required(VERSION 3.15)
-add_library(tfm_t_cose STATIC EXCLUDE_FROM_ALL)
+################################ t_cose defs ###################################
-target_sources(tfm_t_cose
- PRIVATE
- $<$<BOOL:${SYMMETRIC_INITIAL_ATTESTATION}>:src/t_cose_mac0_sign.c>
- $<$<BOOL:${SYMMETRIC_INITIAL_ATTESTATION}>:src/t_cose_mac0_verify.c>
- $<$<NOT:$<BOOL:${SYMMETRIC_INITIAL_ATTESTATION}>>:src/t_cose_sign1_sign.c>
- $<$<NOT:$<BOOL:${SYMMETRIC_INITIAL_ATTESTATION}>>:src/t_cose_sign1_verify.c>
- src/t_cose_util.c
- src/t_cose_parameters.c
- crypto_adapters/t_cose_psa_crypto.c
-)
+add_library(tfm_t_cose_defs INTERFACE)
-target_include_directories(tfm_t_cose
- PUBLIC
+target_include_directories(tfm_t_cose_defs
+ INTERFACE
$<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/inc>
$<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/src>
)
-target_link_libraries(tfm_t_cose
- PUBLIC
- tfm_qcbor
- psa_interface
-)
-
-target_compile_definitions(tfm_t_cose
- PUBLIC
+target_compile_definitions(tfm_t_cose_defs
+ INTERFACE
T_COSE_COMPILE_TIME_CONFIG
T_COSE_USE_PSA_CRYPTO
T_COSE_USE_PSA_CRYPTO_FROM_TFM
@@ -46,6 +31,45 @@
$<$<NOT:$<CONFIG:Debug>>:T_COSE_DISABLE_SHORT_CIRCUIT_SIGN>
)
+############################### t_cose common ##################################
+
+add_library(tfm_t_cose_common INTERFACE)
+
+target_sources(tfm_t_cose_common
+ INTERFACE
+ $<$<BOOL:${SYMMETRIC_INITIAL_ATTESTATION}>:${CMAKE_CURRENT_SOURCE_DIR}/src/t_cose_mac0_sign.c>
+ $<$<BOOL:${SYMMETRIC_INITIAL_ATTESTATION}>:${CMAKE_CURRENT_SOURCE_DIR}/src/t_cose_mac0_verify.c>
+ $<$<NOT:$<BOOL:${SYMMETRIC_INITIAL_ATTESTATION}>>:${CMAKE_CURRENT_SOURCE_DIR}/src/t_cose_sign1_sign.c>
+ $<$<NOT:$<BOOL:${SYMMETRIC_INITIAL_ATTESTATION}>>:${CMAKE_CURRENT_SOURCE_DIR}/src/t_cose_sign1_verify.c>
+ ${CMAKE_CURRENT_SOURCE_DIR}/src/t_cose_util.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/src/t_cose_parameters.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/crypto_adapters/t_cose_psa_crypto.c
+)
+
+############################ t_cose non secure #################################
+
+add_library(tfm_t_cose_ns STATIC EXCLUDE_FROM_ALL)
+
+target_link_libraries(tfm_t_cose_ns
+ PUBLIC
+ tfm_t_cose_common
+ tfm_t_cose_defs
+ tfm_qcbor
+ tfm_ns_interface
+)
+
+############################ t_cose secure #####################################
+
+add_library(tfm_t_cose_s STATIC EXCLUDE_FROM_ALL)
+
+target_link_libraries(tfm_t_cose_s
+ PUBLIC
+ tfm_t_cose_common
+ tfm_t_cose_defs
+ tfm_qcbor
+ psa_interface
+)
+
############################ t_cose test #######################################
add_library(tfm_t_cose_test STATIC EXCLUDE_FROM_ALL)
@@ -67,5 +91,5 @@
target_link_libraries(tfm_t_cose_test
PRIVATE
- tfm_t_cose
+ tfm_t_cose_ns
)
diff --git a/lib/ext/t_cose/crypto_adapters/t_cose_psa_crypto.c b/lib/ext/t_cose/crypto_adapters/t_cose_psa_crypto.c
index 22203dd..20ab764 100644
--- a/lib/ext/t_cose/crypto_adapters/t_cose_psa_crypto.c
+++ b/lib/ext/t_cose/crypto_adapters/t_cose_psa_crypto.c
@@ -2,7 +2,7 @@
* t_cose_psa_crypto.c
*
* Copyright 2019, Laurence Lundblade
- * Copyright (c) 2020, Arm Limited. All rights reserved
+ * Copyright (c) 2020-2021, Arm Limited. All rights reserved
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -100,7 +100,7 @@
err == PSA_ERROR_INVALID_SIGNATURE ? T_COSE_ERR_SIG_VERIFY :
err == PSA_ERROR_NOT_SUPPORTED ? T_COSE_ERR_UNSUPPORTED_SIGNING_ALG:
err == PSA_ERROR_INSUFFICIENT_MEMORY ? T_COSE_ERR_INSUFFICIENT_MEMORY :
- err == PSA_ERROR_TAMPERING_DETECTED ? T_COSE_ERR_TAMPERING_DETECTED :
+ err == PSA_ERROR_CORRUPTION_DETECTED ? T_COSE_ERR_TAMPERING_DETECTED :
T_COSE_ERR_SIG_FAIL;
}
@@ -134,7 +134,7 @@
* signing_key passed in, not the cose_algorithm_id This check
* looks for ECDSA signing as indicated by COSE and rejects what
* is not. (Perhaps this check can be removed to save object code
- * if it is the case that psa_asymmetric_verify() does the right
+ * if it is the case that psa_verify_hash() does the right
* checks).
*/
if(!PSA_ALG_IS_ECDSA(psa_alg_id)) {
@@ -183,7 +183,7 @@
* signing_key passed in, not the cose_algorithm_id This check
* looks for ECDSA signing as indicated by COSE and rejects what
* is not. (Perhaps this check can be removed to save object code
- * if it is the case that psa_asymmetric_verify() does the right
+ * if it is the case that psa_verify_hash() does the right
* checks).
*/
if(!PSA_ALG_IS_ECDSA(psa_alg_id)) {
diff --git a/lib/ext/t_cose/inc/t_cose_common.h b/lib/ext/t_cose/inc/t_cose_common.h
index 9b1a3dc..9375e35 100644
--- a/lib/ext/t_cose/inc/t_cose_common.h
+++ b/lib/ext/t_cose/inc/t_cose_common.h
@@ -2,7 +2,7 @@
* t_cose_common.h
*
* Copyright 2019, Laurence Lundblade
- * Copyright (c) 2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -282,7 +282,7 @@
/** General unspecific failure. */
T_COSE_ERR_FAIL = 17,
- /** Equivalent to \c PSA_ERROR_TAMPERING_DETECTED. */
+ /** Equivalent to \c PSA_ERROR_CORRUPTION_DETECTED. */
T_COSE_ERR_TAMPERING_DETECTED = 18,
/** The key identified by a \ref t_cose_key or a key ID was not
diff --git a/lib/ext/t_cose/src/t_cose_crypto.h b/lib/ext/t_cose/src/t_cose_crypto.h
index 019f909..d068fc2 100644
--- a/lib/ext/t_cose/src/t_cose_crypto.h
+++ b/lib/ext/t_cose/src/t_cose_crypto.h
@@ -2,7 +2,7 @@
* t_cose_crypto.h
*
* Copyright 2019, Laurence Lundblade
- * Copyright (c) 2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -194,7 +194,7 @@
* \retval T_COSE_ERR_FAIL
* General unspecific failure.
* \retval T_COSE_ERR_TAMPERING_DETECTED
- * Equivalent to \c PSA_ERROR_TAMPERING_DETECTED.
+ * Equivalent to \c PSA_ERROR_CORRUPTION_DETECTED.
*
* This is called to do public key signing. The implementation will
* vary from one platform / OS to another but should conform to the
@@ -268,7 +268,7 @@
* \retval T_COSE_ERR_FAIL
* General unspecific failure.
* \retval T_COSE_ERR_TAMPERING_DETECTED
- * Equivalent to \c PSA_ERROR_TAMPERING_DETECTED.
+ * Equivalent to \c PSA_ERROR_CORRUPTION_DETECTED.
*/
enum t_cose_err_t
t_cose_crypto_pub_key_verify(int32_t cose_algorithm_id,
diff --git a/lib/ext/t_cose/test/t_cose_make_psa_test_key.c b/lib/ext/t_cose/test/t_cose_make_psa_test_key.c
index d1462c4..836d599 100644
--- a/lib/ext/t_cose/test/t_cose_make_psa_test_key.c
+++ b/lib/ext/t_cose/test/t_cose_make_psa_test_key.c
@@ -2,6 +2,7 @@
* t_cose_make_psa_test_key.c
*
* Copyright 2019-2020, Laurence Lundblade
+ * Copyright (c) 2021, Arm Limited. All rights reserved
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -86,21 +87,21 @@
case COSE_ALGORITHM_ES256:
private_key = private_key_256;
private_key_len = sizeof(private_key_256);
- key_type = PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1);
+ key_type = PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1);
key_alg = PSA_ALG_ECDSA(PSA_ALG_SHA_256);
break;
case COSE_ALGORITHM_ES384:
private_key = private_key_384;
private_key_len = sizeof(private_key_384);
- key_type = PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP384R1);
+ key_type = PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1);
key_alg = PSA_ALG_ECDSA(PSA_ALG_SHA_384);
break;
case COSE_ALGORITHM_ES512:
private_key = private_key_521;
private_key_len = sizeof(private_key_521);
- key_type = PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP521R1);
+ key_type = PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1);
key_alg = PSA_ALG_ECDSA(PSA_ALG_SHA_512);
break;
@@ -143,8 +144,8 @@
/* Say what algorithm and operations the key can be used with / for */
psa_key_policy_t policy = psa_key_policy_init();
psa_key_policy_set_usage(&policy,
- PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY,
- key_alg);
+ PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH,
+ key_alg);
crypto_result = psa_set_key_policy(key_handle, &policy);
if (crypto_result != PSA_SUCCESS) {
return T_COSE_ERR_FAIL;
diff --git a/platform/CMakeLists.txt b/platform/CMakeLists.txt
index 30f0df0..a42baf2 100755
--- a/platform/CMakeLists.txt
+++ b/platform/CMakeLists.txt
@@ -50,7 +50,7 @@
$<$<BOOL:${PLATFORM_DUMMY_CRYPTO_KEYS}>:ext/common/template/crypto_keys.c>
$<$<BOOL:${PLATFORM_DUMMY_ROTPK}>:ext/common/template/tfm_rotpk.c>
$<$<BOOL:${PLATFORM_DUMMY_IAK}>:ext/common/template/tfm_initial_attestation_key_material.c>
- $<$<AND:$<NOT:$<BOOL:${ATTEST_TEST_GET_PUBLIC_KEY}>>,$<NOT:$<BOOL:${SYMMETRIC_INITIAL_ATTESTATION}>>,$<BOOL:${PLATFORM_DUMMY_IAK}>,$<BOOL:${TEST_S}>>:ext/common/template/tfm_initial_attest_pub_key.c>
+ $<$<AND:$<NOT:$<BOOL:${ATTEST_TEST_GET_PUBLIC_KEY}>>,$<NOT:$<BOOL:${SYMMETRIC_INITIAL_ATTESTATION}>>,$<BOOL:${PLATFORM_DUMMY_IAK}>,$<BOOL:${TEST_S_ATTESTATION}>>:ext/common/template/tfm_initial_attest_pub_key.c>
)
target_link_libraries(platform_s
@@ -87,7 +87,7 @@
target_sources(platform_ns
PRIVATE
$<$<BOOL:${PLATFORM_DEFAULT_UART_STDOUT}>:${CMAKE_CURRENT_SOURCE_DIR}/ext/common/uart_stdout.c>
- $<$<AND:$<NOT:$<BOOL:${ATTEST_TEST_GET_PUBLIC_KEY}>>,$<NOT:$<BOOL:${SYMMETRIC_INITIAL_ATTESTATION}>>,$<BOOL:${PLATFORM_DUMMY_IAK}>,$<BOOL:${TEST_NS}>>:${CMAKE_CURRENT_SOURCE_DIR}/ext/common/template/tfm_initial_attest_pub_key.c>
+ $<$<AND:$<NOT:$<BOOL:${ATTEST_TEST_GET_PUBLIC_KEY}>>,$<NOT:$<BOOL:${SYMMETRIC_INITIAL_ATTESTATION}>>,$<BOOL:${PLATFORM_DUMMY_IAK}>,$<BOOL:${TEST_NS_ATTESTATION}>>:${CMAKE_CURRENT_SOURCE_DIR}/ext/common/template/tfm_initial_attest_pub_key.c>
)
target_link_libraries(platform_ns
@@ -98,7 +98,7 @@
target_compile_definitions(platform_ns
PRIVATE
- $<$<BOOL:${TFM_ENABLE_SLIH_TEST}>:TFM_ENABLE_SLIH_TEST>
+ $<$<BOOL:${TEST_NS_SLIH_IRQ}>:TEST_NS_SLIH_IRQ>
$<$<BOOL:${TFM_PERIPH_ACCESS_TEST}>:TFM_ENABLE_PERIPH_ACCESS_TEST>
)
@@ -160,3 +160,22 @@
$<$<BOOL:${FORWARD_PROT_MSG}>:FORWARD_PROT_MSG=${FORWARD_PROT_MSG}>
$<$<BOOL:${TFM_CODE_SHARING}>:CODE_SHARING>
)
+
+#========================= Crypto =============================================#
+if (TFM_PARTITION_CRYPTO)
+ target_sources(tfm_psa_rot_partition_crypto
+ PRIVATE
+ $<$<BOOL:${PLATFORM_DUMMY_NV_SEED}>:${CMAKE_CURRENT_SOURCE_DIR}/ext/common/template/crypto_nv_seed.c>
+ $<$<BOOL:${PLATFORM_DUMMY_NV_SEED}>:${CMAKE_CURRENT_SOURCE_DIR}/ext/common/template/crypto_dummy_nv_seed.c>
+ )
+
+ target_compile_definitions(tfm_psa_rot_partition_crypto
+ PRIVATE
+ $<$<BOOL:${PLATFORM_DUMMY_NV_SEED}>:PLATFORM_DUMMY_NV_SEED>
+ )
+
+ target_include_directories(crypto_service_mbedcrypto
+ PUBLIC
+ $<$<BOOL:${PLATFORM_DUMMY_NV_SEED}>:${CMAKE_CURRENT_SOURCE_DIR}/include>
+ )
+endif()
diff --git a/platform/ext/accelerator/cc312/mbedtls_accelerator_config.h b/platform/ext/accelerator/cc312/mbedtls_accelerator_config.h
index fc7f00d..beffcab 100644
--- a/platform/ext/accelerator/cc312/mbedtls_accelerator_config.h
+++ b/platform/ext/accelerator/cc312/mbedtls_accelerator_config.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -13,7 +13,7 @@
#endif /* __cplusplus */
/* RNG Config */
-#undef MBEDTLS_TEST_NULL_ENTROPY
+#undef MBEDTLS_ENTROPY_NV_SEED
#undef MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
#define MBEDTLS_PLATFORM_ENTROPY
diff --git a/platform/ext/common/template/crypto_dummy_nv_seed.c b/platform/ext/common/template/crypto_dummy_nv_seed.c
index cb21fc7..fd6c2c7 100644
--- a/platform/ext/common/template/crypto_dummy_nv_seed.c
+++ b/platform/ext/common/template/crypto_dummy_nv_seed.c
@@ -11,6 +11,7 @@
/* NOTE: The seed value here is only an example, please do not use it in
* production. Platform vendor should implement their own seed value.
*/
+#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
const unsigned char seed_value[MBEDTLS_ENTROPY_BLOCK_SIZE] = {
0x12, 0x13, 0x23, 0x34, 0x0a, 0x05, 0x89, 0x78,
0xa3, 0x66, 0x8c, 0x0d, 0x97, 0x55, 0x53, 0xca,
@@ -21,6 +22,14 @@
0x58, 0xb4, 0x16, 0xc8, 0x0f, 0x38, 0x91, 0xbb,
0x28, 0x17, 0xcd, 0x8a, 0xc9, 0x53, 0x72, 0x66,
};
+#else
+const unsigned char seed_value[MBEDTLS_ENTROPY_BLOCK_SIZE] = {
+ 0x12, 0x13, 0x23, 0x34, 0x0a, 0x05, 0x89, 0x78,
+ 0xa3, 0x66, 0x8c, 0x0d, 0x97, 0x55, 0x53, 0xca,
+ 0xb5, 0x76, 0x18, 0x62, 0x29, 0xc6, 0xb6, 0x79,
+ 0x75, 0xc8, 0x5a, 0x8d, 0x9e, 0x11, 0x8f, 0x85,
+};
+#endif
int tfm_plat_crypto_create_entropy_seed(void)
{
diff --git a/platform/ext/common/template/crypto_nv_seed.c b/platform/ext/common/template/crypto_nv_seed.c
index c868d95..90e3d0a 100644
--- a/platform/ext/common/template/crypto_nv_seed.c
+++ b/platform/ext/common/template/crypto_nv_seed.c
@@ -9,8 +9,33 @@
#include "tfm_plat_crypto_nv_seed.h"
#include "psa/internal_trusted_storage.h"
+#ifndef TFM_PSA_API
+#include "mbedtls/entropy.h"
+
+static unsigned char seed_buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
+
+/*
+ \brief Copy the seed to the destination buffer
+
+ \param[out] p_dst Pointer to buffer where to store the seed
+ \param[in] p_src Pointer to the seed
+ \param[in] size Length of the seed
+*/
+static inline void copy_seed(uint8_t *p_dst, const uint8_t *p_src, size_t size)
+{
+ uint32_t i;
+
+ for (i = size; i > 0; i--) {
+ *p_dst = *p_src;
+ p_src++;
+ p_dst++;
+ }
+}
+#endif
+
int tfm_plat_crypto_nv_seed_read(unsigned char *buf, size_t buf_len)
{
+#ifdef TFM_PSA_API
psa_storage_uid_t uid = NV_SEED_FILE_ID;
psa_status_t status;
size_t data_length = 0;
@@ -22,10 +47,19 @@
} else {
return TFM_CRYPTO_NV_SEED_FAILED;
}
+#else
+ if (buf_len != MBEDTLS_ENTROPY_BLOCK_SIZE) {
+ return TFM_CRYPTO_NV_SEED_FAILED;
+ } else {
+ copy_seed(buf, seed_buf, buf_len);
+ return TFM_CRYPTO_NV_SEED_SUCCESS;
+ }
+#endif
}
int tfm_plat_crypto_nv_seed_write(const unsigned char *buf, size_t buf_len)
{
+#ifdef TFM_PSA_API
psa_storage_uid_t uid = NV_SEED_FILE_ID;
psa_status_t status;
@@ -36,4 +70,12 @@
} else {
return TFM_CRYPTO_NV_SEED_FAILED;
}
+#else
+ if (buf_len != MBEDTLS_ENTROPY_BLOCK_SIZE) {
+ return TFM_CRYPTO_NV_SEED_FAILED;
+ } else {
+ copy_seed(seed_buf, buf, buf_len);
+ return TFM_CRYPTO_NV_SEED_SUCCESS;
+ }
+#endif
}
diff --git a/platform/ext/common/template/tfm_initial_attest_pub_key.c b/platform/ext/common/template/tfm_initial_attest_pub_key.c
index 6a664ae..05cc4c4 100644
--- a/platform/ext/common/template/tfm_initial_attest_pub_key.c
+++ b/platform/ext/common/template/tfm_initial_attest_pub_key.c
@@ -21,7 +21,7 @@
*/
/* Type of the EC curve which the key belongs to, in PSA curve ID form */
-const psa_ecc_family_t initial_attest_curve_type = PSA_ECC_CURVE_SECP256R1;
+const psa_ecc_family_t initial_attest_curve_type = PSA_ECC_FAMILY_SECP_R1;
/*
* Initial attestation public key in raw format, without any encoding.
diff --git a/platform/ext/common/template/tfm_initial_attestation_key_material.c b/platform/ext/common/template/tfm_initial_attestation_key_material.c
index b171e5a..436ec25 100644
--- a/platform/ext/common/template/tfm_initial_attestation_key_material.c
+++ b/platform/ext/common/template/tfm_initial_attestation_key_material.c
@@ -60,7 +60,7 @@
/* Type of the EC curve which the key belongs to, in PSA curve ID form */
TFM_LINK_SET_RO_IN_PARTITION_SECTION("TFM_SP_INITIAL_ATTESTATION", "PSA-ROT")
-const psa_ecc_family_t initial_attestation_curve_type = PSA_ECC_CURVE_SECP256R1;
+const psa_ecc_family_t initial_attestation_curve_type = PSA_ECC_FAMILY_SECP_R1;
/* Initial attestation private key in raw format, without any encoding.
* It belongs to the ECDSA P-256 curve.
diff --git a/platform/ext/target/arm/diphda/CMSIS_Driver/Config/RTE_Device.h b/platform/ext/target/arm/diphda/CMSIS_Driver/Config/RTE_Device.h
new file mode 100755
index 0000000..571d342
--- /dev/null
+++ b/platform/ext/target/arm/diphda/CMSIS_Driver/Config/RTE_Device.h
@@ -0,0 +1,32 @@
+/*
+ * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+//-------- <<< Use Configuration Wizard in Context Menu >>> --------------------
+
+#ifndef __RTE_DEVICE_H
+#define __RTE_DEVICE_H
+
+// <e> USART (Universal synchronous - asynchronous receiver transmitter) [Driver_USART0]
+// <i> Configuration settings for Driver_USART0 in component ::Drivers:USART
+#define RTE_USART0 1
+// </e> USART (Universal synchronous - asynchronous receiver transmitter) [Driver_USART0]
+
+// <e> FLASH (Flash Memory) [Driver_FLASH0]
+// <i> Configuration settings for Driver_FLASH0 in component ::Drivers:FLASH
+#define RTE_FLASH0 1
+// </e> FLASH (Flash Memory) [Driver_FLASH0]
+
+#endif /* __RTE_DEVICE_H */
diff --git a/platform/ext/target/arm/diphda/CMSIS_Driver/Config/cmsis_driver_config.h b/platform/ext/target/arm/diphda/CMSIS_Driver/Config/cmsis_driver_config.h
new file mode 100644
index 0000000..f8b0708
--- /dev/null
+++ b/platform/ext/target/arm/diphda/CMSIS_Driver/Config/cmsis_driver_config.h
@@ -0,0 +1,30 @@
+/*
+ * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __CMSIS_DRIVER_CONFIG_H__
+#define __CMSIS_DRIVER_CONFIG_H__
+
+#include "device_cfg.h"
+#include "device_definition.h"
+#include "platform_description.h"
+#include "RTE_Device.h"
+
+#define UART0_DEV UART0_PL011_DEV
+
+/* Externally attached PMOD SF3 Nor Flash Device to the MPS3 Board. */
+#define FLASH0_DEV SPI_N25Q256A_DEV
+
+#endif /* __CMSIS_DRIVER_CONFIG_H__ */
diff --git a/platform/ext/target/arm/diphda/CMSIS_Driver/Driver_Flash.c b/platform/ext/target/arm/diphda/CMSIS_Driver/Driver_Flash.c
new file mode 100644
index 0000000..8f7c4a9
--- /dev/null
+++ b/platform/ext/target/arm/diphda/CMSIS_Driver/Driver_Flash.c
@@ -0,0 +1,212 @@
+/*
+ * Copyright (c) 2013-2021 Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <string.h>
+#include <stdint.h>
+#include "Driver_Flash.h"
+#include "RTE_Device.h"
+#include "platform_base_address.h"
+#include "flash_layout.h"
+#include "cmsis_driver_config.h"
+
+#ifndef ARG_UNUSED
+#define ARG_UNUSED(arg) ((void)arg)
+#endif
+
+/* Driver version */
+#define ARM_FLASH_DRV_VERSION ARM_DRIVER_VERSION_MAJOR_MINOR(1, 1)
+#define ARM_FLASH_DRV_ERASE_VALUE 0xFF
+
+/*
+ * ARM FLASH device structure
+ */
+struct arm_flash_dev_t {
+ struct spi_n25q256a_dev_t *dev; /*!< FLASH memory device structure */
+ ARM_FLASH_INFO *data; /*!< FLASH data */
+};
+
+/* Flash Status */
+static ARM_FLASH_STATUS FlashStatus = {0, 0, 0};
+
+/* Driver Version */
+static const ARM_DRIVER_VERSION DriverVersion = {
+ ARM_FLASH_API_VERSION,
+ ARM_FLASH_DRV_VERSION
+};
+
+/* Driver Capabilities */
+static const ARM_FLASH_CAPABILITIES N25Q256ADriverCapabilities = {
+ 0, /* event_ready */
+ 0, /* data_width = 0:8-bit, 1:16-bit, 2:32-bit */
+ 1 /* erase_chip */
+};
+
+/*
+ * Common interface functions
+ */
+
+static ARM_DRIVER_VERSION ARM_Flash_GetVersion(void)
+{
+ return DriverVersion;
+}
+
+static int32_t ARM_Flash_Uninitialize(void)
+{
+ /* Nothing to be done */
+ return ARM_DRIVER_OK;
+}
+
+static ARM_FLASH_STATUS ARM_Flash_GetStatus(void)
+{
+ return FlashStatus;
+}
+
+static int32_t ARM_Flash_PowerControl(ARM_POWER_STATE state)
+{
+ switch (state) {
+ case ARM_POWER_FULL:
+ /* Nothing to be done */
+ return ARM_DRIVER_OK;
+ break;
+
+ case ARM_POWER_OFF:
+ case ARM_POWER_LOW:
+ default:
+ return ARM_DRIVER_ERROR_UNSUPPORTED;
+ }
+}
+
+#if (RTE_FLASH0)
+static ARM_FLASH_INFO ARM_FLASH0_DEV_DATA = {
+ .sector_info = NULL, /* Uniform sector layout */
+ .sector_count = PMOD_SF3_FLASH_TOTAL_SIZE / PMOD_SF3_FLASH_SECTOR_SIZE,
+ .sector_size = PMOD_SF3_FLASH_SECTOR_SIZE,
+ .page_size = PMOD_SF3_FLASH_PAGE_SIZE,
+ .program_unit = PMOD_SF3_FLASH_PROGRAM_UNIT,
+ .erased_value = ARM_FLASH_DRV_ERASE_VALUE
+};
+
+static struct arm_flash_dev_t ARM_FLASH0_DEV = {
+ .dev = &FLASH0_DEV,
+ .data = &(ARM_FLASH0_DEV_DATA)
+};
+
+/*
+ * Functions
+ */
+
+static ARM_FLASH_CAPABILITIES N25Q256A_Driver_GetCapabilities(void)
+{
+ return N25Q256ADriverCapabilities;
+}
+
+
+static int32_t N25Q256A_Flash_Initialize(ARM_Flash_SignalEvent_t cb_event)
+{
+ ARG_UNUSED(cb_event);
+ enum n25q256a_error_t ret;
+ struct spi_n25q256a_dev_t* dev = ARM_FLASH0_DEV.dev;
+ ARM_FLASH_INFO* data = ARM_FLASH0_DEV.data;
+
+ dev->total_sector_cnt = data->sector_count;
+ dev->page_size = data->page_size;
+ dev->sector_size = data->sector_size;
+ dev->program_unit = data->program_unit;
+
+ ret = spi_n25q256a_initialize(ARM_FLASH0_DEV.dev);
+ if (ret != N25Q256A_ERR_NONE) {
+ SPI_FLASH_LOG_MSG("%s: Initialization failed.\n\r", __func__);
+ return ARM_DRIVER_ERROR;
+ }
+
+ return ARM_DRIVER_OK;
+}
+
+static int32_t N25Q256A_Flash_ReadData(uint32_t addr, void *data, uint32_t cnt)
+{
+ enum n25q256a_error_t ret;
+
+ ret = spi_n25q256a_read(ARM_FLASH0_DEV.dev, addr, data, cnt);
+ if (ret != N25Q256A_ERR_NONE) {
+ SPI_FLASH_LOG_MSG("%s: read failed: addr=0x%x, cnt=%u\n\r", __func__, addr, cnt);
+ return ARM_DRIVER_ERROR;
+ }
+
+ return ARM_DRIVER_OK;
+}
+
+static int32_t N25Q256A_Flash_ProgramData(uint32_t addr, const void *data,
+ uint32_t cnt)
+{
+ enum n25q256a_error_t ret;
+
+ ret = spi_n25q256a_program(ARM_FLASH0_DEV.dev, addr, data, cnt);
+ if (ret != N25Q256A_ERR_NONE) {
+ SPI_FLASH_LOG_MSG("%s: program failed: addr=0x%x, cnt=%u\n\r", __func__, addr, cnt);
+ return ARM_DRIVER_ERROR;
+ }
+
+ return ARM_DRIVER_OK;
+}
+
+static int32_t N25Q256A_Flash_EraseSector(uint32_t addr)
+{
+ enum n25q256a_error_t ret;
+
+ ret = spi_n25q256a_erase(ARM_FLASH0_DEV.dev, addr);
+ if (ret != N25Q256A_ERR_NONE) {
+ SPI_FLASH_LOG_MSG("%s: erase failed: addr=0x%x\n\r", __func__, addr);
+ return ARM_DRIVER_ERROR;
+ }
+
+ return ARM_DRIVER_OK;
+}
+
+static int32_t N25Q256A_Flash_EraseChip(void)
+{
+ enum n25q256a_error_t ret;
+
+ ret = spi_n25q256a_erase_chip(ARM_FLASH0_DEV.dev);
+ if (ret != N25Q256A_ERR_NONE) {
+ SPI_FLASH_LOG_MSG("%s: erase chip failed\n\r", __func__);
+ return ARM_DRIVER_ERROR;
+ }
+
+ return ARM_DRIVER_OK;
+}
+
+static ARM_FLASH_INFO * N25Q256A_Flash_GetInfo(void)
+{
+ return ARM_FLASH0_DEV.data;
+}
+
+ARM_DRIVER_FLASH Driver_FLASH0 = {
+ ARM_Flash_GetVersion,
+ N25Q256A_Driver_GetCapabilities,
+ N25Q256A_Flash_Initialize,
+ ARM_Flash_Uninitialize,
+ ARM_Flash_PowerControl,
+ N25Q256A_Flash_ReadData,
+ N25Q256A_Flash_ProgramData,
+ N25Q256A_Flash_EraseSector,
+ N25Q256A_Flash_EraseChip,
+ ARM_Flash_GetStatus,
+ N25Q256A_Flash_GetInfo
+};
+
+#endif /* RTE_FLASH0 */
diff --git a/platform/ext/target/arm/diphda/CMSIS_Driver/Driver_USART.c b/platform/ext/target/arm/diphda/CMSIS_Driver/Driver_USART.c
new file mode 100644
index 0000000..e0f5b1f
--- /dev/null
+++ b/platform/ext/target/arm/diphda/CMSIS_Driver/Driver_USART.c
@@ -0,0 +1,317 @@
+/*
+ * Copyright (c) 2013-2020 Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "Driver_USART.h"
+
+#include "cmsis_driver_config.h"
+#include "RTE_Device.h"
+
+#ifndef ARG_UNUSED
+#define ARG_UNUSED(arg) (void)arg
+#endif
+
+/* Driver version */
+#define ARM_USART_DRV_VERSION ARM_DRIVER_VERSION_MAJOR_MINOR(2, 2)
+
+/* Driver Version */
+static const ARM_DRIVER_VERSION DriverVersion = {
+ ARM_USART_API_VERSION,
+ ARM_USART_DRV_VERSION
+};
+
+/* Driver Capabilities */
+static const ARM_USART_CAPABILITIES DriverCapabilities = {
+ 1, /* supports UART (Asynchronous) mode */
+ 0, /* supports Synchronous Master mode */
+ 0, /* supports Synchronous Slave mode */
+ 0, /* supports UART Single-wire mode */
+ 0, /* supports UART IrDA mode */
+ 0, /* supports UART Smart Card mode */
+ 0, /* Smart Card Clock generator available */
+ 0, /* RTS Flow Control available */
+ 0, /* CTS Flow Control available */
+ 0, /* Transmit completed event: \ref ARM_USARTx_EVENT_TX_COMPLETE */
+ 0, /* Signal receive character timeout event:
+ * \ref ARM_USARTx_EVENT_RX_TIMEOUT
+ */
+ 0, /* RTS Line: 0=not available, 1=available */
+ 0, /* CTS Line: 0=not available, 1=available */
+ 0, /* DTR Line: 0=not available, 1=available */
+ 0, /* DSR Line: 0=not available, 1=available */
+ 0, /* DCD Line: 0=not available, 1=available */
+ 0, /* RI Line: 0=not available, 1=available */
+ 0, /* Signal CTS change event: \ref ARM_USARTx_EVENT_CTS */
+ 0, /* Signal DSR change event: \ref ARM_USARTx_EVENT_DSR */
+ 0, /* Signal DCD change event: \ref ARM_USARTx_EVENT_DCD */
+ 0, /* Signal RI change event: \ref ARM_USARTx_EVENT_RI */
+ 0 /* Reserved */
+};
+
+static ARM_DRIVER_VERSION ARM_USART_GetVersion(void)
+{
+ return DriverVersion;
+}
+
+static ARM_USART_CAPABILITIES ARM_USART_GetCapabilities(void)
+{
+ return DriverCapabilities;
+}
+
+typedef struct {
+ struct uart_pl011_dev_t* dev; /* UART device structure */
+ uint32_t tx_nbr_bytes; /* Number of bytes transfered */
+ uint32_t rx_nbr_bytes; /* Number of bytes recevied */
+ ARM_USART_SignalEvent_t cb_event; /* Callback function for events */
+} UARTx_Resources;
+
+static int32_t ARM_USARTx_Initialize(UARTx_Resources* uart_dev)
+{
+ /* Initializes generic UART driver */
+ uart_pl011_init(uart_dev->dev, PeripheralClock);
+
+ uart_pl011_enable(uart_dev->dev);
+
+ return ARM_DRIVER_OK;
+}
+
+static int32_t ARM_USARTx_Uninitialize(UARTx_Resources* uart_dev)
+{
+ /* Disables and uninitializes generic UART driver */
+ uart_pl011_uninit(uart_dev->dev);
+
+ return ARM_DRIVER_OK;
+}
+
+static int32_t ARM_USARTx_PowerControl(UARTx_Resources* uart_dev,
+ ARM_POWER_STATE state)
+{
+ ARG_UNUSED(uart_dev);
+
+ switch (state) {
+ case ARM_POWER_OFF:
+ case ARM_POWER_LOW:
+ return ARM_DRIVER_ERROR_UNSUPPORTED;
+ case ARM_POWER_FULL:
+ /* Nothing to be done */
+ return ARM_DRIVER_OK;
+ default:
+ return ARM_DRIVER_ERROR_PARAMETER;
+ }
+}
+
+static int32_t ARM_USARTx_Send(UARTx_Resources* uart_dev, const void *data,
+ uint32_t num)
+{
+ const uint8_t* p_data = (const uint8_t*)data;
+
+ if ((data == NULL) || (num == 0U)) {
+ /* Invalid parameters */
+ return ARM_DRIVER_ERROR_PARAMETER;
+ }
+
+ /* Resets previous TX counter */
+ uart_dev->tx_nbr_bytes = 0;
+
+ while(uart_dev->tx_nbr_bytes != num) {
+ /* Waits until UART is ready to transmit */
+ while(!uart_pl011_is_writable(uart_dev->dev)) {};
+
+ /* As UART is ready to transmit at this point, the write function can
+ * not return any transmit error */
+ (void)uart_pl011_write(uart_dev->dev, *p_data);
+
+ uart_dev->tx_nbr_bytes++;
+ p_data++;
+ }
+
+ /* Waits until character is transmited */
+ while (!uart_pl011_is_writable(uart_dev->dev)){};
+
+ return ARM_DRIVER_OK;
+}
+
+static int32_t ARM_USARTx_Receive(UARTx_Resources* uart_dev,
+ void *data, uint32_t num)
+{
+ uint8_t* p_data = (uint8_t*)data;
+
+ if ((data == NULL) || (num == 0U)) {
+ // Invalid parameters
+ return ARM_DRIVER_ERROR_PARAMETER;
+ }
+
+ /* Resets previous RX counter */
+ uart_dev->rx_nbr_bytes = 0;
+
+ while(uart_dev->rx_nbr_bytes != num) {
+ /* Waits until one character is received */
+ while (!uart_pl011_is_readable(uart_dev->dev)){};
+
+ /* As UART has received one byte, the read can not
+ * return any receive error at this point */
+ (void)uart_pl011_read(uart_dev->dev, p_data);
+
+ uart_dev->rx_nbr_bytes++;
+ p_data++;
+ }
+
+ return ARM_DRIVER_OK;
+}
+
+static uint32_t ARM_USARTx_GetTxCount(UARTx_Resources* uart_dev)
+{
+ return uart_dev->tx_nbr_bytes;
+}
+
+static uint32_t ARM_USARTx_GetRxCount(UARTx_Resources* uart_dev)
+{
+ return uart_dev->rx_nbr_bytes;
+}
+
+static int32_t ARM_USARTx_Control(UARTx_Resources* uart_dev, uint32_t control,
+ uint32_t arg)
+{
+ switch (control & ARM_USART_CONTROL_Msk) {
+ case ARM_USART_MODE_ASYNCHRONOUS:
+ if(uart_pl011_set_baudrate(uart_dev->dev, arg) !=
+ UART_PL011_ERR_NONE) {
+ return ARM_USART_ERROR_BAUDRATE;
+ }
+ break;
+ /* Unsupported command */
+ default:
+ return ARM_DRIVER_ERROR_UNSUPPORTED;
+ }
+
+ /* UART Data bits */
+ if(control & ARM_USART_DATA_BITS_Msk) {
+ /* Data bit is not configurable */
+ return ARM_DRIVER_ERROR_UNSUPPORTED;
+ }
+
+ /* UART Parity */
+ if(control & ARM_USART_PARITY_Msk) {
+ /* Parity is not configurable */
+ return ARM_USART_ERROR_PARITY;
+ }
+
+ /* USART Stop bits */
+ if(control & ARM_USART_STOP_BITS_Msk) {
+ /* Stop bit is not configurable */
+ return ARM_USART_ERROR_STOP_BITS;
+ }
+
+ return ARM_DRIVER_OK;
+}
+
+#if (RTE_USART0)
+/* USART0 Driver wrapper functions */
+static UARTx_Resources USART0_DEV = {
+ .dev = &UART0_DEV,
+ .tx_nbr_bytes = 0,
+ .rx_nbr_bytes = 0,
+ .cb_event = NULL,
+};
+
+static int32_t ARM_USART0_Initialize(ARM_USART_SignalEvent_t cb_event)
+{
+ USART0_DEV.cb_event = cb_event;
+
+ return ARM_USARTx_Initialize(&USART0_DEV);
+}
+
+static int32_t ARM_USART0_Uninitialize(void)
+{
+ return ARM_USARTx_Uninitialize(&USART0_DEV);
+}
+
+static int32_t ARM_USART0_PowerControl(ARM_POWER_STATE state)
+{
+ return ARM_USARTx_PowerControl(&USART0_DEV, state);
+}
+
+static int32_t ARM_USART0_Send(const void *data, uint32_t num)
+{
+ return ARM_USARTx_Send(&USART0_DEV, data, num);
+}
+
+static int32_t ARM_USART0_Receive(void *data, uint32_t num)
+{
+ return ARM_USARTx_Receive(&USART0_DEV, data, num);
+}
+
+static int32_t ARM_USART0_Transfer(const void *data_out, void *data_in,
+ uint32_t num)
+{
+ ARG_UNUSED(data_out);
+ ARG_UNUSED(data_in);
+ ARG_UNUSED(num);
+
+ return ARM_DRIVER_ERROR_UNSUPPORTED;
+}
+
+static uint32_t ARM_USART0_GetTxCount(void)
+{
+ return ARM_USARTx_GetTxCount(&USART0_DEV);
+}
+
+static uint32_t ARM_USART0_GetRxCount(void)
+{
+ return ARM_USARTx_GetRxCount(&USART0_DEV);
+}
+static int32_t ARM_USART0_Control(uint32_t control, uint32_t arg)
+{
+ return ARM_USARTx_Control(&USART0_DEV, control, arg);
+}
+
+static ARM_USART_STATUS ARM_USART0_GetStatus(void)
+{
+ ARM_USART_STATUS status = {0, 0, 0, 0, 0, 0, 0, 0};
+ return status;
+}
+
+static int32_t ARM_USART0_SetModemControl(ARM_USART_MODEM_CONTROL control)
+{
+ ARG_UNUSED(control);
+ return ARM_DRIVER_ERROR_UNSUPPORTED;
+}
+
+static ARM_USART_MODEM_STATUS ARM_USART0_GetModemStatus(void)
+{
+ ARM_USART_MODEM_STATUS modem_status = {0, 0, 0, 0, 0};
+ return modem_status;
+}
+
+extern ARM_DRIVER_USART Driver_USART0;
+ARM_DRIVER_USART Driver_USART0 = {
+ ARM_USART_GetVersion,
+ ARM_USART_GetCapabilities,
+ ARM_USART0_Initialize,
+ ARM_USART0_Uninitialize,
+ ARM_USART0_PowerControl,
+ ARM_USART0_Send,
+ ARM_USART0_Receive,
+ ARM_USART0_Transfer,
+ ARM_USART0_GetTxCount,
+ ARM_USART0_GetRxCount,
+ ARM_USART0_Control,
+ ARM_USART0_GetStatus,
+ ARM_USART0_SetModemControl,
+ ARM_USART0_GetModemStatus
+};
+#endif /* RTE_USART0 */
diff --git a/platform/ext/target/arm/diphda/CMakeLists.txt b/platform/ext/target/arm/diphda/CMakeLists.txt
new file mode 100644
index 0000000..6a461a1
--- /dev/null
+++ b/platform/ext/target/arm/diphda/CMakeLists.txt
@@ -0,0 +1,114 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2020-2021, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+cmake_policy(SET CMP0076 NEW)
+set(CMAKE_CURRENT_SOURCE_DIR ${CMAKE_CURRENT_LIST_DIR})
+
+#========================= Platform region defs ===============================#
+
+target_include_directories(platform_region_defs
+ INTERFACE
+ partition
+)
+
+#========================= Platform common defs ===============================#
+
+# Specify the location of platform specific build dependencies.
+target_sources(tfm_s
+ PRIVATE
+ $<$<C_COMPILER_ID:GNU>:${CMAKE_CURRENT_SOURCE_DIR}/Device/Source/gcc/startup_diphda_s.S>
+)
+target_add_scatter_file(tfm_s
+ $<$<C_COMPILER_ID:GNU>:${CMAKE_SOURCE_DIR}/platform/ext/common/gcc/tfm_common_s.ld>
+)
+
+target_sources(bl2
+ PRIVATE
+ $<$<C_COMPILER_ID:GNU>:${CMAKE_CURRENT_SOURCE_DIR}/Device/Source/gcc/startup_diphda_bl.S>
+)
+target_add_scatter_file(bl2
+ $<$<C_COMPILER_ID:GNU>:${CMAKE_CURRENT_SOURCE_DIR}/Device/Source/gcc/diphda_bl2.ld>
+)
+
+#========================= Platform Secure ====================================#
+
+add_subdirectory(openamp)
+
+target_include_directories(platform_s
+ PUBLIC
+ .
+ CMSIS_Driver
+ CMSIS_Driver/Config
+ Device/Config
+ Device/Include
+ Native_Driver
+ partition
+ services/include
+)
+
+target_sources(platform_s
+ PRIVATE
+ CMSIS_Driver/Driver_Flash.c
+ CMSIS_Driver/Driver_USART.c
+ Device/Source/device_definition.c
+ Device/Source/system_core_init.c
+ Native_Driver/uart_pl011_drv.c
+ Native_Driver/mhu_v2_x.c
+ Native_Driver/xilinx_pg153_axi_qspi_controller_drv.c
+ Native_Driver/spi_n25q256a_flash_lib.c
+ spm_hal.c
+ tfm_hal_isolation.c
+ $<$<BOOL:TFM_PARTITION_PLATFORM>:${CMAKE_CURRENT_SOURCE_DIR}/services/src/tfm_platform_system.c>
+)
+
+target_link_libraries(platform_s
+ PUBLIC
+ tfm_spm
+)
+
+#========================= Platform BL2 =======================================#
+
+target_sources(platform_bl2
+ PRIVATE
+ CMSIS_Driver/Driver_Flash.c
+ CMSIS_Driver/Driver_USART.c
+ Device/Source/device_definition.c
+ Device/Source/system_core_init.c
+ Native_Driver/uart_pl011_drv.c
+ Native_Driver/xilinx_pg153_axi_qspi_controller_drv.c
+ Native_Driver/spi_n25q256a_flash_lib.c
+ bl2_boot_hal.c
+ bl2_security_cnt.c
+ tfm_rotpk.c
+)
+
+target_sources(bl2
+ PRIVATE
+ bl2_flash_map.c
+)
+
+target_compile_definitions(bootutil
+ PRIVATE
+ MULTIPLE_EXECUTABLE_RAM_REGIONS
+)
+
+target_include_directories(platform_bl2
+ PUBLIC
+ partition
+ Device/Include
+ PRIVATE
+ .
+ CMSIS_Driver/Config
+ Device/Config
+ Native_Driver
+ ${MCUBOOT_PATH}/boot/bootutil/include # for fault_injection_hardening.h only
+ ${CMAKE_BINARY_DIR}/bl2/ext/mcuboot # for mcuboot_config.h only
+)
+
+#========================= BL1 component =======================================#
+
+add_subdirectory(bl1)
diff --git a/platform/ext/target/arm/diphda/Device/Config/device_cfg.h b/platform/ext/target/arm/diphda/Device/Config/device_cfg.h
new file mode 100644
index 0000000..479ef32
--- /dev/null
+++ b/platform/ext/target/arm/diphda/Device/Config/device_cfg.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2017-2021 Arm Limited. All rights reserved.
+ *
+ * Licensed under the Apache License Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing software
+ * distributed under the License is distributed on an "AS IS" BASIS
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __DEVICE_CFG_H__
+#define __DEVICE_CFG_H__
+
+/*ARM UART Controller PL011*/
+#define UART0_PL011
+
+/* Default UART baud rate */
+#define DEFAULT_UART_BAUDRATE 115200
+
+/*ARM MHU1 SE to Host*/
+#define MHU1_SE_TO_HOST
+
+/*ARM MHU1 Host to SE*/
+#define MHU1_HOST_TO_SE
+
+/* External PMOD SF3 Flash Device */
+#define SPI_N25Q256A_S
+
+/* AXI QSPI Controller */
+#define AXI_QSPI_S
+
+#endif /* __DEVICE_CFG_H__ */
diff --git a/platform/ext/target/arm/diphda/Device/Include/cmsis.h b/platform/ext/target/arm/diphda/Device/Include/cmsis.h
new file mode 100644
index 0000000..35e8456
--- /dev/null
+++ b/platform/ext/target/arm/diphda/Device/Include/cmsis.h
@@ -0,0 +1,33 @@
+/*
+ * Copyright (c) 2017-2021, Arm Limited. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __CMSIS_H__
+#define __CMSIS_H__
+
+/* Configuration of the ARM Cortex-M0+ Processor and Core Peripherals */
+#define __CM0PLUS_REV 0x0001U /* CM0PLUS Core Revision */
+#define __NVIC_PRIO_BITS 2 /* Number of Bits used for Priority Levels */
+#define __Vendor_SysTickConfig 0 /* Set to 1 if different SysTick Config is used */
+#define __VTOR_PRESENT 1 /* Set to 1 if CPU supports Vector Table Offset Register */
+#define __MPU_PRESENT 1 /* MPU present */
+
+#include "cmsis_compiler.h"
+#include "platform_base_address.h"
+#include "system_core_init.h"
+#include "platform_irq.h"
+#include "core_cm0plus.h"
+
+#endif /*__CMSIS_H__ */
diff --git a/platform/ext/target/arm/diphda/Device/Include/device_definition.h b/platform/ext/target/arm/diphda/Device/Include/device_definition.h
new file mode 100644
index 0000000..98ce30d
--- /dev/null
+++ b/platform/ext/target/arm/diphda/Device/Include/device_definition.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2017-2021 Arm Limited. All rights reserved.
+ *
+ * Licensed under the Apache License Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing software
+ * distributed under the License is distributed on an "AS IS" BASIS
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * \file device_definition.h
+ * \brief The structure definitions in this file are exported based on the
+ * peripheral definitions from device_cfg.h.
+ * This file is meant to be used as a helper for baremetal
+ * applications and/or as an example of how to configure the generic
+ * driver structures.
+ */
+
+#ifndef __DEVICE_DEFINITION_H__
+#define __DEVICE_DEFINITION_H__
+
+#include "device_cfg.h"
+
+/** ARM UART PL011 driver structures */
+#ifdef UART0_PL011
+#include "uart_pl011_drv.h"
+extern struct uart_pl011_dev_t UART0_PL011_DEV;
+#endif
+
+/** ARM MHU1 SE to Host driver structures */
+#ifdef MHU1_SE_TO_HOST
+#include "mhu_v2_x.h"
+extern struct mhu_v2_x_dev_t MHU1_SE_TO_HOST_DEV;
+#endif
+
+/** ARM MHU1 Host to SE driver structures */
+#ifdef MHU1_HOST_TO_SE
+#include "mhu_v2_x.h"
+extern struct mhu_v2_x_dev_t MHU1_HOST_TO_SE_DEV;
+#endif
+
+/* QSPI Flash Controller driver structures */
+#if (defined(SPI_N25Q256A_S) && defined(AXI_QSPI_S))
+#include "xilinx_pg153_axi_qspi_controller_drv.h"
+extern struct axi_qspi_dev_t AXI_QSPI_DEV_S;
+#endif
+
+/* PMOD SF3 Nor Flash N25Q256A driver structures */
+#if (defined(SPI_N25Q256A_S) && defined(AXI_QSPI_S))
+#include "spi_n25q256a_flash_lib.h"
+extern struct spi_n25q256a_dev_t SPI_N25Q256A_DEV;
+#endif
+
+#endif /* __DEVICE_DEFINITION_H__ */
diff --git a/platform/ext/target/arm/diphda/Device/Include/platform_base_address.h b/platform/ext/target/arm/diphda/Device/Include/platform_base_address.h
new file mode 100644
index 0000000..e5e2bfa
--- /dev/null
+++ b/platform/ext/target/arm/diphda/Device/Include/platform_base_address.h
@@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 2017-2021 Arm Limited. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * This file is derivative of CMSIS V5.01:
+ * Device\_Template_Vendor\Vendor\Device\Include\Device.h
+ */
+
+#ifndef __PLATFORM_BASE_ADDRESS_H__
+#define __PLATFORM_BASE_ADDRESS_H__
+
+/* Secure Enclave Peripheral base addresses */
+#define DIPHDA_ROM_BASE (0x00000000U) /* SE ROM Region */
+#define DIPHDA_CRYPTO_ACCELERATOR_BASE (0x2F000000U) /* Crypto Accelerator */
+#define DIPHDA_SRAM_BASE (0x30000000U) /* SE RAM Region */
+#define DIPHDA_PERIPHERAL_BASE (0x50000000U) /* SE Peripheral Region */
+#define DIPHDA_CMSDK_TIMER_0_BASE (0x50000000U) /* CMSDK Timer 0 */
+#define DIPHDA_CMSDK_TIMER_1_BASE (0x50001000U) /* CMSDK Timer 1 */
+#define DIPHDA_SEH_0_SENDER_BASE (0x50003000U) /* SEH0 Sender */
+#define DIPHDA_HSE_0_RECEIVER_BASE (0x50004000U) /* HSE1 Receiver */
+#define DIPHDA_SEH_1_SENDER_BASE (0x50005000U) /* SEH1 Sender */
+#define DIPHDA_HSE_1_RECEIVER_BASE (0x50006000U) /* HSE1 Receiver */
+/* Not all of the SEESx/ESxSE peripherals will be applicable, depending on the
+ * number of external systems present */
+#define DIPHDA_SEES0_0_SENDER_BASE (0x50010000U) /* SEES0 0 Sender */
+#define DIPHDA_ES0SE_0_RECEIVER_BASE (0x50011000U) /* ES0SE 0 Receiver */
+#define DIPHDA_SEES0_1_SENDER_BASE (0x50012000U) /* SEES0 1 Sender */
+#define DIPHDA_ES0SE_1_RECEIVER_BASE (0x50013000U) /* ES0SE 1 Receiver */
+#define DIPHDA_SEES1_0_SENDER_BASE (0x50014000U) /* SEES1 0 Sender */
+#define DIPHDA_ES1SE_0_RECEIVER_BASE (0x50015000U) /* ES1SE 0 Receiver */
+#define DIPHDA_SEES1_1_SENDER_BASE (0x50016000U) /* SEES1 1 Sender */
+#define DIPHDA_ES1SE_1_RECEIVER_BASE (0x50017000U) /* ES1SE 1 Receiver */
+#define DIPHDA_SEES2_0_SENDER_BASE (0x50018000U) /* SEES2 0 Sender */
+#define DIPHDA_ES2SE_0_RECEIVER_BASE (0x50019000U) /* ES2SE 0 Receiver */
+#define DIPHDA_SEES2_1_SENDER_BASE (0x5001A000U) /* SEES2 1 Sender */
+#define DIPHDA_ES2SE_1_RECEIVER_BASE (0x5001B000U) /* ES2SE 1 Receiver */
+#define DIPHDA_SEES3_0_SENDER_BASE (0x5001C000U) /* SEES3 0 Sender */
+#define DIPHDA_ES3SE_0_RECEIVER_BASE (0x5001D000U) /* ES3SE 0 Receiver */
+#define DIPHDA_SEES3_1_SENDER_BASE (0x5001E000U) /* SEES3 1 Sender */
+#define DIPHDA_ES3SE_1_RECEIVER_BASE (0x5001F000U) /* ES3SE 1 Receiver */
+#define DIPHDA_SCR_BASE (0x50080000U) /* System Control Register */
+#define DIPHDA_WATCHDOG_TIMER_BASE (0x50081000U) /* Watchdog Timer */
+#define DIPHDA_SECENCTOP_PPU_BASE (0x5008D000U) /* SECENCTOP PPU */
+#define DIPHDA_BASE_SCR_BASE (0x5008E000U) /* SE Base System Control Register */
+#define DIPHDA_SOC_WATCHDOG_BASE (0x5008F000U) /* SoC Watchdog */
+#define DIPHDA_UART_BASE (0x50090000U) /* UART */
+#define DIPHDA_FIREWALL_BASE (0x50200000U) /* SE Firewall */
+#define DIPHDA_HOST_ACCESS_REGION_BASE (0x60000000U) /* Host Access Region */
+#define DIPHDA_PPB_BASE (0xE0000000U) /* Private Peripheral Bus (PPB) */
+#define DIPHDA_CS_ROM_BASE (0xF0000000U) /* SE CS ROM */
+#define DIPHDA_CTI_BASE (0xF0001000U) /* SE CTI */
+
+/* Host base addresses from the SE perspective - partial list, only the ones
+ * required by the SE are defined here */
+#define DIPHDA_HOST_BIR_BASE (0x60000000U) /* Boot Instruction Register */
+#define DIPHDA_HOST_SHARED_RAM_BASE (0x62000000U) /* Shared RAM */
+#define DIPHDA_HOST_XNVM_BASE (0x68000000U) /* XNVM */
+#define DIPHDA_AXI_QSPI_CTRL_REG_BASE (0x80050000U) /* AXI QSPI Controller */
+#define DIPHDA_HOST_BASE_SYSTEM_CONTROL_BASE (0x7A010000U) /* Host SCB */
+#define DIPHDA_HOST_FIREWALL_BASE (0x7A800000U) /* Host Firewall */
+#define DIPHDA_HOST_FPGA_SCC_REGISTERS (0x80000000U) /* FPGA SCC Registers */
+
+#endif /* __PLATFORM_BASE_ADDRESS_H__ */
diff --git a/platform/ext/target/arm/diphda/Device/Include/platform_description.h b/platform/ext/target/arm/diphda/Device/Include/platform_description.h
new file mode 100644
index 0000000..4dee237
--- /dev/null
+++ b/platform/ext/target/arm/diphda/Device/Include/platform_description.h
@@ -0,0 +1,23 @@
+/*
+ * Copyright (c) 2018-2021 Arm Limited. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __PLATFORM_DESCRIPTION_H__
+#define __PLATFORM_DESCRIPTION_H__
+
+#include "platform_base_address.h"
+#include "cmsis.h"
+
+#endif /* __PLATFORM_DESCRIPTION_H__ */
diff --git a/platform/ext/target/arm/diphda/Device/Include/platform_irq.h b/platform/ext/target/arm/diphda/Device/Include/platform_irq.h
new file mode 100644
index 0000000..a858dac
--- /dev/null
+++ b/platform/ext/target/arm/diphda/Device/Include/platform_irq.h
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 2019-2021 Arm Limited. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __PLATFORM_IRQ_H__
+#define __PLATFORM_IRQ_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef enum IRQn
+{
+ Reset_IRQn = -15, /* Reset Vector */
+ NonMaskableInt_IRQn = -14, /* Non maskable Interrupt */
+ HardFault_IRQn = -13, /* Hard Fault, all classes of Fault */
+ SVCall_IRQn = -5, /* System Service Call via SVC instruction */
+ PendSV_IRQn = -2, /* Pendable request for system service */
+ SysTick_IRQn = -1, /* System Tick Timer */
+ /* SoC Specific Interrupt Numbers */
+ SE_INTERRUPT_EXPANSION_IRQn = 0, /* Secure Enclave Intrrupt Expansion */
+ CRYPTO_ACCELERATOR_0_IRQn = 1, /* Crypto Accelerator Interrupt 0 */
+ CRYPTO_ACCELERATOR_1_IRQn = 2, /* Crypto Accelerator Interrupt 1 */
+ SE_WATCHDOG_TIMER_IRQn = 3, /* Secure Enclave Watchdog Timer Interrupt */
+ /* Reserved = 4, */
+ TIMER0_IRQn = 5, /* CMSDK Timer 0 Interrupt */
+ TIMER1_IRQn = 6, /* CMSDK Timer 1 Interrupt */
+ HS_FIREWALL_TAMPER_IRQn = 7, /* Host System Firewall Tamper Interrupt */
+ INTERRUPT_ROUTER_TAMPER_IRQn = 8, /* Interrupt Router Tamper Interrupt */
+ SECURE_WATCHDOG_WS1_IRQn = 9, /* Secure Watchdog WS1 Interrupt */
+ SECNENCTOP_PPU_IRQn = 10, /* SECNENCTOP PPU Interrupt */
+ UART_UARTINTR_IRQn = 11, /* UART UARTINTR Interrupt */
+ SE_FIREWALL_INTERRUPT_IRQn = 12, /* Secure Enclave Firewall Interrupt */
+ SE_CTI_TRIGGER_OUT_2_IRQn = 13, /* Secure Enclave CTI Trigger Out 2 */
+ SE_CTI_TRIGGER_OUT_3_IRQn = 14, /* Secure Enclave CTI Trigger Out 3 */
+ /* Reserved = 15, */
+ /* Reserved = 16, */
+ /* Reserved = 17, */
+ /* Reserved = 18, */
+ /* Reserved = 19, */
+ /* Reserved = 20, */
+ SEH0_SENDER_COMBINED_IRQn = 21, /* SEH0 Sender Combined Interrupt */
+ /* Reserved = 22, */
+ HSE0_RECEIVER_COMBINED_IRQn = 23, /* HSE0 Receiver Combined Interrupt */
+ /* Reserved = 24, */
+ /* Reserved = 25, */
+ SEH1_SENDER_COMBINED_IRQn = 26, /* SEH1 Sender Combined Interrupt */
+ /* Reserved = 27, */
+ HSE1_RECEIVER_COMBINED_IRQn = 28, /* HSE1 Receiver Combined Interrupt */
+ /* Reserved = 29, */
+ /* Reserved = 30, */
+ /* Reserved = 31, */
+} IRQn_Type;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __PLATFORM_IRQ_H__ */
diff --git a/platform/ext/target/arm/diphda/Device/Include/system_core_init.h b/platform/ext/target/arm/diphda/Device/Include/system_core_init.h
new file mode 100644
index 0000000..572349f
--- /dev/null
+++ b/platform/ext/target/arm/diphda/Device/Include/system_core_init.h
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2009-2021 Arm Limited. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is derivative of CMSIS V5.01 \Device\ARM\ARMCM0plus\Include\system_ARMCM0plus.h
+ * Git SHA: 8a1d9d6ee18b143ae5befefa14d89fb5b3f99c75
+ *
+ */
+
+#ifndef __SYSTEM_CORE_INIT_H__
+#define __SYSTEM_CORE_INIT_H__
+
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern uint32_t SystemCoreClock; /*!< System Clock Frequency (Core Clock) */
+extern uint32_t PeripheralClock; /*!< Peripheral Clock Frequency */
+
+/**
+ \brief Setup the microcontroller system.
+
+ Initialize the System and update the SystemCoreClock variable.
+ It should be called from Reset Handler within the first few steps.
+ The minimal feature set should be initialised for successful exit
+ from Reset Handler to main entry point.
+ */
+extern void SystemInit (void);
+
+
+/**
+ \brief Update SystemCoreClock variable.
+
+ Updates the SystemCoreClock with current core Clock retrieved from cpu registers.
+ */
+extern void SystemCoreClockUpdate (void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __SYSTEM_CORE_INIT_H__ */
diff --git a/platform/ext/target/arm/diphda/Device/Source/device_definition.c b/platform/ext/target/arm/diphda/Device/Source/device_definition.c
new file mode 100644
index 0000000..ba69447
--- /dev/null
+++ b/platform/ext/target/arm/diphda/Device/Source/device_definition.c
@@ -0,0 +1,68 @@
+/*
+ * Copyright (c) 2016-2021, Arm Limited. All rights reserved.
+ *
+ * Licensed under the Apache License Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing software
+ * distributed under the License is distributed on an "AS IS" BASIS
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "device_definition.h"
+#include "platform_base_address.h"
+
+#ifdef UART0_PL011
+static const struct uart_pl011_dev_cfg_t UART0_PL011_DEV_CFG = {
+ .base = DIPHDA_UART_BASE,
+ .def_baudrate = DEFAULT_UART_BAUDRATE,
+ .def_wlen = UART_PL011_WLEN_8,
+ .def_parity = UART_PL011_PARITY_DISABLED,
+ .def_stopbit = UART_PL011_STOPBIT_1};
+static struct uart_pl011_dev_data_t UART0_PL011_DEV_DATA = {
+ .state = UART_PL011_UNINITIALIZED,
+ .uart_clk = 0,
+ .baudrate = 0};
+struct uart_pl011_dev_t UART0_PL011_DEV = {&(UART0_PL011_DEV_CFG),
+ &(UART0_PL011_DEV_DATA)};
+#endif
+
+#ifdef MHU1_SE_TO_HOST
+struct mhu_v2_x_dev_t MHU1_SE_TO_HOST_DEV = {(DIPHDA_SEH_1_SENDER_BASE),
+ (MHU_V2_X_SENDER_FRAME)};
+#endif
+
+#ifdef MHU1_HOST_TO_SE
+struct mhu_v2_x_dev_t MHU1_HOST_TO_SE_DEV = {(DIPHDA_HSE_1_RECEIVER_BASE),
+ (MHU_V2_X_RECEIVER_FRAME)};
+#endif
+
+/* QSPI driver structures */
+#if (defined(SPI_N25Q256A_S) && defined(AXI_QSPI_S))
+static const struct axi_qspi_dev_cfg_t AXI_QSPI_DEV_CFG_S = {
+ .base = DIPHDA_AXI_QSPI_CTRL_REG_BASE,
+ .scc_base = DIPHDA_HOST_FPGA_SCC_REGISTERS
+};
+struct axi_qspi_dev_t AXI_QSPI_DEV_S = {
+ .cfg = &AXI_QSPI_DEV_CFG_S,
+ .is_initialized = false
+};
+#endif
+
+/* ======= External peripheral configuration structure definitions ======= */
+
+#if (defined(SPI_N25Q256A_S) && defined(AXI_QSPI_S))
+struct spi_n25q256a_dev_t SPI_N25Q256A_DEV = {
+ .controller = &AXI_QSPI_DEV_S,
+ .total_sector_cnt = 0,
+ .page_size = 0,
+ .sector_size = 0,
+ .program_unit = 0,
+ .is_initialized = false
+};
+#endif
diff --git a/platform/ext/target/arm/diphda/Device/Source/gcc/diphda_bl1.ld b/platform/ext/target/arm/diphda/Device/Source/gcc/diphda_bl1.ld
new file mode 100644
index 0000000..4354088
--- /dev/null
+++ b/platform/ext/target/arm/diphda/Device/Source/gcc/diphda_bl1.ld
@@ -0,0 +1,191 @@
+;/*
+; * Copyright (c) 2009-2021, Arm Limited. All rights reserved.
+; *
+; * Licensed under the Apache License, Version 2.0 (the "License");
+; * you may not use this file except in compliance with the License.
+; * You may obtain a copy of the License at
+; *
+; * http://www.apache.org/licenses/LICENSE-2.0
+; *
+; * Unless required by applicable law or agreed to in writing, software
+; * distributed under the License is distributed on an "AS IS" BASIS,
+; * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+; * See the License for the specific language governing permissions and
+; * limitations under the License.
+; *
+; *
+; * This file is derivative of CMSIS V5.00 gcc_arm.ld
+; */
+
+/* Linker script to configure memory regions. */
+/* This file will be run trough the pre-processor. */
+
+#include "region_defs.h"
+
+MEMORY
+{
+ FLASH (rx) : ORIGIN = BL1_CODE_START, LENGTH = BL1_CODE_SIZE
+ RAM (rwx) : ORIGIN = BL1_DATA_START, LENGTH = BL1_DATA_SIZE
+}
+
+__heap_size__ = BL1_HEAP_SIZE;
+__msp_stack_size__ = BL1_MSP_STACK_SIZE;
+
+/* Library configurations */
+GROUP(libgcc.a libc.a libm.a libnosys.a)
+
+ENTRY(Reset_Handler)
+
+SECTIONS
+{
+ .text :
+ {
+ KEEP(*(.vectors))
+ __Vectors_End = .;
+ __Vectors_Size = __Vectors_End - __Vectors;
+ __end__ = .;
+
+ *(.text*)
+
+ KEEP(*(.init))
+ KEEP(*(.fini))
+
+
+ /* .ctors */
+ *crtbegin.o(.ctors)
+ *crtbegin?.o(.ctors)
+ *(EXCLUDE_FILE(*crtend?.o *crtend.o) .ctors)
+ *(SORT(.ctors.*))
+ *(.ctors)
+
+ /* .dtors */
+ *crtbegin.o(.dtors)
+ *crtbegin?.o(.dtors)
+ *(EXCLUDE_FILE(*crtend?.o *crtend.o) .dtors)
+ *(SORT(.dtors.*))
+ *(.dtors)
+
+ *(.rodata*)
+
+ KEEP(*(.eh_frame*))
+ } > FLASH
+
+ .ARM.extab :
+ {
+ *(.ARM.extab* .gnu.linkonce.armextab.*)
+ } > FLASH
+
+ __exidx_start = .;
+ .ARM.exidx :
+ {
+ *(.ARM.exidx* .gnu.linkonce.armexidx.*)
+ } > FLASH
+ __exidx_end = .;
+
+ /* To copy multiple ROM to RAM sections,
+ * define etext2/data2_start/data2_end and
+ * define __STARTUP_COPY_MULTIPLE in startup_corstone700_bl2.S */
+ .copy.table :
+ {
+ . = ALIGN(4);
+ __copy_table_start__ = .;
+ LONG (__etext)
+ LONG (__data_start__)
+ LONG (__data_end__ - __data_start__)
+ LONG (DEFINED(__etext2) ? __etext2 : 0)
+ LONG (DEFINED(__data2_start__) ? __data2_start__ : 0)
+ LONG (DEFINED(__data2_start__) ? __data2_end__ - __data2_start__ : 0)
+ __copy_table_end__ = .;
+ } > FLASH
+
+ /* To clear multiple BSS sections,
+ * uncomment .zero.table section and,
+ * define __STARTUP_CLEAR_BSS_MULTIPLE in startup_cmsdk_musca_bl2.S */
+ .zero.table :
+ {
+ . = ALIGN(4);
+ __zero_table_start__ = .;
+ LONG (__bss_start__)
+ LONG (__bss_end__ - __bss_start__)
+ LONG (DEFINED(__bss2_start__) ? __bss2_start__ : 0)
+ LONG (DEFINED(__bss2_start__) ? __bss2_end__ - __bss2_start__ : 0)
+ __zero_table_end__ = .;
+ } > FLASH
+
+ __etext = .;
+
+ .tfm_bl2_shared_data : ALIGN(32)
+ {
+ . += BOOT_TFM_SHARED_DATA_SIZE;
+ } > RAM
+ Image$$SHARED_DATA$$RW$$Base = ADDR(.tfm_bl2_shared_data);
+ Image$$SHARED_DATA$$RW$$Limit = ADDR(.tfm_bl2_shared_data) + SIZEOF(.tfm_bl2_shared_data);
+
+ .data : AT (__etext)
+ {
+ __data_start__ = .;
+ *(vtable)
+ *(.data*)
+
+ . = ALIGN(4);
+ /* preinit data */
+ PROVIDE_HIDDEN (__preinit_array_start = .);
+ KEEP(*(.preinit_array))
+ PROVIDE_HIDDEN (__preinit_array_end = .);
+
+ . = ALIGN(4);
+ /* init data */
+ PROVIDE_HIDDEN (__init_array_start = .);
+ KEEP(*(SORT(.init_array.*)))
+ KEEP(*(.init_array))
+ PROVIDE_HIDDEN (__init_array_end = .);
+
+
+ . = ALIGN(4);
+ /* finit data */
+ PROVIDE_HIDDEN (__fini_array_start = .);
+ KEEP(*(SORT(.fini_array.*)))
+ KEEP(*(.fini_array))
+ PROVIDE_HIDDEN (__fini_array_end = .);
+
+ KEEP(*(.jcr*))
+ . = ALIGN(4);
+ /* All data end */
+ __data_end__ = .;
+
+ } > RAM
+ Image$$ER_DATA$$Base = ADDR(.data);
+
+ .bss :
+ {
+ . = ALIGN(4);
+ __bss_start__ = .;
+ *(.bss*)
+ *(COMMON)
+ . = ALIGN(4);
+ __bss_end__ = .;
+ } > RAM
+
+ bss_size = __bss_end__ - __bss_start__;
+
+ .msp_stack (NOLOAD) : ALIGN(32)
+ {
+ . += __msp_stack_size__;
+ } > RAM
+ Image$$ARM_LIB_STACK$$ZI$$Base = ADDR(.msp_stack);
+ Image$$ARM_LIB_STACK$$ZI$$Limit = ADDR(.msp_stack) + SIZEOF(.msp_stack);
+
+ .heap (NOLOAD): ALIGN(8)
+ {
+ . = ALIGN(8);
+ __end__ = .;
+ PROVIDE(end = .);
+ __HeapBase = .;
+ . += __heap_size__;
+ __HeapLimit = .;
+ __heap_limit = .; /* Add for _sbrk */
+ } > RAM
+ Image$$ARM_LIB_HEAP$$ZI$$Limit = ADDR(.heap) + SIZEOF(.heap);
+
+ PROVIDE(__stack = Image$$ARM_LIB_STACK$$ZI$$Limit);
+}
diff --git a/platform/ext/target/arm/diphda/Device/Source/gcc/diphda_bl2.ld b/platform/ext/target/arm/diphda/Device/Source/gcc/diphda_bl2.ld
new file mode 100644
index 0000000..b29408f
--- /dev/null
+++ b/platform/ext/target/arm/diphda/Device/Source/gcc/diphda_bl2.ld
@@ -0,0 +1,191 @@
+;/*
+; * Copyright (c) 2009-2021, Arm Limited. All rights reserved.
+; *
+; * Licensed under the Apache License, Version 2.0 (the "License");
+; * you may not use this file except in compliance with the License.
+; * You may obtain a copy of the License at
+; *
+; * http://www.apache.org/licenses/LICENSE-2.0
+; *
+; * Unless required by applicable law or agreed to in writing, software
+; * distributed under the License is distributed on an "AS IS" BASIS,
+; * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+; * See the License for the specific language governing permissions and
+; * limitations under the License.
+; *
+; *
+; * This file is derivative of CMSIS V5.00 gcc_arm.ld
+; */
+
+/* Linker script to configure memory regions. */
+/* This file will be run trough the pre-processor. */
+
+#include "region_defs.h"
+
+MEMORY
+{
+ FLASH (rx) : ORIGIN = BL2_CODE_START, LENGTH = BL2_CODE_SIZE
+ RAM (rwx) : ORIGIN = BL2_DATA_START, LENGTH = BL2_DATA_SIZE
+}
+
+__heap_size__ = BL2_HEAP_SIZE;
+__msp_stack_size__ = BL2_MSP_STACK_SIZE;
+
+/* Library configurations */
+GROUP(libgcc.a libc.a libm.a libnosys.a)
+
+ENTRY(Reset_Handler)
+
+SECTIONS
+{
+ .text :
+ {
+ KEEP(*(.vectors))
+ __Vectors_End = .;
+ __Vectors_Size = __Vectors_End - __Vectors;
+ __end__ = .;
+
+ *(.text*)
+
+ KEEP(*(.init))
+ KEEP(*(.fini))
+
+
+ /* .ctors */
+ *crtbegin.o(.ctors)
+ *crtbegin?.o(.ctors)
+ *(EXCLUDE_FILE(*crtend?.o *crtend.o) .ctors)
+ *(SORT(.ctors.*))
+ *(.ctors)
+
+ /* .dtors */
+ *crtbegin.o(.dtors)
+ *crtbegin?.o(.dtors)
+ *(EXCLUDE_FILE(*crtend?.o *crtend.o) .dtors)
+ *(SORT(.dtors.*))
+ *(.dtors)
+
+ *(.rodata*)
+
+ KEEP(*(.eh_frame*))
+ } > FLASH
+
+ .ARM.extab :
+ {
+ *(.ARM.extab* .gnu.linkonce.armextab.*)
+ } > FLASH
+
+ __exidx_start = .;
+ .ARM.exidx :
+ {
+ *(.ARM.exidx* .gnu.linkonce.armexidx.*)
+ } > FLASH
+ __exidx_end = .;
+
+ /* To copy multiple ROM to RAM sections,
+ * define etext2/data2_start/data2_end and
+ * define __STARTUP_COPY_MULTIPLE in startup_corstone700_bl2.S */
+ .copy.table :
+ {
+ . = ALIGN(4);
+ __copy_table_start__ = .;
+ LONG (__etext)
+ LONG (__data_start__)
+ LONG (__data_end__ - __data_start__)
+ LONG (DEFINED(__etext2) ? __etext2 : 0)
+ LONG (DEFINED(__data2_start__) ? __data2_start__ : 0)
+ LONG (DEFINED(__data2_start__) ? __data2_end__ - __data2_start__ : 0)
+ __copy_table_end__ = .;
+ } > FLASH
+
+ /* To clear multiple BSS sections,
+ * uncomment .zero.table section and,
+ * define __STARTUP_CLEAR_BSS_MULTIPLE in startup_cmsdk_musca_bl2.S */
+ .zero.table :
+ {
+ . = ALIGN(4);
+ __zero_table_start__ = .;
+ LONG (__bss_start__)
+ LONG (__bss_end__ - __bss_start__)
+ LONG (DEFINED(__bss2_start__) ? __bss2_start__ : 0)
+ LONG (DEFINED(__bss2_start__) ? __bss2_end__ - __bss2_start__ : 0)
+ __zero_table_end__ = .;
+ } > FLASH
+
+ __etext = .;
+
+ .tfm_bl2_shared_data : ALIGN(32)
+ {
+ . += BOOT_TFM_SHARED_DATA_SIZE;
+ } > RAM
+ Image$$SHARED_DATA$$RW$$Base = ADDR(.tfm_bl2_shared_data);
+ Image$$SHARED_DATA$$RW$$Limit = ADDR(.tfm_bl2_shared_data) + SIZEOF(.tfm_bl2_shared_data);
+
+ .data : AT (__etext)
+ {
+ __data_start__ = .;
+ *(vtable)
+ *(.data*)
+
+ . = ALIGN(4);
+ /* preinit data */
+ PROVIDE_HIDDEN (__preinit_array_start = .);
+ KEEP(*(.preinit_array))
+ PROVIDE_HIDDEN (__preinit_array_end = .);
+
+ . = ALIGN(4);
+ /* init data */
+ PROVIDE_HIDDEN (__init_array_start = .);
+ KEEP(*(SORT(.init_array.*)))
+ KEEP(*(.init_array))
+ PROVIDE_HIDDEN (__init_array_end = .);
+
+
+ . = ALIGN(4);
+ /* finit data */
+ PROVIDE_HIDDEN (__fini_array_start = .);
+ KEEP(*(SORT(.fini_array.*)))
+ KEEP(*(.fini_array))
+ PROVIDE_HIDDEN (__fini_array_end = .);
+
+ KEEP(*(.jcr*))
+ . = ALIGN(4);
+ /* All data end */
+ __data_end__ = .;
+
+ } > RAM
+ Image$$ER_DATA$$Base = ADDR(.data);
+
+ .bss :
+ {
+ . = ALIGN(4);
+ __bss_start__ = .;
+ *(.bss*)
+ *(COMMON)
+ . = ALIGN(4);
+ __bss_end__ = .;
+ } > RAM
+
+ bss_size = __bss_end__ - __bss_start__;
+
+ .msp_stack (NOLOAD) : ALIGN(32)
+ {
+ . += __msp_stack_size__;
+ } > RAM
+ Image$$ARM_LIB_STACK$$ZI$$Base = ADDR(.msp_stack);
+ Image$$ARM_LIB_STACK$$ZI$$Limit = ADDR(.msp_stack) + SIZEOF(.msp_stack);
+
+ .heap (NOLOAD): ALIGN(8)
+ {
+ . = ALIGN(8);
+ __end__ = .;
+ PROVIDE(end = .);
+ __HeapBase = .;
+ . += __heap_size__;
+ __HeapLimit = .;
+ __heap_limit = .; /* Add for _sbrk */
+ } > RAM
+ Image$$ARM_LIB_HEAP$$ZI$$Limit = ADDR(.heap) + SIZEOF(.heap);
+
+ PROVIDE(__stack = Image$$ARM_LIB_STACK$$ZI$$Limit);
+}
diff --git a/platform/ext/target/arm/diphda/Device/Source/gcc/startup_diphda_bl.S b/platform/ext/target/arm/diphda/Device/Source/gcc/startup_diphda_bl.S
new file mode 100644
index 0000000..2be0303
--- /dev/null
+++ b/platform/ext/target/arm/diphda/Device/Source/gcc/startup_diphda_bl.S
@@ -0,0 +1,268 @@
+/*
+ * Copyright (c) 2009-2021 Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "tfm_plat_config.h"
+
+ .syntax unified
+ .arch armv6-m
+
+ .section .vectors
+ .align 2
+ .globl __Vectors
+__Vectors:
+ .long Image$$ARM_LIB_STACK$$ZI$$Limit /* Top of Stack */
+ .long Reset_Handler /* Reset Handler */
+ .long NMI_Handler /* -14 NMI Handler */
+ .long HardFault_Handler /* -13 Hard Fault Handler */
+ .long 0 /* Reserved */
+ .long 0 /* Reserved */
+ .long 0 /* Reserved */
+ .long 0 /* Reserved */
+ .long 0 /* Reserved */
+ .long 0 /* Reserved */
+ .long 0 /* Reserved */
+ .long SVC_Handler /* -5 SVCall Handler */
+ .long 0 /* Reserved */
+ .long 0 /* Reserved */
+ .long PendSV_Handler /* -2 PendSV Handler */
+ .long SysTick_Handler /* -1 SysTick Handler */
+
+ /* SoC Specific Interrupts */
+ .long SE_INTERRUPT_EXPANSION_IRQHandler /* 0: Secure Enclave Interrupt Expansion */
+ .long CRYPTO_ACCELERATOR_0_IRQHandler /* 1: Crypto Accelerator Interrupt 0 */
+ .long CRYPTO_ACCELERATOR_1_IRQHandler /* 2: Crypto Accelerator Interrupt 1 */
+ .long SE_WATCHDOG_TIMER_IRQHandler /* 3: Secure Enclave Watchdog Timer Interrupt */
+ .long 0 /* 4: Reserved */
+ .long TIMER0_IRQHandler /* 5: CMSDK Timer 0 Interrupt */
+ .long TIMER1_IRQHandler /* 6: CMSDK Timer 1 Interrupt */
+ .long HS_FIREWALL_TAMPER_IRQHandler /* 7: Host System Firewall Tamper Interrupt */
+ .long INTERRUPT_ROUTER_TAMPER_IRQHandler /* 8: Interrupt Router Tamper Interrupt */
+ .long SECURE_WATCHDOG_WS1_IRQHandler /* 9: Secure Watchdog WS1 Interrupt */
+ .long SECNENCTOP_PPU_IRQHandler /* 10: SECNENCTOP PPU Interrupt */
+ .long UART_UARTINTR_IRQHandler /* 11: UART UARTINTR Interrupt */
+ .long SE_FIREWALL_INTERRUPT_IRQHandler /* 12: Secure Enclave Firewall Interrupt */
+ .long SE_CTI_TRIGGER_OUT_2_IRQHandler /* 13: Secure Enclave CTI Trigger Out 2 */
+ .long SE_CTI_TRIGGER_OUT_3_IRQHandler /* 14: Secure Enclave CTI Trigger Out 3 */
+ .long 0 /* 15: Reserved */
+ .long 0 /* 16: Reserved */
+ .long 0 /* 17: Reserved */
+ .long 0 /* 18: Reserved */
+ .long 0 /* 19: Reserved */
+ .long 0 /* 20: Reserved */
+ .long SEH0_SENDER_COMBINED_IRQHandler /* 21: SEH0 Sender Combined Interrupt */
+ .long 0 /* 22: Reserved */
+ .long HSE0_RECEIVER_COMBINED_IRQHandler /* 23: HSE0 Receiver Combined Interrupt */
+ .long 0 /* 24: Reserved */
+ .long 0 /* 25: Reserved */
+ .long SEH1_SENDER_COMBINED_IRQHandler /* 26: SEH1 Sender Combined Interrupt */
+ .long 0 /* 27: Reserved */
+ .long HSE1_RECEIVER_COMBINED_IRQHandler /* 28: HSE1 Receiver Combined Interrupt */
+ .long 0 /* 29: Reserved */
+ .long 0 /* 30: Reserved */
+ .long 0 /* 31: Reserved */
+
+ .size __Vectors, . - __Vectors
+
+ .text
+ .thumb
+ .thumb_func
+ .align 2
+ .globl Reset_Handler
+ .type Reset_Handler, %function
+
+Reset_Handler:
+/* Firstly it copies data from read only memory to RAM. There are two schemes
+ * to copy. One can copy more than one sections. Another can only copy
+ * one section. The former scheme needs more instructions and read-only
+ * data to implement than the latter.
+ * Macro __STARTUP_COPY_MULTIPLE is used to choose between two schemes. */
+
+#ifdef __STARTUP_COPY_MULTIPLE
+/* Multiple sections scheme.
+ *
+ * Between symbol address __copy_table_start__ and __copy_table_end__,
+ * there are array of triplets, each of which specify:
+ * offset 0: LMA of start of a section to copy from
+ * offset 4: VMA of start of a section to copy to
+ * offset 8: size of the section to copy. Must be multiply of 4
+ *
+ * All addresses must be aligned to 4 bytes boundary.
+ */
+ ldr r4, =__copy_table_start__
+ ldr r5, =__copy_table_end__
+
+.L_loop0:
+ cmp r4, r5
+ bge .L_loop0_done
+ ldr r1, [r4]
+ ldr r2, [r4, #4]
+ ldr r3, [r4, #8]
+
+.L_loop0_0:
+ subs r3, #4
+ blt .L_loop0_0_done
+ ldr r0, [r1, r3]
+ str r0, [r2, r3]
+ b .L_loop0_0
+
+.L_loop0_0_done:
+ adds r4, #12
+ b .L_loop0
+
+.L_loop0_done:
+#else
+/* Single section scheme.
+ *
+ * The ranges of copy from/to are specified by following symbols
+ * __etext: LMA of start of the section to copy from. Usually end of text
+ * __data_start__: VMA of start of the section to copy to
+ * __data_end__: VMA of end of the section to copy to
+ *
+ * All addresses must be aligned to 4 bytes boundary.
+ */
+ ldr r1, =__etext
+ ldr r2, =__data_start__
+ ldr r3, =__data_end__
+
+ subs r3, r2
+ ble .L_loop1_done
+
+.L_loop1:
+ subs r3, #4
+ ldr r0, [r1,r3]
+ str r0, [r2,r3]
+ bgt .L_loop1
+
+.L_loop1_done:
+#endif /*__STARTUP_COPY_MULTIPLE */
+
+/* This part of work usually is done in C library startup code. Otherwise,
+ * define this macro to enable it in this startup.
+ *
+ * There are two schemes too. One can clear multiple BSS sections. Another
+ * can only clear one section. The former is more size expensive than the
+ * latter.
+ *
+ * Define macro __STARTUP_CLEAR_BSS_MULTIPLE to choose the former.
+ * Otherwise efine macro __STARTUP_CLEAR_BSS to choose the later.
+ */
+#ifdef __STARTUP_CLEAR_BSS_MULTIPLE
+/* Multiple sections scheme.
+ *
+ * Between symbol address __copy_table_start__ and __copy_table_end__,
+ * there are array of tuples specifying:
+ * offset 0: Start of a BSS section
+ * offset 4: Size of this BSS section. Must be multiply of 4
+ */
+ ldr r3, =__zero_table_start__
+ ldr r4, =__zero_table_end__
+
+.L_loop2:
+ cmp r3, r4
+ bge .L_loop2_done
+ ldr r1, [r3]
+ ldr r2, [r3, #4]
+ movs r0, 0
+
+.L_loop2_0:
+ subs r2, #4
+ blt .L_loop2_0_done
+ str r0, [r1, r2]
+ b .L_loop2_0
+.L_loop2_0_done:
+
+ adds r3, #8
+ b .L_loop2
+.L_loop2_done:
+#elif defined (__STARTUP_CLEAR_BSS)
+/* Single BSS section scheme.
+ *
+ * The BSS section is specified by following symbols
+ * __bss_start__: start of the BSS section.
+ * __bss_end__: end of the BSS section.
+ *
+ * Both addresses must be aligned to 4 bytes boundary.
+ */
+ ldr r1, =__bss_start__
+ ldr r2, =__bss_end__
+
+ movs r0, 0
+
+ subs r2, r1
+ ble .L_loop3_done
+
+.L_loop3:
+ subs r2, #4
+ str r0, [r1, r2]
+ bgt .L_loop3
+.L_loop3_done:
+#endif /* __STARTUP_CLEAR_BSS_MULTIPLE || __STARTUP_CLEAR_BSS */
+
+ bl SystemInit
+
+#ifndef __START
+#define __START _start
+#endif
+ bl __START
+
+ .pool
+ .size Reset_Handler, . - Reset_Handler
+
+
+/* Macro to define default exception/interrupt handlers.
+ * Default handler are weak symbols with an endless loop.
+ * They can be overwritten by real handlers.
+ */
+ .macro Set_Default_Handler Handler_Name
+ .weak \Handler_Name
+ .align 1
+ .thumb_func
+ .type \Handler_Name, %function
+\Handler_Name:
+ b .
+ .endm
+
+
+/* Default exception/interrupt handler */
+
+ Set_Default_Handler NMI_Handler
+ Set_Default_Handler HardFault_Handler
+ Set_Default_Handler SVC_Handler
+ Set_Default_Handler PendSV_Handler
+ Set_Default_Handler SysTick_Handler
+
+ Set_Default_Handler SE_INTERRUPT_EXPANSION_IRQHandler
+ Set_Default_Handler CRYPTO_ACCELERATOR_0_IRQHandler
+ Set_Default_Handler CRYPTO_ACCELERATOR_1_IRQHandler
+ Set_Default_Handler SE_WATCHDOG_TIMER_IRQHandler
+ Set_Default_Handler TIMER0_IRQHandler
+ Set_Default_Handler TIMER1_IRQHandler
+ Set_Default_Handler HS_FIREWALL_TAMPER_IRQHandler
+ Set_Default_Handler INTERRUPT_ROUTER_TAMPER_IRQHandler
+ Set_Default_Handler SECURE_WATCHDOG_WS1_IRQHandler
+ Set_Default_Handler SECNENCTOP_PPU_IRQHandler
+ Set_Default_Handler UART_UARTINTR_IRQHandler
+ Set_Default_Handler SE_FIREWALL_INTERRUPT_IRQHandler
+ Set_Default_Handler SE_CTI_TRIGGER_OUT_2_IRQHandler
+ Set_Default_Handler SE_CTI_TRIGGER_OUT_3_IRQHandler
+ Set_Default_Handler SEH0_SENDER_COMBINED_IRQHandler
+ Set_Default_Handler HSE0_RECEIVER_COMBINED_IRQHandler
+ Set_Default_Handler SEH1_SENDER_COMBINED_IRQHandler
+ Set_Default_Handler HSE1_RECEIVER_COMBINED_IRQHandler
+
+ .end
diff --git a/platform/ext/target/arm/diphda/Device/Source/gcc/startup_diphda_s.S b/platform/ext/target/arm/diphda/Device/Source/gcc/startup_diphda_s.S
new file mode 100644
index 0000000..28b0979
--- /dev/null
+++ b/platform/ext/target/arm/diphda/Device/Source/gcc/startup_diphda_s.S
@@ -0,0 +1,275 @@
+/*
+ * Copyright (c) 2009-2021 Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the License); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "tfm_plat_config.h"
+
+ .syntax unified
+ .arch armv6-m
+
+ .section .vectors
+ .align 2
+ .globl __Vectors
+__Vectors:
+ .long Image$$ARM_LIB_STACK_MSP$$ZI$$Limit/* Top of Stack */
+ .long Reset_Handler /* Reset Handler */
+ .long NMI_Handler /* -14 NMI Handler */
+ .long HardFault_Handler /* -13 Hard Fault Handler */
+ .long 0 /* Reserved */
+ .long 0 /* Reserved */
+ .long 0 /* Reserved */
+ .long 0 /* Reserved */
+ .long 0 /* Reserved */
+ .long 0 /* Reserved */
+ .long 0 /* Reserved */
+ .long SVC_Handler /* -5 SVCall Handler */
+ .long 0 /* Reserved */
+ .long 0 /* Reserved */
+ .long PendSV_Handler /* -2 PendSV Handler */
+ .long SysTick_Handler /* -1 SysTick Handler */
+
+ /* SoC Specific Interrupts */
+ .long SE_INTERRUPT_EXPANSION_IRQHandler /* 0: Secure Enclave Interrupt Expansion */
+ .long CRYPTO_ACCELERATOR_0_IRQHandler /* 1: Crypto Accelerator Interrupt 0 */
+ .long CRYPTO_ACCELERATOR_1_IRQHandler /* 2: Crypto Accelerator Interrupt 1 */
+ .long SE_WATCHDOG_TIMER_IRQHandler /* 3: Secure Enclave Watchdog Timer Interrupt */
+ .long 0 /* 4: Reserved */
+ .long TIMER0_IRQHandler /* 5: CMSDK Timer 0 Interrupt */
+ .long TIMER1_IRQHandler /* 6: CMSDK Timer 1 Interrupt */
+ .long HS_FIREWALL_TAMPER_IRQHandler /* 7: Host System Firewall Tamper Interrupt */
+ .long INTERRUPT_ROUTER_TAMPER_IRQHandler /* 8: Interrupt Router Tamper Interrupt */
+ .long SECURE_WATCHDOG_WS1_IRQHandler /* 9: Secure Watchdog WS1 Interrupt */
+ .long SECNENCTOP_PPU_IRQHandler /* 10: SECNENCTOP PPU Interrupt */
+ .long UART_UARTINTR_IRQHandler /* 11: UART UARTINTR Interrupt */
+ .long SE_FIREWALL_INTERRUPT_IRQHandler /* 12: Secure Enclave Firewall Interrupt */
+ .long SE_CTI_TRIGGER_OUT_2_IRQHandler /* 13: Secure Enclave CTI Trigger Out 2 */
+ .long SE_CTI_TRIGGER_OUT_3_IRQHandler /* 14: Secure Enclave CTI Trigger Out 3 */
+ .long 0 /* 15: Reserved */
+ .long 0 /* 16: Reserved */
+ .long 0 /* 17: Reserved */
+ .long 0 /* 18: Reserved */
+ .long 0 /* 19: Reserved */
+ .long 0 /* 20: Reserved */
+ .long SEH0_SENDER_COMBINED_IRQHandler /* 21: SEH0 Sender Combined Interrupt */
+ .long 0 /* 22: Reserved */
+ .long HSE0_RECEIVER_COMBINED_IRQHandler /* 23: HSE0 Receiver Combined Interrupt */
+ .long 0 /* 24: Reserved */
+ .long 0 /* 25: Reserved */
+ .long SEH1_SENDER_COMBINED_IRQHandler /* 26: SEH1 Sender Combined Interrupt */
+ .long 0 /* 27: Reserved */
+ .long HSE1_RECEIVER_COMBINED_IRQHandler /* 28: HSE1 Receiver Combined Interrupt */
+ .long 0 /* 29: Reserved */
+ .long 0 /* 30: Reserved */
+ .long 0 /* 31: Reserved */
+
+ .size __Vectors, . - __Vectors
+
+ .text
+ .thumb
+ .thumb_func
+ .align 2
+ .globl Reset_Handler
+ .type Reset_Handler, %function
+Reset_Handler:
+ cpsid i
+/* Firstly it copies data from read only memory to RAM. There are two schemes
+ * to copy. One can copy more than one sections. Another can only copy
+ * one section. The former scheme needs more instructions and read-only
+ * data to implement than the latter.
+ * Macro __STARTUP_COPY_MULTIPLE is used to choose between two schemes. */
+
+#ifdef __STARTUP_COPY_MULTIPLE
+/* Multiple sections scheme.
+ *
+ * Between symbol address __copy_table_start__ and __copy_table_end__,
+ * there are array of triplets, each of which specify:
+ * offset 0: LMA of start of a section to copy from
+ * offset 4: VMA of start of a section to copy to
+ * offset 8: size of the section to copy. Must be multiply of 4
+ *
+ * All addresses must be aligned to 4 bytes boundary.
+ */
+ ldr r4, =__copy_table_start__
+ ldr r5, =__copy_table_end__
+
+.L_loop0:
+ cmp r4, r5
+ bge .L_loop0_done
+ ldr r1, [r4]
+ ldr r2, [r4, #4]
+ ldr r3, [r4, #8]
+
+.L_loop0_0:
+ subs r3, #4
+ blt .L_loop0_0_done
+ ldr r0, [r1, r3]
+ str r0, [r2, r3]
+ b .L_loop0_0
+
+.L_loop0_0_done:
+ adds r4, #12
+ b .L_loop0
+
+.L_loop0_done:
+#else
+/* Single section scheme.
+ *
+ * The ranges of copy from/to are specified by following symbols
+ * __etext: LMA of start of the section to copy from. Usually end of text
+ * __data_start__: VMA of start of the section to copy to
+ * __data_end__: VMA of end of the section to copy to
+ *
+ * All addresses must be aligned to 4 bytes boundary.
+ */
+ ldr r1, =__etext
+ ldr r2, =__data_start__
+ ldr r3, =__data_end__
+
+ subs r3, r2
+ ble .L_loop1_done
+
+.L_loop1:
+ subs r3, #4
+ ldr r0, [r1,r3]
+ str r0, [r2,r3]
+ bgt .L_loop1
+
+.L_loop1_done:
+#endif /*__STARTUP_COPY_MULTIPLE */
+
+/* This part of work usually is done in C library startup code. Otherwise,
+ * define this macro to enable it in this startup.
+ *
+ * There are two schemes too. One can clear multiple BSS sections. Another
+ * can only clear one section. The former is more size expensive than the
+ * latter.
+ *
+ * Define macro __STARTUP_CLEAR_BSS_MULTIPLE to choose the former.
+ * Otherwise efine macro __STARTUP_CLEAR_BSS to choose the later.
+ */
+#ifdef __STARTUP_CLEAR_BSS_MULTIPLE
+/* Multiple sections scheme.
+ *
+ * Between symbol address __copy_table_start__ and __copy_table_end__,
+ * there are array of tuples specifying:
+ * offset 0: Start of a BSS section
+ * offset 4: Size of this BSS section. Must be multiply of 4
+ */
+ ldr r3, =__zero_table_start__
+ ldr r4, =__zero_table_end__
+
+.L_loop2:
+ cmp r3, r4
+ bge .L_loop2_done
+ ldr r1, [r3]
+ ldr r2, [r3, #4]
+ movs r0, 0
+
+.L_loop2_0:
+ subs r2, #4
+ blt .L_loop2_0_done
+ str r0, [r1, r2]
+ b .L_loop2_0
+.L_loop2_0_done:
+
+ adds r3, #8
+ b .L_loop2
+.L_loop2_done:
+#elif defined (__STARTUP_CLEAR_BSS)
+/* Single BSS section scheme.
+ *
+ * The BSS section is specified by following symbols
+ * __bss_start__: start of the BSS section.
+ * __bss_end__: end of the BSS section.
+ *
+ * Both addresses must be aligned to 4 bytes boundary.
+ */
+ ldr r1, =__bss_start__
+ ldr r2, =__bss_end__
+
+ movs r0, 0
+
+ subs r2, r1
+ ble .L_loop3_done
+
+.L_loop3:
+ subs r2, #4
+ str r0, [r1, r2]
+ bgt .L_loop3
+.L_loop3_done:
+#endif /* __STARTUP_CLEAR_BSS_MULTIPLE || __STARTUP_CLEAR_BSS */
+
+ bl SystemInit
+
+ mrs r0, control /* Get control value */
+ movs r1, #2
+ orrs r0, r0, r1 /* Select switch to PSP */
+ msr control, r0
+ ldr r0, =Image$$ARM_LIB_STACK$$ZI$$Limit
+ msr psp, r0
+
+#ifndef __START
+#define __START _start
+#endif
+ bl __START
+
+ .pool
+ .size Reset_Handler, . - Reset_Handler
+
+
+/* Macro to define default exception/interrupt handlers.
+ * Default handler are weak symbols with an endless loop.
+ * They can be overwritten by real handlers.
+ */
+ .macro Set_Default_Handler Handler_Name
+ .weak \Handler_Name
+ .align 1
+ .thumb_func
+ .type \Handler_Name, %function
+\Handler_Name:
+ b .
+ .endm
+
+
+/* Default exception/interrupt handler */
+
+ Set_Default_Handler NMI_Handler
+ Set_Default_Handler HardFault_Handler
+ Set_Default_Handler SVC_Handler
+ Set_Default_Handler PendSV_Handler
+ Set_Default_Handler SysTick_Handler
+
+ Set_Default_Handler SE_INTERRUPT_EXPANSION_IRQHandler
+ Set_Default_Handler CRYPTO_ACCELERATOR_0_IRQHandler
+ Set_Default_Handler CRYPTO_ACCELERATOR_1_IRQHandler
+ Set_Default_Handler SE_WATCHDOG_TIMER_IRQHandler
+ Set_Default_Handler TIMER0_IRQHandler
+ Set_Default_Handler TIMER1_IRQHandler
+ Set_Default_Handler HS_FIREWALL_TAMPER_IRQHandler
+ Set_Default_Handler INTERRUPT_ROUTER_TAMPER_IRQHandler
+ Set_Default_Handler SECURE_WATCHDOG_WS1_IRQHandler
+ Set_Default_Handler SECNENCTOP_PPU_IRQHandler
+ Set_Default_Handler UART_UARTINTR_IRQHandler
+ Set_Default_Handler SE_FIREWALL_INTERRUPT_IRQHandler
+ Set_Default_Handler SE_CTI_TRIGGER_OUT_2_IRQHandler
+ Set_Default_Handler SE_CTI_TRIGGER_OUT_3_IRQHandler
+ Set_Default_Handler SEH0_SENDER_COMBINED_IRQHandler
+ Set_Default_Handler HSE0_RECEIVER_COMBINED_IRQHandler
+ Set_Default_Handler SEH1_SENDER_COMBINED_IRQHandler
+ Set_Default_Handler HSE1_RECEIVER_COMBINED_IRQHandler
+
+ .end
diff --git a/platform/ext/target/arm/diphda/Device/Source/system_core_init.c b/platform/ext/target/arm/diphda/Device/Source/system_core_init.c
new file mode 100644
index 0000000..8476af4
--- /dev/null
+++ b/platform/ext/target/arm/diphda/Device/Source/system_core_init.c
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 2009-2021 Arm Limited. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * This file is derivative of CMSIS V5.01:
+ * \Device\ARM\ARMCM0plus\Source\system_ARMCM0plus.c
+ */
+
+#include "system_core_init.h"
+#include "cmsis.h"
+
+/*----------------------------------------------------------------------------
+ Define clocks
+ *----------------------------------------------------------------------------*/
+#define SYSTEM_CLOCK (50000000UL)
+#define PERIPHERAL_CLOCK (50000000UL)
+
+/*----------------------------------------------------------------------------
+ Externals
+ *----------------------------------------------------------------------------*/
+
+/*----------------------------------------------------------------------------
+ System Core Clock Variable
+ *----------------------------------------------------------------------------*/
+uint32_t SystemCoreClock = SYSTEM_CLOCK;
+uint32_t PeripheralClock = PERIPHERAL_CLOCK;
+
+/*----------------------------------------------------------------------------
+ System Core Clock update function
+ *----------------------------------------------------------------------------*/
+void SystemCoreClockUpdate (void)
+{
+ SystemCoreClock = SYSTEM_CLOCK;
+ PeripheralClock = PERIPHERAL_CLOCK;
+}
+
+/*----------------------------------------------------------------------------
+ System initialization function
+ *----------------------------------------------------------------------------*/
+void SystemInit (void)
+{
+#if defined (__VTOR_PRESENT) && (__VTOR_PRESENT == 1U)
+ extern uint32_t __Vectors;
+ SCB->VTOR = (uint32_t) &__Vectors;
+#endif
+ SystemCoreClockUpdate();
+}
diff --git a/platform/ext/target/arm/diphda/Native_Driver/firewall.c b/platform/ext/target/arm/diphda/Native_Driver/firewall.c
new file mode 100755
index 0000000..788cc3e
--- /dev/null
+++ b/platform/ext/target/arm/diphda/Native_Driver/firewall.c
@@ -0,0 +1,373 @@
+/*
+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include <stdint.h>
+#include "firewall.h"
+
+#define FIREWALL_COMPONENT_SIZE (0x10000)
+#define FIREWALL_MAX_COMPONENTS (0x20)
+
+#define FIREWALL_COMMON_REG_OFFSET (0xFA0)
+struct _firewall_common_reg_map_t {
+ volatile uint32_t fc_cap0;
+ /*!< Offset: 0xFA0 (R/ ) Firewall Component Capability Register 0 */
+ volatile uint32_t fc_cap1;
+ /*!< Offset: 0xFA4 (R/ ) Firewall Component Capability Register 1 */
+ volatile uint32_t fc_cap2;
+ /*!< Offset: 0xFA8 (R/ ) Firewall Component Capability Register 2 */
+ volatile uint32_t fc_cap3;
+ /*!< Offset: 0xFAC (R/ ) Firewall Component Capability Register 3 */
+ volatile uint32_t fc_cfg0;
+ /*!< Offset: 0xFB0 (R/ ) Firewall Component Configuration Register 0 */
+ volatile uint32_t fc_cfg1;
+ /*!< Offset: 0xFB4 (R/ ) Firewall Component Configuration Register 1 */
+ volatile uint32_t fc_cfg2;
+ /*!< Offset: 0xFB8 (R/ ) Firewall Component Configuration Register 2 */
+ volatile uint32_t fc_cfg3;
+ /*!< Offset: 0xFBC (R/ ) Firewall Component Configuration Register 3 */
+};
+
+#define FIREWALL_PE_CS_REG_OFFSET (0x100)
+ /*!< Protection Control and Status register type offset */
+struct _firewall_pe_cs_reg_map_t {
+ volatile uint32_t pe_ctrl;
+ /*!< Offset: 0x100 (R/W) Protection Extenstion Control */
+ volatile uint32_t pe_st;
+ /*!< Offset: 0x104 (R/ ) Protection Extenstion Status */
+ volatile uint32_t pe_bps;
+ /*!< Offset: 0x108 (R/W) Protection Extenstion Bypass */
+};
+#define PE_CTRL_EN_MASK (0x1u << PE_CTRL_EN_OFF)
+#define PE_CTRL_EN_BYPASS_MASK (0x1u << PE_CTRL_EN_BYPASS_OFF)
+#define PE_ST_EN_MASK (0x1u << PE_ST_EN_OFF)
+#define PE_BPS_BYPASS_ST_MASK (0x1u << PE_BPS_BYPASS_ST_OFF)
+
+#define FIREWALL_PE_RWE_REG_OFFSET (0x10C)
+ /*!< Region Window Entry (RWE) register type offset */
+struct _firewall_pe_rwe_reg_map_t {
+ volatile uint32_t rwe_ctrl;
+ /*!< Offset: 0x10C (R/W) Region Window Entry Control */
+ volatile uint32_t rgn_ctrl0;
+ /*!< Offset: 0x110 (R/W) Region Control 0 */
+ volatile uint32_t rgn_ctrl1;
+ /*!< Offset: 0x114 (R/W) Region Control 1 */
+ volatile uint32_t rgn_lctrl;
+ /*!< Offset: 0x118 (R/W) Region Lock Control */
+ volatile uint32_t rgn_st;
+ /*!< Offset: 0x11C (R/ ) Region Status */
+ volatile uint32_t rgn_cfg0;
+ /*!< Offset: 0x120 (R/W) Region Config 0 */
+ volatile uint32_t rgn_cfg1;
+ /*!< Offset: 0x124 (R/W) Region Config 1 */
+ volatile uint32_t rgn_size;
+ /*!< Offset: 0x128 (R/W) Region Size */
+ volatile uint32_t reserved_0;
+ /*!< Offset: 0x12C Reserved */
+ volatile uint32_t rgn_tcfg0;
+ /*!< Offset: 0x130 (R/W) Region Translation Config 0 */
+ volatile uint32_t rgn_tcfg1;
+ /*!< Offset: 0x134 (R/W) Region Translation Config 1 */
+ volatile uint32_t rgn_tcfg2;
+ /*!< Offset: 0x138 (R/W) Region Translation Config 2 */
+ volatile uint32_t reserved_1;
+ /*!< Offset: 0x13C Reserved */
+ volatile uint32_t rgn_mid0;
+ /*!< Offset: 0x140 (R/W) Region Master ID 0 */
+ volatile uint32_t rgn_mpl0;
+ /*!< Offset: 0x144 (R/W) Region Master Permission List 0 */
+ volatile uint32_t rgn_mid1;
+ /*!< Offset: 0x148 (R/W) Region Master ID 1 */
+ volatile uint32_t rgn_mpl1;
+ /*!< Offset: 0x14C (R/W) Region Master Permission List 1 */
+ volatile uint32_t rgn_mid2;
+ /*!< Offset: 0x150 (R/W) Region Master ID 2 */
+ volatile uint32_t rgn_mpl2;
+ /*!< Offset: 0x154 (R/W) Region Master Permission List 2 */
+ volatile uint32_t rgn_mid3;
+ /*!< Offset: 0x158 (R/W) Region Master ID 3 */
+ volatile uint32_t rgn_mpl3;
+ /*!< Offset: 0x15C (R/W) Region Master Permission List 3 */
+};
+#define RWE_CTRL_RGN_INDX_MASK (0xFFu << RWE_CTRL_RGN_INDX_OFF)
+#define RGN_CTRL0_EN_MASK (0x1u << RGN_EN_OFF)
+#define RGN_LCTRL_LOCK_MASK (0x1u << RGN_LCTRL_LOCK_OFF)
+#define RGN_CTRL1_MPE_EN_MASK (0xFu << RGN_MPE0_EN_OFF)
+#define RGN_MPL_EN_MASK (0x1FFFu)
+#define RGN_ST_EN_MASK (0x1u << RGN_EN_OFF)
+#define RGN_ST_MPE0_EN_MASK (0x1u << RGN_MPE0_EN_OFF)
+#define RGN_ST_MPE1_EN_MASK (0x1u << RGN_MPE1_EN_OFF)
+#define RGN_ST_MPE2_EN_MASK (0x1u << RGN_MPE2_EN_OFF)
+#define RGN_ST_MPE3_EN_MASK (0x1u << RGN_MPE3_EN_OFF)
+#define RGN_SIZE_SIZE_MASK (0xFFu << RGN_SIZE_SIZE_OFF)
+#define RGN_SIZE_MULnPO2_MASK (0x1u << RGN_SIZE_MULnPO2_OFF)
+#define RGN_TCFG2_ADDR_TRANS_EN_MASK (0x1u << RGN_TCFG2_ADDR_TRANS_EN_OFF)
+#define RGN_TCFG2_MA_TRANS_EN_MASK (0x1u << RGN_TCFG2_MA_TRANS_EN_OFF)
+#define RGN_TCFG2_INST_MASK (0x3u << RGN_TCFG2_INST_OFF)
+#define RGN_TCFG2_PRIV_MASK (0x3u << RGN_TCFG2_PRIV_OFF)
+#define RGN_TCFG2_MA_MASK (0xFFu << RGN_TCFG2_MA_OFF)
+#define RGN_TCFG2_SH_MASK (0x3u << RGN_TCFG2_SH_OFF)
+#define RGN_TCFG2_NS_MASK (0x3u << RGN_TCFG2_NS_OFF)
+
+#define FIREWALL_PE_FWE_REG_OFFSET (0x180)
+ /*!< Fault Window Entry (FWE) register type offset */
+struct _firewall_pe_fwe_reg_map_t {
+ volatile uint32_t fe_tal;
+ /*!< Offset: 0x180 (R/ ) Fault Entry Transaction Address Lower */
+ volatile uint32_t fe_tau;
+ /*!< Offset: 0x184 (R/ ) Fault Entry Transaction Address Upper */
+ volatile uint32_t fe_tp;
+ /*!< Offset: 0x188 (R/ ) Fault Entry Transaction Properties */
+ volatile uint32_t fe_mid;
+ /*!< Offset: 0x18C (R/ ) Fault Entry Master ID */
+ volatile uint32_t fe_ctrl;
+ /*!< Offset: 0x190 (R/W) Fault Entry Control */
+};
+
+#define FIREWALL_LDE_REG_OFFSET (0x10)
+ /*!< Lockdown Extension (LDE) register type offset */
+struct _firewall_lde_reg_map_t {
+ volatile uint32_t ld_ctrl;
+ /*!< Offset: 0x10 (R/W) Lockdown Control */
+};
+#define LD_CTRL_LOCK_MASK (0x3u << LD_CTRL_LOCK_OFF)
+#define LD_CTRL_LDI_ST_MASK (0x1u << LD_CTRL_LDI_ST_OFF)
+
+#define CS_REG_ADDR(x, y)\
+ (x + (y * FIREWALL_COMPONENT_SIZE) + FIREWALL_PE_CS_REG_OFFSET)
+#define RWE_REG_ADDR(x, y)\
+ (x + (y * FIREWALL_COMPONENT_SIZE) + FIREWALL_PE_RWE_REG_OFFSET)
+#define FWE_REG_ADDR(x, y)\
+ (x + (y * FIREWALL_COMPONENT_SIZE) + FIREWALL_PE_FWE_REG_OFFSET)
+#define LDE_REG_ADDR(x) (x + FIREWALL_LDE_REG_OFFSET)
+
+struct fw_dev_data_t fw_data;
+
+void fc_select(void *base_addr, uint32_t comp_id)
+{
+ fw_data.base_addr = base_addr;
+ fw_data.comp_id = comp_id;
+ fw_data.cs_ptr = CS_REG_ADDR(fw_data.base_addr, fw_data.comp_id);
+ fw_data.rwe_ptr = RWE_REG_ADDR(fw_data.base_addr, fw_data.comp_id);
+}
+
+void fc_enable_bypass(void)
+{
+ struct _firewall_pe_cs_reg_map_t *ptr =
+ (struct _firewall_pe_cs_reg_map_t *)fw_data.cs_ptr;
+ ptr->pe_ctrl &= ~PE_CTRL_EN_BYPASS_MASK;
+ while (!(ptr->pe_bps & PE_BPS_BYPASS_ST_MASK))
+ ;
+}
+
+void fc_disable_bypass(void)
+{
+ struct _firewall_pe_cs_reg_map_t *ptr =
+ (struct _firewall_pe_cs_reg_map_t *)fw_data.cs_ptr;
+ ptr->pe_ctrl |= PE_CTRL_EN_BYPASS_MASK;
+ while ((ptr->pe_bps & PE_BPS_BYPASS_ST_MASK))
+ ;
+}
+
+void fc_pe_enable(void)
+{
+ struct _firewall_pe_cs_reg_map_t *ptr =
+ (struct _firewall_pe_cs_reg_map_t *)fw_data.cs_ptr;
+ ptr->pe_ctrl |= PE_CTRL_EN_MASK;
+ while (!(ptr->pe_st & PE_ST_EN_MASK))
+ ;
+}
+
+void fc_pe_disable(void)
+{
+ struct _firewall_pe_cs_reg_map_t *ptr =
+ (struct _firewall_pe_cs_reg_map_t *)fw_data.cs_ptr;
+ ptr->pe_ctrl &= ~PE_CTRL_EN_MASK;
+ while ((ptr->pe_st & PE_ST_EN_MASK))
+ ;
+}
+
+void fc_disable_txn_term_error(void *base_addr)
+{
+ uint32_t *ptr = (uint32_t *)base_addr;
+ /* Write 0 to ERR bit field of FW_CTRL register */
+ *ptr = 0;
+}
+
+void fc_select_region(uint32_t region_id)
+{
+ struct _firewall_pe_rwe_reg_map_t *ptr =
+ (struct _firewall_pe_rwe_reg_map_t *)fw_data.rwe_ptr;
+ ptr->rwe_ctrl = (ptr->rwe_ctrl & ~RWE_CTRL_RGN_INDX_MASK) |
+ (region_id & RWE_CTRL_RGN_INDX_MASK);
+}
+
+void fc_enable_regions(void)
+{
+ struct _firewall_pe_rwe_reg_map_t *ptr =
+ (struct _firewall_pe_rwe_reg_map_t *)fw_data.rwe_ptr;
+ ptr->rgn_ctrl0 |= RGN_CTRL0_EN_MASK;
+}
+
+void fc_disable_regions(void)
+{
+ struct _firewall_pe_rwe_reg_map_t *ptr =
+ (struct _firewall_pe_rwe_reg_map_t *)fw_data.rwe_ptr;
+ ptr->rgn_ctrl0 &= ~RGN_CTRL0_EN_MASK;
+}
+
+void fc_prog_rgn(enum rgn_size_t size, uint32_t base_addr)
+{
+ struct _firewall_pe_rwe_reg_map_t *ptr =
+ (struct _firewall_pe_rwe_reg_map_t *)fw_data.rwe_ptr;
+ /*
+ * As the reset value is rgn_size register is UNKNOWN, Arm recommends to set
+ * register to a known value before performing read-modify-write operations
+ */
+ ptr->rgn_size = 0;
+ ptr->rgn_size = (ptr->rgn_size & ~RGN_SIZE_SIZE_MASK) |
+ (size & RGN_SIZE_SIZE_MASK);
+ ptr->rgn_cfg0 = base_addr;
+}
+
+void fc_prog_rgn_upper_addr(uint32_t upper_addr)
+{
+ struct _firewall_pe_rwe_reg_map_t *ptr =
+ (struct _firewall_pe_rwe_reg_map_t *)fw_data.rwe_ptr;
+ ptr->rgn_tcfg0 = upper_addr;
+}
+
+void fc_enable_addr_trans(void)
+{
+ struct _firewall_pe_rwe_reg_map_t *ptr =
+ (struct _firewall_pe_rwe_reg_map_t *)fw_data.rwe_ptr;
+ ptr->rgn_tcfg2 |= RGN_TCFG2_ADDR_TRANS_EN_MASK;
+}
+
+void fc_disable_addr_trans(void)
+{
+ struct _firewall_pe_rwe_reg_map_t *ptr =
+ (struct _firewall_pe_rwe_reg_map_t *)fw_data.rwe_ptr;
+ ptr->rgn_tcfg2 &= ~RGN_TCFG2_ADDR_TRANS_EN_MASK;
+}
+
+void fc_init_mpl(enum rgn_mpe_t mpe)
+{
+ struct _firewall_pe_rwe_reg_map_t *ptr =
+ (struct _firewall_pe_rwe_reg_map_t *)fw_data.rwe_ptr;
+ /* Before enabling an MPE, it must:
+ * 1) Set the RGN_MPL fields with an UNKNOWN reset value to a known value.
+ * 2) Set either:
+ * RGN_MID{0-3} to a known value.
+ * RGN_MPL.ANY_MST to 0b1.
+ */
+ if (mpe == RGN_MPE0) {
+ ptr->rgn_mpl0 = 0x1000;
+ ptr->rgn_mpl0 = 0x0;
+ } else if (mpe == RGN_MPE1) {
+ ptr->rgn_mpl1 = 0x1000;
+ ptr->rgn_mpl1 = 0x0;
+ } else if (mpe == RGN_MPE2) {
+ ptr->rgn_mpl2 = 0x1000;
+ ptr->rgn_mpl2 = 0x0;
+ } else if (mpe == RGN_MPE3) {
+ ptr->rgn_mpl3 = 0x1000;
+ ptr->rgn_mpl3 = 0x0;
+ }
+}
+
+void fc_enable_mpl(enum rgn_mpe_t mpe, enum rgn_mpl_t mpl)
+{
+ struct _firewall_pe_rwe_reg_map_t *ptr =
+ (struct _firewall_pe_rwe_reg_map_t *)fw_data.rwe_ptr;
+ if (mpe == RGN_MPE0)
+ ptr->rgn_mpl0 |= (mpl & RGN_MPL_EN_MASK);
+ else if (mpe == RGN_MPE1)
+ ptr->rgn_mpl1 |= (mpl & RGN_MPL_EN_MASK);
+ else if (mpe == RGN_MPE2)
+ ptr->rgn_mpl2 |= (mpl & RGN_MPL_EN_MASK);
+ else if (mpe == RGN_MPE3)
+ ptr->rgn_mpl3 |= (mpl & RGN_MPL_EN_MASK);
+}
+
+void fc_disable_mpl(enum rgn_mpe_t mpe, enum rgn_mpl_t mpl)
+{
+ struct _firewall_pe_rwe_reg_map_t *ptr =
+ (struct _firewall_pe_rwe_reg_map_t *)fw_data.rwe_ptr;
+ mpl &= RGN_MPL_EN_MASK;
+ if (mpe == RGN_MPE0)
+ ptr->rgn_mpl0 &= ~mpl;
+ else if (mpe == RGN_MPE1)
+ ptr->rgn_mpl1 &= ~mpl;
+ else if (mpe == RGN_MPE2)
+ ptr->rgn_mpl2 &= ~mpl;
+ else if (mpe == RGN_MPE3)
+ ptr->rgn_mpl3 &= ~mpl;
+}
+
+void fc_prog_mid(enum rgn_mpe_t mpe, uint32_t mid)
+{
+ struct _firewall_pe_rwe_reg_map_t *ptr =
+ (struct _firewall_pe_rwe_reg_map_t *)fw_data.rwe_ptr;
+ if (mpe == RGN_MPE0)
+ ptr->rgn_mid0 = mid;
+ else if (mpe == RGN_MPE1)
+ ptr->rgn_mid1 = mid;
+ else if (mpe == RGN_MPE2)
+ ptr->rgn_mid2 = mid;
+ else if (mpe == RGN_MPE3)
+ ptr->rgn_mid3 = mid;
+}
+
+void fc_enable_mpe(enum rgn_mpe_t mpe)
+{
+ struct _firewall_pe_rwe_reg_map_t *ptr =
+ (struct _firewall_pe_rwe_reg_map_t *)fw_data.rwe_ptr;
+ ptr->rgn_ctrl1 |= (mpe & RGN_CTRL1_MPE_EN_MASK);
+ while (!(ptr->rgn_st & mpe))
+ ;
+}
+
+void fc_disable_mpe(enum rgn_mpe_t mpe)
+{
+ struct _firewall_pe_rwe_reg_map_t *ptr =
+ (struct _firewall_pe_rwe_reg_map_t *)fw_data.rwe_ptr;
+ mpe &= RGN_CTRL1_MPE_EN_MASK;
+ ptr->rgn_ctrl1 &= ~mpe;
+ while ((ptr->rgn_st & mpe))
+ ;
+}
+
+void fc_rgn_lock(void)
+{
+ struct _firewall_pe_rwe_reg_map_t *ptr =
+ (struct _firewall_pe_rwe_reg_map_t *)fw_data.rwe_ptr;
+ ptr->rgn_lctrl |= RGN_LCTRL_LOCK_MASK;
+}
+
+void fc_rgn_unlock(void)
+{
+ struct _firewall_pe_rwe_reg_map_t *ptr =
+ (struct _firewall_pe_rwe_reg_map_t *)fw_data.rwe_ptr;
+ ptr->rgn_lctrl &= ~RGN_LCTRL_LOCK_MASK;
+}
+
+enum fw_lockdown_status_t fw_get_lockdown_status(void)
+{
+ struct _firewall_lde_reg_map_t *ptr = (struct _firewall_lde_reg_map_t *)
+ LDE_REG_ADDR(fw_data.base_addr);
+ if (ptr->ld_ctrl & LD_CTRL_LDI_ST_MASK)
+ return FW_LOCKED;
+ else
+ return FW_UNLOCKED;
+}
+
+void fw_lockdown(enum fw_lockdown_state_t lockdown_state)
+{
+ struct _firewall_lde_reg_map_t *ptr = (struct _firewall_lde_reg_map_t *)
+ LDE_REG_ADDR(fw_data.base_addr);
+ ptr->ld_ctrl |= lockdown_state;
+}
diff --git a/platform/ext/target/arm/diphda/Native_Driver/firewall.h b/platform/ext/target/arm/diphda/Native_Driver/firewall.h
new file mode 100755
index 0000000..48c8672
--- /dev/null
+++ b/platform/ext/target/arm/diphda/Native_Driver/firewall.h
@@ -0,0 +1,290 @@
+/*
+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef FIREWALL_H
+#define FIREWALL_H
+
+#include <stdint.h>
+
+#define PE_CTRL_EN_OFF 0x1Fu
+ /*!< Protection Extenstion Control enable bit field offset */
+#define PE_CTRL_EN_BYPASS_OFF 0x5u
+ /*!< Protection Extenstion Control bypass enable bit field offset */
+#define PE_ST_EN_OFF 0x1Fu
+ /*!< Protection Extenstion Status enable bit field offset */
+#define PE_BPS_BYPASS_ST_OFF 0x1u
+ /*!< Protection Extenstion Bypass status field offset */
+
+#define RWE_CTRL_RGN_INDX_OFF 0x0u
+ /*!< RWE Control Region Index offset */
+#define RGN_EN_OFF 0x0u
+ /*!< Region enable offset */
+#define RGN_LCTRL_LOCK_OFF 0x0u
+ /*!< Region Lock Control lock offset */
+#define RGN_MPE0_EN_OFF 0x1u
+ /*!< Region MPE0 enable offset */
+#define RGN_MPE1_EN_OFF 0x2u
+ /*!< Region MPE1 enable offset */
+#define RGN_MPE2_EN_OFF 0x3u
+ /*!< Region MPE2 enable offset */
+#define RGN_MPE3_EN_OFF 0x4u
+ /*!< Region MPE3 enable offset */
+#define RGN_SIZE_SIZE_OFF 0x0u
+ /*!< Region Size Size offset */
+#define RGN_SIZE_MULnPO2_OFF 0x8u
+ /*!< Region Size MULnPO2 offset */
+#define RGN_TCFG2_ADDR_TRANS_EN_OFF 0x11u
+ /*!< Region Translation Config 2 Address Translation enable offset */
+#define RGN_TCFG2_MA_TRANS_EN_OFF 0x10u
+ /*!< Region Translation Config 2 Memory Attribute Translation enable offset */
+#define RGN_TCFG2_INST_OFF 0xEu
+ /*!< Region Translation Config 2 Output txn instruction or data offset */
+#define RGN_TCFG2_PRIV_OFF 0xCu
+ /*!< Region Translation Config 2 Output txn privileged level offset */
+#define RGN_TCFG2_MA_OFF 0x4u
+ /*!< Region Translation Config 2 Output txn memory attribute offset */
+#define RGN_TCFG2_SH_OFF 0x2u
+ /*!< Region Translation Config 2 Output txn shareability offset */
+#define RGN_TCFG2_NS_OFF 0x0u
+ /*!< Region Translation Config 2 Output txn security offset */
+#define RGN_MPL_ANY_MST_OFF 0xCu
+ /*!< Region Master Permission List Any Master ID offset */
+#define RGN_MPL_SPX_OFF 0xBu
+ /*!< Region Master Permission List S privilege execute enable offset */
+#define RGN_MPL_SPW_OFF 0xAu
+ /*!< Region Master Permission List S privilege write enable offset */
+#define RGN_MPL_SPR_OFF 0x9u
+ /*!< Region Master Permission List S privilege read enable offset */
+#define RGN_MPL_SUX_OFF 0x8u
+ /*!< Region Master Permission List S unprivileged execute enable offset */
+#define RGN_MPL_SUW_OFF 0x7u
+ /*!< Region Master Permission List S unprivileged write enable offset */
+#define RGN_MPL_SUR_OFF 0x6u
+ /*!< Region Master Permission List S unprivileged read enable offset */
+#define RGN_MPL_NSPX_OFF 0x5u
+ /*!< Region Master Permission List NS privilege execute enable offset */
+#define RGN_MPL_NSPW_OFF 0x4u
+ /*!< Region Master Permission List NS privilege write enable offset */
+#define RGN_MPL_NSPR_OFF 0x3u
+ /*!< Region Master Permission List NS privilege read enable offset */
+#define RGN_MPL_NSUX_OFF 0x2u
+ /*!< Region Master Permission List NS unprivileged execute enable offset */
+#define RGN_MPL_NSUW_OFF 0x1u
+ /*!< Region Master Permission List NS unprivileged write enable offset */
+#define RGN_MPL_NSUR_OFF 0x0u
+ /*!< Region Master Permission List NS unprivileged read enable offset */
+
+#define LD_CTRL_LOCK_OFF 0x0u
+#define LD_CTRL_LDI_ST_OFF 0x2u
+
+/**
+ * \brief Firewall region size values
+ */
+enum rgn_size_t {
+ RGN_SIZE_0B = (0x00u),
+ RGN_SIZE_32B = (0x05u),
+ RGN_SIZE_64B,
+ RGN_SIZE_128B,
+ RGN_SIZE_256B,
+ RGN_SIZE_512B,
+ RGN_SIZE_1KB,
+ RGN_SIZE_2KB,
+ RGN_SIZE_4KB,
+ RGN_SIZE_8KB,
+ RGN_SIZE_16KB,
+ RGN_SIZE_32KB,
+ RGN_SIZE_64KB,
+ RGN_SIZE_128KB,
+ RGN_SIZE_256KB,
+ RGN_SIZE_512KB,
+ RGN_SIZE_1MB,
+ RGN_SIZE_2MB,
+ RGN_SIZE_4MB,
+ RGN_SIZE_8MB,
+ RGN_SIZE_16MB,
+ RGN_SIZE_32MB,
+ RGN_SIZE_64MB,
+ RGN_SIZE_128MB,
+ RGN_SIZE_256MB,
+ RGN_SIZE_512MB,
+ RGN_SIZE_1GB,
+ RGN_SIZE_2GB,
+ RGN_SIZE_16EB = (0x40u),
+};
+
+enum rgn_mpe_t {
+ RGN_MPE0 = (0x1u << RGN_MPE0_EN_OFF),
+ RGN_MPE1 = (0x1u << RGN_MPE1_EN_OFF),
+ RGN_MPE2 = (0x1u << RGN_MPE2_EN_OFF),
+ RGN_MPE3 = (0x1u << RGN_MPE3_EN_OFF),
+};
+
+enum rgn_mpl_t {
+ RGN_MPL_ANY_MST_MASK = (0x1u << RGN_MPL_ANY_MST_OFF),
+ RGN_MPL_SPX_MASK = (0x1u << RGN_MPL_SPX_OFF),
+ RGN_MPL_SPW_MASK = (0x1u << RGN_MPL_SPW_OFF),
+ RGN_MPL_SPR_MASK = (0x1u << RGN_MPL_SPR_OFF),
+ RGN_MPL_SUX_MASK = (0x1u << RGN_MPL_SUX_OFF),
+ RGN_MPL_SUW_MASK = (0x1u << RGN_MPL_SUW_OFF),
+ RGN_MPL_SUR_MASK = (0x1u << RGN_MPL_SUR_OFF),
+ RGN_MPL_NSPX_MASK = (0x1u << RGN_MPL_NSPX_OFF),
+ RGN_MPL_NSPW_MASK = (0x1u << RGN_MPL_NSPW_OFF),
+ RGN_MPL_NSPR_MASK = (0x1u << RGN_MPL_NSPR_OFF),
+ RGN_MPL_NSUX_MASK = (0x1u << RGN_MPL_NSUX_OFF),
+ RGN_MPL_NSUW_MASK = (0x1u << RGN_MPL_NSUW_OFF),
+ RGN_MPL_NSUR_MASK = (0x1u << RGN_MPL_NSUR_OFF),
+};
+
+
+#define RGN_MPL_SECURE_READ_MASK (RGN_MPL_SUR_MASK | RGN_MPL_SPR_MASK)
+#define RGN_MPL_SECURE_WRITE_MASK (RGN_MPL_SUW_MASK | RGN_MPL_SPW_MASK)
+#define RGN_MPL_SECURE_EXECUTE_MASK (RGN_MPL_SUX_MASK | RGN_MPL_SPX_MASK)
+
+#define RGN_MPL_NONSECURE_READ_MASK (RGN_MPL_NSUR_MASK | RGN_MPL_NSPR_MASK)
+#define RGN_MPL_NONSECURE_WRITE_MASK (RGN_MPL_NSUW_MASK | RGN_MPL_NSPW_MASK)
+#define RGN_MPL_NONSECURE_EXECUTE_MASK (RGN_MPL_NSUX_MASK | RGN_MPL_NSPX_MASK)
+
+enum fw_lockdown_status_t {
+ FW_UNLOCKED = 0x0u,
+ FW_LOCKED = 0x1u,
+};
+
+enum fw_lockdown_state_t {
+ FW_OPEN_LOCKDOWN = 0x0u,
+ FW_PARTIAL_LOCKDOWN = 0x2u,
+ FW_FULL_LOCKDOWN = 0x3u,
+};
+
+struct fw_dev_data_t {
+ void *base_addr; /*!< Current FW base address */
+ uint32_t comp_id; /*!< Current FC id */
+ void *cs_ptr; /*!< Selected FC Control & Status address */
+ void *rwe_ptr; /*!< Selected FC Region Window Entry address */
+};
+
+/**
+ * \brief Selects a Firewall Component
+ */
+void fc_select(void *base_addr, uint32_t comp_id);
+
+/**
+ * \brief Enables bypass in the selected Firewall Component
+ */
+void fc_enable_bypass(void);
+
+/**
+ * \brief Disables bypass in the selected Firewall Component
+ */
+void fc_disable_bypass(void);
+
+/**
+ * \brief Enables Protection Extenstion in the selected Firewall Component
+ */
+void fc_pe_enable(void);
+
+/**
+ * \brief Disables Protection Extenstion in the selected Firewall Component
+ */
+void fc_pe_disable(void);
+
+/**
+ * \brief Disables the error generation in response for transaction generating
+ * a Configuration Access Error
+ */
+void fc_disable_txn_term_error(void *base_addr);
+
+/**
+ * \brief Selects a region in the selected Firewall Component
+ */
+void fc_select_region(uint32_t region_id);
+
+/**
+ * \brief Enables a region in the selected Firewall Component
+ */
+void fc_enable_regions(void);
+
+/**
+ * \brief Disables a region in the selected Firewall Component
+ */
+void fc_disable_regions(void);
+
+/**
+ * \brief Programs a region in the selected Firewall Component
+ */
+void fc_prog_rgn(enum rgn_size_t size, uint32_t base_addr);
+
+/**
+ * \brief Programs the upper address in the selected Firewall Component
+ */
+void fc_prog_rgn_upper_addr(uint32_t upper_addr);
+
+/**
+ * \brief Enables address translation in the selected Firewall Component
+ */
+void fc_enable_addr_trans(void);
+
+/**
+ * \brief Disables address translation in the selected Firewall Component
+ */
+void fc_disable_addr_trans(void);
+
+/**
+ * \brief Initializes the Master Permission List in selected Firewall Component
+ * \note Before enabling an MPE, it must:
+ * 1) Set the RGN_MPL fields with an UNKNOWN reset value to a known value.
+ * 2) Set either:
+ * RGN_MID{0-3} to a known value.
+ * RGN_MPL.ANY_MST to 0b1.
+ */
+void fc_init_mpl(enum rgn_mpe_t mpe);
+
+/**
+ * \brief Enables Master Permission List in the selected Firewall Component
+ */
+void fc_enable_mpl(enum rgn_mpe_t mpe, enum rgn_mpl_t mpl);
+
+/**
+ * \brief Disables Master Permission List in the selected Firewall Component
+ */
+void fc_disable_mpl(enum rgn_mpe_t mpe, enum rgn_mpl_t mpl);
+
+/**
+ * \brief Programs Master ID in the given Master permission entry
+ */
+void fc_prog_mid(enum rgn_mpe_t mpe, uint32_t mid);
+
+/**
+ * \brief Enables Master permission entry in the selected Firewall Component
+ */
+void fc_enable_mpe(enum rgn_mpe_t mpe);
+
+/**
+ * \brief Disables Master permission entry in the selected Firewall Component
+ */
+void fc_disable_mpe(enum rgn_mpe_t mpe);
+
+/**
+ * \brief Locks the selected region in the selected Firewall Component
+ */
+void fc_rgn_lock(void);
+
+/**
+ * \brief Unlocks the selected region in the selected Firewall Component
+ */
+void fc_rgn_unlock(void);
+
+/**
+ * \brief Returns the lockdown status of the Firewall IP
+ */
+enum fw_lockdown_status_t fw_get_lockdown_status(void);
+
+/**
+ * \brief Locksdown the Firewall IP
+ */
+void fw_lockdown(enum fw_lockdown_state_t lockdown_state);
+
+#endif /* FIREWALL_H */
diff --git a/platform/ext/target/arm/diphda/Native_Driver/mhu_v2_x.c b/platform/ext/target/arm/diphda/Native_Driver/mhu_v2_x.c
new file mode 100644
index 0000000..b228c3f
--- /dev/null
+++ b/platform/ext/target/arm/diphda/Native_Driver/mhu_v2_x.c
@@ -0,0 +1,603 @@
+/*
+ * Copyright (c) 2020 Arm Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <stdint.h>
+#include <stdbool.h>
+#include "mhu_v2_x.h"
+
+#define _MHU_V2_X_MAX_CHANNELS 124
+#define _MHU_V2_1_MAX_CHCOMB_INT 4
+#define ENABLE 0x1
+#define DISABLE 0x0
+#define CLEAR_INTR 0x1
+#define CH_PER_CH_COMB 0x20
+#define SEND_FRAME(p_mhu) ((struct _mhu_v2_x_send_frame_t *)p_mhu)
+#define RECV_FRAME(p_mhu) ((struct _mhu_v2_x_recv_frame_t *)p_mhu)
+
+#define MHU_MAJOR_REV_V2 0x1u
+#define MHU_MINOR_REV_2_0 0x0u
+#define MHU_MINOR_REV_2_1 0x1u
+
+struct _mhu_v2_x_send_ch_window_t {
+ /* Offset: 0x00 (R/ ) Channel Status */
+ volatile uint32_t ch_st;
+ /* Offset: 0x04 (R/ ) Reserved */
+ volatile uint32_t reserved_0;
+ /* Offset: 0x08 (R/ ) Reserved */
+ volatile uint32_t reserved_1;
+ /* Offset: 0x0C ( /W) Channel Set */
+ volatile uint32_t ch_set;
+ /* Offset: 0x10 (R/ ) Channel Interrupt Status (Reserved in 2.0) */
+ volatile uint32_t ch_int_st;
+ /* Offset: 0x14 ( /W) Channel Interrupt Clear (Reserved in 2.0) */
+ volatile uint32_t ch_int_clr;
+ /* Offset: 0x18 (R/W) Channel Interrupt Enable (Reserved in 2.0) */
+ volatile uint32_t ch_int_en;
+ /* Offset: 0x1C (R/ ) Reserved */
+ volatile uint32_t reserved_2;
+};
+
+struct _mhu_v2_x_send_frame_t {
+ /* Offset: 0x000 ( / ) Sender Channel Window 0 -123 */
+ struct _mhu_v2_x_send_ch_window_t send_ch_window[_MHU_V2_X_MAX_CHANNELS];
+ /* Offset: 0xF80 (R/ ) Message Handling Unit Configuration */
+ volatile uint32_t mhu_cfg;
+ /* Offset: 0xF84 (R/W) Response Configuration */
+ volatile uint32_t resp_cfg;
+ /* Offset: 0xF88 (R/W) Access Request */
+ volatile uint32_t access_request;
+ /* Offset: 0xF8C (R/ ) Access Ready */
+ volatile uint32_t access_ready;
+ /* Offset: 0xF90 (R/ ) Interrupt Status */
+ volatile uint32_t int_st;
+ /* Offset: 0xF94 ( /W) Interrupt Clear */
+ volatile uint32_t int_clr;
+ /* Offset: 0xF98 (R/W) Interrupt Enable */
+ volatile uint32_t int_en;
+ /* Offset: 0xF9C (R/ ) Reserved */
+ volatile uint32_t reserved_0;
+ /* Offset: 0xFA0 (R/W) Channel Combined Interrupt Stat (Reserved in 2.0) */
+ volatile uint32_t ch_comb_int_st[_MHU_V2_1_MAX_CHCOMB_INT];
+ /* Offset: â€0xFC4‬ (R/ ) Reserved */
+ volatile uint32_t reserved_1[6];
+ /* Offset: 0xFC8 (R/ ) Implementer Identification Register */
+ volatile uint32_t iidr;
+ /* Offset: 0xFCC (R/ ) Architecture Identification Register */
+ volatile uint32_t aidr;
+ /* Offset: 0xFD0 (R/ ) */
+ volatile uint32_t pid_1[4];
+ /* Offset: 0xFE0 (R/ ) */
+ volatile uint32_t pid_0[4];
+ /* Offset: 0xFF0 (R/ ) */
+ volatile uint32_t cid[4];
+};
+
+struct _mhu_v2_x_rec_ch_window_t {
+ /* Offset: 0x00 (R/ ) Channel Status */
+ volatile uint32_t ch_st;
+ /* Offset: 0x04 (R/ ) Channel Status Masked */
+ volatile uint32_t ch_st_msk;
+ /* Offset: 0x08 ( /W) Channel Clear */
+ volatile uint32_t ch_clr;
+ /* Offset: 0x0C (R/ ) Reserved */
+ volatile uint32_t reserved_0;
+ /* Offset: 0x10 (R/ ) Channel Mask Status */
+ volatile uint32_t ch_msk_st;
+ /* Offset: 0x14 ( /W) Channel Mask Set */
+ volatile uint32_t ch_msk_set;
+ /* Offset: 0x18 ( /W) Channel Mask Clear */
+ volatile uint32_t ch_msk_clr;
+ /* Offset: 0x1C (R/ ) Reserved */
+ volatile uint32_t reserved_1;
+};
+
+struct _mhu_v2_x_recv_frame_t {
+ /* Offset: 0x000 ( / ) Receiver Channel Window 0 -123 */
+ struct _mhu_v2_x_rec_ch_window_t rec_ch_window[_MHU_V2_X_MAX_CHANNELS];
+ /* Offset: 0xF80 (R/ ) Message Handling Unit Configuration */
+ volatile uint32_t mhu_cfg;
+ /* Offset: 0xF84 (R/ ) Reserved */
+ volatile uint32_t reserved_0[3];
+ /* Offset: 0xF90 (R/ ) Interrupt Status (Reserved in 2.0) */
+ volatile uint32_t int_st;
+ /* Offset: 0xF94 (R/ ) Interrupt Clear (Reserved in 2.0) */
+ volatile uint32_t int_clr;
+ /* Offset: 0xF98 (R/W) Interrupt Enable (Reserved in 2.0) */
+ volatile uint32_t int_en;
+ /* Offset: 0xF9C (R/ ) Reserved */
+ volatile uint32_t reserved_1;
+ /* Offset: 0xFA0 (R/ ) Channel Combined Interrupt Stat (Reserved in 2.0) */
+ volatile uint32_t ch_comb_int_st[_MHU_V2_1_MAX_CHCOMB_INT];
+ /* Offset: 0xFB0 (R/ ) Reserved */
+ volatile uint32_t reserved_2[6];
+ /* Offset: 0xFC8 (R/ ) Implementer Identification Register */
+ volatile uint32_t iidr;
+ /* Offset: 0xFCC (R/ ) Architecture Identification Register */
+ volatile uint32_t aidr;
+ /* Offset: 0xFD0 (R/ ) */
+ volatile uint32_t pid_1[4];
+ /* Offset: 0xFE0 (R/ ) */
+ volatile uint32_t pid_0[4];
+ /* Offset: 0xFF0 (R/ ) */
+ volatile uint32_t cid[4];
+};
+
+union _mhu_v2_x_frame_t {
+ struct _mhu_v2_x_send_frame_t send_frame;
+ struct _mhu_v2_x_recv_frame_t recv_frame;
+};
+
+enum mhu_v2_x_error_t mhu_v2_x_driver_init(struct mhu_v2_x_dev_t *dev,
+ enum mhu_v2_x_supported_revisions rev)
+{
+ uint32_t AIDR = 0;
+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
+
+ if (dev->is_initialized) {
+ return MHU_V_2_X_ERR_ALREADY_INIT;
+ }
+
+ if (rev == MHU_REV_READ_FROM_HW) {
+ /* Read revision from HW */
+ if (dev->frame == MHU_V2_X_RECEIVER_FRAME) {
+ AIDR = p_mhu->recv_frame.aidr;
+ } else {
+ AIDR = p_mhu->send_frame.aidr;
+ }
+
+ /* Get bits 7:4 to read major revision */
+ if ( ((AIDR >> 4) & 0b1111) != MHU_MAJOR_REV_V2) {
+ /* Unsupported MHU version */
+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
+ } /* No need to save major version, driver only supports MHUv2 */
+
+ /* Get bits 3:0 to read minor revision */
+ dev->subversion = AIDR & 0b1111;
+
+ if (dev->subversion != MHU_MINOR_REV_2_0 &&
+ dev->subversion != MHU_MINOR_REV_2_1) {
+ /* Unsupported subversion */
+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
+ }
+ } else {
+ /* Revisions were provided by caller */
+ if (rev == MHU_REV_2_0) {
+ dev->subversion = MHU_MINOR_REV_2_0;
+ } else if (rev == MHU_REV_2_1) {
+ dev->subversion = MHU_MINOR_REV_2_1;
+ } else {
+ /* Unsupported subversion */
+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
+ }/* No need to save major version, driver only supports MHUv2 */
+ }
+
+ dev->is_initialized = true;
+
+ return MHU_V_2_X_ERR_NONE;
+}
+
+uint32_t mhu_v2_x_get_num_channel_implemented(const struct mhu_v2_x_dev_t *dev)
+{
+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
+
+ if ( !(dev->is_initialized) ) {
+ return MHU_V_2_X_ERR_NOT_INIT;
+ }
+
+ if(dev->frame == MHU_V2_X_SENDER_FRAME) {
+ return (SEND_FRAME(p_mhu))->mhu_cfg;
+ } else {
+ return (RECV_FRAME(p_mhu))->mhu_cfg;
+ }
+}
+
+enum mhu_v2_x_error_t mhu_v2_x_channel_send(const struct mhu_v2_x_dev_t *dev,
+ uint32_t channel, uint32_t val)
+{
+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
+
+ if ( !(dev->is_initialized) ) {
+ return MHU_V_2_X_ERR_NOT_INIT;
+ }
+
+ if(dev->frame == MHU_V2_X_SENDER_FRAME) {
+ (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_set = val;
+ return MHU_V_2_X_ERR_NONE;
+ } else {
+ return MHU_V_2_X_ERR_INVALID_ARG;
+ }
+}
+
+enum mhu_v2_x_error_t mhu_v2_x_channel_clear(const struct mhu_v2_x_dev_t *dev,
+ uint32_t channel)
+{
+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
+
+ if ( !(dev->is_initialized) ) {
+ return MHU_V_2_X_ERR_NOT_INIT;
+ }
+
+ if(dev->frame == MHU_V2_X_RECEIVER_FRAME) {
+ (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_clr = UINT32_MAX;
+ return MHU_V_2_X_ERR_NONE;
+ } else {
+ return MHU_V_2_X_ERR_INVALID_ARG;
+ }
+}
+
+enum mhu_v2_x_error_t mhu_v2_x_channel_receive(
+ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t *value)
+{
+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
+
+ if ( !(dev->is_initialized) ) {
+ return MHU_V_2_X_ERR_NOT_INIT;
+ }
+
+ if(dev->frame == MHU_V2_X_RECEIVER_FRAME) {
+ *value = (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_st;
+ return MHU_V_2_X_ERR_NONE;
+ } else {
+ return MHU_V_2_X_ERR_INVALID_ARG;
+ }
+}
+
+enum mhu_v2_x_error_t mhu_v2_x_channel_mask_set(
+ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask)
+{
+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
+
+ if ( !(dev->is_initialized) ) {
+ return MHU_V_2_X_ERR_NOT_INIT;
+ }
+
+ if(dev->frame == MHU_V2_X_RECEIVER_FRAME) {
+ (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_msk_set = mask;
+ return MHU_V_2_X_ERR_NONE;
+ } else {
+ return MHU_V_2_X_ERR_INVALID_ARG;
+ }
+}
+
+enum mhu_v2_x_error_t mhu_v2_x_channel_mask_clear(
+ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask)
+{
+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
+
+ if ( !(dev->is_initialized) ) {
+ return MHU_V_2_X_ERR_NOT_INIT;
+ }
+
+ if(dev->frame == MHU_V2_X_RECEIVER_FRAME) {
+ (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_msk_clr = mask;
+ return MHU_V_2_X_ERR_NONE;
+ } else {
+ return MHU_V_2_X_ERR_INVALID_ARG;
+ }
+}
+
+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_enable(
+ const struct mhu_v2_x_dev_t *dev, uint32_t channel)
+{
+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
+
+ if ( !(dev->is_initialized) ) {
+ return MHU_V_2_X_ERR_NOT_INIT;
+ }
+
+ if (dev->subversion == MHU_MINOR_REV_2_1) {
+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
+ }
+
+ if(dev->frame == MHU_V2_X_SENDER_FRAME) {
+ (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_int_en = ENABLE;
+ return MHU_V_2_X_ERR_NONE;
+ } else {
+ return MHU_V_2_X_ERR_INVALID_ARG;
+ }
+}
+
+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_disable(
+ const struct mhu_v2_x_dev_t *dev, uint32_t channel)
+{
+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
+
+ if ( !(dev->is_initialized) ) {
+ return MHU_V_2_X_ERR_NOT_INIT;
+ }
+
+ if (dev->subversion == MHU_MINOR_REV_2_1) {
+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
+ }
+
+ if(dev->frame == MHU_V2_X_SENDER_FRAME) {
+ (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_int_en = DISABLE;
+ return MHU_V_2_X_ERR_NONE;
+ } else {
+ return MHU_V_2_X_ERR_INVALID_ARG;
+ }
+}
+
+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_clear(
+ const struct mhu_v2_x_dev_t *dev, uint32_t channel)
+{
+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
+
+ if ( !(dev->is_initialized) ) {
+ return MHU_V_2_X_ERR_NOT_INIT;
+ }
+
+ if (dev->subversion == MHU_MINOR_REV_2_1) {
+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
+ }
+
+ if(dev->frame == MHU_V2_X_SENDER_FRAME) {
+ (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_int_clr = CLEAR_INTR;
+ return MHU_V_2_X_ERR_NONE;
+ } else {
+ return MHU_V_2_X_ERR_INVALID_ARG;
+ }
+}
+
+enum mhu_v2_x_error_t mhu_v2_x_initiate_transfer(
+ const struct mhu_v2_x_dev_t *dev)
+{
+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
+
+ if ( !(dev->is_initialized) ) {
+ return MHU_V_2_X_ERR_NOT_INIT;
+ }
+
+ if(dev->frame != MHU_V2_X_SENDER_FRAME) {
+ return MHU_V_2_X_ERR_INVALID_ARG;
+ }
+
+ (SEND_FRAME(p_mhu))->access_request = ENABLE;
+
+ while ( !((SEND_FRAME(p_mhu))->access_ready) ) {
+ /* Wait in a loop for access ready signal to be high */
+ ;
+ }
+
+ return MHU_V_2_X_ERR_NONE;
+}
+
+enum mhu_v2_x_error_t mhu_v2_x_close_transfer(const struct mhu_v2_x_dev_t *dev)
+{
+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
+
+ if ( !(dev->is_initialized) ) {
+ return MHU_V_2_X_ERR_NOT_INIT;
+ }
+
+ if(dev->frame != MHU_V2_X_SENDER_FRAME) {
+ return MHU_V_2_X_ERR_INVALID_ARG;
+ }
+
+ (SEND_FRAME(p_mhu))->access_request = DISABLE;
+
+ return MHU_V_2_X_ERR_NONE;
+}
+
+enum mhu_v2_x_error_t mhu_v2_x_get_access_request(
+ const struct mhu_v2_x_dev_t *dev, uint32_t *val)
+{
+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
+
+ if ( !(dev->is_initialized) ) {
+ return MHU_V_2_X_ERR_NOT_INIT;
+ }
+
+ if(dev->frame != MHU_V2_X_SENDER_FRAME) {
+ return MHU_V_2_X_ERR_INVALID_ARG;
+ }
+
+ *val = (SEND_FRAME(p_mhu))->access_request;
+
+ return MHU_V_2_X_ERR_NONE;
+}
+
+enum mhu_v2_x_error_t mhu_v2_x_set_access_request(
+ const struct mhu_v2_x_dev_t *dev)
+{
+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
+
+ if ( !(dev->is_initialized) ) {
+ return MHU_V_2_X_ERR_NOT_INIT;
+ }
+
+ if(dev->frame != MHU_V2_X_SENDER_FRAME) {
+ return MHU_V_2_X_ERR_INVALID_ARG;
+ }
+
+ (SEND_FRAME(p_mhu))->access_request = ENABLE;
+
+ return MHU_V_2_X_ERR_NONE;
+}
+
+enum mhu_v2_x_error_t mhu_v2_x_reset_access_request(
+ const struct mhu_v2_x_dev_t *dev)
+{
+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
+
+ if ( !(dev->is_initialized) ) {
+ return MHU_V_2_X_ERR_NOT_INIT;
+ }
+
+ if(dev->frame != MHU_V2_X_SENDER_FRAME) {
+ return MHU_V_2_X_ERR_INVALID_ARG;
+ }
+
+ (SEND_FRAME(p_mhu))->access_request = DISABLE;
+
+ return MHU_V_2_X_ERR_NONE;
+}
+
+enum mhu_v2_x_error_t mhu_v2_x_get_access_ready(
+ const struct mhu_v2_x_dev_t *dev, uint32_t *val)
+{
+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
+
+ if ( !(dev->is_initialized) ) {
+ return MHU_V_2_X_ERR_NOT_INIT;
+ }
+
+ if(dev->frame != MHU_V2_X_SENDER_FRAME) {
+ return MHU_V_2_X_ERR_INVALID_ARG;
+ }
+
+ *val = (SEND_FRAME(p_mhu))->access_ready;
+
+ return MHU_V_2_X_ERR_NONE;
+}
+
+uint32_t mhu_v2_x_get_interrupt_status(const struct mhu_v2_x_dev_t *dev)
+{
+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
+
+ if ( !(dev->is_initialized) ) {
+ return MHU_V_2_X_ERR_NOT_INIT;
+ }
+
+ if(dev->frame == MHU_V2_X_SENDER_FRAME) {
+ return (SEND_FRAME(p_mhu))->int_st;
+ } else {
+ return (RECV_FRAME(p_mhu))->int_st;
+ }
+}
+
+enum mhu_v2_x_error_t mhu_v2_x_interrupt_enable(
+ const struct mhu_v2_x_dev_t *dev, uint32_t mask)
+{
+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
+
+ if ( !(dev->is_initialized) ) {
+ return MHU_V_2_X_ERR_NOT_INIT;
+ }
+
+ if (dev->subversion == MHU_MINOR_REV_2_0) {
+ if (mask & MHU_2_1_INTR_CHCOMB_MASK) {
+ /* Combined channel IRQ is not present in v2.0 */
+ return MHU_V_2_X_ERR_INVALID_ARG;
+ }
+
+ if (dev->frame == MHU_V2_X_RECEIVER_FRAME) {
+ /* Only sender frame has these registers */
+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
+ }
+ }
+
+ if(dev->frame == MHU_V2_X_SENDER_FRAME) {
+ (SEND_FRAME(p_mhu))->int_en |= mask;
+ } else {
+ (RECV_FRAME(p_mhu))->int_en |= mask;
+ }
+
+ return MHU_V_2_X_ERR_NONE;
+}
+
+enum mhu_v2_x_error_t mhu_v2_x_interrupt_disable(
+ const struct mhu_v2_x_dev_t *dev, uint32_t mask)
+{
+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
+
+ if ( !(dev->is_initialized) ) {
+ return MHU_V_2_X_ERR_NOT_INIT;
+ }
+
+ if (dev->subversion == MHU_MINOR_REV_2_0) {
+ if (mask & MHU_2_1_INTR_CHCOMB_MASK) {
+ /* Combined channel IRQ is not present in v2.0 */
+ return MHU_V_2_X_ERR_INVALID_ARG;
+ }
+
+ if (dev->frame == MHU_V2_X_RECEIVER_FRAME) {
+ /* Only sender frame has these registers */
+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
+ }
+ }
+
+ if(dev->frame == MHU_V2_X_SENDER_FRAME) {
+ (SEND_FRAME(p_mhu))->int_en &= ~mask;
+ } else {
+ (RECV_FRAME(p_mhu))->int_en &= ~mask;
+ }
+
+ return MHU_V_2_X_ERR_NONE;
+}
+
+enum mhu_v2_x_error_t mhu_v2_x_interrupt_clear(
+ const struct mhu_v2_x_dev_t *dev, uint32_t mask)
+{
+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
+
+ if ( !(dev->is_initialized) ) {
+ return MHU_V_2_X_ERR_NOT_INIT;
+ }
+
+ if (dev->subversion == MHU_MINOR_REV_2_0) {
+ if (mask & MHU_2_1_INTR_CHCOMB_MASK) {
+ /* Combined channel IRQ is not present in v2.0 */
+ return MHU_V_2_X_ERR_INVALID_ARG;
+ }
+
+ if (dev->frame == MHU_V2_X_RECEIVER_FRAME) {
+ /* Only sender frame has these registers */
+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
+ }
+ }
+
+ if(dev->frame == MHU_V2_X_SENDER_FRAME) {
+ (SEND_FRAME(p_mhu))->int_clr = mask;
+ } else {
+ (RECV_FRAME(p_mhu))->int_clr = mask;
+ }
+
+ return MHU_V_2_X_ERR_NONE;
+}
+
+enum mhu_v2_x_error_t mhu_v2_1_get_ch_interrupt_num(
+ const struct mhu_v2_x_dev_t *dev, uint32_t *channel)
+{
+ uint32_t i, j, status;
+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
+
+ if ( !(dev->is_initialized) ) {
+ return MHU_V_2_X_ERR_NOT_INIT;
+ }
+
+ if (dev->subversion != MHU_MINOR_REV_2_1) {
+ /* Feature is only supported in MHU v2.1 */
+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
+ }
+
+ for(i = 0; i < _MHU_V2_1_MAX_CHCOMB_INT; i++) {
+ if(dev->frame == MHU_V2_X_SENDER_FRAME) {
+ status = (SEND_FRAME(p_mhu))->ch_comb_int_st[i];
+ } else {
+ status = (RECV_FRAME(p_mhu))->ch_comb_int_st[i];
+ }
+
+ for(j = 0; j < CH_PER_CH_COMB; j++) {
+ if (status & ENABLE) {
+ *channel = (j + (i * CH_PER_CH_COMB));
+ return MHU_V_2_X_ERR_NONE;
+ }
+ status >>= 1;
+ }
+ }
+
+ return MHU_V_2_X_ERR_GENERAL;
+}
diff --git a/platform/ext/target/arm/diphda/Native_Driver/mhu_v2_x.h b/platform/ext/target/arm/diphda/Native_Driver/mhu_v2_x.h
new file mode 100644
index 0000000..a8c4d50
--- /dev/null
+++ b/platform/ext/target/arm/diphda/Native_Driver/mhu_v2_x.h
@@ -0,0 +1,391 @@
+/*
+ * Copyright (c) 2020-2021 Arm Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * \file mhu_v2_x.h
+ * \brief Driver for Arm MHU v2.0 and v2.1
+ */
+
+#ifndef __MHU_V2_X_H__
+#define __MHU_V2_X_H__
+
+#include <stdint.h>
+#include <stdbool.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define MHU_2_X_INTR_NR2R_OFF (0x0u)
+#define MHU_2_X_INTR_R2NR_OFF (0x1u)
+#define MHU_2_1_INTR_CHCOMB_OFF (0x2u)
+
+#define MHU_2_X_INTR_NR2R_MASK (0x1u << MHU_2_X_INTR_NR2R_OFF)
+#define MHU_2_X_INTR_R2NR_MASK (0x1u << MHU_2_X_INTR_R2NR_OFF)
+#define MHU_2_1_INTR_CHCOMB_MASK (0x1u << MHU_2_1_INTR_CHCOMB_OFF)
+
+enum mhu_v2_x_frame_t {
+ MHU_V2_X_SENDER_FRAME = 0x0u,
+ MHU_V2_X_RECEIVER_FRAME = 0x1u,
+};
+
+enum mhu_v2_x_supported_revisions {
+ MHU_REV_READ_FROM_HW = 0,
+ MHU_REV_2_0,
+ MHU_REV_2_1,
+};
+
+struct mhu_v2_x_dev_t {
+ const uint32_t base;
+ enum mhu_v2_x_frame_t frame;
+ uint32_t subversion; /*!< Hardware subversion: v2.X */
+ bool is_initialized; /*!< Indicates if the MHU driver
+ * is initialized and enabled
+ */
+};
+
+/**
+ * \brief MHU v2 error enumeration types.
+ */
+enum mhu_v2_x_error_t {
+ MHU_V_2_X_ERR_NONE = 0,
+ MHU_V_2_X_ERR_NOT_INIT = -1,
+ MHU_V_2_X_ERR_ALREADY_INIT = -2,
+ MHU_V_2_X_ERR_UNSUPPORTED_VERSION = -3,
+ MHU_V_2_X_ERR_INVALID_ARG = -4,
+ MHU_V_2_X_ERR_GENERAL = -5
+};
+
+/**
+ * \brief Initializes the driver
+ *
+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
+ * \param[in] rev MHU revision (if can't be identified from HW)
+ *
+ * Reads the MHU hardware version
+ *
+ * \return Returns mhu_v2_x_error_t error code
+ *
+ * \note MHU revision only has to be specified when versions can't be read
+ * from HW (ARCH_MAJOR_REV reg reads as 0x0).
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+enum mhu_v2_x_error_t mhu_v2_x_driver_init(struct mhu_v2_x_dev_t *dev,
+ enum mhu_v2_x_supported_revisions rev);
+
+/**
+ * \brief Returns the number of channels implemented.
+ *
+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
+ *
+ * Returns the number of channels implemented.
+ *
+ * \return Returns the number of channels implemented.
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+uint32_t mhu_v2_x_get_num_channel_implemented(
+ const struct mhu_v2_x_dev_t *dev);
+
+/**
+ * \brief Sends the value over a channel.
+ *
+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
+ * \param[in] channel Channel to send the value over.
+ * \param[in] val Value to send.
+ *
+ * Sends the value over a channel.
+ *
+ * \return Returns mhu_v2_x_error_t error code
+ *
+ * \note This function doesn't check if dev is NULL.
+ * \note This function doesn't check if channel is implemented.
+ */
+enum mhu_v2_x_error_t mhu_v2_x_channel_send(const struct mhu_v2_x_dev_t *dev,
+ uint32_t channel, uint32_t val);
+
+/**
+ * \brief Clears the channel after the value is send over it.
+ *
+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
+ * \param[in] channel Channel to clear.
+ *
+ * Clears the channel after the value is send over it.
+ *
+ * \return Returns mhu_v2_x_error_t error code
+ *
+ * \note This function doesn't check if dev is NULL.
+ * \note This function doesn't check if channel is implemented.
+ */
+enum mhu_v2_x_error_t mhu_v2_x_channel_clear(const struct mhu_v2_x_dev_t *dev,
+ uint32_t channel);
+
+/**
+ * \brief Receives the value over a channel.
+ *
+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
+ * \param[in] channel Channel to receive the value from.
+ * \param[out] value Pointer to variable that will store the value.
+ *
+ * Receives the value over a channel.
+ *
+ * \return Returns mhu_v2_x_error_t error code
+ *
+ * \note This function doesn't check if dev is NULL.
+ * \note This function doesn't check if channel is implemented.
+ */
+enum mhu_v2_x_error_t mhu_v2_x_channel_receive(
+ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t *value);
+
+/**
+ * \brief Sets bits in the Channel Mask.
+ *
+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
+ * \param[in] channel Which channel's mask to set.
+ * \param[in] mask Mask to be set over a receiver frame.
+ *
+ * Sets bits in the Channel Mask.
+ *
+ * \return Returns mhu_v2_x_error_t error code
+ *
+ * \note This function doesn't check if dev is NULL.
+ * \note This function doesn't check if channel is implemented.
+ */
+enum mhu_v2_x_error_t mhu_v2_x_channel_mask_set(
+ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask);
+
+/**
+ * \brief Clears bits in the Channel Mask.
+ *
+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
+ * \param[in] channel Which channel's mask to clear.
+ * \param[in] mask Mask to be clear over a receiver frame.
+ *
+ * Clears bits in the Channel Mask.
+ *
+ * \return Returns mhu_v2_x_error_t error code
+ *
+ * \note This function doesn't check if dev is NULL.
+ * \note This function doesn't check if channel is implemented.
+ */
+enum mhu_v2_x_error_t mhu_v2_x_channel_mask_clear(
+ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask);
+
+/**
+ * \brief Enables the Channel interrupt.
+ *
+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
+ * \param[in] channel Which channel's interrupt to enable.
+ *
+ * Enables the Channel clear interrupt.
+ *
+ * \return Returns mhu_v2_x_error_t error code
+ *
+ * \note This function doesn't check if dev is NULL.
+ * \note This function doesn't check if channel is implemented.
+ */
+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_enable(
+ const struct mhu_v2_x_dev_t *dev, uint32_t channel);
+
+/**
+ * \brief Disables the Channel interrupt.
+ *
+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
+ * \param[in] channel Which channel's interrupt to disable.
+ *
+ * Disables the Channel interrupt.
+ *
+ * \return Returns mhu_v2_x_error_t error code
+ *
+ * \note This function doesn't check if dev is NULL.
+ * \note This function doesn't check if channel is implemented.
+ */
+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_disable(
+ const struct mhu_v2_x_dev_t *dev, uint32_t channel);
+
+/**
+ * \brief Clears the Channel interrupt.
+ *
+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
+ * \param[in] channel Which channel's interrupt to clear.
+ *
+ * Clears the Channel interrupt.
+ *
+ * \return Returns mhu_v2_x_error_t error code
+ *
+ * \note This function doesn't check if dev is NULL.
+ * \note This function doesn't check if channel is implemented.
+ */
+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_clear(
+ const struct mhu_v2_x_dev_t *dev, uint32_t channel);
+
+/**
+ * \brief Initiates a MHU transfer with the handshake signals.
+ *
+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
+ *
+ * Initiates a MHU transfer with the handshake signals in a blocking mode.
+ *
+ * \return Returns mhu_v2_x_error_t error code
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+enum mhu_v2_x_error_t mhu_v2_x_initiate_transfer(
+ const struct mhu_v2_x_dev_t *dev);
+
+/**
+ * \brief Closes a MHU transfer with the handshake signals.
+ *
+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
+ *
+ * Closes a MHU transfer with the handshake signals in a blocking mode.
+ *
+ * \return Returns mhu_v2_x_error_t error code
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+enum mhu_v2_x_error_t mhu_v2_x_close_transfer(
+ const struct mhu_v2_x_dev_t *dev);
+
+/**
+ * \brief Returns the value of access request signal.
+ *
+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
+ * \param[out] val Pointer to variable that will store the value.
+ *
+ * For more information please read the MHU v2 user guide
+ *
+ * \return Returns mhu_v2_x_error_t error code
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+enum mhu_v2_x_error_t mhu_v2_x_get_access_request(
+ const struct mhu_v2_x_dev_t *dev, uint32_t *val);
+
+/**
+ * \brief Sets the value of access request signal to high.
+ *
+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
+ *
+ * For more information please read the MHU v2 user guide
+ *
+ * \return Returns mhu_v2_x_error_t error code
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+enum mhu_v2_x_error_t mhu_v2_x_set_access_request(
+ const struct mhu_v2_x_dev_t *dev);
+
+/**
+ * \brief Sets the value of access request signal to low.
+ *
+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
+ *
+ * For more information please read the MHU v2 user guide
+ *
+ * \return Returns mhu_v2_x_error_t error code
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+enum mhu_v2_x_error_t mhu_v2_x_reset_access_request(
+ const struct mhu_v2_x_dev_t *dev);
+
+/**
+ * \brief Returns the value of access ready signal.
+ *
+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
+ * \param[out] val Pointer to variable that will store the value.
+ *
+ * For more information please read the MHU v2 user guide
+ *
+ * \return Returns mhu_v2_x_error_t error code
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+enum mhu_v2_x_error_t mhu_v2_x_get_access_ready(
+ const struct mhu_v2_x_dev_t *dev, uint32_t *val);
+
+/**
+ * \brief Returns the MHU interrupt status.
+ *
+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
+ *
+ * \return Interrupt status register value. Masking is needed for individual
+ * interrupts.
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+uint32_t mhu_v2_x_get_interrupt_status(const struct mhu_v2_x_dev_t *dev);
+
+/**
+ * \brief Enables MHU interrupts.
+ *
+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
+ * \param[in] mask Bit mask for enabling/disabling interrupts
+ *
+ * \return Returns mhu_v2_x_error_t error code
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+enum mhu_v2_x_error_t mhu_v2_x_interrupt_enable(
+ const struct mhu_v2_x_dev_t *dev, uint32_t mask);
+
+/**
+ * \brief Disables MHU interrupts.
+ *
+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
+ * \param[in] mask Bit mask for enabling/disabling interrupts
+ *
+ * \return Returns mhu_v2_x_error_t error code
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+enum mhu_v2_x_error_t mhu_v2_x_interrupt_disable(
+ const struct mhu_v2_x_dev_t *dev, uint32_t mask);
+
+/**
+ * \brief Clears MHU interrupts.
+ *
+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
+ * \param[in] mask Bit mask for clearing interrupts
+ *
+ * \return Returns mhu_v2_x_error_t error code
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+enum mhu_v2_x_error_t mhu_v2_x_interrupt_clear(
+ const struct mhu_v2_x_dev_t *dev, uint32_t mask);
+
+/**
+ * \brief Returns the first channel number whose interrupt bit is high.
+ *
+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
+ * \param[out] channel Pointer to variable that will have the channel value.
+ *
+ * \return Returns the first channel number whose interrupt bit is high.
+ * \return Returns mhu_v2_x_error_t error code.
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+enum mhu_v2_x_error_t mhu_v2_1_get_ch_interrupt_num(
+ const struct mhu_v2_x_dev_t *dev, uint32_t *channel);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __MHU_V2_X_H__ */
diff --git a/platform/ext/target/arm/diphda/Native_Driver/spi_flash_commands.h b/platform/ext/target/arm/diphda/Native_Driver/spi_flash_commands.h
new file mode 100644
index 0000000..33b6620
--- /dev/null
+++ b/platform/ext/target/arm/diphda/Native_Driver/spi_flash_commands.h
@@ -0,0 +1,28 @@
+/*
+ *
+ * Copyright (c) 2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef SPI_FLASH_COMMANDS_H
+#define SPI_FLASH_COMMANDS_H
+
+
+#define CMD_WRITE_ENABLE 0x06
+#define CMD_RANDOM_READ 0x03
+#define CMD_FAST_READ 0x0B
+#define CMD_PAGE_PROGRAM 0x02
+#define CMD_SECTOR_ERASE 0xD8
+#define CMD_SUB_SECTOR_ERASE 0x20
+#define CMD_BULK_ERASE 0xC7
+#define CMD_READ_STATUSREG 0x05
+#define CMD_READ_ID 0x9E
+#define CMD_WRITE_STATUSREG 0x01
+#define CMD_READ_FLAG_STATUS 0x70
+#define CMD_CLEAR_FLAG_STATUS 0x50
+#define CMD_READ_VOLATILE_CONFIG 0x85
+
+
+#endif /* SPI_FLASH_COMMANDS_H */
diff --git a/platform/ext/target/arm/diphda/Native_Driver/spi_n25q256a_flash_lib.c b/platform/ext/target/arm/diphda/Native_Driver/spi_n25q256a_flash_lib.c
new file mode 100644
index 0000000..ebc4d9b
--- /dev/null
+++ b/platform/ext/target/arm/diphda/Native_Driver/spi_n25q256a_flash_lib.c
@@ -0,0 +1,441 @@
+/*
+ *
+ * Copyright (c) 2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "spi_n25q256a_flash_lib.h"
+#include "spi_flash_commands.h"
+
+#define DUMMY_VAL 0xFF
+#define MAX_PROGRAM_SIZE 128 /* should be less than page size */
+#define MAX_READ_SIZE 128 /* should be less than page size */
+
+#define SR_IS_READY_MASK 0x01
+#define FSR_IS_ERASE_ERR_MASK 0x20
+#define FSR_IS_PROGRAM_ERR_MASK 0x10
+
+#define MANUFACTURER_ID 0x20
+#define MEMORY_TYPE 0xBA
+#define MEMORY_CAPACITY 0x19
+#define DATA_WIDTH 0x10
+
+#define CONFIG_REG_VALUE 0xFB
+
+uint8_t send_buf[256];
+uint8_t rcv_buf[256];
+
+static enum n25q256a_error_t spi_flash_read_reg(struct spi_n25q256a_dev_t* dev,
+ uint32_t *reg, uint32_t cmd)
+{
+ enum axi_qspi_error_t ret;
+
+ if (!reg) {
+ return N25Q256A_ERR_WRONG_ARGUMENT;
+ }
+
+ /* Read Flash Status Register */
+ send_buf[0] = cmd;
+ send_buf[1] = DUMMY_VAL;
+ ret = spi_transfer_and_receive(dev->controller, send_buf, rcv_buf, 2);
+ if (ret != AXI_QSPI_ERR_NONE) {
+ return ret;
+ }
+
+ *reg = rcv_buf[1] & 0xFF;
+
+ return N25Q256A_ERR_NONE;
+}
+
+static enum n25q256a_error_t spi_flash_wait_for_ready(
+ struct spi_n25q256a_dev_t* dev)
+{
+ uint32_t status_reg;
+ enum n25q256a_error_t ret;
+ uint32_t counter = 0;
+
+ while (1) {
+ /* Get the status register */
+ ret = spi_flash_read_reg(dev, &status_reg, CMD_READ_STATUSREG);
+ if (ret != N25Q256A_ERR_NONE) {
+ return ret;
+ }
+
+ if ((status_reg & SR_IS_READY_MASK) == 0) {
+ break;
+ }
+
+ if ((counter % 1000) == 0) {
+ SPI_FLASH_LOG_MSG("%s: WAITING status reg 0x%x\n\r",
+ __func__, status_reg);
+ counter++;
+ }
+ }
+
+ return N25Q256A_ERR_NONE;
+}
+
+static enum n25q256a_error_t spi_flash_write_enable(
+ struct spi_n25q256a_dev_t* dev)
+{
+ enum n25q256a_error_t ret;
+ enum axi_qspi_error_t qspi_ret;
+
+ ret = spi_flash_wait_for_ready(dev);
+ if (ret != N25Q256A_ERR_NONE) {
+ return ret;
+ }
+
+ send_buf[0] = CMD_WRITE_ENABLE;
+ qspi_ret = spi_transfer_and_receive(dev->controller, send_buf, NULL, 1);
+ if (qspi_ret != AXI_QSPI_ERR_NONE) {
+ return qspi_ret;
+ }
+
+ return N25Q256A_ERR_NONE;
+}
+
+static enum n25q256a_error_t spi_flash_identify_and_clear_error(
+ struct spi_n25q256a_dev_t* dev,
+ uint32_t mask)
+{
+ enum n25q256a_error_t ret;
+ enum axi_qspi_error_t qspi_ret;
+ uint32_t flag_reg;
+
+ ret = spi_flash_read_reg(dev, &flag_reg, CMD_READ_FLAG_STATUS);
+ if (ret != N25Q256A_ERR_NONE) {
+ return ret;
+ }
+
+ if ((flag_reg & mask) != 0) {
+ SPI_FLASH_LOG_MSG("%s:error identified at mask %x\n\r", __func__, mask);
+ send_buf[0] = CMD_CLEAR_FLAG_STATUS;
+ send_buf[1] = 0xFF;
+ qspi_ret = spi_transfer_and_receive(dev->controller, send_buf, NULL, 2);
+ if (qspi_ret != AXI_QSPI_ERR_NONE) {
+ return qspi_ret;
+ }
+ return N25Q256A_ERR_FLASH_CMD_FAILED;
+ }
+
+ return N25Q256A_ERR_NONE;
+}
+
+enum n25q256a_error_t spi_n25q256a_erase_chip(struct spi_n25q256a_dev_t* dev)
+{
+ enum n25q256a_error_t ret;
+ enum axi_qspi_error_t qspi_ret;
+
+ if (!dev->is_initialized) {
+ SPI_FLASH_LOG_MSG("%s: not initialized\n\r", __func__);
+ return N25Q256A_ERR_NOT_INITIALIZED;
+ }
+ SPI_FLASH_LOG_MSG("%s\n\r", __func__);
+
+ ret = spi_flash_write_enable(dev);
+ if (ret != N25Q256A_ERR_NONE) {
+ return ret;
+ }
+
+ send_buf[0] = CMD_BULK_ERASE;
+
+ /* start erase */
+ qspi_ret = spi_transfer_and_receive(dev->controller, send_buf, NULL, 1);
+ if (qspi_ret != AXI_QSPI_ERR_NONE) {
+ return qspi_ret;
+ }
+
+ /* wait for erase completion */
+ ret = spi_flash_wait_for_ready(dev);
+ if (ret != N25Q256A_ERR_NONE) {
+ return ret;
+ }
+
+ /* check for error */
+ ret = spi_flash_identify_and_clear_error(dev, FSR_IS_ERASE_ERR_MASK);
+ if (ret != N25Q256A_ERR_NONE) {
+ return ret;
+ }
+
+ return N25Q256A_ERR_NONE;
+}
+
+enum n25q256a_error_t spi_n25q256a_erase(struct spi_n25q256a_dev_t* dev,
+ uint32_t addr)
+{
+ enum n25q256a_error_t ret;
+ enum axi_qspi_error_t qspi_ret;
+
+ if (!dev->is_initialized) {
+ SPI_FLASH_LOG_MSG("%s: not initialized\n\r", __func__);
+ return N25Q256A_ERR_NOT_INITIALIZED;
+ }
+ SPI_FLASH_LOG_MSG("%s: addr=0x%x\n\r", __func__, addr);
+
+ ret = spi_flash_write_enable(dev);
+ if (ret != N25Q256A_ERR_NONE) {
+ return ret;
+ }
+
+ send_buf[0] = CMD_SUB_SECTOR_ERASE;
+ send_buf[1] = ((addr >> 24) & 0xFF);
+ send_buf[2] = ((addr >> 16) & 0xFF);
+ send_buf[3] = ((addr >> 8) & 0xFF);
+ send_buf[4] = ((addr >> 0) & 0xFF);
+
+ /* start erase */
+ qspi_ret = spi_transfer_and_receive(dev->controller, send_buf, NULL, 5);
+ if (qspi_ret != AXI_QSPI_ERR_NONE) {
+ return qspi_ret;
+ }
+
+ /* wait for erase completion */
+ ret = spi_flash_wait_for_ready(dev);
+ if (ret != N25Q256A_ERR_NONE) {
+ return ret;
+ }
+
+ /* check for error */
+ ret = spi_flash_identify_and_clear_error(dev, FSR_IS_ERASE_ERR_MASK);
+ if (ret != N25Q256A_ERR_NONE) {
+ return ret;
+ }
+
+ return N25Q256A_ERR_NONE;
+}
+
+static enum n25q256a_error_t spi_n25q256a_program_data(
+ struct spi_n25q256a_dev_t* dev, uint32_t addr,
+ const uint8_t *data, uint32_t cnt)
+{
+ enum n25q256a_error_t ret;
+ enum axi_qspi_error_t qspi_ret;
+ uint32_t remaining_bytes = cnt;
+ uint32_t current_data_index = 0;
+ uint32_t current_addr = addr;
+ uint32_t write_size;
+
+ while (remaining_bytes) {
+
+ /* write enable */
+ ret = spi_flash_write_enable(dev);
+ if (ret != N25Q256A_ERR_NONE) {
+ return ret;
+ }
+
+ /* prepare send buffer */
+ send_buf[0] = CMD_PAGE_PROGRAM;
+ send_buf[1] = ((current_addr >> 24) & 0xFF);
+ send_buf[2] = ((current_addr >> 16) & 0xFF);
+ send_buf[3] = ((current_addr >> 8) & 0xFF);
+ send_buf[4] = ((current_addr >> 0) & 0xFF);
+
+ if (remaining_bytes < MAX_PROGRAM_SIZE) {
+ write_size = remaining_bytes;
+ } else {
+ write_size = MAX_PROGRAM_SIZE;
+ }
+ for (int i = 0; i < write_size; i++) {
+ send_buf[i+5] = data[current_data_index++];
+ }
+
+ /* start program */
+ qspi_ret = spi_transfer_and_receive(dev->controller, send_buf, NULL,
+ write_size + 5);
+ if (qspi_ret != AXI_QSPI_ERR_NONE) {
+ return qspi_ret;
+ }
+ /* wait for write completion */
+ ret = spi_flash_wait_for_ready(dev);
+ if (ret != N25Q256A_ERR_NONE) {
+ return ret;
+ }
+ /* check for error */
+ ret = spi_flash_identify_and_clear_error(dev,
+ FSR_IS_PROGRAM_ERR_MASK);
+ if (ret != N25Q256A_ERR_NONE) {
+ return ret;
+ }
+
+ remaining_bytes -= write_size;
+ current_addr += write_size;
+ }
+
+ return N25Q256A_ERR_NONE;
+}
+
+enum n25q256a_error_t spi_n25q256a_program(
+ struct spi_n25q256a_dev_t* dev, uint32_t addr,
+ const uint8_t *data, uint32_t cnt)
+{
+ enum n25q256a_error_t ret;
+ uint32_t remaining_space;
+ uint32_t current_addr = addr;
+ uint8_t *current_data_ptr = (uint8_t*)data;
+ uint32_t current_cnt = cnt;
+
+ if (!dev->is_initialized) {
+ SPI_FLASH_LOG_MSG("%s: not initialized\n\r", __func__);
+ return N25Q256A_ERR_NOT_INITIALIZED;
+ }
+ SPI_FLASH_LOG_MSG("%s: addr=0x%x, cnt=%u\n\r", __func__, addr, cnt);
+
+ /* Is write alligned? */
+ if ((addr % dev->program_unit) != 0) {
+ return N25Q256A_ERR_WRONG_ARGUMENT;
+ }
+
+ /* Check the limits */
+ if ((addr + cnt) > (dev->total_sector_cnt * dev->sector_size)) {
+ return N25Q256A_ERR_WRONG_ARGUMENT;
+ }
+
+ if ((addr % MAX_PROGRAM_SIZE) != 0) {
+ /* unaligned addr */
+ remaining_space = MAX_PROGRAM_SIZE - (addr % MAX_PROGRAM_SIZE);
+ if (cnt > remaining_space) {
+ /* crossing the page boundary */
+ /* first write the unaligned data to make addr aligned*/
+ ret = spi_n25q256a_program_data(dev, current_addr, current_data_ptr,
+ remaining_space);
+ if (ret != N25Q256A_ERR_NONE) {
+ return ret;
+ }
+ current_addr += remaining_space;
+ current_data_ptr += remaining_space;
+ current_cnt -= remaining_space;
+ }
+ }
+
+ ret = spi_n25q256a_program_data(dev, current_addr, current_data_ptr,
+ current_cnt);
+
+ return ret;
+}
+
+enum n25q256a_error_t spi_n25q256a_read(struct spi_n25q256a_dev_t* dev,
+ uint32_t addr,
+ uint8_t *data, uint32_t cnt)
+{
+ enum axi_qspi_error_t qspi_ret;
+ uint32_t remaining_bytes = cnt;
+ uint32_t current_data_index = 0;
+ uint32_t current_addr = addr;
+ uint32_t read_size;
+
+ if (!dev->is_initialized) {
+ SPI_FLASH_LOG_MSG("%s: not initialized\n\r", __func__);
+ return N25Q256A_ERR_NOT_INITIALIZED;
+ }
+ SPI_FLASH_LOG_MSG("%s: addr=0x%x, cnt=%u\n\r", __func__, addr, cnt);
+
+ /* Check the limits */
+ if ((addr + cnt) > (dev->total_sector_cnt * dev->sector_size)) {
+ return N25Q256A_ERR_WRONG_ARGUMENT;
+ }
+
+ while (remaining_bytes) {
+
+ /* prepare send buffer */
+ send_buf[0] = CMD_RANDOM_READ;
+ send_buf[1] = ((current_addr >> 24) & 0xFF);
+ send_buf[2] = ((current_addr >> 16) & 0xFF);
+ send_buf[3] = ((current_addr >> 8) & 0xFF);
+ send_buf[4] = ((current_addr >> 0) & 0xFF);
+
+ if (remaining_bytes < MAX_READ_SIZE) {
+ read_size = remaining_bytes;
+ } else {
+ read_size = MAX_READ_SIZE;
+ }
+
+ /* start reading */
+ qspi_ret = spi_transfer_and_receive(dev->controller, send_buf, rcv_buf,
+ read_size + 5);
+ if (qspi_ret != AXI_QSPI_ERR_NONE) {
+ return qspi_ret;
+ }
+ /* copy data to user location */
+ for (int i = 0; i < read_size; i++) {
+ data[current_data_index] = rcv_buf[i+5];
+ current_data_index++;
+ }
+
+ remaining_bytes -= read_size;
+ current_addr += read_size;
+ }
+
+ return N25Q256A_ERR_NONE;
+}
+
+static enum n25q256a_error_t spi_n25q256a_verify_id(
+ struct spi_n25q256a_dev_t* dev)
+{
+ enum axi_qspi_error_t qspi_ret;
+
+ /* Read ID */
+ send_buf[0] = CMD_READ_ID;
+ for (int i = 1; i <= 6; i++) {
+ send_buf[i] = DUMMY_VAL;
+ }
+
+ qspi_ret = spi_transfer_and_receive(dev->controller, send_buf, rcv_buf, 7);
+ if (qspi_ret != AXI_QSPI_ERR_NONE) {
+ return qspi_ret;
+ }
+
+ if ((rcv_buf[1] != MANUFACTURER_ID) || (rcv_buf[2] != MEMORY_TYPE) ||
+ (rcv_buf[3] != MEMORY_CAPACITY) || (rcv_buf[4] != DATA_WIDTH)) {
+ SPI_FLASH_LOG_MSG("ID miss-match %X-%X-%X-%X\n\r",
+ rcv_buf[1], rcv_buf[2], rcv_buf[3], rcv_buf[4]);
+ return N25Q256A_ERR_WRONG_MEMORY;
+ }
+ SPI_FLASH_LOG_MSG("ID register: %X-%X-%X-%X\n\r", rcv_buf[1], rcv_buf[2],
+ rcv_buf[3], rcv_buf[4]);
+
+ return N25Q256A_ERR_NONE;
+}
+
+enum n25q256a_error_t spi_n25q256a_initialize(struct spi_n25q256a_dev_t* dev)
+{
+ enum axi_qspi_error_t qspi_ret;
+ enum n25q256a_error_t flash_ret;
+ uint32_t reg;
+
+ if (dev->is_initialized) {
+ SPI_FLASH_LOG_MSG("%s: already initialized\n\r", __func__);
+ return N25Q256A_ERR_NONE;
+ }
+
+ /* Initialize the QSPI controller */
+ qspi_ret = axi_qspi_initialize(dev->controller);
+ if (qspi_ret != AXI_QSPI_ERR_NONE) {
+ return qspi_ret;
+ }
+
+ /* Verify device id */
+ flash_ret = spi_n25q256a_verify_id(dev);
+ if (flash_ret != N25Q256A_ERR_NONE) {
+ return flash_ret;
+ }
+
+ /* Read Config Register */
+ flash_ret = spi_flash_read_reg(dev, ®, CMD_READ_VOLATILE_CONFIG);
+ if (flash_ret != N25Q256A_ERR_NONE) {
+ return flash_ret;
+ }
+ if (reg != CONFIG_REG_VALUE) {
+ SPI_FLASH_LOG_MSG("config register is not as expected: %X\n\r", reg);
+ return N25Q256A_ERR_WRONG_MEMORY;
+ }
+ SPI_FLASH_LOG_MSG("Config register value : 0x%X\n\r", reg);
+
+ dev->is_initialized = true;
+
+ SPI_FLASH_LOG_MSG("%s: SPI Flash Lib is initialized.\n\r", __func__);
+
+ return N25Q256A_ERR_NONE;
+}
diff --git a/platform/ext/target/arm/diphda/Native_Driver/spi_n25q256a_flash_lib.h b/platform/ext/target/arm/diphda/Native_Driver/spi_n25q256a_flash_lib.h
new file mode 100644
index 0000000..1d23d96
--- /dev/null
+++ b/platform/ext/target/arm/diphda/Native_Driver/spi_n25q256a_flash_lib.h
@@ -0,0 +1,59 @@
+/*
+ *
+ * Copyright (c) 2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef SPI_N25Q256A_FLASH_LIB_H
+#define SPI_N25Q256A_FLASH_LIB_H
+
+#include "xilinx_pg153_axi_qspi_controller_drv.h"
+#include <stdbool.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief SPI Flash error enumeration types
+ */
+enum n25q256a_error_t {
+ N25Q256A_ERR_NONE = AXI_QSPI_ERR_NONE,
+ N25Q256A_ERR_WRONG_ARGUMENT = AXI_QSPI_ERR_WRONG_ARGUMENT,
+ N25Q256A_ERR_NOT_INITIALIZED = AXI_QSPI_ERR_NOT_INITIALIZED,
+ N25Q256A_ERR_WRONG_MEMORY,
+ N25Q256A_ERR_FLASH_CMD_FAILED,
+ N25Q256A_ERR_READ_IN_PROGRESS,
+ N25Q256A_ERR_WRITE_IN_PROGRESS
+};
+
+struct spi_n25q256a_dev_t {
+ struct axi_qspi_dev_t *controller; /* QSPI Flash Controller */
+ uint32_t total_sector_cnt;
+ uint32_t page_size;
+ uint32_t sector_size;
+ uint32_t program_unit;
+ bool is_initialized;
+};
+
+enum n25q256a_error_t spi_n25q256a_initialize(struct spi_n25q256a_dev_t* dev);
+
+enum n25q256a_error_t spi_n25q256a_erase(struct spi_n25q256a_dev_t* dev,
+ uint32_t addr);
+
+enum n25q256a_error_t spi_n25q256a_erase_chip(struct spi_n25q256a_dev_t* dev);
+
+enum n25q256a_error_t spi_n25q256a_program(struct spi_n25q256a_dev_t* dev,
+ uint32_t addr,
+ const uint8_t *data, uint32_t cnt);
+
+enum n25q256a_error_t spi_n25q256a_read(struct spi_n25q256a_dev_t* dev,
+ uint32_t addr,
+ uint8_t *data, uint32_t cnt);
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* SPI_N25Q256A_FLASH_LIB_H */
diff --git a/platform/ext/target/arm/diphda/Native_Driver/uart_pl011_drv.c b/platform/ext/target/arm/diphda/Native_Driver/uart_pl011_drv.c
new file mode 100755
index 0000000..01feaa4
--- /dev/null
+++ b/platform/ext/target/arm/diphda/Native_Driver/uart_pl011_drv.c
@@ -0,0 +1,1019 @@
+/*
+ * Copyright (c) 2016-2018 Arm Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "uart_pl011_drv.h"
+
+#include <stddef.h>
+#include "cmsis_compiler.h"
+
+#define FREQ_IRLPBAUD16_MIN (1420000u) /* 1.42 MHz */
+#define FREQ_IRLPBAUD16_MAX (2120000u) /* 2.12 MHz */
+#define SAMPLING_FACTOR (16u)
+#define UART_PL011_FBRD_WIDTH (6u)
+
+/**
+ * \brief UART PL011 register map structure
+ */
+struct _uart_pl011_reg_map_t {
+ volatile uint32_t uartdr; /*!< Offset: 0x000 (R/W) Data register */
+ union {
+ volatile uint32_t uartrsr;
+ /*!< Offset: 0x004 (R/ ) Receive status register */
+ volatile uint32_t uartecr;
+ /*!< Offset: 0x004 ( /W) Error clear register */
+ };
+ volatile uint32_t reserved_0[4]; /*!< Offset: 0x008-0x014 Reserved */
+ volatile uint32_t uartfr; /*!< Offset: 0x018 (R/ ) Flag register */
+ volatile uint32_t reserved_1; /*!< Offset: 0x01C Reserved */
+ volatile uint32_t uartilpr;
+ /*!< Offset: 0x020 (R/W) IrDA low-power counter register */
+ volatile uint32_t uartibrd;
+ /*!< Offset: 0x024 (R/W) Integer baud rate register */
+ volatile uint32_t uartfbrd;
+ /*!< Offset: 0x028 (R/W) Fractional baud rate register */
+ volatile uint32_t uartlcr_h;
+ /*!< Offset: 0x02C (R/W) Line control register */
+ volatile uint32_t uartcr;
+ /*!< Offset: 0x030 (R/W) Control register */
+ volatile uint32_t uartifls;
+ /*!< Offset: 0x034 (R/W) Interrupt FIFO level select register */
+ volatile uint32_t uartimsc;
+ /*!< Offset: 0x038 (R/W) Interrupt mask set/clear register */
+ volatile uint32_t uartris;
+ /*!< Offset: 0x03C (R/ ) Raw interrupt status register */
+ volatile uint32_t uartmis;
+ /*!< Offset: 0x040 (R/ ) Masked interrupt status register */
+ volatile uint32_t uarticr;
+ /*!< Offset: 0x044 ( /W) Interrupt clear register */
+ volatile uint32_t uartdmacr;
+ /*!< Offset: 0x048 (R/W) DMA control register */
+ volatile uint32_t reserved_2[13]; /*!< Offset: 0x04C-0x07C Reserved */
+ volatile uint32_t reserved_3[4];
+ /*!< Offset: 0x080-0x08C Reserved for test purposes */
+ volatile uint32_t reserved_4[976]; /*!< Offset: 0x090-0xFCC Reserved */
+ volatile uint32_t reserved_5[4];
+ /*!< Offset: 0xFD0-0xFDC Reserved for future ID expansion */
+ volatile uint32_t uartperiphid0;
+ /*!< Offset: 0xFE0 (R/ ) UARTPeriphID0 register */
+ volatile uint32_t uartperiphid1;
+ /*!< Offset: 0xFE4 (R/ ) UARTPeriphID1 register */
+ volatile uint32_t uartperiphid2;
+ /*!< Offset: 0xFE8 (R/ ) UARTPeriphID2 register */
+ volatile uint32_t uartperiphid3;
+ /*!< Offset: 0xFEC (R/ ) UARTPeriphID3 register */
+ volatile uint32_t uartpcellid0;
+ /*!< Offset: 0xFF0 (R/ ) UARTPCellID0 register */
+ volatile uint32_t uartpcellid1;
+ /*!< Offset: 0xFF4 (R/ ) UARTPCellID1 register */
+ volatile uint32_t uartpcellid2;
+ /*!< Offset: 0xFF8 (R/ ) UARTPCellID2 register */
+ volatile uint32_t uartpcellid3;
+ /*!< Offset: 0xFFC (R/ ) UARTPCellID3 register */
+};
+
+#define UART_PL011_UARTFR_CTS_MASK ( \
+ 0x1u<<UART_PL011_UARTFR_CTS_OFF)
+#define UART_PL011_UARTFR_DSR_MASK ( \
+ 0x1u<<UART_PL011_UARTFR_DSR_OFF)
+#define UART_PL011_UARTFR_DCD_MASK ( \
+ 0x1u<<UART_PL011_UARTFR_DCD_OFF)
+#define UART_PL011_UARTFR_BUSYBIT ( \
+ 0x1u<<UART_PL011_UARTFR_BUSYBIT_OFF)
+#define UART_PL011_UARTFR_RX_FIFO_EMPTY ( \
+ 0x1u<<UART_PL011_UARTFR_RX_FIFO_EMPTY_OFF)
+#define UART_PL011_UARTFR_TX_FIFO_FULL ( \
+ 0x1u<<UART_PL011_UARTFR_TX_FIFO_FULL_OFF)
+#define UART_PL011_UARTFR_RI_MASK ( \
+ 0x1u<<UART_PL011_UARTFR_RI_OFF)
+
+#define UART_PL011_UARTLCR_H_BRK_MASK ( \
+ 0x1u<<UART_PL011_UARTLCR_H_BRK_OFF)
+#define UART_PL011_UARTLCR_H_PARITY_MASK ( \
+ 0x1u<<UART_PL011_UARTLCR_H_PEN_OFF \
+ | 0x1u<<UART_PL011_UARTLCR_H_EPS_OFF \
+ | 0x1u<<UART_PL011_UARTLCR_H_SPS_OFF)
+#define UART_PL011_UARTLCR_H_STOPBIT_MASK ( \
+ 0x1u<<UART_PL011_UARTLCR_H_STP2_OFF)
+#define UART_PL011_UARTLCR_H_FEN_MASK ( \
+ 0x1u<<UART_PL011_UARTLCR_H_FEN_OFF)
+#define UART_PL011_UARTLCR_H_WLEN_MASK ( \
+ 0x3u<<UART_PL011_UARTLCR_H_WLEN_OFF)
+#define UART_PL011_FORMAT_MASK ( \
+ UART_PL011_UARTLCR_H_PARITY_MASK \
+ | UART_PL011_UARTLCR_H_STOPBIT_MASK \
+ | UART_PL011_UARTLCR_H_WLEN_MASK)
+
+#define UART_PL011_UARTCR_EN_MASK ( \
+ 0x1u<<UART_PL011_UARTCR_UARTEN_OFF)
+#define UART_PL011_UARTCR_SIREN_MASK ( \
+ 0x1u<<UART_PL011_UARTCR_SIREN_OFF)
+#define UART_PL011_UARTCR_SIRLP_MASK ( \
+ 0x1u<<UART_PL011_UARTCR_SIRLP_OFF)
+#define UART_PL011_UARTCR_LBE_MASK ( \
+ 0x1u<<UART_PL011_UARTCR_LBE_OFF)
+#define UART_PL011_UARTCR_TX_EN_MASK ( \
+ 0x1u<<UART_PL011_UARTCR_TXE_OFF)
+#define UART_PL011_UARTCR_RX_EN_MASK ( \
+ 0x1u<<UART_PL011_UARTCR_RXE_OFF)
+#define UART_PL011_UARTCR_DTR_MASK ( \
+ 0x1u<<UART_PL011_UARTCR_DTR_OFF)
+#define UART_PL011_UARTCR_RTS_MASK ( \
+ 0x1u<<UART_PL011_UARTCR_RTS_OFF)
+#define UART_PL011_UARTCR_OUT1_MASK ( \
+ 0x1u<<UART_PL011_UARTCR_OUT1_OFF)
+#define UART_PL011_UARTCR_OUT2_MASK ( \
+ 0x1u<<UART_PL011_UARTCR_OUT2_OFF)
+#define UART_PL011_UARTCR_RTSE_MASK ( \
+ 0x1u<<UART_PL011_UARTCR_RTSE_OFF)
+#define UART_PL011_UARTCR_CTSE_MASK ( \
+ 0x1u<<UART_PL011_UARTCR_CTSE_OFF)
+
+#define UART_PL011_UARTIFLS_TX_FIFO_LVL_MASK ( \
+ 0x7u<<UART_PL011_UARTIFLS_TX_OFF)
+#define UART_PL011_UARTIFLS_RX_FIFO_LVL_MASK ( \
+ 0x7u<<UART_PL011_UARTIFLS_RX_OFF)
+
+#define UART_PL011_UARTDMACR_RX_MASK ( \
+ 0x1u<<UART_PL011_UARTDMACR_RXEN_OFF \
+ | 0x1u<<UART_PL011_UARTDMACR_ON_ERR_OFF)
+#define UART_PL011_UARTDMACR_TX_MASK ( \
+ 0x1u<<UART_PL011_UARTDMACR_TXEN_OFF)
+
+/* Default register values of UART PL011 */
+#define UART_PL011_DATA_REG_RESET_VALUE (0x0u)
+#define UART_PL011_ECR_REG_CLEAR_VALUE (0xFFu)
+#define UART_PL011_ILPR_REG_RESET_VALUE (0x0u)
+#define UART_PL011_IBRD_REG_RESET_VALUE (0x0u)
+#define UART_PL011_FBRD_REG_RESET_VALUE (0x0u)
+#define UART_PL011_LCR_H_REG_RESET_VALUE (0x0u)
+#define UART_PL011_CR_REG_RESET_VALUE (0x0300u)
+#define UART_PL011_IFLS_REG_RESET_VALUE (0x12u)
+#define UART_PL011_IMSC_REG_RESET_VALUE (0x0u)
+#define UART_PL011_ICR_REG_CLEAR_VALUE (0x7FFu)
+#define UART_PL011_DMACR_REG_RESET_VALUE (0x0u)
+
+static void _uart_pl011_enable(struct _uart_pl011_reg_map_t* p_uart)
+{
+ p_uart->uartcr |= UART_PL011_UARTCR_EN_MASK;
+}
+
+static void _uart_pl011_disable(struct _uart_pl011_reg_map_t* p_uart)
+{
+ p_uart->uartcr &= ~UART_PL011_UARTCR_EN_MASK;
+}
+
+static bool _uart_pl011_is_enabled(struct _uart_pl011_reg_map_t* p_uart)
+{
+ return (bool)(p_uart->uartcr & UART_PL011_UARTCR_EN_MASK);
+}
+
+static void _uart_pl011_enable_fifo(struct _uart_pl011_reg_map_t* p_uart)
+{
+ p_uart->uartlcr_h |= UART_PL011_UARTLCR_H_FEN_MASK;
+}
+
+static void _uart_pl011_disable_fifo(struct _uart_pl011_reg_map_t* p_uart)
+{
+ p_uart->uartlcr_h &= ~UART_PL011_UARTLCR_H_FEN_MASK;
+}
+
+static bool _uart_pl011_is_fifo_enabled(struct _uart_pl011_reg_map_t* p_uart)
+{
+ return (bool)(p_uart->uartlcr_h & UART_PL011_UARTLCR_H_FEN_MASK);
+}
+
+static bool _uart_pl011_is_busy(struct _uart_pl011_reg_map_t* p_uart)
+{
+ return (bool)(p_uart->uartfr & UART_PL011_UARTFR_BUSYBIT);
+}
+
+static enum uart_pl011_error_t _uart_pl011_set_baudrate(
+ struct _uart_pl011_reg_map_t* p_uart,
+ uint32_t clk, uint32_t baudrate)
+{
+ /* Avoiding float calculations, bauddiv is left shifted by 6 */
+ uint64_t bauddiv = (((uint64_t)clk)<<UART_PL011_FBRD_WIDTH)
+ /(SAMPLING_FACTOR*baudrate);
+
+ /* Valid bauddiv value
+ * uart_clk (min) >= 16 x baud_rate (max)
+ * uart_clk (max) <= 16 x 65535 x baud_rate (min)
+ */
+ if((bauddiv < (1u<<UART_PL011_FBRD_WIDTH))
+ || (bauddiv > (65535u<<UART_PL011_FBRD_WIDTH))) {
+ return UART_PL011_ERR_INVALID_BAUD;
+ }
+
+ p_uart->uartibrd = (uint32_t)(bauddiv >> UART_PL011_FBRD_WIDTH);
+ p_uart->uartfbrd = (uint32_t)(bauddiv &
+ ((1u << UART_PL011_FBRD_WIDTH) - 1u));
+
+ __DMB();
+
+ /* In order to internally update the contents of uartibrd or uartfbrd, a
+ * uartlcr_h write must always be performed at the end
+ * ARM DDI 0183F, Pg 3-13
+ */
+ p_uart->uartlcr_h = p_uart->uartlcr_h;
+
+ return UART_PL011_ERR_NONE;
+}
+
+static void _uart_pl011_set_format(struct _uart_pl011_reg_map_t* p_uart,
+ enum uart_pl011_wlen_t word_len,
+ enum uart_pl011_parity_t parity,
+ enum uart_pl011_stopbit_t stop_bits)
+{
+ uint32_t ctrl_reg = p_uart->uartlcr_h & ~(UART_PL011_FORMAT_MASK);
+
+ /* Making sure other bit are not changed */
+ word_len &= UART_PL011_UARTLCR_H_WLEN_MASK;
+ parity &= UART_PL011_UARTLCR_H_PARITY_MASK;
+ stop_bits &= UART_PL011_UARTLCR_H_STOPBIT_MASK;
+
+ p_uart->uartlcr_h = ctrl_reg | word_len | parity | stop_bits;
+
+}
+
+static void _uart_pl011_set_cr_bit(struct _uart_pl011_reg_map_t* p_uart,
+ uint32_t mask)
+{
+ bool uart_enabled = _uart_pl011_is_enabled(p_uart);
+ bool fifo_enabled = _uart_pl011_is_fifo_enabled(p_uart);
+
+ /* UART must be disabled before any Control Register or
+ * Line Control Register are reprogrammed */
+ _uart_pl011_disable(p_uart);
+
+ /* Flush the transmit FIFO by disabling bit 4 (FEN) in
+ * the line control register (UARTCLR_H) */
+ _uart_pl011_disable_fifo(p_uart);
+
+ p_uart->uartcr |= (mask);
+
+ /* Enabling the FIFOs if previously enabled */
+ if(fifo_enabled) {
+ _uart_pl011_enable_fifo(p_uart);
+ }
+
+ /* Enabling the UART if previously enabled */
+ if(uart_enabled) {
+ _uart_pl011_enable(p_uart);
+ }
+}
+
+static void _uart_pl011_clear_cr_bit(struct _uart_pl011_reg_map_t* p_uart,
+ uint32_t mask)
+{
+ bool uart_enabled = _uart_pl011_is_enabled(p_uart);
+ bool fifo_enabled = _uart_pl011_is_fifo_enabled(p_uart);
+
+ /* UART must be disabled before any Control Register or
+ * Line Control Register are reprogrammed */
+ _uart_pl011_disable(p_uart);
+
+ /* Flush the transmit FIFO by disabling bit 4 (FEN) in
+ * the line control register (UARTCLR_H) */
+ _uart_pl011_disable_fifo(p_uart);
+
+ p_uart->uartcr &= ~(mask);
+
+ /* Enabling the FIFOs if previously enabled */
+ if(fifo_enabled) {
+ _uart_pl011_enable_fifo(p_uart);
+ }
+
+ /* Enabling the UART if previously enabled */
+ if(uart_enabled) {
+ _uart_pl011_enable(p_uart);
+ }
+}
+
+static void _uart_pl011_set_lcr_h_bit(struct _uart_pl011_reg_map_t* p_uart,
+ uint32_t mask)
+{
+ bool uart_enabled = _uart_pl011_is_enabled(p_uart);
+
+ /* UART must be disabled before any Control Register or
+ * Line Control Register are reprogrammed */
+ _uart_pl011_disable(p_uart);
+
+ p_uart->uartlcr_h |= (mask);
+
+ /* Enabling the UART if previously enabled */
+ if(uart_enabled) {
+ _uart_pl011_enable(p_uart);
+ }
+}
+
+static void _uart_pl011_clear_lcr_h_bit(struct _uart_pl011_reg_map_t* p_uart,
+ uint32_t mask)
+{
+ bool uart_enabled = _uart_pl011_is_enabled(p_uart);
+
+ /* UART must be disabled before any Control Register or
+ * Line Control Register are reprogrammed */
+ _uart_pl011_disable(p_uart);
+
+ p_uart->uartlcr_h &= ~(mask);
+
+ /* Enabling the UART if previously enabled */
+ if(uart_enabled) {
+ _uart_pl011_enable(p_uart);
+ }
+}
+
+static void _uart_pl011_reset_regs(struct _uart_pl011_reg_map_t* p_uart)
+{
+ /* Restore the default value of UART registers, the registers which
+ * are not listed below are Read-Only */
+
+ /* Will disable the UART */
+ p_uart->uartcr = UART_PL011_CR_REG_RESET_VALUE;
+ p_uart->uartdr = UART_PL011_DATA_REG_RESET_VALUE;
+ /* Clear all the errors */
+ p_uart->uartecr = UART_PL011_ECR_REG_CLEAR_VALUE;
+ p_uart->uartilpr = UART_PL011_ILPR_REG_RESET_VALUE;
+ p_uart->uartibrd = UART_PL011_IBRD_REG_RESET_VALUE;
+ p_uart->uartfbrd = UART_PL011_FBRD_REG_RESET_VALUE;
+ p_uart->uartlcr_h = UART_PL011_LCR_H_REG_RESET_VALUE;
+ p_uart->uartifls = UART_PL011_IFLS_REG_RESET_VALUE;
+ p_uart->uartimsc = UART_PL011_IMSC_REG_RESET_VALUE;
+ /* Clear all the interrupts */
+ p_uart->uarticr = UART_PL011_ICR_REG_CLEAR_VALUE;
+ p_uart->uartdmacr = UART_PL011_DMACR_REG_RESET_VALUE;
+}
+
+enum uart_pl011_error_t uart_pl011_init(struct uart_pl011_dev_t* dev,
+ uint32_t uart_clk)
+{
+ enum uart_pl011_error_t err;
+
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ uint32_t def_baud = dev->cfg->def_baudrate;
+
+ if(uart_clk == 0) {
+ return UART_PL011_ERR_INVALID_ARG;
+ }
+
+ if(def_baud == 0) {
+ return UART_PL011_ERR_INVALID_BAUD;
+ }
+
+ /* Updating the system clock */
+ dev->data->uart_clk = uart_clk;
+
+ /* Setting the default baudrate */
+ err = _uart_pl011_set_baudrate(p_uart, uart_clk, def_baud);
+
+ if(err != UART_PL011_ERR_NONE) {
+ return err;
+ }
+
+ /* Setting the default character format */
+ _uart_pl011_set_format(p_uart, dev->cfg->def_wlen,
+ dev->cfg->def_parity,
+ dev->cfg->def_stopbit);
+
+ /* Enabling the FIFOs */
+ _uart_pl011_enable_fifo(p_uart);
+
+ dev->data->state = UART_PL011_INITIALIZED;
+
+ return UART_PL011_ERR_NONE;
+}
+
+void uart_pl011_uninit(struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ while(_uart_pl011_is_busy(p_uart));
+
+ /* Disable and restore the default configuration of the peripheral */
+ _uart_pl011_reset_regs(p_uart);
+
+ dev->data->state = UART_PL011_UNINITIALIZED;
+
+ return;
+}
+
+enum uart_pl011_state_t uart_pl011_get_state(struct uart_pl011_dev_t* dev)
+{
+ return dev->data->state;
+}
+
+enum uart_pl011_error_t uart_pl011_set_baudrate(
+ struct uart_pl011_dev_t* dev, uint32_t baudrate)
+{
+ enum uart_pl011_error_t err = UART_PL011_ERR_NONE;
+
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ bool uart_enabled = _uart_pl011_is_enabled(p_uart);
+
+ if(uart_pl011_get_state(dev) != UART_PL011_INITIALIZED) {
+ return UART_PL011_ERR_NOT_INIT;
+ }
+
+ if(baudrate == 0) {
+ return UART_PL011_ERR_INVALID_BAUD;
+ }
+
+ /* UART must be disabled before any Control Register or
+ * Line Control Register are reprogrammed */
+ _uart_pl011_disable(p_uart);
+
+ /* If baudrate is not valid ie UART_PL011_ERR_NONE is not returned then
+ * the UART will continue to function at the old baudrate */
+ err = _uart_pl011_set_baudrate(p_uart, dev->data->uart_clk, baudrate);
+
+ if(err == UART_PL011_ERR_NONE) {
+ dev->data->baudrate = baudrate;
+ }
+
+ if(uart_enabled) {
+ _uart_pl011_enable(p_uart);
+ }
+
+ return err;
+}
+
+uint32_t uart_pl011_get_baudrate(struct uart_pl011_dev_t* dev)
+{
+ return dev->data->baudrate;
+}
+
+void uart_pl011_enable_intr(struct uart_pl011_dev_t* dev,
+ enum uart_pl011_intr_t mask)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ p_uart->uartimsc |= (uint32_t)(mask);
+
+ return;
+}
+
+void uart_pl011_disable_intr(struct uart_pl011_dev_t* dev,
+ enum uart_pl011_intr_t mask)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ p_uart->uartimsc &= (uint32_t)(~mask);
+
+ return;
+}
+
+void uart_pl011_clear_intr(struct uart_pl011_dev_t* dev,
+ enum uart_pl011_intr_t mask)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ p_uart->uarticr = (uint32_t)mask;
+
+ return;
+}
+
+
+enum uart_pl011_intr_t uart_pl011_get_masked_intr_status(
+ struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ return (enum uart_pl011_intr_t)(p_uart->uartmis);
+
+}
+
+enum uart_pl011_intr_t uart_pl011_get_raw_intr_status(
+ struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ return (enum uart_pl011_intr_t)(p_uart->uartris);
+}
+
+void uart_pl011_set_rx_fifo_lvl(struct uart_pl011_dev_t* dev,
+ enum uart_pl011_rx_fifo_lvl_t rx_lvl)
+{
+ uint32_t fifo_lvl;
+
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ /* Check if rx_lvl have valid values */
+ rx_lvl &= UART_PL011_UARTIFLS_RX_FIFO_LVL_MASK;
+
+ fifo_lvl = p_uart->uartifls
+ & ~(UART_PL011_UARTIFLS_RX_FIFO_LVL_MASK);
+ p_uart->uartifls = fifo_lvl | rx_lvl;
+
+ return;
+}
+
+void uart_pl011_set_tx_fifo_lvl(struct uart_pl011_dev_t* dev,
+ enum uart_pl011_tx_fifo_lvl_t tx_lvl)
+{
+ uint32_t fifo_lvl;
+
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+ /* Check if tx_lvl have valid values */
+ tx_lvl &= UART_PL011_UARTIFLS_TX_FIFO_LVL_MASK;
+
+ fifo_lvl = p_uart->uartifls
+ & ~(UART_PL011_UARTIFLS_TX_FIFO_LVL_MASK);
+ p_uart->uartifls = fifo_lvl | tx_lvl;
+
+ return;
+}
+
+void uart_pl011_set_tx_dma(struct uart_pl011_dev_t* dev,
+ enum uart_pl011_tx_dma_t enable)
+{
+ uint32_t dma_cr;
+
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ enable &= UART_PL011_UARTDMACR_TX_MASK;
+
+ dma_cr = p_uart->uartdmacr
+ & ~(UART_PL011_UARTDMACR_TX_MASK);
+
+ p_uart->uartdmacr = dma_cr | enable;
+
+ return;
+}
+
+void uart_pl011_set_rx_dma(struct uart_pl011_dev_t* dev,
+ enum uart_pl011_rx_dma_t enable)
+{
+ uint32_t dma_cr;
+
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ enable &= UART_PL011_UARTDMACR_RX_MASK;
+
+ dma_cr = p_uart->uartdmacr
+ & ~(UART_PL011_UARTDMACR_RX_MASK);
+
+ p_uart->uartdmacr = dma_cr | enable;
+
+ return;
+}
+
+bool uart_pl011_is_readable(struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ if( (uart_pl011_get_state(dev) == UART_PL011_INITIALIZED) &&
+ /* UART is initialized */
+ (p_uart->uartcr & UART_PL011_UARTCR_EN_MASK) &&
+ /* UART is enabled */
+ (p_uart->uartcr & UART_PL011_UARTCR_RX_EN_MASK) &&
+ /* Receive is enabled */
+ ((p_uart->uartfr & UART_PL011_UARTFR_RX_FIFO_EMPTY) == 0)) {
+ /* Receive Fifo is not empty */
+ return true;
+ }
+
+ return false;
+
+}
+
+enum uart_pl011_error_t uart_pl011_read(
+ struct uart_pl011_dev_t* dev, uint8_t* byte)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ *byte = p_uart->uartdr;
+
+ return (enum uart_pl011_error_t)(p_uart->uartrsr
+ & UART_PL011_RX_ERR_MASK);
+}
+
+bool uart_pl011_is_writable(struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ if( (uart_pl011_get_state(dev) == UART_PL011_INITIALIZED) &&
+ /* UART is initialized */
+ (p_uart->uartcr & UART_PL011_UARTCR_EN_MASK) &&
+ /* UART is enabled */
+ (p_uart->uartcr & UART_PL011_UARTCR_TX_EN_MASK) &&
+ /* Transmit is enabled */
+ ((p_uart->uartfr & UART_PL011_UARTFR_TX_FIFO_FULL) == 0)) {
+ /* Transmit Fifo is not full */
+ return true;
+ }
+ return false;
+
+}
+
+void uart_pl011_write(struct uart_pl011_dev_t* dev, uint8_t byte)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ p_uart->uartdr = byte;
+
+ return;
+}
+
+enum uart_pl011_error_t uart_pl011_set_format(struct uart_pl011_dev_t* dev,
+ enum uart_pl011_wlen_t word_len,
+ enum uart_pl011_parity_t parity,
+ enum uart_pl011_stopbit_t stop_bits)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ bool uart_enabled = _uart_pl011_is_enabled(p_uart);
+
+ if(uart_pl011_get_state(dev) != UART_PL011_INITIALIZED) {
+ return UART_PL011_ERR_NOT_INIT;
+ }
+
+ /* UART must be disabled before any Control Register or
+ * Line Control Register are reprogrammed */
+ _uart_pl011_disable(p_uart);
+
+ _uart_pl011_set_format(p_uart, word_len, parity, stop_bits);
+
+ /* Enabling the UART if previously enabled */
+ if(uart_enabled) {
+ _uart_pl011_enable(p_uart);
+ }
+
+ return UART_PL011_ERR_NONE;
+}
+
+void uart_pl011_enable_fifo(struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ _uart_pl011_set_lcr_h_bit(p_uart, UART_PL011_UARTLCR_H_FEN_MASK);
+
+ return;
+}
+
+void uart_pl011_disable_fifo(struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ _uart_pl011_clear_lcr_h_bit(p_uart, UART_PL011_UARTLCR_H_FEN_MASK);
+
+ return;
+}
+
+void uart_pl011_enable_break(struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ _uart_pl011_set_lcr_h_bit(p_uart, UART_PL011_UARTLCR_H_BRK_MASK);
+
+ return;
+}
+
+void uart_pl011_disable_break(struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ _uart_pl011_clear_lcr_h_bit(p_uart, UART_PL011_UARTLCR_H_BRK_MASK);
+
+ return;
+}
+
+void uart_pl011_enable_cts_flowcontrol(struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ _uart_pl011_set_cr_bit(p_uart, UART_PL011_UARTCR_CTSE_MASK);
+
+ return;
+}
+
+void uart_pl011_disable_cts_flowcontrol(struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ _uart_pl011_clear_cr_bit(p_uart, UART_PL011_UARTCR_CTSE_MASK);
+
+ return;
+}
+
+void uart_pl011_enable_rts_flowcontrol(struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ _uart_pl011_set_cr_bit(p_uart, UART_PL011_UARTCR_RTSE_MASK);
+
+ return;
+}
+
+void uart_pl011_disable_rts_flowcontrol(struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ _uart_pl011_clear_cr_bit(p_uart, UART_PL011_UARTCR_RTSE_MASK);
+
+ return;
+}
+
+void uart_pl011_enable_ri(struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ _uart_pl011_set_cr_bit(p_uart, UART_PL011_UARTCR_OUT2_MASK);
+
+ return;
+}
+
+void uart_pl011_disable_ri(struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ _uart_pl011_clear_cr_bit(p_uart, UART_PL011_UARTCR_OUT2_MASK);
+
+ return;
+}
+
+void uart_pl011_enable_dcd(struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ _uart_pl011_set_cr_bit(p_uart, UART_PL011_UARTCR_OUT1_MASK);
+
+ return;
+}
+
+void uart_pl011_disable_dcd(struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ _uart_pl011_clear_cr_bit(p_uart, UART_PL011_UARTCR_OUT1_MASK);
+
+ return;
+}
+
+void uart_pl011_set_rts(struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ _uart_pl011_set_cr_bit(p_uart, UART_PL011_UARTCR_RTS_MASK);
+
+ return;
+}
+
+void uart_pl011_clear_rts(struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ _uart_pl011_clear_cr_bit(p_uart, UART_PL011_UARTCR_RTS_MASK);
+
+ return;
+}
+
+void uart_pl011_set_dtr(struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ _uart_pl011_set_cr_bit(p_uart, UART_PL011_UARTCR_DTR_MASK);
+
+ return;
+}
+
+void uart_pl011_clear_dtr(struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ _uart_pl011_clear_cr_bit(p_uart, UART_PL011_UARTCR_DTR_MASK);
+
+ return;
+}
+
+void uart_pl011_enable_receive(struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ _uart_pl011_set_cr_bit(p_uart, UART_PL011_UARTCR_RX_EN_MASK);
+
+ return;
+}
+
+void uart_pl011_disable_receive(struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ _uart_pl011_clear_cr_bit(p_uart, UART_PL011_UARTCR_RX_EN_MASK);
+
+ return;
+}
+
+void uart_pl011_enable_transmit(struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ _uart_pl011_set_cr_bit(p_uart, UART_PL011_UARTCR_TX_EN_MASK);
+
+ return;
+}
+
+void uart_pl011_disable_transmit(struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ _uart_pl011_clear_cr_bit(p_uart, UART_PL011_UARTCR_TX_EN_MASK);
+
+ return;
+}
+
+void uart_pl011_set_loopback(struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ _uart_pl011_set_cr_bit(p_uart, UART_PL011_UARTCR_LBE_MASK);
+
+ return;
+}
+
+void uart_pl011_clear_loopback(struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ _uart_pl011_clear_cr_bit(p_uart, UART_PL011_UARTCR_LBE_MASK);
+
+ return;
+}
+
+void uart_pl011_enable_sirlp(struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ _uart_pl011_set_cr_bit(p_uart,
+ UART_PL011_UARTCR_SIREN_MASK | UART_PL011_UARTCR_SIRLP_MASK);
+
+ return;
+}
+
+void uart_pl011_disable_sirlp(struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ _uart_pl011_clear_cr_bit(p_uart,
+ UART_PL011_UARTCR_SIREN_MASK | UART_PL011_UARTCR_SIRLP_MASK);
+
+ return;
+}
+
+void uart_pl011_enable_sir(struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ _uart_pl011_set_cr_bit(p_uart, UART_PL011_UARTCR_SIREN_MASK);
+
+ return;
+}
+
+void uart_pl011_disable_sir(struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ _uart_pl011_clear_cr_bit(p_uart, UART_PL011_UARTCR_SIREN_MASK);
+
+ return;
+}
+
+void uart_pl011_enable(struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ _uart_pl011_enable(p_uart);
+
+ return;
+}
+
+void uart_pl011_disable(struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ _uart_pl011_disable(p_uart);
+
+ return;
+}
+
+bool uart_pl011_get_cts_status(struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+ return (bool)(p_uart->uartfr & UART_PL011_UARTFR_CTS_MASK);
+
+}
+
+bool uart_pl011_get_dsr_status(struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+ return (bool)(p_uart->uartfr & UART_PL011_UARTFR_DSR_MASK);
+
+}
+
+bool uart_pl011_get_dcd_status(struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+ return (bool)(p_uart->uartfr & UART_PL011_UARTFR_DCD_MASK);
+
+}
+
+bool uart_pl011_get_ri_status(struct uart_pl011_dev_t* dev)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+ return (bool)(p_uart->uartfr & UART_PL011_UARTFR_RI_MASK);
+
+}
+
+enum uart_pl011_error_t uart_pl011_set_sirlp_divisor(
+ struct uart_pl011_dev_t* dev, uint32_t value)
+{
+ struct _uart_pl011_reg_map_t* p_uart =
+ (struct _uart_pl011_reg_map_t*)dev->cfg->base;
+
+ uint32_t irlp_baud16_clk;
+
+ if(uart_pl011_get_state(dev) != UART_PL011_INITIALIZED) {
+ return UART_PL011_ERR_NOT_INIT;
+ }
+
+ if(value == 0) {
+ return UART_PL011_ERR_INVALID_ARG;
+ }
+
+ irlp_baud16_clk = dev->data->uart_clk/value;
+
+ /* Chose the divisor so that 1.42MHz < FIrLPBaud16 < 2.12MHz, that
+ * results in a low-power pulse duration of 1.41–2.11μs (three times
+ * the period of IrLPBaud16). ARM DDI0183F Pg 3-9 */
+ if(irlp_baud16_clk < FREQ_IRLPBAUD16_MIN ||
+ irlp_baud16_clk > FREQ_IRLPBAUD16_MAX) {
+ return UART_PL011_ERR_INVALID_ARG;
+ }
+
+ p_uart->uartilpr = value;
+
+ return UART_PL011_ERR_NONE;
+}
diff --git a/platform/ext/target/arm/diphda/Native_Driver/uart_pl011_drv.h b/platform/ext/target/arm/diphda/Native_Driver/uart_pl011_drv.h
new file mode 100755
index 0000000..dcae737
--- /dev/null
+++ b/platform/ext/target/arm/diphda/Native_Driver/uart_pl011_drv.h
@@ -0,0 +1,852 @@
+/*
+ * Copyright (c) 2016-2018 Arm Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * \file uart_pl011_drv.h
+ * \brief Driver for ARM UART PL011.
+ */
+
+#ifndef __UART_PL011_DRV_H__
+#define __UART_PL011_DRV_H__
+
+#include <stdint.h>
+#include <stdbool.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief ARM UART PL011 state types
+ */
+enum uart_pl011_state_t {
+ UART_PL011_UNINITIALIZED = 0x0u,
+ UART_PL011_INITIALIZED = 0x1u,
+};
+
+#define UART_PL011_UARTRSR_FE_ERR_OFF 0x0u
+ /*!< Receive Status Register Frame Error bit field offset */
+#define UART_PL011_UARTRSR_PE_ERR_OFF 0x1u
+ /*!< Receive Status Register Parity Error bit field offset */
+#define UART_PL011_UARTRSR_BE_ERR_OFF 0x2u
+ /*!< Receive Status Register Break Error bit field offset */
+#define UART_PL011_UARTRSR_OE_ERR_OFF 0x3u
+ /*!< Receive Status Register Overrun Error bit field offset */
+
+#define UART_PL011_RX_ERR_MASK ( \
+ 0x1u<<UART_PL011_UARTRSR_FE_ERR_OFF \
+ | 0x1u<<UART_PL011_UARTRSR_PE_ERR_OFF \
+ | 0x1u<<UART_PL011_UARTRSR_BE_ERR_OFF \
+ | 0x1u<<UART_PL011_UARTRSR_OE_ERR_OFF)
+ /*!< Receive Status Register Error Mask */
+
+#define UART_PL011_UARTFR_CTS_OFF 0x0u
+ /*!< Flag Register Clear to send bit field offset */
+#define UART_PL011_UARTFR_DSR_OFF 0x1u
+ /*!< Flag Register Data set ready bit field offset */
+#define UART_PL011_UARTFR_DCD_OFF 0x2u
+ /*!< Flag Register Data carrier detect bit field offset */
+#define UART_PL011_UARTFR_BUSYBIT_OFF 0x3u
+ /*!< Flag Register Busy bit field offset */
+#define UART_PL011_UARTFR_RX_FIFO_EMPTY_OFF 0x4u
+ /*!< Flag Register Receive fifo empty bit field offset */
+#define UART_PL011_UARTFR_TX_FIFO_FULL_OFF 0x5u
+ /*!< Flag Register Transmit fifo full bit field offset */
+#define UART_PL011_UARTFR_RX_FIFO_FULL_OFF 0x6u
+ /*!< Flag Register Receive fifo full bit field offset */
+#define UART_PL011_UARTFR_TX_FIFO_EMPTY_OFF 0x7u
+ /*!< Flag Register Transmit fifo empty bit field offset */
+#define UART_PL011_UARTFR_RI_OFF 0x8u
+ /*!< Flag Register Ring indicator bit field offset */
+
+#define UART_PL011_UARTLCR_H_BRK_OFF 0x0u
+ /*!< Line Control Register Break bit field offset */
+#define UART_PL011_UARTLCR_H_PEN_OFF 0x1u
+ /*!< Line Control Register Parity enable bit field offset */
+#define UART_PL011_UARTLCR_H_EPS_OFF 0x2u
+ /*!< Line Control Register Even parity select bit field offset */
+#define UART_PL011_UARTLCR_H_STP2_OFF 0x3u
+ /*!< Line Control Register 2 stop bit select bit field offset */
+#define UART_PL011_UARTLCR_H_FEN_OFF 0x4u
+ /*!< Line Control Register Fifo enable bit field offset */
+#define UART_PL011_UARTLCR_H_WLEN_OFF 0x5u
+ /*!< Line Control Register Word length bit field offset */
+#define UART_PL011_UARTLCR_H_SPS_OFF 0x7u
+ /*!< Line Control Register Stick parity select bit field offset */
+
+/**
+ * \brief Allowed word length options UART PL011
+ */
+enum uart_pl011_wlen_t {
+ UART_PL011_WLEN_5 = (0x0u<<UART_PL011_UARTLCR_H_WLEN_OFF),
+ UART_PL011_WLEN_6 = (0x1u<<UART_PL011_UARTLCR_H_WLEN_OFF),
+ UART_PL011_WLEN_7 = (0x2u<<UART_PL011_UARTLCR_H_WLEN_OFF),
+ UART_PL011_WLEN_8 = (0x3u<<UART_PL011_UARTLCR_H_WLEN_OFF),
+};
+
+/**
+ * \brief Allowed parity options UART PL011
+ */
+enum uart_pl011_parity_t {
+ UART_PL011_PARITY_DISABLED = (0x0u<<UART_PL011_UARTLCR_H_PEN_OFF),
+ UART_PL011_PARITY_ODD = (0x1u<<UART_PL011_UARTLCR_H_PEN_OFF
+ | 0x0u<<UART_PL011_UARTLCR_H_EPS_OFF
+ | 0x0u<<UART_PL011_UARTLCR_H_SPS_OFF),
+ UART_PL011_PARITY_EVEN = (0x1u<<UART_PL011_UARTLCR_H_PEN_OFF
+ | 0x1u<<UART_PL011_UARTLCR_H_EPS_OFF
+ | 0x0u<<UART_PL011_UARTLCR_H_SPS_OFF),
+ UART_PL011_PARITY_STICKY_ONE= (0x1u<<UART_PL011_UARTLCR_H_PEN_OFF
+ | 0x0u<<UART_PL011_UARTLCR_H_EPS_OFF
+ | 0x1u<<UART_PL011_UARTLCR_H_SPS_OFF),
+ UART_PL011_PARITY_STICKY_ZERO= (0x1u<<UART_PL011_UARTLCR_H_PEN_OFF
+ | 0x1u<<UART_PL011_UARTLCR_H_EPS_OFF
+ | 0x1u<<UART_PL011_UARTLCR_H_SPS_OFF),
+};
+
+/**
+ * \brief Allowed stop bits options UART PL011
+ */
+enum uart_pl011_stopbit_t {
+ UART_PL011_STOPBIT_1 = (0x0u<<UART_PL011_UARTLCR_H_STP2_OFF),
+ UART_PL011_STOPBIT_2 = (0x1u<<UART_PL011_UARTLCR_H_STP2_OFF),
+};
+
+#define UART_PL011_UARTCR_UARTEN_OFF 0x0u
+ /*!< Control Register Uart enable bit field offset */
+#define UART_PL011_UARTCR_SIREN_OFF 0x1u
+ /*!< Control Register Sir enable bit field offset */
+#define UART_PL011_UARTCR_SIRLP_OFF 0x2u
+ /*!< Control Register Sir low power bit field offset */
+#define UART_PL011_UARTCR_LBE_OFF 0x7u
+ /*!< Control Register Loop back enable bit field offset */
+#define UART_PL011_UARTCR_TXE_OFF 0x8u
+ /*!< Control Register Transmit enable bit field offset */
+#define UART_PL011_UARTCR_RXE_OFF 0x9u
+ /*!< Control Register Receive enable bit field offset */
+#define UART_PL011_UARTCR_DTR_OFF 0xAu
+ /*!< Control Register Data transmit ready bit field offset */
+#define UART_PL011_UARTCR_RTS_OFF 0xBu
+ /*!< Control Register Request to send bit field offset */
+#define UART_PL011_UARTCR_OUT1_OFF 0xCu
+ /*!< Control Register Out1 bit field offset */
+#define UART_PL011_UARTCR_OUT2_OFF 0xDu
+ /*!< Control Register Out2 bit field offset */
+#define UART_PL011_UARTCR_RTSE_OFF 0xEu
+ /*!< Control Register RTS hardware flow control enable bit field offset */
+#define UART_PL011_UARTCR_CTSE_OFF 0xFu
+ /*!< Control Register CTS hardware flow control enable bit field offset */
+
+#define UART_PL011_UARTIFLS_TX_OFF 0x0u
+ /*!< Interrupt FIFO Level Select Register Transmit bit field offset */
+#define UART_PL011_UARTIFLS_RX_OFF 0x3u
+ /*!< Interrupt FIFO Level Select Register Receive bit field offset */
+
+/**
+ * \brief UART Receive fifo levels
+ */
+enum uart_pl011_rx_fifo_lvl_t {
+ UART_PL011_RX_FIFO_LVL_1_8 = (0x0u<<UART_PL011_UARTIFLS_RX_OFF),
+ UART_PL011_RX_FIFO_LVL_1_4 = (0x1u<<UART_PL011_UARTIFLS_RX_OFF),
+ UART_PL011_RX_FIFO_LVL_1_2 = (0x2u<<UART_PL011_UARTIFLS_RX_OFF),
+ UART_PL011_RX_FIFO_LVL_3_4 = (0x3u<<UART_PL011_UARTIFLS_RX_OFF),
+ UART_PL011_RX_FIFO_LVL_7_8 = (0x4u<<UART_PL011_UARTIFLS_RX_OFF),
+};
+
+/**
+ * \brief UART Transmit fifo levels
+ */
+enum uart_pl011_tx_fifo_lvl_t {
+ UART_PL011_TX_FIFO_LVL_1_8 = (0x0u<<UART_PL011_UARTIFLS_TX_OFF),
+ UART_PL011_TX_FIFO_LVL_1_4 = (0x1u<<UART_PL011_UARTIFLS_TX_OFF),
+ UART_PL011_TX_FIFO_LVL_1_2 = (0x2u<<UART_PL011_UARTIFLS_TX_OFF),
+ UART_PL011_TX_FIFO_LVL_3_4 = (0x3u<<UART_PL011_UARTIFLS_TX_OFF),
+ UART_PL011_TX_FIFO_LVL_7_8 = (0x4u<<UART_PL011_UARTIFLS_TX_OFF),
+};
+
+#define UART_PL011_UARTDMACR_RXEN_OFF 0x0u
+ /*!< DMA Control Register Receive DMA enable bit field offset */
+#define UART_PL011_UARTDMACR_TXEN_OFF 0x1u
+ /*!< DMA Control Register Transmit DMA enable bit field offset */
+#define UART_PL011_UARTDMACR_ON_ERR_OFF 0x2u
+ /*!< DMA Control Register DMA on error bit field offset */
+
+/**
+ * \brief Transmit DMA Enable
+ */
+enum uart_pl011_tx_dma_t {
+ UART_PL011_TX_DMA_DISABLE = (0x0u<<UART_PL011_UARTDMACR_TXEN_OFF),
+ UART_PL011_TX_DMA_ENABLE = (0x1u<<UART_PL011_UARTDMACR_TXEN_OFF),
+};
+
+/**
+ * \brief Receive DMA Enable
+ */
+enum uart_pl011_rx_dma_t {
+ UART_PL011_RX_DMA_DISABLE = (0x0u<<UART_PL011_UARTDMACR_RXEN_OFF),
+ UART_PL011_RX_DMA_ENABLE = (0x1u<<UART_PL011_UARTDMACR_RXEN_OFF),
+ UART_PL011_RX_DMA_ON_ERR_EN= (0x1u<<UART_PL011_UARTDMACR_RXEN_OFF
+ | 0x1u<<UART_PL011_UARTDMACR_ON_ERR_OFF),
+};
+
+#define UART_PL011_INTR_RI_OFF 0x0u
+ /*!< Ring indicator interrupt bit field offset */
+#define UART_PL011_INTR_CTS_OFF 0x1u
+ /*!< Clear to send interrupt bit field offset */
+#define UART_PL011_INTR_DCD_OFF 0x2u
+ /*!< Data carrier detect interrupt bit field offset */
+#define UART_PL011_INTR_DSR_OFF 0x3u
+ /*!< Data set ready interrupt bit field offset */
+#define UART_PL011_INTR_RX_OFF 0x4u
+ /*!< Receive interrupt bit field offset */
+#define UART_PL011_INTR_TX_OFF 0x5u
+ /*!< Transmit interrupt bit field offset */
+#define UART_PL011_INTR_RT_OFF 0x6u
+ /*!< Receive timeout interrupt bit field offset */
+#define UART_PL011_INTR_FE_OFF 0x7u
+ /*!< Frame error interrupt bit field offset */
+#define UART_PL011_INTR_PE_OFF 0x8u
+ /*!< Parity error interrupt bit field offset */
+#define UART_PL011_INTR_BE_OFF 0x9u
+ /*!< Break error interrupt bit field offset */
+#define UART_PL011_INTR_OE_OFF 0xAu
+ /*!< Overrun error interrupt bit field offset */
+
+/**
+ * \brief ARM UART PL011 Interrupt data structure
+ */
+enum uart_pl011_intr_t {
+ UART_PL011_RI_INTR_MASK = (0x1u<<UART_PL011_INTR_RI_OFF),
+ UART_PL011_CTS_INTR_MASK = (0x1u<<UART_PL011_INTR_CTS_OFF),
+ UART_PL011_DCD_INTR_MASK = (0x1u<<UART_PL011_INTR_DCD_OFF),
+ UART_PL011_DSR_INTR_MASK = (0x1u<<UART_PL011_INTR_DSR_OFF),
+ UART_PL011_RX_INTR_MASK = (0x1u<<UART_PL011_INTR_RX_OFF),
+ UART_PL011_TX_INTR_MASK = (0x1u<<UART_PL011_INTR_TX_OFF),
+ UART_PL011_RT_INTR_MASK = (0x1u<<UART_PL011_INTR_RT_OFF),
+ UART_PL011_FE_INTR_MASK = (0x1u<<UART_PL011_INTR_FE_OFF),
+ UART_PL011_PE_INTR_MASK = (0x1u<<UART_PL011_INTR_PE_OFF),
+ UART_PL011_BE_INTR_MASK = (0x1u<<UART_PL011_INTR_BE_OFF),
+ UART_PL011_OE_INTR_MASK = (0x1u<<UART_PL011_INTR_OE_OFF),
+};
+
+/**
+ * \brief ARM UART PL011 error enumeration types
+ */
+enum uart_pl011_error_t {
+ UART_PL011_ERR_NONE = (0x0u),
+ UART_PL011_ERR_RX_FRAME = (0x1u<<UART_PL011_UARTRSR_FE_ERR_OFF),
+ UART_PL011_ERR_RX_PARITY = (0x1u<<UART_PL011_UARTRSR_PE_ERR_OFF),
+ UART_PL011_ERR_RX_BREAK = (0x1u<<UART_PL011_UARTRSR_BE_ERR_OFF),
+ UART_PL011_ERR_RX_OVERFLOW = (0x1u<<UART_PL011_UARTRSR_OE_ERR_OFF),
+ UART_PL011_ERR_INVALID_ARG = (UART_PL011_RX_ERR_MASK + 1),
+ UART_PL011_ERR_NOT_READY,
+ UART_PL011_ERR_INVALID_BAUD,
+ UART_PL011_ERR_NOT_INIT,
+};
+
+/**
+ * \brief ARM UART PL011 device configuration structure
+ */
+struct uart_pl011_dev_cfg_t {
+ const uint32_t base; /*!< UART PL011 base address */
+ const uint32_t def_baudrate; /*!< Default baudrate */
+ const enum uart_pl011_wlen_t def_wlen; /*!< Default word length */
+ const enum uart_pl011_parity_t def_parity; /*!< Default parity */
+ const enum uart_pl011_stopbit_t def_stopbit; /*!< Default stop bits */
+};
+
+/**
+ * \brief ARM UART PL011 device data structure
+ */
+struct uart_pl011_dev_data_t {
+ enum uart_pl011_state_t state; /*!< UART State */
+ uint32_t uart_clk; /*!< UART clock */
+ uint32_t baudrate; /*!< Baudrate */
+};
+
+/**
+ * \brief ARM UART PL011 device structure
+ */
+struct uart_pl011_dev_t {
+ const struct uart_pl011_dev_cfg_t* const cfg;
+ /*!< UART PL011 configuration */
+ struct uart_pl011_dev_data_t* const data;
+ /*!< UART PL011 data */
+};
+
+/**
+ * \brief Initializes UART PL011.
+ *
+ * \param[in] dev UART PL011 device struct \ref uart_pl011_dev_t
+ * \param[in] uart_clk UART clock used by the device.
+ *
+ * It uses the default baudrate to configure UART.
+ *
+ * \return Returns error code as specified in \ref uart_pl011_error_t
+ *
+ * \note This API should be called before calling any of the below UART APIs.
+ * \note This function doesn't check if dev is NULL.
+ */
+enum uart_pl011_error_t uart_pl011_init(struct uart_pl011_dev_t* dev,
+ uint32_t uart_clk);
+
+/**
+ * \brief Uninitializes UART PL011.
+ *
+ * \param[in] dev UART PL011 device struct \ref uart_pl011_dev_t
+ *
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+void uart_pl011_uninit(struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Returns the UART PL011 operational state.
+ *
+ * \param[in] dev UART PL011 device struct \ref uart_pl011_dev_t
+ *
+ * \return Returns the UART operational state
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+enum uart_pl011_state_t uart_pl011_get_state(struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Sets the UART baudrate.
+ *
+ * \param[in] dev UART device struct \ref uart_pl011_dev_t
+ * \param[in] baudrate New baudrate.
+ *
+ * \return Returns error code as specified in \ref uart_pl011_error_t
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+enum uart_pl011_error_t uart_pl011_set_baudrate(
+ struct uart_pl011_dev_t* dev, uint32_t baudrate);
+
+/**
+ * \brief Gets the UART baudrate.
+ *
+ * \param[in] dev UART device struct \ref uart_pl011_dev_t
+ *
+ * \return Returns the UART baudrate.
+ *
+ * \note The UART should be in valid state before calling this API
+ * \ref uart_pl011_get_state should return UART_PL011_INITIALIZED
+ * \note This function doesn't check if dev is NULL.
+ */
+uint32_t uart_pl011_get_baudrate(struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Enables UART interrupts
+ *
+ * \param[in] dev UART device struct \ref uart_pl011_dev_t
+ * \param[in] mask Bit mask for enabling/disabling interrupts
+ * \ref uart_pl011_intr_t
+ *
+ * \note User is responsible to configure the interrupt vector and
+ * the interrupt controller.
+ * \note This function doesn't check if dev is NULL.
+ */
+void uart_pl011_enable_intr(struct uart_pl011_dev_t* dev,
+ enum uart_pl011_intr_t mask);
+
+/**
+ * \brief Disables UART interrupts
+ *
+ * \param[in] dev UART device struct \ref uart_pl011_dev_t
+ * \param[in] mask Bit mask for enabling/disabling interrupts
+ * \ref uart_pl011_intr_t
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+void uart_pl011_disable_intr(struct uart_pl011_dev_t* dev,
+ enum uart_pl011_intr_t mask);
+
+/**
+ * \brief Clears UART Interrupt
+ *
+ * \param[in] dev UART device struct \ref uart_pl011_dev_t
+ * \param[in] mask Bit mask for clearing interrupts \ref uart_pl011_intr_t
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+void uart_pl011_clear_intr(struct uart_pl011_dev_t* dev,
+ enum uart_pl011_intr_t mask);
+
+/**
+ * \brief Returns the UART Masked interrupt status
+ *
+ * \param[in] dev UART device struct \ref uart_pl011_dev_t
+ *
+ * \return Masked interrupt status \ref uart_pl011_intr_t
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+enum uart_pl011_intr_t uart_pl011_get_masked_intr_status(
+ struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Returns the UART Raw interrupt status
+ *
+ * \param[in] dev UART device struct \ref uart_pl011_dev_t
+ *
+ * \return Raw interrupt status \ref uart_pl011_intr_t
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+enum uart_pl011_intr_t uart_pl011_get_raw_intr_status(
+ struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Sets receive fifo levels
+ *
+ * \param[in] dev UART device struct \ref uart_pl011_dev_t
+ * \param[in] rx_lvl Receive fifo levels \ref uart_pl011_rx_fifo_lvl_t
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+void uart_pl011_set_rx_fifo_lvl(struct uart_pl011_dev_t* dev,
+ enum uart_pl011_rx_fifo_lvl_t rx_lvl);
+
+/**
+ * \brief Sets transmit fifo levels
+ *
+ * \param[in] dev UART device struct \ref uart_pl011_dev_t
+ * \param[in] tx_lvl Transmit fifo levels \ref uart_pl011_tx_fifo_lvl_t
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+void uart_pl011_set_tx_fifo_lvl(struct uart_pl011_dev_t* dev,
+ enum uart_pl011_tx_fifo_lvl_t tx_lvl);
+
+/**
+ * \brief Enables/Disables transmit UART DMA
+ *
+ * \param[in] dev UART device struct \ref uart_pl011_dev_t
+ * \param[in] enable To enable/disable the UART transmit DMA
+ * \ref uart_pl011_tx_dma_t
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+void uart_pl011_set_tx_dma(struct uart_pl011_dev_t* dev,
+ enum uart_pl011_tx_dma_t enable);
+
+/**
+ * \brief Enables/Disables receive UART DMA
+ *
+ * \param[in] dev UART device struct \ref uart_pl011_dev_t
+ * \param[in] enable To enable/disable the UART receive DMA
+ * \ref uart_pl011_rx_dma_t
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+void uart_pl011_set_rx_dma(struct uart_pl011_dev_t* dev,
+ enum uart_pl011_rx_dma_t enable);
+
+/**
+ * \brief Check if the UART dev is readable
+ *
+ * \param[in] dev UART device struct \ref uart_pl011_dev_t
+ *
+ * \return Returns bool, true if UART is readable, false otherwise
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+bool uart_pl011_is_readable(struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Reads one byte from UART dev.
+ *
+ * \param[in] dev UART device struct \ref uart_pl011_dev_t
+ * \param[out] byte Pointer to byte that is populated with the data to be read
+ *
+ * \return Error status (if any) as specified in
+ * \ref uart_pl011_error_t
+ *
+ * \note This API should only be called when the device is readable
+ * \ref uart_pl011_is_readable
+ * \note For better performance, this function doesn't check if dev and byte
+ * pointer are NULL, and if the driver is initialized.
+ */
+enum uart_pl011_error_t uart_pl011_read(struct uart_pl011_dev_t* dev,
+ uint8_t* byte);
+
+/**
+ * \brief Check if the UART dev is writable
+ *
+ * \param[in] dev UART device struct \ref uart_pl011_dev_t
+ *
+ * \return Returns bool, true if UART is writable, false otherwise
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+bool uart_pl011_is_writable(struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Writes a byte to UART dev.
+ *
+ * \param[in] dev UART device struct \ref uart_pl011_dev_t
+ * \param[in] byte One byte to write.
+ *
+ * \note This API should only be called when the device is writable
+ * \ref uart_pl011_is_writable
+ * \note For better performance, this function doesn't check if dev is NULL and
+ * if the driver is initialized to have better performance.
+ */
+void uart_pl011_write(struct uart_pl011_dev_t* dev, uint8_t byte);
+
+/**
+ * \brief Sets the UART format.
+ *
+ * \param[in] dev UART device struct \ref uart_pl011_dev_t
+ * \param[in] word_len UART word length \ref uart_pl011_wlen_t
+ * \param[in] parity UART parity \ref uart_pl011_parity_t
+ * \param[in] stop_bits UART stop bits \ref uart_pl011_stopbit_t
+ *
+ * \return Returns error code as specified in \ref uart_pl011_error_t
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+enum uart_pl011_error_t uart_pl011_set_format(struct uart_pl011_dev_t* dev,
+ enum uart_pl011_wlen_t word_len,
+ enum uart_pl011_parity_t parity,
+ enum uart_pl011_stopbit_t stop_bits);
+
+/**
+ * \brief Enables the UART fifo.
+ *
+ * \param[in] dev UART device struct \ref uart_pl011_dev_t
+ *
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+void uart_pl011_enable_fifo(struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Disables the UART fifo.
+ *
+ * \param[in] dev UART device struct \ref uart_pl011_dev_t
+ *
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+void uart_pl011_disable_fifo(struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Enables break transmission from UART dev.
+ *
+ * \param[in] dev UART device struct \ref uart_pl011_dev_t
+ *
+ * \note For better performance, this function doesn't check if dev is NULL and
+ * if the driver is initialized to have better performance.
+ */
+void uart_pl011_enable_break(struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Disables break transmission from UART dev.
+ *
+ * \param[in] dev UART device struct \ref uart_pl011_dev_t
+ *
+ * \note For better performance, this function doesn't check if dev is NULL and
+ * if the driver is initialized to have better performance.
+ */
+void uart_pl011_disable_break(struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Enables CTS flow control in UART PL011
+ *
+ * \param[in] dev UART PL011 device struct \ref uart_pl011_dev_t
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+void uart_pl011_enable_cts_flowcontrol(struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Disables CTS flow control in UART PL011.
+ *
+ * \param[in] dev UART PL011 device struct \ref uart_pl011_dev_t
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+void uart_pl011_disable_cts_flowcontrol(struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Enables RTS flow control in UART PL011
+ *
+ * \param[in] dev UART PL011 device struct \ref uart_pl011_dev_t
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+void uart_pl011_enable_rts_flowcontrol(struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Disables RTS flow control in UART PL011.
+ *
+ * \param[in] dev UART PL011 device struct \ref uart_pl011_dev_t
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+void uart_pl011_disable_rts_flowcontrol(struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Enables Data carrier detect in UART PL011
+ *
+ * \param[in] dev UART PL011 device struct \ref uart_pl011_dev_t
+ *
+ * \note For DTE nUARTOut1 can be used as Data carrier detect (DCD).
+ * \note This function doesn't check if dev is NULL.
+ */
+void uart_pl011_enable_dcd(struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Disables Data carrier detect in UART PL011.
+ *
+ * \param[in] dev UART PL011 device struct \ref uart_pl011_dev_t
+ *
+ * \note For DTE nUARTOut1 can be used as Data carrier detect (DCD).
+ * \note This function doesn't check if dev is NULL.
+ */
+void uart_pl011_disable_dcd(struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Enables RTS signal for UART dev.
+ *
+ * \param[in] dev UART device struct \ref uart_pl011_dev_t
+ *
+ * \note For better performance, this function doesn't check if dev is NULL and
+ * if the driver is initialized to have better performance.
+ */
+void uart_pl011_set_rts(struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Disables RTS signal for UART dev.
+ *
+ * \param[in] dev UART device struct \ref uart_pl011_dev_t
+ *
+ * \note For better performance, this function doesn't check if dev is NULL and
+ * if the driver is initialized to have better performance.
+ */
+void uart_pl011_clear_rts(struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Enables DTR signal for UART dev.
+ *
+ * \param[in] dev UART device struct \ref uart_pl011_dev_t
+ *
+ * \note For better performance, this function doesn't check if dev is NULL and
+ * if the driver is initialized to have better performance.
+ */
+void uart_pl011_set_dtr(struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Disables DTR signal for UART dev.
+ *
+ * \param[in] dev UART device struct \ref uart_pl011_dev_t
+ *
+ * \note For better performance, this function doesn't check if dev is NULL and
+ * if the driver is initialized to have better performance.
+ */
+void uart_pl011_clear_dtr(struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Enables reception in UART PL011.
+ *
+ * \param[in] dev UART PL011 device struct \ref uart_pl011_dev_t
+ *
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+void uart_pl011_enable_receive(struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Disables reception in UART PL011.
+ *
+ * \param[in] dev UART PL011 device struct \ref uart_pl011_dev_t
+ *
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+void uart_pl011_disable_receive(struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Enables transmission in UART PL011.
+ *
+ * \param[in] dev UART PL011 device struct \ref uart_pl011_dev_t
+ *
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+void uart_pl011_enable_transmit(struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Disables transmission in UART PL011.
+ *
+ * \param[in] dev UART PL011 device struct \ref uart_pl011_dev_t
+ *
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+void uart_pl011_disable_transmit(struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Enables loopback in UART dev.
+ *
+ * \param[in] dev UART device struct \ref uart_pl011_dev_t
+ *
+ * \note For better performance, this function doesn't check if dev is NULL and
+ * if the driver is initialized to have better performance.
+ */
+void uart_pl011_set_loopback(struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Disables loopback in UART dev.
+ *
+ * \param[in] dev UART device struct \ref uart_pl011_dev_t
+ *
+ * \note For better performance, this function doesn't check if dev is NULL and
+ * if the driver is initialized to have better performance.
+ */
+void uart_pl011_clear_loopback(struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Enables IrDA Sir low power mode in UART dev.
+ *
+ * \param[in] dev UART device struct \ref uart_pl011_dev_t
+ *
+ * \note For better performance, this function doesn't check if dev is NULL and
+ * if the driver is initialized to have better performance.
+ */
+void uart_pl011_enable_sirlp(struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Disables IrDA Sir in UART dev.
+ *
+ * \param[in] dev UART device struct \ref uart_pl011_dev_t
+ *
+ * \note For better performance, this function doesn't check if dev is NULL and
+ * if the driver is initialized to have better performance.
+ */
+void uart_pl011_disable_sirlp(struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Enables IrDA Sir in UART dev.
+ *
+ * \param[in] dev UART device struct \ref uart_pl011_dev_t
+ *
+ * \note For better performance, this function doesn't check if dev is NULL and
+ * if the driver is initialized to have better performance.
+ */
+void uart_pl011_enable_sir(struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Disables IrDA Sir in UART dev.
+ *
+ * \param[in] dev UART device struct \ref uart_pl011_dev_t
+ *
+ * \note For better performance, this function doesn't check if dev is NULL and
+ * if the driver is initialized to have better performance.
+ */
+void uart_pl011_disable_sir(struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Enables in UART PL011.
+ *
+ * \param[in] dev UART PL011 device struct \ref uart_pl011_dev_t
+ *
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+void uart_pl011_enable(struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Disables in UART PL011.
+ *
+ * \param[in] dev UART PL011 device struct \ref uart_pl011_dev_t
+ *
+ *
+ * \note This function doesn't check if dev is NULL.
+ */
+void uart_pl011_disable(struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Gets the Clear to send status in UART PL011.
+ *
+ * \param[in] dev UART PL011 device struct \ref uart_pl011_dev_t
+ *
+ * \return Returns bool, true when the modem status input is 0, false otherwise
+ *
+ * \note This bit is the complement of the UART clear to send (nUARTCTS) modem
+ * status input.
+ * \note This function doesn't check if dev is NULL.
+ */
+bool uart_pl011_get_cts_status(struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Gets the Data set ready status in UART PL011.
+ *
+ * \param[in] dev UART PL011 device struct \ref uart_pl011_dev_t
+ *
+ * \return Returns bool, true when the modem status input is 0, false otherwise
+ *
+ * \note This bit is the complement of the UART UART data set ready (nUARTDSR)
+ * modem status input.
+ * \note This function doesn't check if dev is NULL.
+ */
+bool uart_pl011_get_dsr_status(struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Gets the Data carrier detect status in UART PL011.
+ *
+ * \param[in] dev UART PL011 device struct \ref uart_pl011_dev_t
+ *
+ * \return Returns bool, true when the modem status input is 0, false otherwise
+ *
+ * \note This bit is the complement of the UART data carrier detect (nUARTDCD)
+ * modem status input.
+ * \note This function doesn't check if dev is NULL.
+ */
+bool uart_pl011_get_dcd_status(struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Gets the Ring indicator status in UART PL011.
+ *
+ * \param[in] dev UART PL011 device struct \ref uart_pl011_dev_t
+ *
+ * \return Returns bool, true when the modem status input is 0, false otherwise
+ *
+ * \note This bit is the complement of the UART ring indicator (nUARTRI) modem
+ * status input.
+ * \note This function doesn't check if dev is NULL.
+ */
+bool uart_pl011_get_ri_status(struct uart_pl011_dev_t* dev);
+
+/**
+ * \brief Sets the Low power Divisor in UART dev.
+ *
+ * \param[in] dev UART device struct \ref uart_pl011_dev_t
+ * \param[in] value Low power divisor value to be set
+ *
+ * \return Returns error code as specified in \ref uart_pl011_error_t
+ *
+ * \note For better performance, this function doesn't check if dev is NULL
+ */
+enum uart_pl011_error_t uart_pl011_set_sirlp_divisor(
+ struct uart_pl011_dev_t* dev, uint32_t value);
+
+#ifdef __cplusplus
+}
+#endif
+#endif /* __UART_PL011_DRV_H__ */
diff --git a/platform/ext/target/arm/diphda/Native_Driver/xilinx_pg153_axi_qspi_controller_drv.c b/platform/ext/target/arm/diphda/Native_Driver/xilinx_pg153_axi_qspi_controller_drv.c
new file mode 100644
index 0000000..f052d7d
--- /dev/null
+++ b/platform/ext/target/arm/diphda/Native_Driver/xilinx_pg153_axi_qspi_controller_drv.c
@@ -0,0 +1,183 @@
+/*
+ *
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "xilinx_pg153_axi_qspi_controller_drv.h"
+
+static void WRITE_REGISTER(uint32_t base, uint32_t offset, uint32_t val)
+{
+ *((volatile unsigned int*)(base + offset)) = val;
+}
+
+/* QSPI controller registers */
+typedef struct qspi_controller_registers {
+ uint8_t space_1[28];
+ uint32_t dgier; /* 0x1C: Global interrupt enable */
+ uint32_t ipisr; /* 0x20: Interrupt status */
+ uint8_t space_2[4];
+ uint32_t ipier; /* 0x28: Interrupt enable */
+ uint8_t space_3[20];
+ uint32_t srr; /* 0x40: Software reset register */
+ uint8_t space_4[28];
+ uint32_t spi_cr; /* 0x60: SPI control */
+ uint32_t spi_sr; /* 0x64: SPI status */
+ uint32_t spi_dtr; /* 0x68: SPI TX FIFO data */
+ uint32_t spi_drr; /* 0x6C: SPI RX FIFO data */
+ uint32_t spi_ssr; /* 0x70: SPI slave select */
+ uint32_t spi_txf; /* 0x74: SPI TX FIFO occupancy */
+ uint32_t spi_rxf; /* 0x78: SPI RX FIFO occupancy */
+} qspi_controller_registers_t;
+
+#define MODE_REG_OFFSET 0x08 /* Change controller mode */
+
+/* SCC register control */
+#define XIPMODE 0x00 /* XIP controller mode */
+#define QSPIMODE 0x01 /* QSPI controller mode */
+
+/* SPI Software Reset Register value. */
+#define SRR_RESET_VALUE 0x0000000A
+
+/* SPI Control Register (CR) Masks */
+#define CR_ENABLE_MASK 0x00000002 /* System enable */
+#define CR_CTRL_MODE_MASK 0x00000004 /* Enable controlling mode */
+#define CR_TXFIFO_RESET_MASK 0x00000020 /* Reset transmit FIFO */
+#define CR_RXFIFO_RESET_MASK 0x00000040 /* Reset receive FIFO */
+#define CR_TRANS_INHIBIT_MASK 0x00000100 /* Transaction inhibit */
+
+#define ENABLE_IER 0x00000004 /* Enable IER */
+#define DISABLE_GLOBAL_ITR 0x00000000 /* Disable Global Interrupt */
+
+#define INTR_TX_EMPTY_MASK 0x00000004 /* DTR/TxFIFO is empty */
+#define SR_RX_EMPTY_MASK 0x00000001 /* Receive Reg/FIFO is empty */
+
+#define SLAVE_SELECT_MASK 0x00000000
+#define SLAVE_DESELECT_MASK 0xFFFFFFFF
+#define PAGE_SIZE 256
+
+enum axi_qspi_error_t spi_transfer_and_receive(struct axi_qspi_dev_t* dev,
+ uint8_t *send_buffer, uint8_t *rcv_buffer, int bytes)
+{
+ uint32_t control_reg;
+ uint8_t rcv_data;
+ int j = 0;
+ volatile qspi_controller_registers_t *ctrl_regs =
+ (qspi_controller_registers_t*)dev->cfg->base;
+
+ if (!dev->is_initialized) {
+ SPI_FLASH_LOG_MSG("%s: not initialized\n\r", __func__);
+ return AXI_QSPI_ERR_NOT_INITIALIZED;
+ }
+
+ /* FIFO depth is assumed to be PAGE_SIZE */
+ /* Max PAGE bytes */
+ if ((bytes == 0) || (bytes > PAGE_SIZE)) {
+ return AXI_QSPI_ERR_WRONG_ARGUMENT;
+ }
+
+ control_reg = ctrl_regs->spi_cr;
+ /* Reset fifo and set controlling mode */
+ control_reg |= CR_TXFIFO_RESET_MASK | CR_RXFIFO_RESET_MASK |
+ CR_ENABLE_MASK | CR_CTRL_MODE_MASK;
+ /* Transaction disable */
+ control_reg |= CR_TRANS_INHIBIT_MASK;
+ ctrl_regs->spi_cr = control_reg;
+
+ /* Write to Data Transmit Register */
+ /* Even in case of read, there is a need to write dummy data to
+ DTR for read to take place. */
+ for (int i = 0; i < bytes; i++) {
+ ctrl_regs->spi_dtr = send_buffer[i];
+ }
+
+ /* Slave selected */
+ ctrl_regs->spi_ssr = SLAVE_SELECT_MASK;
+
+ /* Start the transaction by no longer inhibiting the controller */
+ control_reg = ctrl_regs->spi_cr;
+ control_reg &= ~CR_TRANS_INHIBIT_MASK;
+ ctrl_regs->spi_cr = control_reg;
+
+ /* Polling starts */
+ /* Wait for TX FIFO empty */
+ while (!(ctrl_regs->ipisr & INTR_TX_EMPTY_MASK));
+
+ /* Clear TX Empty interrupt */
+ ctrl_regs->ipisr = INTR_TX_EMPTY_MASK;
+
+ /* Slave de-select */
+ ctrl_regs->spi_ssr = SLAVE_DESELECT_MASK;
+
+ /* Loop to read the received data */
+ while ((ctrl_regs->spi_sr & SR_RX_EMPTY_MASK) == 0)
+ {
+ rcv_data = ctrl_regs->spi_drr & 0xFF;
+ if (rcv_buffer) {
+ rcv_buffer[j++] = rcv_data;
+ }
+ }
+
+ return AXI_QSPI_ERR_NONE;
+}
+
+
+/**
+ * Enable the QSPI controller.
+ */
+enum axi_qspi_error_t axi_qspi_initialize(struct axi_qspi_dev_t* dev)
+{
+ volatile qspi_controller_registers_t *ctrl_regs =
+ (qspi_controller_registers_t*)dev->cfg->base;
+
+ if (dev->is_initialized) {
+ SPI_FLASH_LOG_MSG("%s: already initialized\n\r", __func__);
+ return AXI_QSPI_ERR_NONE;
+ }
+
+ /* Switch to QSPI Controller */
+ WRITE_REGISTER(dev->cfg->scc_base, MODE_REG_OFFSET, QSPIMODE);
+
+ /* Reset controller */
+ ctrl_regs->srr = SRR_RESET_VALUE;
+
+ /* Enable IER */
+ ctrl_regs->ipier = ENABLE_IER;
+ /* Disable Global Interrupts */
+ ctrl_regs->dgier = DISABLE_GLOBAL_ITR;
+
+ SPI_FLASH_LOG_MSG("%s %s %s QSPI Controller is initialized.\n\r",
+ __func__, __DATE__, __TIME__);
+
+ dev->is_initialized = true;
+ return AXI_QSPI_ERR_NONE;
+}
+
+enum axi_qspi_error_t select_xip_mode(struct axi_qspi_dev_t* dev)
+{
+ if (!dev->is_initialized) {
+ return AXI_QSPI_ERR_NOT_INITIALIZED;
+ }
+
+ /* Switch to XIP Controller */
+ WRITE_REGISTER(dev->cfg->scc_base, MODE_REG_OFFSET, XIPMODE);
+
+ return AXI_QSPI_ERR_NONE;
+}
+
+enum axi_qspi_error_t select_qspi_mode(struct axi_qspi_dev_t* dev)
+{
+ if (!dev->is_initialized) {
+ SPI_FLASH_LOG_MSG("%s: not initialized\n\r", __func__);
+ return AXI_QSPI_ERR_NOT_INITIALIZED;
+ }
+
+ /* Switch to XIP Controller */
+ WRITE_REGISTER(dev->cfg->scc_base, MODE_REG_OFFSET, QSPIMODE);
+ SPI_FLASH_LOG_MSG("Selecting QSPI flash controller.\n\r");
+
+ return AXI_QSPI_ERR_NONE;
+}
+
diff --git a/platform/ext/target/arm/diphda/Native_Driver/xilinx_pg153_axi_qspi_controller_drv.h b/platform/ext/target/arm/diphda/Native_Driver/xilinx_pg153_axi_qspi_controller_drv.h
new file mode 100644
index 0000000..7385bad
--- /dev/null
+++ b/platform/ext/target/arm/diphda/Native_Driver/xilinx_pg153_axi_qspi_controller_drv.h
@@ -0,0 +1,79 @@
+/*
+ *
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef AXI_QSPI_CONTROLLER_DRV_H
+#define AXI_QSPI_CONTROLLER_DRV_H
+
+#include <stdbool.h>
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Set 1 to enable debug messages */
+#define DEBUG_SPI_FLASH 0
+
+#include <stdio.h>
+#if (DEBUG_SPI_FLASH == 1)
+ #define SPI_FLASH_LOG_MSG(f_, ...) printf((f_), ##__VA_ARGS__)
+#else
+ #define SPI_FLASH_LOG_MSG(f_, ...)
+#endif
+
+/**
+ * \brief AXI QSPI error enumeration types
+ */
+enum axi_qspi_error_t {
+ AXI_QSPI_ERR_NONE,
+ AXI_QSPI_ERR_WRONG_ARGUMENT,
+ AXI_QSPI_ERR_NOT_INITIALIZED
+};
+
+/**
+ * \brief AXI QSPI device configuration structure
+ */
+struct axi_qspi_dev_cfg_t {
+ const uint32_t base; /*!< AXI QSPI base address */
+ const uint32_t scc_base; /*!< SCC base address */
+};
+
+/**
+ * \brief AXI QSPI controller device structure
+ */
+struct axi_qspi_dev_t {
+ const struct axi_qspi_dev_cfg_t* const cfg;
+ bool is_initialized;
+};
+
+/**
+ * Reset the QSPI controller.
+ */
+enum axi_qspi_error_t axi_qspi_initialize(struct axi_qspi_dev_t* dev);
+
+/**
+ * Main function to send data and rcv data through QSPI controller.
+ */
+enum axi_qspi_error_t spi_transfer_and_receive(struct axi_qspi_dev_t* dev,
+ uint8_t *send_buffer, uint8_t *rcv_buffer, int bytes);
+
+/**
+ * Selects the XiP controller by programming the MUX bit.
+ */
+enum axi_qspi_error_t select_xip_mode(struct axi_qspi_dev_t* dev);
+
+/**
+ * Selects the QSPI controller by programming the MUX bit.
+ */
+enum axi_qspi_error_t select_qspi_mode(struct axi_qspi_dev_t* dev);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* AXI_QSPI_CONTROLLER_DRV_H */
diff --git a/platform/ext/target/arm/diphda/bl1/CMakeLists.txt b/platform/ext/target/arm/diphda/bl1/CMakeLists.txt
new file mode 100644
index 0000000..1dd1103
--- /dev/null
+++ b/platform/ext/target/arm/diphda/bl1/CMakeLists.txt
@@ -0,0 +1,302 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2020-2021, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+cmake_minimum_required(VERSION 3.15)
+cmake_policy(SET CMP0079 NEW)
+
+project("BL1 Bootloader" VERSION 0.0.1 LANGUAGES C ASM)
+
+# BL1 only loads the BL2 image, image number always equals 1
+set(BL1_IMAGE_NUMBER 1)
+
+# Version of BL2 image
+set(BL2_IMAGE_VERSION "0.1.0")
+
+add_executable(bl1)
+
+set_target_properties(bl1
+ PROPERTIES
+ SUFFIX ".axf"
+ RUNTIME_OUTPUT_DIRECTORY "${CMAKE_BINARY_DIR}/bin"
+)
+
+target_link_options(bl1
+ PRIVATE
+ $<$<C_COMPILER_ID:GNU>:-Wl,-Map=${CMAKE_BINARY_DIR}/bin/bl1.map>
+)
+
+add_convert_to_bin_target(bl1)
+
+# bl2_mbedcrypto reused as it is, but it pulls the MCUBOOT_IMAGE_NUMBER=${MCUBOOT_IMAGE_NUMBER}
+# configuration, where image number is 3. (Coming from BL2 build). To not to collide with BL1's
+# build where image number is 1 mbedcrypto library is separated from the build of other source
+# files.
+target_link_libraries(bl1
+ PRIVATE
+ bl1_main
+ bl2_mbedcrypto
+)
+
+# add_convert_to_bin_target(bl1) requires at least one source file added to bl1. This sources will
+# be built with wrong image number macro (value coming from BL2 config), so the start-up files
+# added here, as those not use this image number macro.
+target_sources(bl1
+ PRIVATE
+ $<$<C_COMPILER_ID:GNU>:${CMAKE_CURRENT_SOURCE_DIR}/../Device/Source/gcc/startup_diphda_bl.S>
+)
+
+# Needed for the GCC startup files
+target_include_directories(bl1
+ PRIVATE
+ ${CMAKE_SOURCE_DIR}/platform/include
+)
+
+# target_add_scatter_file(bl1) cannot be used as it would add the platform_region_defs dependency
+# to bl1, again pulling the image number property matching with BL2 build, so scatter setup done
+# here by hand.
+target_link_options(bl1
+ PRIVATE
+ -T $<TARGET_OBJECTS:bl1_scatter>
+)
+
+add_library(bl1_scatter OBJECT)
+
+add_dependencies(bl1
+ bl1_scatter
+ )
+
+target_sources(bl1_scatter
+ PRIVATE
+ ../Device/Source/gcc/diphda_bl1.ld
+)
+
+set_source_files_properties(../Device/Source/gcc/diphda_bl1.ld
+ PROPERTIES
+ LANGUAGE C
+)
+
+target_compile_options(bl1_scatter
+ PRIVATE
+ -E
+ -P
+ -xc
+)
+
+target_compile_definitions(bl1_scatter
+ PRIVATE
+ MCUBOOT_IMAGE_NUMBER=${BL1_IMAGE_NUMBER}
+ BL1
+)
+
+target_include_directories(bl1_scatter
+ PRIVATE
+ ../partition
+)
+
+# Library to spearate build from bl2_mbedcrypto configurations
+add_library(bl1_main STATIC)
+
+target_compile_definitions(bl1_main
+ PRIVATE
+ MCUBOOT_IMAGE_NUMBER=${BL1_IMAGE_NUMBER}
+ BL1
+)
+
+# Configurations based on bl2/CMakeLists.txt
+
+# Many files are reused form TF-M's bl2 directory
+set(BL2_SOURCE ${CMAKE_SOURCE_DIR}/bl2)
+
+target_sources(bl1_main
+ PRIVATE
+ ${BL2_SOURCE}/src/flash_map.c
+)
+
+target_include_directories(bl1_main
+ PRIVATE
+ $<BUILD_INTERFACE:${BL2_SOURCE}/include>
+)
+
+# Include path needed for mbedcrypto headers
+target_include_directories(bl1_main
+ PRIVATE
+ $<BUILD_INTERFACE:${MBEDCRYPTO_PATH}/include>
+)
+
+# Configurations based on bl2/ext/mcuboot/CMakeLists.txt
+target_link_libraries(bl1_main
+ PRIVATE
+ mcuboot_config
+ bl2_mbedcrypto_config
+)
+
+target_include_directories(bl1_main
+ PRIVATE
+ $<BUILD_INTERFACE:${BL2_SOURCE}/ext/mcuboot/include>
+)
+
+target_sources(bl1_main
+ PRIVATE
+ ${BL2_SOURCE}/ext/mcuboot/bl2_main.c
+ ${BL2_SOURCE}/ext/mcuboot/keys.c
+ ${BL2_SOURCE}/ext/mcuboot/flash_map_extended.c
+ ${BL2_SOURCE}/ext/mcuboot/flash_map_legacy.c
+)
+
+# Configurations based on ${MCUBOOT_PATH}/boot/bootutil/CMakeLists.txt
+# add_subdirectory("${MCUBOOT_PATH}/boot/bootutil" bootutil) cannot work as we want to define different hal
+# functions compared to BL2
+target_sources(bl1_main
+ PRIVATE
+ ${MCUBOOT_PATH}/boot/bootutil/src/loader.c
+ ${MCUBOOT_PATH}/boot/bootutil/src/bootutil_misc.c
+ ${MCUBOOT_PATH}/boot/bootutil/src/image_validate.c
+ ${MCUBOOT_PATH}/boot/bootutil/src/image_rsa.c
+ ${MCUBOOT_PATH}/boot/bootutil/src/tlv.c
+ ${MCUBOOT_PATH}/boot/bootutil/src/boot_record.c
+ ${MCUBOOT_PATH}/boot/bootutil/src/swap_scratch.c
+ ${MCUBOOT_PATH}/boot/bootutil/src/swap_move.c
+ ${MCUBOOT_PATH}/boot/bootutil/src/swap_misc.c
+ ${MCUBOOT_PATH}/boot/bootutil/src/encrypted.c
+ ${MCUBOOT_PATH}/boot/bootutil/src/fault_injection_hardening.c
+ ${MCUBOOT_PATH}/boot/bootutil/src/fault_injection_hardening_delay_rng_mbedtls.c
+)
+
+target_include_directories(bl1_main
+ PRIVATE
+ $<BUILD_INTERFACE:${MCUBOOT_PATH}/boot/bootutil/include>
+ $<BUILD_INTERFACE:${MCUBOOT_PATH}/boot/bootutil/src>
+ $<BUILD_INTERFACE:${MCUBOOT_PATH}/boot>
+)
+
+# Configurations based on platform/CMakeLists.txt
+target_include_directories(bl1_main
+ PRIVATE
+ $<BUILD_INTERFACE:${CMAKE_SOURCE_DIR}/platform/include>
+ $<BUILD_INTERFACE:${CMAKE_SOURCE_DIR}/platform/ext/cmsis>
+ $<BUILD_INTERFACE:${CMAKE_SOURCE_DIR}/platform/ext/driver>
+ $<BUILD_INTERFACE:${CMAKE_SOURCE_DIR}/platform/ext/common>
+ $<BUILD_INTERFACE:${CMAKE_SOURCE_DIR}/platform/ext>
+ $<$<BOOL:${CRYPTO_HW_ACCELERATOR}>:${CMAKE_SOURCE_DIR}/platform/ext/accelerator/interface>
+)
+
+target_sources(bl1_main
+ PRIVATE
+ ${CMAKE_SOURCE_DIR}/platform/ext/common/boot_hal.c
+ $<$<BOOL:${PLATFORM_DEFAULT_UART_STDOUT}>:${CMAKE_SOURCE_DIR}/platform/ext/common/uart_stdout.c>
+ $<$<BOOL:${PLATFORM_DUMMY_NV_COUNTERS}>:${CMAKE_SOURCE_DIR}/platform/ext/common/template/nv_counters.c>
+ $<$<BOOL:${PLATFORM_DUMMY_ROTPK}>:${CMAKE_SOURCE_DIR}/platform/ext/common/template/tfm_rotpk.c>
+ $<$<BOOL:${PLATFORM_DUMMY_IAK}>:${CMAKE_SOURCE_DIR}/platform/ext/common/template/tfm_initial_attestation_key_material.c>
+)
+
+target_link_libraries(bl1_main
+ PRIVATE
+ bl2_hal
+ tfm_arch
+)
+
+target_compile_definitions(bl1_main
+ PRIVATE
+ MCUBOOT_${MCUBOOT_UPGRADE_STRATEGY}
+ $<$<BOOL:${SYMMETRIC_INITIAL_ATTESTATION}>:SYMMETRIC_INITIAL_ATTESTATION>
+ $<$<BOOL:${MCUBOOT_HW_KEY}>:MCUBOOT_HW_KEY>
+ MCUBOOT_FIH_PROFILE_${MCUBOOT_FIH_PROFILE}
+)
+
+# Configurations based on cc312 cmake files
+target_compile_definitions(bl1_main
+ PRIVATE
+ $<$<BOOL:${CRYPTO_HW_ACCELERATOR_OTP_STATE}>:CRYPTO_HW_ACCELERATOR_OTP_${CRYPTO_HW_ACCELERATOR_OTP_STATE}>
+ $<$<BOOL:${CRYPTO_HW_ACCELERATOR}>:CRYPTO_HW_ACCELERATOR>
+)
+
+target_include_directories(bl1_main
+ PRIVATE
+ $<$<BOOL:${CRYPTO_HW_ACCELERATOR}>:${CMAKE_SOURCE_DIR}/platform/ext/accelerator/cc312>
+ $<$<BOOL:${CRYPTO_HW_ACCELERATOR}>:${CMAKE_SOURCE_DIR}/lib/ext/cryptocell-312-runtime/shared/include/mbedtls>
+ $<$<BOOL:${CRYPTO_HW_ACCELERATOR}>:${CMAKE_SOURCE_DIR}/lib/ext/cryptocell-312-runtime/shared/include/crypto_api/cc3x>
+)
+
+# Configurations based on platform level cmake files
+target_sources(bl1_main
+ PRIVATE
+ ../CMSIS_Driver/Driver_Flash.c
+ ../CMSIS_Driver/Driver_USART.c
+ ../Device/Source/device_definition.c
+ ../Device/Source/system_core_init.c
+ ../Native_Driver/firewall.c
+ ../Native_Driver/uart_pl011_drv.c
+ ../tfm_rotpk.c
+ ../Native_Driver/xilinx_pg153_axi_qspi_controller_drv.c
+ ../Native_Driver/spi_n25q256a_flash_lib.c
+ bl1_boot_hal.c
+ bl1_flash_map.c
+ bl1_security_cnt.c
+)
+
+target_include_directories(bl1_main
+ PRIVATE
+ ../partition
+ ../Device/Include
+ ../.
+ ../CMSIS_Driver/Config
+ ../Device/Config
+ ../Native_Driver
+)
+
+############################### SIGNING BL2 image ##################################
+
+find_package(Python3)
+
+set(FLASH_AREA_NUM 0)
+configure_file(${BL2_SOURCE}/ext/mcuboot/signing_layout.c.in ${CMAKE_CURRENT_BINARY_DIR}/signing_layout.c @ONLY)
+add_library(signing_layout_for_bl2 OBJECT ${CMAKE_CURRENT_BINARY_DIR}/signing_layout.c)
+
+target_compile_options(signing_layout_for_bl2
+ PRIVATE
+ $<$<C_COMPILER_ID:GNU>:-E\;-xc>
+ $<$<C_COMPILER_ID:ARMClang>:-E\;-xc>
+ $<$<C_COMPILER_ID:IAR>:--preprocess=ns\;$<TARGET_OBJECTS:signing_layout_s>>
+)
+target_compile_definitions(signing_layout_for_bl2
+ PRIVATE
+ MCUBOOT_IMAGE_NUMBER=${BL1_IMAGE_NUMBER}
+ BL1
+)
+
+target_include_directories(signing_layout_for_bl2
+ PRIVATE
+ ../partition
+)
+
+add_custom_target(bl2_signed_bin
+ ALL
+ SOURCES bl2_signed.bin
+)
+add_custom_command(OUTPUT bl2_signed.bin
+ DEPENDS $<TARGET_FILE_DIR:bl2>/bl2.bin
+ DEPENDS bl2_bin signing_layout_for_bl2
+ WORKING_DIRECTORY ${MCUBOOT_PATH}/scripts
+
+ #Sign secure binary image with provided secret key
+ COMMAND ${PYTHON_EXECUTABLE} ${BL2_SOURCE}/ext/mcuboot/scripts/wrapper/wrapper.py
+ -v ${BL2_IMAGE_VERSION}
+ --layout $<TARGET_OBJECTS:signing_layout_for_bl2>
+ -k ${MCUBOOT_KEY_S}
+ --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
+ --align 1
+ --pad
+ --pad-header
+ -H 0x400
+ -s ${MCUBOOT_SECURITY_COUNTER_S}
+ -d \"\(0,${MCUBOOT_S_IMAGE_MIN_VER}\)\"
+ $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
+ $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
+ $<TARGET_FILE_DIR:bl2>/bl2.bin
+ ${CMAKE_CURRENT_BINARY_DIR}/bl2_signed.bin
+ COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_BINARY_DIR}/bl2_signed.bin $<TARGET_FILE_DIR:bl2>
+)
diff --git a/platform/ext/target/arm/diphda/bl1/bl1_boot_hal.c b/platform/ext/target/arm/diphda/bl1/bl1_boot_hal.c
new file mode 100644
index 0000000..4367bbe
--- /dev/null
+++ b/platform/ext/target/arm/diphda/bl1/bl1_boot_hal.c
@@ -0,0 +1,270 @@
+/*
+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include <stdio.h>
+#include "cmsis.h"
+#include "region.h"
+#include "boot_hal.h"
+#include "Driver_Flash.h"
+#include "flash_layout.h"
+#include "bootutil/fault_injection_hardening.h"
+#include "firewall.h"
+
+#if defined(CRYPTO_HW_ACCELERATOR) || \
+ defined(CRYPTO_HW_ACCELERATOR_OTP_PROVISIONING)
+#include "crypto_hw.h"
+#endif
+
+/* Flash device name must be specified by target */
+extern ARM_DRIVER_FLASH FLASH_DEV_NAME;
+
+REGION_DECLARE(Image$$, ER_DATA, $$Base)[];
+REGION_DECLARE(Image$$, ARM_LIB_HEAP, $$ZI$$Limit)[];
+
+#define HOST_BIR_BASE 0x00000000
+#define HOST_SHARED_RAM_BASE 0x02000000
+#define HOST_XNVM_BASE 0x08000000
+#define AXI_QSPI_CTRL_REG_BASE 0x40050000
+#define HOST_BASE_SYSTEM_CONTROL_BASE 0x1A010000
+#define HOST_FIREWALL_BASE 0x1A800000
+#define HOST_FPGA_SCC_REGISTERS 0x40000000
+#define FW_CONTROLLER 0
+#define COMP_FC1 1
+#define SE_MID 0
+
+static void setup_se_firewall(void)
+{
+ enum rgn_mpl_t mpl_rights = 0;
+
+ /* Configure the SE firewall controller */
+ fc_select((void *)DIPHDA_FIREWALL_BASE, FW_CONTROLLER);
+ fc_disable_bypass();
+
+ fc_select_region(2);
+ fc_disable_regions();
+ fc_disable_mpe(RGN_MPE0);
+ fc_prog_rgn(RGN_SIZE_2MB, DIPHDA_FIREWALL_BASE);
+ fc_init_mpl(RGN_MPE0);
+
+ mpl_rights = (RGN_MPL_SECURE_READ_MASK |
+ RGN_MPL_SECURE_WRITE_MASK);
+
+ fc_enable_mpl(RGN_MPE0, mpl_rights);
+ fc_prog_mid(RGN_MPE0, SE_MID);
+ fc_enable_mpe(RGN_MPE0);
+ fc_enable_regions();
+
+ fc_pe_enable();
+
+
+ /* Configure the SE firewall component 1 */
+ fc_select((void *)DIPHDA_FIREWALL_BASE, COMP_FC1);
+ fc_disable_bypass();
+ fc_pe_disable();
+
+ /* Boot Instruction Register region: 4KB */
+ fc_select_region(1);
+ fc_disable_regions();
+ fc_disable_mpe(RGN_MPE0);
+ fc_prog_rgn(RGN_SIZE_4KB, DIPHDA_HOST_BIR_BASE);
+ fc_prog_rgn_upper_addr(HOST_BIR_BASE);
+ fc_enable_addr_trans();
+ fc_init_mpl(RGN_MPE0);
+
+ mpl_rights = (RGN_MPL_SECURE_WRITE_MASK);
+
+ fc_enable_mpl(RGN_MPE0, mpl_rights);
+ fc_prog_mid(RGN_MPE0, SE_MID);
+ fc_enable_mpe(RGN_MPE0);
+ fc_enable_regions();
+
+ /* Shared RAM region: 4MB */
+ fc_select_region(2);
+ fc_disable_regions();
+ fc_disable_mpe(RGN_MPE0);
+ fc_prog_rgn(RGN_SIZE_4MB, DIPHDA_HOST_SHARED_RAM_BASE);
+ fc_prog_rgn_upper_addr(HOST_SHARED_RAM_BASE);
+ fc_enable_addr_trans();
+ fc_init_mpl(RGN_MPE0);
+
+ mpl_rights = (RGN_MPL_SECURE_READ_MASK |
+ RGN_MPL_SECURE_WRITE_MASK |
+ RGN_MPL_SECURE_EXECUTE_MASK);
+
+ fc_enable_mpl(RGN_MPE0, mpl_rights);
+ fc_prog_mid(RGN_MPE0, SE_MID);
+ fc_enable_mpe(RGN_MPE0);
+ fc_enable_regions();
+
+ /* XNVM: 32MB */
+ fc_select_region(3);
+ fc_disable_regions();
+ fc_disable_mpe(RGN_MPE0);
+ fc_prog_rgn(RGN_SIZE_32MB, DIPHDA_HOST_XNVM_BASE);
+ fc_prog_rgn_upper_addr(HOST_XNVM_BASE);
+ fc_enable_addr_trans();
+ fc_init_mpl(RGN_MPE0);
+ mpl_rights = (RGN_MPL_SECURE_READ_MASK |
+ RGN_MPL_SECURE_WRITE_MASK);
+
+ fc_enable_mpl(RGN_MPE0, mpl_rights);
+ fc_prog_mid(RGN_MPE0, SE_MID);
+ fc_enable_mpe(RGN_MPE0);
+ fc_enable_regions();
+
+ /* Host SCB Registers: 64KB */
+ fc_select_region(4);
+ fc_disable_regions();
+ fc_disable_mpe(RGN_MPE0);
+ fc_prog_rgn(RGN_SIZE_64KB, DIPHDA_HOST_BASE_SYSTEM_CONTROL_BASE);
+ fc_prog_rgn_upper_addr(HOST_BASE_SYSTEM_CONTROL_BASE);
+ fc_enable_addr_trans();
+ fc_init_mpl(RGN_MPE0);
+
+ mpl_rights = (RGN_MPL_SECURE_READ_MASK |
+ RGN_MPL_SECURE_WRITE_MASK);
+
+ fc_enable_mpl(RGN_MPE0, mpl_rights);
+ fc_prog_mid(RGN_MPE0, SE_MID);
+ fc_enable_mpe(RGN_MPE0);
+ fc_enable_regions();
+
+ /* Host firewall: 2MB */
+ fc_select_region(5);
+ fc_disable_regions();
+ fc_disable_mpe(RGN_MPE0);
+ fc_prog_rgn(RGN_SIZE_2MB, DIPHDA_HOST_FIREWALL_BASE);
+ fc_prog_rgn_upper_addr(HOST_FIREWALL_BASE);
+ fc_enable_addr_trans();
+ fc_init_mpl(RGN_MPE0);
+ mpl_rights = (RGN_MPL_SECURE_READ_MASK |
+ RGN_MPL_SECURE_WRITE_MASK);
+
+ fc_enable_mpl(RGN_MPE0, mpl_rights);
+ fc_prog_mid(RGN_MPE0, SE_MID);
+ fc_enable_mpe(RGN_MPE0);
+ fc_enable_regions();
+
+ /* QSPI Flash Write: 64KB */
+ fc_select_region(6);
+ fc_disable_regions();
+ fc_disable_mpe(RGN_MPE0);
+ fc_prog_rgn(RGN_SIZE_64KB, DIPHDA_AXI_QSPI_CTRL_REG_BASE);
+ fc_prog_rgn_upper_addr(AXI_QSPI_CTRL_REG_BASE);
+ fc_enable_addr_trans();
+ fc_init_mpl(RGN_MPE0);
+
+ mpl_rights = (RGN_MPL_SECURE_READ_MASK |
+ RGN_MPL_SECURE_WRITE_MASK |
+ RGN_MPL_SECURE_EXECUTE_MASK |
+ RGN_MPL_NONSECURE_READ_MASK |
+ RGN_MPL_NONSECURE_WRITE_MASK |
+ RGN_MPL_NONSECURE_EXECUTE_MASK);
+
+ fc_enable_mpl(RGN_MPE0, mpl_rights);
+ fc_prog_mid(RGN_MPE0, SE_MID);
+ fc_enable_mpe(RGN_MPE0);
+ fc_enable_regions();
+
+ /* FPGA – SCC Registers: 64KB */
+ fc_select_region(7);
+ fc_disable_regions();
+ fc_disable_mpe(RGN_MPE0);
+ fc_prog_rgn(RGN_SIZE_4KB, DIPHDA_HOST_FPGA_SCC_REGISTERS);
+ fc_prog_rgn_upper_addr(HOST_FPGA_SCC_REGISTERS);
+ fc_enable_addr_trans();
+ fc_init_mpl(RGN_MPE0);
+
+ mpl_rights = (RGN_MPL_SECURE_READ_MASK |
+ RGN_MPL_SECURE_WRITE_MASK |
+ RGN_MPL_SECURE_EXECUTE_MASK |
+ RGN_MPL_NONSECURE_READ_MASK |
+ RGN_MPL_NONSECURE_WRITE_MASK |
+ RGN_MPL_NONSECURE_EXECUTE_MASK);
+
+ /* Enable All accesses from boot-processor */
+ fc_enable_mpl(RGN_MPE0, mpl_rights);
+ fc_prog_mid(RGN_MPE0, SE_MID);
+ fc_enable_mpe(RGN_MPE0);
+ fc_enable_regions();
+
+
+ fc_pe_enable();
+}
+
+__attribute__((naked)) void boot_clear_bl2_ram_area(void)
+{
+ __ASM volatile(
+ ".syntax unified \n"
+ "movs r0, #0 \n"
+ "ldr r1, =Image$$ER_DATA$$Base \n"
+ "ldr r2, =Image$$ARM_LIB_HEAP$$ZI$$Limit \n"
+ "subs r2, r2, r1 \n"
+ "Loop: \n"
+ "subs r2, #4 \n"
+ "blt Clear_done \n"
+ "str r0, [r1, r2] \n"
+ "b Loop \n"
+ "Clear_done: \n"
+ "bx lr \n"
+ : : : "r0" , "r1" , "r2" , "memory"
+ );
+}
+
+int32_t boot_platform_init(void)
+{
+ int32_t result;
+
+ setup_se_firewall();
+
+ result = FLASH_DEV_NAME.Initialize(NULL);
+ if (result != ARM_DRIVER_OK) {
+ return 1;
+ }
+
+#ifdef CRYPTO_HW_ACCELERATOR
+ result = crypto_hw_accelerator_init();
+ if (result) {
+ return 1;
+ }
+#endif /* CRYPTO_HW_ACCELERATOR */
+
+ return 0;
+}
+
+void boot_platform_quit(struct boot_arm_vector_table *vt)
+{
+ /* Clang at O0, stores variables on the stack with SP relative addressing.
+ * When manually set the SP then the place of reset vector is lost.
+ * Static variables are stored in 'data' or 'bss' section, change of SP has
+ * no effect on them.
+ */
+ static struct boot_arm_vector_table *vt_cpy;
+ int32_t result;
+
+#ifdef CRYPTO_HW_ACCELERATOR
+ result = crypto_hw_accelerator_finish();
+ if (result) {
+ while (1);
+ }
+
+ (void)fih_delay_init();
+#endif /* CRYPTO_HW_ACCELERATOR */
+
+ result = FLASH_DEV_NAME.Uninitialize();
+ if (result != ARM_DRIVER_OK) {
+ while (1);
+ }
+
+ vt_cpy = vt;
+
+ __set_MSP(vt->msp);
+ __DSB();
+ __ISB();
+
+ boot_jump_to_next_image(vt_cpy->reset);
+}
diff --git a/platform/ext/target/arm/diphda/bl1/bl1_flash_map.c b/platform/ext/target/arm/diphda/bl1/bl1_flash_map.c
new file mode 100644
index 0000000..4caf2be
--- /dev/null
+++ b/platform/ext/target/arm/diphda/bl1/bl1_flash_map.c
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include <stdbool.h>
+#include "flash_map/flash_map.h"
+#include "flash_map_backend/flash_map_backend.h"
+#include "bootutil/bootutil_log.h"
+#include "sysflash/sysflash.h"
+#include "Driver_Flash.h"
+
+/* Flash device name must be specified by target */
+extern ARM_DRIVER_FLASH FLASH_DEV_NAME;
+
+#define ARRAY_SIZE(arr) (sizeof(arr)/sizeof((arr)[0]))
+
+const struct flash_area flash_map[] = {
+ {
+ .fa_id = FLASH_AREA_0_ID,
+ .fa_device_id = FLASH_DEVICE_ID,
+ .fa_driver = &FLASH_DEV_NAME,
+ .fa_off = FLASH_AREA_0_OFFSET,
+ .fa_size = FLASH_AREA_0_SIZE,
+ },
+ {
+ .fa_id = FLASH_AREA_1_ID,
+ .fa_device_id = FLASH_DEVICE_ID,
+ .fa_driver = &FLASH_DEV_NAME,
+ .fa_off = FLASH_AREA_1_OFFSET,
+ .fa_size = FLASH_AREA_1_SIZE,
+ },
+};
+
+const int flash_map_entry_num = ARRAY_SIZE(flash_map);
diff --git a/platform/ext/target/arm/diphda/bl1/bl1_security_cnt.c b/platform/ext/target/arm/diphda/bl1/bl1_security_cnt.c
new file mode 100644
index 0000000..84040f0
--- /dev/null
+++ b/platform/ext/target/arm/diphda/bl1/bl1_security_cnt.c
@@ -0,0 +1,64 @@
+/*
+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "bootutil/security_cnt.h"
+#include "tfm_plat_nv_counters.h"
+#include "tfm_plat_defs.h"
+#include "bootutil/fault_injection_hardening.h"
+#include <stdint.h>
+
+/* BL1 only loads 1 image. First 3 counters are used by PS service */
+#define TFM_BOOT_NV_COUNTER (3)
+
+fih_int boot_nv_security_counter_init(void)
+{
+ fih_int fih_rc = FIH_FAILURE;
+
+ fih_rc = fih_int_encode_zero_equality(tfm_plat_init_nv_counter());
+
+ FIH_RET(fih_rc);
+}
+
+fih_int boot_nv_security_counter_get(uint32_t image_id, fih_int *security_cnt)
+{
+ fih_int fih_rc = FIH_FAILURE;
+ uint32_t security_cnt_soft;
+
+ /* Check if it's a null-pointer. */
+ if (!security_cnt) {
+ FIH_RET(FIH_FAILURE);
+ }
+
+ if (image_id != 0) {
+ FIH_RET(FIH_FAILURE);
+ }
+
+ fih_rc = fih_int_encode_zero_equality(
+ tfm_plat_read_nv_counter(TFM_BOOT_NV_COUNTER,
+ sizeof(security_cnt_soft),
+ (uint8_t *)&security_cnt_soft));
+ *security_cnt = fih_int_encode(security_cnt_soft);
+
+ FIH_RET(fih_rc);
+}
+
+int32_t boot_nv_security_counter_update(uint32_t image_id,
+ uint32_t img_security_cnt)
+{
+ enum tfm_plat_err_t err;
+
+ if (image_id != 0) {
+ return -1;
+ }
+
+ err = tfm_plat_set_nv_counter(TFM_BOOT_NV_COUNTER, img_security_cnt);
+ if (err != TFM_PLAT_ERR_SUCCESS) {
+ return -1;
+ }
+
+ return 0;
+}
diff --git a/platform/ext/target/arm/diphda/bl2_boot_hal.c b/platform/ext/target/arm/diphda/bl2_boot_hal.c
new file mode 100644
index 0000000..029b2e8
--- /dev/null
+++ b/platform/ext/target/arm/diphda/bl2_boot_hal.c
@@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include <stdio.h>
+#include "cmsis.h"
+#include "region.h"
+#include "boot_hal.h"
+#include "Driver_Flash.h"
+#include "flash_layout.h"
+#include "bootutil/fault_injection_hardening.h"
+
+#if defined(CRYPTO_HW_ACCELERATOR) || \
+ defined(CRYPTO_HW_ACCELERATOR_OTP_PROVISIONING)
+#include "crypto_hw.h"
+#endif
+
+/* Flash device name must be specified by target */
+extern ARM_DRIVER_FLASH FLASH_DEV_NAME;
+
+REGION_DECLARE(Image$$, ER_DATA, $$Base)[];
+REGION_DECLARE(Image$$, ARM_LIB_HEAP, $$ZI$$Limit)[];
+
+__attribute__((naked)) void boot_clear_bl2_ram_area(void)
+{
+ __ASM volatile(
+ ".syntax unified \n"
+ "movs r0, #0 \n"
+ "ldr r1, =Image$$ER_DATA$$Base \n"
+ "ldr r2, =Image$$ARM_LIB_HEAP$$ZI$$Limit \n"
+ "subs r2, r2, r1 \n"
+ "Loop: \n"
+ "subs r2, #4 \n"
+ "blt Clear_done \n"
+ "str r0, [r1, r2] \n"
+ "b Loop \n"
+ "Clear_done: \n"
+ "bx lr \n"
+ : : : "r0" , "r1" , "r2" , "memory"
+ );
+}
+
+int32_t boot_platform_init(void)
+{
+ int32_t result;
+
+ result = FLASH_DEV_NAME.Initialize(NULL);
+ if (result != ARM_DRIVER_OK) {
+ return 1;
+ }
+
+#ifdef CRYPTO_HW_ACCELERATOR
+ result = crypto_hw_accelerator_init();
+ if (result) {
+ return 1;
+ }
+#endif /* CRYPTO_HW_ACCELERATOR */
+
+ return 0;
+}
+
+void boot_platform_quit(struct boot_arm_vector_table *vt)
+{
+ /* Clang at O0, stores variables on the stack with SP relative addressing.
+ * When manually set the SP then the place of reset vector is lost.
+ * Static variables are stored in 'data' or 'bss' section, change of SP has
+ * no effect on them.
+ */
+ static struct boot_arm_vector_table *vt_cpy;
+ int32_t result;
+
+#ifdef CRYPTO_HW_ACCELERATOR
+ result = crypto_hw_accelerator_finish();
+ if (result) {
+ while (1);
+ }
+
+ (void)fih_delay_init();
+#endif /* CRYPTO_HW_ACCELERATOR */
+
+ result = FLASH_DEV_NAME.Uninitialize();
+ if (result != ARM_DRIVER_OK) {
+ while (1);
+ }
+
+ vt_cpy = vt;
+
+ __set_MSP(vt->msp);
+ __DSB();
+ __ISB();
+
+ boot_jump_to_next_image(vt_cpy->reset);
+}
diff --git a/platform/ext/target/arm/diphda/bl2_flash_map.c b/platform/ext/target/arm/diphda/bl2_flash_map.c
new file mode 100644
index 0000000..60b67cc
--- /dev/null
+++ b/platform/ext/target/arm/diphda/bl2_flash_map.c
@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "flash_map/flash_map.h"
+#include "bootutil/ramload.h"
+#include "platform_base_address.h"
+#include "region_defs.h"
+
+/* Flash device name must be specified by target */
+extern ARM_DRIVER_FLASH FLASH_DEV_NAME;
+
+#define ARRAY_SIZE(arr) (sizeof(arr)/sizeof((arr)[0]))
+
+const struct flash_area flash_map[] = {
+ {
+ .fa_id = FLASH_AREA_0_ID,
+ .fa_device_id = FLASH_DEVICE_ID,
+ .fa_driver = &FLASH_DEV_NAME,
+ .fa_off = FLASH_AREA_0_OFFSET,
+ .fa_size = FLASH_AREA_0_SIZE,
+ },
+ {
+ .fa_id = FLASH_AREA_1_ID,
+ .fa_device_id = FLASH_DEVICE_ID,
+ .fa_driver = &FLASH_DEV_NAME,
+ .fa_off = FLASH_AREA_1_OFFSET,
+ .fa_size = FLASH_AREA_1_SIZE,
+ },
+ {
+ .fa_id = FLASH_AREA_2_ID,
+ .fa_device_id = FLASH_DEVICE_ID,
+ .fa_driver = &FLASH_DEV_NAME,
+ .fa_off = FLASH_AREA_2_OFFSET,
+ .fa_size = FLASH_AREA_2_SIZE,
+ },
+ {
+ .fa_id = FLASH_AREA_3_ID,
+ .fa_device_id = FLASH_DEVICE_ID,
+ .fa_driver = &FLASH_DEV_NAME,
+ .fa_off = FLASH_AREA_3_OFFSET,
+ .fa_size = FLASH_AREA_3_SIZE,
+ },
+ {
+ .fa_id = FLASH_AREA_4_ID,
+ .fa_device_id = FLASH_DEVICE_ID,
+ .fa_driver = &FLASH_DEV_NAME,
+ .fa_off = FLASH_AREA_4_OFFSET,
+ .fa_size = FLASH_AREA_4_SIZE,
+ },
+ {
+ .fa_id = FLASH_AREA_5_ID,
+ .fa_device_id = FLASH_DEVICE_ID,
+ .fa_driver = &FLASH_DEV_NAME,
+ .fa_off = FLASH_AREA_5_OFFSET,
+ .fa_size = FLASH_AREA_5_SIZE,
+ },
+};
+
+const int flash_map_entry_num = ARRAY_SIZE(flash_map);
+
+
+int boot_get_image_exec_ram_info(uint32_t image_id,
+ uint32_t *exec_ram_start,
+ uint32_t *exec_ram_size)
+{
+ int32_t rc = -1;
+
+ if (image_id == 0) {
+ (*exec_ram_start) = SRAM_BASE;
+ (*exec_ram_size) = TFM_PARTITION_SIZE;
+ rc = 0;
+ }
+ else if (image_id == 1 || image_id == 2) {
+ (*exec_ram_start) = DIPHDA_HOST_SHARED_RAM_BASE;
+ (*exec_ram_size) = 0x20000000U;
+ rc = 0;
+ }
+
+ return rc;
+}
diff --git a/platform/ext/target/arm/diphda/bl2_security_cnt.c b/platform/ext/target/arm/diphda/bl2_security_cnt.c
new file mode 100644
index 0000000..8175859
--- /dev/null
+++ b/platform/ext/target/arm/diphda/bl2_security_cnt.c
@@ -0,0 +1,91 @@
+/*
+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "bootutil/security_cnt.h"
+#include "tfm_plat_nv_counters.h"
+#include "tfm_plat_defs.h"
+#include "bootutil/fault_injection_hardening.h"
+#include <stdint.h>
+
+/* Counters for BL2 images. First 3 counters are used by PS service, 4th is
+ * used by BL1. */
+#define TFM_BOOT_NV_COUNTER_0 4 /* NV counter of Image 0 */
+#define TFM_BOOT_NV_COUNTER_1 5 /* NV counter of Image 1 */
+#define TFM_BOOT_NV_COUNTER_2 6 /* NV counter of Image 2 */
+#define TFM_BOOT_NV_COUNTER_MAX 7
+
+static enum tfm_nv_counter_t get_nv_counter_from_image_id(uint32_t image_id)
+{
+ uint32_t nv_counter;
+
+ /* Avoid integer overflow */
+ if ((UINT32_MAX - TFM_BOOT_NV_COUNTER_0) < image_id) {
+ return TFM_BOOT_NV_COUNTER_MAX;
+ }
+
+ nv_counter = TFM_BOOT_NV_COUNTER_0 + image_id;
+
+ /* Check the existence of the enumerated counter value */
+ if (nv_counter >= TFM_BOOT_NV_COUNTER_MAX) {
+ return TFM_BOOT_NV_COUNTER_MAX;
+ }
+
+ return (enum tfm_nv_counter_t)nv_counter;
+}
+
+fih_int boot_nv_security_counter_init(void)
+{
+ fih_int fih_rc = FIH_FAILURE;
+
+ fih_rc = fih_int_encode_zero_equality(tfm_plat_init_nv_counter());
+
+ FIH_RET(fih_rc);
+}
+
+fih_int boot_nv_security_counter_get(uint32_t image_id, fih_int *security_cnt)
+{
+ enum tfm_nv_counter_t nv_counter;
+ fih_int fih_rc = FIH_FAILURE;
+ uint32_t security_cnt_soft;
+
+ /* Check if it's a null-pointer. */
+ if (!security_cnt) {
+ FIH_RET(FIH_FAILURE);
+ }
+
+ nv_counter = get_nv_counter_from_image_id(image_id);
+ if (nv_counter == TFM_BOOT_NV_COUNTER_MAX) {
+ FIH_RET(FIH_FAILURE);
+ }
+
+ fih_rc = fih_int_encode_zero_equality(
+ tfm_plat_read_nv_counter(nv_counter,
+ sizeof(security_cnt_soft),
+ (uint8_t *)&security_cnt_soft));
+ *security_cnt = fih_int_encode(security_cnt_soft);
+
+ FIH_RET(fih_rc);
+}
+
+int32_t boot_nv_security_counter_update(uint32_t image_id,
+ uint32_t img_security_cnt)
+{
+ enum tfm_nv_counter_t nv_counter;
+ enum tfm_plat_err_t err;
+
+ nv_counter = get_nv_counter_from_image_id(image_id);
+ if (nv_counter == TFM_BOOT_NV_COUNTER_MAX) {
+ return -1;
+ }
+
+ err = tfm_plat_set_nv_counter(nv_counter, img_security_cnt);
+ if (err != TFM_PLAT_ERR_SUCCESS) {
+ return -1;
+ }
+
+ return 0;
+}
diff --git a/platform/ext/target/arm/diphda/config.cmake b/platform/ext/target/arm/diphda/config.cmake
new file mode 100644
index 0000000..503b525
--- /dev/null
+++ b/platform/ext/target/arm/diphda/config.cmake
@@ -0,0 +1,28 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2020-2021, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+set(BL2 ON CACHE BOOL "Whether to build BL2")
+set(DEFAULT_MCUBOOT_FLASH_MAP OFF CACHE BOOL "Whether to use the default flash map defined by TF-M project")
+set(DEFAULT_MCUBOOT_SECURITY_COUNTERS OFF CACHE BOOL "Whether to use the default security counter configuration defined by TF-M project")
+set(MCUBOOT_UPGRADE_STRATEGY "RAM_LOAD" CACHE STRING "Upgrade strategy when multiple boot images are loaded [OVERWRITE_ONLY, SWAP, DIRECT_XIP, RAM_LOAD]")
+
+set(MCUBOOT_IMAGE_NUMBER 3 CACHE STRING "Number of images loaded by mcuboot")
+set(TFM_MULTI_CORE_TOPOLOGY ON CACHE BOOL "Whether to build for a dual-cpu architecture")
+set(TFM_PLAT_SPECIFIC_MULTI_CORE_COMM ON CACHE BOOL "Whether to use a platform specific inter core communication instead of mailbox in dual-cpu topology")
+set(TFM_PSA_API ON CACHE BOOL "Use PSA api (IPC mode) instead of secure library mode")
+set(CRYPTO_HW_ACCELERATOR ON CACHE BOOL "Whether to enable the crypto hardware accelerator on supported platforms")
+set(PLATFORM_DUMMY_NV_SEED FALSE CACHE BOOL "Use dummy NV seed implementation. Should not be used in production.")
+set(NS FALSE CACHE BOOL "Whether to build NS app")
+
+set(PLATFORM_DUMMY_ROTPK FALSE CACHE BOOL "Use dummy root of trust public key. Dummy key is the public key for the default keys in bl2. Should not be used in production.")
+
+# External dependency on OpenAMP and Libmetal
+set(LIBMETAL_SRC_PATH "DOWNLOAD" CACHE PATH "Path to Libmetal (or DOWNLOAD to fetch automatically")
+set(LIBMETAL_VERSION "f252f0e007fbfb8b3a52b1d5901250ddac96baad" CACHE STRING "The version of libmetal to use")
+
+set(LIBOPENAMP_SRC_PATH "DOWNLOAD" CACHE PATH "Path to Libopenamp (or DOWNLOAD to fetch automatically")
+set(OPENAMP_VERSION "33037b04e0732e58fc0fa36afc244999ef632e10" CACHE STRING "The version of openamp to use")
diff --git a/platform/ext/target/arm/diphda/openamp/CMakeLists.txt b/platform/ext/target/arm/diphda/openamp/CMakeLists.txt
new file mode 100644
index 0000000..a4114ec
--- /dev/null
+++ b/platform/ext/target/arm/diphda/openamp/CMakeLists.txt
@@ -0,0 +1,51 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2021, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+add_subdirectory(ext/libmetal)
+add_subdirectory(ext/libopenamp)
+
+set(CMAKE_SYSTEM_PROCESSOR "arm")
+set(MACHINE "template")
+set(LIBMETAL_INCLUDE_DIR "${LIBMETAL_BIN_PATH}/lib/include")
+set(LIBMETAL_LIB "${LIBMETAL_BIN_PATH}/lib")
+
+add_subdirectory(${LIBMETAL_SRC_PATH} ${LIBMETAL_BIN_PATH})
+add_subdirectory(${LIBOPENAMP_SRC_PATH} ${LIBOPENAMP_BIN_PATH})
+
+target_include_directories(platform_s
+ PRIVATE
+ ${LIBMETAL_BIN_PATH}/lib/include
+ ${LIBOPENAMP_SRC_PATH}/lib/include
+)
+
+target_include_directories(platform_s
+ PUBLIC
+ .
+)
+
+target_sources(platform_s
+ PRIVATE
+ tfm_spe_openamp_platform_interconnect.c
+ tfm_spe_dual_core_psa_client_secure_lib.c
+ tfm_spe_openamp_interface_impl.c
+ platform_spe_dual_core_hal.c
+ tfm_spe_psa_client_lib_unordered_map.c
+)
+
+target_link_libraries(open_amp-static
+ PRIVATE
+ metal-static
+)
+target_link_libraries(platform_s
+ PRIVATE
+ open_amp-static
+)
+
+# Export header file shared with non-secure side
+install(FILES tfm_openamp_lib.h
+ DESTINATION ${TFM_INSTALL_PATH}/interface/include
+)
diff --git a/platform/ext/target/arm/diphda/openamp/ext/libmetal/CMakeLists.txt b/platform/ext/target/arm/diphda/openamp/ext/libmetal/CMakeLists.txt
new file mode 100644
index 0000000..9fab53f
--- /dev/null
+++ b/platform/ext/target/arm/diphda/openamp/ext/libmetal/CMakeLists.txt
@@ -0,0 +1,29 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2021, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+include(FetchContent)
+set(FETCHCONTENT_QUIET FALSE)
+
+# Set to not download submodules if that option is available
+if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.16.0")
+ cmake_policy(SET CMP0097 NEW)
+endif()
+
+if ("${LIBMETAL_SRC_PATH}" STREQUAL "DOWNLOAD")
+ FetchContent_Declare(libmetal
+ GIT_REPOSITORY https://github.com/OpenAMP/libmetal.git
+ GIT_TAG ${LIBMETAL_VERSION}
+ )
+
+ FetchContent_GetProperties(libmetal)
+ if (NOT libmetal_POPULATED)
+ FetchContent_Populate(libmetal)
+ set(LIBMETAL_BIN_PATH ${libmetal_BINARY_DIR} CACHE PATH "Path to Libmetal (or DOWNLOAD to get automatically")
+ set(LIBMETAL_SRC_PATH ${libmetal_SOURCE_DIR} CACHE PATH "Path to Libmetal (or DOWNLOAD to get automatically" FORCE)
+ endif ()
+endif ()
+
diff --git a/platform/ext/target/arm/diphda/openamp/ext/libopenamp/CMakeLists.txt b/platform/ext/target/arm/diphda/openamp/ext/libopenamp/CMakeLists.txt
new file mode 100644
index 0000000..d91dc7d
--- /dev/null
+++ b/platform/ext/target/arm/diphda/openamp/ext/libopenamp/CMakeLists.txt
@@ -0,0 +1,29 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2020-2021, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+include(FetchContent)
+set(FETCHCONTENT_QUIET FALSE)
+
+# Set to not download submodules if that option is available
+if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.16.0")
+ cmake_policy(SET CMP0097 NEW)
+endif()
+
+if ("${LIBOPENAMP_SRC_PATH}" STREQUAL "DOWNLOAD")
+ FetchContent_Declare(libopenamp
+ GIT_REPOSITORY https://github.com/OpenAMP/open-amp.git
+ GIT_TAG ${OEPNAMP_VERSION}
+ )
+
+ FetchContent_GetProperties(libopenamp)
+ if (NOT libopenamp_POPULATED)
+ FetchContent_Populate(libopenamp)
+ set(LIBOPENAMP_BIN_PATH ${libopenamp_BINARY_DIR} CACHE PATH "Path to Libopenamp (or DOWNLOAD to get automatically")
+ set(LIBOPENAMP_SRC_PATH ${libopenamp_SOURCE_DIR} CACHE PATH "Path to Libopenamp (or DOWNLOAD to get automatically" FORCE)
+ endif ()
+endif ()
+
diff --git a/platform/ext/target/arm/diphda/openamp/images/example_psa_call_workflow.png b/platform/ext/target/arm/diphda/openamp/images/example_psa_call_workflow.png
new file mode 100644
index 0000000..88234c3
--- /dev/null
+++ b/platform/ext/target/arm/diphda/openamp/images/example_psa_call_workflow.png
Binary files differ
diff --git a/platform/ext/target/arm/diphda/openamp/images/files_relationship.png b/platform/ext/target/arm/diphda/openamp/images/files_relationship.png
new file mode 100644
index 0000000..0960ede
--- /dev/null
+++ b/platform/ext/target/arm/diphda/openamp/images/files_relationship.png
Binary files differ
diff --git a/platform/ext/target/arm/diphda/openamp/platform_spe_dual_core_hal.c b/platform/ext/target/arm/diphda/openamp/platform_spe_dual_core_hal.c
new file mode 100644
index 0000000..a20964c
--- /dev/null
+++ b/platform/ext/target/arm/diphda/openamp/platform_spe_dual_core_hal.c
@@ -0,0 +1,142 @@
+/*
+ * Copyright (c) 2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include "tfm_spe_openamp_platform_interface.h"
+#include "device_cfg.h"
+#include "device_definition.h"
+#include "mhu_v2_x.h"
+#include "tfm_plat_defs.h"
+#include "log/tfm_log.h"
+#include "cmsis.h"
+
+#define MHU1_SEH_NOTIFY_CH 0
+#define MHU1_SEH_NOTIFY_VAL 1234
+
+static enum tfm_plat_err_t initialize_secure_enclave_to_host_mhu(void)
+{
+ enum mhu_v2_x_error_t status;
+
+ status = mhu_v2_x_driver_init(&MHU1_SE_TO_HOST_DEV, MHU_REV_READ_FROM_HW);
+ if (status != MHU_V_2_X_ERR_NONE) {
+ LOG_MSG("Secure-enclave to Host MHU driver initialization failed : %d.\r\n", status);
+ return TFM_PLAT_ERR_SYSTEM_ERR;
+ }
+ LOG_MSG("Secure-enclave to Host MHU Driver initialized successfully.\r\n");
+
+ return TFM_PLAT_ERR_SUCCESS;
+}
+
+static enum tfm_plat_err_t initialize_host_to_secure_enclave_mhu(void)
+{
+ enum mhu_v2_x_error_t status;
+
+ status = mhu_v2_x_driver_init(&MHU1_HOST_TO_SE_DEV, MHU_REV_READ_FROM_HW);
+ if (status != MHU_V_2_X_ERR_NONE) {
+ LOG_MSG("Host to secure-enclave MHU driver initialization failed : %d.\r\n", status);
+ return TFM_PLAT_ERR_SYSTEM_ERR;
+ }
+ LOG_MSG("Host to secure-enclave MHU Driver initialized successfully.\r\n");
+
+ NVIC_EnableIRQ(HSE1_RECEIVER_COMBINED_IRQn);
+
+ return TFM_PLAT_ERR_SUCCESS;
+}
+
+__STATIC_INLINE void tfm_trigger_pendsv(void)
+{
+ SCB->ICSR |= SCB_ICSR_PENDSVSET_Msk;
+}
+
+void HSE1_RECEIVER_COMBINED_IRQHandler(void)
+{
+ tfm_trigger_pendsv();
+
+ mhu_v2_x_channel_clear(&MHU1_HOST_TO_SE_DEV, 0);
+ NVIC_ClearPendingIRQ(HSE1_RECEIVER_COMBINED_IRQn);
+}
+
+enum tfm_plat_err_t tfm_dual_core_hal_init(void)
+{
+ enum tfm_plat_err_t status;
+
+ status = initialize_host_to_secure_enclave_mhu();
+ if (status) {
+ return status;
+ }
+ status = initialize_secure_enclave_to_host_mhu();
+
+ return status;
+}
+
+enum tfm_plat_err_t tfm_hal_notify_peer(void)
+{
+ uint32_t access_ready;
+ enum mhu_v2_x_error_t status;
+ struct mhu_v2_x_dev_t* dev = &MHU1_SE_TO_HOST_DEV;
+
+ status = mhu_v2_x_set_access_request(dev);
+ if (status != MHU_V_2_X_ERR_NONE) {
+ LOG_MSG("mhu_v2_x_set_access_request failed : %d\r\n", status);
+ return TFM_PLAT_ERR_SYSTEM_ERR;
+ }
+
+ do {
+ status = mhu_v2_x_get_access_ready(dev, &access_ready);
+ if (status != MHU_V_2_X_ERR_NONE) {
+ LOG_MSG("mhu_v2_x_get_access_ready failed : %d\r\n", status);
+ return TFM_PLAT_ERR_SYSTEM_ERR;
+ }
+ } while(!access_ready);
+
+ status = mhu_v2_x_channel_send(dev, MHU1_SEH_NOTIFY_CH, MHU1_SEH_NOTIFY_VAL);
+
+ if (status != MHU_V_2_X_ERR_NONE) {
+ LOG_MSG("mhu_v2_x_channel_send : %d\r\n", status);
+ return TFM_PLAT_ERR_SYSTEM_ERR;
+ }
+
+ status = mhu_v2_x_reset_access_request(dev);
+ if (status != MHU_V_2_X_ERR_NONE) {
+ LOG_MSG("mhu_v2_x_reset_access_request : %d\r\n", status);
+ return TFM_PLAT_ERR_SYSTEM_ERR;
+ }
+ return TFM_PLAT_ERR_SUCCESS;
+}
+
+/*
+ * The function is implemented to support libmetal's mutex and spinlock
+ * implementation. The GCC does not support a respective builtin
+ * functions for Cortex M0+. So below function provides the
+ * missing link for libmetal compilation.
+ * This function will prevent race condition between PendSV context (where
+ * entries are inserted into unordered map) and service threads (where
+ * entries are removed from the unordered map).
+ */
+bool __atomic_compare_exchange_4(volatile void *mem, void *expected,
+ uint32_t desired, bool var, int success, int failure)
+{
+ bool ret = false;
+ volatile uint32_t *location = mem;
+ volatile uint32_t *old_val = expected;
+ /* unused variables */
+ (void)var;
+ (void)success;
+ (void)failure;
+
+ NVIC_DisableIRQ(PendSV_IRQn);
+
+ do {
+ if (*location != *old_val) {
+ break;
+ }
+ *location = desired;
+ ret = true;
+ } while (0);
+
+ NVIC_EnableIRQ(PendSV_IRQn);
+
+ return ret;
+}
diff --git a/platform/ext/target/arm/diphda/openamp/readme.rst b/platform/ext/target/arm/diphda/openamp/readme.rst
new file mode 100644
index 0000000..e5db317
--- /dev/null
+++ b/platform/ext/target/arm/diphda/openamp/readme.rst
@@ -0,0 +1,34 @@
+########################
+Use of OpenAMP in Diphda
+########################
+ARM's Diphda platform uses openamp for tf-m non-secure
+communication. The openamp interface is used to recieve
+messages and send response to the host (Linux). The
+PSA Client library decodes messages received through
+OpenAMP and fowards the decoded messages to TF-M's SPM.
+
+TF-M has Mailbox solution which supports non-secure
+bare-meta applications. In the Diphda, the non-secure side
+is Linux environment so openamp is used instead.
+
+The file naming convention used here is aligned with TF-M's
+`secure_fw` naming convention. This is just to make sure
+in future file name does not require change if TF-M adopts
+this implementation.
+
+
+**************************
+Relationship between files
+**************************
+
+.. image:: images/files_relationship.png
+
+*********************
+SQL Diagram: PSA Call
+*********************
+
+.. image:: images/example_psa_call_workflow.png
+
+--------------
+
+*Copyright (c) 2021, Arm Limited. All rights reserved.*
diff --git a/platform/ext/target/arm/diphda/openamp/tfm_openamp_lib.h b/platform/ext/target/arm/diphda/openamp/tfm_openamp_lib.h
new file mode 100644
index 0000000..9e9f507
--- /dev/null
+++ b/platform/ext/target/arm/diphda/openamp/tfm_openamp_lib.h
@@ -0,0 +1,128 @@
+/*
+ * Copyright (c) 2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+/*
+ * This header file is common to NSPE and SPE PSA client libraries.
+ */
+
+#ifndef __TFM_OPENAMP_LIB_H__
+#define __TFM_OPENAMP_LIB_H__
+
+#include <stdint.h>
+#include "psa/client.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* PSA client call type value */
+#define OPENAMP_PSA_FRAMEWORK_VERSION (0x1)
+#define OPENAMP_PSA_VERSION (0x2)
+#define OPENAMP_PSA_CONNECT (0x3)
+#define OPENAMP_PSA_CALL (0x4)
+#define OPENAMP_PSA_CLOSE (0x5)
+
+/* Return code of openamp APIs */
+#define OPENAMP_SUCCESS (0)
+#define OPENAMP_MAP_FULL (INT32_MIN + 1)
+#define OPENAMP_MAP_ERROR (INT32_MIN + 2)
+#define OPENAMP_INVAL_PARAMS (INT32_MIN + 3)
+#define OPENAMP_NO_PERMS (INT32_MIN + 4)
+#define OPENAMP_NO_PEND_EVENT (INT32_MIN + 5)
+#define OPENAMP_CHAN_BUSY (INT32_MIN + 6)
+#define OPENAMP_CALLBACK_REG_ERROR (INT32_MIN + 7)
+#define OPENAMP_INIT_ERROR (INT32_MIN + 8)
+
+#define HOLD_INPUT_BUFFER (1) /* IF true, TF-M Library will hold the openamp
+ * buffer so that openamp shared memory buffer
+ * does not get freed.
+ */
+
+/*
+ * This structure holds the parameters used in a PSA client call.
+ */
+typedef struct psa_client_in_params {
+ union {
+ struct {
+ uint32_t sid;
+ } psa_version_params;
+
+ struct {
+ uint32_t sid;
+ uint32_t version;
+ } psa_connect_params;
+
+ struct {
+ psa_handle_t handle;
+ int32_t type;
+ psa_invec *in_vec;
+ size_t in_len;
+ psa_outvec *out_vec;
+ size_t out_len;
+ } psa_call_params;
+
+ struct {
+ psa_handle_t handle;
+ } psa_close_params;
+ };
+} psa_client_in_params_t;
+
+/* Openamp message passed from NSPE to SPE to deliver a PSA client call */
+typedef struct ns_openamp_msg {
+ uint32_t call_type; /* PSA client call type */
+ psa_client_in_params_t params; /* Contain parameters used in PSA
+ * client call
+ */
+
+ int32_t client_id; /* Optional client ID of the
+ * non-secure caller.
+ * It is required to identify the
+ * non-secure task when NSPE OS
+ * enforces non-secure task
+ * isolation
+ */
+ int32_t request_id; /* This is the unique ID for a
+ * request send to TF-M by the
+ * non-secure core. TF-M forward
+ * the ID back to non-secure on the
+ * reply to a given request. Using
+ * this id, the non-secure library
+ * can identify the request for
+ * which the reply has received.
+ */
+} ns_openamp_msg_t;
+
+/*
+ * This structure holds the location of the out data of the PSA client call.
+ */
+typedef struct psa_client_out_params {
+ psa_outvec *out_vec;
+ size_t out_len;
+} psa_client_out_params_t;
+
+
+/* Openamp message from SPE to NSPE delivering the reply back for a PSA client
+ * call.
+ */
+typedef struct s_openamp_msg {
+ int32_t request_id; /* Using this id, the non-secure
+ * library identifies the request.
+ * TF-M forwards the same
+ * request-id received on the
+ * initial request.
+ */
+ int32_t reply; /* Reply of the PSA client call */
+ psa_client_out_params_t params; /* Contain out data result of the
+ * PSA client call.
+ */
+} s_openamp_msg_t;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __TFM_OPENAMP_LIB_H__ */
diff --git a/platform/ext/target/arm/diphda/openamp/tfm_spe_dual_core_psa_client_secure_lib.c b/platform/ext/target/arm/diphda/openamp/tfm_spe_dual_core_psa_client_secure_lib.c
new file mode 100644
index 0000000..398f998
--- /dev/null
+++ b/platform/ext/target/arm/diphda/openamp/tfm_spe_dual_core_psa_client_secure_lib.c
@@ -0,0 +1,297 @@
+/*
+ * Copyright (c) 2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "tfm_spe_dual_core_psa_client_secure_lib.h"
+#include "tfm_rpc.h"
+#include "tfm_spe_openamp_interface.h"
+#include "log/tfm_log.h"
+#include "tfm_spe_psa_client_lib_unordered_map.h"
+#include "psa/error.h"
+#include "utilities.h"
+
+/**
+ * In linux environment and for psa_call type client api,
+ * the layout of the reply from tf-m to linux is as following.
+ */
+typedef struct output_buffer_with_payload {
+ s_openamp_msg_t header;
+ psa_outvec outvec[PSA_MAX_IOVEC];
+ uint8_t payload[]; /* outdata follows */
+} output_buffer_with_payload_t;
+
+#define NS_CALLER_FLAG (true)
+
+static void prepare_and_send_output_msg(int32_t reply, int32_t request_id)
+{
+ s_openamp_msg_t msg;
+
+ msg.request_id = request_id;
+ msg.reply = reply;
+
+ msg.params.out_vec = NULL;
+ msg.params.out_len = 0;
+
+ tfm_to_openamp_reply_back(&msg, sizeof(msg));
+}
+
+static void prepare_and_send_preallocated_output_msg(int32_t reply,
+ const unordered_map_entry_t* s_map_entry)
+{
+ size_t out_len = s_map_entry->msg.params.psa_call_params.out_len;
+ output_buffer_with_payload_t *output_msg = (output_buffer_with_payload_t*)s_map_entry->output_buffer;
+
+ output_msg->header.request_id = s_map_entry->msg.request_id;
+ output_msg->header.reply = reply;
+
+ output_msg->header.params.out_vec = tfm_to_openamp_translate_secure_to_non_secure_ptr(
+ output_msg->outvec);
+ output_msg->header.params.out_len = out_len;
+
+ for (int i = 0; i < out_len; i++) {
+ output_msg->outvec[i].base = tfm_to_openamp_translate_secure_to_non_secure_ptr(
+ output_msg->outvec[i].base);
+ }
+
+ /* send msg to non-secure side */
+ tfm_to_openamp_reply_back_no_copy(output_msg, s_map_entry->output_buffer_len);
+}
+
+void send_service_reply_to_non_secure(int32_t reply, void *private)
+{
+ unordered_map_handle_t handle;
+ const unordered_map_entry_t* s_map_entry = (const unordered_map_entry_t*)private;
+
+ if (s_map_entry->is_input_buffer_hold) {
+ tfm_to_openamp_release_buffer(s_map_entry->input_buffer);
+ }
+
+ if (s_map_entry->is_output_buffer) {
+ prepare_and_send_preallocated_output_msg(reply, s_map_entry);
+ } else {
+ prepare_and_send_output_msg(reply, s_map_entry->msg.request_id);
+ }
+
+ handle = unordered_map_get_entry_handle(s_map_entry);
+ if (handle == INVALID_MAP_HANDLE) {
+ LOG_MSG("FATAL_ERROR: Map handle not valid\r\n");
+ TFM_CORE_ASSERT(0);
+ }
+ unordered_map_free(handle);
+}
+
+static psa_invec * prepare_in_vecs(unordered_map_entry_t* s_map_entry)
+{
+ size_t in_len = s_map_entry->msg.params.psa_call_params.in_len;
+ TFM_CORE_ASSERT(in_len <= PSA_MAX_IOVEC);
+
+ psa_invec *input_buffer_in_vec = (psa_invec*)tfm_to_openamp_translate_non_secure_to_secure_ptr(
+ s_map_entry->msg.params.psa_call_params.in_vec);
+ for (int i = 0; i < in_len; i++) {
+ input_buffer_in_vec[i].base = tfm_to_openamp_translate_non_secure_to_secure_ptr(
+ input_buffer_in_vec[i].base);
+ }
+
+ return input_buffer_in_vec;
+}
+
+static void * alloc_outout_buffer_in_shared_mem(size_t length,
+ unordered_map_entry_t* s_map_entry)
+{
+ uint32_t buffer_sz = 0;
+
+ /* pre allocate output_buffer space from openamp shared memory */
+ s_map_entry->output_buffer = tfm_to_openamp_get_buffer(&buffer_sz);
+ TFM_CORE_ASSERT((s_map_entry->output_buffer != NULL) && (buffer_sz >= length));
+ s_map_entry->is_output_buffer = true;
+ s_map_entry->output_buffer_len = length;
+
+ return s_map_entry->output_buffer;
+}
+
+static psa_status_t alloc_and_prepare_out_vecs(psa_outvec **out_vec_start_ptr,
+ unordered_map_entry_t* s_map_entry)
+{
+ psa_outvec *input_buffer_outvec = NULL;
+ size_t output_buffer_len = 0;
+ size_t current_outdata_len = 0;
+ output_buffer_with_payload_t *out_buffer = NULL;
+ int max_shared_mem_buffer_size = 0;
+ size_t out_len = s_map_entry->msg.params.psa_call_params.out_len;
+
+ TFM_CORE_ASSERT(out_len <= PSA_MAX_IOVEC);
+ *out_vec_start_ptr = NULL;
+
+ if (out_len == 0) {
+ return PSA_SUCCESS;
+ }
+
+ input_buffer_outvec = (psa_outvec*)tfm_to_openamp_translate_non_secure_to_secure_ptr(
+ s_map_entry->msg.params.psa_call_params.out_vec);
+
+ /* calculate and validate out data len */
+ output_buffer_len = sizeof(output_buffer_with_payload_t);
+ for (int i = 0; i < out_len; i++) {
+ output_buffer_len += input_buffer_outvec[i].len;
+ }
+ max_shared_mem_buffer_size = tfm_to_openamp_get_buffer_size();
+ if (output_buffer_len > max_shared_mem_buffer_size) {
+ LOG_MSG("required buffer size (%d) is more than maximum available (%d)\r\n",
+ output_buffer_len, max_shared_mem_buffer_size);
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+
+ /* prepare output buffer layout */
+ out_buffer = (output_buffer_with_payload_t*)alloc_outout_buffer_in_shared_mem(
+ output_buffer_len, s_map_entry);
+
+ for (int i = 0; i < PSA_MAX_IOVEC; i++) {
+ if (i < out_len) {
+ out_buffer->outvec[i].base = &out_buffer->payload[current_outdata_len];
+ out_buffer->outvec[i].len = input_buffer_outvec[i].len;
+ current_outdata_len += input_buffer_outvec[i].len;
+ } else {
+ out_buffer->outvec[i].base = NULL;
+ out_buffer->outvec[i].len = 0;
+ }
+ }
+
+ *out_vec_start_ptr = out_buffer->outvec;
+
+ return PSA_SUCCESS;
+}
+
+static psa_status_t prepare_params_for_psa_call(struct client_call_params_t *spm_params,
+ unordered_map_entry_t* s_map_entry)
+{
+ psa_status_t ret = PSA_SUCCESS;
+
+ spm_params->handle = s_map_entry->msg.params.psa_call_params.handle;
+ spm_params->type = s_map_entry->msg.params.psa_call_params.type;
+ spm_params->in_len = s_map_entry->msg.params.psa_call_params.in_len;
+ spm_params->out_len = s_map_entry->msg.params.psa_call_params.out_len;
+
+ spm_params->out_vec = NULL;
+ ret = alloc_and_prepare_out_vecs(&spm_params->out_vec, s_map_entry);
+ if (ret != PSA_SUCCESS) {
+ return ret;
+ }
+
+ spm_params->in_vec = prepare_in_vecs(s_map_entry);
+
+ /* hold the input shared memory */
+ tfm_to_openamp_hold_buffer(s_map_entry->input_buffer);
+ s_map_entry->is_input_buffer_hold = true;
+
+ return ret;
+}
+
+__STATIC_INLINE int32_t check_msg(const ns_openamp_msg_t *msg)
+{
+ /*
+ * TODO
+ * Comprehensive check of openamp msessage content can be implemented here.
+ */
+ (void)msg;
+ return OPENAMP_SUCCESS;
+}
+
+static void send_error_to_non_secure(int32_t reply, int32_t request_id)
+{
+ prepare_and_send_output_msg(reply, request_id);
+}
+
+int32_t register_msg_to_spe_and_verify(void **private, const void *data, size_t len)
+{
+ unordered_map_entry_t *s_map_entry;
+ ns_openamp_msg_t *ns_msg;
+ unordered_map_handle_t map_handle;
+ int32_t ret = OPENAMP_SUCCESS;
+
+ *private = NULL;
+
+ if (len < sizeof(ns_openamp_msg_t)) {
+ LOG_MSG("Invalid parameters.\r\n");
+ send_error_to_non_secure(OPENAMP_INVAL_PARAMS, 0);
+ return OPENAMP_INVAL_PARAMS;
+ }
+
+ /* start of the data is with "ns_openamp_msg_t" */
+ ns_msg = (ns_openamp_msg_t*)data;
+ ret = unordered_map_insert(ns_msg, data, &map_handle);
+ if (ret) {
+ LOG_MSG("Map insert failed\r\n");
+ send_error_to_non_secure(OPENAMP_MAP_FULL, ns_msg->request_id);
+ return OPENAMP_MAP_FULL;
+ }
+
+ s_map_entry = unordered_map_get_entry_ptr(map_handle);
+
+ /* verify msg after copy to the secure memory */
+ if (check_msg(&s_map_entry->msg)) {
+ LOG_MSG("Message is invalid\r\n");
+ send_error_to_non_secure(OPENAMP_INVAL_PARAMS, ns_msg->request_id);
+ unordered_map_free(map_handle);
+ return OPENAMP_INVAL_PARAMS;
+ }
+
+ *private = s_map_entry;
+
+ return ret;
+}
+
+void deliver_msg_to_tfm_spe(void *private)
+{
+ struct client_call_params_t spm_params = {0};
+ psa_status_t psa_ret = PSA_ERROR_GENERIC_ERROR;
+ unordered_map_entry_t* s_map_entry = (unordered_map_entry_t*)private;
+
+ switch(s_map_entry->msg.call_type) {
+ case OPENAMP_PSA_FRAMEWORK_VERSION:
+ psa_ret = tfm_rpc_psa_framework_version();
+ send_service_reply_to_non_secure(psa_ret, s_map_entry);
+ break;
+ case OPENAMP_PSA_VERSION:
+ spm_params.sid = s_map_entry->msg.params.psa_version_params.sid;
+ psa_ret = tfm_rpc_psa_version(&spm_params, NS_CALLER_FLAG);
+ send_service_reply_to_non_secure(psa_ret, s_map_entry);
+ break;
+ case OPENAMP_PSA_CONNECT:
+ spm_params.sid = s_map_entry->msg.params.psa_connect_params.sid;
+ spm_params.version = s_map_entry->msg.params.psa_connect_params.version;
+ psa_ret = tfm_rpc_psa_connect(&spm_params, NS_CALLER_FLAG);
+ if (psa_ret != PSA_SUCCESS) {
+ send_service_reply_to_non_secure(psa_ret, s_map_entry);
+ }
+ break;
+ case OPENAMP_PSA_CALL:
+ psa_ret = prepare_params_for_psa_call(&spm_params, s_map_entry);
+ if (psa_ret != PSA_SUCCESS) {
+ send_service_reply_to_non_secure(psa_ret, s_map_entry);
+ break;
+ }
+ psa_ret = tfm_rpc_psa_call(&spm_params, NS_CALLER_FLAG);
+ if (psa_ret != PSA_SUCCESS) {
+ send_service_reply_to_non_secure(psa_ret, s_map_entry);
+ break;
+ }
+ break;
+ case OPENAMP_PSA_CLOSE:
+ spm_params.handle = s_map_entry->msg.params.psa_close_params.handle;
+ tfm_rpc_psa_close(&spm_params, NS_CALLER_FLAG);
+ break;
+ default:
+ LOG_MSG("msg type did not recognized\r\n");
+ send_error_to_non_secure(OPENAMP_INVAL_PARAMS, s_map_entry->msg.request_id);
+ unordered_map_free(unordered_map_get_entry_handle(s_map_entry));
+ break;
+ }
+}
+
+void init_dual_core_psa_client_secure_lib(void)
+{
+ unordered_map_init();
+}
diff --git a/platform/ext/target/arm/diphda/openamp/tfm_spe_dual_core_psa_client_secure_lib.h b/platform/ext/target/arm/diphda/openamp/tfm_spe_dual_core_psa_client_secure_lib.h
new file mode 100644
index 0000000..de7891b
--- /dev/null
+++ b/platform/ext/target/arm/diphda/openamp/tfm_spe_dual_core_psa_client_secure_lib.h
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __TFM_SPE_DUAL_CORE_PSA_CLIENT_SECURE_LIB_H__
+#define __TFM_SPE_DUAL_CORE_PSA_CLIENT_SECURE_LIB_H__
+
+#include "tfm_openamp_lib.h"
+
+/**
+ * \brief Initializes the library.
+ */
+void init_dual_core_psa_client_secure_lib(void);
+
+/**
+ * \brief Decodes the messages received from the NSPE before sending
+ * to SPE.
+ */
+void deliver_msg_to_tfm_spe(void *private);
+
+/**
+ * \brief Encodes the reply of service before sending it to NSPE.
+ */
+void send_service_reply_to_non_secure(int32_t reply, void *private);
+
+/**
+ * \brief Validate and register the message. The message details are
+ * copied inside the unordered_map.
+ *
+ * \retval OPENAMP_SUCCESS Successfully registered the message.
+ * \retval Other return code Operation failed with an error code.
+ */
+int32_t register_msg_to_spe_and_verify(void **private,
+ const void *data, size_t len);
+
+#endif /* __TFM_SPE_DUAL_CORE_PSA_CLIENT_SECURE_LIB_H__ */
diff --git a/platform/ext/target/arm/diphda/openamp/tfm_spe_openamp_interface.h b/platform/ext/target/arm/diphda/openamp/tfm_spe_openamp_interface.h
new file mode 100644
index 0000000..25afd50
--- /dev/null
+++ b/platform/ext/target/arm/diphda/openamp/tfm_spe_openamp_interface.h
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2020 Linaro Limited
+ *
+ * Copyright (c) 2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef TFM_SPE_OPENAMP_INTERFACE_H_
+#define TFM_SPE_OPENAMP_INTERFACE_H_
+
+#define SUCCESS (0)
+#define ERROR (INT32_MIN + 1)
+
+
+typedef void (*openamp_to_tfm_callback)(const void *data,
+ size_t len);
+typedef void (*openamp_to_tfm_notify)(void);
+
+/*
+ * These functions are the logical interface from TF-M to
+ * OpenAMP.
+ */
+int32_t tfm_to_openamp_init(openamp_to_tfm_callback cb,
+ openamp_to_tfm_notify notify);
+void tfm_to_openamp_notify(void);
+void tfm_to_openamp_spe_map_spinlock_acquire(void);
+void tfm_to_openamp_spe_map_spinlock_release(void);
+void tfm_to_openamp_reply_back(const void* data, size_t len);
+void tfm_to_openamp_reply_back_no_copy(const void* data, size_t len);
+void tfm_to_openamp_hold_buffer(const void *buffer);
+void tfm_to_openamp_release_buffer(const void *buffer);
+void *tfm_to_openamp_get_buffer(uint32_t *len);
+int tfm_to_openamp_get_buffer_size(void);
+void *tfm_to_openamp_translate_non_secure_to_secure_ptr(const void *ptr);
+void *tfm_to_openamp_translate_secure_to_non_secure_ptr(const void *ptr);
+
+#endif /* TFM_SPE_OPENAMP_INTERFACE_H_ */
diff --git a/platform/ext/target/arm/diphda/openamp/tfm_spe_openamp_interface_impl.c b/platform/ext/target/arm/diphda/openamp/tfm_spe_openamp_interface_impl.c
new file mode 100644
index 0000000..1bbba57
--- /dev/null
+++ b/platform/ext/target/arm/diphda/openamp/tfm_spe_openamp_interface_impl.c
@@ -0,0 +1,247 @@
+/*
+ * Copyright (c) 2020 Linaro Limited
+ *
+ * Copyright (c) 2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include <metal/device.h>
+#include <metal/spinlock.h>
+#include <openamp/open_amp.h>
+
+#include "tfm_spe_openamp_interface.h"
+#include "log/tfm_log.h"
+#include "tfm_spe_shm_openamp.h"
+
+static metal_phys_addr_t shm_physmap[] = { SHM_START_PHY_ADDR };
+static struct metal_device shm_device = {
+ .name = SHM_DEVICE_NAME,
+ .bus = NULL,
+ .num_regions = 1,
+ {
+ {
+ .virt = (void *) SHM_START_VIRT_ADDR,
+ .physmap = shm_physmap,
+ .size = SHM_SIZE,
+ .page_shift = 0xffffffff,
+ .page_mask = 0xffffffff,
+ .mem_flags = 0,
+ .ops = { NULL },
+ },
+ },
+ .node = { NULL },
+ .irq_num = 0,
+ .irq_info = NULL
+};
+
+static struct virtio_vring_info rvrings[2];
+
+static struct virtio_device vdev;
+static struct rpmsg_virtio_device rvdev;
+static struct metal_io_region *io;
+static struct virtqueue *vq[2];
+static struct rpmsg_virtio_shm_pool shpool;
+static struct rpmsg_endpoint tfm_ept;
+static struct rpmsg_endpoint *ep = &tfm_ept;
+static struct metal_spinlock spe_map_slock;
+static openamp_to_tfm_callback tfm_callback = NULL;
+static openamp_to_tfm_notify tfm_notify = NULL;
+
+static unsigned char virtio_get_status(struct virtio_device *vdev)
+{
+ (void)vdev;
+ uint32_t status = *(uint32_t *)VDEV_STATUS_ADDR;
+ return status;
+}
+
+static void virtio_set_status(struct virtio_device *vdev, unsigned char status)
+{
+ (void)vdev;
+ *(uint32_t *)VDEV_STATUS_ADDR = status;
+}
+
+static uint32_t virtio_get_features(struct virtio_device *vdev)
+{
+ (void)vdev;
+ return 1 << VIRTIO_RPMSG_F_NS;
+}
+
+static void virtio_notify(struct virtqueue *vq)
+{
+ (void)vq;
+ tfm_notify();
+}
+
+static struct virtio_dispatch dispatch = {
+ .get_status = virtio_get_status,
+ .set_status = virtio_set_status,
+ .get_features = virtio_get_features,
+ .notify = virtio_notify,
+};
+
+int endpoint_cb(struct rpmsg_endpoint *ept, void *data,
+ size_t len, uint32_t src, void *priv)
+{
+ (void)ept;
+ (void)src;
+ (void)priv;
+ tfm_callback(data, len);
+ return 0;
+}
+
+static void rpmsg_service_unbind(struct rpmsg_endpoint *ept)
+{
+ (void)ept;
+ rpmsg_destroy_ept(ep);
+}
+
+void ns_bind_cb(struct rpmsg_device *rdev, const char *name, uint32_t dest)
+{
+ (void)rpmsg_create_ept(ep, rdev, name,
+ RPMSG_ADDR_ANY, dest,
+ endpoint_cb,
+ rpmsg_service_unbind);
+}
+
+void tfm_to_openamp_notify(void)
+{
+ virtqueue_notification(vq[0]);
+}
+
+void tfm_to_openamp_spe_map_spinlock_acquire(void)
+{
+ metal_spinlock_acquire(&spe_map_slock);
+}
+
+void tfm_to_openamp_spe_map_spinlock_release(void)
+{
+ metal_spinlock_release(&spe_map_slock);
+}
+
+void tfm_to_openamp_reply_back(const void* data, size_t len)
+{
+ rpmsg_send(ep, data, len);
+}
+
+void tfm_to_openamp_reply_back_no_copy(const void* data, size_t len)
+{
+ rpmsg_send_nocopy(ep, data, len);
+}
+
+void tfm_to_openamp_hold_buffer(const void *buffer)
+{
+ rpmsg_hold_rx_buffer(ep, (void*)buffer);
+}
+
+void tfm_to_openamp_release_buffer(const void *buffer)
+{
+ rpmsg_release_rx_buffer(ep, (void*)buffer);
+}
+
+void *tfm_to_openamp_get_buffer(uint32_t *len)
+{
+ return rpmsg_get_tx_payload_buffer(ep, len, 1);
+}
+
+int tfm_to_openamp_get_buffer_size(void)
+{
+ return rpmsg_virtio_get_buffer_size(&rvdev.rdev);
+}
+
+void *tfm_to_openamp_translate_non_secure_to_secure_ptr(const void *ptr)
+{
+ metal_phys_addr_t phys = 0;
+ phys = (metal_phys_addr_t)ptr;
+ return metal_io_phys_to_virt(io, phys);
+}
+
+void *tfm_to_openamp_translate_secure_to_non_secure_ptr(const void *ptr)
+{
+ metal_phys_addr_t phys = metal_io_virt_to_phys(io, (void*)ptr);
+ return (void*)phys;
+}
+
+int32_t tfm_to_openamp_init(openamp_to_tfm_callback cb,
+ openamp_to_tfm_notify notify)
+{
+ int status = 0;
+ struct metal_device *device;
+ struct metal_init_params metal_params = METAL_INIT_DEFAULTS;
+
+ LOG_MSG("TF-M OpenAMP[master] starting initialization...\r\n");
+
+ if (cb == NULL || notify == NULL) {
+ LOG_MSG("invalid parameters\r\n");
+ return ERROR;
+ }
+ tfm_callback = cb;
+ tfm_notify = notify;
+
+ metal_spinlock_init(&spe_map_slock);
+
+ status = metal_init(&metal_params);
+ if (status != 0) {
+ LOG_MSG("metal_init: failed - error code\r\n");
+ return ERROR;
+ }
+
+ status = metal_register_generic_device(&shm_device);
+ if (status != 0) {
+ LOG_MSG("Couldn't register shared memory device\r\n");
+ return ERROR;
+ }
+
+ status = metal_device_open("generic", SHM_DEVICE_NAME, &device);
+ if (status != 0) {
+ LOG_MSG("metal_device_open failed\r\n");
+ return ERROR;
+ }
+
+ io = metal_device_io_region(device, 0);
+ if (io == NULL) {
+ LOG_MSG("metal_device_io_region failed to get region\r\n");
+ return ERROR;
+ }
+
+ /* setup vdev */
+ vq[0] = virtqueue_allocate(VRING_SIZE);
+ if (vq[0] == NULL) {
+ LOG_MSG("virtqueue_allocate failed to alloc vq[0]\r\n");
+ return ERROR;
+ }
+ vq[1] = virtqueue_allocate(VRING_SIZE);
+ if (vq[1] == NULL) {
+ LOG_MSG("virtqueue_allocate failed to alloc vq[1]\r\n");
+ return ERROR;
+ }
+
+ vdev.role = RPMSG_MASTER;
+ vdev.vrings_num = VRING_COUNT;
+ vdev.func = &dispatch;
+ rvrings[0].io = io;
+ rvrings[0].info.vaddr = (void *)VRING_TX_ADDRESS;
+ rvrings[0].info.num_descs = VRING_SIZE;
+ rvrings[0].info.align = VRING_ALIGNMENT;
+ rvrings[0].vq = vq[0];
+
+ rvrings[1].io = io;
+ rvrings[1].info.vaddr = (void *)VRING_RX_ADDRESS;
+ rvrings[1].info.num_descs = VRING_SIZE;
+ rvrings[1].info.align = VRING_ALIGNMENT;
+ rvrings[1].vq = vq[1];
+
+ vdev.vrings_info = &rvrings[0];
+
+ /* setup rvdev */
+ rpmsg_virtio_init_shm_pool(&shpool, (void *)SHM_START_VIRT_ADDR, SHM_SIZE);
+ status = rpmsg_init_vdev(&rvdev, &vdev, ns_bind_cb, io, &shpool);
+ if (status != 0) {
+ LOG_MSG("rpmsg_init_vdev failed : %d\r\n", status);
+ return ERROR;
+ }
+ LOG_MSG("rpmsg_init_vdev Done!\r\n");
+
+ return SUCCESS;
+}
diff --git a/platform/ext/target/arm/diphda/openamp/tfm_spe_openamp_platform_interconnect.c b/platform/ext/target/arm/diphda/openamp/tfm_spe_openamp_platform_interconnect.c
new file mode 100644
index 0000000..7b7c8f0
--- /dev/null
+++ b/platform/ext/target/arm/diphda/openamp/tfm_spe_openamp_platform_interconnect.c
@@ -0,0 +1,115 @@
+/*
+ * Copyright (c) 2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "tfm_spe_openamp_platform_interface.h"
+#include "tfm_spe_dual_core_psa_client_secure_lib.h"
+#include "tfm_rpc.h"
+#include "tfm_spe_openamp_interface.h"
+#include "tfm_multi_core.h"
+#include "log/tfm_log.h"
+#include "utilities.h"
+
+static void *registered_msg = NULL;
+
+/* Process call from the other core. */
+void callback_from_openamp(const void *ns_msg, size_t len)
+{
+ int32_t ret = OPENAMP_SUCCESS;
+ void *priv = NULL;
+
+ ret = register_msg_to_spe_and_verify(&priv, ns_msg, len);
+ if (ret != OPENAMP_SUCCESS) {
+ return;
+ }
+
+ /*
+ * registered_msg will be used inside get_caller_private_data.
+ * get_caller_private_data will be called in the same context:
+ * deliver_msg* => tfm_rpc_xxx => tfm_spm_xxx => tfm_spm_fill_msg
+ * => tfm_rpc_set_caller_data => get_caller_private_data
+ */
+ registered_msg = priv;
+
+ deliver_msg_to_tfm_spe(priv);
+}
+
+/* RPC reply() callback */
+static void service_reply(const void *priv, int32_t ret)
+{
+ send_service_reply_to_non_secure(ret, (void*)priv);
+}
+
+/* RPC get_caller_data() callback */
+static const void *get_caller_private_data(int32_t client_id)
+{
+ if (!registered_msg) {
+ LOG_MSG("FATAL_ERROR: Map pointer cannot be NULL.\r\n");
+ TFM_CORE_ASSERT(0);
+ }
+
+ return registered_msg;
+}
+
+/* Openamp specific operations callback for TF-M RPC */
+static const struct tfm_rpc_ops_t openamp_rpc_ops = {
+ .handle_req = tfm_to_openamp_notify, /* notify openamp for pendsv/irq
+ * received from the non-secure */
+ .reply = service_reply,
+ .get_caller_data = get_caller_private_data,
+};
+
+void notify_request_from_openamp(void)
+{
+ int32_t ret;
+
+ ret = tfm_hal_notify_peer();
+ if (ret) {
+ LOG_MSG("tfm_hal_notify_peer failed %d\r\n", ret);
+ }
+ return;
+}
+
+/* Openmap initialization */
+static int32_t tfm_spe_openamp_lib_init(void)
+{
+ int32_t ret;
+
+ ret = tfm_dual_core_hal_init();
+ if (ret) {
+ LOG_MSG("tfm_dual_core_hal_init failed : %d\r\n", ret);
+ return OPENAMP_INIT_ERROR;
+ }
+
+ ret = tfm_to_openamp_init(callback_from_openamp,
+ notify_request_from_openamp);
+ if (ret) {
+ LOG_MSG("tfm_to_openamp_init failed : %d\r\n", ret);
+ return OPENAMP_INIT_ERROR;
+ }
+
+ init_dual_core_psa_client_secure_lib();
+
+ /* Register RPC callbacks */
+ ret = tfm_rpc_register_ops(&openamp_rpc_ops);
+ if (ret) {
+ LOG_MSG("tfm_rpc_register_ops failed : %d\r\n", ret);
+ return OPENAMP_CALLBACK_REG_ERROR;
+ }
+
+ LOG_MSG("tfm_spe_openamp_lib_init initialized success.\r\n");
+ return OPENAMP_SUCCESS;
+}
+
+int32_t tfm_inter_core_comm_init(void)
+{
+ if (tfm_spe_openamp_lib_init()) {
+ return TFM_PLAT_ERR_SYSTEM_ERR;
+ }
+
+ return TFM_PLAT_ERR_SUCCESS;
+}
+
diff --git a/platform/ext/target/arm/diphda/openamp/tfm_spe_openamp_platform_interface.h b/platform/ext/target/arm/diphda/openamp/tfm_spe_openamp_platform_interface.h
new file mode 100644
index 0000000..4c720b7
--- /dev/null
+++ b/platform/ext/target/arm/diphda/openamp/tfm_spe_openamp_platform_interface.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __TFM_SPE_OPENAMP_PLATFORM_INTERFACE_H__
+#define __TFM_SPE_OPENAMP_PLATFORM_INTERFACE_H__
+
+#include "tfm_openamp_lib.h"
+#include "tfm_plat_defs.h"
+
+/**
+ * \brief Platform specific initialization of SPE openamp.
+ *
+ * \retval TFM_PLAT_ERR_SUCCESS Operation succeeded.
+ * \retval Other return code Operation failed with an error code.
+ */
+enum tfm_plat_err_t tfm_dual_core_hal_init(void);
+
+/**
+ * \brief Notify NSPE that a PSA client call return result is replied.
+ * Implemented by platform specific inter-processor communication driver.
+ *
+ * \retval TFM_PLAT_ERR_SUCCESS The notification is successfully sent out.
+ * \retval Other return code Operation failed with an error code.
+ */
+enum tfm_plat_err_t tfm_hal_notify_peer(void);
+
+#endif /* __TFM_SPE_OPENAMP_PLATFORM_INTERFACE_H__ */
diff --git a/platform/ext/target/arm/diphda/openamp/tfm_spe_psa_client_lib_unordered_map.c b/platform/ext/target/arm/diphda/openamp/tfm_spe_psa_client_lib_unordered_map.c
new file mode 100644
index 0000000..7ffc9eb
--- /dev/null
+++ b/platform/ext/target/arm/diphda/openamp/tfm_spe_psa_client_lib_unordered_map.c
@@ -0,0 +1,150 @@
+/*
+ * Copyright (c) 2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "tfm_spe_psa_client_lib_unordered_map.h"
+#include "tfm_core_utils.h"
+#include "tfm_spe_openamp_interface.h"
+#include "tfm_spe_shm_openamp.h"
+#include <stdbool.h>
+#include <stddef.h>
+
+/*
+ * SPE map where tf-m copies the psa_client parameters
+ * from non-secure memory to its local secure memory.
+ */
+typedef struct unordered_map {
+ /*
+ * Aligned with TFM_MAX_MESSAGES. A more sophisticated approach is
+ * required if the intent is to increase TFM_MAX_MESSAGES beyond
+ * 32 bits.
+ */
+ uint32_t busy_slots; /* protected by a spinlock */
+ unordered_map_entry_t map[TFM_MAX_MESSAGES];
+} unordered_map_t;
+
+
+/*
+ * TF-M secure memory map: the parameters are copied to secure memory
+ * from openamp non-secure memory. This is to avoid TOCTOU attack.
+ */
+static unordered_map_t psa_client_lib_map_;
+
+static inline int find_first_unset_bit(uint32_t n)
+{
+ int index = -1;
+ n = ~n & (n+1);
+ while(n>0) {
+ n >>= 1;
+ index++;
+ }
+ return index;
+}
+
+static inline bool is_map_full(unordered_map_t *m)
+{
+ return (~(m->busy_slots) == 0);
+}
+
+static inline void set_bit(uint32_t *n, int index)
+{
+ *n = (*n | (1 << index));
+}
+
+static inline bool is_bit_set(uint32_t n, int index)
+{
+ return ((n & (1 << index)) != 0);
+}
+
+static inline void unset_bit(uint32_t *n, int index)
+{
+ uint32_t mask = 0;
+ mask |= (1 << index);
+ *n = (*n & ~mask);
+}
+
+void unordered_map_init(void)
+{
+ tfm_to_openamp_spe_map_spinlock_acquire();
+ psa_client_lib_map_.busy_slots = 0;
+ tfm_to_openamp_spe_map_spinlock_release();
+}
+
+static int32_t alloc_map_entry(unordered_map_handle_t *handle)
+{
+ int32_t ret;
+ tfm_to_openamp_spe_map_spinlock_acquire();
+ do {
+ if (is_map_full(&psa_client_lib_map_)) {
+ ret = OPENAMP_MAP_FULL;
+ break;
+ }
+ *handle = find_first_unset_bit(psa_client_lib_map_.busy_slots);
+ set_bit(&psa_client_lib_map_.busy_slots, *handle);
+ ret = OPENAMP_SUCCESS;
+ } while (0);
+ tfm_to_openamp_spe_map_spinlock_release();
+ return ret;
+}
+
+int32_t unordered_map_insert(const ns_openamp_msg_t *ns_msg, const void *in,
+ unordered_map_handle_t *handle)
+{
+ int32_t ret;
+
+ ret = alloc_map_entry(handle);
+ if (ret) {
+ return ret;
+ }
+
+ spm_memcpy(&psa_client_lib_map_.map[*handle].msg, ns_msg,
+ sizeof(ns_openamp_msg_t));
+
+ psa_client_lib_map_.map[*handle].input_buffer = in;
+ psa_client_lib_map_.map[*handle].output_buffer = NULL;
+ psa_client_lib_map_.map[*handle].output_buffer_len = 0;
+ psa_client_lib_map_.map[*handle].is_input_buffer_hold = false;
+ psa_client_lib_map_.map[*handle].is_output_buffer = false;
+
+ psa_client_lib_map_.map[*handle].handle = *handle;
+
+ return OPENAMP_SUCCESS;
+}
+
+void unordered_map_free(unordered_map_handle_t handle)
+{
+ if (handle >= TFM_MAX_MESSAGES || handle < 0) {
+ return;
+ }
+ spm_memset(&psa_client_lib_map_.map[handle], 0,
+ sizeof(unordered_map_entry_t));
+
+ tfm_to_openamp_spe_map_spinlock_acquire();
+ unset_bit(&psa_client_lib_map_.busy_slots, handle);
+ tfm_to_openamp_spe_map_spinlock_release();
+}
+
+unordered_map_entry_t* unordered_map_get_entry_ptr(unordered_map_handle_t handle)
+{
+ if (handle >= TFM_MAX_MESSAGES || handle < 0) {
+ return NULL;
+ }
+ if (!is_bit_set(psa_client_lib_map_.busy_slots, handle)) {
+ return NULL;
+ }
+ return &psa_client_lib_map_.map[handle];
+}
+
+unordered_map_handle_t unordered_map_get_entry_handle(
+ const unordered_map_entry_t *ptr)
+{
+ if (!ptr) {
+ return INVALID_MAP_HANDLE;
+ }
+
+ return ptr->handle;
+}
+
diff --git a/platform/ext/target/arm/diphda/openamp/tfm_spe_psa_client_lib_unordered_map.h b/platform/ext/target/arm/diphda/openamp/tfm_spe_psa_client_lib_unordered_map.h
new file mode 100644
index 0000000..1d09413
--- /dev/null
+++ b/platform/ext/target/arm/diphda/openamp/tfm_spe_psa_client_lib_unordered_map.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __TFM_SPE_PSA_CLIENT_LIB_UNORDERED_MAP_H__
+#define __TFM_SPE_PSA_CLIENT_LIB_UNORDERED_MAP_H__
+
+#include <stdbool.h>
+#include "tfm_openamp_lib.h"
+
+/* 16 bits are sufficient to store the handle. Also
+ * choosing 16bits allow for better packing inside
+ * the struct unordered_map_entry_t.
+ */
+typedef int16_t unordered_map_handle_t;
+#define INVALID_MAP_HANDLE -1
+
+/* An entry structure of map data structure */
+typedef struct unordered_map_entry {
+ ns_openamp_msg_t msg;
+ const void *input_buffer;
+ void *output_buffer;
+ size_t output_buffer_len;
+ unordered_map_handle_t handle; /* entry handle */
+ bool is_input_buffer_hold; /* true when input buffer is held */
+ bool is_output_buffer; /* true when output buffer is preallocated */
+} unordered_map_entry_t;
+
+/* Initialize the map data structure */
+void unordered_map_init(void);
+
+/* Insert entry into the map and return a handle to the entry */
+int32_t unordered_map_insert(const ns_openamp_msg_t *msg, const void *in,
+ unordered_map_handle_t *handle);
+
+/* Free respective entry into the map represented by the handle */
+void unordered_map_free(unordered_map_handle_t handle);
+
+/* Using a handle return the memory pointer of the entry */
+unordered_map_entry_t* unordered_map_get_entry_ptr(
+ unordered_map_handle_t handle);
+
+/* Using a entry memory location, return respective handle */
+unordered_map_handle_t unordered_map_get_entry_handle(
+ const unordered_map_entry_t *ptr);
+
+#endif /* __TFM_SPE_PSA_CLIENT_LIB_UNORDERED_MAP_H__ */
diff --git a/platform/ext/target/arm/diphda/openamp/tfm_spe_shm_openamp.h b/platform/ext/target/arm/diphda/openamp/tfm_spe_shm_openamp.h
new file mode 100644
index 0000000..597fce1
--- /dev/null
+++ b/platform/ext/target/arm/diphda/openamp/tfm_spe_shm_openamp.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2020 Linaro Limited
+ *
+ * Copyright (c) 2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef TFM_SPE_SHM_OPEN_AMP_H_
+#define TFM_SPE_SHM_OPEN_AMP_H_
+
+#include "region_defs.h"
+
+#define VDEV_STATUS_ADDR (OPENAMP_SE_SHARED_MEMORY_START_ADDR)
+#define VDEV_STATUS_SIZE (0x400) // 1 KB
+#define SHM_START_VIRT_ADDR (OPENAMP_SE_SHARED_MEMORY_START_ADDR + VDEV_STATUS_SIZE)
+#define SHM_START_PHY_ADDR (OPENAMP_HOST_SHARED_MEMORY_START_ADDR + VDEV_STATUS_SIZE)
+#define SHM_SIZE (0x7c00) // 31 KB
+#define SHM_DEVICE_NAME "cvm.shm"
+
+#define VRING_COUNT 2
+#define VRING_TX_ADDRESS (VDEV_STATUS_ADDR + SHM_SIZE)
+#define VRING_RX_ADDRESS (VDEV_STATUS_ADDR + SHM_SIZE - VDEV_STATUS_SIZE)
+#define VRING_ALIGNMENT 4
+#define VRING_SIZE 8
+
+/*
+ * The tf-m can only accept MAX_MESSAGES at a given time.
+ * The Host should set RPMSG_BUFFER_SIZE accrodingly
+ * such that tf-m does not recieve more than
+ * TFM_MAX_MESSAGES messages.
+ * Changing this macro DOES NOT increase TF-M capabilities
+ * to handle more messages.
+ */
+#define TFM_MAX_MESSAGES (32)
+
+#endif /* TFM_SPE_SHM_OPEN_AMP_H_ */
diff --git a/platform/ext/target/arm/diphda/partition/flash_layout.h b/platform/ext/target/arm/diphda/partition/flash_layout.h
new file mode 100644
index 0000000..8700a99
--- /dev/null
+++ b/platform/ext/target/arm/diphda/partition/flash_layout.h
@@ -0,0 +1,219 @@
+/*
+ * Copyright (c) 2017-2021 Arm Limited. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __FLASH_LAYOUT_H__
+#define __FLASH_LAYOUT_H__
+
+/* (Note: This is offsetted with 0x6000_0000 from the SE perspective as it is
+ * accessed via the Host)
+ *
+ * 0x0800_0000 Reserved (32 KB)
+ * 0x0800_8000 GPT header (256 KB)
+ * 0x0804_8000 Reserved (32 KB)
+ * 0x0805_0000 SE BL2 primary slot (64 KiB)
+ * 0x0806_0000 SE BL2 secondary slot (64 KiB)
+ * 0x0807_0000 TF-M primary slot (384 KiB)
+ * 0x080D_0000 TF-M secondary slot (384 KiB)
+ * 0x0813_0000 OPTEE primary slot (512 KiB)
+ * 0x081B_0000 OPTEE secondary slot (512 KiB)
+ * 0x0823_0000 U-boot primary slot (512 KiB)
+ * 0x082B_0000 U-boot secondary slot (512 KiB)
+ * 0x0833_0000 SPL primary slot (256 KiB)
+ * 0x0837_0000 SPL secondary slot (256 KiB)
+ */
+
+/* This header file is included from linker scatter file as well, where only a
+ * limited C constructs are allowed. Therefore it is not possible to include
+ * here the platform_base_address.h to access flash related defines. To resolve
+ * this some of the values are redefined here with different names, these are
+ * marked with comment.
+ */
+
+#define MCUBOOT_MAX_IMG_SECTORS (32)
+#define FLASH_BASE_ADDRESS (0x68000000)
+
+#define SE_BL2_PARTITION_SIZE (0x10000) /* 64 KiB */
+#define TFM_PARTITION_SIZE (0x60000) /* 384 KiB */
+#define OPTEE_PARTITION_SIZE (0x80000) /* 512 KiB */
+#define U_BOOT_PARTITION_SIZE (0x80000) /* 512 KiB */
+#define SPL_PARTITION_SIZE (0x40000) /* 256 KiB */
+
+
+/* Secure Enclave internal SRAM */
+#define SRAM_BASE (0x30000000)
+#define SRAM_SIZE (0x78000) /* 480 KiB */
+
+#define BL2_DATA_GAP_SIZE (0x08000) /* 32 KiB */
+
+#define BL1_DATA_START (SRAM_BASE)
+#define BL1_DATA_SIZE (0x10000) /* 64 KiB*/
+#define BL1_DATA_LIMIT (BL1_DATA_START + BL1_DATA_SIZE - 1)
+
+/* PMOD SF3 NOR FLASH */
+#define PMOD_SF3_FLASH_TOTAL_SIZE (0x02000000) /* 32 MB Nor Flash (PMOD SF3) */
+#define PMOD_SF3_FLASH_SECTOR_SIZE (0x00001000) /* 4 KB Sub sector size*/
+#define PMOD_SF3_FLASH_PAGE_SIZE (256U) /* 256 B */
+#define PMOD_SF3_FLASH_PROGRAM_UNIT (1U) /* 1 B */
+
+#define FLASH_DEV_NAME Driver_FLASH0
+#define FLASH_TOTAL_SIZE (PMOD_SF3_FLASH_TOTAL_SIZE) /* 32 MB */
+#define FLASH_AREA_IMAGE_SECTOR_SIZE (PMOD_SF3_FLASH_SECTOR_SIZE) /* 4 KiB */
+
+#ifdef BL1
+
+#define IMAGE_EXECUTABLE_RAM_START (SRAM_BASE + BL1_DATA_SIZE)
+#define IMAGE_EXECUTABLE_RAM_SIZE (SRAM_SIZE - BL1_DATA_SIZE)
+
+/* BL2 primary and secondary images */
+#define FLASH_AREA_0_ID (1)
+#define FLASH_AREA_0_OFFSET (0x50000)
+#define FLASH_AREA_0_SIZE (SE_BL2_PARTITION_SIZE)
+
+#define FLASH_AREA_1_ID (FLASH_AREA_0_ID + 1)
+#define FLASH_AREA_1_OFFSET (FLASH_AREA_0_OFFSET + FLASH_AREA_0_SIZE)
+#define FLASH_AREA_1_SIZE (SE_BL2_PARTITION_SIZE)
+
+/* Macros needed to imgtool.py, used when creating BL2 signed image */
+#define IMAGE_LOAD_ADDRESS (SRAM_BASE + TFM_PARTITION_SIZE + BL2_DATA_GAP_SIZE)
+#define SECURE_IMAGE_OFFSET (0x0)
+#define SECURE_IMAGE_MAX_SIZE (SE_BL2_PARTITION_SIZE)
+#define NON_SECURE_IMAGE_OFFSET (SE_BL2_PARTITION_SIZE)
+#define NON_SECURE_IMAGE_MAX_SIZE (0x0)
+
+#define FLASH_AREA_IMAGE_PRIMARY(x) (((x) == 0) ? FLASH_AREA_0_ID : \
+ 255 )
+#define FLASH_AREA_IMAGE_SECONDARY(x) (((x) == 0) ? FLASH_AREA_1_ID : \
+ 255 )
+
+#define FLASH_AREA_IMAGE_SCRATCH 255
+
+#else
+
+/* TF-M primary and secondary images */
+#define FLASH_AREA_0_ID (1)
+#define FLASH_AREA_0_OFFSET (0x50000 + \
+ SE_BL2_PARTITION_SIZE + SE_BL2_PARTITION_SIZE)
+#define FLASH_AREA_0_SIZE (TFM_PARTITION_SIZE)
+
+#define FLASH_AREA_1_ID (FLASH_AREA_0_ID + 1)
+#define FLASH_AREA_1_OFFSET (FLASH_AREA_0_OFFSET + FLASH_AREA_0_SIZE)
+#define FLASH_AREA_1_SIZE (TFM_PARTITION_SIZE)
+
+/* OPTEE primary and secondary images */
+#define FLASH_AREA_2_ID (FLASH_AREA_1_ID + 1)
+#define FLASH_AREA_2_OFFSET (FLASH_AREA_1_OFFSET + FLASH_AREA_1_SIZE)
+#define FLASH_AREA_2_SIZE (OPTEE_PARTITION_SIZE)
+
+#define FLASH_AREA_3_ID (FLASH_AREA_2_ID + 1)
+#define FLASH_AREA_3_OFFSET (FLASH_AREA_2_OFFSET + FLASH_AREA_2_SIZE)
+#define FLASH_AREA_3_SIZE (OPTEE_PARTITION_SIZE)
+
+/* U-boot primary and secondary images */
+#define FLASH_AREA_4_ID (FLASH_AREA_3_ID + 1)
+#define FLASH_AREA_4_OFFSET (FLASH_AREA_3_OFFSET + FLASH_AREA_3_SIZE)
+#define FLASH_AREA_4_SIZE (U_BOOT_PARTITION_SIZE)
+
+#define FLASH_AREA_5_ID (FLASH_AREA_4_ID + 1)
+#define FLASH_AREA_5_OFFSET (FLASH_AREA_4_OFFSET + FLASH_AREA_4_SIZE)
+#define FLASH_AREA_5_SIZE (U_BOOT_PARTITION_SIZE)
+
+/* SPL primary and secondary images */
+#define FLASH_AREA_6_ID (FLASH_AREA_5_ID + 1)
+#define FLASH_AREA_6_OFFSET (FLASH_AREA_5_OFFSET + FLASH_AREA_5_SIZE)
+#define FLASH_AREA_6_SIZE (SPL_PARTITION_SIZE)
+
+#define FLASH_AREA_7_ID (FLASH_AREA_6_ID + 1)
+#define FLASH_AREA_7_OFFSET (FLASH_AREA_6_OFFSET + FLASH_AREA_6_SIZE)
+#define FLASH_AREA_7_SIZE (SPL_PARTITION_SIZE)
+
+/* Macros needed to imgtool.py, used when creating TF-M signed image */
+#define IMAGE_LOAD_ADDRESS (SRAM_BASE)
+#define SECURE_IMAGE_OFFSET (0x0)
+#define SECURE_IMAGE_MAX_SIZE (TFM_PARTITION_SIZE)
+#define NON_SECURE_IMAGE_OFFSET (TFM_PARTITION_SIZE)
+#define NON_SECURE_IMAGE_MAX_SIZE (0x0)
+
+#define FLASH_AREA_IMAGE_PRIMARY(x) (((x) == 0) ? FLASH_AREA_0_ID : \
+ ((x) == 1) ? FLASH_AREA_2_ID : \
+ ((x) == 2) ? FLASH_AREA_4_ID : \
+ 255 )
+#define FLASH_AREA_IMAGE_SECONDARY(x) (((x) == 0) ? FLASH_AREA_1_ID : \
+ ((x) == 1) ? FLASH_AREA_3_ID : \
+ ((x) == 2) ? FLASH_AREA_5_ID : \
+ 255 )
+
+#define FLASH_AREA_IMAGE_SCRATCH 255
+
+#endif /* BL1 */
+
+#define FLASH_SECTOR_SIZE (PMOD_SF3_FLASH_SECTOR_SIZE) /* 1 kB */
+
+#define FLASH_ITS_AREA_OFFSET (0)
+#define FLASH_ITS_AREA_SIZE (4 * FLASH_SECTOR_SIZE) /* 4 KiB */
+
+#define FLASH_PS_AREA_OFFSET (FLASH_ITS_AREA_OFFSET + \
+ FLASH_ITS_AREA_SIZE)
+#define FLASH_PS_AREA_SIZE (16 * FLASH_SECTOR_SIZE) /* 16 KB */
+
+#define FLASH_NV_COUNTERS_AREA_OFFSET (FLASH_PS_AREA_OFFSET + \
+ FLASH_PS_AREA_SIZE)
+#define FLASH_NV_COUNTERS_AREA_SIZE (FLASH_SECTOR_SIZE) /* 1 KiB */
+
+/* Internal Trusted Storage (ITS) Service definitions
+ * Note: Further documentation of these definitions can be found in the
+ * TF-M ITS Integration Guide.
+ */
+#define TFM_HAL_ITS_FLASH_DRIVER Driver_FLASH0
+
+/* In this target the CMSIS driver requires only the offset from the base
+ * address instead of the full memory address.
+ */
+/* Base address of dedicated flash area for ITS */
+#define TFM_HAL_ITS_FLASH_AREA_ADDR FLASH_ITS_AREA_OFFSET
+/* Size of dedicated flash area for ITS */
+#define TFM_HAL_ITS_FLASH_AREA_SIZE FLASH_ITS_AREA_SIZE
+/* Number of physical erase sectors per logical FS block */
+#define TFM_HAL_ITS_SECTORS_PER_BLOCK (1)
+/* Smallest flash programmable unit in bytes */
+#define TFM_HAL_ITS_PROGRAM_UNIT (1)
+
+/* Protected Storage (PS) Service definitions
+ * Note: Further documentation of these definitions can be found in the
+ * TF-M PS Integration Guide.
+ */
+#define TFM_HAL_PS_FLASH_DRIVER Driver_FLASH0
+
+/* In this target the CMSIS driver requires only the offset from the base
+ * address instead of the full memory address.
+ */
+/* Base address of dedicated flash area for PS */
+#define TFM_HAL_PS_FLASH_AREA_ADDR FLASH_PS_AREA_OFFSET
+/* Size of dedicated flash area for PS */
+#define TFM_HAL_PS_FLASH_AREA_SIZE FLASH_PS_AREA_SIZE
+/* Number of physical erase sectors per logical FS block */
+#define TFM_HAL_PS_SECTORS_PER_BLOCK (4)
+/* Smallest flash programmable unit in bytes */
+#define TFM_HAL_PS_PROGRAM_UNIT (1)
+
+#define NV_COUNTERS_FLASH_DEV_NAME Driver_FLASH0
+
+/* NV Counters definitions */
+#define TFM_NV_COUNTERS_AREA_ADDR FLASH_NV_COUNTERS_AREA_OFFSET
+#define TFM_NV_COUNTERS_AREA_SIZE (0x20) /* 24 Bytes*/
+#define TFM_NV_COUNTERS_SECTOR_ADDR FLASH_NV_COUNTERS_AREA_OFFSET
+#define TFM_NV_COUNTERS_SECTOR_SIZE FLASH_SECTOR_SIZE
+
+#endif /* __FLASH_LAYOUT_H__ */
diff --git a/platform/ext/target/arm/diphda/partition/region_defs.h b/platform/ext/target/arm/diphda/partition/region_defs.h
new file mode 100644
index 0000000..2369fc5
--- /dev/null
+++ b/platform/ext/target/arm/diphda/partition/region_defs.h
@@ -0,0 +1,112 @@
+/*
+ * Copyright (c) 2017-2021 Arm Limited. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __REGION_DEFS_H__
+#define __REGION_DEFS_H__
+
+#include "flash_layout.h"
+
+#define BL2_HEAP_SIZE (0x0001000)
+#define BL2_MSP_STACK_SIZE (0x0001800)
+
+#define BL1_HEAP_SIZE (0x0001000)
+#define BL1_MSP_STACK_SIZE (0x0001800)
+
+#define S_HEAP_SIZE (0x0000200)
+#define S_MSP_STACK_SIZE_INIT (0x0000400)
+#define S_MSP_STACK_SIZE (0x0000800)
+#define S_PSP_STACK_SIZE (0x0000800)
+
+#define BOOT_TFM_SHARED_DATA_SIZE (0x400)
+
+/* This size of buffer is big enough to store an attestation
+ * token produced by initial attestation service
+ */
+#define PSA_INITIAL_ATTEST_TOKEN_MAX_SIZE (0x250)
+
+#define BL2_HEADER_SIZE (0x400) /* 1 KB */
+#define BL2_TRAILER_SIZE (0x800) /* 2 KB */
+
+#define IMAGE_TFM_CODE_SIZE \
+ (TFM_PARTITION_SIZE - BL2_HEADER_SIZE - BL2_TRAILER_SIZE)
+
+#define IMAGE_BL2_CODE_SIZE \
+ (SE_BL2_PARTITION_SIZE - BL2_HEADER_SIZE - BL2_TRAILER_SIZE)
+
+/* Secure regions */
+#define S_CODE_START (SRAM_BASE + BL2_HEADER_SIZE)
+#define S_CODE_SIZE (IMAGE_TFM_CODE_SIZE)
+#define S_CODE_LIMIT (S_CODE_START + S_CODE_SIZE - 1)
+
+#define S_DATA_START (SRAM_BASE + TFM_PARTITION_SIZE)
+#define S_DATA_SIZE (SRAM_SIZE - TFM_PARTITION_SIZE)
+#define S_UNPRIV_DATA_SIZE (0x2000)
+#define S_DATA_LIMIT (S_DATA_START + S_DATA_SIZE - 1)
+#define S_DATA_PRIV_START (S_DATA_START + S_UNPRIV_DATA_SIZE)
+
+/* OpenAMP shared memory region */
+#define OPENAMP_SE_SHARED_MEMORY_START_ADDR 0x62380000
+#define OPENAMP_HOST_SHARED_MEMORY_START_ADDR 0x2380000
+#define OPENAMP_SHARED_MEMORY_SIZE (32 * 1024) /* 32KB */
+
+#define NS_DATA_START OPENAMP_SE_SHARED_MEMORY_START_ADDR
+#define NS_DATA_SIZE OPENAMP_SHARED_MEMORY_SIZE
+
+/* Stub NS macros needed for compilation */
+#define NS_DATA_LIMIT 0x0
+#define NS_CODE_START 0x0
+#define NS_CODE_SIZE 0x0
+#define NS_CODE_LIMIT 0x0
+#define NS_PARTITION_START 0
+#define NS_PARTITION_SIZE (NS_DATA_SIZE)
+
+/* Secondary partition for new images in case of firmware upgrade */
+#define SECONDARY_PARTITION_START 0
+#define SECONDARY_PARTITION_SIZE (TFM_PARTITION_SIZE)
+
+
+/* SE BL2 regions */
+#define BL2_CODE_START (SRAM_BASE + TFM_PARTITION_SIZE + \
+ BL2_DATA_GAP_SIZE + BL2_HEADER_SIZE)
+#define BL2_CODE_SIZE (IMAGE_BL2_CODE_SIZE)
+#define BL2_CODE_LIMIT (BL2_CODE_START + BL2_CODE_SIZE - 1)
+
+#define BL2_DATA_START (BOOT_TFM_SHARED_DATA_BASE + \
+ BOOT_TFM_SHARED_DATA_SIZE)
+#define BL2_DATA_SIZE (BL2_CODE_START - BL2_HEADER_SIZE - BL2_DATA_START)
+#define BL2_DATA_LIMIT (BL2_DATA_START + BL2_DATA_SIZE - 1)
+
+/* SE BL1 regions */
+#define BL1_CODE_START (0)
+#define BL1_CODE_SIZE (0x00020000) /* Whole SE ROM, 128 KiB */
+#define BL1_CODE_LIMIT (BL2_CODE_START + BL2_CODE_SIZE - 1)
+
+#ifndef BL1
+/* Shared data area between bootloader and runtime firmware.
+ * Shared data area is allocated at the beginning of the privileged data area,
+ * it is overlapping with TF-M Secure code's MSP stack
+ */
+#define BOOT_TFM_SHARED_DATA_BASE (S_DATA_PRIV_START)
+#else
+/* Shared data area between BL1 and BL2 */
+#define BOOT_TFM_SHARED_DATA_BASE (BL1_DATA_START + BL1_DATA_SIZE)
+#endif
+
+#define BOOT_TFM_SHARED_DATA_LIMIT (BOOT_TFM_SHARED_DATA_BASE + \
+ BOOT_TFM_SHARED_DATA_SIZE - 1)
+
+#endif /* __REGION_DEFS_H__ */
+
diff --git a/platform/ext/target/arm/diphda/preload.cmake b/platform/ext/target/arm/diphda/preload.cmake
new file mode 100644
index 0000000..ba3714d
--- /dev/null
+++ b/platform/ext/target/arm/diphda/preload.cmake
@@ -0,0 +1,19 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2020-2021, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+# preload.cmake is used to set things that related to the platform that are both
+# immutable and global, which is to say they should apply to any kind of project
+# that uses this plaform. In practise this is normally compiler definitions and
+# variables related to hardware.
+
+# Set architecture and CPU
+set(TFM_SYSTEM_PROCESSOR cortex-m0plus)
+set(TFM_SYSTEM_ARCHITECTURE armv6-m)
+
+
+# Secure Enclave has a CryptoCell-312 as an accelerator.
+set(CRYPTO_HW_ACCELERATOR_TYPE cc312)
diff --git a/platform/ext/target/arm/diphda/preload_ns.cmake b/platform/ext/target/arm/diphda/preload_ns.cmake
new file mode 100644
index 0000000..9613613
--- /dev/null
+++ b/platform/ext/target/arm/diphda/preload_ns.cmake
@@ -0,0 +1,9 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2020-2021, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+# Placeholder because of interface include rule when TFM_MULTI_CORE_TOPOLOGY is
+# set.
diff --git a/platform/ext/target/arm/diphda/readme.rst b/platform/ext/target/arm/diphda/readme.rst
new file mode 100644
index 0000000..54b6f24
--- /dev/null
+++ b/platform/ext/target/arm/diphda/readme.rst
@@ -0,0 +1,51 @@
+###########
+ARM: Diphda
+###########
+
+************
+Introduction
+************
+
+The ARM's Diphda platform is a reference implementation of PSA FF-M
+architecture where NSPE and SPE environments are partitioned into
+Cortex-A35 and Cortex-M0+ respectively.
+
+Cortex-M0+ acting as Secure Enclave is the Root-of-trust of SoC. Its
+software comprises of two boot loading stages, i.e. Bl1 and Bl2, based on
+mcuboot, and TF-M as run time software. Cortex-A35, also referred as host,
+is completely treated as non-secure from the Secure Enclave perspective.
+The Cortex-A35 is brought out of rest by Secure Enclave in aarch64 bit mode,
+and boots the software ecosystem based on linux, u-boot, UEFI run time
+services, TF-A and Optee.
+
+The communication between NSPE and SPE is based on PSA IPC protocol running on
+top of OpenAMP.
+
+The secure enclave subsystem has ARM's CC-312 (Crypto Cell) hardware to
+accelerate cryptographic operations.
+
+***********
+System boot
+***********
+
+- The SoC reset brings Secure Enclave (SE), that is Cortex-M0+, out of rest.
+- SE executes the BL1 ROM code based on mcuboot.
+- BL1 load, verifies and transfer execution to BL2 which is again based on mcuboot.
+- BL2 loads and verifies TF-M and host's initial boot loader image.
+- BL2 transfer the execution to the TF-M.
+- During TF-M initialization, the host is reset.
+
+*****
+Build
+*****
+
+cmake -B build/ -S <tf-m-root>/ -DCMAKE_BUILD_TYPE=Debug -DTFM_TOOLCHAIN_FILE=<tf-m-root>/toolchain_GNUARM.cmake -DTFM_PLATFORM=arm/diphda
+
+cmake --build build -- install
+
+The binaries will will installed inside:
+./build/install/outputs/ARM/DIPHDA
+
+--------------
+
+*Copyright (c) 2021, Arm Limited. All rights reserved.*
diff --git a/platform/ext/target/arm/diphda/services/src/tfm_platform_system.c b/platform/ext/target/arm/diphda/services/src/tfm_platform_system.c
new file mode 100644
index 0000000..ed31c88
--- /dev/null
+++ b/platform/ext/target/arm/diphda/services/src/tfm_platform_system.c
@@ -0,0 +1,25 @@
+/*
+ * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "tfm_platform_system.h"
+#include "platform_description.h"
+
+void tfm_platform_hal_system_reset(void)
+{
+ /* Reset the system */
+ NVIC_SystemReset();
+}
+
+enum tfm_platform_err_t tfm_platform_hal_ioctl(tfm_platform_ioctl_req_t request,
+ psa_invec *in_vec,
+ psa_outvec *out_vec)
+{
+ (void)in_vec;
+ (void)out_vec;
+ /* No IOCTL is ipmlemented */
+ return TFM_PLATFORM_ERR_NOT_SUPPORTED;
+}
diff --git a/platform/ext/target/arm/diphda/spm_hal.c b/platform/ext/target/arm/diphda/spm_hal.c
new file mode 100644
index 0000000..290a22b
--- /dev/null
+++ b/platform/ext/target/arm/diphda/spm_hal.c
@@ -0,0 +1,170 @@
+/*
+ * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include <stdbool.h>
+#include <stdio.h>
+#include <string.h>
+
+#include "tfm_spm_hal.h"
+
+#include "device_definition.h"
+#include "region_defs.h"
+#include "log/tfm_log.h"
+#include "tfm_multi_core.h"
+#include "tfm_platform_core_api.h"
+#include "tfm_hal_isolation.h"
+
+#include "platform_base_address.h"
+
+#include "xilinx_pg153_axi_qspi_controller_drv.h"
+
+enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
+ bool priviledged,
+ const struct platform_data_t *platform_data)
+{
+ /* Setup of isolation HW not implemented yet. */
+ (void) priviledged;
+ (void) platform_data;
+ return TFM_PLAT_ERR_SUCCESS;
+}
+
+#define HOST_SYS_RST_CTRL_OFFSET 0x0
+#define HOST_CPU_CORE0_WAKEUP_OFFSET 0x308
+
+void tfm_spm_hal_boot_ns_cpu(uintptr_t start_addr)
+{
+ /* Switch the flash controller to XiP mode for the host */
+ select_xip_mode(&AXI_QSPI_DEV_S);
+
+ volatile uint32_t *bir_base = (uint32_t *)DIPHDA_HOST_BIR_BASE;
+
+ /* Program Boot Instruction Register to jump to BL32 base address
+ * at 0x02003000, corresponding assembler instructions are as below.
+ * e51f1000 ldr r1, [pc, #-0]
+ * e12fff11 bx r1
+ * 02003000 .word 0x02003000
+ */
+ bir_base[0] = 0xE51F1000;
+ bir_base[1] = 0xE12fff11;
+ bir_base[2] = 0x02003000;
+
+ volatile uint32_t *reset_ctl_reg = (uint32_t *)(DIPHDA_BASE_SCR_BASE
+ + HOST_SYS_RST_CTRL_OFFSET);
+ volatile uint32_t *reset_ctl_wakeup_reg =
+ (uint32_t *)(DIPHDA_HOST_BASE_SYSTEM_CONTROL_BASE
+ + HOST_CPU_CORE0_WAKEUP_OFFSET);
+
+ /* wakeup CORE0 before bringing it out of reset */
+ *reset_ctl_wakeup_reg = 0x1;
+
+ /* Clear HOST_SYS_RST_CTRL register to bring host out of RESET */
+ *reset_ctl_reg = 0;
+
+ (void) start_addr;
+}
+
+void tfm_spm_hal_wait_for_ns_cpu_ready(void)
+{
+ /* Synchronization between Host and SE is done by OpenAMP */
+}
+
+enum tfm_plat_err_t tfm_spm_hal_set_secure_irq_priority(IRQn_Type irq_line)
+{
+ NVIC_SetPriority(irq_line, DEFAULT_IRQ_PRIORITY);
+
+ return TFM_PLAT_ERR_SUCCESS;
+}
+
+void tfm_spm_hal_get_mem_security_attr(const void *p, size_t s,
+ struct security_attr_info_t *p_attr)
+{
+ /* Check static memory layout to get memory attributes */
+ tfm_get_mem_region_security_attr(p, s, p_attr);
+}
+
+void tfm_spm_hal_get_secure_access_attr(const void *p, size_t s,
+ struct mem_attr_info_t *p_attr)
+{
+ /* Check static memory layout to get memory attributes */
+ tfm_get_secure_mem_region_attr(p, s, p_attr);
+}
+
+void tfm_spm_hal_get_ns_access_attr(const void *p, size_t s,
+ struct mem_attr_info_t *p_attr)
+{
+ /* Check static memory layout to get memory attributes */
+ tfm_get_ns_mem_region_attr(p, s, p_attr);
+}
+
+enum tfm_plat_err_t tfm_spm_hal_nvic_interrupt_enable(void)
+{
+ /* Nothing to do, no interrupt needs to be enabled in Secure Enclave */
+ return TFM_PLAT_ERR_SUCCESS;
+}
+
+void tfm_spm_hal_clear_pending_irq(IRQn_Type irq_line)
+{
+ NVIC_ClearPendingIRQ(irq_line);
+}
+
+void tfm_spm_hal_enable_irq(IRQn_Type irq_line)
+{
+ NVIC_EnableIRQ(irq_line);
+}
+
+void tfm_spm_hal_disable_irq(IRQn_Type irq_line)
+{
+ NVIC_DisableIRQ(irq_line);
+}
+
+enum irq_target_state_t tfm_spm_hal_set_irq_target_state(
+ IRQn_Type irq_line,
+ enum irq_target_state_t target_state)
+{
+ /* Nothing to do, target state of interrupts cannot be set on Armv6-m */
+ (void)irq_line;
+ (void)target_state;
+
+ return TFM_IRQ_TARGET_STATE_SECURE;
+}
+
+enum tfm_plat_err_t tfm_spm_hal_nvic_interrupt_target_state_cfg(void)
+{
+ /* Nothing to do, target state of interrupts cannot be set on Armv6-m */
+ return TFM_PLAT_ERR_SUCCESS;
+}
+
+enum tfm_plat_err_t tfm_spm_hal_enable_fault_handlers(void)
+{
+ /* Nothing to do, fault handlers are not implemented on Armv6-m */
+ return TFM_PLAT_ERR_SUCCESS;
+}
+
+enum tfm_plat_err_t tfm_spm_hal_system_reset_cfg(void)
+{
+ /* Nothing to do, system reset do no require any initialization */
+ return TFM_PLAT_ERR_SUCCESS;
+}
+
+enum tfm_plat_err_t tfm_spm_hal_init_debug(void)
+{
+ /* Nothing to do, no initialization options for the debug subsystem on
+ * Armv6-m */
+ return TFM_PLAT_ERR_SUCCESS;
+}
+
+uint32_t tfm_spm_hal_get_ns_entry_point(void)
+{
+ /* Boot of Host processor not implemented yet. */
+ return 0;
+}
+
+uint32_t tfm_spm_hal_get_ns_VTOR(void)
+{
+ /* Boot of Host processor not implemented yet. */
+ return 0;
+}
diff --git a/platform/ext/target/arm/diphda/target_cfg.h b/platform/ext/target/arm/diphda/target_cfg.h
new file mode 100644
index 0000000..1ad6f1b
--- /dev/null
+++ b/platform/ext/target/arm/diphda/target_cfg.h
@@ -0,0 +1,22 @@
+/*
+ * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __TARGET_CFG_H__
+#define __TARGET_CFG_H__
+
+#define TFM_DRIVER_STDIO Driver_USART0
+
+#endif /* __TARGET_CFG_H__ */
diff --git a/platform/ext/target/arm/diphda/tfm_hal_isolation.c b/platform/ext/target/arm/diphda/tfm_hal_isolation.c
new file mode 100644
index 0000000..9c6298b
--- /dev/null
+++ b/platform/ext/target/arm/diphda/tfm_hal_isolation.c
@@ -0,0 +1,30 @@
+/*
+ * Copyright (c) 2020-2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "tfm_api.h"
+#include "tfm_hal_defs.h"
+#include "tfm_multi_core.h"
+
+enum tfm_hal_status_t tfm_hal_set_up_static_boundaries(void)
+{
+ /* Setup of isolation HW not implemented yet. */
+ return TFM_HAL_SUCCESS;
+}
+
+enum tfm_hal_status_t tfm_hal_memory_has_access(uintptr_t base,
+ size_t size,
+ uint32_t attr)
+{
+ enum tfm_status_e status;
+
+ status = tfm_has_access_to_region((const void *)base, size, attr);
+ if (status != TFM_SUCCESS) {
+ return TFM_HAL_ERROR_MEM_FAULT;
+ }
+
+ return TFM_HAL_SUCCESS;
+}
diff --git a/platform/ext/target/arm/diphda/tfm_peripherals_def.h b/platform/ext/target/arm/diphda/tfm_peripherals_def.h
new file mode 100644
index 0000000..4eaf7a3
--- /dev/null
+++ b/platform/ext/target/arm/diphda/tfm_peripherals_def.h
@@ -0,0 +1,25 @@
+/*
+ * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __TFM_PERIPHERALS_DEF_H__
+#define __TFM_PERIPHERALS_DEF_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct tfm_spm_partition_platform_data_t;
+
+extern struct tfm_spm_partition_platform_data_t tfm_peripheral_std_uart;
+
+#define TFM_PERIPHERAL_STD_UART (&tfm_peripheral_std_uart)
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __TFM_PERIPHERALS_DEF_H__ */
diff --git a/platform/ext/target/arm/diphda/tfm_rotpk.c b/platform/ext/target/arm/diphda/tfm_rotpk.c
new file mode 100644
index 0000000..f95869f
--- /dev/null
+++ b/platform/ext/target/arm/diphda/tfm_rotpk.c
@@ -0,0 +1,136 @@
+/*
+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include <stdint.h>
+#include "tfm_plat_crypto_keys.h"
+/**
+ * \file tfm_rotpk.c
+ *
+ * This file contains the hash value (SHA256) of the public parts of the
+ * firmware signing keys in bl2/ext/mcuboot folder (*.pem files).
+ * This simulates when the hash of the Root of Trust Public Key is programmed
+ * to an immutable device memory to be able to validate the image verification
+ * key.
+ *
+ * \note These key-hash values must be provisioned to the SoC during the
+ * production, independently from firmware binaries. This solution
+ * (hard-coded key-hash values in firmware) is not suited for use in
+ * production!
+ */
+
+#if (MCUBOOT_SIGN_RSA_LEN == 2048)
+/* Hash of public key: bl2/ext/mcuboot/root-rsa-2048.pem */
+uint8_t rotpk_hash_0[ROTPK_HASH_LEN] = {
+ 0xfc, 0x57, 0x01, 0xdc, 0x61, 0x35, 0xe1, 0x32,
+ 0x38, 0x47, 0xbd, 0xc4, 0x0f, 0x04, 0xd2, 0xe5,
+ 0xbe, 0xe5, 0x83, 0x3b, 0x23, 0xc2, 0x9f, 0x93,
+ 0x59, 0x3d, 0x00, 0x01, 0x8c, 0xfa, 0x99, 0x94,
+};
+
+#ifndef BL1
+/* Hash of public key: bl2/ext/mcuboot/root-rsa-2048_1.pem */
+uint8_t rotpk_hash_1[ROTPK_HASH_LEN] = {
+ 0xe1, 0x80, 0x15, 0x99, 0x3d, 0x6d, 0x27, 0x60,
+ 0xb4, 0x99, 0x27, 0x4b, 0xae, 0xf2, 0x64, 0xb8,
+ 0x3a, 0xf2, 0x29, 0xe9, 0xa7, 0x85, 0xf3, 0xd5,
+ 0xbf, 0x00, 0xb9, 0xd3, 0x2c, 0x1f, 0x03, 0x96,
+};
+#endif
+
+#elif (MCUBOOT_SIGN_RSA_LEN == 3072)
+/* Hash of public key: bl2/ext/mcuboot/root-rsa-3072.pem */
+uint8_t rotpk_hash_0[ROTPK_HASH_LEN] = {
+ 0xbf, 0xe6, 0xd8, 0x6f, 0x88, 0x26, 0xf4, 0xff,
+ 0x97, 0xfb, 0x96, 0xc4, 0xe6, 0xfb, 0xc4, 0x99,
+ 0x3e, 0x46, 0x19, 0xfc, 0x56, 0x5d, 0xa2, 0x6a,
+ 0xdf, 0x34, 0xc3, 0x29, 0x48, 0x9a, 0xdc, 0x38,
+};
+
+#ifndef BL1
+/* Hash of public key: bl2/ext/mcuboot/root-rsa-3072_1.pem */
+uint8_t rotpk_hash_1[ROTPK_HASH_LEN] = {
+ 0xb3, 0x60, 0xca, 0xf5, 0xc9, 0x8c, 0x6b, 0x94,
+ 0x2a, 0x48, 0x82, 0xfa, 0x9d, 0x48, 0x23, 0xef,
+ 0xb1, 0x66, 0xa9, 0xef, 0x6a, 0x6e, 0x4a, 0xa3,
+ 0x7c, 0x19, 0x19, 0xed, 0x1f, 0xcc, 0xc0, 0x49,
+};
+#endif
+
+#else
+#error "No public key available for given signing algorithm."
+#endif
+
+const struct tfm_plat_rotpk_t device_rotpk[] = {
+ {
+ .key_hash = rotpk_hash_0,
+ .hash_len = ROTPK_HASH_LEN,
+ },
+#ifndef BL1
+ {
+ .key_hash = rotpk_hash_1,
+ .hash_len = ROTPK_HASH_LEN,
+ },
+#endif
+};
+
+#ifdef BL1
+const uint32_t rotpk_key_cnt = 1;
+#else
+const uint32_t rotpk_key_cnt = 2;
+#endif
+
+/**
+ * \brief Copy the key to the destination buffer
+ *
+ * \param[out] p_dst Pointer to buffer where to store the key
+ * \param[in] p_src Pointer to the key
+ * \param[in] size Length of the key
+ */
+static inline void copy_key(uint8_t *p_dst, const uint8_t *p_src, size_t size)
+{
+ uint32_t i;
+
+ for (i = size; i > 0; i--) {
+ *p_dst = *p_src;
+ p_src++;
+ p_dst++;
+ }
+}
+
+enum tfm_plat_err_t
+tfm_plat_get_rotpk_hash(uint8_t image_id,
+ uint8_t *rotpk_hash,
+ uint32_t *rotpk_hash_size)
+{
+ if ((rotpk_hash == NULL) || rotpk_hash_size == NULL) {
+ return TFM_PLAT_ERR_SYSTEM_ERR;
+ }
+
+ if(*rotpk_hash_size < ROTPK_HASH_LEN) {
+ return TFM_PLAT_ERR_SYSTEM_ERR;
+ }
+
+ *rotpk_hash_size = ROTPK_HASH_LEN;
+
+#ifdef BL1
+ if (image_id == 0) {
+ copy_key(rotpk_hash, device_rotpk[0].key_hash, *rotpk_hash_size);
+ } else {
+ return TFM_PLAT_ERR_SYSTEM_ERR;
+ }
+#else
+ if (image_id == 0) {
+ copy_key(rotpk_hash, device_rotpk[0].key_hash, *rotpk_hash_size);
+ } else if ((image_id == 1) || (image_id == 2)) {
+ copy_key(rotpk_hash, device_rotpk[1].key_hash, *rotpk_hash_size);
+ } else {
+ return TFM_PLAT_ERR_SYSTEM_ERR;
+ }
+#endif
+
+ return TFM_PLAT_ERR_SUCCESS;
+}
diff --git a/platform/ext/target/arm/mps2/an519/CMakeLists.txt b/platform/ext/target/arm/mps2/an519/CMakeLists.txt
index 5e0f015..4f165a2 100644
--- a/platform/ext/target/arm/mps2/an519/CMakeLists.txt
+++ b/platform/ext/target/arm/mps2/an519/CMakeLists.txt
@@ -92,8 +92,9 @@
target_cfg.c
native_drivers/ppc_sse200_drv.c
native_drivers/arm_uart_drv.c
+ $<$<AND:$<NOT:$<BOOL:${TEST_NS_SLIH_IRQ}>>,$<NOT:$<BOOL:${TEST_NS_FLIH_IRQ}>>>:${CMAKE_CURRENT_SOURCE_DIR}/native_drivers/timer_cmsdk/timer_cmsdk.c>
${CMAKE_SOURCE_DIR}/platform/ext/common/tfm_hal_isolation_mpu_v8m.c
- $<$<OR:$<BOOL:${TEST_NS}>,$<BOOL:${TEST_S}>>:${CMAKE_CURRENT_SOURCE_DIR}/plat_test.c>
+ $<$<BOOL:${TFM_TEST}>:${CMAKE_CURRENT_SOURCE_DIR}/plat_test.c>
$<$<BOOL:${TFM_PARTITION_PLATFORM}>:${CMAKE_CURRENT_SOURCE_DIR}/services/src/tfm_platform_system.c>
)
@@ -104,7 +105,9 @@
target_sources(tfm_sprt
PRIVATE
- native_drivers/timer_cmsdk/timer_cmsdk.c
+ # SLIH test Partition and FLIH test Partition access the timer as ARoT Partitions.
+ # Put the driver to SPRT so that both SLIH and FLIH tests can access it.
+ $<$<OR:$<BOOL:${TEST_NS_SLIH_IRQ}>,$<BOOL:${TEST_NS_FLIH_IRQ}>>:${CMAKE_CURRENT_SOURCE_DIR}/native_drivers/timer_cmsdk/timer_cmsdk.c>
)
#========================= Platform Non-Secure ================================#
diff --git a/platform/ext/target/arm/mps2/an519/retarget/platform_retarget_dev.c b/platform/ext/target/arm/mps2/an519/retarget/platform_retarget_dev.c
index 44cd135..b732b95 100644
--- a/platform/ext/target/arm/mps2/an519/retarget/platform_retarget_dev.c
+++ b/platform/ext/target/arm/mps2/an519/retarget/platform_retarget_dev.c
@@ -302,24 +302,24 @@
/* CMSDK Timer driver structures */
#ifdef CMSDK_TIMER0_S
static const struct cmsdk_timer_dev_cfg_t CMSDK_TIMER0_DEV_CFG_S
-#ifdef TFM_ENABLE_SLIH_TEST
+#ifdef TEST_NS_SLIH_IRQ
TFM_LINK_SET_RO_IN_PARTITION_SECTION("TFM_SP_SLIH_TEST", "APP-ROT")
-#elif defined(TFM_ENABLE_FLIH_TEST)
+#elif defined(TEST_NS_FLIH_IRQ)
TFM_LINK_SET_RO_IN_PARTITION_SECTION("TFM_SP_FLIH_TEST", "APP-ROT")
#endif
= {.base = CMSDK_TIMER0_BASE_S};
static struct cmsdk_timer_dev_data_t CMSDK_TIMER0_DEV_DATA_S
-#ifdef TFM_ENABLE_SLIH_TEST
+#ifdef TEST_NS_SLIH_IRQ
TFM_LINK_SET_RW_IN_PARTITION_SECTION("TFM_SP_SLIH_TEST", "APP-ROT")
-#elif defined(TFM_ENABLE_FLIH_TEST)
+#elif defined(TEST_NS_FLIH_IRQ)
TFM_LINK_SET_RW_IN_PARTITION_SECTION("TFM_SP_FLIH_TEST", "APP-ROT")
#endif
= {.is_initialized = 0};
struct cmsdk_timer_dev_t CMSDK_TIMER0_DEV_S
-#ifdef TFM_ENABLE_SLIH_TEST
+#ifdef TEST_NS_SLIH_IRQ
TFM_LINK_SET_RW_IN_PARTITION_SECTION("TFM_SP_SLIH_TEST", "APP-ROT")
-#elif defined(TFM_ENABLE_FLIH_TEST)
+#elif defined(TEST_NS_FLIH_IRQ)
TFM_LINK_SET_RW_IN_PARTITION_SECTION("TFM_SP_FLIH_TEST", "APP-ROT")
#endif
= {&(CMSDK_TIMER0_DEV_CFG_S), &(CMSDK_TIMER0_DEV_DATA_S)};
diff --git a/platform/ext/target/arm/mps2/an521/CMakeLists.txt b/platform/ext/target/arm/mps2/an521/CMakeLists.txt
index 9197514..851eed6 100644
--- a/platform/ext/target/arm/mps2/an521/CMakeLists.txt
+++ b/platform/ext/target/arm/mps2/an521/CMakeLists.txt
@@ -98,14 +98,17 @@
target_cfg.c
native_drivers/ppc_sse200_drv.c
native_drivers/arm_uart_drv.c
+ $<$<AND:$<NOT:$<BOOL:${TEST_NS_SLIH_IRQ}>>,$<NOT:$<BOOL:${TEST_NS_FLIH_IRQ}>>>:${CMAKE_CURRENT_SOURCE_DIR}/native_drivers/timer_cmsdk/timer_cmsdk.c>
${CMAKE_SOURCE_DIR}/platform/ext/common/tfm_hal_isolation_mpu_v8m.c
- $<$<OR:$<BOOL:${TEST_NS}>,$<BOOL:${TEST_S}>>:${CMAKE_CURRENT_SOURCE_DIR}/plat_test.c>
+ $<$<BOOL:${TFM_TEST}>:${CMAKE_CURRENT_SOURCE_DIR}/plat_test.c>
$<$<BOOL:${TFM_PARTITION_PLATFORM}>:${CMAKE_CURRENT_SOURCE_DIR}/services/src/tfm_platform_system.c>
)
target_sources(tfm_sprt
PRIVATE
- native_drivers/timer_cmsdk/timer_cmsdk.c
+ # SLIH test Partition and FLIH test Partition access the timer as ARoT Partitions.
+ # Put the driver to SPRT so that both SLIH and FLIH tests can access it.
+ $<$<OR:$<BOOL:${TEST_NS_SLIH_IRQ}>,$<BOOL:${TEST_NS_FLIH_IRQ}>>:${CMAKE_CURRENT_SOURCE_DIR}/native_drivers/timer_cmsdk/timer_cmsdk.c>
)
target_compile_options(platform_s
@@ -171,21 +174,3 @@
native_drivers
)
endif()
-
-#========================= Crypto =============================================#
-
-target_sources(tfm_psa_rot_partition_crypto
- PRIVATE
- $<$<BOOL:${TFM_PSA_API}>:${CMAKE_SOURCE_DIR}/platform/ext/common/template/crypto_nv_seed.c>
- $<$<AND:$<BOOL:${TFM_PSA_API}>,$<BOOL:${PLATFORM_DUMMY_NV_SEED}>>:${CMAKE_SOURCE_DIR}/platform/ext/common/template/crypto_dummy_nv_seed.c>
-)
-
-target_compile_definitions(tfm_psa_rot_partition_crypto
- PRIVATE
- $<$<AND:$<BOOL:${TFM_PSA_API}>,$<BOOL:${PLATFORM_DUMMY_NV_SEED}>>:PLATFORM_DUMMY_NV_SEED>
-)
-
-target_include_directories(crypto_service_mbedcrypto
- PUBLIC
- ${CMAKE_SOURCE_DIR}/platform/include
-)
diff --git a/platform/ext/target/arm/mps2/an521/config.cmake b/platform/ext/target/arm/mps2/an521/config.cmake
index b0dbc04..d93f5bb 100644
--- a/platform/ext/target/arm/mps2/an521/config.cmake
+++ b/platform/ext/target/arm/mps2/an521/config.cmake
@@ -8,6 +8,8 @@
set(TFM_EXTRA_GENERATED_FILE_LIST_PATH ${CMAKE_CURRENT_SOURCE_DIR}/platform/ext/target/arm/mps2/an521/generated_file_list.yaml CACHE PATH "Path to extra generated file list. Appended to stardard TFM generated file list." FORCE)
if(TFM_PSA_API)
- set(TFM_MBEDCRYPTO_PLATFORM_EXTRA_CONFIG_PATH ${CMAKE_CURRENT_LIST_DIR}/mbedtls_an521_conf.h CACHE FILEPATH "Config to append to standard Mbed Crypto config, used by platforms to configure feature support")
- set(PLATFORM_DUMMY_NV_SEED TRUE CACHE BOOL "Use dummy NV seed implementation. Should not be used in production.")
+ if (NOT TEST_NS_SLIH_IRQ AND TEST_NS)
+ # FLIH and SLIH testing can not be enabled at the same time
+ set(TEST_NS_FLIH_IRQ ON CACHE BOOL "Enable FLIH testing")
+ endif()
endif()
diff --git a/platform/ext/target/arm/mps2/an521/retarget/platform_retarget_dev.c b/platform/ext/target/arm/mps2/an521/retarget/platform_retarget_dev.c
index fa071db..bcbfd18 100644
--- a/platform/ext/target/arm/mps2/an521/retarget/platform_retarget_dev.c
+++ b/platform/ext/target/arm/mps2/an521/retarget/platform_retarget_dev.c
@@ -302,24 +302,24 @@
/* CMSDK Timer driver structures */
#ifdef CMSDK_TIMER0_S
static const struct cmsdk_timer_dev_cfg_t CMSDK_TIMER0_DEV_CFG_S
-#ifdef TFM_ENABLE_SLIH_TEST
+#ifdef TEST_NS_SLIH_IRQ
TFM_LINK_SET_RO_IN_PARTITION_SECTION("TFM_SP_SLIH_TEST", "APP-ROT")
-#elif defined(TFM_ENABLE_FLIH_TEST)
+#elif defined(TEST_NS_FLIH_IRQ)
TFM_LINK_SET_RO_IN_PARTITION_SECTION("TFM_SP_FLIH_TEST", "APP-ROT")
#endif
= {.base = CMSDK_TIMER0_BASE_S};
static struct cmsdk_timer_dev_data_t CMSDK_TIMER0_DEV_DATA_S
-#ifdef TFM_ENABLE_SLIH_TEST
+#ifdef TEST_NS_SLIH_IRQ
TFM_LINK_SET_RW_IN_PARTITION_SECTION("TFM_SP_SLIH_TEST", "APP-ROT")
-#elif defined(TFM_ENABLE_FLIH_TEST)
+#elif defined(TEST_NS_FLIH_IRQ)
TFM_LINK_SET_RW_IN_PARTITION_SECTION("TFM_SP_FLIH_TEST", "APP-ROT")
#endif
= {.is_initialized = 0};
struct cmsdk_timer_dev_t CMSDK_TIMER0_DEV_S
-#ifdef TFM_ENABLE_SLIH_TEST
+#ifdef TEST_NS_SLIH_IRQ
TFM_LINK_SET_RW_IN_PARTITION_SECTION("TFM_SP_SLIH_TEST", "APP-ROT")
-#elif defined(TFM_ENABLE_FLIH_TEST)
+#elif defined(TEST_NS_FLIH_IRQ)
TFM_LINK_SET_RW_IN_PARTITION_SECTION("TFM_SP_FLIH_TEST", "APP-ROT")
#endif
= {&(CMSDK_TIMER0_DEV_CFG_S), &(CMSDK_TIMER0_DEV_DATA_S)};
diff --git a/platform/ext/target/arm/mps3/an524/device/source/device_definition.c b/platform/ext/target/arm/mps3/an524/device/source/device_definition.c
index 0dda9e9..40ca53b 100644
--- a/platform/ext/target/arm/mps3/an524/device/source/device_definition.c
+++ b/platform/ext/target/arm/mps3/an524/device/source/device_definition.c
@@ -344,21 +344,21 @@
/* CMSDK Timer driver structures */
#ifdef CMSDK_TIMER0_S
static const struct timer_cmsdk_dev_cfg_t CMSDK_TIMER0_DEV_CFG_S
-#ifdef TFM_ENABLE_SLIH_TEST
+#ifdef TEST_NS_SLIH_IRQ
TFM_LINK_SET_RO_IN_PARTITION_SECTION("TFM_SP_SLIH_TEST", "APP-ROT")
#endif
= {
.base = CMSDK_TIMER0_BASE_S
};
static struct timer_cmsdk_dev_data_t CMSDK_TIMER0_DEV_DATA_S
-#ifdef TFM_ENABLE_SLIH_TEST
+#ifdef TEST_NS_SLIH_IRQ
TFM_LINK_SET_RW_IN_PARTITION_SECTION("TFM_SP_SLIH_TEST", "APP-ROT")
#endif
= {
.is_initialized = 0
};
struct timer_cmsdk_dev_t CMSDK_TIMER0_DEV_S
-#ifdef TFM_ENABLE_SLIH_TEST
+#ifdef TEST_NS_SLIH_IRQ
TFM_LINK_SET_RW_IN_PARTITION_SECTION("TFM_SP_SLIH_TEST", "APP-ROT")
#endif
= {
diff --git a/platform/ext/target/arm/mps3/an547/device/source/startup_an547_s.c b/platform/ext/target/arm/mps3/an547/device/source/startup_an547_s.c
index 66d6ce1..afb5df2 100644
--- a/platform/ext/target/arm/mps3/an547/device/source/startup_an547_s.c
+++ b/platform/ext/target/arm/mps3/an547/device/source/startup_an547_s.c
@@ -346,6 +346,7 @@
void Reset_Handler(void)
{
__set_MSPLIM((uint32_t)(&__MSP_STACK_LIMIT));
+ __set_MSP((uint32_t)(&__MSP_INITIAL_SP));
SystemInit(); /* CMSIS System Initialization */
__ASM volatile("MRS R0, control\n" /* Get control value */
diff --git a/platform/ext/target/arm/musca_b1/secure_enclave/config.cmake b/platform/ext/target/arm/musca_b1/secure_enclave/config.cmake
index 34c3058..040daa4 100644
--- a/platform/ext/target/arm/musca_b1/secure_enclave/config.cmake
+++ b/platform/ext/target/arm/musca_b1/secure_enclave/config.cmake
@@ -23,5 +23,6 @@
# Crypto hardware accelerator is turned on by default
set(CRYPTO_HW_ACCELERATOR ON CACHE BOOL "Whether to enable the crypto hardware accelerator on supported platforms")
+set(PLATFORM_DUMMY_NV_SEED FALSE CACHE BOOL "Use dummy NV seed implementation. Should not be used in production.")
set(PSA_API_TEST_TARGET "musca_b1" CACHE STRING "Target to use when building the PSA API tests")
diff --git a/platform/ext/target/arm/musca_b1/secure_enclave/readme.rst b/platform/ext/target/arm/musca_b1/secure_enclave/readme.rst
index c878a0d..37f45e4 100644
--- a/platform/ext/target/arm/musca_b1/secure_enclave/readme.rst
+++ b/platform/ext/target/arm/musca_b1/secure_enclave/readme.rst
@@ -17,7 +17,7 @@
on, the TF-M instance running on SSE-200 will communicate with the SE.
For more information you can check the
-:doc:`Secure Enclave design document </docs/technical_references/secure_enclave_solution>`.
+:doc:`Secure Enclave design document </docs/technical_references/design_docs/secure_enclave_solution>`.
***********
System boot
diff --git a/platform/ext/target/arm/musca_b1/sse_200/CMakeLists.txt b/platform/ext/target/arm/musca_b1/sse_200/CMakeLists.txt
index 0b8d97d..e47bc35 100644
--- a/platform/ext/target/arm/musca_b1/sse_200/CMakeLists.txt
+++ b/platform/ext/target/arm/musca_b1/sse_200/CMakeLists.txt
@@ -114,9 +114,9 @@
target_cfg.c
Native_Driver/ppc_sse200_drv.c
Native_Driver/uart_pl011_drv.c
- Native_Driver/timer_cmsdk_drv.c
+ $<$<NOT:$<BOOL:${TEST_NS_SLIH_IRQ}>>:${CMAKE_CURRENT_SOURCE_DIR}/Native_Driver/timer_cmsdk_drv.c>
${CMAKE_SOURCE_DIR}/platform/ext/common/tfm_hal_isolation_mpu_v8m.c
- $<$<BOOL:${TFM_PARTITION_PLATFORM}>:${CMAKE_CURRENT_SOURCE_DIR}/plat_test.c>
+ $<$<BOOL:${TFM_TEST}>:${CMAKE_CURRENT_SOURCE_DIR}/plat_test.c>
$<$<BOOL:${TFM_PARTITION_PLATFORM}>:${CMAKE_CURRENT_SOURCE_DIR}/services/src/tfm_platform_system.c>
$<$<BOOL:${FORWARD_PROT_MSG}>:${CMAKE_CURRENT_SOURCE_DIR}/mailbox/platform_multicore.c>
$<$<BOOL:${FORWARD_PROT_MSG}>:${CMAKE_CURRENT_SOURCE_DIR}/mailbox/platform_ns_mailbox.c>
@@ -128,6 +128,13 @@
${COMPILER_CMSE_FLAG}
)
+target_sources(tfm_sprt
+ PRIVATE
+ # The SLIH test Partition accesses the timer as ARoT Partitions.
+ # Put the driver to SPRT so that the SLIH tests can access it.
+ $<$<BOOL:${TEST_NS_SLIH_IRQ}>:${CMAKE_CURRENT_SOURCE_DIR}/Native_Driver/timer_cmsdk_drv.c>
+)
+
target_compile_definitions(platform_s
PUBLIC
$<$<BOOL:${FORWARD_PROT_MSG}>:FORWARD_PROT_MSG=${FORWARD_PROT_MSG}>
diff --git a/platform/ext/target/arm/musca_b1/sse_200/Device/Source/device_definition.c b/platform/ext/target/arm/musca_b1/sse_200/Device/Source/device_definition.c
index ec30705..e0e1968 100644
--- a/platform/ext/target/arm/musca_b1/sse_200/Device/Source/device_definition.c
+++ b/platform/ext/target/arm/musca_b1/sse_200/Device/Source/device_definition.c
@@ -365,17 +365,17 @@
/** CMSDK Timers driver structures */
#ifdef CMSDK_TIMER0_S
static const struct timer_cmsdk_dev_cfg_t CMSDK_TIMER0_DEV_CFG_S
-#ifdef TFM_ENABLE_SLIH_TEST
+#ifdef TEST_NS_SLIH_IRQ
TFM_LINK_SET_RO_IN_PARTITION_SECTION("TFM_SP_SLIH_TEST", "APP-ROT")
#endif
= {.base = MUSCA_B1_CMSDK_TIMER0_S_BASE};
static struct timer_cmsdk_dev_data_t CMSDK_TIMER0_DEV_DATA_S
-#ifdef TFM_ENABLE_SLIH_TEST
+#ifdef TEST_NS_SLIH_IRQ
TFM_LINK_SET_RW_IN_PARTITION_SECTION("TFM_SP_SLIH_TEST", "APP-ROT")
#endif
= {.is_initialized = 0};
struct timer_cmsdk_dev_t CMSDK_TIMER0_DEV_S
-#ifdef TFM_ENABLE_SLIH_TEST
+#ifdef TEST_NS_SLIH_IRQ
TFM_LINK_SET_RW_IN_PARTITION_SECTION("TFM_SP_SLIH_TEST", "APP-ROT")
#endif
= {&(CMSDK_TIMER0_DEV_CFG_S), &(CMSDK_TIMER0_DEV_DATA_S)};
diff --git a/platform/ext/target/arm/musca_b1/sse_200/config.cmake b/platform/ext/target/arm/musca_b1/sse_200/config.cmake
index adc628a..940fab1 100644
--- a/platform/ext/target/arm/musca_b1/sse_200/config.cmake
+++ b/platform/ext/target/arm/musca_b1/sse_200/config.cmake
@@ -11,6 +11,7 @@
if (NOT FORWARD_PROT_MSG)
set(CRYPTO_HW_ACCELERATOR ON CACHE BOOL "Whether to enable the crypto hardware accelerator on supported platforms")
+ set(PLATFORM_DUMMY_NV_SEED FALSE CACHE BOOL "Use dummy NV seed implementation. Should not be used in production.")
if(CRYPTO_HW_ACCELERATOR_OTP_STATE STREQUAL "ENABLED")
set(PLATFORM_DUMMY_CRYPTO_KEYS FALSE CACHE BOOL "Use dummy crypto keys. Should not be used in production.")
# Musca-B1 with OTP enabled is provisioned with a random Initial
@@ -37,8 +38,18 @@
set(CRYPTO_HW_ACCELERATOR OFF CACHE BOOL "Whether to enable the crypto hardware accelerator on supported platforms")
set(PS_TEST_NV_COUNTERS OFF CACHE BOOL "Use the test NV counters to test Protected Storage rollback scenarios")
set(BL0 ON)
+
+ set(TFM_MANIFEST_LIST ${CMAKE_SOURCE_DIR}/platform/ext/target/${TFM_PLATFORM}/manifest_list_with_se.yaml CACHE FILEPATH "Manifest Lists")
endif()
-set(TFM_EXTRA_GENERATED_FILE_LIST_PATH ${CMAKE_CURRENT_SOURCE_DIR}/platform/ext/target/arm/musca_b1/generated_file_list.yaml CACHE PATH "Path to extra generated file list. Appended to stardard TFM generated file list." FORCE)
+set(TFM_EXTRA_GENERATED_FILE_LIST_PATH ${CMAKE_SOURCE_DIR}/platform/ext/target/arm/musca_b1/generated_file_list.yaml CACHE PATH "Path to extra generated file list. Appended to stardard TFM generated file list." FORCE)
set(PSA_API_TEST_TARGET "musca_b1" CACHE STRING "Target to use when building the PSA API tests")
+
+if(TFM_PSA_API)
+ if (TEST_NS_FLIH_IRQ)
+ message(FATAL_ERROR "FLIH testing has not been supported!")
+ endif()
+
+ set(TEST_NS_SLIH_IRQ ON CACHE BOOL "Enable SLIH testing")
+endif()
diff --git a/platform/ext/target/arm/musca_b1/sse_200/manifest_list_with_se.yaml b/platform/ext/target/arm/musca_b1/sse_200/manifest_list_with_se.yaml
new file mode 100644
index 0000000..19e6634
--- /dev/null
+++ b/platform/ext/target/arm/musca_b1/sse_200/manifest_list_with_se.yaml
@@ -0,0 +1,192 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2021, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+{
+ "name": "Partition list for Musca-B1 SSE-200 in Dual core mode",
+ "type": "manifest_list",
+ "version_major": 0,
+ "version_minor": 1,
+ "manifest_list": [
+ {
+ "name": "TFM Core Test Service",
+ "short_name": "TFM_SP_CORE_TEST",
+ "manifest": "${TFM_TEST_PATH}/test_services/tfm_core_test/tfm_ss_core_test.yaml",
+ "source_path": "${TFM_TEST_PATH}",
+ "conditional": "TFM_PARTITION_TEST_CORE",
+ "version_major": 0,
+ "version_minor": 1,
+ "pid": 262,
+ "linker_pattern": {
+ "library_list": [
+ "*tfm_*partition_core_test.*"
+ ]
+ }
+ },
+ {
+ "name": "TFM Core Test Service 2",
+ "short_name": "TFM_SP_CORE_TEST_2",
+ "manifest": "${TFM_TEST_PATH}/test_services/tfm_core_test_2/tfm_ss_core_test_2.yaml",
+ "source_path": "${TFM_TEST_PATH}",
+ "conditional": "TFM_PARTITION_TEST_CORE",
+ "version_major": 0,
+ "version_minor": 1,
+ "pid": 263,
+ "linker_pattern": {
+ "library_list": [
+ "*tfm_*partition_core_test_2.*"
+ ]
+ }
+ },
+ {
+ "name": "TFM Secure Client Service",
+ "short_name": "TFM_SP_SECURE_TEST_PARTITION",
+ "manifest": "${TFM_TEST_PATH}/test_services/tfm_secure_client_service/tfm_secure_client_service.yaml",
+ "source_path": "${TFM_TEST_PATH}",
+ "conditional": "TFM_PARTITION_TEST_SECURE_SERVICES",
+ "version_major": 0,
+ "version_minor": 1,
+ "pid": 264,
+ "linker_pattern": {
+ "library_list": [
+ "*tfm_*partition_secure_client_service.*"
+ ]
+ }
+ },
+ {
+ "name": "TFM IPC Service Test",
+ "short_name": "TFM_SP_IPC_SERVICE_TEST",
+ "manifest": "${TFM_TEST_PATH}/test_services/tfm_ipc_service/tfm_ipc_service_test.yaml",
+ "source_path": "${TFM_TEST_PATH}",
+ "conditional": "TFM_PARTITION_TEST_CORE_IPC",
+ "version_major": 0,
+ "version_minor": 1,
+ "pid": 265,
+ "linker_pattern": {
+ "library_list": [
+ "*tfm_*partition_ipc_service.*"
+ ]
+ }
+ },
+ {
+ "name": "TFM IPC Client Service",
+ "short_name": "TFM_SP_IPC_CLIENT_TEST",
+ "manifest": "${TFM_TEST_PATH}/test_services/tfm_ipc_client/tfm_ipc_client_test.yaml",
+ "source_path": "${TFM_TEST_PATH}",
+ "conditional": "TFM_PARTITION_TEST_CORE_IPC",
+ "version_major": 0,
+ "version_minor": 1,
+ "pid": 266,
+ "linker_pattern": {
+ "library_list": [
+ "*tfm_*partition_ipc_client.*"
+ ]
+ }
+ },
+ {
+ "name": "TF-M PS Test Service",
+ "short_name": "TFM_SP_PS_TEST",
+ "manifest": "${TFM_TEST_PATH}/test_services/tfm_ps_test_service/tfm_ps_test_service.yaml",
+ "source_path": "${TFM_TEST_PATH}",
+ "conditional": "TFM_PARTITION_TEST_PS",
+ "version_major": 0,
+ "version_minor": 1,
+ "pid": 268,
+ "linker_pattern": {
+ "library_list": [
+ "*tfm_*partition_ps_test.*"
+ ]
+ }
+ },
+ {
+ "name": "TF-M Secure Client 2 Service",
+ "short_name": "TFM_SP_SECURE_CLIENT_2",
+ "manifest": "${TFM_TEST_PATH}/test_services/tfm_secure_client_2/tfm_secure_client_2.yaml",
+ "source_path": "${TFM_TEST_PATH}",
+ "conditional": "TFM_PARTITION_TEST_SECURE_SERVICES",
+ "version_major": 0,
+ "version_minor": 1,
+ "pid": 269,
+ "linker_pattern": {
+ "library_list": [
+ "*tfm_*partition_secure_client_2.*"
+ ]
+ }
+ },
+ {
+ "name": "TF-M PSA Proxy Service",
+ "short_name": "TFM_SP_PSA_PROXY",
+ "manifest": "secure_fw/partitions/psa_proxy/tfm_psa_proxy.yaml",
+ "tfm_extensions": true,
+ "conditional": "TFM_PARTITION_PSA_PROXY",
+ "version_major": 0,
+ "version_minor": 1,
+ "pid": 270,
+ "linker_pattern": {
+ "library_list": [
+ "*tfm_*partition_psa_proxy.*"
+ ]
+ }
+ },
+ {
+ "name": "TFM Firmware Update Service",
+ "short_name": "TFM_SP_FWU",
+ "manifest": "secure_fw/partitions/firmware_update/tfm_firmware_update.yaml",
+ "conditional": "TFM_PARTITION_FIRMWARE_UPDATE",
+ "version_major": 0,
+ "version_minor": 1,
+ "pid": 271,
+ "linker_pattern": {
+ "library_list": [
+ "*tfm_*partition_fwu*"
+ ]
+ }
+ },
+ {
+ "name": "TFM Initial Attestation Test Service",
+ "short_name": "TFM_ATTEST_TEST_SERVICE",
+ "manifest": "${TFM_TEST_PATH}/test_services/tfm_attest_test_service/tfm_attest_test_service.yaml",
+ "source_path": "${TFM_TEST_PATH}",
+ "conditional": "ATTEST_TEST_GET_PUBLIC_KEY",
+ "version_major": 0,
+ "version_minor": 1,
+ "pid": 272,
+ "linker_pattern": {
+ "library_list": [
+ "*tfm_*partition_attest_test_service.*"
+ ]
+ }
+ },
+ {
+ "name": "TFM SLIH Test Service",
+ "short_name": "TFM_SP_SLIH_TEST",
+ "manifest": "${TFM_TEST_PATH}/test_services/tfm_slih_test_service/tfm_slih_test_service.yaml",
+ "source_path": "${TFM_TEST_PATH}",
+ "conditional": "TEST_NS_SLIH_IRQ",
+ "version_major": 0,
+ "version_minor": 1,
+ "linker_pattern": {
+ "library_list": [
+ "*tfm_*partition_slih_test.*"
+ ]
+ }
+ },
+ {
+ "name": "TFM FLIH Test Service",
+ "short_name": "TFM_SP_FLIH_TEST",
+ "manifest": "${TFM_TEST_PATH}/test_services/tfm_flih_test_service/tfm_flih_test_service.yaml",
+ "source_path": "${TFM_TEST_PATH}",
+ "conditional": "TEST_NS_FLIH_IRQ",
+ "version_major": 0,
+ "version_minor": 1,
+ "linker_pattern": {
+ "library_list": [
+ "*tfm_*partition_flih_test.*"
+ ]
+ }
+ }
+ ]
+}
diff --git a/platform/ext/target/arm/musca_b1/sse_200/partition/region_defs.h b/platform/ext/target/arm/musca_b1/sse_200/partition/region_defs.h
index 2d9f06f..0b7c74a 100644
--- a/platform/ext/target/arm/musca_b1/sse_200/partition/region_defs.h
+++ b/platform/ext/target/arm/musca_b1/sse_200/partition/region_defs.h
@@ -83,7 +83,7 @@
#define IMAGE_NS_CODE_SIZE \
(FLASH_NS_PARTITION_SIZE - BL2_HEADER_SIZE - BL2_TRAILER_SIZE)
-#define CMSE_VENEER_REGION_SIZE (0x360)
+#define CMSE_VENEER_REGION_SIZE (0x380)
/* Alias definitions for secure and non-secure areas*/
#define S_ROM_ALIAS(x) (S_ROM_ALIAS_BASE + (x))
diff --git a/platform/ext/target/arm/musca_s1/config.cmake b/platform/ext/target/arm/musca_s1/config.cmake
index 443f9ce..523264b 100644
--- a/platform/ext/target/arm/musca_s1/config.cmake
+++ b/platform/ext/target/arm/musca_s1/config.cmake
@@ -6,6 +6,7 @@
#-------------------------------------------------------------------------------
set(CRYPTO_HW_ACCELERATOR ON CACHE BOOL "Whether to enable the crypto hardware accelerator on supported platforms")
+set(PLATFORM_DUMMY_NV_SEED FALSE CACHE BOOL "Use dummy NV seed implementation. Should not be used in production.")
set(TFM_CRYPTO_TEST_ALG_CFB OFF CACHE BOOL "Test CFB cryptography mode")
if(CRYPTO_HW_ACCELERATOR_OTP_STATE STREQUAL "ENABLED")
diff --git a/platform/ext/target/cypress/psoc64/CMSIS_Driver/Config/RTE_Device.h b/platform/ext/target/cypress/psoc64/CMSIS_Driver/Config/RTE_Device.h
index 669a170..c37a39f 100644
--- a/platform/ext/target/cypress/psoc64/CMSIS_Driver/Config/RTE_Device.h
+++ b/platform/ext/target/cypress/psoc64/CMSIS_Driver/Config/RTE_Device.h
@@ -199,17 +199,17 @@
// <e> PPC (Peripheral Protection Controller) [Driver_PPU_CRYPTO_BOOT]
// <i> Configuration settings for Driver_PPU_CRYPTO_BOOT in component ::Drivers:PPC
-#define RTE_MS_PPU_CRYPTO_BOOT 1
+#define RTE_MS_PPU_CRYPTO_BOOT 0
// </e> PPC (Peripheral Protection Controller) [Driver_PPU_CRYPTO_BOOT]
// <e> PPC (Peripheral Protection Controller) [Driver_PPU_CRYPTO_KEY0]
// <i> Configuration settings for Driver_PPU_CRYPTO_KEY0 in component ::Drivers:PPC
-#define RTE_MS_PPU_CRYPTO_KEY0 1
+#define RTE_MS_PPU_CRYPTO_KEY0 0
// </e> PPC (Peripheral Protection Controller) [Driver_PPU_CRYPTO_KEY0]
// <e> PPC (Peripheral Protection Controller) [Driver_PPU_CRYPTO_KEY1]
// <i> Configuration settings for Driver_PPU_CRYPTO_KEY1 in component ::Drivers:PPC
-#define RTE_MS_PPU_CRYPTO_KEY1 1
+#define RTE_MS_PPU_CRYPTO_KEY1 0
// </e> PPC (Peripheral Protection Controller) [Driver_PPU_CRYPTO_KEY1]
// <e> PPC (Peripheral Protection Controller) [Driver_PPU_CRYPTO_BUF]
diff --git a/platform/ext/target/cypress/psoc64/CMakeLists.txt b/platform/ext/target/cypress/psoc64/CMakeLists.txt
index 0110ccb..32eb4de 100644
--- a/platform/ext/target/cypress/psoc64/CMakeLists.txt
+++ b/platform/ext/target/cypress/psoc64/CMakeLists.txt
@@ -10,9 +10,12 @@
cmake_policy(SET CMP0079 NEW)
set(CMAKE_CURRENT_SOURCE_DIR ${CMAKE_CURRENT_LIST_DIR})
-set (CY_CORE_LIB_PATH "libs/core-lib")
-set (CY_PDL_LIB_PATH "libs/mtb-pdl-cat1")
+set (CY_CORE_LIB_PATH ${CMAKE_CURRENT_SOURCE_DIR}/libs/core-lib)
+set (CY_PDL_LIB_PATH ${CMAKE_CURRENT_SOURCE_DIR}/libs/mtb-pdl-cat1)
+set (CY_PSOC64_DIR ${CMAKE_CURRENT_SOURCE_DIR})
+set(P64_UTILS_LIB_TARGET p64_utils_lib)
+add_subdirectory(libs/p64_utils)
#========================= Platform region defs ===============================#
@@ -30,9 +33,9 @@
target_sources(tfm_s
PRIVATE
$<$<C_COMPILER_ID:ARMClang>:${CMAKE_CURRENT_SOURCE_DIR}/Device/Source/armclang/startup_psoc64_s.s>
- $<$<C_COMPILER_ID:ARMClang>:${CMAKE_CURRENT_SOURCE_DIR}/${CY_PDL_LIB_PATH}/drivers/source/TOOLCHAIN_ARM/cy_syslib_mdk.s>
+ $<$<C_COMPILER_ID:ARMClang>:${CY_PDL_LIB_PATH}/drivers/source/TOOLCHAIN_ARM/cy_syslib_mdk.s>
$<$<C_COMPILER_ID:GNU>:${CMAKE_CURRENT_SOURCE_DIR}/Device/Source/gcc/startup_psoc64_s.S>
- $<$<C_COMPILER_ID:GNU>:${CMAKE_CURRENT_SOURCE_DIR}/${CY_PDL_LIB_PATH}/drivers/source/TOOLCHAIN_GCC_ARM/cy_syslib_gcc.S>
+ $<$<C_COMPILER_ID:GNU>:${CY_PDL_LIB_PATH}/drivers/source/TOOLCHAIN_GCC_ARM/cy_syslib_gcc.S>
$<$<C_COMPILER_ID:IAR>:${CMAKE_CURRENT_SOURCE_DIR}/Device/Source/iar/startup_psoc64_s.s>
$<$<C_COMPILER_ID:IAR>:${CMAKE_CURRENT_SOURCE_DIR}/Device/Source/iar/cy_syslib_iar.c>
)
@@ -46,9 +49,9 @@
target_sources(tfm_ns
PRIVATE
$<$<C_COMPILER_ID:ARMClang>:${CMAKE_CURRENT_SOURCE_DIR}/Device/Source/armclang/startup_psoc64_ns.s>
- $<$<C_COMPILER_ID:ARMClang>:${CMAKE_CURRENT_SOURCE_DIR}/${CY_PDL_LIB_PATH}/drivers/source/TOOLCHAIN_ARM/cy_syslib_mdk.s>
+ $<$<C_COMPILER_ID:ARMClang>:${CY_PDL_LIB_PATH}/drivers/source/TOOLCHAIN_ARM/cy_syslib_mdk.s>
$<$<C_COMPILER_ID:GNU>:${CMAKE_CURRENT_SOURCE_DIR}/Device/Source/gcc/startup_psoc64_ns.S>
- $<$<C_COMPILER_ID:GNU>:${CMAKE_CURRENT_SOURCE_DIR}/${CY_PDL_LIB_PATH}/drivers/source/TOOLCHAIN_GCC_ARM/cy_syslib_gcc.S>
+ $<$<C_COMPILER_ID:GNU>:${CY_PDL_LIB_PATH}/drivers/source/TOOLCHAIN_GCC_ARM/cy_syslib_gcc.S>
$<$<C_COMPILER_ID:IAR>:${CMAKE_CURRENT_SOURCE_DIR}/Device/Source/iar/startup_psoc64_ns.s>
$<$<C_COMPILER_ID:IAR>:${CMAKE_CURRENT_SOURCE_DIR}/Device/Source/iar/cy_syslib_iar.c>
)
@@ -135,6 +138,7 @@
target_link_libraries(platform_s
PRIVATE
tfm_spm
+ ${P64_UTILS_LIB_TARGET}
)
# GNU ld has some strange behaviour to do with weak functions, and does not deal
diff --git a/platform/ext/target/cypress/psoc64/Device/Source/device_definition.c b/platform/ext/target/cypress/psoc64/Device/Source/device_definition.c
index 15d01bc..1ac1312 100644
--- a/platform/ext/target/cypress/psoc64/Device/Source/device_definition.c
+++ b/platform/ext/target/cypress/psoc64/Device/Source/device_definition.c
@@ -63,9 +63,9 @@
/* TCPWM Timer driver structures */
#if defined(CY_TCPWM0_TIMER0_S)
cy_stc_tcpwm_counter_config_t tcpwm_config_timer0
-#if defined(TFM_ENABLE_SLIH_TEST)
+#if defined(TEST_NS_SLIH_IRQ)
TFM_LINK_SET_RW_IN_PARTITION_SECTION("TFM_SP_SLIH_TEST", "APP-ROT")
-#endif /* TFM_ENABLE_SLIH_TEST */
+#endif /* TEST_NS_SLIH_IRQ */
= {
.period = TIMER0_MATCH, /* Upper limit (wrap around) */
.clockPrescaler = CY_TCPWM_COUNTER_PRESCALER_DIVBY_8, /* Clk_counter = Clk_input / 8 */
@@ -90,9 +90,9 @@
#if (CY_CPU_CORTEX_M0P)
cy_stc_sysint_t CY_TCPWM_NVIC_CFG_S
-#if defined(TFM_ENABLE_SLIH_TEST)
+#if defined(TEST_NS_SLIH_IRQ)
TFM_LINK_SET_RW_IN_PARTITION_SECTION("TFM_SP_SLIH_TEST", "APP-ROT")
-#endif /* TFM_ENABLE_SLIH_TEST */
+#endif /* TEST_NS_SLIH_IRQ */
= {
.intrSrc = TFM_TIMER0_IRQ, /* NVIC #3 */
.cm0pSrc = tcpwm_0_interrupts_0_IRQn, /* IRQ 123 */
@@ -100,9 +100,9 @@
};
#endif
tfm_timer_irq_test_dev_t CY_TCPWM0_TIMER0_DEV_S
-#if defined(TFM_ENABLE_SLIH_TEST)
+#if defined(TEST_NS_SLIH_IRQ)
TFM_LINK_SET_RW_IN_PARTITION_SECTION("TFM_SP_SLIH_TEST", "APP-ROT")
-#endif /* TFM_ENABLE_SLIH_TEST */
+#endif /* TEST_NS_SLIH_IRQ */
= {
.is_initialized = false,
.tcpwm_base = TCPWM0,
diff --git a/platform/ext/target/cypress/psoc64/config.cmake b/platform/ext/target/cypress/psoc64/config.cmake
index f840201..f016cd8 100644
--- a/platform/ext/target/cypress/psoc64/config.cmake
+++ b/platform/ext/target/cypress/psoc64/config.cmake
@@ -1,6 +1,6 @@
#-------------------------------------------------------------------------------
# Copyright (c) 2020-2021, Arm Limited. All rights reserved.
-#
+# Copyright (c) 2021, Cypress Semiconductor Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-3-Clause
#
#-------------------------------------------------------------------------------
@@ -18,6 +18,11 @@
set(PLATFORM_DUMMY_NV_COUNTERS FALSE CACHE BOOL "Use dummy nv counter implementation. Should not be used in production.")
+################################## Dependencies ################################
+
+set(CY_P64_UTILS_LIB_PATH "DOWNLOAD" CACHE PATH "Path to p64_utils repo (or DOWNLOAD to fetch automatically")
+set(CY_P64_UTILS_LIB_VERSION "release-v1.0.0" CACHE STRING "The version of p64_utils to use")
+
# Disable default PDL IPC configuration. Use Cy_Platform_Init() in
# in psoc6_system_init_cm4.c and psoc6_system_init_cm0p.c instead.
add_definitions(-DCY_IPC_DEFAULT_CFG_DISABLE)
diff --git a/platform/ext/target/cypress/psoc64/libs/p64_utils/CMakeLists.txt b/platform/ext/target/cypress/psoc64/libs/p64_utils/CMakeLists.txt
new file mode 100644
index 0000000..f5da5e9
--- /dev/null
+++ b/platform/ext/target/cypress/psoc64/libs/p64_utils/CMakeLists.txt
@@ -0,0 +1,87 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2021, Cypress Semiconductor Corporation. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+include(FetchContent)
+set(FETCHCONTENT_QUIET FALSE)
+
+# Set to not download submodules if that option is available
+if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.16.0")
+ cmake_policy(SET CMP0097 NEW)
+endif()
+
+if ("${CY_P64_UTILS_LIB_PATH}" STREQUAL "DOWNLOAD")
+ find_package(Git)
+ file(GLOB PATCH_FILES *.patch)
+
+ if (PATCH_FILES)
+ FetchContent_Declare(p64_utils
+ GIT_REPOSITORY https://github.com/Infineon/p64_utils.git
+ GIT_TAG ${CY_P64_UTILS_LIB_VERSION}
+ GIT_SHALLOW TRUE
+ GIT_PROGRESS TRUE
+ GIT_SUBMODULES ""
+ PATCH_COMMAND ${GIT_EXECUTABLE} apply ${PATCH_FILES}
+ )
+ else()
+ FetchContent_Declare(p64_utils
+ GIT_REPOSITORY https://github.com/Infineon/p64_utils.git
+ GIT_TAG ${CY_P64_UTILS_LIB_VERSION}
+ GIT_SHALLOW TRUE
+ GIT_PROGRESS TRUE
+ GIT_SUBMODULES ""
+ )
+ endif()
+
+ FetchContent_GetProperties(p64_utils)
+ if(NOT p64_utils_POPULATED)
+ FetchContent_Populate(p64_utils)
+ set(CY_P64_UTILS_LIB_PATH ${p64_utils_SOURCE_DIR} CACHE PATH "Path to p64_utils repo (or DOWNLOAD to fetch automatically" FORCE)
+ endif()
+
+endif()
+
+#-------------------------------------------------------------------------------
+
+cmake_minimum_required(VERSION 3.13)
+
+project("Cypress PSoC64 Utils Library" LANGUAGES C ASM)
+
+cmake_policy(SET CMP0076 NEW)
+cmake_policy(SET CMP0079 NEW)
+
+if (NOT DEFINED P64_UTILS_LIB_TARGET)
+ set(P64_UTILS_LIB_TARGET p64_utils_lib)
+endif()
+
+add_definitions(-DCY_P64_FREE_WIPED)
+
+add_library(${P64_UTILS_LIB_TARGET} STATIC)
+
+target_sources(${P64_UTILS_LIB_TARGET}
+ PRIVATE
+ ${CY_P64_UTILS_LIB_PATH}/cy_p64_base64.c
+ ${CY_P64_UTILS_LIB_PATH}/cy_p64_cJSON.c
+ ${CY_P64_UTILS_LIB_PATH}/cy_p64_jwt_policy.c
+ ${CY_P64_UTILS_LIB_PATH}/cy_p64_malloc.c
+ ${CY_P64_UTILS_LIB_PATH}/cy_p64_syscalls.c
+ ${CY_P64_UTILS_LIB_PATH}/cy_p64_syscall.c
+ ${CY_P64_UTILS_LIB_PATH}/cy_p64_watchdog.c
+ ${CY_P64_UTILS_LIB_PATH}/cy_p64_image.c
+ ${CY_P64_UTILS_LIB_PATH}/cy_p64_psacrypto.c
+)
+
+target_include_directories(${P64_UTILS_LIB_TARGET}
+ PUBLIC
+ ${CY_P64_UTILS_LIB_PATH}
+ PRIVATE
+ ${CY_PSOC64_DIR}/Device/Include
+ ${CY_CORE_LIB_PATH}/include
+ ${CY_PDL_LIB_PATH}/cmsis/include
+ ${CY_PDL_LIB_PATH}/devices/COMPONENT_CAT1A/include
+ ${CY_PDL_LIB_PATH}/drivers/include
+)
+
diff --git a/platform/ext/target/cypress/psoc64/mailbox/mailbox_ipc_intr.c b/platform/ext/target/cypress/psoc64/mailbox/mailbox_ipc_intr.c
index 89bdc37..55084a0 100644
--- a/platform/ext/target/cypress/psoc64/mailbox/mailbox_ipc_intr.c
+++ b/platform/ext/target/cypress/psoc64/mailbox/mailbox_ipc_intr.c
@@ -1,5 +1,6 @@
/*
* Copyright (c) 2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2021, Cypress Semiconductor Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -19,7 +20,7 @@
SCB->ICSR = SCB_ICSR_PENDSVSET_Msk;
}
-void mailbox_clear_intr(void)
+static void mailbox_clear_intr(void)
{
uint32_t status;
diff --git a/platform/ext/target/cypress/psoc64/mailbox/platform_multicore.c b/platform/ext/target/cypress/psoc64/mailbox/platform_multicore.c
index 2c41e8e..f30aeb0 100644
--- a/platform/ext/target/cypress/psoc64/mailbox/platform_multicore.c
+++ b/platform/ext/target/cypress/psoc64/mailbox/platform_multicore.c
@@ -1,6 +1,6 @@
/*
* Copyright (c) 2019-2021 Arm Limited. All rights reserved.
- * Copyright (c) 2019 Cypress Semiconductor Corporation. All rights reserved.
+ * Copyright (c) 2019, 2021 Cypress Semiconductor Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -102,7 +102,7 @@
0, IPC_RX_INT_MASK);
}
-int platform_ns_ipc_init(void)
+static int platform_ns_ipc_init(void)
{
Cy_IPC_Drv_SetInterruptMask(Cy_IPC_Drv_GetIntrBaseAddr(IPC_RX_INTR_STRUCT),
0, IPC_RX_INT_MASK);
diff --git a/platform/ext/target/cypress/psoc64/mailbox/platform_multicore.h b/platform/ext/target/cypress/psoc64/mailbox/platform_multicore.h
index ae9855e..9b829a3 100644
--- a/platform/ext/target/cypress/psoc64/mailbox/platform_multicore.h
+++ b/platform/ext/target/cypress/psoc64/mailbox/platform_multicore.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) 2019, Arm Limited. All rights reserved.
- * Copyright (c) 2019, Cypress Semiconductor Corporation. All rights reserved
+ * Copyright (c) 2019, 2021, Cypress Semiconductor Corporation. All rights reserved
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -93,12 +93,4 @@
*/
void platform_mailbox_wait_for_notify(void);
-/**
- * \brief IPC initialization
- *
- * \retval 0 The operation succeeds.
- * \retval else The operation fails.
- */
-int platform_ns_ipc_init(void);
-
#endif
diff --git a/platform/ext/target/cypress/psoc64/ppu_config.h b/platform/ext/target/cypress/psoc64/ppu_config.h
index 4f3bb1c..fbff0f1 100644
--- a/platform/ext/target/cypress/psoc64/ppu_config.h
+++ b/platform/ext/target/cypress/psoc64/ppu_config.h
@@ -85,15 +85,6 @@
#define PPU_CRYPTO_CRYPTO_MASTER_CONFIG NON_SECURE_READ_ONLY_CONFIG
#define PPU_CRYPTO_CRYPTO_SLAVE_CONFIG SECURE_PRIV_ONLY_CONFIG
-#define PPU_CRYPTO_BOOT_MASTER_CONFIG NON_SECURE_READ_ONLY_CONFIG
-#define PPU_CRYPTO_BOOT_SLAVE_CONFIG SECURE_PRIV_ONLY_CONFIG
-
-#define PPU_CRYPTO_KEY0_MASTER_CONFIG NON_SECURE_READ_ONLY_CONFIG
-#define PPU_CRYPTO_KEY0_SLAVE_CONFIG SECURE_PRIV_ONLY_CONFIG
-
-#define PPU_CRYPTO_KEY1_MASTER_CONFIG NON_SECURE_READ_ONLY_CONFIG
-#define PPU_CRYPTO_KEY1_SLAVE_CONFIG SECURE_PRIV_ONLY_CONFIG
-
#define PPU_CRYPTO_BUF_MASTER_CONFIG NON_SECURE_READ_ONLY_CONFIG
#define PPU_CRYPTO_BUF_SLAVE_CONFIG SECURE_PRIV_ONLY_CONFIG
diff --git a/platform/ext/target/cypress/psoc64/security/policy/policy_multi_CM0_CM4_tfm.json b/platform/ext/target/cypress/psoc64/security/policy/policy_multi_CM0_CM4_tfm.json
index ccf45f7..956d0d6 100644
--- a/platform/ext/target/cypress/psoc64/security/policy/policy_multi_CM0_CM4_tfm.json
+++ b/platform/ext/target/cypress/psoc64/security/policy/policy_multi_CM0_CM4_tfm.json
@@ -1,4 +1,8 @@
{
+ "policy": {
+ "platform": "psoc64",
+ "version": 1.0
+ },
"debug" :
{
"m0p" : {
@@ -32,12 +36,12 @@
],
"destroy_flash" : [
{
- "start" : 270270464,
- "size" : 65536
+ "start" : 270254080,
+ "size" : 49152
},
{
"start" : 268763136,
- "size" : 1179648
+ "size" : 1163264
}
],
"key" : 5
@@ -60,11 +64,14 @@
"id": 0,
"launch": 1,
"acq_win": 100,
+ "wdt_timeout": 4000,
+ "wdt_enable": true,
"monotonic": 0,
"smif_id": 0,
"clock_flags": 578,
"protect_flags": 1,
"upgrade": false,
+ "upgrade_mode": "swap",
"resources": [
{
"type": "FLASH_PC1_SPM",
@@ -80,6 +87,16 @@
"type": "SRAM_DAP",
"address": 135184384,
"size": 16384
+ },
+ {
+ "type": "STATUS_PARTITION",
+ "address": 270303232,
+ "size": 32768
+ },
+ {
+ "type": "SCRATCH",
+ "address": 405274624,
+ "size": 524288
}
]
},
@@ -94,7 +111,10 @@
"monotonic": 0,
"smif_id": 0,
"acq_win": 100,
- "multi_image" : 1,
+ "wdt_timeout": 5000,
+ "wdt_enable": true,
+ "set_img_ok": true,
+ "multi_image": 1,
"upgrade": true,
"version": "0.1",
"rollback_counter": 0,
@@ -116,7 +136,7 @@
},
{
"type": "UPGRADE",
- "address": 269942784,
+ "address": 269926400,
"size": 327680
}
]
@@ -131,7 +151,8 @@
"id": 16,
"monotonic": 8,
"smif_id": 1,
- "multi_image" : 2,
+ "smif_sector_size": 262144,
+ "multi_image": 2,
"upgrade": true,
"version": "0.1",
"rollback_counter": 0,
@@ -149,12 +170,12 @@
{
"type": "BOOT",
"address": 268763136,
- "size": 1179648
+ "size": 1163264
},
{
"type": "UPGRADE",
- "address": 402653184,
- "size": 1179648
+ "address": 402801664,
+ "size": 1163264
}
]
}
@@ -200,6 +221,30 @@
"hw_version": "060456527282910010",
"implementation_id": [170, 170, 170, 170, 170, 170, 170, 170, 187, 187, 187, 187, 187, 187, 187, 187,
204, 204, 204, 204, 204, 204, 204, 204, 221, 221, 221, 221, 221, 221, 221, 221]
+ },
+ "its":
+ {
+ "offset": 1818624,
+ "size": 16384,
+ "num_assets": 8,
+ "max_asset_size": 2048
+ },
+ "ps":
+ {
+ "offset": 1835008,
+ "size": 24576,
+ "num_assets": 10,
+ "max_asset_size": 2008
+ },
+ "nv_counters":
+ {
+ "offset": 1866752,
+ "size": 1024
+ },
+ "debug_port":
+ {
+ "uart_base" : 1080360960,
+ "enabled" : true
}
}
}
diff --git a/platform/ext/target/cypress/psoc64/security/policy/policy_multi_CM0_CM4_tfm_dev_certs.json b/platform/ext/target/cypress/psoc64/security/policy/policy_multi_CM0_CM4_tfm_dev_certs.json
index 2cbb0a2..11ece5b 100755
--- a/platform/ext/target/cypress/psoc64/security/policy/policy_multi_CM0_CM4_tfm_dev_certs.json
+++ b/platform/ext/target/cypress/psoc64/security/policy/policy_multi_CM0_CM4_tfm_dev_certs.json
@@ -1,4 +1,8 @@
{
+ "policy": {
+ "platform": "psoc64",
+ "version": 1.0
+ },
"debug" :
{
"m0p" : {
@@ -32,12 +36,12 @@
],
"destroy_flash" : [
{
- "start" : 270270464,
- "size" : 65536
+ "start" : 270254080,
+ "size" : 49152
},
{
"start" : 268763136,
- "size" : 1179648
+ "size" : 1163264
}
],
"key" : 5
@@ -60,11 +64,14 @@
"id": 0,
"launch": 1,
"acq_win": 100,
+ "wdt_timeout": 4000,
+ "wdt_enable": true,
"monotonic": 0,
"smif_id": 0,
"clock_flags": 578,
"protect_flags": 1,
"upgrade": false,
+ "upgrade_mode": "swap",
"resources": [
{
"type": "FLASH_PC1_SPM",
@@ -80,6 +87,16 @@
"type": "SRAM_DAP",
"address": 135184384,
"size": 16384
+ },
+ {
+ "type": "STATUS_PARTITION",
+ "address": 270303232,
+ "size": 32768
+ },
+ {
+ "type": "SCRATCH",
+ "address": 405274624,
+ "size": 524288
}
]
},
@@ -94,7 +111,10 @@
"monotonic": 0,
"smif_id": 0,
"acq_win": 100,
- "multi_image" : 1,
+ "wdt_timeout": 5000,
+ "wdt_enable": true,
+ "set_img_ok": true,
+ "multi_image": 1,
"upgrade": true,
"version": "0.1",
"rollback_counter": 0,
@@ -116,7 +136,7 @@
},
{
"type": "UPGRADE",
- "address": 269942784,
+ "address": 269926400,
"size": 327680
}
]
@@ -131,7 +151,8 @@
"id": 16,
"monotonic": 8,
"smif_id": 1,
- "multi_image" : 2,
+ "smif_sector_size": 262144,
+ "multi_image": 2,
"upgrade": true,
"version": "0.1",
"rollback_counter": 0,
@@ -149,12 +170,12 @@
{
"type": "BOOT",
"address": 268763136,
- "size": 1179648
+ "size": 1163264
},
{
"type": "UPGRADE",
- "address": 402653184,
- "size": 1179648
+ "address": 402801664,
+ "size": 1163264
}
]
}
@@ -203,17 +224,27 @@
},
"its":
{
- "offset": 1835008,
+ "offset": 1818624,
"size": 16384,
- "num_assets": 10,
- "max_asset_size": 512
+ "num_assets": 8,
+ "max_asset_size": 2048
},
- "sst":
+ "ps":
{
- "offset": 1851392,
- "size": 20480,
+ "offset": 1835008,
+ "size": 24576,
"num_assets": 10,
"max_asset_size": 2008
+ },
+ "nv_counters":
+ {
+ "offset": 1866752,
+ "size": 1024
+ },
+ "debug_port":
+ {
+ "uart_base" : 1080360960,
+ "enabled" : true
}
}
}
diff --git a/platform/ext/target/cypress/psoc64/spm_hal.c b/platform/ext/target/cypress/psoc64/spm_hal.c
index d249c88..d7f9549 100644
--- a/platform/ext/target/cypress/psoc64/spm_hal.c
+++ b/platform/ext/target/cypress/psoc64/spm_hal.c
@@ -1,6 +1,6 @@
/*
* Copyright (c) 2018-2021, Arm Limited. All rights reserved.
- * Copyright (c) 2019-2020, Cypress Semiconductor Corporation. All rights reserved.
+ * Copyright (c) 2019-2021, Cypress Semiconductor Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -25,6 +25,7 @@
#include "cy_device.h"
#include "cy_device_headers.h"
#include "cy_ipc_drv.h"
+#include "cy_p64_watchdog.h"
#include "cy_prot.h"
#include "cy_pra.h"
#include "pc_config.h"
@@ -34,6 +35,19 @@
/* Get address of memory regions to configure MPU */
extern const struct memory_region_limits memory_regions;
+static enum tfm_plat_err_t handle_boot_wdt(void)
+{
+ /* Update watchdog timer to mark successfull start up of the image */
+ LOG_MSG("Checking boot watchdog\r\n");
+ if (cy_p64_wdg_is_enabled()) {
+ cy_p64_wdg_stop();
+ cy_p64_wdg_free();
+ LOG_MSG("Disabled boot watchdog\r\n");
+ }
+
+ return TFM_PLAT_ERR_SUCCESS;
+}
+
enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
bool privileged,
const struct platform_data_t *platform_data)
@@ -66,6 +80,9 @@
{
smpu_print_config();
+ /* Reset boot watchdog */
+ handle_boot_wdt();
+
if (cy_access_port_control(CY_CM4_AP, CY_AP_EN) == 0) {
/* The delay is required after Access port was enabled for
* debugger/programmer to connect and set TEST BIT */
diff --git a/platform/ext/target/cypress/psoc64/target_cfg.c b/platform/ext/target/cypress/psoc64/target_cfg.c
index c305b0c..b0bcbe1 100755
--- a/platform/ext/target/cypress/psoc64/target_cfg.c
+++ b/platform/ext/target/cypress/psoc64/target_cfg.c
@@ -1,6 +1,6 @@
/*
* Copyright (c) 2018 Arm Limited
- * Copyright (c) 2019-2020, Cypress Semiconductor Corporation. All rights reserved.
+ * Copyright (c) 2019-2021, Cypress Semiconductor Corporation. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -56,6 +56,40 @@
REGION_DECLARE(Load$$LR$$, LR_SECONDARY_PARTITION, $$Base);
#endif /* BL2 */
+/* UART RX and TX pins */
+const cy_stc_gpio_pin_config_t CYBSP_UART_RX_config =
+{
+ .outVal = 1,
+ .driveMode = CY_GPIO_DM_HIGHZ,
+ .hsiom = CYBSP_UART_RX_HSIOM,
+ .intEdge = CY_GPIO_INTR_DISABLE,
+ .intMask = 0UL,
+ .vtrip = CY_GPIO_VTRIP_CMOS,
+ .slewRate = CY_GPIO_SLEW_FAST,
+ .driveSel = CY_GPIO_DRIVE_1_2,
+ .vregEn = 0UL,
+ .ibufMode = 0UL,
+ .vtripSel = 0UL,
+ .vrefSel = 0UL,
+ .vohSel = 0UL,
+};
+const cy_stc_gpio_pin_config_t CYBSP_UART_TX_config =
+{
+ .outVal = 1,
+ .driveMode = CY_GPIO_DM_STRONG_IN_OFF,
+ .hsiom = CYBSP_UART_TX_HSIOM,
+ .intEdge = CY_GPIO_INTR_DISABLE,
+ .intMask = 0UL,
+ .vtrip = CY_GPIO_VTRIP_CMOS,
+ .slewRate = CY_GPIO_SLEW_FAST,
+ .driveSel = CY_GPIO_DRIVE_1_2,
+ .vregEn = 0UL,
+ .ibufMode = 0UL,
+ .vtripSel = 0UL,
+ .vrefSel = 0UL,
+ .vohSel = 0UL,
+};
+
/* To write into AIRCR register, 0x5FA value must be write to the VECTKEY field,
* otherwise the processor ignores the write.
*/
@@ -97,7 +131,7 @@
void platform_init(void)
{
cy_en_sysclk_status_t clk_rc;
-#ifdef TFM_ENABLE_SLIH_TEST
+#ifdef TEST_NS_SLIH_IRQ
cy_en_sysint_status_t int_rc;
#endif
@@ -133,14 +167,17 @@
SPMLOG_INFMSG("WARNING: Failed to configure timer1 clock\r\n");
}
+ Cy_GPIO_Pin_Init(CYBSP_UART_RX_PORT, CYBSP_UART_RX_PIN, &CYBSP_UART_RX_config);
+ Cy_GPIO_Pin_Init(CYBSP_UART_TX_PORT, CYBSP_UART_TX_PIN, &CYBSP_UART_TX_config);
+
Cy_Platform_Init();
-#ifdef TFM_ENABLE_SLIH_TEST
+#ifdef TEST_NS_SLIH_IRQ
int_rc = Cy_SysInt_Init(&CY_TCPWM_NVIC_CFG_S, TFM_TIMER0_IRQ_Handler);
if (int_rc != CY_SYSINT_SUCCESS) {
SPMLOG_INFMSG("WARNING: Fail to initialize timer interrupt (IRQ TEST might fail)!\r\n");
}
-#endif /* TFM_ENABLE_SLIH_TEST */
+#endif /* TEST_NS_SLIH_IRQ */
/* make sure CM4 is disabled */
if (CY_SYS_CM4_STATUS_ENABLED == Cy_SysGetCM4Status()) {
diff --git a/platform/ext/target/cypress/psoc64/target_cfg.h b/platform/ext/target/cypress/psoc64/target_cfg.h
index d2d9c61..e0f9b4e 100644
--- a/platform/ext/target/cypress/psoc64/target_cfg.h
+++ b/platform/ext/target/cypress/psoc64/target_cfg.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) 2018-2020 ARM Limited
- * Copyright (c) 2019, Cypress Semiconductor Corporation. All rights reserved.
+ * Copyright (c) 2019-2021, Cypress Semiconductor Corporation. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -24,6 +24,36 @@
#define TFM_DRIVER_STDIO Driver_USART5
#define NS_DRIVER_STDIO Driver_USART5
+/* UART pins HSIOM routing */
+#define ioss_0_port_5_pin_0_HSIOM P5_0_SCB5_UART_RX
+#define ioss_0_port_5_pin_1_HSIOM P5_1_SCB5_UART_TX
+
+/* UART pins configuration */
+#define CYBSP_UART_RX_ENABLED 1U
+#define CYBSP_UART_RX_PORT GPIO_PRT5
+#define CYBSP_UART_RX_PORT_NUM 5U
+#define CYBSP_UART_RX_PIN 0U
+#define CYBSP_UART_RX_NUM 0U
+#define CYBSP_UART_RX_DRIVEMODE CY_GPIO_DM_HIGHZ
+#define CYBSP_UART_RX_INIT_DRIVESTATE 1
+#ifndef ioss_0_port_5_pin_0_HSIOM
+ #define ioss_0_port_5_pin_0_HSIOM HSIOM_SEL_GPIO
+#endif
+#define CYBSP_UART_RX_HSIOM ioss_0_port_5_pin_0_HSIOM
+#define CYBSP_UART_RX_IRQ ioss_interrupts_gpio_5_IRQn
+#define CYBSP_UART_TX_ENABLED 1U
+#define CYBSP_UART_TX_PORT GPIO_PRT5
+#define CYBSP_UART_TX_PORT_NUM 5U
+#define CYBSP_UART_TX_PIN 1U
+#define CYBSP_UART_TX_NUM 1U
+#define CYBSP_UART_TX_DRIVEMODE CY_GPIO_DM_STRONG_IN_OFF
+#define CYBSP_UART_TX_INIT_DRIVESTATE 1
+#ifndef ioss_0_port_5_pin_1_HSIOM
+ #define ioss_0_port_5_pin_1_HSIOM HSIOM_SEL_GPIO
+#endif
+#define CYBSP_UART_TX_HSIOM ioss_0_port_5_pin_1_HSIOM
+#define CYBSP_UART_TX_IRQ ioss_interrupts_gpio_5_IRQn
+
/**
* \brief Store the addresses of memory regions
*/
diff --git a/platform/ext/target/lairdconnectivity/common/core/plat_test.c b/platform/ext/target/lairdconnectivity/common/core/plat_test.c
index dbb3e17..ee669f0 100644
--- a/platform/ext/target/lairdconnectivity/common/core/plat_test.c
+++ b/platform/ext/target/lairdconnectivity/common/core/plat_test.c
@@ -340,7 +340,7 @@
timer_stop(NRF_TIMER1);
}
-#if !defined(TFM_ENABLE_SLIH_TEST)
+#if !defined(TEST_NS_SLIH_IRQ)
/* Watchdog timeout handler. */
void TIMER1_Handler(void)
{
diff --git a/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt b/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt
index db1b391..f899387 100644
--- a/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt
+++ b/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt
@@ -74,6 +74,11 @@
${COMPILER_CMSE_FLAG}
)
+target_compile_definitions(platform_s
+ PUBLIC
+ $<$<BOOL:${TEST_PSA_API}>:PSA_API_TEST_ENABLED>
+)
+
#========================= Platform Non-Secure ================================#
target_sources(platform_ns
@@ -95,6 +100,11 @@
${PLATFORM_DIR}/../interface/include
)
+target_compile_definitions(platform_ns
+ PUBLIC
+ $<$<BOOL:${TEST_PSA_API}>:PSA_API_TEST_ENABLED>
+)
+
#========================= Platform BL2 =======================================#
if(BL2)
diff --git a/platform/ext/target/nordic_nrf/common/core/plat_test.c b/platform/ext/target/nordic_nrf/common/core/plat_test.c
index 9f459f2..1b9eeb5 100644
--- a/platform/ext/target/nordic_nrf/common/core/plat_test.c
+++ b/platform/ext/target/nordic_nrf/common/core/plat_test.c
@@ -29,8 +29,6 @@
#define TIMER_RELOAD_VALUE (1*1000*1000)
#define USERLED_MASK (1UL)
-/* Area used by psa-arch-tests to keep state. */
-#define PSA_TEST_SCRATCH_AREA_SIZE (0x400)
static bool initialized = false;
@@ -141,7 +139,7 @@
timer_stop(NRF_TIMER1);
}
-#if !defined(TFM_ENABLE_SLIH_TEST)
+#if !defined(TEST_NS_SLIH_IRQ)
/* Watchdog timeout handler. */
void TIMER1_Handler(void)
{
@@ -153,9 +151,9 @@
}
#endif
+#ifdef PSA_API_TEST_ENABLED
uint32_t pal_nvmem_get_addr(void)
{
- static __ALIGN(4) uint8_t __psa_scratch[PSA_TEST_SCRATCH_AREA_SIZE];
#ifdef NRF_TRUSTZONE_NONSECURE
static bool psa_scratch_initialized = false;
@@ -166,12 +164,13 @@
int is_pinreset = reset_reason & NRFX_RESET_REASON_RESETPIN_MASK;
if ((reset_reason == 0) || is_pinreset){
/* PSA API tests expect this area to be initialized to all 0xFFs
- * after a power-on or pin reset.
- */
- memset(__psa_scratch, 0xFF, PSA_TEST_SCRATCH_AREA_SIZE);
+ * after a power-on or pin reset.
+ */
+ memset((void*)PSA_TEST_SCRATCH_AREA_BASE, 0xFF, PSA_TEST_SCRATCH_AREA_SIZE);
}
psa_scratch_initialized = true;
}
-#endif
- return (uint32_t)__psa_scratch;
+#endif /* NRF_TRUSTZONE_NONSECURE */
+ return (uint32_t)PSA_TEST_SCRATCH_AREA_BASE;
}
+#endif /* PSA_API_TEST_ENABLED */
diff --git a/platform/ext/target/nordic_nrf/common/nrf5340/partition/region_defs.h b/platform/ext/target/nordic_nrf/common/nrf5340/partition/region_defs.h
index df20890..3651b4b 100644
--- a/platform/ext/target/nordic_nrf/common/nrf5340/partition/region_defs.h
+++ b/platform/ext/target/nordic_nrf/common/nrf5340/partition/region_defs.h
@@ -79,9 +79,8 @@
#define BL2_HEADER_SIZE (0x400) /* 1 KB */
#define BL2_TRAILER_SIZE (0x400) /* 1 KB */
#else
-/* No header if no bootloader, but keep IMAGE_CODE_SIZE the same */
#define BL2_HEADER_SIZE (0x0)
-#define BL2_TRAILER_SIZE (0x800)
+#define BL2_TRAILER_SIZE (0x0)
#endif /* BL2 */
#define IMAGE_S_CODE_SIZE \
@@ -164,4 +163,9 @@
#define BOOT_TFM_SHARED_DATA_LIMIT (BOOT_TFM_SHARED_DATA_BASE + \
BOOT_TFM_SHARED_DATA_SIZE - 1)
+/* Region used by psa-arch-tests to keep state */
+#define PSA_TEST_SCRATCH_AREA_SIZE (0x400)
+#define PSA_TEST_SCRATCH_AREA_BASE (NS_DATA_LIMIT + 1 - \
+ PSA_TEST_SCRATCH_AREA_SIZE)
+
#endif /* __REGION_DEFS_H__ */
diff --git a/platform/ext/target/nordic_nrf/common/nrf9160/partition/region_defs.h b/platform/ext/target/nordic_nrf/common/nrf9160/partition/region_defs.h
index faddce1..98f2080 100644
--- a/platform/ext/target/nordic_nrf/common/nrf9160/partition/region_defs.h
+++ b/platform/ext/target/nordic_nrf/common/nrf9160/partition/region_defs.h
@@ -79,9 +79,8 @@
#define BL2_HEADER_SIZE (0x400) /* 1 KB */
#define BL2_TRAILER_SIZE (0x400) /* 1 KB */
#else
-/* No header if no bootloader, but keep IMAGE_CODE_SIZE the same */
#define BL2_HEADER_SIZE (0x0)
-#define BL2_TRAILER_SIZE (0x800)
+#define BL2_TRAILER_SIZE (0x0)
#endif /* BL2 */
#define IMAGE_S_CODE_SIZE \
@@ -167,4 +166,9 @@
#define BOOT_TFM_SHARED_DATA_LIMIT (BOOT_TFM_SHARED_DATA_BASE + \
BOOT_TFM_SHARED_DATA_SIZE - 1)
+/* Region used by psa-arch-tests to keep state */
+#define PSA_TEST_SCRATCH_AREA_SIZE (0x400)
+#define PSA_TEST_SCRATCH_AREA_BASE (NS_DATA_LIMIT + 1 - \
+ PSA_TEST_SCRATCH_AREA_SIZE)
+
#endif /* __REGION_DEFS_H__ */
diff --git a/platform/ext/target/nuvoton/m2351/device/source/armclang/m2351_s.sct b/platform/ext/target/nuvoton/m2351/device/source/armclang/m2351_s.sct
index 1567b8d..fa3b57f 100644
--- a/platform/ext/target/nuvoton/m2351/device/source/armclang/m2351_s.sct
+++ b/platform/ext/target/nuvoton/m2351/device/source/armclang/m2351_s.sct
@@ -149,13 +149,13 @@
}
#endif /* TFM_PARTITION_TEST_CORE_IPC */
-#ifdef TFM_ENABLE_SLIH_TEST
+#ifdef TEST_NS_SLIH_IRQ
TFM_SLIH_TEST_LINKER +0 ALIGN 32 {
*tfm_Slih_test_service.* (+RO)
*timer_cmsdk* (+RO)
*(TFM_SLIH_TEST_ATTR_FN)
}
-#endif /* TFM_ENABLE_SLIH_TEST */
+#endif /* TEST_NS_SLIH_IRQ */
#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
TFM_SP_SECURE_CLIENT_2_LINKER +0 ALIGN 32 {
@@ -284,7 +284,7 @@
#endif
#endif /* TFM_PARTITION_TEST_CORE_IPC */
-#ifdef TFM_ENABLE_SLIH_TEST
+#ifdef TEST_NS_SLIH_IRQ
TFM_SP_SLIH_TEST_LINKER_DATA +0 ALIGN 32 {
*tfm_slih_test_service.* (+RW +ZI)
*timer_cmsdk* (+RW +ZI)
@@ -296,7 +296,7 @@
TFM_SP_SLIH_TEST_LINKER_STACK +0 ALIGN 128 EMPTY 0x0400 {
}
#endif
-#endif /* TFM_ENABLE_SLIH_TEST */
+#endif /* TEST_NS_SLIH_IRQ */
#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
TFM_SP_SECURE_CLIENT_2_LINKER_DATA +0 ALIGN 32 {
diff --git a/platform/ext/target/nuvoton/m2354/device/source/armclang/m2354_s.sct b/platform/ext/target/nuvoton/m2354/device/source/armclang/m2354_s.sct
index 102ed12..86dd8cf 100644
--- a/platform/ext/target/nuvoton/m2354/device/source/armclang/m2354_s.sct
+++ b/platform/ext/target/nuvoton/m2354/device/source/armclang/m2354_s.sct
@@ -149,13 +149,13 @@
}
#endif /* TFM_PARTITION_TEST_CORE_IPC */
-#ifdef TFM_ENABLE_SLIH_TEST
+#ifdef TEST_NS_SLIH_IRQ
TFM_SP_SLIH_TEST_LINKER +0 ALIGN 32 {
*tfm_slih_test_service.* (+RO)
*timer_cmsdk* (+RO)
*(TFM_SP_SLIH_TEST_ATTR_FN)
}
-#endif /* TFM_ENABLE_SLIH_TEST */
+#endif /* TEST_NS_SLIH_IRQ */
#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
TFM_SP_SECURE_CLIENT_2_LINKER +0 ALIGN 32 {
@@ -278,7 +278,7 @@
#endif
#endif /* TFM_PARTITION_TEST_CORE_IPC */
-#ifdef TFM_ENABLE_SLIH_TEST
+#ifdef TEST_NS_SLIH_IRQ
TFM_SP_SLIH_TEST_LINKER_DATA +0 ALIGN 32 {
*tfm_slih_test_service.* (+RW +ZI)
*timer_cmsdk* (+RW +ZI)
@@ -290,7 +290,7 @@
TFM_SP_SLIH_TEST_LINKER_STACK +0 ALIGN 128 EMPTY 0x0400 {
}
#endif
-#endif /* TFM_ENABLE_SLIH_TEST */
+#endif /* TEST_NS_SLIH_IRQ */
#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
TFM_SP_SECURE_CLIENT_2_LINKER_DATA +0 ALIGN 32 {
diff --git a/platform/ext/target/nxp/common/CMSIS_Driver/Driver_Flash.c b/platform/ext/target/nxp/common/CMSIS_Driver/Driver_Flash_iap1.c
old mode 100755
new mode 100644
similarity index 98%
rename from platform/ext/target/nxp/common/CMSIS_Driver/Driver_Flash.c
rename to platform/ext/target/nxp/common/CMSIS_Driver/Driver_Flash_iap1.c
index f2c9e4e..178e6e0
--- a/platform/ext/target/nxp/common/CMSIS_Driver/Driver_Flash.c
+++ b/platform/ext/target/nxp/common/CMSIS_Driver/Driver_Flash_iap1.c
@@ -1,5 +1,6 @@
/*
* Copyright (c) 2013-2018 ARM Limited. All rights reserved.
+ * Copyright 2019-2020 NXP. All rights reserved.
*
* SPDX-License-Identifier: Apache-2.0
*
@@ -26,6 +27,7 @@
#include "platform_base_address.h"
#include "flash_layout.h"
#include "fsl_iap.h"
+#include "log/tfm_log.h"
#ifndef ARG_UNUSED
#define ARG_UNUSED(arg) ((void)arg)
@@ -318,7 +320,7 @@
uint32_t readbackData[FLASH_DATAW_IDX_MAX + 1];
while (lengthInBytes)
{
- uint32_t alignedStart = ALIGN_DOWN(start, kFLASH_AlignementUnitSingleWordRead);
+ uint32_t alignedStart = ALIGN_DOWN(start, (uint32_t)kFLASH_AlignementUnitSingleWordRead);
status = FLASH_ReadSingleWord(config, alignedStart, readbackData);
if (status != kStatus_FLASH_Success)
{
@@ -343,7 +345,6 @@
static status_t FLASH_ReadSingleWord(flash_config_t *config, uint32_t start, uint32_t *readbackData)
{
status_t status = kStatus_Fail;
- /* uint32_t byteSizes = sizeof(uint32_t) * (FLASH_DATAW_IDX_MAX + 1); */
if (readbackData == NULL)
{
@@ -436,4 +437,4 @@
uint32_t param)
{
return ((param % flash_dev->data->program_unit) != 0) ? (kStatus_Fail) : (kStatus_Success);
-}
+}
\ No newline at end of file
diff --git a/platform/ext/target/nxp/common/crypto_hw.c b/platform/ext/target/nxp/common/crypto_hw.c
new file mode 100644
index 0000000..bad2727
--- /dev/null
+++ b/platform/ext/target/nxp/common/crypto_hw.c
@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
+ * Copyright 2020 NXP. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "crypto_hw.h"
+
+
+/*
+ * \brief Initialize a crypto accelerator
+ */
+int crypto_hw_accelerator_init(void)
+{
+ return 0;
+}
+
+/*
+ * \brief Deallocate a crypto accelerator
+ */
+int crypto_hw_accelerator_finish(void)
+{
+ return 0;
+}
+
+
diff --git a/platform/ext/target/nxp/common/mbedcrypto_user_config.h b/platform/ext/target/nxp/common/mbedcrypto_user_config.h
new file mode 100644
index 0000000..dc7bc24
--- /dev/null
+++ b/platform/ext/target/nxp/common/mbedcrypto_user_config.h
@@ -0,0 +1,58 @@
+/**
+ * \file mbedcrypto_user_config.h
+ *
+ * \brief Target and application specific configurations
+ *
+ * Target and application specific configurations allow user to override any previous default.
+ *
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef MBEDCRYPTO_USER_CONFIG_H
+#define MBEDCRYPTO_USER_CONFIG_H
+
+/**
+ * \def MBEDTLS_HKDF_C
+ *
+ * Enable the HKDF algorithm (RFC 5869).
+ *
+ * Module: library/hkdf.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_MD_C
+ *
+ * This module adds support for the Hashed Message Authentication Code
+ * (HMAC)-based key derivation function (HKDF).
+ */
+#define MBEDTLS_HKDF_C /* Used for HUK deriviation */
+
+/**
+ * \def MBEDTLS_GCM_C
+ *
+ * Enable the Galois/Counter Mode (GCM).
+ *
+ * Module: library/gcm.c
+ *
+ * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or MBEDTLS_ARIA_C
+ *
+ * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
+ * requisites are enabled as well.
+ */
+#define MBEDTLS_GCM_C /* Used by PS by default. Mandatory for TLSv1.2 */
+
+#endif /* MBEDCRYPTO_USER_CONFIG_H */
diff --git a/platform/ext/target/nxp/common/mini_mbedcrypto_config.h b/platform/ext/target/nxp/common/mini_mbedcrypto_config.h
deleted file mode 100755
index 36b2c2b..0000000
--- a/platform/ext/target/nxp/common/mini_mbedcrypto_config.h
+++ /dev/null
@@ -1,2008 +0,0 @@
-/**
- * \file config.h
- *
- * \brief Configuration options (set of defines)
- *
- * This set of compile-time options may be used to enable
- * or disable features selectively, and reduce the global
- * memory footprint.
- */
-/*
- * Copyright (C) 2006-2021, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#ifndef MINI_MBEDCRYPTO_CONFIG_H
-#define MINI_MBEDCRYPTO_CONFIG_H
-
-#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
-#define _CRT_SECURE_NO_DEPRECATE 1
-#endif
-
-/**
- * \name SECTION: System support
- *
- * This section sets system specific settings.
- * \{
- */
-
-/**
- * \def MBEDTLS_HAVE_ASM
- *
- * The compiler has support for asm().
- *
- * Requires support for asm() in compiler.
- *
- * Used in:
- * library/aria.c
- * library/timing.c
- * include/mbedtls/bn_mul.h
- *
- * Required by:
- * MBEDTLS_AESNI_C
- * MBEDTLS_PADLOCK_C
- *
- * Comment to disable the use of assembly code.
- */
-#define MBEDTLS_HAVE_ASM
-
-/**
- * \def MBEDTLS_NO_UDBL_DIVISION
- *
- * The platform lacks support for double-width integer division (64-bit
- * division on a 32-bit platform, 128-bit division on a 64-bit platform).
- *
- * Used in:
- * include/mbedtls/bignum.h
- * library/bignum.c
- *
- * The bignum code uses double-width division to speed up some operations.
- * Double-width division is often implemented in software that needs to
- * be linked with the program. The presence of a double-width integer
- * type is usually detected automatically through preprocessor macros,
- * but the automatic detection cannot know whether the code needs to
- * and can be linked with an implementation of division for that type.
- * By default division is assumed to be usable if the type is present.
- * Uncomment this option to prevent the use of double-width division.
- *
- * Note that division for the native integer type is always required.
- * Furthermore, a 64-bit type is always required even on a 32-bit
- * platform, but it need not support multiplication or division. In some
- * cases it is also desirable to disable some double-width operations. For
- * example, if double-width division is implemented in software, disabling
- * it can reduce code size in some embedded targets.
- */
-//#define MBEDTLS_NO_UDBL_DIVISION
-
-/**
- * \def MBEDTLS_NO_64BIT_MULTIPLICATION
- *
- * The platform lacks support for 32x32 -> 64-bit multiplication.
- *
- * Used in:
- * library/poly1305.c
- *
- * Some parts of the library may use multiplication of two unsigned 32-bit
- * operands with a 64-bit result in order to speed up computations. On some
- * platforms, this is not available in hardware and has to be implemented in
- * software, usually in a library provided by the toolchain.
- *
- * Sometimes it is not desirable to have to link to that library. This option
- * removes the dependency of that library on platforms that lack a hardware
- * 64-bit multiplier by embedding a software implementation in Mbed TLS.
- *
- * Note that depending on the compiler, this may decrease performance compared
- * to using the library function provided by the toolchain.
- */
-//#define MBEDTLS_NO_64BIT_MULTIPLICATION
-
-/**
- * \def MBEDTLS_HAVE_SSE2
- *
- * CPU supports SSE2 instruction set.
- *
- * Uncomment if the CPU supports SSE2 (IA-32 specific).
- */
-//#define MBEDTLS_HAVE_SSE2
-
-/**
- * \def MBEDTLS_HAVE_TIME
- *
- * System has time.h and time().
- * The time does not need to be correct, only time differences are used,
- * by contrast with MBEDTLS_HAVE_TIME_DATE
- *
- * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT,
- * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and
- * MBEDTLS_PLATFORM_STD_TIME.
- *
- * Comment if your system does not support time functions
- */
-//#define MBEDTLS_HAVE_TIME
-
-/**
- * \def MBEDTLS_HAVE_TIME_DATE
- *
- * System has time.h, time(), and an implementation for
- * mbedtls_platform_gmtime_r() (see below).
- * The time needs to be correct (not necessarily very accurate, but at least
- * the date should be correct). This is used to verify the validity period of
- * X.509 certificates.
- *
- * Comment if your system does not have a correct clock.
- *
- * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that
- * behaves similarly to the gmtime_r() function from the C standard. Refer to
- * the documentation for mbedtls_platform_gmtime_r() for more information.
- *
- * \note It is possible to configure an implementation for
- * mbedtls_platform_gmtime_r() at compile-time by using the macro
- * MBEDTLS_PLATFORM_GMTIME_R_ALT.
- */
-//#define MBEDTLS_HAVE_TIME_DATE
-
-/**
- * \def MBEDTLS_PLATFORM_MEMORY
- *
- * Enable the memory allocation layer.
- *
- * By default mbed TLS uses the system-provided calloc() and free().
- * This allows different allocators (self-implemented or provided) to be
- * provided to the platform abstraction layer.
- *
- * Enabling MBEDTLS_PLATFORM_MEMORY without the
- * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
- * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
- * free() function pointer at runtime.
- *
- * Enabling MBEDTLS_PLATFORM_MEMORY and specifying
- * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
- * alternate function at compile time.
- *
- * Requires: MBEDTLS_PLATFORM_C
- *
- * Enable this layer to allow use of alternative memory allocators.
- */
-#define MBEDTLS_PLATFORM_MEMORY
-
-/**
- * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
- *
- * Do not assign standard functions in the platform layer (e.g. calloc() to
- * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF)
- *
- * This makes sure there are no linking errors on platforms that do not support
- * these functions. You will HAVE to provide alternatives, either at runtime
- * via the platform_set_xxx() functions or at compile time by setting
- * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a
- * MBEDTLS_PLATFORM_XXX_MACRO.
- *
- * Requires: MBEDTLS_PLATFORM_C
- *
- * Uncomment to prevent default assignment of standard functions in the
- * platform layer.
- */
-//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
-
-/**
- * \def MBEDTLS_PLATFORM_EXIT_ALT
- *
- * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the
- * function in the platform abstraction layer.
- *
- * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will
- * provide a function "mbedtls_platform_set_printf()" that allows you to set an
- * alternative printf function pointer.
- *
- * All these define require MBEDTLS_PLATFORM_C to be defined!
- *
- * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows;
- * it will be enabled automatically by check_config.h
- *
- * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as
- * MBEDTLS_PLATFORM_XXX_MACRO!
- *
- * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME
- *
- * Uncomment a macro to enable alternate implementation of specific base
- * platform function
- */
-//#define MBEDTLS_PLATFORM_EXIT_ALT
-//#define MBEDTLS_PLATFORM_TIME_ALT
-//#define MBEDTLS_PLATFORM_FPRINTF_ALT
-//#define MBEDTLS_PLATFORM_PRINTF_ALT
-//#define MBEDTLS_PLATFORM_SNPRINTF_ALT
-//#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
-//#define MBEDTLS_PLATFORM_NV_SEED_ALT
-//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT
-
-/**
- * \def MBEDTLS_DEPRECATED_WARNING
- *
- * Mark deprecated functions so that they generate a warning if used.
- * Functions deprecated in one version will usually be removed in the next
- * version. You can enable this to help you prepare the transition to a new
- * major version by making sure your code is not using these functions.
- *
- * This only works with GCC and Clang. With other compilers, you may want to
- * use MBEDTLS_DEPRECATED_REMOVED
- *
- * Uncomment to get warnings on using deprecated functions.
- */
-//#define MBEDTLS_DEPRECATED_WARNING
-
-/**
- * \def MBEDTLS_DEPRECATED_REMOVED
- *
- * Remove deprecated functions so that they generate an error if used.
- * Functions deprecated in one version will usually be removed in the next
- * version. You can enable this to help you prepare the transition to a new
- * major version by making sure your code is not using these functions.
- *
- * Uncomment to get errors on using deprecated functions.
- */
-//#define MBEDTLS_DEPRECATED_REMOVED
-
-/**
- * \def MBEDTLS_CHECK_PARAMS
- *
- * This configuration option controls whether the library validates more of
- * the parameters passed to it.
- *
- * When this flag is not defined, the library only attempts to validate an
- * input parameter if: (1) they may come from the outside world (such as the
- * network, the filesystem, etc.) or (2) not validating them could result in
- * internal memory errors such as overflowing a buffer controlled by the
- * library. On the other hand, it doesn't attempt to validate parameters whose
- * values are fully controlled by the application (such as pointers).
- *
- * When this flag is defined, the library additionally attempts to validate
- * parameters that are fully controlled by the application, and should always
- * be valid if the application code is fully correct and trusted.
- *
- * For example, when a function accepts as input a pointer to a buffer that may
- * contain untrusted data, and its documentation mentions that this pointer
- * must not be NULL:
- * - the pointer is checked to be non-NULL only if this option is enabled
- * - the content of the buffer is always validated
- *
- * When this flag is defined, if a library function receives a parameter that
- * is invalid, it will:
- * - invoke the macro MBEDTLS_PARAM_FAILED() which by default expands to a
- * call to the function mbedtls_param_failed()
- * - immediately return (with a specific error code unless the function
- * returns void and can't communicate an error).
- *
- * When defining this flag, you also need to:
- * - either provide a definition of the function mbedtls_param_failed() in
- * your application (see platform_util.h for its prototype) as the library
- * calls that function, but does not provide a default definition for it,
- * - or provide a different definition of the macro MBEDTLS_PARAM_FAILED()
- * below if the above mechanism is not flexible enough to suit your needs.
- * See the documentation of this macro later in this file.
- *
- * Uncomment to enable validation of application-controlled parameters.
- */
-//#define MBEDTLS_CHECK_PARAMS
-
-/* \} name SECTION: System support */
-
-/**
- * \name SECTION: mbed TLS feature support
- *
- * This section sets support for features that are or are not needed
- * within the modules that are enabled.
- * \{
- */
-
-/**
- * \def MBEDTLS_TIMING_ALT
- *
- * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(),
- * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay()
- *
- * Only works if you have MBEDTLS_TIMING_C enabled.
- *
- * You will need to provide a header "timing_alt.h" and an implementation at
- * compile time.
- */
-//#define MBEDTLS_TIMING_ALT
-
-/**
- * \def MBEDTLS_AES_ALT
- *
- * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your
- * alternate core implementation of a symmetric crypto, an arithmetic or hash
- * module (e.g. platform specific assembly optimized implementations). Keep
- * in mind that the function prototypes should remain the same.
- *
- * This replaces the whole module. If you only want to replace one of the
- * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
- *
- * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer
- * provide the "struct mbedtls_aes_context" definition and omit the base
- * function declarations and implementations. "aes_alt.h" will be included from
- * "aes.h" to include the new function definitions.
- *
- * Uncomment a macro to enable alternate implementation of the corresponding
- * module.
- *
- * \warning MD2, MD4, MD5, ARC4, DES and SHA-1 are considered weak and their
- * use constitutes a security risk. If possible, we recommend
- * avoiding dependencies on them, and considering stronger message
- * digests and ciphers instead.
- *
- */
-//#define MBEDTLS_AES_ALT
-//#define MBEDTLS_ARC4_ALT
-//#define MBEDTLS_ARIA_ALT
-//#define MBEDTLS_BLOWFISH_ALT
-//#define MBEDTLS_CAMELLIA_ALT
-//#define MBEDTLS_CCM_ALT
-//#define MBEDTLS_CHACHA20_ALT
-//#define MBEDTLS_CHACHAPOLY_ALT
-//#define MBEDTLS_CMAC_ALT
-//#define MBEDTLS_DES_ALT
-//#define MBEDTLS_DHM_ALT
-//#define MBEDTLS_ECJPAKE_ALT
-//#define MBEDTLS_GCM_ALT
-//#define MBEDTLS_NIST_KW_ALT
-//#define MBEDTLS_MD2_ALT
-//#define MBEDTLS_MD4_ALT
-//#define MBEDTLS_MD5_ALT
-//#define MBEDTLS_POLY1305_ALT
-//#define MBEDTLS_RIPEMD160_ALT
-//#define MBEDTLS_RSA_ALT
-//#define MBEDTLS_SHA1_ALT
-//#define MBEDTLS_SHA256_ALT
-//#define MBEDTLS_SHA512_ALT
-//#define MBEDTLS_XTEA_ALT
-
-/*
- * When replacing the elliptic curve module, pleace consider, that it is
- * implemented with two .c files:
- * - ecp.c
- * - ecp_curves.c
- * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT
- * macros as described above. The only difference is that you have to make sure
- * that you provide functionality for both .c files.
- */
-//#define MBEDTLS_ECP_ALT
-
-/**
- * \def MBEDTLS_MD2_PROCESS_ALT
- *
- * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you
- * alternate core implementation of symmetric crypto or hash function. Keep in
- * mind that function prototypes should remain the same.
- *
- * This replaces only one function. The header file from mbed TLS is still
- * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
- *
- * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
- * no longer provide the mbedtls_sha1_process() function, but it will still provide
- * the other function (using your mbedtls_sha1_process() function) and the definition
- * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
- * with this definition.
- *
- * \note Because of a signature change, the core AES encryption and decryption routines are
- * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt,
- * respectively. When setting up alternative implementations, these functions should
- * be overridden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt
- * must stay untouched.
- *
- * \note If you use the AES_xxx_ALT macros, then is is recommended to also set
- * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
- * tables.
- *
- * Uncomment a macro to enable alternate implementation of the corresponding
- * function.
- *
- * \warning MD2, MD4, MD5, DES and SHA-1 are considered weak and their use
- * constitutes a security risk. If possible, we recommend avoiding
- * dependencies on them, and considering stronger message digests
- * and ciphers instead.
- *
- */
-//#define MBEDTLS_MD2_PROCESS_ALT
-//#define MBEDTLS_MD4_PROCESS_ALT
-//#define MBEDTLS_MD5_PROCESS_ALT
-//#define MBEDTLS_RIPEMD160_PROCESS_ALT
-//#define MBEDTLS_SHA1_PROCESS_ALT
-//#define MBEDTLS_SHA256_PROCESS_ALT
-//#define MBEDTLS_SHA512_PROCESS_ALT
-//#define MBEDTLS_DES_SETKEY_ALT
-//#define MBEDTLS_DES_CRYPT_ECB_ALT
-//#define MBEDTLS_DES3_CRYPT_ECB_ALT
-//#define MBEDTLS_AES_SETKEY_ENC_ALT
-//#define MBEDTLS_AES_SETKEY_DEC_ALT
-//#define MBEDTLS_AES_ENCRYPT_ALT
-//#define MBEDTLS_AES_DECRYPT_ALT
-//#define MBEDTLS_ECDH_GEN_PUBLIC_ALT
-//#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT
-//#define MBEDTLS_ECDSA_VERIFY_ALT
-//#define MBEDTLS_ECDSA_SIGN_ALT
-//#define MBEDTLS_ECDSA_GENKEY_ALT
-
-/**
- * \def MBEDTLS_ECP_INTERNAL_ALT
- *
- * Expose a part of the internal interface of the Elliptic Curve Point module.
- *
- * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your
- * alternative core implementation of elliptic curve arithmetic. Keep in mind
- * that function prototypes should remain the same.
- *
- * This partially replaces one function. The header file from mbed TLS is still
- * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation
- * is still present and it is used for group structures not supported by the
- * alternative.
- *
- * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT
- * and implementing the following functions:
- * unsigned char mbedtls_internal_ecp_grp_capable(
- * const mbedtls_ecp_group *grp )
- * int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp )
- * void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp )
- * The mbedtls_internal_ecp_grp_capable function should return 1 if the
- * replacement functions implement arithmetic for the given group and 0
- * otherwise.
- * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_free are
- * called before and after each point operation and provide an opportunity to
- * implement optimized set up and tear down instructions.
- *
- * Example: In case you uncomment MBEDTLS_ECP_INTERNAL_ALT and
- * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac
- * function, but will use your mbedtls_internal_ecp_double_jac if the group is
- * supported (your mbedtls_internal_ecp_grp_capable function returns 1 when
- * receives it as an argument). If the group is not supported then the original
- * implementation is used. The other functions and the definition of
- * mbedtls_ecp_group and mbedtls_ecp_point will not change, so your
- * implementation of mbedtls_internal_ecp_double_jac and
- * mbedtls_internal_ecp_grp_capable must be compatible with this definition.
- *
- * Uncomment a macro to enable alternate implementation of the corresponding
- * function.
- */
-/* Required for all the functions in this section */
-//#define MBEDTLS_ECP_INTERNAL_ALT
-/* Support for Weierstrass curves with Jacobi representation */
-//#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT
-//#define MBEDTLS_ECP_ADD_MIXED_ALT
-//#define MBEDTLS_ECP_DOUBLE_JAC_ALT
-//#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT
-//#define MBEDTLS_ECP_NORMALIZE_JAC_ALT
-/* Support for curves with Montgomery arithmetic */
-//#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT
-//#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT
-//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT
-
-/**
- * \def MBEDTLS_TEST_NULL_ENTROPY
- *
- * Enables testing and use of mbed TLS without any configured entropy sources.
- * This permits use of the library on platforms before an entropy source has
- * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the
- * MBEDTLS_ENTROPY_NV_SEED switches).
- *
- * WARNING! This switch MUST be disabled in production builds, and is suitable
- * only for development.
- * Enabling the switch negates any security provided by the library.
- *
- * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
- *
- */
-//#define MBEDTLS_TEST_NULL_ENTROPY
-
-/**
- * \def MBEDTLS_ENTROPY_HARDWARE_ALT
- *
- * Uncomment this macro to let mbed TLS use your own implementation of a
- * hardware entropy collector.
- *
- * Your function must be called \c mbedtls_hardware_poll(), have the same
- * prototype as declared in entropy_poll.h, and accept NULL as first argument.
- *
- * Uncomment to use your own hardware entropy collector.
- */
-#define MBEDTLS_ENTROPY_HARDWARE_ALT
-
-/**
- * \def MBEDTLS_AES_ROM_TABLES
- *
- * Use precomputed AES tables stored in ROM.
- *
- * Uncomment this macro to use precomputed AES tables stored in ROM.
- * Comment this macro to generate AES tables in RAM at runtime.
- *
- * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb
- * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the
- * initialization time before the first AES operation can be performed.
- * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c
- * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded
- * performance if ROM access is slower than RAM access.
- *
- * This option is independent of \c MBEDTLS_AES_FEWER_TABLES.
- *
- */
-#define MBEDTLS_AES_ROM_TABLES //DM
-
-/**
- * \def MBEDTLS_AES_FEWER_TABLES
- *
- * Use less ROM/RAM for AES tables.
- *
- * Uncommenting this macro omits 75% of the AES tables from
- * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES)
- * by computing their values on the fly during operations
- * (the tables are entry-wise rotations of one another).
- *
- * Tradeoff: Uncommenting this reduces the RAM / ROM footprint
- * by ~6kb but at the cost of more arithmetic operations during
- * runtime. Specifically, one has to compare 4 accesses within
- * different tables to 4 accesses with additional arithmetic
- * operations within the same table. The performance gain/loss
- * depends on the system and memory details.
- *
- * This option is independent of \c MBEDTLS_AES_ROM_TABLES.
- *
- */
-#define MBEDTLS_AES_FEWER_TABLES //DM
-
-/**
- * \def MBEDTLS_CAMELLIA_SMALL_MEMORY
- *
- * Use less ROM for the Camellia implementation (saves about 768 bytes).
- *
- * Uncomment this macro to use less memory for Camellia.
- */
-//#define MBEDTLS_CAMELLIA_SMALL_MEMORY
-
-/**
- * \def MBEDTLS_CIPHER_MODE_CBC
- *
- * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
- */
-#define MBEDTLS_CIPHER_MODE_CBC
-
-/**
- * \def MBEDTLS_CIPHER_MODE_CFB
- *
- * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
- */
-#define MBEDTLS_CIPHER_MODE_CFB
-
-/**
- * \def MBEDTLS_CIPHER_MODE_CTR
- *
- * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
- */
-#define MBEDTLS_CIPHER_MODE_CTR
-
-/**
- * \def MBEDTLS_CIPHER_MODE_OFB
- *
- * Enable Output Feedback mode (OFB) for symmetric ciphers.
- */
-//#define MBEDTLS_CIPHER_MODE_OFB
-
-/**
- * \def MBEDTLS_CIPHER_MODE_XTS
- *
- * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES.
- */
-//#define MBEDTLS_CIPHER_MODE_XTS
-
-/**
- * \def MBEDTLS_CIPHER_NULL_CIPHER
- *
- * Enable NULL cipher.
- * Warning: Only do so when you know what you are doing. This allows for
- * encryption or channels without any security!
- *
- * This module is required to support the TLS ciphersuites that use the NULL
- * cipher.
- *
- * Uncomment this macro to enable the NULL cipher
- */
-//#define MBEDTLS_CIPHER_NULL_CIPHER
-
-/**
- * \def MBEDTLS_CIPHER_PADDING_PKCS7
- *
- * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for
- * specific padding modes in the cipher layer with cipher modes that support
- * padding (e.g. CBC)
- *
- * If you disable all padding modes, only full blocks can be used with CBC.
- *
- * Enable padding modes in the cipher layer.
- */
-//#define MBEDTLS_CIPHER_PADDING_PKCS7
-//#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
-//#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
-//#define MBEDTLS_CIPHER_PADDING_ZEROS
-
-/**
- * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
- *
- * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve
- * module. By default all supported curves are enabled.
- *
- * Comment macros to disable the curve and functions for it
- */
-//#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
-//#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
- #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
-//#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
-//#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
-//#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
-//#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
-//#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
-//#define MBEDTLS_ECP_DP_BP256R1_ENABLED
-//#define MBEDTLS_ECP_DP_BP384R1_ENABLED
-//#define MBEDTLS_ECP_DP_BP512R1_ENABLED
-//#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
-//#define MBEDTLS_ECP_DP_CURVE448_ENABLED
-
-/**
- * \def MBEDTLS_ECP_NIST_OPTIM
- *
- * Enable specific 'modulo p' routines for each NIST prime.
- * Depending on the prime and architecture, makes operations 4 to 8 times
- * faster on the corresponding curve.
- *
- * Comment this macro to disable NIST curves optimisation.
- */
-#define MBEDTLS_ECP_NIST_OPTIM
-
-/**
- * \def MBEDTLS_ECP_RESTARTABLE
- *
- * Enable "non-blocking" ECC operations that can return early and be resumed.
- *
- * This allows various functions to pause by returning
- * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in Mbed TLS's SSL module,
- * MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in order
- * to further progress and eventually complete their operation. This is
- * controlled through mbedtls_ecp_set_max_ops() which limits the maximum number
- * of ECC operations a function may perform before pausing; see
- * mbedtls_ecp_set_max_ops() for more information.
- *
- * This is useful in non-threaded environments if you want to avoid blocking
- * for too long on ECC (and, hence, X.509 or SSL/TLS) operations.
- *
- * Uncomment this macro to enable restartable ECC computations.
- *
- * \note This option only works with the default software implementation of
- * elliptic curve functionality. It is incompatible with
- * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT
- * and MBEDTLS_ECDH_LEGACY_CONTEXT.
- */
-//#define MBEDTLS_ECP_RESTARTABLE
-
-/**
- * \def MBEDTLS_ECDH_LEGACY_CONTEXT
- *
- * Use a backward compatible ECDH context.
- *
- * Mbed TLS supports two formats for ECDH contexts (#mbedtls_ecdh_context
- * defined in `ecdh.h`). For most applications, the choice of format makes
- * no difference, since all library functions can work with either format,
- * except that the new format is incompatible with MBEDTLS_ECP_RESTARTABLE.
-
- * The new format used when this option is disabled is smaller
- * (56 bytes on a 32-bit platform). In future versions of the library, it
- * will support alternative implementations of ECDH operations.
- * The new format is incompatible with applications that access
- * context fields directly and with restartable ECP operations.
- *
- * Define this macro if you enable MBEDTLS_ECP_RESTARTABLE or if you
- * want to access ECDH context fields directly. Otherwise you should
- * comment out this macro definition.
- *
- * This option has no effect if #MBEDTLS_ECDH_C is not enabled.
- *
- * \note This configuration option is experimental. Future versions of the
- * library may modify the way the ECDH context layout is configured
- * and may modify the layout of the new context type.
- */
-#define MBEDTLS_ECDH_LEGACY_CONTEXT
-
-/**
- * \def MBEDTLS_ECDSA_DETERMINISTIC
- *
- * Enable deterministic ECDSA (RFC 6979).
- * Standard ECDSA is "fragile" in the sense that lack of entropy when signing
- * may result in a compromise of the long-term signing key. This is avoided by
- * the deterministic variant.
- *
- * Requires: MBEDTLS_HMAC_DRBG_C
- *
- * Comment this macro to disable deterministic ECDSA.
- */
-#define MBEDTLS_ECDSA_DETERMINISTIC
-
-/**
- * \def MBEDTLS_PK_PARSE_EC_EXTENDED
- *
- * Enhance support for reading EC keys using variants of SEC1 not allowed by
- * RFC 5915 and RFC 5480.
- *
- * Currently this means parsing the SpecifiedECDomain choice of EC
- * parameters (only known groups are supported, not arbitrary domains, to
- * avoid validation issues).
- *
- * Disable if you only need to support RFC 5915 + 5480 key formats.
- */
-//#define MBEDTLS_PK_PARSE_EC_EXTENDED
-
-/**
- * \def MBEDTLS_ERROR_STRERROR_DUMMY
- *
- * Enable a dummy error function to make use of mbedtls_strerror() in
- * third party libraries easier when MBEDTLS_ERROR_C is disabled
- * (no effect when MBEDTLS_ERROR_C is enabled).
- *
- * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're
- * not using mbedtls_strerror() or error_strerror() in your application.
- *
- * Disable if you run into name conflicts and want to really remove the
- * mbedtls_strerror()
- */
-#define MBEDTLS_ERROR_STRERROR_DUMMY
-
-/**
- * \def MBEDTLS_GENPRIME
- *
- * Enable the prime-number generation code.
- *
- * Requires: MBEDTLS_BIGNUM_C
- */
-//#define MBEDTLS_GENPRIME
-
-/**
- * \def MBEDTLS_FS_IO
- *
- * Enable functions that use the filesystem.
- */
-//#define MBEDTLS_FS_IO
-
-/**
- * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
- *
- * Do not add default entropy sources. These are the platform specific,
- * mbedtls_timing_hardclock and HAVEGE based poll functions.
- *
- * This is useful to have more control over the added entropy sources in an
- * application.
- *
- * Uncomment this macro to prevent loading of default entropy functions.
- */
-//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
-
-/**
- * \def MBEDTLS_NO_PLATFORM_ENTROPY
- *
- * Do not use built-in platform entropy functions.
- * This is useful if your platform does not support
- * standards like the /dev/urandom or Windows CryptoAPI.
- *
- * Uncomment this macro to disable the built-in platform entropy functions.
- */
-#define MBEDTLS_NO_PLATFORM_ENTROPY
-
-/**
- * \def MBEDTLS_ENTROPY_FORCE_SHA256
- *
- * Force the entropy accumulator to use a SHA-256 accumulator instead of the
- * default SHA-512 based one (if both are available).
- *
- * Requires: MBEDTLS_SHA256_C
- *
- * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
- * if you have performance concerns.
- *
- * This option is only useful if both MBEDTLS_SHA256_C and
- * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
- */
-//#define MBEDTLS_ENTROPY_FORCE_SHA256
-
-/**
- * \def MBEDTLS_ENTROPY_NV_SEED
- *
- * Enable the non-volatile (NV) seed file-based entropy source.
- * (Also enables the NV seed read/write functions in the platform layer)
- *
- * This is crucial (if not required) on systems that do not have a
- * cryptographic entropy source (in hardware or kernel) available.
- *
- * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C
- *
- * \note The read/write functions that are used by the entropy source are
- * determined in the platform layer, and can be modified at runtime and/or
- * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used.
- *
- * \note If you use the default implementation functions that read a seedfile
- * with regular fopen(), please make sure you make a seedfile with the
- * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at
- * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from
- * and written to or you will get an entropy source error! The default
- * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE
- * bytes from the file.
- *
- * \note The entropy collector will write to the seed file before entropy is
- * given to an external source, to update it.
- */
-//#define MBEDTLS_ENTROPY_NV_SEED
-
-/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
- *
- * Enable key identifiers that encode a key owner identifier.
- *
- * This is only meaningful when building the library as part of a
- * multi-client service. When you activate this option, you must provide an
- * implementation of the type mbedtls_key_owner_id_t and a translation from
- * mbedtls_svc_key_id_t to file name in all the storage backends that you
- * you wish to support.
- *
- * Note that this option is meant for internal use only and may be removed
- * without notice.
- */
-//#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
-
-/**
- * \def MBEDTLS_MEMORY_DEBUG
- *
- * Enable debugging of buffer allocator memory issues. Automatically prints
- * (to stderr) all (fatal) messages on memory allocation issues. Enables
- * function for 'debug output' of allocated memory.
- *
- * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
- *
- * Uncomment this macro to let the buffer allocator print out error messages.
- */
-//#define MBEDTLS_MEMORY_DEBUG
-
-/**
- * \def MBEDTLS_MEMORY_BACKTRACE
- *
- * Include backtrace information with each allocated block.
- *
- * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
- * GLIBC-compatible backtrace() an backtrace_symbols() support
- *
- * Uncomment this macro to include backtrace information
- */
-//#define MBEDTLS_MEMORY_BACKTRACE
-
-/**
- * \def MBEDTLS_PK_RSA_ALT_SUPPORT
- *
- * Support external private RSA keys (eg from a HSM) in the PK layer.
- *
- * Comment this macro to disable support for external private RSA keys.
- */
-#define MBEDTLS_PK_RSA_ALT_SUPPORT
-
-/**
- * \def MBEDTLS_PKCS1_V15
- *
- * Enable support for PKCS#1 v1.5 encoding.
- *
- * Requires: MBEDTLS_RSA_C
- *
- * This enables support for PKCS#1 v1.5 operations.
- */
-//#define MBEDTLS_PKCS1_V15
-
-/**
- * \def MBEDTLS_PKCS1_V21
- *
- * Enable support for PKCS#1 v2.1 encoding.
- *
- * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C
- *
- * This enables support for RSAES-OAEP and RSASSA-PSS operations.
- */
-#define MBEDTLS_PKCS1_V21
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_SPM
- *
- * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure
- * Partition Manager) integration which separates the code into two parts: a
- * NSPE (Non-Secure Process Environment) and an SPE (Secure Process
- * Environment).
- *
- * Module: library/psa_crypto.c
- * Requires: MBEDTLS_PSA_CRYPTO_C
- *
- */
-#define MBEDTLS_PSA_CRYPTO_SPM
-
-/**
- * \def MBEDTLS_PSA_INJECT_ENTROPY
- *
- * Enable support for entropy injection at first boot. This feature is
- * required on systems that do not have a built-in entropy source (TRNG).
- * This feature is currently not supported on systems that have a built-in
- * entropy source.
- *
- * Requires: MBEDTLS_PSA_CRYPTO_STORAGE_C, MBEDTLS_ENTROPY_NV_SEED
- *
- */
-//#define MBEDTLS_PSA_INJECT_ENTROPY
-
-/**
- * \def MBEDTLS_RSA_NO_CRT
- *
- * Do not use the Chinese Remainder Theorem
- * for the RSA private operation.
- *
- * Uncomment this macro to disable the use of CRT in RSA.
- *
- */
-//#define MBEDTLS_RSA_NO_CRT
-
-/**
- * \def MBEDTLS_SELF_TEST
- *
- * Enable the checkup functions (*_self_test).
- */
-//#define MBEDTLS_SELF_TEST
-
-/**
- * \def MBEDTLS_SHA256_SMALLER
- *
- * Enable an implementation of SHA-256 that has lower ROM footprint but also
- * lower performance.
- *
- * The default implementation is meant to be a reasonnable compromise between
- * performance and size. This version optimizes more aggressively for size at
- * the expense of performance. Eg on Cortex-M4 it reduces the size of
- * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
- * 30%.
- *
- * Uncomment to enable the smaller implementation of SHA256.
- */
-#define MBEDTLS_SHA256_SMALLER
-
-/**
- * \def MBEDTLS_THREADING_ALT
- *
- * Provide your own alternate threading implementation.
- *
- * Requires: MBEDTLS_THREADING_C
- *
- * Uncomment this to allow your own alternate threading implementation.
- */
-//#define MBEDTLS_THREADING_ALT
-
-/**
- * \def MBEDTLS_THREADING_PTHREAD
- *
- * Enable the pthread wrapper layer for the threading layer.
- *
- * Requires: MBEDTLS_THREADING_C
- *
- * Uncomment this to enable pthread mutexes.
- */
-//#define MBEDTLS_THREADING_PTHREAD
-
-/**
- * \def MBEDTLS_USE_PSA_CRYPTO
- *
- * Make the X.509 and TLS library use PSA for cryptographic operations, see
- * #MBEDTLS_PSA_CRYPTO_C.
- *
- * Note: this option is still in progress, the full X.509 and TLS modules are
- * not covered yet, but parts that are not ported to PSA yet will still work
- * as usual, so enabling this option should not break backwards compatibility.
- *
- * \warning Support for PSA is still an experimental feature.
- * Any public API that depends on this option may change
- * at any time until this warning is removed.
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C.
- */
-//#define MBEDTLS_USE_PSA_CRYPTO
-
-/**
- * \def MBEDTLS_VERSION_FEATURES
- *
- * Allow run-time checking of compile-time enabled features. Thus allowing users
- * to check at run-time if the library is for instance compiled with threading
- * support via mbedtls_version_check_feature().
- *
- * Requires: MBEDTLS_VERSION_C
- *
- * Comment this to disable run-time checking and save ROM space
- */
-//#define MBEDTLS_VERSION_FEATURES
-
-/* \} name SECTION: mbed TLS feature support */
-
-/**
- * \name SECTION: mbed TLS modules
- *
- * This section enables or disables entire modules in mbed TLS
- * \{
- */
-
-/**
- * \def MBEDTLS_AESNI_C
- *
- * Enable AES-NI support on x86-64.
- *
- * Module: library/aesni.c
- * Caller: library/aes.c
- *
- * Requires: MBEDTLS_HAVE_ASM
- *
- * This modules adds support for the AES-NI instructions on x86-64
- */
-//#define MBEDTLS_AESNI_C
-
-/**
- * \def MBEDTLS_AES_C
- *
- * Enable the AES block cipher.
- *
- * Module: library/aes.c
- * Caller: library/cipher.c
- * library/pem.c
- * library/ctr_drbg.c
- *
- * This module is required to support the TLS ciphersuites that use the AES
- * cipher.
- *
- * PEM_PARSE uses AES for decrypting encrypted keys.
- */
-#define MBEDTLS_AES_C
-
-/**
- * \def MBEDTLS_ARC4_C
- *
- * Enable the ARCFOUR stream cipher.
- *
- * Module: library/arc4.c
- * Caller: library/cipher.c
- *
- * This module is required to support the TLS ciphersuites that use the ARC4
- * cipher.
- *
- * \warning ARC4 is considered a weak cipher and its use constitutes a
- * security risk. If possible, we recommend avoidng dependencies on
- * it, and considering stronger ciphers instead.
- *
- */
-//#define MBEDTLS_ARC4_C
-
-/**
- * \def MBEDTLS_ASN1_PARSE_C
- *
- * Enable the generic ASN1 parser.
- *
- * Module: library/asn1.c
- * Caller: library/dhm.c
- * library/pkcs12.c
- * library/pkcs5.c
- * library/pkparse.c
- */
-#define MBEDTLS_ASN1_PARSE_C
-
-/**
- * \def MBEDTLS_ASN1_WRITE_C
- *
- * Enable the generic ASN1 writer.
- *
- * Module: library/asn1write.c
- * Caller: library/ecdsa.c
- * library/pkwrite.c
- */
-#define MBEDTLS_ASN1_WRITE_C
-
-/**
- * \def MBEDTLS_BASE64_C
- *
- * Enable the Base64 module.
- *
- * Module: library/base64.c
- * Caller: library/pem.c
- *
- * This module is required for PEM support (required by X.509).
- */
-#define MBEDTLS_BASE64_C
-
-/**
- * \def MBEDTLS_BIGNUM_C
- *
- * Enable the multi-precision integer library.
- *
- * Module: library/bignum.c
- * Caller: library/dhm.c
- * library/ecp.c
- * library/ecdsa.c
- * library/rsa.c
- * library/rsa_internal.c
- *
- * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
- */
-#define MBEDTLS_BIGNUM_C
-
-/**
- * \def MBEDTLS_BLOWFISH_C
- *
- * Enable the Blowfish block cipher.
- *
- * Module: library/blowfish.c
- */
-//#define MBEDTLS_BLOWFISH_C
-
-/**
- * \def MBEDTLS_CAMELLIA_C
- *
- * Enable the Camellia block cipher.
- *
- * Module: library/camellia.c
- * Caller: library/cipher.c
- *
- * This module is required to support the TLS ciphersuites that use the
- * Camellia cipher.
- */
-//#define MBEDTLS_CAMELLIA_C
-
-/**
- * \def MBEDTLS_ARIA_C
- *
- * Enable the ARIA block cipher.
- *
- * Module: library/aria.c
- * Caller: library/cipher.c
- *
- * This module is required to support the TLS ciphersuites that use the
- * ARIA cipher.
- */
-//#define MBEDTLS_ARIA_C
-
-/**
- * \def MBEDTLS_CCM_C
- *
- * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
- *
- * Module: library/ccm.c
- *
- * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
- *
- * This module is required to support AES-CCM ciphersuites in TLS.
- */
-#define MBEDTLS_CCM_C
-
-/**
- * \def MBEDTLS_CHACHA20_C
- *
- * Enable the ChaCha20 stream cipher.
- *
- * Module: library/chacha20.c
- */
-//#define MBEDTLS_CHACHA20_C
-
-/**
- * \def MBEDTLS_CHACHAPOLY_C
- *
- * Enable the ChaCha20-Poly1305 AEAD algorithm.
- *
- * Module: library/chachapoly.c
- *
- * This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C
- */
-//#define MBEDTLS_CHACHAPOLY_C
-
-/**
- * \def MBEDTLS_CIPHER_C
- *
- * Enable the generic cipher layer.
- *
- * Module: library/cipher.c
- *
- * Uncomment to enable generic cipher wrappers.
- */
-#define MBEDTLS_CIPHER_C
-
-/**
- * \def MBEDTLS_CMAC_C
- *
- * Enable the CMAC (Cipher-based Message Authentication Code) mode for block
- * ciphers.
- *
- * Module: library/cmac.c
- *
- * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C
- *
- */
-#define MBEDTLS_CMAC_C
-
-/**
- * \def MBEDTLS_CTR_DRBG_C
- *
- * Enable the CTR_DRBG AES-based random generator.
- * The CTR_DRBG generator uses AES-256 by default.
- * To use AES-128 instead, enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY below.
- *
- * Module: library/ctr_drbg.c
- * Caller:
- *
- * Requires: MBEDTLS_AES_C
- *
- * This module provides the CTR_DRBG AES random number generator.
- */
-#define MBEDTLS_CTR_DRBG_C
-
-/**
- * \def MBEDTLS_DES_C
- *
- * Enable the DES block cipher.
- *
- * Module: library/des.c
- * Caller: library/pem.c
- * library/cipher.c
- *
- * This module is required to support the TLS ciphersuites that use the DES
- * cipher.
- *
- * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
- *
- * \warning DES is considered a weak cipher and its use constitutes a
- * security risk. We recommend considering stronger ciphers instead.
- */
-//#define MBEDTLS_DES_C
-
-/**
- * \def MBEDTLS_DHM_C
- *
- * Enable the Diffie-Hellman-Merkle module.
- *
- * Module: library/dhm.c
- *
- * This module is used by the following key exchanges:
- * DHE-RSA, DHE-PSK
- *
- * \warning Using DHE constitutes a security risk as it
- * is not possible to validate custom DH parameters.
- * If possible, it is recommended users should consider
- * preferring other methods of key exchange.
- * See dhm.h for more details.
- *
- */
-//#define MBEDTLS_DHM_C
-
-/**
- * \def MBEDTLS_ECDH_C
- *
- * Enable the elliptic curve Diffie-Hellman library.
- *
- * Module: library/ecdh.c
- *
- * This module is used by the following key exchanges:
- * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
- *
- * Requires: MBEDTLS_ECP_C
- */
-//#define MBEDTLS_ECDH_C
-
-/**
- * \def MBEDTLS_ECDSA_C
- *
- * Enable the elliptic curve DSA library.
- *
- * Module: library/ecdsa.c
- * Caller:
- *
- * This module is used by the following key exchanges:
- * ECDHE-ECDSA
- *
- * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C
- */
-#define MBEDTLS_ECDSA_C
-
-/**
- * \def MBEDTLS_ECJPAKE_C
- *
- * Enable the elliptic curve J-PAKE library.
- *
- * \warning This is currently experimental. EC J-PAKE support is based on the
- * Thread v1.0.0 specification; incompatible changes to the specification
- * might still happen. For this reason, this is disabled by default.
- *
- * Module: library/ecjpake.c
- * Caller:
- *
- * This module is used by the following key exchanges:
- * ECJPAKE
- *
- * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
- */
-//#define MBEDTLS_ECJPAKE_C
-
-/**
- * \def MBEDTLS_ECP_C
- *
- * Enable the elliptic curve over GF(p) library.
- *
- * Module: library/ecp.c
- * Caller: library/ecdh.c
- * library/ecdsa.c
- * library/ecjpake.c
- *
- * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED
- */
-#define MBEDTLS_ECP_C
-
-/**
- * \def MBEDTLS_ENTROPY_C
- *
- * Enable the platform-specific entropy code.
- *
- * Module: library/entropy.c
- * Caller:
- *
- * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C
- *
- * This module provides a generic entropy pool
- */
-#define MBEDTLS_ENTROPY_C
-
-/**
- * \def MBEDTLS_ERROR_C
- *
- * Enable error code to error string conversion.
- *
- * Module: library/error.c
- * Caller:
- *
- * This module enables mbedtls_strerror().
- */
-#define MBEDTLS_ERROR_C
-
-/**
- * \def MBEDTLS_GCM_C
- *
- * Enable the Galois/Counter Mode (GCM).
- *
- * Module: library/gcm.c
- *
- * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or MBEDTLS_ARIA_C
- *
- * This module is required to support the TLS ciphersuites that use GCM.
- */
-#define MBEDTLS_GCM_C
-
-/**
- * \def MBEDTLS_HAVEGE_C
- *
- * Enable the HAVEGE random generator.
- *
- * Warning: the HAVEGE random generator is not suitable for virtualized
- * environments
- *
- * Warning: the HAVEGE random generator is dependent on timing and specific
- * processor traits. It is therefore not advised to use HAVEGE as
- * your applications primary random generator or primary entropy pool
- * input. As a secondary input to your entropy pool, it IS able add
- * the (limited) extra entropy it provides.
- *
- * Module: library/havege.c
- * Caller:
- *
- * Requires: MBEDTLS_TIMING_C
- *
- * Uncomment to enable the HAVEGE random generator.
- */
-//#define MBEDTLS_HAVEGE_C
-
-/**
- * \def MBEDTLS_HKDF_C
- *
- * Enable the HKDF algorithm (RFC 5869).
- *
- * Module: library/hkdf.c
- * Caller:
- *
- * Requires: MBEDTLS_MD_C
- *
- * This module adds support for the Hashed Message Authentication Code
- * (HMAC)-based key derivation function (HKDF).
- */
-#define MBEDTLS_HKDF_C
-
-/**
- * \def MBEDTLS_HMAC_DRBG_C
- *
- * Enable the HMAC_DRBG random generator.
- *
- * Module: library/hmac_drbg.c
- * Caller:
- *
- * Requires: MBEDTLS_MD_C
- *
- * Uncomment to enable the HMAC_DRBG random number geerator.
- */
-#define MBEDTLS_HMAC_DRBG_C
-
-/**
- * \def MBEDTLS_NIST_KW_C
- *
- * Enable the Key Wrapping mode for 128-bit block ciphers,
- * as defined in NIST SP 800-38F. Only KW and KWP modes
- * are supported. At the moment, only AES is approved by NIST.
- *
- * Module: library/nist_kw.c
- *
- * Requires: MBEDTLS_AES_C and MBEDTLS_CIPHER_C
- */
-//#define MBEDTLS_NIST_KW_C
-
-/**
- * \def MBEDTLS_MD_C
- *
- * Enable the generic message digest layer.
- *
- * Module: library/md.c
- * Caller:
- *
- * Uncomment to enable generic message digest wrappers.
- */
-#define MBEDTLS_MD_C
-
-/**
- * \def MBEDTLS_MD2_C
- *
- * Enable the MD2 hash algorithm.
- *
- * Module: library/md2.c
- * Caller:
- *
- * Uncomment to enable support for (rare) MD2-signed X.509 certs.
- *
- * \warning MD2 is considered a weak message digest and its use constitutes a
- * security risk. If possible, we recommend avoiding dependencies on
- * it, and considering stronger message digests instead.
- *
- */
-//#define MBEDTLS_MD2_C
-
-/**
- * \def MBEDTLS_MD4_C
- *
- * Enable the MD4 hash algorithm.
- *
- * Module: library/md4.c
- * Caller:
- *
- * Uncomment to enable support for (rare) MD4-signed X.509 certs.
- *
- * \warning MD4 is considered a weak message digest and its use constitutes a
- * security risk. If possible, we recommend avoiding dependencies on
- * it, and considering stronger message digests instead.
- *
- */
-//#define MBEDTLS_MD4_C
-
-/**
- * \def MBEDTLS_MD5_C
- *
- * Enable the MD5 hash algorithm.
- *
- * Module: library/md5.c
- * Caller: library/md.c
- * library/pem.c
- *
- * This module is required for SSL/TLS up to version 1.1, and for TLS 1.2
- * depending on the handshake parameters. Further, it is used for checking
- * MD5-signed certificates, and for PBKDF1 when decrypting PEM-encoded
- * encrypted keys.
- *
- * \warning MD5 is considered a weak message digest and its use constitutes a
- * security risk. If possible, we recommend avoiding dependencies on
- * it, and considering stronger message digests instead.
- *
- */
-//#define MBEDTLS_MD5_C
-
-/**
- * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
- *
- * Enable the buffer allocator implementation that makes use of a (stack)
- * based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
- * calls)
- *
- * Module: library/memory_buffer_alloc.c
- *
- * Requires: MBEDTLS_PLATFORM_C
- * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
- *
- * Enable this module to enable the buffer memory allocator.
- */
-#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
-
-/**
- * \def MBEDTLS_OID_C
- *
- * Enable the OID database.
- *
- * Module: library/oid.c
- * Caller: library/asn1write.c
- * library/pkcs5.c
- * library/pkparse.c
- * library/pkwrite.c
- * library/rsa.c
- *
- * This modules translates between OIDs and internal values.
- */
-#define MBEDTLS_OID_C
-
-/**
- * \def MBEDTLS_PADLOCK_C
- *
- * Enable VIA Padlock support on x86.
- *
- * Module: library/padlock.c
- * Caller: library/aes.c
- *
- * Requires: MBEDTLS_HAVE_ASM
- *
- * This modules adds support for the VIA PadLock on x86.
- */
-//#define MBEDTLS_PADLOCK_C
-
-/**
- * \def MBEDTLS_PEM_PARSE_C
- *
- * Enable PEM decoding / parsing.
- *
- * Module: library/pem.c
- * Caller: library/dhm.c
- * library/pkparse.c
- *
- * Requires: MBEDTLS_BASE64_C
- *
- * This modules adds support for decoding / parsing PEM files.
- */
-//#define MBEDTLS_PEM_PARSE_C
-
-/**
- * \def MBEDTLS_PEM_WRITE_C
- *
- * Enable PEM encoding / writing.
- *
- * Module: library/pem.c
- * Caller: library/pkwrite.c
- *
- * Requires: MBEDTLS_BASE64_C
- *
- * This modules adds support for encoding / writing PEM files.
- */
-//#define MBEDTLS_PEM_WRITE_C
-
-/**
- * \def MBEDTLS_PK_C
- *
- * Enable the generic public (asymetric) key layer.
- *
- * Module: library/pk.c
- *
- * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C
- *
- * Uncomment to enable generic public key wrappers.
- */
-#define MBEDTLS_PK_C
-
-/**
- * \def MBEDTLS_PK_PARSE_C
- *
- * Enable the generic public (asymetric) key parser.
- *
- * Module: library/pkparse.c
- *
- * Requires: MBEDTLS_PK_C
- *
- * Uncomment to enable generic public key parse functions.
- */
-//#define MBEDTLS_PK_PARSE_C
-
-/**
- * \def MBEDTLS_PK_WRITE_C
- *
- * Enable the generic public (asymetric) key writer.
- *
- * Module: library/pkwrite.c
- *
- * Requires: MBEDTLS_PK_C
- *
- * Uncomment to enable generic public key write functions.
- */
-#define MBEDTLS_PK_WRITE_C
-
-/**
- * \def MBEDTLS_PKCS5_C
- *
- * Enable PKCS#5 functions.
- *
- * Module: library/pkcs5.c
- *
- * Requires: MBEDTLS_MD_C
- *
- * This module adds support for the PKCS#5 functions.
- */
-#define MBEDTLS_PKCS5_C
-
-/**
- * \def MBEDTLS_PKCS12_C
- *
- * Enable PKCS#12 PBE functions.
- * Adds algorithms for parsing PKCS#8 encrypted private keys
- *
- * Module: library/pkcs12.c
- * Caller: library/pkparse.c
- *
- * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C
- * Can use: MBEDTLS_ARC4_C
- *
- * This module enables PKCS#12 functions.
- */
-#define MBEDTLS_PKCS12_C
-
-/**
- * \def MBEDTLS_PLATFORM_C
- *
- * Enable the platform abstraction layer that allows you to re-assign
- * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit().
- *
- * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT
- * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
- * above to be specified at runtime or compile time respectively.
- *
- * \note This abstraction layer must be enabled on Windows (including MSYS2)
- * as other module rely on it for a fixed snprintf implementation.
- *
- * Module: library/platform.c
- * Caller: Most other .c files
- *
- * This module enables abstraction of common (libc) functions.
- */
-#define MBEDTLS_PLATFORM_C
-
-/**
- * \def MBEDTLS_POLY1305_C
- *
- * Enable the Poly1305 MAC algorithm.
- *
- * Module: library/poly1305.c
- * Caller: library/chachapoly.c
- */
-//#define MBEDTLS_POLY1305_C
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_C
- *
- * Enable the Platform Security Architecture cryptography API.
- *
- * Module: library/psa_crypto.c
- *
- * Requires: MBEDTLS_CTR_DRBG_C, MBEDTLS_ENTROPY_C
- *
- */
-#define MBEDTLS_PSA_CRYPTO_C
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_STORAGE_C
- *
- * Enable the Platform Security Architecture persistent key storage.
- *
- * Module: library/psa_crypto_storage.c
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C,
- * either MBEDTLS_PSA_ITS_FILE_C or a native implementation of
- * the PSA ITS interface
- */
-//#define MBEDTLS_PSA_CRYPTO_STORAGE_C
-
-/**
- * \def MBEDTLS_PSA_ITS_FILE_C
- *
- * Enable the emulation of the Platform Security Architecture
- * Internal Trusted Storage (PSA ITS) over files.
- *
- * Module: library/psa_its_file.c
- *
- * Requires: MBEDTLS_FS_IO
- */
-//#define MBEDTLS_PSA_ITS_FILE_C
-
-/**
- * \def MBEDTLS_RIPEMD160_C
- *
- * Enable the RIPEMD-160 hash algorithm.
- *
- * Module: library/ripemd160.c
- * Caller: library/md.c
- *
- */
-//#define MBEDTLS_RIPEMD160_C
-
-/**
- * \def MBEDTLS_RSA_C
- *
- * Enable the RSA public-key cryptosystem.
- *
- * Module: library/rsa.c
- * library/rsa_internal.c
- *
- * This module is used by the following key exchanges:
- * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
- *
- * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C
- */
-//#define MBEDTLS_RSA_C
-
-/**
- * \def MBEDTLS_SHA1_C
- *
- * Enable the SHA1 cryptographic hash algorithm.
- *
- * Module: library/sha1.c
- * Caller: library/md.c
- *
- * This module is required for SSL/TLS up to version 1.1, for TLS 1.2
- * depending on the handshake parameters, and for SHA1-signed certificates.
- *
- * \warning SHA-1 is considered a weak message digest and its use constitutes
- * a security risk. If possible, we recommend avoiding dependencies
- * on it, and considering stronger message digests instead.
- *
- */
-//#define MBEDTLS_SHA1_C
-
-/**
- * \def MBEDTLS_SHA256_C
- *
- * Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
- *
- * Module: library/sha256.c
- * Caller: library/entropy.c
- * library/md.c
- *
- * This module adds support for SHA-224 and SHA-256.
- * This module is required for the SSL/TLS 1.2 PRF function.
- */
-#define MBEDTLS_SHA256_C
-
-/**
- * \def MBEDTLS_SHA512_C
- *
- * Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
- *
- * Module: library/sha512.c
- * Caller: library/entropy.c
- * library/md.c
- *
- * This module adds support for SHA-384 and SHA-512.
- */
-#define MBEDTLS_SHA512_C
-
-/**
- * \def MBEDTLS_THREADING_C
- *
- * Enable the threading abstraction layer.
- * By default mbed TLS assumes it is used in a non-threaded environment or that
- * contexts are not shared between threads. If you do intend to use contexts
- * between threads, you will need to enable this layer to prevent race
- * conditions. See also our Knowledge Base article about threading:
- * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading
- *
- * Module: library/threading.c
- *
- * This allows different threading implementations (self-implemented or
- * provided).
- *
- * You will have to enable either MBEDTLS_THREADING_ALT or
- * MBEDTLS_THREADING_PTHREAD.
- *
- * Enable this layer to allow use of mutexes within mbed TLS
- */
-//#define MBEDTLS_THREADING_C
-
-/**
- * \def MBEDTLS_TIMING_C
- *
- * Enable the semi-portable timing interface.
- *
- * \note The provided implementation only works on POSIX/Unix (including Linux,
- * BSD and OS X) and Windows. On other platforms, you can either disable that
- * module and provide your own implementations of the callbacks needed by Mbed
- * TLS's \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and
- * provide your own implementation of the whole module by setting
- * \c MBEDTLS_TIMING_ALT in the current file.
- *
- * \note See also our Knowledge Base article about porting to a new
- * environment:
- * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
- *
- * Module: library/timing.c
- * Caller: library/havege.c
- *
- * This module is used by the HAVEGE random number generator.
- */
-//#define MBEDTLS_TIMING_C
-
-/**
- * \def MBEDTLS_VERSION_C
- *
- * Enable run-time version information.
- *
- * Module: library/version.c
- *
- * This module provides run-time version information.
- */
-//#define MBEDTLS_VERSION_C
-
-/**
- * \def MBEDTLS_XTEA_C
- *
- * Enable the XTEA block cipher.
- *
- * Module: library/xtea.c
- * Caller:
- */
-//#define MBEDTLS_XTEA_C
-
-/* \} name SECTION: mbed TLS modules */
-
-/**
- * \name SECTION: Module configuration options
- *
- * This section allows for the setting of module specific sizes and
- * configuration options. The default values are already present in the
- * relevant header files and should suffice for the regular use cases.
- *
- * Our advice is to enable options and change their values here
- * only if you have a good reason and know the consequences.
- *
- * Please check the respective header file for documentation on these
- * parameters (to prevent duplicate documentation).
- * \{
- */
-
-/* MPI / BIGNUM options */
-//#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */
-//#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */
-
-/* CTR_DRBG options */
-//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
-//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
-//#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
-//#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
-//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
-//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY /**< Use 128-bit key for CTR_DRBG - may reduce security (see ctr_drbg.h) */
-
-/* HMAC_DRBG options */
-//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
-//#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
-//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
-//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
-
-/* ECP options */
-//#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */
-//#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */
-//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */
-
-/* Entropy options */
-//#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
-//#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
-//#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */
-
-/* Memory buffer allocator options */
-//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */
-
-/* Platform options */
-//#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
-//#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
-//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */
-/* Note: your snprintf must correctly zero-terminate the buffer! */
-//#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */
-
-/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
-/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
-//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
-//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
-//#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */
-/* Note: your snprintf must correctly zero-terminate the buffer! */
-//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO vsnprintf /**< Default vsnprintf macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
-//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
-
-/**
- * Uncomment the macro to let mbed TLS use your alternate implementation of
- * mbedtls_platform_zeroize(). This replaces the default implementation in
- * platform_util.c.
- *
- * mbedtls_platform_zeroize() is a widely used function across the library to
- * zero a block of memory. The implementation is expected to be secure in the
- * sense that it has been written to prevent the compiler from removing calls
- * to mbedtls_platform_zeroize() as part of redundant code elimination
- * optimizations. However, it is difficult to guarantee that calls to
- * mbedtls_platform_zeroize() will not be optimized by the compiler as older
- * versions of the C language standards do not provide a secure implementation
- * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to
- * configure their own implementation of mbedtls_platform_zeroize(), for
- * example by using directives specific to their compiler, features from newer
- * C standards (e.g using memset_s() in C11) or calling a secure memset() from
- * their system (e.g explicit_bzero() in BSD).
- */
-//#define MBEDTLS_PLATFORM_ZEROIZE_ALT
-
-/**
- * Uncomment the macro to let Mbed TLS use your alternate implementation of
- * mbedtls_platform_gmtime_r(). This replaces the default implementation in
- * platform_util.c.
- *
- * gmtime() is not a thread-safe function as defined in the C standard. The
- * library will try to use safer implementations of this function, such as
- * gmtime_r() when available. However, if Mbed TLS cannot identify the target
- * system, the implementation of mbedtls_platform_gmtime_r() will default to
- * using the standard gmtime(). In this case, calls from the library to
- * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex
- * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the
- * library are also guarded with this mutex to avoid race conditions. However,
- * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will
- * unconditionally use the implementation for mbedtls_platform_gmtime_r()
- * supplied at compile time.
- */
-//#define MBEDTLS_PLATFORM_GMTIME_R_ALT
-
-/* \} name SECTION: Customisation configuration options */
-
-/* Target and application specific configurations
- *
- * Allow user to override any previous default.
- *
- */
-#if defined(MBEDTLS_USER_CONFIG_FILE)
-#include MBEDTLS_USER_CONFIG_FILE
-#endif
-
-/* NXP MCUx SDK added */
-#include "mbedcrypto_mcux_hw_config.h"
-
-#include "mbedtls/check_config.h"
-
-#endif /* MINI_MBEDCRYPTO_CONFIG_H */
diff --git a/platform/ext/target/nxp/common/plat_attestation_key.c b/platform/ext/target/nxp/common/plat_attestation_key.c
index 643cb2e..976e5cd 100644
--- a/platform/ext/target/nxp/common/plat_attestation_key.c
+++ b/platform/ext/target/nxp/common/plat_attestation_key.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2020 Arm Limited. All rights reserved.
+ * Copyright (c) 2017-2021 Arm Limited. All rights reserved.
* Copyright 2020 NXP. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -54,7 +54,7 @@
/* Type of the EC curve which the key belongs to, in PSA curve ID form */
#ifndef TFM_ATTESTATION_KEY_TYPE
-#define TFM_ATTESTATION_KEY_TYPE PSA_ECC_CURVE_SECP256R1
+#define TFM_ATTESTATION_KEY_TYPE PSA_ECC_FAMILY_SECP_R1
#endif
/**
diff --git a/platform/ext/target/nxp/common/plat_test.c b/platform/ext/target/nxp/common/plat_test.c
index 416b6d7..66a40b2 100644
--- a/platform/ext/target/nxp/common/plat_test.c
+++ b/platform/ext/target/nxp/common/plat_test.c
@@ -67,7 +67,7 @@
#endif /* TFM_ENABLE_PERIPH_ACCESS_TEST */
-#ifdef TFM_ENABLE_SLIH_TEST
+#ifdef TEST_NS_SLIH_IRQ
#if (__ARM_FEATURE_CMSE & 0x2) /* Secure */
@@ -154,4 +154,4 @@
}
#endif /* (__ARM_FEATURE_CMSE & 0x2) */
-#endif /* TFM_ENABLE_SLIH_TEST */
+#endif /* TEST_NS_SLIH_IRQ */
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/CMakeLists.txt b/platform/ext/target/nxp/lpcxpresso55s69/CMakeLists.txt
index 4a51845..d12a9f2 100644
--- a/platform/ext/target/nxp/lpcxpresso55s69/CMakeLists.txt
+++ b/platform/ext/target/nxp/lpcxpresso55s69/CMakeLists.txt
@@ -78,7 +78,7 @@
target_include_directories(platform_s
PUBLIC
.
- Native_Driver/project_template/s
+ project_template/s
Device/Config
Device/Include
partition
@@ -101,13 +101,13 @@
target_cfg.c
../common/spm_hal.c
../common/tfm_hal_isolation.c
- ../common/CMSIS_Driver/Driver_Flash.c
+ ../common/CMSIS_Driver/Driver_Flash_iap1.c
../common/CMSIS_Driver/Driver_USART.c
../common/Native_Driver/mpu_armv8m_drv.c
- Native_Driver/project_template/s/board.c
- Native_Driver/project_template/s/clock_config.c
- Native_Driver/project_template/s/peripherals.c
- Native_Driver/project_template/s/pin_mux.c
+ project_template/s/board.c
+ project_template/s/clock_config.c
+ project_template/s/peripherals.c
+ project_template/s/pin_mux.c
${NXP_HAL_FILE_PATH}/lpcxpresso55s69/Native_Driver/system_LPC55S69_cm33_core0.c
${NXP_HAL_FILE_PATH}/lpcxpresso55s69/Native_Driver/drivers/fsl_clock.c
${NXP_HAL_FILE_PATH}/lpcxpresso55s69/Native_Driver/drivers/fsl_power.c
@@ -118,6 +118,7 @@
${NXP_HAL_FILE_PATH}/common/Native_Driver/components/uart/fsl_adapter_usart.c
${NXP_HAL_FILE_PATH}/common/Native_Driver/drivers/fsl_casper.c
${NXP_HAL_FILE_PATH}/common/Native_Driver/drivers/fsl_common.c
+ ${NXP_HAL_FILE_PATH}/common/Native_Driver/drivers/fsl_common_arm.c
${NXP_HAL_FILE_PATH}/common/Native_Driver/drivers/fsl_ctimer.c
${NXP_HAL_FILE_PATH}/common/Native_Driver/drivers/fsl_flexcomm.c
${NXP_HAL_FILE_PATH}/common/Native_Driver/drivers/fsl_gpio.c
@@ -146,7 +147,7 @@
# fix is compatible.
target_sources(tfm_s
PRIVATE
- Native_Driver/project_template/s/hardware_init.c
+ project_template/s/hardware_init.c
)
#========================= Platform Non-Secure ================================#
@@ -157,7 +158,7 @@
Device/Config
Device/Include
Native_Driver
- Native_Driver/project_template/ns
+ project_template/ns
${NXP_HAL_FILE_PATH}/lpcxpresso55s69/Native_Driver/drivers
${NXP_HAL_FILE_PATH}/common/Native_Driver/components/lists
${NXP_HAL_FILE_PATH}/common/Native_Driver/components/serial_manager
@@ -169,11 +170,11 @@
target_sources(platform_ns
PRIVATE
- Native_Driver/project_template/ns/board.c
- Native_Driver/project_template/ns/hardware_init.c
- Native_Driver/project_template/ns/clock_config.c
- Native_Driver/project_template/ns/peripherals.c
- Native_Driver/project_template/ns/pin_mux.c
+ project_template/ns/board.c
+ project_template/ns/hardware_init.c
+ project_template/ns/clock_config.c
+ project_template/ns/peripherals.c
+ project_template/ns/pin_mux.c
${PLATFORM_DIR}/ext/target/nxp/common/CMSIS_Driver/Driver_USART.c
${NXP_HAL_FILE_PATH}/lpcxpresso55s69/Native_Driver/system_LPC55S69_cm33_core0.c
${NXP_HAL_FILE_PATH}/lpcxpresso55s69/Native_Driver/drivers/fsl_clock.c
@@ -185,6 +186,7 @@
${NXP_HAL_FILE_PATH}/common/Native_Driver/components/uart/fsl_adapter_usart.c
${NXP_HAL_FILE_PATH}/common/Native_Driver/drivers/fsl_casper.c
${NXP_HAL_FILE_PATH}/common/Native_Driver/drivers/fsl_common.c
+ ${NXP_HAL_FILE_PATH}/common/Native_Driver/drivers/fsl_common_arm.c
${NXP_HAL_FILE_PATH}/common/Native_Driver/drivers/fsl_ctimer.c
${NXP_HAL_FILE_PATH}/common/Native_Driver/drivers/fsl_flexcomm.c
${NXP_HAL_FILE_PATH}/common/Native_Driver/drivers/fsl_gpio.c
@@ -207,7 +209,7 @@
PUBLIC
partition
Device/Include
- Native_Driver/project_template/bl2
+ project_template/bl2
${NXP_HAL_FILE_PATH}/lpcxpresso55s69/Native_Driver
${NXP_HAL_FILE_PATH}/lpcxpresso55s69/Native_Driver/drivers
${NXP_HAL_FILE_PATH}/common/Native_Driver/drivers
@@ -223,10 +225,10 @@
target_sources(platform_bl2
PRIVATE
boot_hal.c
- Native_Driver/project_template/bl2/board.c
- Native_Driver/project_template/bl2/clock_config.c
- Native_Driver/project_template/bl2/pin_mux.c
- ../common/CMSIS_Driver/Driver_Flash.c
+ project_template/bl2/board.c
+ project_template/bl2/clock_config.c
+ project_template/bl2/pin_mux.c
+ ../common/CMSIS_Driver/Driver_Flash_iap1.c
../common/CMSIS_Driver/Driver_USART.c
${NXP_HAL_FILE_PATH}/lpcxpresso55s69/Native_Driver/system_LPC55S69_cm33_core0.c
${NXP_HAL_FILE_PATH}/lpcxpresso55s69/Native_Driver/drivers/fsl_clock.c
@@ -237,6 +239,7 @@
${NXP_HAL_FILE_PATH}/common/Native_Driver/components/uart/fsl_adapter_usart.c
${NXP_HAL_FILE_PATH}/common/Native_Driver/drivers/fsl_casper.c
${NXP_HAL_FILE_PATH}/common/Native_Driver/drivers/fsl_common.c
+ ${NXP_HAL_FILE_PATH}/common/Native_Driver/drivers/fsl_common_arm.c
${NXP_HAL_FILE_PATH}/common/Native_Driver/drivers/fsl_flexcomm.c
${NXP_HAL_FILE_PATH}/common/Native_Driver/drivers/fsl_hashcrypt.c
${NXP_HAL_FILE_PATH}/common/Native_Driver/drivers/fsl_iap.c
@@ -255,6 +258,6 @@
# fix is compatible.
target_sources(bl2
PRIVATE
- Native_Driver/project_template/bl2/hardware_init.c
+ project_template/bl2/hardware_init.c
)
endif()
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/Device/Source/armgcc/startup_LPC55S69_cm33_core0_bl2.S b/platform/ext/target/nxp/lpcxpresso55s69/Device/Source/armgcc/startup_LPC55S69_cm33_core0_bl2.S
index 82c8861..81bc1c6 100644
--- a/platform/ext/target/nxp/lpcxpresso55s69/Device/Source/armgcc/startup_LPC55S69_cm33_core0_bl2.S
+++ b/platform/ext/target/nxp/lpcxpresso55s69/Device/Source/armgcc/startup_LPC55S69_cm33_core0_bl2.S
@@ -1,5 +1,5 @@
;/*
-; * Copyright (c) 2009-2018 ARM Limited
+; * Copyright (c) 2009-2020 Arm Limited
; *
; * Licensed under the Apache License, Version 2.0 (the "License");
; * you may not use this file except in compliance with the License.
@@ -17,6 +17,8 @@
; * This file is derivative of CMSIS V5.00 startup_ARMCM33.S
; */
+#include "tfm_plat_config.h"
+
.syntax unified
.arch armv8-m.main
@@ -41,68 +43,67 @@
.long PendSV_Handler /* PendSV Handler*/
.long SysTick_Handler /* SysTick Handler*/
- /* External Interrupts */
- .long WDT_BOD_IRQHandler /* Windowed watchdog timer, Brownout detect, Flash interrupt */
- .long DMA0_IRQHandler /* DMA0 controller */
- .long GINT0_IRQHandler /* GPIO group 0 */
- .long GINT1_IRQHandler /* GPIO group 1 */
- .long PIN_INT0_IRQHandler /* Pin interrupt 0 or pattern match engine slice 0 */
- .long PIN_INT1_IRQHandler /* Pin interrupt 1or pattern match engine slice 1 */
- .long PIN_INT2_IRQHandler /* Pin interrupt 2 or pattern match engine slice 2 */
- .long PIN_INT3_IRQHandler /* Pin interrupt 3 or pattern match engine slice 3 */
- .long UTICK0_IRQHandler /* Micro-tick Timer */
- .long MRT0_IRQHandler /* Multi-rate timer */
- .long CTIMER0_IRQHandler /* Standard counter/timer CTIMER0 */
- .long CTIMER1_IRQHandler /* Standard counter/timer CTIMER1 */
- .long SCT0_IRQHandler /* SCTimer/PWM */
- .long CTIMER3_IRQHandler /* Standard counter/timer CTIMER3 */
- .long FLEXCOMM0_IRQHandler /* Flexcomm Interface 0 (USART, SPI, I2C, I2S, FLEXCOMM) */
- .long FLEXCOMM1_IRQHandler /* Flexcomm Interface 1 (USART, SPI, I2C, I2S, FLEXCOMM) */
- .long FLEXCOMM2_IRQHandler /* Flexcomm Interface 2 (USART, SPI, I2C, I2S, FLEXCOMM) */
- .long FLEXCOMM3_IRQHandler /* Flexcomm Interface 3 (USART, SPI, I2C, I2S, FLEXCOMM) */
- .long FLEXCOMM4_IRQHandler /* Flexcomm Interface 4 (USART, SPI, I2C, I2S, FLEXCOMM) */
- .long FLEXCOMM5_IRQHandler /* Flexcomm Interface 5 (USART, SPI, I2C, I2S, FLEXCOMM) */
- .long FLEXCOMM6_IRQHandler /* Flexcomm Interface 6 (USART, SPI, I2C, I2S, FLEXCOMM) */
- .long FLEXCOMM7_IRQHandler /* Flexcomm Interface 7 (USART, SPI, I2C, I2S, FLEXCOMM) */
- .long ADC0_IRQHandler /* ADC0 */
- .long Reserved39_IRQHandler /* Reserved interrupt */
- .long ACMP_IRQHandler /* ACMP interrupts */
- .long Reserved41_IRQHandler /* Reserved interrupt */
- .long Reserved42_IRQHandler /* Reserved interrupt */
- .long USB0_NEEDCLK_IRQHandler /* USB Activity Wake-up Interrupt */
- .long USB0_IRQHandler /* USB device */
- .long RTC_IRQHandler /* RTC alarm and wake-up interrupts */
- .long Reserved46_IRQHandler /* Reserved interrupt */
- .long MAILBOX_IRQHandler /* WAKEUP,Mailbox interrupt (present on selected devices) */
- .long PIN_INT4_IRQHandler /* Pin interrupt 4 or pattern match engine slice 4 int */
- .long PIN_INT5_IRQHandler /* Pin interrupt 5 or pattern match engine slice 5 int */
- .long PIN_INT6_IRQHandler /* Pin interrupt 6 or pattern match engine slice 6 int */
- .long PIN_INT7_IRQHandler /* Pin interrupt 7 or pattern match engine slice 7 int */
- .long CTIMER2_IRQHandler /* Standard counter/timer CTIMER2 */
- .long CTIMER4_IRQHandler /* Standard counter/timer CTIMER4 */
- .long OS_EVENT_IRQHandler /* OSEVTIMER0 and OSEVTIMER0_WAKEUP interrupts */
- .long Reserved55_IRQHandler /* Reserved interrupt */
- .long Reserved56_IRQHandler /* Reserved interrupt */
- .long Reserved57_IRQHandler /* Reserved interrupt */
- .long SDIO_IRQHandler /* SD/MMC */
- .long Reserved59_IRQHandler /* Reserved interrupt */
- .long Reserved60_IRQHandler /* Reserved interrupt */
- .long Reserved61_IRQHandler /* Reserved interrupt */
- .long USB1_UTMI_IRQHandler /* USB1_UTMI */
- .long USB1_IRQHandler /* USB1 interrupt */
- .long USB1_NEEDCLK_IRQHandler /* USB1 activity */
- .long SEC_HYPERVISOR_CALL_IRQHandler /* SEC_HYPERVISOR_CALL interrupt */
- .long SEC_GPIO_INT0_IRQ0_IRQHandler /* SEC_GPIO_INT0_IRQ0 interrupt */
- .long SEC_GPIO_INT0_IRQ1_IRQHandler /* SEC_GPIO_INT0_IRQ1 interrupt */
- .long PLU_IRQHandler /* PLU interrupt */
- .long SEC_VIO_IRQHandler /* SEC_VIO interrupt */
- .long HASHCRYPT_IRQHandler /* HASHCRYPT interrupt */
- .long CASER_IRQHandler /* CASPER interrupt */
- .long PUF_IRQHandler /* PUF interrupt */
- .long PQ_IRQHandler /* PQ interrupt */
- .long DMA1_IRQHandler /* DMA1 interrupt */
- .long LSPI_HS_IRQHandler /* Flexcomm Interface 8 (SPI, , FLEXCOMM) */
-
+ /* External Interrupts*/
+ .long WDT_BOD_IRQHandler /* Windowed watchdog timer, Brownout detect, Flash interrupt */
+ .long DMA0_IRQHandler /* DMA0 controller */
+ .long GINT0_IRQHandler /* GPIO group 0 */
+ .long GINT1_IRQHandler /* GPIO group 1 */
+ .long PIN_INT0_IRQHandler /* Pin interrupt 0 or pattern match engine slice 0 */
+ .long PIN_INT1_IRQHandler /* Pin interrupt 1or pattern match engine slice 1 */
+ .long PIN_INT2_IRQHandler /* Pin interrupt 2 or pattern match engine slice 2 */
+ .long PIN_INT3_IRQHandler /* Pin interrupt 3 or pattern match engine slice 3 */
+ .long UTICK0_IRQHandler /* Micro-tick Timer */
+ .long MRT0_IRQHandler /* Multi-rate timer */
+ .long CTIMER0_IRQHandler /* Standard counter/timer CTIMER0 */
+ .long CTIMER1_IRQHandler /* Standard counter/timer CTIMER1 */
+ .long SCT0_IRQHandler /* SCTimer/PWM */
+ .long CTIMER3_IRQHandler /* Standard counter/timer CTIMER3 */
+ .long FLEXCOMM0_IRQHandler /* Flexcomm Interface 0 (USART, SPI, I2C, I2S, FLEXCOMM) */
+ .long FLEXCOMM1_IRQHandler /* Flexcomm Interface 1 (USART, SPI, I2C, I2S, FLEXCOMM) */
+ .long FLEXCOMM2_IRQHandler /* Flexcomm Interface 2 (USART, SPI, I2C, I2S, FLEXCOMM) */
+ .long FLEXCOMM3_IRQHandler /* Flexcomm Interface 3 (USART, SPI, I2C, I2S, FLEXCOMM) */
+ .long FLEXCOMM4_IRQHandler /* Flexcomm Interface 4 (USART, SPI, I2C, I2S, FLEXCOMM) */
+ .long FLEXCOMM5_IRQHandler /* Flexcomm Interface 5 (USART, SPI, I2C, I2S, FLEXCOMM) */
+ .long FLEXCOMM6_IRQHandler /* Flexcomm Interface 6 (USART, SPI, I2C, I2S, FLEXCOMM) */
+ .long FLEXCOMM7_IRQHandler /* Flexcomm Interface 7 (USART, SPI, I2C, I2S, FLEXCOMM) */
+ .long ADC0_IRQHandler /* ADC0 */
+ .long Reserved39_IRQHandler /* Reserved interrupt */
+ .long ACMP_IRQHandler /* ACMP interrupts */
+ .long Reserved41_IRQHandler /* Reserved interrupt */
+ .long Reserved42_IRQHandler /* Reserved interrupt */
+ .long USB0_NEEDCLK_IRQHandler /* USB Activity Wake-up Interrupt */
+ .long USB0_IRQHandler /* USB device */
+ .long RTC_IRQHandler /* RTC alarm and wake-up interrupts */
+ .long Reserved46_IRQHandler /* Reserved interrupt */
+ .long MAILBOX_IRQHandler /* WAKEUP,Mailbox interrupt (present on selected devices) */
+ .long PIN_INT4_IRQHandler /* Pin interrupt 4 or pattern match engine slice 4 int */
+ .long PIN_INT5_IRQHandler /* Pin interrupt 5 or pattern match engine slice 5 int */
+ .long PIN_INT6_IRQHandler /* Pin interrupt 6 or pattern match engine slice 6 int */
+ .long PIN_INT7_IRQHandler /* Pin interrupt 7 or pattern match engine slice 7 int */
+ .long CTIMER2_IRQHandler /* Standard counter/timer CTIMER2 */
+ .long CTIMER4_IRQHandler /* Standard counter/timer CTIMER4 */
+ .long OS_EVENT_IRQHandler /* OSEVTIMER0 and OSEVTIMER0_WAKEUP interrupts */
+ .long Reserved55_IRQHandler /* Reserved interrupt */
+ .long Reserved56_IRQHandler /* Reserved interrupt */
+ .long Reserved57_IRQHandler /* Reserved interrupt */
+ .long SDIO_IRQHandler /* SD/MMC */
+ .long Reserved59_IRQHandler /* Reserved interrupt */
+ .long Reserved60_IRQHandler /* Reserved interrupt */
+ .long Reserved61_IRQHandler /* Reserved interrupt */
+ .long USB1_PHY_IRQHandler /* USB1_PHY */
+ .long USB1_IRQHandler /* USB1 interrupt */
+ .long USB1_NEEDCLK_IRQHandler /* USB1 activity */
+ .long SEC_HYPERVISOR_CALL_IRQHandler /* SEC_HYPERVISOR_CALL interrupt */
+ .long SEC_GPIO_INT0_IRQ0_IRQHandler /* SEC_GPIO_INT0_IRQ0 interrupt */
+ .long SEC_GPIO_INT0_IRQ1_IRQHandler /* SEC_GPIO_INT0_IRQ1 interrupt */
+ .long PLU_IRQHandler /* PLU interrupt */
+ .long SEC_VIO_IRQHandler /* SEC_VIO interrupt */
+ .long HASHCRYPT_IRQHandler /* HASHCRYPT interrupt */
+ .long CASER_IRQHandler /* CASPER interrupt */
+ .long PUF_IRQHandler /* PUF interrupt */
+ .long PQ_IRQHandler /* PQ interrupt */
+ .long DMA1_IRQHandler /* DMA1 interrupt */
+ .long FLEXCOMM8_IRQHandler /* Flexcomm Interface 8 (SPI, , FLEXCOMM) */
.size __Vectors, . - __Vectors
.text
@@ -716,12 +717,12 @@
.align 1
.thumb_func
- .weak USB1_UTMI_IRQHandler
- .type USB1_UTMI_IRQHandler, %function
-USB1_UTMI_IRQHandler:
- ldr r0,=USB1_UTMI_DriverIRQHandler
+ .weak USB1_PHY_IRQHandler
+ .type USB1_PHY_IRQHandler, %function
+USB1_PHY_IRQHandler:
+ ldr r0,=USB1_PHY_DriverIRQHandler
bx r0
- .size USB1_UTMI_IRQHandler, . - USB1_UTMI_IRQHandler
+ .size USB1_PHY_IRQHandler, . - USB1_PHY_IRQHandler
.align 1
.thumb_func
@@ -833,12 +834,12 @@
.align 1
.thumb_func
- .weak LSPI_HS_IRQHandler
- .type LSPI_HS_IRQHandler, %function
-LSPI_HS_IRQHandler:
- ldr r0,=LSPI_HS_DriverIRQHandler
+ .weak FLEXCOMM8_IRQHandler
+ .type FLEXCOMM8_IRQHandler, %function
+FLEXCOMM8_IRQHandler:
+ ldr r0,=FLEXCOMM8_DriverIRQHandler
bx r0
- .size LSPI_HS_IRQHandler, . - LSPI_HS_IRQHandler
+ .size FLEXCOMM8_IRQHandler, . - FLEXCOMM8_IRQHandler
/* Macro to define default handlers. Default handler
* will be weak symbol and just dead loops. They can be
@@ -853,65 +854,65 @@
def_irq_handler UsageFault_Handler
def_irq_handler SecureFault_Handler
def_irq_handler DebugMon_Handler
- def_irq_handler WDT_BOD_DriverIRQHandler
- def_irq_handler DMA0_DriverIRQHandler
- def_irq_handler GINT0_DriverIRQHandler
- def_irq_handler GINT1_DriverIRQHandler
- def_irq_handler PIN_INT0_DriverIRQHandler
- def_irq_handler PIN_INT1_DriverIRQHandler
- def_irq_handler PIN_INT2_DriverIRQHandler
- def_irq_handler PIN_INT3_DriverIRQHandler
- def_irq_handler UTICK0_DriverIRQHandler
- def_irq_handler MRT0_DriverIRQHandler
- def_irq_handler CTIMER0_DriverIRQHandler
- def_irq_handler CTIMER1_DriverIRQHandler
- def_irq_handler SCT0_DriverIRQHandler
- def_irq_handler CTIMER3_DriverIRQHandler
- def_irq_handler FLEXCOMM0_DriverIRQHandler
- def_irq_handler FLEXCOMM1_DriverIRQHandler
- def_irq_handler FLEXCOMM2_DriverIRQHandler
- def_irq_handler FLEXCOMM3_DriverIRQHandler
- def_irq_handler FLEXCOMM4_DriverIRQHandler
- def_irq_handler FLEXCOMM5_DriverIRQHandler
- def_irq_handler FLEXCOMM6_DriverIRQHandler
- def_irq_handler FLEXCOMM7_DriverIRQHandler
- def_irq_handler ADC0_DriverIRQHandler
- def_irq_handler Reserved39_DriverIRQHandler
- def_irq_handler ACMP_DriverIRQHandler
- def_irq_handler Reserved41_DriverIRQHandler
- def_irq_handler Reserved42_DriverIRQHandler
- def_irq_handler USB0_NEEDCLK_DriverIRQHandler
- def_irq_handler USB0_DriverIRQHandler
- def_irq_handler RTC_DriverIRQHandler
- def_irq_handler Reserved46_DriverIRQHandler
- def_irq_handler MAILBOX_DriverIRQHandler
- def_irq_handler PIN_INT4_DriverIRQHandler
- def_irq_handler PIN_INT5_DriverIRQHandler
- def_irq_handler PIN_INT6_DriverIRQHandler
- def_irq_handler PIN_INT7_DriverIRQHandler
- def_irq_handler CTIMER2_DriverIRQHandler
- def_irq_handler CTIMER4_DriverIRQHandler
- def_irq_handler OS_EVENT_DriverIRQHandler
- def_irq_handler Reserved55_DriverIRQHandler
- def_irq_handler Reserved56_DriverIRQHandler
- def_irq_handler Reserved57_DriverIRQHandler
- def_irq_handler SDIO_DriverIRQHandler
- def_irq_handler Reserved59_DriverIRQHandler
- def_irq_handler Reserved60_DriverIRQHandler
- def_irq_handler Reserved61_DriverIRQHandler
- def_irq_handler USB1_UTMI_DriverIRQHandler
- def_irq_handler USB1_DriverIRQHandler
- def_irq_handler USB1_NEEDCLK_DriverIRQHandler
- def_irq_handler SEC_HYPERVISOR_CALL_DriverIRQHandler
- def_irq_handler SEC_GPIO_INT0_IRQ0_DriverIRQHandler
- def_irq_handler SEC_GPIO_INT0_IRQ1_DriverIRQHandler
- def_irq_handler PLU_DriverIRQHandler
- def_irq_handler SEC_VIO_DriverIRQHandler
- def_irq_handler HASHCRYPT_DriverIRQHandler
- def_irq_handler CASER_DriverIRQHandler
- def_irq_handler PUF_DriverIRQHandler
- def_irq_handler PQ_DriverIRQHandler
- def_irq_handler DMA1_DriverIRQHandler
- def_irq_handler LSPI_HS_DriverIRQHandler
+ def_irq_handler WDT_BOD_DriverIRQHandler /* Windowed watchdog timer, Brownout detect, Flash interrupt */
+ def_irq_handler DMA0_DriverIRQHandler /* DMA0 controller */
+ def_irq_handler GINT0_DriverIRQHandler /* GPIO group 0 */
+ def_irq_handler GINT1_DriverIRQHandler /* GPIO group 1 */
+ def_irq_handler PIN_INT0_DriverIRQHandler /* Pin interrupt 0 or pattern match engine slice 0 */
+ def_irq_handler PIN_INT1_DriverIRQHandler /* Pin interrupt 1or pattern match engine slice 1 */
+ def_irq_handler PIN_INT2_DriverIRQHandler /* Pin interrupt 2 or pattern match engine slice 2 */
+ def_irq_handler PIN_INT3_DriverIRQHandler /* Pin interrupt 3 or pattern match engine slice 3 */
+ def_irq_handler UTICK0_DriverIRQHandler /* Micro-tick Timer */
+ def_irq_handler MRT0_DriverIRQHandler /* Multi-rate timer */
+ def_irq_handler CTIMER0_DriverIRQHandler /* Standard counter/timer CTIMER0 */
+ def_irq_handler CTIMER1_DriverIRQHandler /* Standard counter/timer CTIMER1 */
+ def_irq_handler SCT0_DriverIRQHandler /* SCTimer/PWM */
+ def_irq_handler CTIMER3_DriverIRQHandler /* Standard counter/timer CTIMER3 */
+ def_irq_handler FLEXCOMM0_DriverIRQHandler /* Flexcomm Interface 0 (USART, SPI, I2C, I2S, FLEXCOMM) */
+ def_irq_handler FLEXCOMM1_DriverIRQHandler /* Flexcomm Interface 1 (USART, SPI, I2C, I2S, FLEXCOMM) */
+ def_irq_handler FLEXCOMM2_DriverIRQHandler /* Flexcomm Interface 2 (USART, SPI, I2C, I2S, FLEXCOMM) */
+ def_irq_handler FLEXCOMM3_DriverIRQHandler /* Flexcomm Interface 3 (USART, SPI, I2C, I2S, FLEXCOMM) */
+ def_irq_handler FLEXCOMM4_DriverIRQHandler /* Flexcomm Interface 4 (USART, SPI, I2C, I2S, FLEXCOMM) */
+ def_irq_handler FLEXCOMM5_DriverIRQHandler /* Flexcomm Interface 5 (USART, SPI, I2C, I2S, FLEXCOMM) */
+ def_irq_handler FLEXCOMM6_DriverIRQHandler /* Flexcomm Interface 6 (USART, SPI, I2C, I2S, FLEXCOMM) */
+ def_irq_handler FLEXCOMM7_DriverIRQHandler /* Flexcomm Interface 7 (USART, SPI, I2C, I2S, FLEXCOMM) */
+ def_irq_handler ADC0_DriverIRQHandler /* ADC0 */
+ def_irq_handler Reserved39_DriverIRQHandler /* Reserved interrupt */
+ def_irq_handler ACMP_DriverIRQHandler /* ACMP interrupts */
+ def_irq_handler Reserved41_DriverIRQHandler /* Reserved interrupt */
+ def_irq_handler Reserved42_DriverIRQHandler /* Reserved interrupt */
+ def_irq_handler USB0_NEEDCLK_DriverIRQHandler /* USB Activity Wake-up Interrupt */
+ def_irq_handler USB0_DriverIRQHandler /* USB device */
+ def_irq_handler RTC_DriverIRQHandler /* RTC alarm and wake-up interrupts */
+ def_irq_handler Reserved46_DriverIRQHandler /* Reserved interrupt */
+ def_irq_handler MAILBOX_DriverIRQHandler /* WAKEUP,Mailbox interrupt (present on selected devices) */
+ def_irq_handler PIN_INT4_DriverIRQHandler /* Pin interrupt 4 or pattern match engine slice 4 int */
+ def_irq_handler PIN_INT5_DriverIRQHandler /* Pin interrupt 5 or pattern match engine slice 5 int */
+ def_irq_handler PIN_INT6_DriverIRQHandler /* Pin interrupt 6 or pattern match engine slice 6 int */
+ def_irq_handler PIN_INT7_DriverIRQHandler /* Pin interrupt 7 or pattern match engine slice 7 int */
+ def_irq_handler CTIMER2_DriverIRQHandler /* Standard counter/timer CTIMER2 */
+ def_irq_handler CTIMER4_DriverIRQHandler /* Standard counter/timer CTIMER4 */
+ def_irq_handler OS_EVENT_DriverIRQHandler /* OSEVTIMER0 and OSEVTIMER0_WAKEUP interrupts */
+ def_irq_handler Reserved55_DriverIRQHandler /* Reserved interrupt */
+ def_irq_handler Reserved56_DriverIRQHandler /* Reserved interrupt */
+ def_irq_handler Reserved57_DriverIRQHandler /* Reserved interrupt */
+ def_irq_handler SDIO_DriverIRQHandler /* SD/MMC */
+ def_irq_handler Reserved59_DriverIRQHandler /* Reserved interrupt */
+ def_irq_handler Reserved60_DriverIRQHandler /* Reserved interrupt */
+ def_irq_handler Reserved61_DriverIRQHandler /* Reserved interrupt */
+ def_irq_handler USB1_PHY_DriverIRQHandler /* USB1_PHY */
+ def_irq_handler USB1_DriverIRQHandler /* USB1 interrupt */
+ def_irq_handler USB1_NEEDCLK_DriverIRQHandler /* USB1 activity */
+ def_irq_handler SEC_HYPERVISOR_CALL_DriverIRQHandler /* SEC_HYPERVISOR_CALL interrupt */
+ def_irq_handler SEC_GPIO_INT0_IRQ0_DriverIRQHandler /* SEC_GPIO_INT0_IRQ0 interrupt */
+ def_irq_handler SEC_GPIO_INT0_IRQ1_DriverIRQHandler /* SEC_GPIO_INT0_IRQ1 interrupt */
+ def_irq_handler PLU_DriverIRQHandler /* PLU interrupt */
+ def_irq_handler SEC_VIO_DriverIRQHandler /* SEC_VIO interrupt */
+ def_irq_handler HASHCRYPT_DriverIRQHandler /* HASHCRYPT interrupt */
+ def_irq_handler CASER_DriverIRQHandler /* CASPER interrupt */
+ def_irq_handler PUF_DriverIRQHandler /* PUF interrupt */
+ def_irq_handler PQ_DriverIRQHandler /* PQ interrupt */
+ def_irq_handler DMA1_DriverIRQHandler /* DMA1 interrupt */
+ def_irq_handler FLEXCOMM8_DriverIRQHandler /* Flexcomm Interface 8 (SPI, , FLEXCOMM) */
.end
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/ns/board.h b/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/ns/board.h
deleted file mode 100755
index 4cf61b3..0000000
--- a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/ns/board.h
+++ /dev/null
@@ -1,239 +0,0 @@
-/*
- * Copyright 2017-2018 NXP
- * All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _BOARD_H_
-#define _BOARD_H_
-
-#include "clock_config.h"
-#include "fsl_common.h"
-#include "fsl_reset.h"
-#include "fsl_gpio.h"
-#include "fsl_iocon.h"
-
-/*******************************************************************************
- * Definitions
- ******************************************************************************/
-/*! @brief The board name */
-#define BOARD_NAME "LPCXpresso55S69"
-
-/*! @brief The UART to use for debug messages. */
-/* TODO: rename UART to USART */
-#define BOARD_DEBUG_UART_TYPE kSerialPort_Uart
-#define BOARD_DEBUG_UART_BASEADDR (uint32_t) USART0
-#define BOARD_DEBUG_UART_INSTANCE 0U
-#define BOARD_DEBUG_UART_CLK_FREQ 12000000U
-#define BOARD_DEBUG_UART_CLK_ATTACH kFRO12M_to_FLEXCOMM0
-#define BOARD_DEBUG_UART_RST kFC0_RST_SHIFT_RSTn
-#define BOARD_DEBUG_UART_CLKSRC kCLOCK_Flexcomm0
-#define BOARD_UART_IRQ_HANDLER FLEXCOMM0_IRQHandler
-#define BOARD_UART_IRQ FLEXCOMM0_IRQn
-
-#define BOARD_ACCEL_I2C_BASEADDR I2C4
-#define BOARD_ACCEL_I2C_CLOCK_FREQ 12000000
-
-#define BOARD_DEBUG_UART_TYPE_CORE1 kSerialPort_Uart
-#define BOARD_DEBUG_UART_BASEADDR_CORE1 (uint32_t) USART1
-#define BOARD_DEBUG_UART_INSTANCE_CORE1 1U
-#define BOARD_DEBUG_UART_CLK_FREQ_CORE1 12000000U
-#define BOARD_DEBUG_UART_CLK_ATTACH_CORE1 kFRO12M_to_FLEXCOMM1
-#define BOARD_DEBUG_UART_RST_CORE1 kFC1_RST_SHIFT_RSTn
-#define BOARD_DEBUG_UART_CLKSRC_CORE1 kCLOCK_Flexcomm1
-#define BOARD_UART_IRQ_HANDLER_CORE1 FLEXCOMM1_IRQHandler
-#define BOARD_UART_IRQ_CORE1 FLEXCOMM1_IRQn
-
-#ifndef BOARD_DEBUG_UART_BAUDRATE
-#define BOARD_DEBUG_UART_BAUDRATE 115200U
-#endif /* BOARD_DEBUG_UART_BAUDRATE */
-
-#ifndef BOARD_DEBUG_UART_BAUDRATE_CORE1
-#define BOARD_DEBUG_UART_BAUDRATE_CORE1 115200U
-#endif /* BOARD_DEBUG_UART_BAUDRATE_CORE1 */
-
-#define BOARD_CODEC_I2C_BASEADDR I2C4
-#define BOARD_CODEC_I2C_CLOCK_FREQ 12000000
-#define BOARD_CODEC_I2C_INSTANCE 4
-#ifndef BOARD_LED_RED_GPIO
-#define BOARD_LED_RED_GPIO GPIO
-#endif
-#define BOARD_LED_RED_GPIO_PORT 1U
-#ifndef BOARD_LED_RED_GPIO_PIN
-#define BOARD_LED_RED_GPIO_PIN 6U
-#endif
-
-#ifndef BOARD_LED_BLUE_GPIO
-#define BOARD_LED_BLUE_GPIO GPIO
-#endif
-#define BOARD_LED_BLUE_GPIO_PORT 1U
-#ifndef BOARD_LED_BLUE_GPIO_PIN
-#define BOARD_LED_BLUE_GPIO_PIN 4U
-#endif
-
-#ifndef BOARD_LED_GREEN_GPIO
-#define BOARD_LED_GREEN_GPIO GPIO
-#endif
-#define BOARD_LED_GREEN_GPIO_PORT 1U
-#ifndef BOARD_LED_GREEN_GPIO_PIN
-#define BOARD_LED_GREEN_GPIO_PIN 7U
-#endif
-
-#ifndef BOARD_SW1_GPIO
-#define BOARD_SW1_GPIO GPIO
-#endif
-#define BOARD_SW1_GPIO_PORT 0U
-#ifndef BOARD_SW1_GPIO_PIN
-#define BOARD_SW1_GPIO_PIN 5U
-#endif
-#define BOARD_SW1_NAME "SW1"
-#define BOARD_SW1_IRQ PIN_INT0_IRQn
-#define BOARD_SW1_IRQ_HANDLER PIN_INT0_IRQHandler
-
-#ifndef BOARD_SW2_GPIO
-#define BOARD_SW2_GPIO GPIO
-#endif
-#define BOARD_SW2_GPIO_PORT 1U
-#ifndef BOARD_SW2_GPIO_PIN
-#define BOARD_SW2_GPIO_PIN 18U
-#endif
-#define BOARD_SW2_NAME "SW2"
-#define BOARD_SW2_IRQ PIN_INT1_IRQn
-#define BOARD_SW2_IRQ_HANDLER PIN_INT1_IRQHandler
-#define BOARD_SW2_GPIO_PININT_INDEX 1
-
-#ifndef BOARD_SW3_GPIO
-#define BOARD_SW3_GPIO GPIO
-#endif
-#define BOARD_SW3_GPIO_PORT 1U
-#ifndef BOARD_SW3_GPIO_PIN
-#define BOARD_SW3_GPIO_PIN 9U
-#endif
-#define BOARD_SW3_NAME "SW3"
-#define BOARD_SW3_IRQ PIN_INT1_IRQn
-#define BOARD_SW3_IRQ_HANDLER PIN_INT1_IRQHandler
-#define BOARD_SW3_GPIO_PININT_INDEX 1
-
-/* Board led color mapping */
-#define LOGIC_LED_ON 0U
-#define LOGIC_LED_OFF 1U
-
-#define LED_RED_INIT(output) \
- { \
- IOCON_PinMuxSet(IOCON, BOARD_LED_RED_GPIO_PORT, BOARD_LED_RED_GPIO_PIN, IOCON_DIGITAL_EN); \
- GPIO_PinInit(BOARD_LED_RED_GPIO, BOARD_LED_RED_GPIO_PORT, BOARD_LED_RED_GPIO_PIN, \
- &(gpio_pin_config_t){kGPIO_DigitalOutput, (output)}); /*!< Enable target LED1 */ \
- }
-#define LED_RED_ON() \
- GPIO_PortClear(BOARD_LED_RED_GPIO, BOARD_LED_RED_GPIO_PORT, \
- 1U << BOARD_LED_RED_GPIO_PIN) /*!< Turn on target LED1 */
-#define LED_RED_OFF() \
- GPIO_PortSet(BOARD_LED_RED_GPIO, BOARD_LED_RED_GPIO_PORT, \
- 1U << BOARD_LED_RED_GPIO_PIN) /*!< Turn off target LED1 \ \ \ \ \ \ \ \ \ \ \
- */
-#define LED_RED_TOGGLE() \
- GPIO_PortToggle(BOARD_LED_RED_GPIO, BOARD_LED_RED_GPIO_PORT, \
- 1U << BOARD_LED_RED_GPIO_PIN) /*!< Toggle on target LED1 */
-
-#define LED_BLUE_INIT(output) \
- { \
- IOCON_PinMuxSet(IOCON, BOARD_LED_BLUE_GPIO_PORT, BOARD_LED_BLUE_GPIO_PIN, IOCON_DIGITAL_EN); \
- GPIO_PinInit(BOARD_LED_BLUE_GPIO, BOARD_LED_BLUE_GPIO_PORT, BOARD_LED_BLUE_GPIO_PIN, \
- &(gpio_pin_config_t){kGPIO_DigitalOutput, (output)}); /*!< Enable target LED1 */ \
- }
-#define LED_BLUE_ON() \
- GPIO_PortClear(BOARD_LED_BLUE_GPIO, BOARD_LED_BLUE_GPIO_PORT, \
- 1U << BOARD_LED_BLUE_GPIO_PIN) /*!< Turn on target LED1 */
-#define LED_BLUE_OFF() \
- GPIO_PortSet(BOARD_LED_BLUE_GPIO, BOARD_LED_BLUE_GPIO_PORT, \
- 1U << BOARD_LED_BLUE_GPIO_PIN) /*!< Turn off target LED1 */
-#define LED_BLUE_TOGGLE() \
- GPIO_PortToggle(BOARD_LED_BLUE_GPIO, BOARD_LED_BLUE_GPIO_PORT, \
- 1U << BOARD_LED_BLUE_GPIO_PIN) /*!< Toggle on target LED1 */
-
-#define LED_GREEN_INIT(output) \
- GPIO_PinInit(BOARD_LED_GREEN_GPIO, BOARD_LED_GREEN_GPIO_PORT, BOARD_LED_GREEN_GPIO_PIN, \
- &(gpio_pin_config_t){kGPIO_DigitalOutput, (output)}) /*!< Enable target LED1 */
-#define LED_GREEN_ON() \
- GPIO_PortClear(BOARD_LED_GREEN_GPIO, BOARD_LED_GREEN_GPIO_PORT, \
- 1U << BOARD_LED_GREEN_GPIO_PIN) /*!< Turn on target LED1 */
-#define LED_GREEN_OFF() \
- GPIO_PortSet(BOARD_LED_GREEN_GPIO, BOARD_LED_GREEN_GPIO_PORT, \
- 1U << BOARD_LED_GREEN_GPIO_PIN) /*!< Turn off target LED1 */
-#define LED_GREEN_TOGGLE() \
- GPIO_PortToggle(BOARD_LED_GREEN_GPIO, BOARD_LED_GREEN_GPIO_PORT, \
- 1U << BOARD_LED_GREEN_GPIO_PIN) /*!< Toggle on target LED1 */
-
-/*! @brief The WIFI-QCA shield pin. */
-#define BOARD_INITGT202SHIELD_PWRON_GPIO GPIO
-#define BOARD_INITGT202SHIELD_PWRON_PORT 1U
-#define BOARD_INITGT202SHIELD_PWRON_PIN 8U
-
-#define BOARD_INITGT202SHIELD_IRQ_GPIO GPIO
-#define BOARD_INITGT202SHIELD_IRQ_PORT 1U
-#define BOARD_INITGT202SHIELD_IRQ_PIN 9U
-
-/*! @brief The WIFI-QCA shield pin. */
-#define BOARD_INITSILEX2401SHIELD_PWRON_GPIO GPIO
-#define BOARD_INITSILEX2401SHIELD_PWRON_PORT 1U
-#define BOARD_INITSILEX2401SHIELD_PWRON_PIN 7U
-
-#define BOARD_INITSILEX2401SHIELD_IRQ_GPIO GPIO
-#define BOARD_INITSILEX2401SHIELD_IRQ_PORT 0U
-#define BOARD_INITSILEX2401SHIELD_IRQ_GPIO_PIN 15U
-
-/*! @brief The WIFI-QCA shield pin. */
-#define BOARD_INITWIFI10CLICKSHIELD_PWRON_GPIO GPIO
-#define BOARD_INITWIFI10CLICKSHIELD_PWRON_PORT 1U
-#define BOARD_INITWIFI10CLICKSHIELD_PWRON_PIN 5U
-
-#define BOARD_INITWIFI10CLICKSHIELD_IRQ_GPIO GPIO
-#define BOARD_INITWIFI10CLICKSHIELD_IRQ_PORT 1U
-#define BOARD_INITWIFI10CLICKSHIELD_IRQ_GPIO_PIN 18U
-
-/* Display. */
-#define BOARD_LCD_DC_GPIO GPIO
-#define BOARD_LCD_DC_GPIO_PORT 1U
-#define BOARD_LCD_DC_GPIO_PIN 5U
-
-#if defined(__cplusplus)
-extern "C" {
-#endif /* __cplusplus */
-
-/*******************************************************************************
- * API
- ******************************************************************************/
-
-void BOARD_InitDebugConsole(void);
-void BOARD_InitDebugConsole_Core1(void);
-#if defined(SDK_I2C_BASED_COMPONENT_USED) && SDK_I2C_BASED_COMPONENT_USED
-void BOARD_I2C_Init(I2C_Type *base, uint32_t clkSrc_Hz);
-status_t BOARD_I2C_Send(I2C_Type *base,
- uint8_t deviceAddress,
- uint32_t subAddress,
- uint8_t subaddressSize,
- uint8_t *txBuff,
- uint8_t txBuffSize);
-status_t BOARD_I2C_Receive(I2C_Type *base,
- uint8_t deviceAddress,
- uint32_t subAddress,
- uint8_t subaddressSize,
- uint8_t *rxBuff,
- uint8_t rxBuffSize);
-void BOARD_Accel_I2C_Init(void);
-status_t BOARD_Accel_I2C_Send(uint8_t deviceAddress, uint32_t subAddress, uint8_t subaddressSize, uint32_t txBuff);
-status_t BOARD_Accel_I2C_Receive(
- uint8_t deviceAddress, uint32_t subAddress, uint8_t subaddressSize, uint8_t *rxBuff, uint8_t rxBuffSize);
-void BOARD_Codec_I2C_Init(void);
-status_t BOARD_Codec_I2C_Send(
- uint8_t deviceAddress, uint32_t subAddress, uint8_t subAddressSize, const uint8_t *txBuff, uint8_t txBuffSize);
-status_t BOARD_Codec_I2C_Receive(
- uint8_t deviceAddress, uint32_t subAddress, uint8_t subAddressSize, uint8_t *rxBuff, uint8_t rxBuffSize);
-#endif /* SDK_I2C_BASED_COMPONENT_USED */
-
-#if defined(__cplusplus)
-}
-#endif /* __cplusplus */
-
-#endif /* _BOARD_H_ */
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/s/board.h b/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/s/board.h
deleted file mode 100755
index 4cf61b3..0000000
--- a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/s/board.h
+++ /dev/null
@@ -1,239 +0,0 @@
-/*
- * Copyright 2017-2018 NXP
- * All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _BOARD_H_
-#define _BOARD_H_
-
-#include "clock_config.h"
-#include "fsl_common.h"
-#include "fsl_reset.h"
-#include "fsl_gpio.h"
-#include "fsl_iocon.h"
-
-/*******************************************************************************
- * Definitions
- ******************************************************************************/
-/*! @brief The board name */
-#define BOARD_NAME "LPCXpresso55S69"
-
-/*! @brief The UART to use for debug messages. */
-/* TODO: rename UART to USART */
-#define BOARD_DEBUG_UART_TYPE kSerialPort_Uart
-#define BOARD_DEBUG_UART_BASEADDR (uint32_t) USART0
-#define BOARD_DEBUG_UART_INSTANCE 0U
-#define BOARD_DEBUG_UART_CLK_FREQ 12000000U
-#define BOARD_DEBUG_UART_CLK_ATTACH kFRO12M_to_FLEXCOMM0
-#define BOARD_DEBUG_UART_RST kFC0_RST_SHIFT_RSTn
-#define BOARD_DEBUG_UART_CLKSRC kCLOCK_Flexcomm0
-#define BOARD_UART_IRQ_HANDLER FLEXCOMM0_IRQHandler
-#define BOARD_UART_IRQ FLEXCOMM0_IRQn
-
-#define BOARD_ACCEL_I2C_BASEADDR I2C4
-#define BOARD_ACCEL_I2C_CLOCK_FREQ 12000000
-
-#define BOARD_DEBUG_UART_TYPE_CORE1 kSerialPort_Uart
-#define BOARD_DEBUG_UART_BASEADDR_CORE1 (uint32_t) USART1
-#define BOARD_DEBUG_UART_INSTANCE_CORE1 1U
-#define BOARD_DEBUG_UART_CLK_FREQ_CORE1 12000000U
-#define BOARD_DEBUG_UART_CLK_ATTACH_CORE1 kFRO12M_to_FLEXCOMM1
-#define BOARD_DEBUG_UART_RST_CORE1 kFC1_RST_SHIFT_RSTn
-#define BOARD_DEBUG_UART_CLKSRC_CORE1 kCLOCK_Flexcomm1
-#define BOARD_UART_IRQ_HANDLER_CORE1 FLEXCOMM1_IRQHandler
-#define BOARD_UART_IRQ_CORE1 FLEXCOMM1_IRQn
-
-#ifndef BOARD_DEBUG_UART_BAUDRATE
-#define BOARD_DEBUG_UART_BAUDRATE 115200U
-#endif /* BOARD_DEBUG_UART_BAUDRATE */
-
-#ifndef BOARD_DEBUG_UART_BAUDRATE_CORE1
-#define BOARD_DEBUG_UART_BAUDRATE_CORE1 115200U
-#endif /* BOARD_DEBUG_UART_BAUDRATE_CORE1 */
-
-#define BOARD_CODEC_I2C_BASEADDR I2C4
-#define BOARD_CODEC_I2C_CLOCK_FREQ 12000000
-#define BOARD_CODEC_I2C_INSTANCE 4
-#ifndef BOARD_LED_RED_GPIO
-#define BOARD_LED_RED_GPIO GPIO
-#endif
-#define BOARD_LED_RED_GPIO_PORT 1U
-#ifndef BOARD_LED_RED_GPIO_PIN
-#define BOARD_LED_RED_GPIO_PIN 6U
-#endif
-
-#ifndef BOARD_LED_BLUE_GPIO
-#define BOARD_LED_BLUE_GPIO GPIO
-#endif
-#define BOARD_LED_BLUE_GPIO_PORT 1U
-#ifndef BOARD_LED_BLUE_GPIO_PIN
-#define BOARD_LED_BLUE_GPIO_PIN 4U
-#endif
-
-#ifndef BOARD_LED_GREEN_GPIO
-#define BOARD_LED_GREEN_GPIO GPIO
-#endif
-#define BOARD_LED_GREEN_GPIO_PORT 1U
-#ifndef BOARD_LED_GREEN_GPIO_PIN
-#define BOARD_LED_GREEN_GPIO_PIN 7U
-#endif
-
-#ifndef BOARD_SW1_GPIO
-#define BOARD_SW1_GPIO GPIO
-#endif
-#define BOARD_SW1_GPIO_PORT 0U
-#ifndef BOARD_SW1_GPIO_PIN
-#define BOARD_SW1_GPIO_PIN 5U
-#endif
-#define BOARD_SW1_NAME "SW1"
-#define BOARD_SW1_IRQ PIN_INT0_IRQn
-#define BOARD_SW1_IRQ_HANDLER PIN_INT0_IRQHandler
-
-#ifndef BOARD_SW2_GPIO
-#define BOARD_SW2_GPIO GPIO
-#endif
-#define BOARD_SW2_GPIO_PORT 1U
-#ifndef BOARD_SW2_GPIO_PIN
-#define BOARD_SW2_GPIO_PIN 18U
-#endif
-#define BOARD_SW2_NAME "SW2"
-#define BOARD_SW2_IRQ PIN_INT1_IRQn
-#define BOARD_SW2_IRQ_HANDLER PIN_INT1_IRQHandler
-#define BOARD_SW2_GPIO_PININT_INDEX 1
-
-#ifndef BOARD_SW3_GPIO
-#define BOARD_SW3_GPIO GPIO
-#endif
-#define BOARD_SW3_GPIO_PORT 1U
-#ifndef BOARD_SW3_GPIO_PIN
-#define BOARD_SW3_GPIO_PIN 9U
-#endif
-#define BOARD_SW3_NAME "SW3"
-#define BOARD_SW3_IRQ PIN_INT1_IRQn
-#define BOARD_SW3_IRQ_HANDLER PIN_INT1_IRQHandler
-#define BOARD_SW3_GPIO_PININT_INDEX 1
-
-/* Board led color mapping */
-#define LOGIC_LED_ON 0U
-#define LOGIC_LED_OFF 1U
-
-#define LED_RED_INIT(output) \
- { \
- IOCON_PinMuxSet(IOCON, BOARD_LED_RED_GPIO_PORT, BOARD_LED_RED_GPIO_PIN, IOCON_DIGITAL_EN); \
- GPIO_PinInit(BOARD_LED_RED_GPIO, BOARD_LED_RED_GPIO_PORT, BOARD_LED_RED_GPIO_PIN, \
- &(gpio_pin_config_t){kGPIO_DigitalOutput, (output)}); /*!< Enable target LED1 */ \
- }
-#define LED_RED_ON() \
- GPIO_PortClear(BOARD_LED_RED_GPIO, BOARD_LED_RED_GPIO_PORT, \
- 1U << BOARD_LED_RED_GPIO_PIN) /*!< Turn on target LED1 */
-#define LED_RED_OFF() \
- GPIO_PortSet(BOARD_LED_RED_GPIO, BOARD_LED_RED_GPIO_PORT, \
- 1U << BOARD_LED_RED_GPIO_PIN) /*!< Turn off target LED1 \ \ \ \ \ \ \ \ \ \ \
- */
-#define LED_RED_TOGGLE() \
- GPIO_PortToggle(BOARD_LED_RED_GPIO, BOARD_LED_RED_GPIO_PORT, \
- 1U << BOARD_LED_RED_GPIO_PIN) /*!< Toggle on target LED1 */
-
-#define LED_BLUE_INIT(output) \
- { \
- IOCON_PinMuxSet(IOCON, BOARD_LED_BLUE_GPIO_PORT, BOARD_LED_BLUE_GPIO_PIN, IOCON_DIGITAL_EN); \
- GPIO_PinInit(BOARD_LED_BLUE_GPIO, BOARD_LED_BLUE_GPIO_PORT, BOARD_LED_BLUE_GPIO_PIN, \
- &(gpio_pin_config_t){kGPIO_DigitalOutput, (output)}); /*!< Enable target LED1 */ \
- }
-#define LED_BLUE_ON() \
- GPIO_PortClear(BOARD_LED_BLUE_GPIO, BOARD_LED_BLUE_GPIO_PORT, \
- 1U << BOARD_LED_BLUE_GPIO_PIN) /*!< Turn on target LED1 */
-#define LED_BLUE_OFF() \
- GPIO_PortSet(BOARD_LED_BLUE_GPIO, BOARD_LED_BLUE_GPIO_PORT, \
- 1U << BOARD_LED_BLUE_GPIO_PIN) /*!< Turn off target LED1 */
-#define LED_BLUE_TOGGLE() \
- GPIO_PortToggle(BOARD_LED_BLUE_GPIO, BOARD_LED_BLUE_GPIO_PORT, \
- 1U << BOARD_LED_BLUE_GPIO_PIN) /*!< Toggle on target LED1 */
-
-#define LED_GREEN_INIT(output) \
- GPIO_PinInit(BOARD_LED_GREEN_GPIO, BOARD_LED_GREEN_GPIO_PORT, BOARD_LED_GREEN_GPIO_PIN, \
- &(gpio_pin_config_t){kGPIO_DigitalOutput, (output)}) /*!< Enable target LED1 */
-#define LED_GREEN_ON() \
- GPIO_PortClear(BOARD_LED_GREEN_GPIO, BOARD_LED_GREEN_GPIO_PORT, \
- 1U << BOARD_LED_GREEN_GPIO_PIN) /*!< Turn on target LED1 */
-#define LED_GREEN_OFF() \
- GPIO_PortSet(BOARD_LED_GREEN_GPIO, BOARD_LED_GREEN_GPIO_PORT, \
- 1U << BOARD_LED_GREEN_GPIO_PIN) /*!< Turn off target LED1 */
-#define LED_GREEN_TOGGLE() \
- GPIO_PortToggle(BOARD_LED_GREEN_GPIO, BOARD_LED_GREEN_GPIO_PORT, \
- 1U << BOARD_LED_GREEN_GPIO_PIN) /*!< Toggle on target LED1 */
-
-/*! @brief The WIFI-QCA shield pin. */
-#define BOARD_INITGT202SHIELD_PWRON_GPIO GPIO
-#define BOARD_INITGT202SHIELD_PWRON_PORT 1U
-#define BOARD_INITGT202SHIELD_PWRON_PIN 8U
-
-#define BOARD_INITGT202SHIELD_IRQ_GPIO GPIO
-#define BOARD_INITGT202SHIELD_IRQ_PORT 1U
-#define BOARD_INITGT202SHIELD_IRQ_PIN 9U
-
-/*! @brief The WIFI-QCA shield pin. */
-#define BOARD_INITSILEX2401SHIELD_PWRON_GPIO GPIO
-#define BOARD_INITSILEX2401SHIELD_PWRON_PORT 1U
-#define BOARD_INITSILEX2401SHIELD_PWRON_PIN 7U
-
-#define BOARD_INITSILEX2401SHIELD_IRQ_GPIO GPIO
-#define BOARD_INITSILEX2401SHIELD_IRQ_PORT 0U
-#define BOARD_INITSILEX2401SHIELD_IRQ_GPIO_PIN 15U
-
-/*! @brief The WIFI-QCA shield pin. */
-#define BOARD_INITWIFI10CLICKSHIELD_PWRON_GPIO GPIO
-#define BOARD_INITWIFI10CLICKSHIELD_PWRON_PORT 1U
-#define BOARD_INITWIFI10CLICKSHIELD_PWRON_PIN 5U
-
-#define BOARD_INITWIFI10CLICKSHIELD_IRQ_GPIO GPIO
-#define BOARD_INITWIFI10CLICKSHIELD_IRQ_PORT 1U
-#define BOARD_INITWIFI10CLICKSHIELD_IRQ_GPIO_PIN 18U
-
-/* Display. */
-#define BOARD_LCD_DC_GPIO GPIO
-#define BOARD_LCD_DC_GPIO_PORT 1U
-#define BOARD_LCD_DC_GPIO_PIN 5U
-
-#if defined(__cplusplus)
-extern "C" {
-#endif /* __cplusplus */
-
-/*******************************************************************************
- * API
- ******************************************************************************/
-
-void BOARD_InitDebugConsole(void);
-void BOARD_InitDebugConsole_Core1(void);
-#if defined(SDK_I2C_BASED_COMPONENT_USED) && SDK_I2C_BASED_COMPONENT_USED
-void BOARD_I2C_Init(I2C_Type *base, uint32_t clkSrc_Hz);
-status_t BOARD_I2C_Send(I2C_Type *base,
- uint8_t deviceAddress,
- uint32_t subAddress,
- uint8_t subaddressSize,
- uint8_t *txBuff,
- uint8_t txBuffSize);
-status_t BOARD_I2C_Receive(I2C_Type *base,
- uint8_t deviceAddress,
- uint32_t subAddress,
- uint8_t subaddressSize,
- uint8_t *rxBuff,
- uint8_t rxBuffSize);
-void BOARD_Accel_I2C_Init(void);
-status_t BOARD_Accel_I2C_Send(uint8_t deviceAddress, uint32_t subAddress, uint8_t subaddressSize, uint32_t txBuff);
-status_t BOARD_Accel_I2C_Receive(
- uint8_t deviceAddress, uint32_t subAddress, uint8_t subaddressSize, uint8_t *rxBuff, uint8_t rxBuffSize);
-void BOARD_Codec_I2C_Init(void);
-status_t BOARD_Codec_I2C_Send(
- uint8_t deviceAddress, uint32_t subAddress, uint8_t subAddressSize, const uint8_t *txBuff, uint8_t txBuffSize);
-status_t BOARD_Codec_I2C_Receive(
- uint8_t deviceAddress, uint32_t subAddress, uint8_t subAddressSize, uint8_t *rxBuff, uint8_t rxBuffSize);
-#endif /* SDK_I2C_BASED_COMPONENT_USED */
-
-#if defined(__cplusplus)
-}
-#endif /* __cplusplus */
-
-#endif /* _BOARD_H_ */
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/s/peripherals.c b/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/s/peripherals.c
deleted file mode 100755
index e0c5222..0000000
--- a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/s/peripherals.c
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
- * Copyright 2017-2018 NXP
- * All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-/* TEXT BELOW IS USED AS SETTING FOR TOOLS *************************************
-!!GlobalInfo
-product: Peripherals v1.0
- * BE CAREFUL MODIFYING THIS COMMENT - IT IS YAML SETTINGS FOR TOOLS **********/
-
-/*******************************************************************************
- * Included files
- ******************************************************************************/
-#include "peripherals.h"
-
-/*******************************************************************************
- * BOARD_InitBootPeripherals function
- ******************************************************************************/
-void BOARD_InitBootPeripherals(void)
-{
-}
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/s/peripherals.h b/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/s/peripherals.h
deleted file mode 100755
index 3df053a..0000000
--- a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/s/peripherals.h
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
- * Copyright 2017-2018 NXP
- * All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _PERIPHERALS_H_
-#define _PERIPHERALS_H_
-
-#if defined(__cplusplus)
-extern "C" {
-#endif /*_cplusplus. */
-/*******************************************************************************
- * BOARD_InitBootPeripherals function
- ******************************************************************************/
-void BOARD_InitBootPeripherals(void);
-
-#if defined(__cplusplus)
-}
-#endif /*_cplusplus. */
-
-#endif /* _PERIPHERALS_H_ */
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/README.rst b/platform/ext/target/nxp/lpcxpresso55s69/README.rst
index f3ae84a..0cdc334 100644
--- a/platform/ext/target/nxp/lpcxpresso55s69/README.rst
+++ b/platform/ext/target/nxp/lpcxpresso55s69/README.rst
@@ -16,7 +16,7 @@
.. code:: bash
- $ cmake -S . -B build -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DCMAKE_BUILD_TYPE=Relwithdebinfo -DBL2=OFF -DTFM_PSA_API=ON -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles"
+ $ cmake -S . -B build -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DTFM_PROFILE=profile_medium -DCMAKE_BUILD_TYPE=Relwithdebinfo -DBL2=OFF -DTFM_PSA_API=ON -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles"
$ cd build && make install
1.2 Building TF-M demo with BL2
@@ -28,23 +28,23 @@
Or do it manually using the following commands:
.. code:: bash
-
- $ cmake -S . -B build -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DCMAKE_BUILD_TYPE=Relwithdebinfo -DTFM_PSA_API=ON -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles"
+
+ $ cmake -S . -B build -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DTFM_PROFILE=profile_medium -DCMAKE_BUILD_TYPE=Relwithdebinfo -DTFM_PSA_API=ON -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles"
$ cd build && make install
1.3 Building TF-M regression tests
==================================
To run the S and NS regression tests (``TEST_S=ON`` and ``TEST_NS=ON``), the
-secondary image areas must be set to 0 (firmware updates are not possible).
+secondary image areas must be set to 0 (firmware updates are not possible).
Use the ``build_tfm_regression.py`` script in ``platform/ext/target/nxp/lpcxpresso55s69/scripts``
or do it manually using following commands:
.. code:: bash
-
- $ cmake -S . -B build -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DCMAKE_BUILD_TYPE=Relwithdebinfo -DBL2=OFF -DTEST_S=ON -DTEST_NS=ON -DTFM_PSA_API=ON -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles"
+
+ $ cmake -S . -B build -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DTFM_PROFILE=profile_medium -DCMAKE_BUILD_TYPE=Relwithdebinfo -DBL2=OFF -DTEST_S=ON -DTEST_NS=ON -DTFM_PSA_API=ON -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles"
$ cd build && make install
-
+
.. Note::
Currently ``Debug`` cannot be selected as build type and regression tests
@@ -56,9 +56,9 @@
****************
After generating the binaries, there are three options to flash them using:
- 1) **External Segger J-Link flasher**
- 2) **On-board J-Link debugger** - with update of LPC-Link2 debugger to the Segger J-Link firmware
- 3) **PyOCD** - supports both DAPLink and J-Link interfaces. The LPCXpresso55S69 boards, by default, use DAPLink firmware.
+ 1) **External Segger J-Link flasher**
+ 2) **On-board J-Link debugger** - with update of LPC-Link2 debugger to the Segger J-Link firmware
+ 3) **PyOCD** - supports both DAPLink and J-Link interfaces. The LPCXpresso55S69 boards, by default, use DAPLink firmware.
2.1 Flashing with Segger J-Link
===============================
@@ -82,15 +82,19 @@
- Link the DFU jumper (J4) and make power cycle
- Flash the **NXP LPCXpresso On-Board** firmware image with ``lpcscrypt`` from the ``lpcscrypt_2.1.2_57/scripts`` folder as follows:
-**Windows:**
-::
+.. tabs::
- $ program_JLINK ../probe_firmware/LPCXpressoV2/Firmware_JLink_LPCXpressoV2_20190404.bin
-
-**Linux:**
-::
+ .. group-tab:: Linux
- $ ./program_JLINK ../probe_firmware/LPCXpressoV2/Firmware_JLink_LPCXpressoV2_20190404.bin
+ .. code-block:: bash
+
+ $ ./program_JLINK ../probe_firmware/LPCXpressoV2/Firmware_JLink_LPCXpressoV2_20190404.bin
+
+ .. group-tab:: Windows
+
+ .. code-block:: bash
+
+ $ program_JLINK ../probe_firmware/LPCXpressoV2/Firmware_JLink_LPCXpressoV2_20190404.bin
Then remove the link on the DFU jumper and power cycle.
@@ -98,63 +102,67 @@
------------------------------------------
To flash TF-M images use the flash scripts provided in ``platform/ext/target/nxp/lpcxpresso55s69/scripts`` folder:
- - ``flash_JLink.py`` - for uploading image without BL2
- - ``flash_bl2_JLink.py`` - for uploading image with BL2
-
+ - ``flash_JLink.py`` - for uploading image without BL2
+ - ``flash_bl2_JLink.py`` - for uploading image with BL2
+
Or you can do it manually according to paragraph ``2.1.2.1``.
2.1.2.1 Connect to the board using ``JLinkCommander``
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-**Windows:**
-::
+.. tabs::
- $ JLink -device lpc55s69 -if swd -speed 2000 -autoconnect 1
-
- SEGGER J-Link Commander V6.98b (Compiled Mar 12 2021 15:03:29)
- DLL version V6.98b, compiled Mar 12 2021 15:02:22
+ .. group-tab:: Linux
- Connecting to J-Link via USB...O.K.
- Firmware: J-Link LPCXpresso V2 compiled Apr 4 2019 16:54:03
- Hardware version: V1.00
- S/N: 729458359
- VTref=3.300V
- Device "LPC55S69_M33_0" selected.
- ...
- Cortex-M33 identified.
-
-**Linux:**
-::
+ .. code-block:: bash
- $ JLinkExe -device lpc55s69 -if swd -speed 2000 -autoconnect 1
+ $ JLinkExe -device lpc55s69 -if swd -speed 2000 -autoconnect 1
- SEGGER J-Link Commander V6.98b (Compiled Mar 12 2021 15:03:29)
- DLL version V6.98b, compiled Mar 12 2021 15:02:22
+ SEGGER J-Link Commander V6.98b (Compiled Mar 12 2021 15:03:29)
+ DLL version V6.98b, compiled Mar 12 2021 15:02:22
- Connecting to J-Link via USB...O.K.
- Firmware: J-Link LPCXpresso V2 compiled Apr 4 2019 16:54:03
- Hardware version: V1.00
- S/N: 729458359
- VTref=3.300V
- Device "LPC55S69_M33_0" selected.
- ...
- Cortex-M33 identified.
+ Connecting to J-Link via USB...O.K.
+ Firmware: J-Link LPCXpresso V2 compiled Apr 4 2019 16:54:03
+ Hardware version: V1.00
+ S/N: 729458359
+ VTref=3.300V
+ Device "LPC55S69_M33_0" selected.
+ ...
+ Cortex-M33 identified.
+
+ .. group-tab:: Windows
+
+ .. code-block:: bash
+
+ $ JLink -device lpc55s69 -if swd -speed 2000 -autoconnect 1
+
+ SEGGER J-Link Commander V6.98b (Compiled Mar 12 2021 15:03:29)
+ DLL version V6.98b, compiled Mar 12 2021 15:02:22
+
+ Connecting to J-Link via USB...O.K.
+ Firmware: J-Link LPCXpresso V2 compiled Apr 4 2019 16:54:03
+ Hardware version: V1.00
+ S/N: 729458359
+ VTref=3.300V
+ Device "LPC55S69_M33_0" selected.
+ ...
+ Cortex-M33 identified.
2.1.2.2 Flash the built images
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-If you built TF-M with the BL2 secondary bootloader, use following commands:
+When BL2 is disabled, flash the generated hex secure and non-secure images:
::
J-Link> loadfile ${BUILD_DIR}/bl2.hex
J-Link> loadfile ${BUILD_DIR}/tfm_s_signed.bin 0x00008000
J-Link> loadfile ${BUILD_DIR}/tfm_ns_signed.bin 0x00030000
-When BL2 is disabled, flash the generated hex secure and non-secure images:
+If you built TF-M with the BL2 secondary bootloader, use following commands:
::
- J-Link> loadfile ${BUILD_DIR}/tfm_s.hex
- J-Link> loadfile ${BUILD_DIR}/tfm_ns.hex
+ J-Link> loadfile ${BUILD_DIR}/tfm_s.hex
+ J-Link> loadfile ${BUILD_DIR}/tfm_ns.hex
2.2 Flashing with PyOCD
=======================
@@ -162,21 +170,21 @@
See: `PyOCD <https://pypi.org/project/pyocd/>`__
To flash TF-M images with PyOCD you can use the flash scripts provided in ``platform/ext/target/nxp/lpcxpresso55s69/scripts`` folder:
- - ``flash_PyOCD.py`` - for uploading image without BL2
- - ``flash_bl2_PyOCD.py`` - for uploading image with BL2
-
+ - ``flash_PyOCD.py`` - for uploading image without BL2
+ - ``flash_bl2_PyOCD.py`` - for uploading image with BL2
+
You should get the following output (flashing without BL2):
::
- $ python flash_PyOCD.py
- 0001749:INFO:eraser:Mass erasing device...
- 0001749:INFO:eraser:Erasing chip...
- 0001902:INFO:eraser:Done
- 0001902:INFO:eraser:Successfully erased.
- [====================] 100%
- 0007694:INFO:loader:Erased 262144 bytes (8 sectors), programmed 203776 bytes (398 pages), skipped 0 bytes (0 pages) at 33.91 kB/s
- [====================] 100%
- 0005187:INFO:loader:Erased 131072 bytes (4 sectors), programmed 121856 bytes (238 pages), skipped 0 bytes (0 pages) at 34.13 kB/s
+ $ python flash_PyOCD.py
+ 0001749:INFO:eraser:Mass erasing device...
+ 0001749:INFO:eraser:Erasing chip...
+ 0001902:INFO:eraser:Done
+ 0001902:INFO:eraser:Successfully erased.
+ [====================] 100%
+ 0007694:INFO:loader:Erased 262144 bytes (8 sectors), programmed 203776 bytes (398 pages), skipped 0 bytes (0 pages) at 33.91 kB/s
+ [====================] 100%
+ 0005187:INFO:loader:Erased 131072 bytes (4 sectors), programmed 121856 bytes (238 pages), skipped 0 bytes (0 pages) at 34.13 kB/s
Or do it manually according the following steps:
@@ -184,17 +192,17 @@
If you built TF-M with the BL2 secondary bootloader, use the following commands:
::
- $ pyocd erase --mass -t LPC55S69
- $ pyocd flash ${BUILD_DIR}/tfm_s.hex -t LPC55S69
- $ pyocd flash ${BUILD_DIR}/tfm_ns.hex -t LPC55S69
+ $ pyocd erase --mass -t LPC55S69
+ $ pyocd flash ${BUILD_DIR}/tfm_s.hex -t LPC55S69
+ $ pyocd flash ${BUILD_DIR}/tfm_ns.hex -t LPC55S69
When BL2 is disabled, flash the generated hex secure and non-secure images:
::
- $ pyocd erase --mass -t LPC55S69
- $ pyocd flash ${BUILD_DIR}/bl2.hex -t LPC55S69
- $ pyocd flash ${BUILD_DIR}/tfm_s_signed.bin --base-address 0x8000 -t LPC55S69
- $ pyocd flash ${BUILD_DIR}/tfm_ns_signed.bin --base-address 0x30000 -t LPC55S69
+ $ pyocd erase --mass -t LPC55S69
+ $ pyocd flash ${BUILD_DIR}/bl2.hex -t LPC55S69
+ $ pyocd flash ${BUILD_DIR}/tfm_s_signed.bin --base-address 0x8000 -t LPC55S69
+ $ pyocd flash ${BUILD_DIR}/tfm_ns_signed.bin --base-address 0x30000 -t LPC55S69
.. Note::
@@ -251,17 +259,19 @@
---------------------------------------------------------------------
You can use JLinkGDBServer or PyOCD server depending on the interface configured in the previous step.
-**J-Link GDB server:**
+.. tabs::
-.. code:: bash
+ .. group-tab:: J-Link GDB server
- JLinkGDBServer -device lpc55s69 -if swd -speed 2000
-
-**PyOCD GDB server:**
+ .. code-block:: bash
-.. code:: bash
+ $ JLinkGDBServer -device lpc55s69 -if swd -speed 2000
- pyocd gdbserver -f 2000k -t LPC55S69
+ .. group-tab:: PyOCD GDB server
+
+ .. code:: bash
+
+ $ pyocd gdbserver -f 2000k -t LPC55S69
3.2.2 Connecting to the GDB server
----------------------------------
@@ -275,19 +285,25 @@
Then from the client connect to the remote GDB server that was started
earlier:
-With ``JLinkGDBServer`` (default port 2331):
+.. tabs::
-.. code:: bash
+ .. group-tab:: J-Link GDB server
- (gdb) target remote:2331
- Remote debugging using :2331
-
-With ``pyocd gdbserver`` (default port 3333):
+ With ``JLinkGDBServer`` (default port 2331):
-.. code:: bash
+ .. code:: bash
- (gdb) target remote:3333
- Remote debugging using :3333
+ (gdb) target remote:2331
+ Remote debugging using :2331
+
+ .. group-tab:: PyOCD GDB server
+
+ With ``pyocd gdbserver`` (default port 3333):
+
+ .. code:: bash
+
+ (gdb) target remote:3333
+ Remote debugging using :3333
3.2.3 Reset and stop at ``main``
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/config.cmake b/platform/ext/target/nxp/lpcxpresso55s69/config.cmake
index 1a4da6d..bcf905d 100644
--- a/platform/ext/target/nxp/lpcxpresso55s69/config.cmake
+++ b/platform/ext/target/nxp/lpcxpresso55s69/config.cmake
@@ -1,5 +1,6 @@
#-------------------------------------------------------------------------------
# Copyright (c) 2020, Arm Limited. All rights reserved.
+# Copyright (c) 2021, NXP Semiconductors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -7,7 +8,7 @@
################################## Dependencies ################################
set(TFM_PLATFORM_NXP_HAL_FILE_PATH "DOWNLOAD" CACHE STRING "Path to the NXP SDK hal (or DOWNLOAD to fetch automatically)")
-set(NXP_SDK_GIT_TAG "MCUX_2.9.0" CACHE STRING "The version of the NXP MCUXpresso SDK")
+set(NXP_SDK_GIT_TAG "MCUX_2.10.0" CACHE STRING "The version of the NXP MCUXpresso SDK")
############################ Partitions ########################################
set(PS_NUM_ASSETS "5" CACHE STRING "The maximum number of assets to be stored in the Protected Storage area")
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/lpcxpresso55s69_mbedcrypto_config.h b/platform/ext/target/nxp/lpcxpresso55s69/lpcxpresso55s69_mbedcrypto_config.h
deleted file mode 100755
index 0c4390e..0000000
--- a/platform/ext/target/nxp/lpcxpresso55s69/lpcxpresso55s69_mbedcrypto_config.h
+++ /dev/null
@@ -1,2008 +0,0 @@
-/**
- * \file config.h
- *
- * \brief Configuration options (set of defines)
- *
- * This set of compile-time options may be used to enable
- * or disable features selectively, and reduce the global
- * memory footprint.
- */
-/*
- * Copyright (C) 2006-2021, ARM Limited, All Rights Reserved
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#ifndef LPCXPRESSO55S69_MBEDCRYPTO_CONFIG_H
-#define LPCXPRESSO55S69_MBEDCRYPTO_CONFIG_H
-
-#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
-#define _CRT_SECURE_NO_DEPRECATE 1
-#endif
-
-/**
- * \name SECTION: System support
- *
- * This section sets system specific settings.
- * \{
- */
-
-/**
- * \def MBEDTLS_HAVE_ASM
- *
- * The compiler has support for asm().
- *
- * Requires support for asm() in compiler.
- *
- * Used in:
- * library/aria.c
- * library/timing.c
- * include/mbedtls/bn_mul.h
- *
- * Required by:
- * MBEDTLS_AESNI_C
- * MBEDTLS_PADLOCK_C
- *
- * Comment to disable the use of assembly code.
- */
-#define MBEDTLS_HAVE_ASM
-
-/**
- * \def MBEDTLS_NO_UDBL_DIVISION
- *
- * The platform lacks support for double-width integer division (64-bit
- * division on a 32-bit platform, 128-bit division on a 64-bit platform).
- *
- * Used in:
- * include/mbedtls/bignum.h
- * library/bignum.c
- *
- * The bignum code uses double-width division to speed up some operations.
- * Double-width division is often implemented in software that needs to
- * be linked with the program. The presence of a double-width integer
- * type is usually detected automatically through preprocessor macros,
- * but the automatic detection cannot know whether the code needs to
- * and can be linked with an implementation of division for that type.
- * By default division is assumed to be usable if the type is present.
- * Uncomment this option to prevent the use of double-width division.
- *
- * Note that division for the native integer type is always required.
- * Furthermore, a 64-bit type is always required even on a 32-bit
- * platform, but it need not support multiplication or division. In some
- * cases it is also desirable to disable some double-width operations. For
- * example, if double-width division is implemented in software, disabling
- * it can reduce code size in some embedded targets.
- */
-//#define MBEDTLS_NO_UDBL_DIVISION
-
-/**
- * \def MBEDTLS_NO_64BIT_MULTIPLICATION
- *
- * The platform lacks support for 32x32 -> 64-bit multiplication.
- *
- * Used in:
- * library/poly1305.c
- *
- * Some parts of the library may use multiplication of two unsigned 32-bit
- * operands with a 64-bit result in order to speed up computations. On some
- * platforms, this is not available in hardware and has to be implemented in
- * software, usually in a library provided by the toolchain.
- *
- * Sometimes it is not desirable to have to link to that library. This option
- * removes the dependency of that library on platforms that lack a hardware
- * 64-bit multiplier by embedding a software implementation in Mbed TLS.
- *
- * Note that depending on the compiler, this may decrease performance compared
- * to using the library function provided by the toolchain.
- */
-//#define MBEDTLS_NO_64BIT_MULTIPLICATION
-
-/**
- * \def MBEDTLS_HAVE_SSE2
- *
- * CPU supports SSE2 instruction set.
- *
- * Uncomment if the CPU supports SSE2 (IA-32 specific).
- */
-//#define MBEDTLS_HAVE_SSE2
-
-/**
- * \def MBEDTLS_HAVE_TIME
- *
- * System has time.h and time().
- * The time does not need to be correct, only time differences are used,
- * by contrast with MBEDTLS_HAVE_TIME_DATE
- *
- * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT,
- * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and
- * MBEDTLS_PLATFORM_STD_TIME.
- *
- * Comment if your system does not support time functions
- */
-//#define MBEDTLS_HAVE_TIME
-
-/**
- * \def MBEDTLS_HAVE_TIME_DATE
- *
- * System has time.h, time(), and an implementation for
- * mbedtls_platform_gmtime_r() (see below).
- * The time needs to be correct (not necessarily very accurate, but at least
- * the date should be correct). This is used to verify the validity period of
- * X.509 certificates.
- *
- * Comment if your system does not have a correct clock.
- *
- * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that
- * behaves similarly to the gmtime_r() function from the C standard. Refer to
- * the documentation for mbedtls_platform_gmtime_r() for more information.
- *
- * \note It is possible to configure an implementation for
- * mbedtls_platform_gmtime_r() at compile-time by using the macro
- * MBEDTLS_PLATFORM_GMTIME_R_ALT.
- */
-//#define MBEDTLS_HAVE_TIME_DATE
-
-/**
- * \def MBEDTLS_PLATFORM_MEMORY
- *
- * Enable the memory allocation layer.
- *
- * By default mbed TLS uses the system-provided calloc() and free().
- * This allows different allocators (self-implemented or provided) to be
- * provided to the platform abstraction layer.
- *
- * Enabling MBEDTLS_PLATFORM_MEMORY without the
- * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
- * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
- * free() function pointer at runtime.
- *
- * Enabling MBEDTLS_PLATFORM_MEMORY and specifying
- * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
- * alternate function at compile time.
- *
- * Requires: MBEDTLS_PLATFORM_C
- *
- * Enable this layer to allow use of alternative memory allocators.
- */
-#define MBEDTLS_PLATFORM_MEMORY
-
-/**
- * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
- *
- * Do not assign standard functions in the platform layer (e.g. calloc() to
- * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF)
- *
- * This makes sure there are no linking errors on platforms that do not support
- * these functions. You will HAVE to provide alternatives, either at runtime
- * via the platform_set_xxx() functions or at compile time by setting
- * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a
- * MBEDTLS_PLATFORM_XXX_MACRO.
- *
- * Requires: MBEDTLS_PLATFORM_C
- *
- * Uncomment to prevent default assignment of standard functions in the
- * platform layer.
- */
-//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
-
-/**
- * \def MBEDTLS_PLATFORM_EXIT_ALT
- *
- * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the
- * function in the platform abstraction layer.
- *
- * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will
- * provide a function "mbedtls_platform_set_printf()" that allows you to set an
- * alternative printf function pointer.
- *
- * All these define require MBEDTLS_PLATFORM_C to be defined!
- *
- * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows;
- * it will be enabled automatically by check_config.h
- *
- * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as
- * MBEDTLS_PLATFORM_XXX_MACRO!
- *
- * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME
- *
- * Uncomment a macro to enable alternate implementation of specific base
- * platform function
- */
-//#define MBEDTLS_PLATFORM_EXIT_ALT
-//#define MBEDTLS_PLATFORM_TIME_ALT
-//#define MBEDTLS_PLATFORM_FPRINTF_ALT
-//#define MBEDTLS_PLATFORM_PRINTF_ALT
-//#define MBEDTLS_PLATFORM_SNPRINTF_ALT
-//#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
-//#define MBEDTLS_PLATFORM_NV_SEED_ALT
-//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT
-
-/**
- * \def MBEDTLS_DEPRECATED_WARNING
- *
- * Mark deprecated functions so that they generate a warning if used.
- * Functions deprecated in one version will usually be removed in the next
- * version. You can enable this to help you prepare the transition to a new
- * major version by making sure your code is not using these functions.
- *
- * This only works with GCC and Clang. With other compilers, you may want to
- * use MBEDTLS_DEPRECATED_REMOVED
- *
- * Uncomment to get warnings on using deprecated functions.
- */
-//#define MBEDTLS_DEPRECATED_WARNING
-
-/**
- * \def MBEDTLS_DEPRECATED_REMOVED
- *
- * Remove deprecated functions so that they generate an error if used.
- * Functions deprecated in one version will usually be removed in the next
- * version. You can enable this to help you prepare the transition to a new
- * major version by making sure your code is not using these functions.
- *
- * Uncomment to get errors on using deprecated functions.
- */
-//#define MBEDTLS_DEPRECATED_REMOVED
-
-/**
- * \def MBEDTLS_CHECK_PARAMS
- *
- * This configuration option controls whether the library validates more of
- * the parameters passed to it.
- *
- * When this flag is not defined, the library only attempts to validate an
- * input parameter if: (1) they may come from the outside world (such as the
- * network, the filesystem, etc.) or (2) not validating them could result in
- * internal memory errors such as overflowing a buffer controlled by the
- * library. On the other hand, it doesn't attempt to validate parameters whose
- * values are fully controlled by the application (such as pointers).
- *
- * When this flag is defined, the library additionally attempts to validate
- * parameters that are fully controlled by the application, and should always
- * be valid if the application code is fully correct and trusted.
- *
- * For example, when a function accepts as input a pointer to a buffer that may
- * contain untrusted data, and its documentation mentions that this pointer
- * must not be NULL:
- * - the pointer is checked to be non-NULL only if this option is enabled
- * - the content of the buffer is always validated
- *
- * When this flag is defined, if a library function receives a parameter that
- * is invalid, it will:
- * - invoke the macro MBEDTLS_PARAM_FAILED() which by default expands to a
- * call to the function mbedtls_param_failed()
- * - immediately return (with a specific error code unless the function
- * returns void and can't communicate an error).
- *
- * When defining this flag, you also need to:
- * - either provide a definition of the function mbedtls_param_failed() in
- * your application (see platform_util.h for its prototype) as the library
- * calls that function, but does not provide a default definition for it,
- * - or provide a different definition of the macro MBEDTLS_PARAM_FAILED()
- * below if the above mechanism is not flexible enough to suit your needs.
- * See the documentation of this macro later in this file.
- *
- * Uncomment to enable validation of application-controlled parameters.
- */
-//#define MBEDTLS_CHECK_PARAMS
-
-/* \} name SECTION: System support */
-
-/**
- * \name SECTION: mbed TLS feature support
- *
- * This section sets support for features that are or are not needed
- * within the modules that are enabled.
- * \{
- */
-
-/**
- * \def MBEDTLS_TIMING_ALT
- *
- * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(),
- * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay()
- *
- * Only works if you have MBEDTLS_TIMING_C enabled.
- *
- * You will need to provide a header "timing_alt.h" and an implementation at
- * compile time.
- */
-//#define MBEDTLS_TIMING_ALT
-
-/**
- * \def MBEDTLS_AES_ALT
- *
- * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your
- * alternate core implementation of a symmetric crypto, an arithmetic or hash
- * module (e.g. platform specific assembly optimized implementations). Keep
- * in mind that the function prototypes should remain the same.
- *
- * This replaces the whole module. If you only want to replace one of the
- * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
- *
- * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer
- * provide the "struct mbedtls_aes_context" definition and omit the base
- * function declarations and implementations. "aes_alt.h" will be included from
- * "aes.h" to include the new function definitions.
- *
- * Uncomment a macro to enable alternate implementation of the corresponding
- * module.
- *
- * \warning MD2, MD4, MD5, ARC4, DES and SHA-1 are considered weak and their
- * use constitutes a security risk. If possible, we recommend
- * avoiding dependencies on them, and considering stronger message
- * digests and ciphers instead.
- *
- */
-//#define MBEDTLS_AES_ALT
-//#define MBEDTLS_ARC4_ALT
-//#define MBEDTLS_ARIA_ALT
-//#define MBEDTLS_BLOWFISH_ALT
-//#define MBEDTLS_CAMELLIA_ALT
-//#define MBEDTLS_CCM_ALT
-//#define MBEDTLS_CHACHA20_ALT
-//#define MBEDTLS_CHACHAPOLY_ALT
-//#define MBEDTLS_CMAC_ALT
-//#define MBEDTLS_DES_ALT
-//#define MBEDTLS_DHM_ALT
-//#define MBEDTLS_ECJPAKE_ALT
-//#define MBEDTLS_GCM_ALT
-//#define MBEDTLS_NIST_KW_ALT
-//#define MBEDTLS_MD2_ALT
-//#define MBEDTLS_MD4_ALT
-//#define MBEDTLS_MD5_ALT
-//#define MBEDTLS_POLY1305_ALT
-//#define MBEDTLS_RIPEMD160_ALT
-//#define MBEDTLS_RSA_ALT
-//#define MBEDTLS_SHA1_ALT
-//#define MBEDTLS_SHA256_ALT
-//#define MBEDTLS_SHA512_ALT
-//#define MBEDTLS_XTEA_ALT
-
-/*
- * When replacing the elliptic curve module, pleace consider, that it is
- * implemented with two .c files:
- * - ecp.c
- * - ecp_curves.c
- * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT
- * macros as described above. The only difference is that you have to make sure
- * that you provide functionality for both .c files.
- */
-//#define MBEDTLS_ECP_ALT
-
-/**
- * \def MBEDTLS_MD2_PROCESS_ALT
- *
- * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you
- * alternate core implementation of symmetric crypto or hash function. Keep in
- * mind that function prototypes should remain the same.
- *
- * This replaces only one function. The header file from mbed TLS is still
- * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
- *
- * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
- * no longer provide the mbedtls_sha1_process() function, but it will still provide
- * the other function (using your mbedtls_sha1_process() function) and the definition
- * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
- * with this definition.
- *
- * \note Because of a signature change, the core AES encryption and decryption routines are
- * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt,
- * respectively. When setting up alternative implementations, these functions should
- * be overridden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt
- * must stay untouched.
- *
- * \note If you use the AES_xxx_ALT macros, then is is recommended to also set
- * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
- * tables.
- *
- * Uncomment a macro to enable alternate implementation of the corresponding
- * function.
- *
- * \warning MD2, MD4, MD5, DES and SHA-1 are considered weak and their use
- * constitutes a security risk. If possible, we recommend avoiding
- * dependencies on them, and considering stronger message digests
- * and ciphers instead.
- *
- */
-//#define MBEDTLS_MD2_PROCESS_ALT
-//#define MBEDTLS_MD4_PROCESS_ALT
-//#define MBEDTLS_MD5_PROCESS_ALT
-//#define MBEDTLS_RIPEMD160_PROCESS_ALT
-//#define MBEDTLS_SHA1_PROCESS_ALT
-//#define MBEDTLS_SHA256_PROCESS_ALT
-//#define MBEDTLS_SHA512_PROCESS_ALT
-//#define MBEDTLS_DES_SETKEY_ALT
-//#define MBEDTLS_DES_CRYPT_ECB_ALT
-//#define MBEDTLS_DES3_CRYPT_ECB_ALT
-//#define MBEDTLS_AES_SETKEY_ENC_ALT
-//#define MBEDTLS_AES_SETKEY_DEC_ALT
-//#define MBEDTLS_AES_ENCRYPT_ALT
-//#define MBEDTLS_AES_DECRYPT_ALT
-//#define MBEDTLS_ECDH_GEN_PUBLIC_ALT
-//#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT
-//#define MBEDTLS_ECDSA_VERIFY_ALT
-//#define MBEDTLS_ECDSA_SIGN_ALT
-//#define MBEDTLS_ECDSA_GENKEY_ALT
-
-/**
- * \def MBEDTLS_ECP_INTERNAL_ALT
- *
- * Expose a part of the internal interface of the Elliptic Curve Point module.
- *
- * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your
- * alternative core implementation of elliptic curve arithmetic. Keep in mind
- * that function prototypes should remain the same.
- *
- * This partially replaces one function. The header file from mbed TLS is still
- * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation
- * is still present and it is used for group structures not supported by the
- * alternative.
- *
- * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT
- * and implementing the following functions:
- * unsigned char mbedtls_internal_ecp_grp_capable(
- * const mbedtls_ecp_group *grp )
- * int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp )
- * void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp )
- * The mbedtls_internal_ecp_grp_capable function should return 1 if the
- * replacement functions implement arithmetic for the given group and 0
- * otherwise.
- * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_free are
- * called before and after each point operation and provide an opportunity to
- * implement optimized set up and tear down instructions.
- *
- * Example: In case you uncomment MBEDTLS_ECP_INTERNAL_ALT and
- * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac
- * function, but will use your mbedtls_internal_ecp_double_jac if the group is
- * supported (your mbedtls_internal_ecp_grp_capable function returns 1 when
- * receives it as an argument). If the group is not supported then the original
- * implementation is used. The other functions and the definition of
- * mbedtls_ecp_group and mbedtls_ecp_point will not change, so your
- * implementation of mbedtls_internal_ecp_double_jac and
- * mbedtls_internal_ecp_grp_capable must be compatible with this definition.
- *
- * Uncomment a macro to enable alternate implementation of the corresponding
- * function.
- */
-/* Required for all the functions in this section */
-//#define MBEDTLS_ECP_INTERNAL_ALT
-/* Support for Weierstrass curves with Jacobi representation */
-//#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT
-//#define MBEDTLS_ECP_ADD_MIXED_ALT
-//#define MBEDTLS_ECP_DOUBLE_JAC_ALT
-//#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT
-//#define MBEDTLS_ECP_NORMALIZE_JAC_ALT
-/* Support for curves with Montgomery arithmetic */
-//#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT
-//#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT
-//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT
-
-/**
- * \def MBEDTLS_TEST_NULL_ENTROPY
- *
- * Enables testing and use of mbed TLS without any configured entropy sources.
- * This permits use of the library on platforms before an entropy source has
- * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the
- * MBEDTLS_ENTROPY_NV_SEED switches).
- *
- * WARNING! This switch MUST be disabled in production builds, and is suitable
- * only for development.
- * Enabling the switch negates any security provided by the library.
- *
- * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
- *
- */
-//#define MBEDTLS_TEST_NULL_ENTROPY
-
-/**
- * \def MBEDTLS_ENTROPY_HARDWARE_ALT
- *
- * Uncomment this macro to let mbed TLS use your own implementation of a
- * hardware entropy collector.
- *
- * Your function must be called \c mbedtls_hardware_poll(), have the same
- * prototype as declared in entropy_poll.h, and accept NULL as first argument.
- *
- * Uncomment to use your own hardware entropy collector.
- */
-#define MBEDTLS_ENTROPY_HARDWARE_ALT
-
-/**
- * \def MBEDTLS_AES_ROM_TABLES
- *
- * Use precomputed AES tables stored in ROM.
- *
- * Uncomment this macro to use precomputed AES tables stored in ROM.
- * Comment this macro to generate AES tables in RAM at runtime.
- *
- * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb
- * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the
- * initialization time before the first AES operation can be performed.
- * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c
- * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded
- * performance if ROM access is slower than RAM access.
- *
- * This option is independent of \c MBEDTLS_AES_FEWER_TABLES.
- *
- */
-//#define MBEDTLS_AES_ROM_TABLES
-
-/**
- * \def MBEDTLS_AES_FEWER_TABLES
- *
- * Use less ROM/RAM for AES tables.
- *
- * Uncommenting this macro omits 75% of the AES tables from
- * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES)
- * by computing their values on the fly during operations
- * (the tables are entry-wise rotations of one another).
- *
- * Tradeoff: Uncommenting this reduces the RAM / ROM footprint
- * by ~6kb but at the cost of more arithmetic operations during
- * runtime. Specifically, one has to compare 4 accesses within
- * different tables to 4 accesses with additional arithmetic
- * operations within the same table. The performance gain/loss
- * depends on the system and memory details.
- *
- * This option is independent of \c MBEDTLS_AES_ROM_TABLES.
- *
- */
-//#define MBEDTLS_AES_FEWER_TABLES
-
-/**
- * \def MBEDTLS_CAMELLIA_SMALL_MEMORY
- *
- * Use less ROM for the Camellia implementation (saves about 768 bytes).
- *
- * Uncomment this macro to use less memory for Camellia.
- */
-//#define MBEDTLS_CAMELLIA_SMALL_MEMORY
-
-/**
- * \def MBEDTLS_CIPHER_MODE_CBC
- *
- * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
- */
-#define MBEDTLS_CIPHER_MODE_CBC
-
-/**
- * \def MBEDTLS_CIPHER_MODE_CFB
- *
- * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
- */
-#define MBEDTLS_CIPHER_MODE_CFB
-
-/**
- * \def MBEDTLS_CIPHER_MODE_CTR
- *
- * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
- */
-#define MBEDTLS_CIPHER_MODE_CTR
-
-/**
- * \def MBEDTLS_CIPHER_MODE_OFB
- *
- * Enable Output Feedback mode (OFB) for symmetric ciphers.
- */
-#define MBEDTLS_CIPHER_MODE_OFB
-
-/**
- * \def MBEDTLS_CIPHER_MODE_XTS
- *
- * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES.
- */
-//#define MBEDTLS_CIPHER_MODE_XTS
-
-/**
- * \def MBEDTLS_CIPHER_NULL_CIPHER
- *
- * Enable NULL cipher.
- * Warning: Only do so when you know what you are doing. This allows for
- * encryption or channels without any security!
- *
- * This module is required to support the TLS ciphersuites that use the NULL
- * cipher.
- *
- * Uncomment this macro to enable the NULL cipher
- */
-//#define MBEDTLS_CIPHER_NULL_CIPHER
-
-/**
- * \def MBEDTLS_CIPHER_PADDING_PKCS7
- *
- * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for
- * specific padding modes in the cipher layer with cipher modes that support
- * padding (e.g. CBC)
- *
- * If you disable all padding modes, only full blocks can be used with CBC.
- *
- * Enable padding modes in the cipher layer.
- */
-#define MBEDTLS_CIPHER_PADDING_PKCS7
-#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
-#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
-#define MBEDTLS_CIPHER_PADDING_ZEROS
-
-/**
- * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
- *
- * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve
- * module. By default all supported curves are enabled.
- *
- * Comment macros to disable the curve and functions for it
- */
-#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
-//#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
-//#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
-//#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
-//#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
-//#define MBEDTLS_ECP_DP_BP256R1_ENABLED
-//#define MBEDTLS_ECP_DP_BP384R1_ENABLED
-//#define MBEDTLS_ECP_DP_BP512R1_ENABLED
-//#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
-//#define MBEDTLS_ECP_DP_CURVE448_ENABLED
-
-/**
- * \def MBEDTLS_ECP_NIST_OPTIM
- *
- * Enable specific 'modulo p' routines for each NIST prime.
- * Depending on the prime and architecture, makes operations 4 to 8 times
- * faster on the corresponding curve.
- *
- * Comment this macro to disable NIST curves optimisation.
- */
-#define MBEDTLS_ECP_NIST_OPTIM
-
-/**
- * \def MBEDTLS_ECP_RESTARTABLE
- *
- * Enable "non-blocking" ECC operations that can return early and be resumed.
- *
- * This allows various functions to pause by returning
- * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in Mbed TLS's SSL module,
- * MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in order
- * to further progress and eventually complete their operation. This is
- * controlled through mbedtls_ecp_set_max_ops() which limits the maximum number
- * of ECC operations a function may perform before pausing; see
- * mbedtls_ecp_set_max_ops() for more information.
- *
- * This is useful in non-threaded environments if you want to avoid blocking
- * for too long on ECC (and, hence, X.509 or SSL/TLS) operations.
- *
- * Uncomment this macro to enable restartable ECC computations.
- *
- * \note This option only works with the default software implementation of
- * elliptic curve functionality. It is incompatible with
- * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT
- * and MBEDTLS_ECDH_LEGACY_CONTEXT.
- */
-//#define MBEDTLS_ECP_RESTARTABLE
-
-/**
- * \def MBEDTLS_ECDH_LEGACY_CONTEXT
- *
- * Use a backward compatible ECDH context.
- *
- * Mbed TLS supports two formats for ECDH contexts (#mbedtls_ecdh_context
- * defined in `ecdh.h`). For most applications, the choice of format makes
- * no difference, since all library functions can work with either format,
- * except that the new format is incompatible with MBEDTLS_ECP_RESTARTABLE.
-
- * The new format used when this option is disabled is smaller
- * (56 bytes on a 32-bit platform). In future versions of the library, it
- * will support alternative implementations of ECDH operations.
- * The new format is incompatible with applications that access
- * context fields directly and with restartable ECP operations.
- *
- * Define this macro if you enable MBEDTLS_ECP_RESTARTABLE or if you
- * want to access ECDH context fields directly. Otherwise you should
- * comment out this macro definition.
- *
- * This option has no effect if #MBEDTLS_ECDH_C is not enabled.
- *
- * \note This configuration option is experimental. Future versions of the
- * library may modify the way the ECDH context layout is configured
- * and may modify the layout of the new context type.
- */
-#define MBEDTLS_ECDH_LEGACY_CONTEXT
-
-/**
- * \def MBEDTLS_ECDSA_DETERMINISTIC
- *
- * Enable deterministic ECDSA (RFC 6979).
- * Standard ECDSA is "fragile" in the sense that lack of entropy when signing
- * may result in a compromise of the long-term signing key. This is avoided by
- * the deterministic variant.
- *
- * Requires: MBEDTLS_HMAC_DRBG_C
- *
- * Comment this macro to disable deterministic ECDSA.
- */
-#define MBEDTLS_ECDSA_DETERMINISTIC
-
-/**
- * \def MBEDTLS_PK_PARSE_EC_EXTENDED
- *
- * Enhance support for reading EC keys using variants of SEC1 not allowed by
- * RFC 5915 and RFC 5480.
- *
- * Currently this means parsing the SpecifiedECDomain choice of EC
- * parameters (only known groups are supported, not arbitrary domains, to
- * avoid validation issues).
- *
- * Disable if you only need to support RFC 5915 + 5480 key formats.
- */
-#define MBEDTLS_PK_PARSE_EC_EXTENDED
-
-/**
- * \def MBEDTLS_ERROR_STRERROR_DUMMY
- *
- * Enable a dummy error function to make use of mbedtls_strerror() in
- * third party libraries easier when MBEDTLS_ERROR_C is disabled
- * (no effect when MBEDTLS_ERROR_C is enabled).
- *
- * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're
- * not using mbedtls_strerror() or error_strerror() in your application.
- *
- * Disable if you run into name conflicts and want to really remove the
- * mbedtls_strerror()
- */
-#define MBEDTLS_ERROR_STRERROR_DUMMY
-
-/**
- * \def MBEDTLS_GENPRIME
- *
- * Enable the prime-number generation code.
- *
- * Requires: MBEDTLS_BIGNUM_C
- */
-#define MBEDTLS_GENPRIME
-
-/**
- * \def MBEDTLS_FS_IO
- *
- * Enable functions that use the filesystem.
- */
-//#define MBEDTLS_FS_IO
-
-/**
- * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
- *
- * Do not add default entropy sources. These are the platform specific,
- * mbedtls_timing_hardclock and HAVEGE based poll functions.
- *
- * This is useful to have more control over the added entropy sources in an
- * application.
- *
- * Uncomment this macro to prevent loading of default entropy functions.
- */
-//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
-
-/**
- * \def MBEDTLS_NO_PLATFORM_ENTROPY
- *
- * Do not use built-in platform entropy functions.
- * This is useful if your platform does not support
- * standards like the /dev/urandom or Windows CryptoAPI.
- *
- * Uncomment this macro to disable the built-in platform entropy functions.
- */
-#define MBEDTLS_NO_PLATFORM_ENTROPY
-
-/**
- * \def MBEDTLS_ENTROPY_FORCE_SHA256
- *
- * Force the entropy accumulator to use a SHA-256 accumulator instead of the
- * default SHA-512 based one (if both are available).
- *
- * Requires: MBEDTLS_SHA256_C
- *
- * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
- * if you have performance concerns.
- *
- * This option is only useful if both MBEDTLS_SHA256_C and
- * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
- */
-//#define MBEDTLS_ENTROPY_FORCE_SHA256
-
-/**
- * \def MBEDTLS_ENTROPY_NV_SEED
- *
- * Enable the non-volatile (NV) seed file-based entropy source.
- * (Also enables the NV seed read/write functions in the platform layer)
- *
- * This is crucial (if not required) on systems that do not have a
- * cryptographic entropy source (in hardware or kernel) available.
- *
- * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C
- *
- * \note The read/write functions that are used by the entropy source are
- * determined in the platform layer, and can be modified at runtime and/or
- * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used.
- *
- * \note If you use the default implementation functions that read a seedfile
- * with regular fopen(), please make sure you make a seedfile with the
- * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at
- * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from
- * and written to or you will get an entropy source error! The default
- * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE
- * bytes from the file.
- *
- * \note The entropy collector will write to the seed file before entropy is
- * given to an external source, to update it.
- */
-//#define MBEDTLS_ENTROPY_NV_SEED
-
-/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
- *
- * Enable key identifiers that encode a key owner identifier.
- *
- * This is only meaningful when building the library as part of a
- * multi-client service. When you activate this option, you must provide an
- * implementation of the type mbedtls_key_owner_id_t and a translation from
- * mbedtls_svc_key_id_t to file name in all the storage backends that you
- * you wish to support.
- *
- * Note that this option is meant for internal use only and may be removed
- * without notice.
- */
-//#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
-
-/**
- * \def MBEDTLS_MEMORY_DEBUG
- *
- * Enable debugging of buffer allocator memory issues. Automatically prints
- * (to stderr) all (fatal) messages on memory allocation issues. Enables
- * function for 'debug output' of allocated memory.
- *
- * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
- *
- * Uncomment this macro to let the buffer allocator print out error messages.
- */
-//#define MBEDTLS_MEMORY_DEBUG
-
-/**
- * \def MBEDTLS_MEMORY_BACKTRACE
- *
- * Include backtrace information with each allocated block.
- *
- * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
- * GLIBC-compatible backtrace() an backtrace_symbols() support
- *
- * Uncomment this macro to include backtrace information
- */
-//#define MBEDTLS_MEMORY_BACKTRACE
-
-/**
- * \def MBEDTLS_PK_RSA_ALT_SUPPORT
- *
- * Support external private RSA keys (eg from a HSM) in the PK layer.
- *
- * Comment this macro to disable support for external private RSA keys.
- */
-#define MBEDTLS_PK_RSA_ALT_SUPPORT
-
-/**
- * \def MBEDTLS_PKCS1_V15
- *
- * Enable support for PKCS#1 v1.5 encoding.
- *
- * Requires: MBEDTLS_RSA_C
- *
- * This enables support for PKCS#1 v1.5 operations.
- */
-#define MBEDTLS_PKCS1_V15
-
-/**
- * \def MBEDTLS_PKCS1_V21
- *
- * Enable support for PKCS#1 v2.1 encoding.
- *
- * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C
- *
- * This enables support for RSAES-OAEP and RSASSA-PSS operations.
- */
-#define MBEDTLS_PKCS1_V21
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_SPM
- *
- * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure
- * Partition Manager) integration which separates the code into two parts: a
- * NSPE (Non-Secure Process Environment) and an SPE (Secure Process
- * Environment).
- *
- * Module: library/psa_crypto.c
- * Requires: MBEDTLS_PSA_CRYPTO_C
- *
- */
-#define MBEDTLS_PSA_CRYPTO_SPM
-
-/**
- * \def MBEDTLS_PSA_INJECT_ENTROPY
- *
- * Enable support for entropy injection at first boot. This feature is
- * required on systems that do not have a built-in entropy source (TRNG).
- * This feature is currently not supported on systems that have a built-in
- * entropy source.
- *
- * Requires: MBEDTLS_PSA_CRYPTO_STORAGE_C, MBEDTLS_ENTROPY_NV_SEED
- *
- */
-//#define MBEDTLS_PSA_INJECT_ENTROPY
-
-/**
- * \def MBEDTLS_RSA_NO_CRT
- *
- * Do not use the Chinese Remainder Theorem
- * for the RSA private operation.
- *
- * Uncomment this macro to disable the use of CRT in RSA.
- *
- */
-//#define MBEDTLS_RSA_NO_CRT
-
-/**
- * \def MBEDTLS_SELF_TEST
- *
- * Enable the checkup functions (*_self_test).
- */
-//#define MBEDTLS_SELF_TEST
-
-/**
- * \def MBEDTLS_SHA256_SMALLER
- *
- * Enable an implementation of SHA-256 that has lower ROM footprint but also
- * lower performance.
- *
- * The default implementation is meant to be a reasonnable compromise between
- * performance and size. This version optimizes more aggressively for size at
- * the expense of performance. Eg on Cortex-M4 it reduces the size of
- * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
- * 30%.
- *
- * Uncomment to enable the smaller implementation of SHA256.
- */
-//#define MBEDTLS_SHA256_SMALLER
-
-/**
- * \def MBEDTLS_THREADING_ALT
- *
- * Provide your own alternate threading implementation.
- *
- * Requires: MBEDTLS_THREADING_C
- *
- * Uncomment this to allow your own alternate threading implementation.
- */
-//#define MBEDTLS_THREADING_ALT
-
-/**
- * \def MBEDTLS_THREADING_PTHREAD
- *
- * Enable the pthread wrapper layer for the threading layer.
- *
- * Requires: MBEDTLS_THREADING_C
- *
- * Uncomment this to enable pthread mutexes.
- */
-//#define MBEDTLS_THREADING_PTHREAD
-
-/**
- * \def MBEDTLS_USE_PSA_CRYPTO
- *
- * Make the X.509 and TLS library use PSA for cryptographic operations, see
- * #MBEDTLS_PSA_CRYPTO_C.
- *
- * Note: this option is still in progress, the full X.509 and TLS modules are
- * not covered yet, but parts that are not ported to PSA yet will still work
- * as usual, so enabling this option should not break backwards compatibility.
- *
- * \warning Support for PSA is still an experimental feature.
- * Any public API that depends on this option may change
- * at any time until this warning is removed.
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C.
- */
-//#define MBEDTLS_USE_PSA_CRYPTO
-
-/**
- * \def MBEDTLS_VERSION_FEATURES
- *
- * Allow run-time checking of compile-time enabled features. Thus allowing users
- * to check at run-time if the library is for instance compiled with threading
- * support via mbedtls_version_check_feature().
- *
- * Requires: MBEDTLS_VERSION_C
- *
- * Comment this to disable run-time checking and save ROM space
- */
-//#define MBEDTLS_VERSION_FEATURES
-
-/* \} name SECTION: mbed TLS feature support */
-
-/**
- * \name SECTION: mbed TLS modules
- *
- * This section enables or disables entire modules in mbed TLS
- * \{
- */
-
-/**
- * \def MBEDTLS_AESNI_C
- *
- * Enable AES-NI support on x86-64.
- *
- * Module: library/aesni.c
- * Caller: library/aes.c
- *
- * Requires: MBEDTLS_HAVE_ASM
- *
- * This modules adds support for the AES-NI instructions on x86-64
- */
-//#define MBEDTLS_AESNI_C
-
-/**
- * \def MBEDTLS_AES_C
- *
- * Enable the AES block cipher.
- *
- * Module: library/aes.c
- * Caller: library/cipher.c
- * library/pem.c
- * library/ctr_drbg.c
- *
- * This module is required to support the TLS ciphersuites that use the AES
- * cipher.
- *
- * PEM_PARSE uses AES for decrypting encrypted keys.
- */
-#define MBEDTLS_AES_C
-
-/**
- * \def MBEDTLS_ARC4_C
- *
- * Enable the ARCFOUR stream cipher.
- *
- * Module: library/arc4.c
- * Caller: library/cipher.c
- *
- * This module is required to support the TLS ciphersuites that use the ARC4
- * cipher.
- *
- * \warning ARC4 is considered a weak cipher and its use constitutes a
- * security risk. If possible, we recommend avoidng dependencies on
- * it, and considering stronger ciphers instead.
- *
- */
-//#define MBEDTLS_ARC4_C
-
-/**
- * \def MBEDTLS_ASN1_PARSE_C
- *
- * Enable the generic ASN1 parser.
- *
- * Module: library/asn1.c
- * Caller: library/dhm.c
- * library/pkcs12.c
- * library/pkcs5.c
- * library/pkparse.c
- */
-#define MBEDTLS_ASN1_PARSE_C
-
-/**
- * \def MBEDTLS_ASN1_WRITE_C
- *
- * Enable the generic ASN1 writer.
- *
- * Module: library/asn1write.c
- * Caller: library/ecdsa.c
- * library/pkwrite.c
- */
-#define MBEDTLS_ASN1_WRITE_C
-
-/**
- * \def MBEDTLS_BASE64_C
- *
- * Enable the Base64 module.
- *
- * Module: library/base64.c
- * Caller: library/pem.c
- *
- * This module is required for PEM support (required by X.509).
- */
-#define MBEDTLS_BASE64_C
-
-/**
- * \def MBEDTLS_BIGNUM_C
- *
- * Enable the multi-precision integer library.
- *
- * Module: library/bignum.c
- * Caller: library/dhm.c
- * library/ecp.c
- * library/ecdsa.c
- * library/rsa.c
- * library/rsa_internal.c
- *
- * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
- */
-#define MBEDTLS_BIGNUM_C
-
-/**
- * \def MBEDTLS_BLOWFISH_C
- *
- * Enable the Blowfish block cipher.
- *
- * Module: library/blowfish.c
- */
-//#define MBEDTLS_BLOWFISH_C
-
-/**
- * \def MBEDTLS_CAMELLIA_C
- *
- * Enable the Camellia block cipher.
- *
- * Module: library/camellia.c
- * Caller: library/cipher.c
- *
- * This module is required to support the TLS ciphersuites that use the
- * Camellia cipher.
- */
-//#define MBEDTLS_CAMELLIA_C
-
-/**
- * \def MBEDTLS_ARIA_C
- *
- * Enable the ARIA block cipher.
- *
- * Module: library/aria.c
- * Caller: library/cipher.c
- *
- * This module is required to support the TLS ciphersuites that use the
- * ARIA cipher.
- */
-//#define MBEDTLS_ARIA_C
-
-/**
- * \def MBEDTLS_CCM_C
- *
- * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
- *
- * Module: library/ccm.c
- *
- * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
- *
- * This module is required to support AES-CCM ciphersuites in TLS.
- */
-#define MBEDTLS_CCM_C
-
-/**
- * \def MBEDTLS_CHACHA20_C
- *
- * Enable the ChaCha20 stream cipher.
- *
- * Module: library/chacha20.c
- */
-//#define MBEDTLS_CHACHA20_C
-
-/**
- * \def MBEDTLS_CHACHAPOLY_C
- *
- * Enable the ChaCha20-Poly1305 AEAD algorithm.
- *
- * Module: library/chachapoly.c
- *
- * This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C
- */
-//#define MBEDTLS_CHACHAPOLY_C
-
-/**
- * \def MBEDTLS_CIPHER_C
- *
- * Enable the generic cipher layer.
- *
- * Module: library/cipher.c
- *
- * Uncomment to enable generic cipher wrappers.
- */
-#define MBEDTLS_CIPHER_C
-
-/**
- * \def MBEDTLS_CMAC_C
- *
- * Enable the CMAC (Cipher-based Message Authentication Code) mode for block
- * ciphers.
- *
- * Module: library/cmac.c
- *
- * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C
- *
- */
-#define MBEDTLS_CMAC_C
-
-/**
- * \def MBEDTLS_CTR_DRBG_C
- *
- * Enable the CTR_DRBG AES-based random generator.
- * The CTR_DRBG generator uses AES-256 by default.
- * To use AES-128 instead, enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY below.
- *
- * Module: library/ctr_drbg.c
- * Caller:
- *
- * Requires: MBEDTLS_AES_C
- *
- * This module provides the CTR_DRBG AES random number generator.
- */
-#define MBEDTLS_CTR_DRBG_C
-
-/**
- * \def MBEDTLS_DES_C
- *
- * Enable the DES block cipher.
- *
- * Module: library/des.c
- * Caller: library/pem.c
- * library/cipher.c
- *
- * This module is required to support the TLS ciphersuites that use the DES
- * cipher.
- *
- * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
- *
- * \warning DES is considered a weak cipher and its use constitutes a
- * security risk. We recommend considering stronger ciphers instead.
- */
-//#define MBEDTLS_DES_C
-
-/**
- * \def MBEDTLS_DHM_C
- *
- * Enable the Diffie-Hellman-Merkle module.
- *
- * Module: library/dhm.c
- *
- * This module is used by the following key exchanges:
- * DHE-RSA, DHE-PSK
- *
- * \warning Using DHE constitutes a security risk as it
- * is not possible to validate custom DH parameters.
- * If possible, it is recommended users should consider
- * preferring other methods of key exchange.
- * See dhm.h for more details.
- *
- */
-//#define MBEDTLS_DHM_C
-
-/**
- * \def MBEDTLS_ECDH_C
- *
- * Enable the elliptic curve Diffie-Hellman library.
- *
- * Module: library/ecdh.c
- *
- * This module is used by the following key exchanges:
- * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
- *
- * Requires: MBEDTLS_ECP_C
- */
-#define MBEDTLS_ECDH_C
-
-/**
- * \def MBEDTLS_ECDSA_C
- *
- * Enable the elliptic curve DSA library.
- *
- * Module: library/ecdsa.c
- * Caller:
- *
- * This module is used by the following key exchanges:
- * ECDHE-ECDSA
- *
- * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C
- */
-#define MBEDTLS_ECDSA_C
-
-/**
- * \def MBEDTLS_ECJPAKE_C
- *
- * Enable the elliptic curve J-PAKE library.
- *
- * \warning This is currently experimental. EC J-PAKE support is based on the
- * Thread v1.0.0 specification; incompatible changes to the specification
- * might still happen. For this reason, this is disabled by default.
- *
- * Module: library/ecjpake.c
- * Caller:
- *
- * This module is used by the following key exchanges:
- * ECJPAKE
- *
- * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
- */
-//#define MBEDTLS_ECJPAKE_C
-
-/**
- * \def MBEDTLS_ECP_C
- *
- * Enable the elliptic curve over GF(p) library.
- *
- * Module: library/ecp.c
- * Caller: library/ecdh.c
- * library/ecdsa.c
- * library/ecjpake.c
- *
- * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED
- */
-#define MBEDTLS_ECP_C
-
-/**
- * \def MBEDTLS_ENTROPY_C
- *
- * Enable the platform-specific entropy code.
- *
- * Module: library/entropy.c
- * Caller:
- *
- * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C
- *
- * This module provides a generic entropy pool
- */
-#define MBEDTLS_ENTROPY_C
-
-/**
- * \def MBEDTLS_ERROR_C
- *
- * Enable error code to error string conversion.
- *
- * Module: library/error.c
- * Caller:
- *
- * This module enables mbedtls_strerror().
- */
-#define MBEDTLS_ERROR_C
-
-/**
- * \def MBEDTLS_GCM_C
- *
- * Enable the Galois/Counter Mode (GCM).
- *
- * Module: library/gcm.c
- *
- * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or MBEDTLS_ARIA_C
- *
- * This module is required to support the TLS ciphersuites that use GCM.
- */
-#define MBEDTLS_GCM_C
-
-/**
- * \def MBEDTLS_HAVEGE_C
- *
- * Enable the HAVEGE random generator.
- *
- * Warning: the HAVEGE random generator is not suitable for virtualized
- * environments
- *
- * Warning: the HAVEGE random generator is dependent on timing and specific
- * processor traits. It is therefore not advised to use HAVEGE as
- * your applications primary random generator or primary entropy pool
- * input. As a secondary input to your entropy pool, it IS able add
- * the (limited) extra entropy it provides.
- *
- * Module: library/havege.c
- * Caller:
- *
- * Requires: MBEDTLS_TIMING_C
- *
- * Uncomment to enable the HAVEGE random generator.
- */
-//#define MBEDTLS_HAVEGE_C
-
-/**
- * \def MBEDTLS_HKDF_C
- *
- * Enable the HKDF algorithm (RFC 5869).
- *
- * Module: library/hkdf.c
- * Caller:
- *
- * Requires: MBEDTLS_MD_C
- *
- * This module adds support for the Hashed Message Authentication Code
- * (HMAC)-based key derivation function (HKDF).
- */
-#define MBEDTLS_HKDF_C
-
-/**
- * \def MBEDTLS_HMAC_DRBG_C
- *
- * Enable the HMAC_DRBG random generator.
- *
- * Module: library/hmac_drbg.c
- * Caller:
- *
- * Requires: MBEDTLS_MD_C
- *
- * Uncomment to enable the HMAC_DRBG random number geerator.
- */
-#define MBEDTLS_HMAC_DRBG_C
-
-/**
- * \def MBEDTLS_NIST_KW_C
- *
- * Enable the Key Wrapping mode for 128-bit block ciphers,
- * as defined in NIST SP 800-38F. Only KW and KWP modes
- * are supported. At the moment, only AES is approved by NIST.
- *
- * Module: library/nist_kw.c
- *
- * Requires: MBEDTLS_AES_C and MBEDTLS_CIPHER_C
- */
-//#define MBEDTLS_NIST_KW_C
-
-/**
- * \def MBEDTLS_MD_C
- *
- * Enable the generic message digest layer.
- *
- * Module: library/md.c
- * Caller:
- *
- * Uncomment to enable generic message digest wrappers.
- */
-#define MBEDTLS_MD_C
-
-/**
- * \def MBEDTLS_MD2_C
- *
- * Enable the MD2 hash algorithm.
- *
- * Module: library/md2.c
- * Caller:
- *
- * Uncomment to enable support for (rare) MD2-signed X.509 certs.
- *
- * \warning MD2 is considered a weak message digest and its use constitutes a
- * security risk. If possible, we recommend avoiding dependencies on
- * it, and considering stronger message digests instead.
- *
- */
-//#define MBEDTLS_MD2_C
-
-/**
- * \def MBEDTLS_MD4_C
- *
- * Enable the MD4 hash algorithm.
- *
- * Module: library/md4.c
- * Caller:
- *
- * Uncomment to enable support for (rare) MD4-signed X.509 certs.
- *
- * \warning MD4 is considered a weak message digest and its use constitutes a
- * security risk. If possible, we recommend avoiding dependencies on
- * it, and considering stronger message digests instead.
- *
- */
-//#define MBEDTLS_MD4_C
-
-/**
- * \def MBEDTLS_MD5_C
- *
- * Enable the MD5 hash algorithm.
- *
- * Module: library/md5.c
- * Caller: library/md.c
- * library/pem.c
- *
- * This module is required for SSL/TLS up to version 1.1, and for TLS 1.2
- * depending on the handshake parameters. Further, it is used for checking
- * MD5-signed certificates, and for PBKDF1 when decrypting PEM-encoded
- * encrypted keys.
- *
- * \warning MD5 is considered a weak message digest and its use constitutes a
- * security risk. If possible, we recommend avoiding dependencies on
- * it, and considering stronger message digests instead.
- *
- */
-//#define MBEDTLS_MD5_C
-
-/**
- * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
- *
- * Enable the buffer allocator implementation that makes use of a (stack)
- * based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
- * calls)
- *
- * Module: library/memory_buffer_alloc.c
- *
- * Requires: MBEDTLS_PLATFORM_C
- * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
- *
- * Enable this module to enable the buffer memory allocator.
- */
-#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
-
-/**
- * \def MBEDTLS_OID_C
- *
- * Enable the OID database.
- *
- * Module: library/oid.c
- * Caller: library/asn1write.c
- * library/pkcs5.c
- * library/pkparse.c
- * library/pkwrite.c
- * library/rsa.c
- *
- * This modules translates between OIDs and internal values.
- */
-#define MBEDTLS_OID_C
-
-/**
- * \def MBEDTLS_PADLOCK_C
- *
- * Enable VIA Padlock support on x86.
- *
- * Module: library/padlock.c
- * Caller: library/aes.c
- *
- * Requires: MBEDTLS_HAVE_ASM
- *
- * This modules adds support for the VIA PadLock on x86.
- */
-//#define MBEDTLS_PADLOCK_C
-
-/**
- * \def MBEDTLS_PEM_PARSE_C
- *
- * Enable PEM decoding / parsing.
- *
- * Module: library/pem.c
- * Caller: library/dhm.c
- * library/pkparse.c
- *
- * Requires: MBEDTLS_BASE64_C
- *
- * This modules adds support for decoding / parsing PEM files.
- */
-#define MBEDTLS_PEM_PARSE_C
-
-/**
- * \def MBEDTLS_PEM_WRITE_C
- *
- * Enable PEM encoding / writing.
- *
- * Module: library/pem.c
- * Caller: library/pkwrite.c
- *
- * Requires: MBEDTLS_BASE64_C
- *
- * This modules adds support for encoding / writing PEM files.
- */
-#define MBEDTLS_PEM_WRITE_C
-
-/**
- * \def MBEDTLS_PK_C
- *
- * Enable the generic public (asymetric) key layer.
- *
- * Module: library/pk.c
- *
- * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C
- *
- * Uncomment to enable generic public key wrappers.
- */
-#define MBEDTLS_PK_C
-
-/**
- * \def MBEDTLS_PK_PARSE_C
- *
- * Enable the generic public (asymetric) key parser.
- *
- * Module: library/pkparse.c
- *
- * Requires: MBEDTLS_PK_C
- *
- * Uncomment to enable generic public key parse functions.
- */
-#define MBEDTLS_PK_PARSE_C
-
-/**
- * \def MBEDTLS_PK_WRITE_C
- *
- * Enable the generic public (asymetric) key writer.
- *
- * Module: library/pkwrite.c
- *
- * Requires: MBEDTLS_PK_C
- *
- * Uncomment to enable generic public key write functions.
- */
-#define MBEDTLS_PK_WRITE_C
-
-/**
- * \def MBEDTLS_PKCS5_C
- *
- * Enable PKCS#5 functions.
- *
- * Module: library/pkcs5.c
- *
- * Requires: MBEDTLS_MD_C
- *
- * This module adds support for the PKCS#5 functions.
- */
-#define MBEDTLS_PKCS5_C
-
-/**
- * \def MBEDTLS_PKCS12_C
- *
- * Enable PKCS#12 PBE functions.
- * Adds algorithms for parsing PKCS#8 encrypted private keys
- *
- * Module: library/pkcs12.c
- * Caller: library/pkparse.c
- *
- * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C
- * Can use: MBEDTLS_ARC4_C
- *
- * This module enables PKCS#12 functions.
- */
-#define MBEDTLS_PKCS12_C
-
-/**
- * \def MBEDTLS_PLATFORM_C
- *
- * Enable the platform abstraction layer that allows you to re-assign
- * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit().
- *
- * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT
- * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
- * above to be specified at runtime or compile time respectively.
- *
- * \note This abstraction layer must be enabled on Windows (including MSYS2)
- * as other module rely on it for a fixed snprintf implementation.
- *
- * Module: library/platform.c
- * Caller: Most other .c files
- *
- * This module enables abstraction of common (libc) functions.
- */
-#define MBEDTLS_PLATFORM_C
-
-/**
- * \def MBEDTLS_POLY1305_C
- *
- * Enable the Poly1305 MAC algorithm.
- *
- * Module: library/poly1305.c
- * Caller: library/chachapoly.c
- */
-//#define MBEDTLS_POLY1305_C
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_C
- *
- * Enable the Platform Security Architecture cryptography API.
- *
- * Module: library/psa_crypto.c
- *
- * Requires: MBEDTLS_CTR_DRBG_C, MBEDTLS_ENTROPY_C
- *
- */
-#define MBEDTLS_PSA_CRYPTO_C
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_STORAGE_C
- *
- * Enable the Platform Security Architecture persistent key storage.
- *
- * Module: library/psa_crypto_storage.c
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C,
- * either MBEDTLS_PSA_ITS_FILE_C or a native implementation of
- * the PSA ITS interface
- */
-//#define MBEDTLS_PSA_CRYPTO_STORAGE_C
-
-/**
- * \def MBEDTLS_PSA_ITS_FILE_C
- *
- * Enable the emulation of the Platform Security Architecture
- * Internal Trusted Storage (PSA ITS) over files.
- *
- * Module: library/psa_its_file.c
- *
- * Requires: MBEDTLS_FS_IO
- */
-//#define MBEDTLS_PSA_ITS_FILE_C
-
-/**
- * \def MBEDTLS_RIPEMD160_C
- *
- * Enable the RIPEMD-160 hash algorithm.
- *
- * Module: library/ripemd160.c
- * Caller: library/md.c
- *
- */
-//#define MBEDTLS_RIPEMD160_C
-
-/**
- * \def MBEDTLS_RSA_C
- *
- * Enable the RSA public-key cryptosystem.
- *
- * Module: library/rsa.c
- * library/rsa_internal.c
- *
- * This module is used by the following key exchanges:
- * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
- *
- * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C
- */
-#define MBEDTLS_RSA_C
-
-/**
- * \def MBEDTLS_SHA1_C
- *
- * Enable the SHA1 cryptographic hash algorithm.
- *
- * Module: library/sha1.c
- * Caller: library/md.c
- *
- * This module is required for SSL/TLS up to version 1.1, for TLS 1.2
- * depending on the handshake parameters, and for SHA1-signed certificates.
- *
- * \warning SHA-1 is considered a weak message digest and its use constitutes
- * a security risk. If possible, we recommend avoiding dependencies
- * on it, and considering stronger message digests instead.
- *
- */
-//#define MBEDTLS_SHA1_C
-
-/**
- * \def MBEDTLS_SHA256_C
- *
- * Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
- *
- * Module: library/sha256.c
- * Caller: library/entropy.c
- * library/md.c
- *
- * This module adds support for SHA-224 and SHA-256.
- * This module is required for the SSL/TLS 1.2 PRF function.
- */
-#define MBEDTLS_SHA256_C
-
-/**
- * \def MBEDTLS_SHA512_C
- *
- * Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
- *
- * Module: library/sha512.c
- * Caller: library/entropy.c
- * library/md.c
- *
- * This module adds support for SHA-384 and SHA-512.
- */
-#define MBEDTLS_SHA512_C
-
-/**
- * \def MBEDTLS_THREADING_C
- *
- * Enable the threading abstraction layer.
- * By default mbed TLS assumes it is used in a non-threaded environment or that
- * contexts are not shared between threads. If you do intend to use contexts
- * between threads, you will need to enable this layer to prevent race
- * conditions. See also our Knowledge Base article about threading:
- * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading
- *
- * Module: library/threading.c
- *
- * This allows different threading implementations (self-implemented or
- * provided).
- *
- * You will have to enable either MBEDTLS_THREADING_ALT or
- * MBEDTLS_THREADING_PTHREAD.
- *
- * Enable this layer to allow use of mutexes within mbed TLS
- */
-//#define MBEDTLS_THREADING_C
-
-/**
- * \def MBEDTLS_TIMING_C
- *
- * Enable the semi-portable timing interface.
- *
- * \note The provided implementation only works on POSIX/Unix (including Linux,
- * BSD and OS X) and Windows. On other platforms, you can either disable that
- * module and provide your own implementations of the callbacks needed by Mbed
- * TLS's \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and
- * provide your own implementation of the whole module by setting
- * \c MBEDTLS_TIMING_ALT in the current file.
- *
- * \note See also our Knowledge Base article about porting to a new
- * environment:
- * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
- *
- * Module: library/timing.c
- * Caller: library/havege.c
- *
- * This module is used by the HAVEGE random number generator.
- */
-//#define MBEDTLS_TIMING_C
-
-/**
- * \def MBEDTLS_VERSION_C
- *
- * Enable run-time version information.
- *
- * Module: library/version.c
- *
- * This module provides run-time version information.
- */
-//#define MBEDTLS_VERSION_C
-
-/**
- * \def MBEDTLS_XTEA_C
- *
- * Enable the XTEA block cipher.
- *
- * Module: library/xtea.c
- * Caller:
- */
-//#define MBEDTLS_XTEA_C
-
-/* \} name SECTION: mbed TLS modules */
-
-/**
- * \name SECTION: Module configuration options
- *
- * This section allows for the setting of module specific sizes and
- * configuration options. The default values are already present in the
- * relevant header files and should suffice for the regular use cases.
- *
- * Our advice is to enable options and change their values here
- * only if you have a good reason and know the consequences.
- *
- * Please check the respective header file for documentation on these
- * parameters (to prevent duplicate documentation).
- * \{
- */
-
-/* MPI / BIGNUM options */
-//#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */
-//#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */
-
-/* CTR_DRBG options */
-//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
-//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
-//#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
-//#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
-//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
-//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY /**< Use 128-bit key for CTR_DRBG - may reduce security (see ctr_drbg.h) */
-
-/* HMAC_DRBG options */
-//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
-//#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
-//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
-//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
-
-/* ECP options */
-//#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */
-//#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */
-//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */
-
-/* Entropy options */
-//#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
-//#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
-//#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */
-
-/* Memory buffer allocator options */
-//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */
-
-/* Platform options */
-//#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
-//#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
-//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */
-/* Note: your snprintf must correctly zero-terminate the buffer! */
-//#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */
-
-/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
-/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
-//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
-//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
-//#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */
-/* Note: your snprintf must correctly zero-terminate the buffer! */
-//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO vsnprintf /**< Default vsnprintf macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
-//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
-
-/**
- * Uncomment the macro to let mbed TLS use your alternate implementation of
- * mbedtls_platform_zeroize(). This replaces the default implementation in
- * platform_util.c.
- *
- * mbedtls_platform_zeroize() is a widely used function across the library to
- * zero a block of memory. The implementation is expected to be secure in the
- * sense that it has been written to prevent the compiler from removing calls
- * to mbedtls_platform_zeroize() as part of redundant code elimination
- * optimizations. However, it is difficult to guarantee that calls to
- * mbedtls_platform_zeroize() will not be optimized by the compiler as older
- * versions of the C language standards do not provide a secure implementation
- * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to
- * configure their own implementation of mbedtls_platform_zeroize(), for
- * example by using directives specific to their compiler, features from newer
- * C standards (e.g using memset_s() in C11) or calling a secure memset() from
- * their system (e.g explicit_bzero() in BSD).
- */
-//#define MBEDTLS_PLATFORM_ZEROIZE_ALT
-
-/**
- * Uncomment the macro to let Mbed TLS use your alternate implementation of
- * mbedtls_platform_gmtime_r(). This replaces the default implementation in
- * platform_util.c.
- *
- * gmtime() is not a thread-safe function as defined in the C standard. The
- * library will try to use safer implementations of this function, such as
- * gmtime_r() when available. However, if Mbed TLS cannot identify the target
- * system, the implementation of mbedtls_platform_gmtime_r() will default to
- * using the standard gmtime(). In this case, calls from the library to
- * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex
- * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the
- * library are also guarded with this mutex to avoid race conditions. However,
- * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will
- * unconditionally use the implementation for mbedtls_platform_gmtime_r()
- * supplied at compile time.
- */
-//#define MBEDTLS_PLATFORM_GMTIME_R_ALT
-
-/* \} name SECTION: Customisation configuration options */
-
-/* Target and application specific configurations
- *
- * Allow user to override any previous default.
- *
- */
-#if defined(MBEDTLS_USER_CONFIG_FILE)
-#include MBEDTLS_USER_CONFIG_FILE
-#endif
-
-/* NXP MCUx SDK added */
-#include "mbedcrypto_mcux_hw_config.h"
-
-#include "mbedtls/check_config.h"
-
-#endif /* LPCXPRESSO55S69_MBEDCRYPTO_CONFIG_H */
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/partition/flash_layout.h b/platform/ext/target/nxp/lpcxpresso55s69/partition/flash_layout.h
index 55701f5..d2f0944 100755
--- a/platform/ext/target/nxp/lpcxpresso55s69/partition/flash_layout.h
+++ b/platform/ext/target/nxp/lpcxpresso55s69/partition/flash_layout.h
@@ -62,16 +62,20 @@
/* Size of a Secure and of a Non-secure image */
#ifdef BL2
-#define FLASH_S_PARTITION_SIZE (0x28000) /* S partition: 160 KB */
-#define FLASH_NS_PARTITION_SIZE (0x18000) /* NS partition: 96 KB */
-#else
+
+#define FLASH_S_PARTITION_SIZE (0x28000) /* S partition: 160 KB */
+#define FLASH_NS_PARTITION_SIZE (0x18000) /* NS partition: 96 KB */
+#define FLASH_MAX_PARTITION_SIZE ((FLASH_S_PARTITION_SIZE > \
+ FLASH_NS_PARTITION_SIZE) ? \
+ FLASH_S_PARTITION_SIZE : \
+ FLASH_NS_PARTITION_SIZE)
+
+#else /* NO BL2 */
+
#define FLASH_S_PARTITION_SIZE (0x50000) /* S partition: 320 kB*/
-#define FLASH_NS_PARTITION_SIZE (0x40000) /* NS partition: 256 KB*/
+#define FLASH_NS_PARTITION_SIZE (0x40000) /* NS partition: 256 kB*/
+
#endif /* BL2 */
-#define FLASH_MAX_PARTITION_SIZE ((FLASH_S_PARTITION_SIZE > \
- FLASH_NS_PARTITION_SIZE) ? \
- FLASH_S_PARTITION_SIZE : \
- FLASH_NS_PARTITION_SIZE)
/* Sector size of the embedded flash hardware (erase/program) */
#define FLASH_AREA_IMAGE_SECTOR_SIZE (512) /* 512 B. Flash memory program/erase operations have a page granularity. */
@@ -149,12 +153,20 @@
#else /* NO BL2 */
-/* Secure + Non-secure image slot */
+
+#ifdef SB_FILE /* Use signed Secure Binary (SB) image */
+#define FLASH_SB_TAIL 0x1000 /* 4 KB */
+#else
+#define FLASH_SB_TAIL 0x0 /* 0 KB */
+#endif
+
+/* Secure + Non-secure image primary slot */
#define FLASH_AREA_0_ID (1)
#define FLASH_AREA_0_OFFSET (0x0)
#define FLASH_AREA_0_SIZE (FLASH_S_PARTITION_SIZE + \
- FLASH_NS_PARTITION_SIZE)
-
+ FLASH_NS_PARTITION_SIZE + \
+ FLASH_SB_TAIL)
+
/* Not used*/
#define FLASH_AREA_SCRATCH_ID (FLASH_AREA_0_ID + 1)
#define FLASH_AREA_SCRATCH_OFFSET (FLASH_AREA_0_OFFSET + FLASH_AREA_0_SIZE)
@@ -257,4 +269,4 @@
#define TOTAL_ROM_SIZE FLASH_TOTAL_SIZE
#define TOTAL_RAM_SIZE (0x00044000) /* RAM 0-4. 272 KB RAM for data (without SRAM X for code)*/
-#endif /* __FLASH_LAYOUT_H__ */
+#endif /* __FLASH_LAYOUT_H__ */
\ No newline at end of file
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/bl2/app.h b/platform/ext/target/nxp/lpcxpresso55s69/project_template/bl2/app.h
similarity index 100%
rename from platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/bl2/app.h
rename to platform/ext/target/nxp/lpcxpresso55s69/project_template/bl2/app.h
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/bl2/board.c b/platform/ext/target/nxp/lpcxpresso55s69/project_template/bl2/board.c
similarity index 100%
rename from platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/bl2/board.c
rename to platform/ext/target/nxp/lpcxpresso55s69/project_template/bl2/board.c
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/bl2/board.h b/platform/ext/target/nxp/lpcxpresso55s69/project_template/bl2/board.h
similarity index 79%
rename from platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/bl2/board.h
rename to platform/ext/target/nxp/lpcxpresso55s69/project_template/bl2/board.h
index 4cf61b3..71ee2ca 100644
--- a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/bl2/board.h
+++ b/platform/ext/target/nxp/lpcxpresso55s69/project_template/bl2/board.h
@@ -22,28 +22,28 @@
/*! @brief The UART to use for debug messages. */
/* TODO: rename UART to USART */
-#define BOARD_DEBUG_UART_TYPE kSerialPort_Uart
-#define BOARD_DEBUG_UART_BASEADDR (uint32_t) USART0
-#define BOARD_DEBUG_UART_INSTANCE 0U
-#define BOARD_DEBUG_UART_CLK_FREQ 12000000U
+#define BOARD_DEBUG_UART_TYPE kSerialPort_Uart
+#define BOARD_DEBUG_UART_BASEADDR (uint32_t) USART0
+#define BOARD_DEBUG_UART_INSTANCE 0U
+#define BOARD_DEBUG_UART_CLK_FREQ 12000000U
#define BOARD_DEBUG_UART_CLK_ATTACH kFRO12M_to_FLEXCOMM0
-#define BOARD_DEBUG_UART_RST kFC0_RST_SHIFT_RSTn
-#define BOARD_DEBUG_UART_CLKSRC kCLOCK_Flexcomm0
-#define BOARD_UART_IRQ_HANDLER FLEXCOMM0_IRQHandler
-#define BOARD_UART_IRQ FLEXCOMM0_IRQn
+#define BOARD_DEBUG_UART_RST kFC0_RST_SHIFT_RSTn
+#define BOARD_DEBUG_UART_CLKSRC kCLOCK_Flexcomm0
+#define BOARD_UART_IRQ_HANDLER FLEXCOMM0_IRQHandler
+#define BOARD_UART_IRQ FLEXCOMM0_IRQn
-#define BOARD_ACCEL_I2C_BASEADDR I2C4
+#define BOARD_ACCEL_I2C_BASEADDR I2C4
#define BOARD_ACCEL_I2C_CLOCK_FREQ 12000000
-#define BOARD_DEBUG_UART_TYPE_CORE1 kSerialPort_Uart
-#define BOARD_DEBUG_UART_BASEADDR_CORE1 (uint32_t) USART1
-#define BOARD_DEBUG_UART_INSTANCE_CORE1 1U
-#define BOARD_DEBUG_UART_CLK_FREQ_CORE1 12000000U
+#define BOARD_DEBUG_UART_TYPE_CORE1 kSerialPort_Uart
+#define BOARD_DEBUG_UART_BASEADDR_CORE1 (uint32_t) USART1
+#define BOARD_DEBUG_UART_INSTANCE_CORE1 1U
+#define BOARD_DEBUG_UART_CLK_FREQ_CORE1 12000000U
#define BOARD_DEBUG_UART_CLK_ATTACH_CORE1 kFRO12M_to_FLEXCOMM1
-#define BOARD_DEBUG_UART_RST_CORE1 kFC1_RST_SHIFT_RSTn
-#define BOARD_DEBUG_UART_CLKSRC_CORE1 kCLOCK_Flexcomm1
-#define BOARD_UART_IRQ_HANDLER_CORE1 FLEXCOMM1_IRQHandler
-#define BOARD_UART_IRQ_CORE1 FLEXCOMM1_IRQn
+#define BOARD_DEBUG_UART_RST_CORE1 kFC1_RST_SHIFT_RSTn
+#define BOARD_DEBUG_UART_CLKSRC_CORE1 kCLOCK_Flexcomm1
+#define BOARD_UART_IRQ_HANDLER_CORE1 FLEXCOMM1_IRQHandler
+#define BOARD_UART_IRQ_CORE1 FLEXCOMM1_IRQn
#ifndef BOARD_DEBUG_UART_BAUDRATE
#define BOARD_DEBUG_UART_BAUDRATE 115200U
@@ -53,9 +53,9 @@
#define BOARD_DEBUG_UART_BAUDRATE_CORE1 115200U
#endif /* BOARD_DEBUG_UART_BAUDRATE_CORE1 */
-#define BOARD_CODEC_I2C_BASEADDR I2C4
+#define BOARD_CODEC_I2C_BASEADDR I2C4
#define BOARD_CODEC_I2C_CLOCK_FREQ 12000000
-#define BOARD_CODEC_I2C_INSTANCE 4
+#define BOARD_CODEC_I2C_INSTANCE 4
#ifndef BOARD_LED_RED_GPIO
#define BOARD_LED_RED_GPIO GPIO
#endif
@@ -87,8 +87,8 @@
#ifndef BOARD_SW1_GPIO_PIN
#define BOARD_SW1_GPIO_PIN 5U
#endif
-#define BOARD_SW1_NAME "SW1"
-#define BOARD_SW1_IRQ PIN_INT0_IRQn
+#define BOARD_SW1_NAME "SW1"
+#define BOARD_SW1_IRQ PIN_INT0_IRQn
#define BOARD_SW1_IRQ_HANDLER PIN_INT0_IRQHandler
#ifndef BOARD_SW2_GPIO
@@ -98,9 +98,9 @@
#ifndef BOARD_SW2_GPIO_PIN
#define BOARD_SW2_GPIO_PIN 18U
#endif
-#define BOARD_SW2_NAME "SW2"
-#define BOARD_SW2_IRQ PIN_INT1_IRQn
-#define BOARD_SW2_IRQ_HANDLER PIN_INT1_IRQHandler
+#define BOARD_SW2_NAME "SW2"
+#define BOARD_SW2_IRQ PIN_INT1_IRQn
+#define BOARD_SW2_IRQ_HANDLER PIN_INT1_IRQHandler
#define BOARD_SW2_GPIO_PININT_INDEX 1
#ifndef BOARD_SW3_GPIO
@@ -110,13 +110,13 @@
#ifndef BOARD_SW3_GPIO_PIN
#define BOARD_SW3_GPIO_PIN 9U
#endif
-#define BOARD_SW3_NAME "SW3"
-#define BOARD_SW3_IRQ PIN_INT1_IRQn
-#define BOARD_SW3_IRQ_HANDLER PIN_INT1_IRQHandler
+#define BOARD_SW3_NAME "SW3"
+#define BOARD_SW3_IRQ PIN_INT1_IRQn
+#define BOARD_SW3_IRQ_HANDLER PIN_INT1_IRQHandler
#define BOARD_SW3_GPIO_PININT_INDEX 1
/* Board led color mapping */
-#define LOGIC_LED_ON 0U
+#define LOGIC_LED_ON 0U
#define LOGIC_LED_OFF 1U
#define LED_RED_INIT(output) \
@@ -168,34 +168,40 @@
/*! @brief The WIFI-QCA shield pin. */
#define BOARD_INITGT202SHIELD_PWRON_GPIO GPIO
#define BOARD_INITGT202SHIELD_PWRON_PORT 1U
-#define BOARD_INITGT202SHIELD_PWRON_PIN 8U
+#define BOARD_INITGT202SHIELD_PWRON_PIN 8U
#define BOARD_INITGT202SHIELD_IRQ_GPIO GPIO
#define BOARD_INITGT202SHIELD_IRQ_PORT 1U
-#define BOARD_INITGT202SHIELD_IRQ_PIN 9U
+#define BOARD_INITGT202SHIELD_IRQ_PIN 9U
/*! @brief The WIFI-QCA shield pin. */
#define BOARD_INITSILEX2401SHIELD_PWRON_GPIO GPIO
#define BOARD_INITSILEX2401SHIELD_PWRON_PORT 1U
-#define BOARD_INITSILEX2401SHIELD_PWRON_PIN 7U
+#define BOARD_INITSILEX2401SHIELD_PWRON_PIN 7U
-#define BOARD_INITSILEX2401SHIELD_IRQ_GPIO GPIO
-#define BOARD_INITSILEX2401SHIELD_IRQ_PORT 0U
+#define BOARD_INITSILEX2401SHIELD_IRQ_GPIO GPIO
+#define BOARD_INITSILEX2401SHIELD_IRQ_PORT 0U
#define BOARD_INITSILEX2401SHIELD_IRQ_GPIO_PIN 15U
/*! @brief The WIFI-QCA shield pin. */
#define BOARD_INITWIFI10CLICKSHIELD_PWRON_GPIO GPIO
#define BOARD_INITWIFI10CLICKSHIELD_PWRON_PORT 1U
-#define BOARD_INITWIFI10CLICKSHIELD_PWRON_PIN 5U
+#define BOARD_INITWIFI10CLICKSHIELD_PWRON_PIN 5U
-#define BOARD_INITWIFI10CLICKSHIELD_IRQ_GPIO GPIO
-#define BOARD_INITWIFI10CLICKSHIELD_IRQ_PORT 1U
+#define BOARD_INITWIFI10CLICKSHIELD_IRQ_GPIO GPIO
+#define BOARD_INITWIFI10CLICKSHIELD_IRQ_PORT 1U
#define BOARD_INITWIFI10CLICKSHIELD_IRQ_GPIO_PIN 18U
/* Display. */
-#define BOARD_LCD_DC_GPIO GPIO
+#define BOARD_LCD_DC_GPIO GPIO
#define BOARD_LCD_DC_GPIO_PORT 1U
-#define BOARD_LCD_DC_GPIO_PIN 5U
+#define BOARD_LCD_DC_GPIO_PIN 5U
+
+/* Serial MWM WIFI */
+#define BOARD_SERIAL_MWM_PORT_CLK_FREQ CLOCK_GetFlexCommClkFreq(2)
+#define BOARD_SERIAL_MWM_PORT USART2
+#define BOARD_SERIAL_MWM_PORT_IRQn FLEXCOMM2_IRQn
+#define BOARD_SERIAL_MWM_RST_WRITE(output)
#if defined(__cplusplus)
extern "C" {
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/bl2/clock_config.c b/platform/ext/target/nxp/lpcxpresso55s69/project_template/bl2/clock_config.c
similarity index 100%
rename from platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/bl2/clock_config.c
rename to platform/ext/target/nxp/lpcxpresso55s69/project_template/bl2/clock_config.c
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/bl2/clock_config.h b/platform/ext/target/nxp/lpcxpresso55s69/project_template/bl2/clock_config.h
similarity index 100%
rename from platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/bl2/clock_config.h
rename to platform/ext/target/nxp/lpcxpresso55s69/project_template/bl2/clock_config.h
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/bl2/hardware_init.c b/platform/ext/target/nxp/lpcxpresso55s69/project_template/bl2/hardware_init.c
similarity index 100%
rename from platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/bl2/hardware_init.c
rename to platform/ext/target/nxp/lpcxpresso55s69/project_template/bl2/hardware_init.c
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/bl2/pin_mux.c b/platform/ext/target/nxp/lpcxpresso55s69/project_template/bl2/pin_mux.c
similarity index 100%
rename from platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/bl2/pin_mux.c
rename to platform/ext/target/nxp/lpcxpresso55s69/project_template/bl2/pin_mux.c
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/bl2/pin_mux.h b/platform/ext/target/nxp/lpcxpresso55s69/project_template/bl2/pin_mux.h
similarity index 100%
rename from platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/bl2/pin_mux.h
rename to platform/ext/target/nxp/lpcxpresso55s69/project_template/bl2/pin_mux.h
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/ns/app.h b/platform/ext/target/nxp/lpcxpresso55s69/project_template/ns/app.h
old mode 100755
new mode 100644
similarity index 100%
rename from platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/ns/app.h
rename to platform/ext/target/nxp/lpcxpresso55s69/project_template/ns/app.h
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/ns/board.c b/platform/ext/target/nxp/lpcxpresso55s69/project_template/ns/board.c
old mode 100755
new mode 100644
similarity index 100%
rename from platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/ns/board.c
rename to platform/ext/target/nxp/lpcxpresso55s69/project_template/ns/board.c
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/bl2/board.h b/platform/ext/target/nxp/lpcxpresso55s69/project_template/ns/board.h
similarity index 79%
copy from platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/bl2/board.h
copy to platform/ext/target/nxp/lpcxpresso55s69/project_template/ns/board.h
index 4cf61b3..71ee2ca 100644
--- a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/bl2/board.h
+++ b/platform/ext/target/nxp/lpcxpresso55s69/project_template/ns/board.h
@@ -22,28 +22,28 @@
/*! @brief The UART to use for debug messages. */
/* TODO: rename UART to USART */
-#define BOARD_DEBUG_UART_TYPE kSerialPort_Uart
-#define BOARD_DEBUG_UART_BASEADDR (uint32_t) USART0
-#define BOARD_DEBUG_UART_INSTANCE 0U
-#define BOARD_DEBUG_UART_CLK_FREQ 12000000U
+#define BOARD_DEBUG_UART_TYPE kSerialPort_Uart
+#define BOARD_DEBUG_UART_BASEADDR (uint32_t) USART0
+#define BOARD_DEBUG_UART_INSTANCE 0U
+#define BOARD_DEBUG_UART_CLK_FREQ 12000000U
#define BOARD_DEBUG_UART_CLK_ATTACH kFRO12M_to_FLEXCOMM0
-#define BOARD_DEBUG_UART_RST kFC0_RST_SHIFT_RSTn
-#define BOARD_DEBUG_UART_CLKSRC kCLOCK_Flexcomm0
-#define BOARD_UART_IRQ_HANDLER FLEXCOMM0_IRQHandler
-#define BOARD_UART_IRQ FLEXCOMM0_IRQn
+#define BOARD_DEBUG_UART_RST kFC0_RST_SHIFT_RSTn
+#define BOARD_DEBUG_UART_CLKSRC kCLOCK_Flexcomm0
+#define BOARD_UART_IRQ_HANDLER FLEXCOMM0_IRQHandler
+#define BOARD_UART_IRQ FLEXCOMM0_IRQn
-#define BOARD_ACCEL_I2C_BASEADDR I2C4
+#define BOARD_ACCEL_I2C_BASEADDR I2C4
#define BOARD_ACCEL_I2C_CLOCK_FREQ 12000000
-#define BOARD_DEBUG_UART_TYPE_CORE1 kSerialPort_Uart
-#define BOARD_DEBUG_UART_BASEADDR_CORE1 (uint32_t) USART1
-#define BOARD_DEBUG_UART_INSTANCE_CORE1 1U
-#define BOARD_DEBUG_UART_CLK_FREQ_CORE1 12000000U
+#define BOARD_DEBUG_UART_TYPE_CORE1 kSerialPort_Uart
+#define BOARD_DEBUG_UART_BASEADDR_CORE1 (uint32_t) USART1
+#define BOARD_DEBUG_UART_INSTANCE_CORE1 1U
+#define BOARD_DEBUG_UART_CLK_FREQ_CORE1 12000000U
#define BOARD_DEBUG_UART_CLK_ATTACH_CORE1 kFRO12M_to_FLEXCOMM1
-#define BOARD_DEBUG_UART_RST_CORE1 kFC1_RST_SHIFT_RSTn
-#define BOARD_DEBUG_UART_CLKSRC_CORE1 kCLOCK_Flexcomm1
-#define BOARD_UART_IRQ_HANDLER_CORE1 FLEXCOMM1_IRQHandler
-#define BOARD_UART_IRQ_CORE1 FLEXCOMM1_IRQn
+#define BOARD_DEBUG_UART_RST_CORE1 kFC1_RST_SHIFT_RSTn
+#define BOARD_DEBUG_UART_CLKSRC_CORE1 kCLOCK_Flexcomm1
+#define BOARD_UART_IRQ_HANDLER_CORE1 FLEXCOMM1_IRQHandler
+#define BOARD_UART_IRQ_CORE1 FLEXCOMM1_IRQn
#ifndef BOARD_DEBUG_UART_BAUDRATE
#define BOARD_DEBUG_UART_BAUDRATE 115200U
@@ -53,9 +53,9 @@
#define BOARD_DEBUG_UART_BAUDRATE_CORE1 115200U
#endif /* BOARD_DEBUG_UART_BAUDRATE_CORE1 */
-#define BOARD_CODEC_I2C_BASEADDR I2C4
+#define BOARD_CODEC_I2C_BASEADDR I2C4
#define BOARD_CODEC_I2C_CLOCK_FREQ 12000000
-#define BOARD_CODEC_I2C_INSTANCE 4
+#define BOARD_CODEC_I2C_INSTANCE 4
#ifndef BOARD_LED_RED_GPIO
#define BOARD_LED_RED_GPIO GPIO
#endif
@@ -87,8 +87,8 @@
#ifndef BOARD_SW1_GPIO_PIN
#define BOARD_SW1_GPIO_PIN 5U
#endif
-#define BOARD_SW1_NAME "SW1"
-#define BOARD_SW1_IRQ PIN_INT0_IRQn
+#define BOARD_SW1_NAME "SW1"
+#define BOARD_SW1_IRQ PIN_INT0_IRQn
#define BOARD_SW1_IRQ_HANDLER PIN_INT0_IRQHandler
#ifndef BOARD_SW2_GPIO
@@ -98,9 +98,9 @@
#ifndef BOARD_SW2_GPIO_PIN
#define BOARD_SW2_GPIO_PIN 18U
#endif
-#define BOARD_SW2_NAME "SW2"
-#define BOARD_SW2_IRQ PIN_INT1_IRQn
-#define BOARD_SW2_IRQ_HANDLER PIN_INT1_IRQHandler
+#define BOARD_SW2_NAME "SW2"
+#define BOARD_SW2_IRQ PIN_INT1_IRQn
+#define BOARD_SW2_IRQ_HANDLER PIN_INT1_IRQHandler
#define BOARD_SW2_GPIO_PININT_INDEX 1
#ifndef BOARD_SW3_GPIO
@@ -110,13 +110,13 @@
#ifndef BOARD_SW3_GPIO_PIN
#define BOARD_SW3_GPIO_PIN 9U
#endif
-#define BOARD_SW3_NAME "SW3"
-#define BOARD_SW3_IRQ PIN_INT1_IRQn
-#define BOARD_SW3_IRQ_HANDLER PIN_INT1_IRQHandler
+#define BOARD_SW3_NAME "SW3"
+#define BOARD_SW3_IRQ PIN_INT1_IRQn
+#define BOARD_SW3_IRQ_HANDLER PIN_INT1_IRQHandler
#define BOARD_SW3_GPIO_PININT_INDEX 1
/* Board led color mapping */
-#define LOGIC_LED_ON 0U
+#define LOGIC_LED_ON 0U
#define LOGIC_LED_OFF 1U
#define LED_RED_INIT(output) \
@@ -168,34 +168,40 @@
/*! @brief The WIFI-QCA shield pin. */
#define BOARD_INITGT202SHIELD_PWRON_GPIO GPIO
#define BOARD_INITGT202SHIELD_PWRON_PORT 1U
-#define BOARD_INITGT202SHIELD_PWRON_PIN 8U
+#define BOARD_INITGT202SHIELD_PWRON_PIN 8U
#define BOARD_INITGT202SHIELD_IRQ_GPIO GPIO
#define BOARD_INITGT202SHIELD_IRQ_PORT 1U
-#define BOARD_INITGT202SHIELD_IRQ_PIN 9U
+#define BOARD_INITGT202SHIELD_IRQ_PIN 9U
/*! @brief The WIFI-QCA shield pin. */
#define BOARD_INITSILEX2401SHIELD_PWRON_GPIO GPIO
#define BOARD_INITSILEX2401SHIELD_PWRON_PORT 1U
-#define BOARD_INITSILEX2401SHIELD_PWRON_PIN 7U
+#define BOARD_INITSILEX2401SHIELD_PWRON_PIN 7U
-#define BOARD_INITSILEX2401SHIELD_IRQ_GPIO GPIO
-#define BOARD_INITSILEX2401SHIELD_IRQ_PORT 0U
+#define BOARD_INITSILEX2401SHIELD_IRQ_GPIO GPIO
+#define BOARD_INITSILEX2401SHIELD_IRQ_PORT 0U
#define BOARD_INITSILEX2401SHIELD_IRQ_GPIO_PIN 15U
/*! @brief The WIFI-QCA shield pin. */
#define BOARD_INITWIFI10CLICKSHIELD_PWRON_GPIO GPIO
#define BOARD_INITWIFI10CLICKSHIELD_PWRON_PORT 1U
-#define BOARD_INITWIFI10CLICKSHIELD_PWRON_PIN 5U
+#define BOARD_INITWIFI10CLICKSHIELD_PWRON_PIN 5U
-#define BOARD_INITWIFI10CLICKSHIELD_IRQ_GPIO GPIO
-#define BOARD_INITWIFI10CLICKSHIELD_IRQ_PORT 1U
+#define BOARD_INITWIFI10CLICKSHIELD_IRQ_GPIO GPIO
+#define BOARD_INITWIFI10CLICKSHIELD_IRQ_PORT 1U
#define BOARD_INITWIFI10CLICKSHIELD_IRQ_GPIO_PIN 18U
/* Display. */
-#define BOARD_LCD_DC_GPIO GPIO
+#define BOARD_LCD_DC_GPIO GPIO
#define BOARD_LCD_DC_GPIO_PORT 1U
-#define BOARD_LCD_DC_GPIO_PIN 5U
+#define BOARD_LCD_DC_GPIO_PIN 5U
+
+/* Serial MWM WIFI */
+#define BOARD_SERIAL_MWM_PORT_CLK_FREQ CLOCK_GetFlexCommClkFreq(2)
+#define BOARD_SERIAL_MWM_PORT USART2
+#define BOARD_SERIAL_MWM_PORT_IRQn FLEXCOMM2_IRQn
+#define BOARD_SERIAL_MWM_RST_WRITE(output)
#if defined(__cplusplus)
extern "C" {
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/ns/clock_config.c b/platform/ext/target/nxp/lpcxpresso55s69/project_template/ns/clock_config.c
old mode 100755
new mode 100644
similarity index 100%
rename from platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/ns/clock_config.c
rename to platform/ext/target/nxp/lpcxpresso55s69/project_template/ns/clock_config.c
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/ns/clock_config.h b/platform/ext/target/nxp/lpcxpresso55s69/project_template/ns/clock_config.h
old mode 100755
new mode 100644
similarity index 100%
rename from platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/ns/clock_config.h
rename to platform/ext/target/nxp/lpcxpresso55s69/project_template/ns/clock_config.h
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/ns/hardware_init.c b/platform/ext/target/nxp/lpcxpresso55s69/project_template/ns/hardware_init.c
old mode 100755
new mode 100644
similarity index 100%
rename from platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/ns/hardware_init.c
rename to platform/ext/target/nxp/lpcxpresso55s69/project_template/ns/hardware_init.c
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/ns/peripherals.c b/platform/ext/target/nxp/lpcxpresso55s69/project_template/ns/peripherals.c
old mode 100755
new mode 100644
similarity index 99%
rename from platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/ns/peripherals.c
rename to platform/ext/target/nxp/lpcxpresso55s69/project_template/ns/peripherals.c
index e0c5222..69af4a7
--- a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/ns/peripherals.c
+++ b/platform/ext/target/nxp/lpcxpresso55s69/project_template/ns/peripherals.c
@@ -1,7 +1,7 @@
/*
* Copyright 2017-2018 NXP
* All rights reserved.
- *
+ *
* SPDX-License-Identifier: BSD-3-Clause
*/
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/ns/peripherals.h b/platform/ext/target/nxp/lpcxpresso55s69/project_template/ns/peripherals.h
old mode 100755
new mode 100644
similarity index 98%
rename from platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/ns/peripherals.h
rename to platform/ext/target/nxp/lpcxpresso55s69/project_template/ns/peripherals.h
index 3df053a..36b2e05
--- a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/ns/peripherals.h
+++ b/platform/ext/target/nxp/lpcxpresso55s69/project_template/ns/peripherals.h
@@ -1,7 +1,7 @@
/*
* Copyright 2017-2018 NXP
* All rights reserved.
- *
+ *
* SPDX-License-Identifier: BSD-3-Clause
*/
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/ns/pin_mux.c b/platform/ext/target/nxp/lpcxpresso55s69/project_template/ns/pin_mux.c
old mode 100755
new mode 100644
similarity index 100%
rename from platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/ns/pin_mux.c
rename to platform/ext/target/nxp/lpcxpresso55s69/project_template/ns/pin_mux.c
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/ns/pin_mux.h b/platform/ext/target/nxp/lpcxpresso55s69/project_template/ns/pin_mux.h
old mode 100755
new mode 100644
similarity index 100%
rename from platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/ns/pin_mux.h
rename to platform/ext/target/nxp/lpcxpresso55s69/project_template/ns/pin_mux.h
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/s/app.h b/platform/ext/target/nxp/lpcxpresso55s69/project_template/s/app.h
old mode 100755
new mode 100644
similarity index 100%
rename from platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/s/app.h
rename to platform/ext/target/nxp/lpcxpresso55s69/project_template/s/app.h
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/s/board.c b/platform/ext/target/nxp/lpcxpresso55s69/project_template/s/board.c
old mode 100755
new mode 100644
similarity index 100%
rename from platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/s/board.c
rename to platform/ext/target/nxp/lpcxpresso55s69/project_template/s/board.c
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/bl2/board.h b/platform/ext/target/nxp/lpcxpresso55s69/project_template/s/board.h
similarity index 79%
copy from platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/bl2/board.h
copy to platform/ext/target/nxp/lpcxpresso55s69/project_template/s/board.h
index 4cf61b3..71ee2ca 100644
--- a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/bl2/board.h
+++ b/platform/ext/target/nxp/lpcxpresso55s69/project_template/s/board.h
@@ -22,28 +22,28 @@
/*! @brief The UART to use for debug messages. */
/* TODO: rename UART to USART */
-#define BOARD_DEBUG_UART_TYPE kSerialPort_Uart
-#define BOARD_DEBUG_UART_BASEADDR (uint32_t) USART0
-#define BOARD_DEBUG_UART_INSTANCE 0U
-#define BOARD_DEBUG_UART_CLK_FREQ 12000000U
+#define BOARD_DEBUG_UART_TYPE kSerialPort_Uart
+#define BOARD_DEBUG_UART_BASEADDR (uint32_t) USART0
+#define BOARD_DEBUG_UART_INSTANCE 0U
+#define BOARD_DEBUG_UART_CLK_FREQ 12000000U
#define BOARD_DEBUG_UART_CLK_ATTACH kFRO12M_to_FLEXCOMM0
-#define BOARD_DEBUG_UART_RST kFC0_RST_SHIFT_RSTn
-#define BOARD_DEBUG_UART_CLKSRC kCLOCK_Flexcomm0
-#define BOARD_UART_IRQ_HANDLER FLEXCOMM0_IRQHandler
-#define BOARD_UART_IRQ FLEXCOMM0_IRQn
+#define BOARD_DEBUG_UART_RST kFC0_RST_SHIFT_RSTn
+#define BOARD_DEBUG_UART_CLKSRC kCLOCK_Flexcomm0
+#define BOARD_UART_IRQ_HANDLER FLEXCOMM0_IRQHandler
+#define BOARD_UART_IRQ FLEXCOMM0_IRQn
-#define BOARD_ACCEL_I2C_BASEADDR I2C4
+#define BOARD_ACCEL_I2C_BASEADDR I2C4
#define BOARD_ACCEL_I2C_CLOCK_FREQ 12000000
-#define BOARD_DEBUG_UART_TYPE_CORE1 kSerialPort_Uart
-#define BOARD_DEBUG_UART_BASEADDR_CORE1 (uint32_t) USART1
-#define BOARD_DEBUG_UART_INSTANCE_CORE1 1U
-#define BOARD_DEBUG_UART_CLK_FREQ_CORE1 12000000U
+#define BOARD_DEBUG_UART_TYPE_CORE1 kSerialPort_Uart
+#define BOARD_DEBUG_UART_BASEADDR_CORE1 (uint32_t) USART1
+#define BOARD_DEBUG_UART_INSTANCE_CORE1 1U
+#define BOARD_DEBUG_UART_CLK_FREQ_CORE1 12000000U
#define BOARD_DEBUG_UART_CLK_ATTACH_CORE1 kFRO12M_to_FLEXCOMM1
-#define BOARD_DEBUG_UART_RST_CORE1 kFC1_RST_SHIFT_RSTn
-#define BOARD_DEBUG_UART_CLKSRC_CORE1 kCLOCK_Flexcomm1
-#define BOARD_UART_IRQ_HANDLER_CORE1 FLEXCOMM1_IRQHandler
-#define BOARD_UART_IRQ_CORE1 FLEXCOMM1_IRQn
+#define BOARD_DEBUG_UART_RST_CORE1 kFC1_RST_SHIFT_RSTn
+#define BOARD_DEBUG_UART_CLKSRC_CORE1 kCLOCK_Flexcomm1
+#define BOARD_UART_IRQ_HANDLER_CORE1 FLEXCOMM1_IRQHandler
+#define BOARD_UART_IRQ_CORE1 FLEXCOMM1_IRQn
#ifndef BOARD_DEBUG_UART_BAUDRATE
#define BOARD_DEBUG_UART_BAUDRATE 115200U
@@ -53,9 +53,9 @@
#define BOARD_DEBUG_UART_BAUDRATE_CORE1 115200U
#endif /* BOARD_DEBUG_UART_BAUDRATE_CORE1 */
-#define BOARD_CODEC_I2C_BASEADDR I2C4
+#define BOARD_CODEC_I2C_BASEADDR I2C4
#define BOARD_CODEC_I2C_CLOCK_FREQ 12000000
-#define BOARD_CODEC_I2C_INSTANCE 4
+#define BOARD_CODEC_I2C_INSTANCE 4
#ifndef BOARD_LED_RED_GPIO
#define BOARD_LED_RED_GPIO GPIO
#endif
@@ -87,8 +87,8 @@
#ifndef BOARD_SW1_GPIO_PIN
#define BOARD_SW1_GPIO_PIN 5U
#endif
-#define BOARD_SW1_NAME "SW1"
-#define BOARD_SW1_IRQ PIN_INT0_IRQn
+#define BOARD_SW1_NAME "SW1"
+#define BOARD_SW1_IRQ PIN_INT0_IRQn
#define BOARD_SW1_IRQ_HANDLER PIN_INT0_IRQHandler
#ifndef BOARD_SW2_GPIO
@@ -98,9 +98,9 @@
#ifndef BOARD_SW2_GPIO_PIN
#define BOARD_SW2_GPIO_PIN 18U
#endif
-#define BOARD_SW2_NAME "SW2"
-#define BOARD_SW2_IRQ PIN_INT1_IRQn
-#define BOARD_SW2_IRQ_HANDLER PIN_INT1_IRQHandler
+#define BOARD_SW2_NAME "SW2"
+#define BOARD_SW2_IRQ PIN_INT1_IRQn
+#define BOARD_SW2_IRQ_HANDLER PIN_INT1_IRQHandler
#define BOARD_SW2_GPIO_PININT_INDEX 1
#ifndef BOARD_SW3_GPIO
@@ -110,13 +110,13 @@
#ifndef BOARD_SW3_GPIO_PIN
#define BOARD_SW3_GPIO_PIN 9U
#endif
-#define BOARD_SW3_NAME "SW3"
-#define BOARD_SW3_IRQ PIN_INT1_IRQn
-#define BOARD_SW3_IRQ_HANDLER PIN_INT1_IRQHandler
+#define BOARD_SW3_NAME "SW3"
+#define BOARD_SW3_IRQ PIN_INT1_IRQn
+#define BOARD_SW3_IRQ_HANDLER PIN_INT1_IRQHandler
#define BOARD_SW3_GPIO_PININT_INDEX 1
/* Board led color mapping */
-#define LOGIC_LED_ON 0U
+#define LOGIC_LED_ON 0U
#define LOGIC_LED_OFF 1U
#define LED_RED_INIT(output) \
@@ -168,34 +168,40 @@
/*! @brief The WIFI-QCA shield pin. */
#define BOARD_INITGT202SHIELD_PWRON_GPIO GPIO
#define BOARD_INITGT202SHIELD_PWRON_PORT 1U
-#define BOARD_INITGT202SHIELD_PWRON_PIN 8U
+#define BOARD_INITGT202SHIELD_PWRON_PIN 8U
#define BOARD_INITGT202SHIELD_IRQ_GPIO GPIO
#define BOARD_INITGT202SHIELD_IRQ_PORT 1U
-#define BOARD_INITGT202SHIELD_IRQ_PIN 9U
+#define BOARD_INITGT202SHIELD_IRQ_PIN 9U
/*! @brief The WIFI-QCA shield pin. */
#define BOARD_INITSILEX2401SHIELD_PWRON_GPIO GPIO
#define BOARD_INITSILEX2401SHIELD_PWRON_PORT 1U
-#define BOARD_INITSILEX2401SHIELD_PWRON_PIN 7U
+#define BOARD_INITSILEX2401SHIELD_PWRON_PIN 7U
-#define BOARD_INITSILEX2401SHIELD_IRQ_GPIO GPIO
-#define BOARD_INITSILEX2401SHIELD_IRQ_PORT 0U
+#define BOARD_INITSILEX2401SHIELD_IRQ_GPIO GPIO
+#define BOARD_INITSILEX2401SHIELD_IRQ_PORT 0U
#define BOARD_INITSILEX2401SHIELD_IRQ_GPIO_PIN 15U
/*! @brief The WIFI-QCA shield pin. */
#define BOARD_INITWIFI10CLICKSHIELD_PWRON_GPIO GPIO
#define BOARD_INITWIFI10CLICKSHIELD_PWRON_PORT 1U
-#define BOARD_INITWIFI10CLICKSHIELD_PWRON_PIN 5U
+#define BOARD_INITWIFI10CLICKSHIELD_PWRON_PIN 5U
-#define BOARD_INITWIFI10CLICKSHIELD_IRQ_GPIO GPIO
-#define BOARD_INITWIFI10CLICKSHIELD_IRQ_PORT 1U
+#define BOARD_INITWIFI10CLICKSHIELD_IRQ_GPIO GPIO
+#define BOARD_INITWIFI10CLICKSHIELD_IRQ_PORT 1U
#define BOARD_INITWIFI10CLICKSHIELD_IRQ_GPIO_PIN 18U
/* Display. */
-#define BOARD_LCD_DC_GPIO GPIO
+#define BOARD_LCD_DC_GPIO GPIO
#define BOARD_LCD_DC_GPIO_PORT 1U
-#define BOARD_LCD_DC_GPIO_PIN 5U
+#define BOARD_LCD_DC_GPIO_PIN 5U
+
+/* Serial MWM WIFI */
+#define BOARD_SERIAL_MWM_PORT_CLK_FREQ CLOCK_GetFlexCommClkFreq(2)
+#define BOARD_SERIAL_MWM_PORT USART2
+#define BOARD_SERIAL_MWM_PORT_IRQn FLEXCOMM2_IRQn
+#define BOARD_SERIAL_MWM_RST_WRITE(output)
#if defined(__cplusplus)
extern "C" {
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/s/clock_config.c b/platform/ext/target/nxp/lpcxpresso55s69/project_template/s/clock_config.c
old mode 100755
new mode 100644
similarity index 100%
rename from platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/s/clock_config.c
rename to platform/ext/target/nxp/lpcxpresso55s69/project_template/s/clock_config.c
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/s/clock_config.h b/platform/ext/target/nxp/lpcxpresso55s69/project_template/s/clock_config.h
old mode 100755
new mode 100644
similarity index 100%
rename from platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/s/clock_config.h
rename to platform/ext/target/nxp/lpcxpresso55s69/project_template/s/clock_config.h
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/s/hardware_init.c b/platform/ext/target/nxp/lpcxpresso55s69/project_template/s/hardware_init.c
old mode 100755
new mode 100644
similarity index 100%
rename from platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/s/hardware_init.c
rename to platform/ext/target/nxp/lpcxpresso55s69/project_template/s/hardware_init.c
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/ns/peripherals.c b/platform/ext/target/nxp/lpcxpresso55s69/project_template/s/peripherals.c
old mode 100755
new mode 100644
similarity index 99%
copy from platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/ns/peripherals.c
copy to platform/ext/target/nxp/lpcxpresso55s69/project_template/s/peripherals.c
index e0c5222..69af4a7
--- a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/ns/peripherals.c
+++ b/platform/ext/target/nxp/lpcxpresso55s69/project_template/s/peripherals.c
@@ -1,7 +1,7 @@
/*
* Copyright 2017-2018 NXP
* All rights reserved.
- *
+ *
* SPDX-License-Identifier: BSD-3-Clause
*/
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/ns/peripherals.h b/platform/ext/target/nxp/lpcxpresso55s69/project_template/s/peripherals.h
old mode 100755
new mode 100644
similarity index 98%
copy from platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/ns/peripherals.h
copy to platform/ext/target/nxp/lpcxpresso55s69/project_template/s/peripherals.h
index 3df053a..36b2e05
--- a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/ns/peripherals.h
+++ b/platform/ext/target/nxp/lpcxpresso55s69/project_template/s/peripherals.h
@@ -1,7 +1,7 @@
/*
* Copyright 2017-2018 NXP
* All rights reserved.
- *
+ *
* SPDX-License-Identifier: BSD-3-Clause
*/
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/s/pin_mux.c b/platform/ext/target/nxp/lpcxpresso55s69/project_template/s/pin_mux.c
old mode 100755
new mode 100644
similarity index 100%
rename from platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/s/pin_mux.c
rename to platform/ext/target/nxp/lpcxpresso55s69/project_template/s/pin_mux.c
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/s/pin_mux.h b/platform/ext/target/nxp/lpcxpresso55s69/project_template/s/pin_mux.h
old mode 100755
new mode 100644
similarity index 100%
rename from platform/ext/target/nxp/lpcxpresso55s69/Native_Driver/project_template/s/pin_mux.h
rename to platform/ext/target/nxp/lpcxpresso55s69/project_template/s/pin_mux.h
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/pull_drivers.cmake b/platform/ext/target/nxp/lpcxpresso55s69/pull_drivers.cmake
index 084badf..fbb84a6 100644
--- a/platform/ext/target/nxp/lpcxpresso55s69/pull_drivers.cmake
+++ b/platform/ext/target/nxp/lpcxpresso55s69/pull_drivers.cmake
@@ -13,6 +13,9 @@
file(DOWNLOAD https://raw.githubusercontent.com/NXPmicro/mcux-sdk/${NXP_SDK_GIT_TAG}/drivers/common/fsl_common.c ${NXP_HAL_FILE_PATH}/common/Native_Driver/drivers/fsl_common.c)
file(DOWNLOAD https://raw.githubusercontent.com/NXPmicro/mcux-sdk/${NXP_SDK_GIT_TAG}/drivers/common/fsl_common.h ${NXP_HAL_FILE_PATH}/common/Native_Driver/drivers/fsl_common.h)
+file(DOWNLOAD https://raw.githubusercontent.com/NXPmicro/mcux-sdk/${NXP_SDK_GIT_TAG}/drivers/common/fsl_common_arm.c ${NXP_HAL_FILE_PATH}/common/Native_Driver/drivers/fsl_common_arm.c)
+file(DOWNLOAD https://raw.githubusercontent.com/NXPmicro/mcux-sdk/${NXP_SDK_GIT_TAG}/drivers/common/fsl_common_arm.h ${NXP_HAL_FILE_PATH}/common/Native_Driver/drivers/fsl_common_arm.h)
+
file(DOWNLOAD https://raw.githubusercontent.com/NXPmicro/mcux-sdk/${NXP_SDK_GIT_TAG}/drivers/ctimer/fsl_ctimer.c ${NXP_HAL_FILE_PATH}/common/Native_Driver/drivers/fsl_ctimer.c)
file(DOWNLOAD https://raw.githubusercontent.com/NXPmicro/mcux-sdk/${NXP_SDK_GIT_TAG}/drivers/ctimer/fsl_ctimer.h ${NXP_HAL_FILE_PATH}/common/Native_Driver/drivers/fsl_ctimer.h)
@@ -66,7 +69,6 @@
file(DOWNLOAD https://raw.githubusercontent.com/NXPmicro/mcux-sdk/${NXP_SDK_GIT_TAG}/utilities/assert/fsl_assert.c ${NXP_HAL_FILE_PATH}/common/Native_Driver/utilities/fsl_assert.c)
-
#========================= Pull MCUxpresso NXP SDK devices from https://github.com/NXPmicro/mcux-sdk =========================#
file(DOWNLOAD https://raw.githubusercontent.com/NXPmicro/mcux-sdk/${NXP_SDK_GIT_TAG}/devices/LPC55S69/fsl_device_registers.h ${NXP_HAL_FILE_PATH}/lpcxpresso55s69/Native_Driver/fsl_device_registers.h)
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_demo.py b/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_demo.py
index 7c0980d..ef29f7b 100644
--- a/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_demo.py
+++ b/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_demo.py
@@ -17,7 +17,7 @@
os.system('rm -rf build')
# Generate the S and NS makefiles
-os.system('cmake -S . -B build -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DCMAKE_BUILD_TYPE=Relwithdebinfo -DBL2=OFF -DTFM_PSA_API=ON -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles"')
+os.system('cmake -S . -B build -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DTFM_PROFILE=profile_medium -DCMAKE_BUILD_TYPE=Relwithdebinfo -DBL2=OFF -DTFM_PSA_API=ON -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles"')
# Build the binaries
os.chdir('build')
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_demo_bl2.py b/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_demo_bl2.py
index 733892b..51b5bc5 100644
--- a/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_demo_bl2.py
+++ b/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_demo_bl2.py
@@ -46,7 +46,7 @@
os.system('rm -rf build')
# Generate the S and NS makefiles
-os.system('cmake -S . -B build -DBL2_S_IMAGE_START=' + BL2_S_IMAGE_START + ' -DBL2_NS_IMAGE_START=' + BL2_NS_IMAGE_START + ' -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DCMAKE_BUILD_TYPE=Relwithdebinfo -DTFM_PSA_API=ON -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles"')
+os.system('cmake -S . -B build -DBL2_S_IMAGE_START=' + BL2_S_IMAGE_START + ' -DBL2_NS_IMAGE_START=' + BL2_NS_IMAGE_START + ' -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DTFM_PROFILE=profile_medium -DCMAKE_BUILD_TYPE=Relwithdebinfo -DTFM_PSA_API=ON -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles"')
# Build the binaries
os.chdir('build')
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_regression.py b/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_regression.py
index 82a083b..fc59f86 100644
--- a/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_regression.py
+++ b/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_regression.py
@@ -17,7 +17,7 @@
os.system('rm -rf build')
# Generate the S and NS makefiles
-os.system('cmake -S . -B build -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DCMAKE_BUILD_TYPE=Relwithdebinfo -DBL2=OFF -DTEST_S=ON -DTEST_NS=ON -DTFM_PSA_API=ON -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles"')
+os.system('cmake -S . -B build -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DTFM_PROFILE=profile_medium -DCMAKE_BUILD_TYPE=Relwithdebinfo -DBL2=OFF -DTEST_S=ON -DTEST_NS=ON -DTFM_PSA_API=ON -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles"')
# Build the binaries
os.chdir('build')
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/scripts/flash_JLink.py b/platform/ext/target/nxp/lpcxpresso55s69/scripts/flash_JLink.py
index 0aeb477..4b39b17 100644
--- a/platform/ext/target/nxp/lpcxpresso55s69/scripts/flash_JLink.py
+++ b/platform/ext/target/nxp/lpcxpresso55s69/scripts/flash_JLink.py
@@ -15,18 +15,18 @@
# Remove previous flash.jlink script file
if os.path.isfile(FILE):
if platform.system() == 'Windows':
- os.system('del /f /q FILE')
+ os.system('del /f /q ' + FILE)
else:
- os.system('rm -rf FILE')
-
-# Write the JLink configuration into flash.jlink script
+ os.system('rm -rf ' + FILE)
+
+# Write the JLink configuration into flash.jlink script
os.system('echo r >> ' + FILE) # reset the target
os.system('echo erase >> ' + FILE) # erase the flash memory
os.system('echo loadfile tfm_s.hex >> ' + FILE) # flash the secure image into target
os.system('echo loadfile tfm_ns.hex >> ' + FILE) # flash the non-secure image into target
os.system('echo r >> ' + FILE) # reset the target
os.system('echo go >> ' + FILE) # run the program
-os.system('echo exit >> ' + FILE) # exit the JLinkCommander
+os.system('echo exit >> ' + FILE) # exit the JLinkCommander
# Upload the configuration from flash.jlink script into the target device
if platform.system() == 'Windows':
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/scripts/flash_bl2_JLink.py b/platform/ext/target/nxp/lpcxpresso55s69/scripts/flash_bl2_JLink.py
index b2a8c87..d087ebd 100644
--- a/platform/ext/target/nxp/lpcxpresso55s69/scripts/flash_bl2_JLink.py
+++ b/platform/ext/target/nxp/lpcxpresso55s69/scripts/flash_bl2_JLink.py
@@ -24,9 +24,9 @@
# Remove previous flash.jlink script file
if os.path.isfile(FILE):
if platform.system() == 'Windows':
- os.system('del /f /q FILE')
+ os.system('del /f /q ' + FILE)
else:
- os.system('rm -rf FILE')
+ os.system('rm -rf ' + FILE)
# Write the JLink configuration into flash.jlink script
os.system('echo r >> ' + FILE) # reset the target
diff --git a/platform/ext/target/stm/common/stm32l5xx/CMakeLists.txt b/platform/ext/target/stm/common/stm32l5xx/CMakeLists.txt
index 03aa9ba..bbbdc53 100644
--- a/platform/ext/target/stm/common/stm32l5xx/CMakeLists.txt
+++ b/platform/ext/target/stm/common/stm32l5xx/CMakeLists.txt
@@ -19,7 +19,7 @@
target_compile_definitions(platform_region_defs
INTERFACE
- $<$<OR:$<BOOL:${TEST_NS}>,$<BOOL:${TEST_S}>>:FLASH_LAYOUT_FOR_TEST>
+ $<$<BOOL:${TFM_TEST}>:FLASH_LAYOUT_FOR_TEST>
)
#========================= Platform common defs ===============================#
@@ -60,6 +60,7 @@
${CMAKE_CURRENT_SOURCE_DIR}/CMSIS_Driver
${CMAKE_CURRENT_SOURCE_DIR}/Device/Include
${CMAKE_CURRENT_SOURCE_DIR}/stm32l5xx_hal/Inc
+ ${MBEDCRYPTO_PATH}/library
)
target_sources(platform_s
@@ -218,7 +219,7 @@
PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ
DESTINATION ${CMAKE_BINARY_DIR} )
-if (${TEST_S} OR ${TEST_NS})
+if (${TFM_TEST})
#the define FLASH_LAYOUT_FOR_TEST
#increase SECURE and NON SECURE IMAGE and modify the content of low_level_device.c from BL2 (low_level_flash.c)
set(FLAGS_FOR_BL2_PREPROCESSING
diff --git a/platform/ext/target/stm/common/stm32l5xx/Device/Source/startup_stm32l5xx_s.c b/platform/ext/target/stm/common/stm32l5xx/Device/Source/startup_stm32l5xx_s.c
index 8c78695..9bdea56 100644
--- a/platform/ext/target/stm/common/stm32l5xx/Device/Source/startup_stm32l5xx_s.c
+++ b/platform/ext/target/stm/common/stm32l5xx/Device/Source/startup_stm32l5xx_s.c
@@ -348,6 +348,9 @@
{
__disable_irq();
__set_MSPLIM((uint32_t)(&__MSP_STACK_LIMIT));
+#if defined ( __GNUC__ )
+ __set_MSP((uint32_t)(&__MSP_INITIAL_SP));
+#endif
SystemInit(); /* CMSIS System Initialization */
__set_PSP((uint32_t)(&__INITIAL_SP));
__set_PSPLIM((uint32_t)(&__STACK_LIMIT));
diff --git a/platform/ext/target/stm/common/stm32l5xx/Native_Driver/low_level_rng.c b/platform/ext/target/stm/common/stm32l5xx/Native_Driver/low_level_rng.c
index 7c1c4b2..1799d02 100644
--- a/platform/ext/target/stm/common/stm32l5xx/Native_Driver/low_level_rng.c
+++ b/platform/ext/target/stm/common/stm32l5xx/Native_Driver/low_level_rng.c
@@ -20,7 +20,6 @@
*/
#include "low_level_rng.h"
#include "stm32l5xx_hal.h"
-extern void Error_Handler(void);
static RNG_HandleTypeDef handle;
static uint8_t users = 0;
@@ -39,13 +38,13 @@
return newValue;
}
-static void RNG_Init(void)
+static int RNG_Init(void)
{
uint32_t dummy;
/* We're only supporting a single user of RNG */
if (atomic_incr_u8(&users, 1) > 1)
{
- Error_Handler();
+ return -1;
}
RCC_PeriphCLKInitTypeDef PeriphClkInitStruct;
@@ -55,7 +54,8 @@
PeriphClkInitStruct.RngClockSelection = RCC_RNGCLKSOURCE_MSI;
if (HAL_RCCEx_PeriphCLKConfig(&PeriphClkInitStruct) != HAL_OK)
{
- Error_Handler();
+ users=0;
+ return -1;
}
/* RNG Peripheral clock enable */
@@ -70,6 +70,7 @@
/* first random number generated after setting the RNGEN bit should not be used */
HAL_RNG_GenerateRandomNumber(&handle, &dummy);
+ return 0;
}
static void RNG_GetBytes(uint8_t *output, size_t length, size_t *output_length)
@@ -116,7 +117,8 @@
/* interface for mbed-crypto */
int mbedtls_hardware_poll(void *data, unsigned char *output, size_t len, size_t *olen)
{
- RNG_Init();
+ if (RNG_Init())
+ return -1;
RNG_GetBytes(output, len, olen);
RNG_DeInit();
if (*olen != len)
diff --git a/platform/ext/target/stm/common/stm32l5xx/accelerator/ecdsa_alt.c b/platform/ext/target/stm/common/stm32l5xx/accelerator/ecdsa_alt.c
index f1afb68..65af729 100644
--- a/platform/ext/target/stm/common/stm32l5xx/accelerator/ecdsa_alt.c
+++ b/platform/ext/target/stm/common/stm32l5xx/accelerator/ecdsa_alt.c
@@ -1,7 +1,7 @@
/*
* Elliptic curve DSA sign and verify functions
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright (C) 2006-2021, ARM Limited, All Rights Reserved
* Copyright (C) 2019, STMicroelectronics, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
@@ -22,6 +22,7 @@
/* Includes ------------------------------------------------------------------*/
#include "mbedtls/ecdsa.h"
+#include "mbedtls/error.h"
#if defined(MBEDTLS_ECDSA_C)
#include "mbedtls/platform.h"
@@ -73,7 +74,7 @@
ECDSA_VALIDATE_RET( buf != NULL || blen == 0 );
/* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */
- if( grp->G.Y.p == NULL )
+ if( grp->G.MBEDTLS_PRIVATE(Y).MBEDTLS_PRIVATE(p) == NULL )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
/* Make sure d is in range 1..n-1 */
@@ -211,7 +212,7 @@
ECDSA_VALIDATE_RET( buf != NULL || blen == 0 );
/* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */
- if( grp->G.Y.p == NULL )
+ if( grp->G.MBEDTLS_PRIVATE(Y).MBEDTLS_PRIVATE(p) == NULL )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
/* Make sure r and s are in range 1..n-1 */
diff --git a/platform/ext/target/stm/common/stm32l5xx/accelerator/ecp_alt.c b/platform/ext/target/stm/common/stm32l5xx/accelerator/ecp_alt.c
index 19c43c3..92e5270 100644
--- a/platform/ext/target/stm/common/stm32l5xx/accelerator/ecp_alt.c
+++ b/platform/ext/target/stm/common/stm32l5xx/accelerator/ecp_alt.c
@@ -1,7 +1,7 @@
/*
* Elliptic curves over GF(p): generic functions
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright (C) 2006-2021, ARM Limited, All Rights Reserved
* Copyright (C) 2019, STMicroelectronics, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
@@ -78,6 +78,8 @@
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
#endif
+#include "mbedtls/error.h"
+
#if defined(MBEDTLS_ECP_C)
#include "mbedtls/ecp.h"
@@ -104,7 +106,7 @@
#define mbedtls_free free
#endif
-#include "mbedtls/ecp_internal.h"
+#include "ecp_internal_alt.h"
#include "stm32l5xx_hal.h"
#define ST_ECP_TIMEOUT (5000U)
@@ -444,10 +446,10 @@
const mbedtls_ecp_curve_info *curve_info;
for( curve_info = mbedtls_ecp_curve_list();
- curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
+ curve_info->MBEDTLS_PRIVATE(grp_id) != MBEDTLS_ECP_DP_NONE;
curve_info++ )
{
- ecp_supported_grp_id[i++] = curve_info->grp_id;
+ ecp_supported_grp_id[i++] = curve_info->MBEDTLS_PRIVATE(grp_id);
}
ecp_supported_grp_id[i] = MBEDTLS_ECP_DP_NONE;
@@ -465,10 +467,10 @@
const mbedtls_ecp_curve_info *curve_info;
for( curve_info = mbedtls_ecp_curve_list();
- curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
+ curve_info->MBEDTLS_PRIVATE(grp_id) != MBEDTLS_ECP_DP_NONE;
curve_info++ )
{
- if( curve_info->grp_id == grp_id )
+ if( curve_info->MBEDTLS_PRIVATE(grp_id) == grp_id )
return( curve_info );
}
@@ -483,10 +485,10 @@
const mbedtls_ecp_curve_info *curve_info;
for( curve_info = mbedtls_ecp_curve_list();
- curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
+ curve_info->MBEDTLS_PRIVATE(grp_id) != MBEDTLS_ECP_DP_NONE;
curve_info++ )
{
- if( curve_info->tls_id == tls_id )
+ if( curve_info->MBEDTLS_PRIVATE(tls_id) == tls_id )
return( curve_info );
}
@@ -504,10 +506,10 @@
return( NULL );
for( curve_info = mbedtls_ecp_curve_list();
- curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
+ curve_info->MBEDTLS_PRIVATE(grp_id) != MBEDTLS_ECP_DP_NONE;
curve_info++ )
{
- if( strcmp( curve_info->name, name ) == 0 )
+ if( strcmp( curve_info->MBEDTLS_PRIVATE(name), name ) == 0 )
return( curve_info );
}
@@ -519,10 +521,10 @@
*/
mbedtls_ecp_curve_type mbedtls_ecp_get_type( const mbedtls_ecp_group *grp )
{
- if( grp->G.X.p == NULL )
+ if( grp->G.MBEDTLS_PRIVATE(X).MBEDTLS_PRIVATE(p) == NULL )
return( MBEDTLS_ECP_TYPE_NONE );
- if( grp->G.Y.p == NULL )
+ if( grp->G.MBEDTLS_PRIVATE(Y).MBEDTLS_PRIVATE(p) == NULL )
return( MBEDTLS_ECP_TYPE_MONTGOMERY );
else
return( MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS );
@@ -535,9 +537,9 @@
{
ECP_VALIDATE( pt != NULL );
- mbedtls_mpi_init( &pt->X );
- mbedtls_mpi_init( &pt->Y );
- mbedtls_mpi_init( &pt->Z );
+ mbedtls_mpi_init( &pt->MBEDTLS_PRIVATE(X) );
+ mbedtls_mpi_init( &pt->MBEDTLS_PRIVATE(Y) );
+ mbedtls_mpi_init( &pt->MBEDTLS_PRIVATE(Z) );
}
/*
@@ -584,9 +586,9 @@
{
ECP_VALIDATE( key != NULL );
- mbedtls_ecp_group_init( &key->grp );
- mbedtls_mpi_init( &key->d );
- mbedtls_ecp_point_init( &key->Q );
+ mbedtls_ecp_group_init( &key->MBEDTLS_PRIVATE(grp) );
+ mbedtls_mpi_init( &key->MBEDTLS_PRIVATE(d) );
+ mbedtls_ecp_point_init( &key->MBEDTLS_PRIVATE(Q) );
}
/*
@@ -597,9 +599,9 @@
if( pt == NULL )
return;
- mbedtls_mpi_free( &( pt->X ) );
- mbedtls_mpi_free( &( pt->Y ) );
- mbedtls_mpi_free( &( pt->Z ) );
+ mbedtls_mpi_free( &( pt->MBEDTLS_PRIVATE(X) ) );
+ mbedtls_mpi_free( &( pt->MBEDTLS_PRIVATE(Y) ) );
+ mbedtls_mpi_free( &( pt->MBEDTLS_PRIVATE(Z) ) );
}
/*
@@ -673,9 +675,9 @@
if( key == NULL )
return;
- mbedtls_ecp_group_free( &key->grp );
- mbedtls_mpi_free( &key->d );
- mbedtls_ecp_point_free( &key->Q );
+ mbedtls_ecp_group_free( &key->MBEDTLS_PRIVATE(grp) );
+ mbedtls_mpi_free( &key->MBEDTLS_PRIVATE(d) );
+ mbedtls_ecp_point_free( &key->MBEDTLS_PRIVATE(Q) );
}
/*
@@ -687,9 +689,12 @@
ECP_VALIDATE_RET( P != NULL );
ECP_VALIDATE_RET( Q != NULL );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->X, &Q->X ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->Y, &Q->Y ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->Z, &Q->Z ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->MBEDTLS_PRIVATE(X),
+ &Q->MBEDTLS_PRIVATE(X) ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->MBEDTLS_PRIVATE(Y),
+ &Q->MBEDTLS_PRIVATE(Y) ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->MBEDTLS_PRIVATE(Z),
+ &Q->MBEDTLS_PRIVATE(Z) ) );
cleanup:
return( ret );
@@ -714,9 +719,9 @@
int ret;
ECP_VALIDATE_RET( pt != NULL );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->X , 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Y , 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z , 0 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->MBEDTLS_PRIVATE(X) , 1 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->MBEDTLS_PRIVATE(Y) , 1 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->MBEDTLS_PRIVATE(Z) , 0 ) );
cleanup:
return( ret );
@@ -729,7 +734,7 @@
{
ECP_VALIDATE_RET( pt != NULL );
- return( mbedtls_mpi_cmp_int( &pt->Z, 0 ) == 0 );
+ return( mbedtls_mpi_cmp_int( &pt->MBEDTLS_PRIVATE(Z), 0 ) == 0 );
}
/*
@@ -741,9 +746,9 @@
ECP_VALIDATE_RET( P != NULL );
ECP_VALIDATE_RET( Q != NULL );
- if( mbedtls_mpi_cmp_mpi( &P->X, &Q->X ) == 0 &&
- mbedtls_mpi_cmp_mpi( &P->Y, &Q->Y ) == 0 &&
- mbedtls_mpi_cmp_mpi( &P->Z, &Q->Z ) == 0 )
+ if( mbedtls_mpi_cmp_mpi( &P->MBEDTLS_PRIVATE(X), &Q->MBEDTLS_PRIVATE(X) ) == 0 &&
+ mbedtls_mpi_cmp_mpi( &P->MBEDTLS_PRIVATE(Y), &Q->MBEDTLS_PRIVATE(Y) ) == 0 &&
+ mbedtls_mpi_cmp_mpi( &P->MBEDTLS_PRIVATE(Z), &Q->MBEDTLS_PRIVATE(Z) ) == 0 )
{
return( 0 );
}
@@ -762,9 +767,9 @@
ECP_VALIDATE_RET( x != NULL );
ECP_VALIDATE_RET( y != NULL );
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P->X, radix, x ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P->Y, radix, y ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &P->Z, 1 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P->MBEDTLS_PRIVATE(X), radix, x ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P->MBEDTLS_PRIVATE(Y), radix, y ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &P->MBEDTLS_PRIVATE(Z), 1 ) );
cleanup:
return( ret );
@@ -796,7 +801,8 @@
if( buflen < *olen )
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary_le( &P->X, buf, plen ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary_le( &P->MBEDTLS_PRIVATE(X),
+ buf, plen ) );
}
#endif
#if defined(ECP_SHORTWEIERSTRASS)
@@ -805,7 +811,7 @@
/*
* Common case: P == 0
*/
- if( mbedtls_mpi_cmp_int( &P->Z, 0 ) == 0 )
+ if( mbedtls_mpi_cmp_int( &P->MBEDTLS_PRIVATE(Z), 0 ) == 0 )
{
if( buflen < 1 )
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
@@ -824,8 +830,8 @@
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
buf[0] = 0x04;
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->X, buf + 1, plen ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->Y, buf + 1 + plen, plen ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->MBEDTLS_PRIVATE(X), buf + 1, plen ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->MBEDTLS_PRIVATE(Y), buf + 1 + plen, plen ) );
}
else if( format == MBEDTLS_ECP_PF_COMPRESSED )
{
@@ -834,8 +840,9 @@
if( buflen < *olen )
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
- buf[0] = 0x02 + mbedtls_mpi_get_bit( &P->Y, 0 );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->X, buf + 1, plen ) );
+ buf[0] = 0x02 + mbedtls_mpi_get_bit( &P->MBEDTLS_PRIVATE(Y), 0 );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->MBEDTLS_PRIVATE(X),
+ buf + 1, plen ) );
}
}
#endif
@@ -868,14 +875,16 @@
if( plen != ilen )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary_le( &pt->X, buf, plen ) );
- mbedtls_mpi_free( &pt->Y );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary_le( &pt->MBEDTLS_PRIVATE(X),
+ buf, plen ) );
+ mbedtls_mpi_free( &pt->MBEDTLS_PRIVATE(Y) );
if( grp->id == MBEDTLS_ECP_DP_CURVE25519 )
/* Set most significant bit to 0 as prescribed in RFC7748 §5 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &pt->X, plen * 8 - 1, 0 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &pt->MBEDTLS_PRIVATE(X),
+ plen * 8 - 1, 0 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->MBEDTLS_PRIVATE(Z), 1 ) );
}
#endif
#if defined(ECP_SHORTWEIERSTRASS)
@@ -895,10 +904,11 @@
if( ilen != 2 * plen + 1 )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &pt->X, buf + 1, plen ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &pt->Y,
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &pt->MBEDTLS_PRIVATE(X),
+ buf + 1, plen ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &pt->MBEDTLS_PRIVATE(Y),
buf + 1 + plen, plen ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->MBEDTLS_PRIVATE(Z), 1 ) );
}
#endif
@@ -1032,7 +1042,7 @@
if( ( curve_info = mbedtls_ecp_curve_info_from_tls_id( tls_id ) ) == NULL )
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
- *grp = curve_info->grp_id;
+ *grp = curve_info->MBEDTLS_PRIVATE(grp_id);
return( 0 );
}
@@ -1066,8 +1076,8 @@
/*
* Next two bytes are the namedcurve value
*/
- buf[0] = curve_info->tls_id >> 8;
- buf[1] = curve_info->tls_id & 0xFF;
+ buf[0] = curve_info->MBEDTLS_PRIVATE(tls_id) >> 8;
+ buf[1] = curve_info->MBEDTLS_PRIVATE(tls_id) & 0xFF;
return( 0 );
}
@@ -1086,7 +1096,7 @@
return( mbedtls_mpi_mod_mpi( N, N, &grp->P ) );
/* N->s < 0 is a much faster test, which fails only if N is 0 */
- if( ( N->s < 0 && mbedtls_mpi_cmp_int( N, 0 ) != 0 ) ||
+ if( ( N->MBEDTLS_PRIVATE(s) < 0 && mbedtls_mpi_cmp_int( N, 0 ) != 0 ) ||
mbedtls_mpi_bitlen( N ) > 2 * grp->pbits )
{
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
@@ -1095,7 +1105,7 @@
MBEDTLS_MPI_CHK( grp->modp( N ) );
/* N->s < 0 is a much faster test, which fails only if N is 0 */
- while( N->s < 0 && mbedtls_mpi_cmp_int( N, 0 ) != 0 )
+ while( N->MBEDTLS_PRIVATE(s) < 0 && mbedtls_mpi_cmp_int( N, 0 ) != 0 )
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &grp->P ) );
while( mbedtls_mpi_cmp_mpi( N, &grp->P ) >= 0 )
@@ -1137,7 +1147,7 @@
* N->s < 0 is a very fast test, which fails only if N is 0
*/
#define MOD_SUB( N ) \
- while( (N).s < 0 && mbedtls_mpi_cmp_int( &(N), 0 ) != 0 ) \
+ while( (N).MBEDTLS_PRIVATE(s) < 0 && mbedtls_mpi_cmp_int( &(N), 0 ) != 0 ) \
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &(N), &(N), &grp->P ) )
/*
@@ -1167,7 +1177,7 @@
int ret;
mbedtls_mpi Zi, ZZi;
- if( mbedtls_mpi_cmp_int( &pt->Z, 0 ) == 0 )
+ if( mbedtls_mpi_cmp_int( &pt->MBEDTLS_PRIVATE(Z), 0 ) == 0 )
return( 0 );
#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT)
@@ -1180,20 +1190,32 @@
/*
* X = X / Z^2 mod p
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &Zi, &pt->Z, &grp->P ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ZZi, &Zi, &Zi ) ); MOD_MUL( ZZi );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &pt->X, &pt->X, &ZZi ) ); MOD_MUL( pt->X );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &Zi,
+ &pt->MBEDTLS_PRIVATE(Z),
+ &grp->P ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ZZi,
+ &Zi,
+ &Zi ) );
+ MOD_MUL( ZZi );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &pt->MBEDTLS_PRIVATE(X),
+ &pt->MBEDTLS_PRIVATE(X),
+ &ZZi ) );
+ MOD_MUL( pt->MBEDTLS_PRIVATE(X) );
/*
* Y = Y / Z^3 mod p
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &pt->Y, &pt->Y, &ZZi ) ); MOD_MUL( pt->Y );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &pt->Y, &pt->Y, &Zi ) ); MOD_MUL( pt->Y );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &pt->MBEDTLS_PRIVATE(Y),
+ &pt->MBEDTLS_PRIVATE(Y), &ZZi ) );
+ MOD_MUL( pt->MBEDTLS_PRIVATE(Y) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &pt->MBEDTLS_PRIVATE(Y),
+ &pt->MBEDTLS_PRIVATE(Y), &Zi ) );
+ MOD_MUL( pt->MBEDTLS_PRIVATE(Y) );
/*
* Z = 1
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->MBEDTLS_PRIVATE(Z), 1 ) );
cleanup:
@@ -1234,37 +1256,41 @@
mbedtls_mpi_init( &M ); mbedtls_mpi_init( &S ); mbedtls_mpi_init( &T ); mbedtls_mpi_init( &U );
/* Special case for A = -3 */
- if( grp->A.p == NULL )
+ if( grp->A.MBEDTLS_PRIVATE(p) == NULL )
{
/* M = 3(X + Z^2)(X - Z^2) */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S, &P->Z, &P->Z ) ); MOD_MUL( S );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &T, &P->X, &S ) ); MOD_ADD( T );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U, &P->X, &S ) ); MOD_SUB( U );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S, &T, &U ) ); MOD_MUL( S );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M, &S, 3 ) ); MOD_ADD( M );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S, &P->MBEDTLS_PRIVATE(Z),
+ &P->MBEDTLS_PRIVATE(Z) ) ); MOD_MUL( S );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &T, &P->MBEDTLS_PRIVATE(X), &S ) ); MOD_ADD( T );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U, &P->MBEDTLS_PRIVATE(X), &S ) ); MOD_SUB( U );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S, &T, &U ) ); MOD_MUL( S );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M, &S, 3 ) ); MOD_ADD( M );
}
else
{
/* M = 3.X^2 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S, &P->X, &P->X ) ); MOD_MUL( S );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M, &S, 3 ) ); MOD_ADD( M );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S, &P->MBEDTLS_PRIVATE(X),
+ &P->MBEDTLS_PRIVATE(X) ) ); MOD_MUL( S );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M, &S, 3 ) ); MOD_ADD( M );
/* Optimize away for "koblitz" curves with A = 0 */
if( mbedtls_mpi_cmp_int( &grp->A, 0 ) != 0 )
{
/* M += A.Z^4 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S, &P->Z, &P->Z ) ); MOD_MUL( S );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &S, &S ) ); MOD_MUL( T );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S, &T, &grp->A ) ); MOD_MUL( S );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &M, &M, &S ) ); MOD_ADD( M );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S, &P->MBEDTLS_PRIVATE(Z),
+ &P->MBEDTLS_PRIVATE(Z) ) ); MOD_MUL( S );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &S, &S ) ); MOD_MUL( T );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S, &T, &grp->A ) ); MOD_MUL( S );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &M, &M, &S ) ); MOD_ADD( M );
}
}
/* S = 4.X.Y^2 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &P->Y, &P->Y ) ); MOD_MUL( T );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &T, 1 ) ); MOD_ADD( T );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S, &P->X, &T ) ); MOD_MUL( S );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &S, 1 ) ); MOD_ADD( S );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &P->MBEDTLS_PRIVATE(Y),
+ &P->MBEDTLS_PRIVATE(Y) ) ); MOD_MUL( T );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &T, 1 ) ); MOD_ADD( T );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S, &P->MBEDTLS_PRIVATE(X), &T ) ); MOD_MUL( S );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &S, 1 ) ); MOD_ADD( S );
/* U = 8.Y^4 */
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &U, &T, &T ) ); MOD_MUL( U );
@@ -1281,12 +1307,13 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &S, &S, &U ) ); MOD_SUB( S );
/* U = 2.Y.Z */
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &U, &P->Y, &P->Z ) ); MOD_MUL( U );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &U, 1 ) ); MOD_ADD( U );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &U, &P->MBEDTLS_PRIVATE(Y),
+ &P->MBEDTLS_PRIVATE(Z) ) ); MOD_MUL( U );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &U, 1 ) ); MOD_ADD( U );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->X, &T ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Y, &S ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Z, &U ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->MBEDTLS_PRIVATE(X), &T ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->MBEDTLS_PRIVATE(Y), &S ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->MBEDTLS_PRIVATE(Z), &U ) );
cleanup:
mbedtls_mpi_free( &M ); mbedtls_mpi_free( &S ); mbedtls_mpi_free( &T ); mbedtls_mpi_free( &U );
@@ -1330,27 +1357,30 @@
/*
* Trivial cases: P == 0 or Q == 0 (case 1)
*/
- if( mbedtls_mpi_cmp_int( &P->Z, 0 ) == 0 )
+ if( mbedtls_mpi_cmp_int( &P->MBEDTLS_PRIVATE(Z), 0 ) == 0 )
return( mbedtls_ecp_copy( R, Q ) );
- if( Q->Z.p != NULL && mbedtls_mpi_cmp_int( &Q->Z, 0 ) == 0 )
+ if( Q->MBEDTLS_PRIVATE(Z).MBEDTLS_PRIVATE(p) != NULL
+ && mbedtls_mpi_cmp_int( &Q->MBEDTLS_PRIVATE(Z), 0 ) == 0 )
return( mbedtls_ecp_copy( R, P ) );
/*
* Make sure Q coordinates are normalized
*/
- if( Q->Z.p != NULL && mbedtls_mpi_cmp_int( &Q->Z, 1 ) != 0 )
+ if( Q->MBEDTLS_PRIVATE(Z).MBEDTLS_PRIVATE(p) != NULL
+ && mbedtls_mpi_cmp_int( &Q->MBEDTLS_PRIVATE(Z), 1 ) != 0 )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 ); mbedtls_mpi_init( &T3 ); mbedtls_mpi_init( &T4 );
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T1, &P->Z, &P->Z ) ); MOD_MUL( T1 );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T2, &T1, &P->Z ) ); MOD_MUL( T2 );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T1, &T1, &Q->X ) ); MOD_MUL( T1 );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T2, &T2, &Q->Y ) ); MOD_MUL( T2 );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T1, &T1, &P->X ) ); MOD_SUB( T1 );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T2, &T2, &P->Y ) ); MOD_SUB( T2 );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T1, &P->MBEDTLS_PRIVATE(Z),
+ &P->MBEDTLS_PRIVATE(Z) ) ); MOD_MUL( T1 );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T2, &T1, &P->MBEDTLS_PRIVATE(Z) ) ); MOD_MUL( T2 );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T1, &T1, &Q->MBEDTLS_PRIVATE(X) ) ); MOD_MUL( T1 );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T2, &T2, &Q->MBEDTLS_PRIVATE(Y) ) ); MOD_MUL( T2 );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T1, &T1, &P->MBEDTLS_PRIVATE(X) ) ); MOD_SUB( T1 );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T2, &T2, &P->MBEDTLS_PRIVATE(Y) ) ); MOD_SUB( T2 );
/* Special cases (2) and (3) */
if( mbedtls_mpi_cmp_int( &T1, 0 ) == 0 )
@@ -1367,22 +1397,22 @@
}
}
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &Z, &P->Z, &T1 ) ); MOD_MUL( Z );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &Z, &P->MBEDTLS_PRIVATE(Z), &T1 ) ); MOD_MUL( Z );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T3, &T1, &T1 ) ); MOD_MUL( T3 );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T4, &T3, &T1 ) ); MOD_MUL( T4 );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T3, &T3, &P->X ) ); MOD_MUL( T3 );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T3, &T3, &P->MBEDTLS_PRIVATE(X) ) ); MOD_MUL( T3 );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T1, &T3, 2 ) ); MOD_ADD( T1 );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &X, &T2, &T2 ) ); MOD_MUL( X );
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &X, &X, &T1 ) ); MOD_SUB( X );
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &X, &X, &T4 ) ); MOD_SUB( X );
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T3, &T3, &X ) ); MOD_SUB( T3 );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T3, &T3, &T2 ) ); MOD_MUL( T3 );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T4, &T4, &P->Y ) ); MOD_MUL( T4 );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T4, &T4, &P->MBEDTLS_PRIVATE(Y) ) ); MOD_MUL( T4 );
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &Y, &T3, &T4 ) ); MOD_SUB( Y );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->X, &X ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Y, &Y ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Z, &Z ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->MBEDTLS_PRIVATE(X), &X ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->MBEDTLS_PRIVATE(Y), &Y ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->MBEDTLS_PRIVATE(Z), &Z ) );
cleanup:
@@ -1536,9 +1566,9 @@
return( mbedtls_internal_ecp_normalize_mxz( grp, P ) );
#endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */
- MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &P->Z, &P->Z, &grp->P ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &P->X, &P->X, &P->Z ) ); MOD_MUL( P->X );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &P->Z, 1 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &P->MBEDTLS_PRIVATE(Z), &P->MBEDTLS_PRIVATE(Z), &grp->P ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &P->MBEDTLS_PRIVATE(X), &P->MBEDTLS_PRIVATE(X), &P->MBEDTLS_PRIVATE(Z) ) ); MOD_MUL( P->MBEDTLS_PRIVATE(X) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &P->MBEDTLS_PRIVATE(Z), 1 ) );
cleanup:
return( ret );
@@ -1581,8 +1611,8 @@
}
while( mbedtls_mpi_cmp_int( &l, 1 ) <= 0 );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &P->X, &P->X, &l ) ); MOD_MUL( P->X );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &P->Z, &P->Z, &l ) ); MOD_MUL( P->Z );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &P->MBEDTLS_PRIVATE(X), &P->MBEDTLS_PRIVATE(X), &l ) ); MOD_MUL( P->MBEDTLS_PRIVATE(X) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &P->MBEDTLS_PRIVATE(Z), &P->MBEDTLS_PRIVATE(Z), &l ) ); MOD_MUL( P->MBEDTLS_PRIVATE(Z) );
cleanup:
mbedtls_mpi_free( &l );
@@ -1622,24 +1652,24 @@
mbedtls_mpi_init( &BB ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &C );
mbedtls_mpi_init( &D ); mbedtls_mpi_init( &DA ); mbedtls_mpi_init( &CB );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &A, &P->X, &P->Z ) ); MOD_ADD( A );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &A, &P->MBEDTLS_PRIVATE(X), &P->MBEDTLS_PRIVATE(Z) ) ); MOD_ADD( A );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &AA, &A, &A ) ); MOD_MUL( AA );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &B, &P->X, &P->Z ) ); MOD_SUB( B );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &B, &P->MBEDTLS_PRIVATE(X), &P->MBEDTLS_PRIVATE(Z) ) ); MOD_SUB( B );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &BB, &B, &B ) ); MOD_MUL( BB );
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &E, &AA, &BB ) ); MOD_SUB( E );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &C, &Q->X, &Q->Z ) ); MOD_ADD( C );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &D, &Q->X, &Q->Z ) ); MOD_SUB( D );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &C, &Q->MBEDTLS_PRIVATE(X), &Q->MBEDTLS_PRIVATE(Z) ) ); MOD_ADD( C );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &D, &Q->MBEDTLS_PRIVATE(X), &Q->MBEDTLS_PRIVATE(Z) ) ); MOD_SUB( D );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DA, &D, &A ) ); MOD_MUL( DA );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &CB, &C, &B ) ); MOD_MUL( CB );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &S->X, &DA, &CB ) ); MOD_MUL( S->X );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S->X, &S->X, &S->X ) ); MOD_MUL( S->X );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &S->Z, &DA, &CB ) ); MOD_SUB( S->Z );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S->Z, &S->Z, &S->Z ) ); MOD_MUL( S->Z );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S->Z, d, &S->Z ) ); MOD_MUL( S->Z );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &R->X, &AA, &BB ) ); MOD_MUL( R->X );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &R->Z, &grp->A, &E ) ); MOD_MUL( R->Z );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &R->Z, &BB, &R->Z ) ); MOD_ADD( R->Z );
- MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &R->Z, &E, &R->Z ) ); MOD_MUL( R->Z );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &S->MBEDTLS_PRIVATE(X), &DA, &CB ) ); MOD_MUL( S->MBEDTLS_PRIVATE(X) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S->MBEDTLS_PRIVATE(X), &S->MBEDTLS_PRIVATE(X), &S->MBEDTLS_PRIVATE(X) ) ); MOD_MUL( S->MBEDTLS_PRIVATE(X) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &S->MBEDTLS_PRIVATE(Z), &DA, &CB ) ); MOD_SUB( S->MBEDTLS_PRIVATE(Z) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S->MBEDTLS_PRIVATE(Z), &S->MBEDTLS_PRIVATE(Z), &S->MBEDTLS_PRIVATE(Z) ) ); MOD_MUL( S->MBEDTLS_PRIVATE(Z) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S->MBEDTLS_PRIVATE(Z), d, &S->MBEDTLS_PRIVATE(Z) ) ); MOD_MUL( S->MBEDTLS_PRIVATE(Z) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &R->MBEDTLS_PRIVATE(X), &AA, &BB ) ); MOD_MUL( R->MBEDTLS_PRIVATE(X) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &R->MBEDTLS_PRIVATE(Z), &grp->A, &E ) ); MOD_MUL( R->MBEDTLS_PRIVATE(Z) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &R->MBEDTLS_PRIVATE(Z), &BB, &R->MBEDTLS_PRIVATE(Z) ) ); MOD_ADD( R->MBEDTLS_PRIVATE(Z) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &R->MBEDTLS_PRIVATE(Z), &E, &R->MBEDTLS_PRIVATE(Z) ) ); MOD_MUL( R->MBEDTLS_PRIVATE(Z) );
cleanup:
mbedtls_mpi_free( &A ); mbedtls_mpi_free( &AA ); mbedtls_mpi_free( &B );
@@ -1667,16 +1697,16 @@
mbedtls_ecp_point_init( &RP ); mbedtls_mpi_init( &PX );
/* Save PX and read from P before writing to R, in case P == R */
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &PX, &P->X ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &PX, &P->MBEDTLS_PRIVATE(X) ) );
MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &RP, P ) );
/* Set R to zero in modified x/z coordinates */
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->X, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 0 ) );
- mbedtls_mpi_free( &R->Y );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->MBEDTLS_PRIVATE(X), 1 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->MBEDTLS_PRIVATE(Z), 0 ) );
+ mbedtls_mpi_free( &R->MBEDTLS_PRIVATE(Y) );
/* RP.X might be slightly larger than P, so reduce it */
- MOD_ADD( RP.X );
+ MOD_ADD( RP.MBEDTLS_PRIVATE(X) );
/* Randomize coordinates of the starting point */
if( f_rng != NULL )
@@ -1694,11 +1724,11 @@
* else double_add( R, RP, R, RP )
* but using safe conditional swaps to avoid leaks
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->X, &RP.X, b ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->Z, &RP.Z, b ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->MBEDTLS_PRIVATE(X), &RP.MBEDTLS_PRIVATE(X), b ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->MBEDTLS_PRIVATE(Z), &RP.MBEDTLS_PRIVATE(Z), b ) );
MBEDTLS_MPI_CHK( ecp_double_add_mxz( grp, R, &RP, R, &RP, &PX ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->X, &RP.X, b ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->Z, &RP.Z, b ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->MBEDTLS_PRIVATE(X), &RP.MBEDTLS_PRIVATE(X), b ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->MBEDTLS_PRIVATE(Z), &RP.MBEDTLS_PRIVATE(Z), b ) );
}
MBEDTLS_MPI_CHK( ecp_normalize_mxz( grp, R ) );
@@ -1808,10 +1838,10 @@
PKA_PointCheckInTypeDef ECC_PointCheck = {0};
/* pt coordinates must be normalized for our checks */
- if( mbedtls_mpi_cmp_int( &pt->X, 0 ) < 0 ||
- mbedtls_mpi_cmp_int( &pt->Y, 0 ) < 0 ||
- mbedtls_mpi_cmp_mpi( &pt->X, &grp->P ) >= 0 ||
- mbedtls_mpi_cmp_mpi( &pt->Y, &grp->P ) >= 0 )
+ if( mbedtls_mpi_cmp_int( &pt->MBEDTLS_PRIVATE(X), 0 ) < 0 ||
+ mbedtls_mpi_cmp_int( &pt->MBEDTLS_PRIVATE(Y), 0 ) < 0 ||
+ mbedtls_mpi_cmp_mpi( &pt->MBEDTLS_PRIVATE(X), &grp->P ) >= 0 ||
+ mbedtls_mpi_cmp_mpi( &pt->MBEDTLS_PRIVATE(Y), &grp->P ) >= 0 )
return( MBEDTLS_ERR_ECP_INVALID_KEY );
/* Set HW peripheral Input parameter: curve coefs */
@@ -1885,8 +1915,8 @@
else if( mbedtls_mpi_cmp_int( m, -1 ) == 0 )
{
MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) );
- if( mbedtls_mpi_cmp_int( &R->Y, 0 ) != 0 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &R->Y, &grp->P, &R->Y ) );
+ if( mbedtls_mpi_cmp_int( &R->MBEDTLS_PRIVATE(Y), 0 ) != 0 )
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &R->MBEDTLS_PRIVATE(Y), &grp->P, &R->MBEDTLS_PRIVATE(Y) ) );
}
else
{
@@ -2021,7 +2051,7 @@
/* [Curve25519 p. 5] Just check X is the correct number of bytes */
/* Allow any public value, if it's too big then we'll just reduce it mod p
* (RFC 7748 sec. 5 para. 3). */
- if( mbedtls_mpi_size( &pt->X ) > ( grp->nbits + 7 ) / 8 )
+ if( mbedtls_mpi_size( &pt->MBEDTLS_PRIVATE(X) ) > ( grp->nbits + 7 ) / 8 )
return( MBEDTLS_ERR_ECP_INVALID_KEY );
return( 0 );
@@ -2038,7 +2068,7 @@
ECP_VALIDATE_RET( pt != NULL );
/* Must use affine coordinates */
- if( mbedtls_mpi_cmp_int( &pt->Z, 1 ) != 0 )
+ if( mbedtls_mpi_cmp_int( &pt->MBEDTLS_PRIVATE(Z), 1 ) != 0 )
return( MBEDTLS_ERR_ECP_INVALID_KEY );
#if defined(ECP_MONTGOMERY)
@@ -2225,10 +2255,10 @@
ECP_VALIDATE_RET( key != NULL );
ECP_VALIDATE_RET( f_rng != NULL );
- if( ( ret = mbedtls_ecp_group_load( &key->grp, grp_id ) ) != 0 )
+ if( ( ret = mbedtls_ecp_group_load( &key->MBEDTLS_PRIVATE(grp), grp_id ) ) != 0 )
return( ret );
- return( mbedtls_ecp_gen_keypair( &key->grp, &key->d, &key->Q, f_rng, p_rng ) );
+ return( mbedtls_ecp_gen_keypair( &key->MBEDTLS_PRIVATE(grp), &key->MBEDTLS_PRIVATE(d), &key->MBEDTLS_PRIVATE(Q), f_rng, p_rng ) );
}
#define ECP_CURVE25519_KEY_SIZE 32
@@ -2243,13 +2273,13 @@
ECP_VALIDATE_RET( key != NULL );
ECP_VALIDATE_RET( buf != NULL );
- if( ( ret = mbedtls_ecp_group_load( &key->grp, grp_id ) ) != 0 )
+ if( ( ret = mbedtls_ecp_group_load( &key->MBEDTLS_PRIVATE(grp), grp_id ) ) != 0 )
return( ret );
ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
#if defined(ECP_MONTGOMERY)
- if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
+ if( mbedtls_ecp_get_type( &key->MBEDTLS_PRIVATE(grp) ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
{
/*
* If it is Curve25519 curve then mask the key as mandated by RFC7748
@@ -2259,22 +2289,22 @@
if( buflen != ECP_CURVE25519_KEY_SIZE )
return MBEDTLS_ERR_ECP_INVALID_KEY;
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary_le( &key->d, buf, buflen ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary_le( &key->MBEDTLS_PRIVATE(d), buf, buflen ) );
/* Set the three least significant bits to 0 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->d, 0, 0 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->d, 1, 0 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->d, 2, 0 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->MBEDTLS_PRIVATE(d), 0, 0 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->MBEDTLS_PRIVATE(d), 1, 0 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->MBEDTLS_PRIVATE(d), 2, 0 ) );
/* Set the most significant bit to 0 */
MBEDTLS_MPI_CHK(
- mbedtls_mpi_set_bit( &key->d,
+ mbedtls_mpi_set_bit( &key->MBEDTLS_PRIVATE(d),
ECP_CURVE25519_KEY_SIZE * 8 - 1, 0 )
);
/* Set the second most significant bit to 1 */
MBEDTLS_MPI_CHK(
- mbedtls_mpi_set_bit( &key->d,
+ mbedtls_mpi_set_bit( &key->MBEDTLS_PRIVATE(d),
ECP_CURVE25519_KEY_SIZE * 8 - 2, 1 )
);
}
@@ -2284,18 +2314,18 @@
#endif
#if defined(ECP_SHORTWEIERSTRASS)
- if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
+ if( mbedtls_ecp_get_type( &key->MBEDTLS_PRIVATE(grp) ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
{
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &key->d, buf, buflen ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &key->MBEDTLS_PRIVATE(d), buf, buflen ) );
- MBEDTLS_MPI_CHK( mbedtls_ecp_check_privkey( &key->grp, &key->d ) );
+ MBEDTLS_MPI_CHK( mbedtls_ecp_check_privkey( &key->MBEDTLS_PRIVATE(grp), &key->MBEDTLS_PRIVATE(d) ) );
}
#endif
cleanup:
if( ret != 0 )
- mbedtls_mpi_free( &key->d );
+ mbedtls_mpi_free( &key->MBEDTLS_PRIVATE(d) );
return( ret );
}
@@ -2303,7 +2333,9 @@
/*
* Check a public-private key pair
*/
-int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv )
+int mbedtls_ecp_check_pub_priv(
+ const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int ret;
mbedtls_ecp_point Q;
@@ -2311,11 +2343,11 @@
ECP_VALIDATE_RET( pub != NULL );
ECP_VALIDATE_RET( prv != NULL );
- if( pub->grp.id == MBEDTLS_ECP_DP_NONE ||
- pub->grp.id != prv->grp.id ||
- mbedtls_mpi_cmp_mpi( &pub->Q.X, &prv->Q.X ) ||
- mbedtls_mpi_cmp_mpi( &pub->Q.Y, &prv->Q.Y ) ||
- mbedtls_mpi_cmp_mpi( &pub->Q.Z, &prv->Q.Z ) )
+ if( pub->MBEDTLS_PRIVATE(grp).id == MBEDTLS_ECP_DP_NONE ||
+ pub->MBEDTLS_PRIVATE(grp).id != prv->MBEDTLS_PRIVATE(grp).id ||
+ mbedtls_mpi_cmp_mpi( &pub->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), &prv->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X) ) ||
+ mbedtls_mpi_cmp_mpi( &pub->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), &prv->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y) ) ||
+ mbedtls_mpi_cmp_mpi( &pub->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), &prv->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z) ) )
{
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
}
@@ -2324,14 +2356,14 @@
mbedtls_ecp_group_init( &grp );
/* mbedtls_ecp_mul() needs a non-const group... */
- mbedtls_ecp_group_copy( &grp, &prv->grp );
+ mbedtls_ecp_group_copy( &grp, &prv->MBEDTLS_PRIVATE(grp) );
/* Also checks d is valid */
- MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &Q, &prv->d, &prv->grp.G, NULL, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &Q, &prv->MBEDTLS_PRIVATE(d), &prv->MBEDTLS_PRIVATE(grp).G, NULL, NULL ) );
- if( mbedtls_mpi_cmp_mpi( &Q.X, &prv->Q.X ) ||
- mbedtls_mpi_cmp_mpi( &Q.Y, &prv->Q.Y ) ||
- mbedtls_mpi_cmp_mpi( &Q.Z, &prv->Q.Z ) )
+ if( mbedtls_mpi_cmp_mpi( &Q.MBEDTLS_PRIVATE(X), &prv->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X) ) ||
+ mbedtls_mpi_cmp_mpi( &Q.MBEDTLS_PRIVATE(Y), &prv->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y) ) ||
+ mbedtls_mpi_cmp_mpi( &Q.MBEDTLS_PRIVATE(Z), &prv->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z) ) )
{
ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
goto cleanup;
@@ -2356,14 +2388,14 @@
ECP_VALIDATE_RET( buf != NULL );
#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
- if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
+ if( mbedtls_ecp_get_type( &key->MBEDTLS_PRIVATE(grp) ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
{
- if( key->grp.id == MBEDTLS_ECP_DP_CURVE25519 )
+ if( key->MBEDTLS_PRIVATE(grp).id == MBEDTLS_ECP_DP_CURVE25519 )
{
if( buflen < ECP_CURVE25519_KEY_SIZE )
return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary_le( &key->d, buf, buflen ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary_le( &key->MBEDTLS_PRIVATE(d), buf, buflen ) );
}
else
ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
@@ -2371,9 +2403,9 @@
#endif
#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
- if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
+ if( mbedtls_ecp_get_type( &key->MBEDTLS_PRIVATE(grp) ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
{
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &key->d, buf, buflen ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &key->MBEDTLS_PRIVATE(d), buf, buflen ) );
}
#endif
diff --git a/platform/ext/target/stm/common/stm32l5xx/accelerator/ecp_curves_alt.c b/platform/ext/target/stm/common/stm32l5xx/accelerator/ecp_curves_alt.c
index b8e6b5c..ad188d4 100644
--- a/platform/ext/target/stm/common/stm32l5xx/accelerator/ecp_curves_alt.c
+++ b/platform/ext/target/stm/common/stm32l5xx/accelerator/ecp_curves_alt.c
@@ -1,7 +1,7 @@
/*
* Elliptic curves over GF(p): curve-specific data and functions
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright (C) 2006-2021, ARM Limited, All Rights Reserved
* Copyright (C) 2019, STMicroelectronics, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
@@ -568,9 +568,9 @@
*/
static inline void ecp_mpi_load( mbedtls_mpi *X, const mbedtls_mpi_uint *p, size_t len )
{
- X->s = 1;
- X->n = len / sizeof( mbedtls_mpi_uint );
- X->p = (mbedtls_mpi_uint *) p;
+ X->MBEDTLS_PRIVATE(s) = 1;
+ X->MBEDTLS_PRIVATE(n) = len / sizeof( mbedtls_mpi_uint );
+ X->MBEDTLS_PRIVATE(p) = (mbedtls_mpi_uint *) p;
}
/*
@@ -579,9 +579,9 @@
static inline void ecp_mpi_set1( mbedtls_mpi *X )
{
static mbedtls_mpi_uint one[] = { 1 };
- X->s = 1;
- X->n = 1;
- X->p = one;
+ X->MBEDTLS_PRIVATE(s) = 1;
+ X->MBEDTLS_PRIVATE(n) = 1;
+ X->MBEDTLS_PRIVATE(p) = one;
}
/*
@@ -606,9 +606,9 @@
ecp_mpi_load( &grp->B, b, blen );
ecp_mpi_load( &grp->N, n, nlen );
- ecp_mpi_load( &grp->G.X, gx, gxlen );
- ecp_mpi_load( &grp->G.Y, gy, gylen );
- ecp_mpi_set1( &grp->G.Z );
+ ecp_mpi_load( &grp->G.MBEDTLS_PRIVATE(X), gx, gxlen );
+ ecp_mpi_load( &grp->G.MBEDTLS_PRIVATE(Y), gy, gylen );
+ ecp_mpi_set1( &grp->G.MBEDTLS_PRIVATE(Z) );
grp->pbits = mbedtls_mpi_bitlen( &grp->P );
grp->nbits = mbedtls_mpi_bitlen( &grp->N );
@@ -628,7 +628,7 @@
grp->st_a_abs = mbedtls_calloc(grp->st_modulus_size, sizeof( uint8_t ));
MBEDTLS_MPI_CHK((grp->st_a_abs == NULL) ? MBEDTLS_ERR_ECP_ALLOC_FAILED : 0);
- if (grp->A.p == NULL)
+ if (grp->A.MBEDTLS_PRIVATE(p) == NULL)
{
/* NIST prime curves: A coef = -3 */
mbedtls_platform_zeroize(grp->st_a_abs, grp->st_modulus_size);
@@ -649,11 +649,11 @@
grp->st_gx = mbedtls_calloc(grp->st_modulus_size, sizeof( uint8_t ));
MBEDTLS_MPI_CHK((grp->st_gx == NULL) ? MBEDTLS_ERR_ECP_ALLOC_FAILED : 0);
- mbedtls_mpi_write_binary(&grp->G.X, grp->st_gx, grp->st_modulus_size);
+ mbedtls_mpi_write_binary(&grp->G.MBEDTLS_PRIVATE(X), grp->st_gx, grp->st_modulus_size);
grp->st_gy = mbedtls_calloc(grp->st_modulus_size, sizeof( uint8_t ));
MBEDTLS_MPI_CHK((grp->st_gy == NULL) ? MBEDTLS_ERR_ECP_ALLOC_FAILED : 0);
- mbedtls_mpi_write_binary(&grp->G.Y, grp->st_gy, grp->st_modulus_size);
+ mbedtls_mpi_write_binary(&grp->G.MBEDTLS_PRIVATE(Y), grp->st_gy, grp->st_modulus_size);
grp->st_n = mbedtls_calloc(grp->st_order_size, sizeof( uint8_t ));
MBEDTLS_MPI_CHK((grp->st_n == NULL) ? MBEDTLS_ERR_ECP_ALLOC_FAILED : 0);
@@ -746,9 +746,9 @@
/* Y intentionally not set, since we use x/z coordinates.
* This is used as a marker to identify Montgomery curves! */
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.X, 9 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.Z, 1 ) );
- mbedtls_mpi_free( &grp->G.Y );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.MBEDTLS_PRIVATE(X), 9 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.MBEDTLS_PRIVATE(Z), 1 ) );
+ mbedtls_mpi_free( &grp->G.MBEDTLS_PRIVATE(Y) );
/* Actually, the required msb for private keys */
grp->nbits = 254;
@@ -785,9 +785,9 @@
/* Y intentionally not set, since we use x/z coordinates.
* This is used as a marker to identify Montgomery curves! */
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.X, 5 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.Z, 1 ) );
- mbedtls_mpi_free( &grp->G.Y );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.MBEDTLS_PRIVATE(X), 5 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.MBEDTLS_PRIVATE(Z), 1 ) );
+ mbedtls_mpi_free( &grp->G.MBEDTLS_PRIVATE(Y) );
/* N = 2^446 - 13818066809895115352007386748515426880336692474882178609894547503885 */
MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 446, 1 ) );
@@ -949,7 +949,7 @@
}
#define WIDTH 8 / sizeof( mbedtls_mpi_uint )
-#define A( i ) N->p + (i) * WIDTH
+#define A( i ) N->MBEDTLS_PRIVATE(p) + (i) * WIDTH
#define ADD( i ) add64( p, A( i ), &c )
#define NEXT p += WIDTH; carry64( p, &c )
#define LAST p += WIDTH; *p = c; while( ++p < end ) *p = 0
@@ -966,8 +966,8 @@
/* Make sure we have enough blocks so that A(5) is legal */
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( N, 6 * WIDTH ) );
- p = N->p;
- end = p + N->n;
+ p = N->MBEDTLS_PRIVATE(p);
+ end = p + N->MBEDTLS_PRIVATE(n);
ADD( 3 ); ADD( 5 ); NEXT; // A0 += A3 + A5
ADD( 3 ); ADD( 4 ); ADD( 5 ); NEXT; // A1 += A3 + A4 + A5
@@ -1008,22 +1008,22 @@
#if defined(MBEDTLS_HAVE_INT32)
/* 32 bit */
-#define MAX32 N->n
-#define A( j ) N->p[j]
-#define STORE32 N->p[i] = cur;
+#define MAX32 N->MBEDTLS_PRIVATE(n)
+#define A( j ) N->MBEDTLS_PRIVATE(p)[j]
+#define STORE32 N->MBEDTLS_PRIVATE(p)[i] = cur;
#else /* 64-bit */
-#define MAX32 N->n * 2
-#define A( j ) (j) % 2 ? (uint32_t)( N->p[(j)/2] >> 32 ) : \
- (uint32_t)( N->p[(j)/2] )
+#define MAX32 N->MBEDTLS_PRIVATE(n) * 2
+#define A( j ) (j) % 2 ? (uint32_t)( N->MBEDTLS_PRIVATE(p)[(j)/2] >> 32 ) : \
+ (uint32_t)( N->MBEDTLS_PRIVATE(p)[(j)/2] )
#define STORE32 \
if( i % 2 ) { \
- N->p[i/2] &= 0x00000000FFFFFFFF; \
- N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \
+ N->MBEDTLS_PRIVATE(p)[i/2] &= 0x00000000FFFFFFFF; \
+ N->MBEDTLS_PRIVATE(p)[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \
} else { \
- N->p[i/2] &= 0xFFFFFFFF00000000; \
- N->p[i/2] |= (mbedtls_mpi_uint) cur; \
+ N->MBEDTLS_PRIVATE(p)[i/2] &= 0xFFFFFFFF00000000; \
+ N->MBEDTLS_PRIVATE(p)[i/2] |= (mbedtls_mpi_uint) cur; \
}
#endif /* sizeof( mbedtls_mpi_uint ) */
@@ -1058,10 +1058,10 @@
mbedtls_mpi C; \
mbedtls_mpi_uint Cp[ (b) / 8 / sizeof( mbedtls_mpi_uint) + 1 ]; \
\
- C.s = 1; \
- C.n = (b) / 8 / sizeof( mbedtls_mpi_uint) + 1; \
- C.p = Cp; \
- memset( Cp, 0, C.n * sizeof( mbedtls_mpi_uint ) ); \
+ C.MBEDTLS_PRIVATE(s) = 1; \
+ C.MBEDTLS_PRIVATE(n) = (b) / 8 / sizeof( mbedtls_mpi_uint) + 1; \
+ C.MBEDTLS_PRIVATE(p) = Cp; \
+ memset( Cp, 0, C.MBEDTLS_PRIVATE(n) * sizeof( mbedtls_mpi_uint ) ); \
\
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( N, (b) * 2 / 8 / \
sizeof( mbedtls_mpi_uint ) ) ); \
@@ -1094,14 +1094,14 @@
((void) bits);
#else
if( bits == 224 )
- C->p[ C->n - 1 ] = ((mbedtls_mpi_uint) -c) << 32;
+ C->MBEDTLS_PRIVATE(p)[ C->MBEDTLS_PRIVATE(n) - 1 ] = ((mbedtls_mpi_uint) -c) << 32;
else
#endif
- C->p[ C->n - 1 ] = (mbedtls_mpi_uint) -c;
+ C->MBEDTLS_PRIVATE(p)[ C->MBEDTLS_PRIVATE(n) - 1 ] = (mbedtls_mpi_uint) -c;
/* N = - ( C - N ) */
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( N, C, N ) );
- N->s = -1;
+ N->MBEDTLS_PRIVATE(s) = -1;
cleanup:
@@ -1253,22 +1253,22 @@
* we need to hold bits 513 to 1056, which is 34 limbs, that is
* P521_WIDTH + 1. Otherwise P521_WIDTH is enough. */
- if( N->n < P521_WIDTH )
+ if( N->MBEDTLS_PRIVATE(n) < P521_WIDTH )
return( 0 );
/* M = A1 */
- M.s = 1;
- M.n = N->n - ( P521_WIDTH - 1 );
- if( M.n > P521_WIDTH + 1 )
- M.n = P521_WIDTH + 1;
- M.p = Mp;
- memcpy( Mp, N->p + P521_WIDTH - 1, M.n * sizeof( mbedtls_mpi_uint ) );
+ M.MBEDTLS_PRIVATE(s) = 1;
+ M.MBEDTLS_PRIVATE(n) = N->MBEDTLS_PRIVATE(n) - ( P521_WIDTH - 1 );
+ if( M.MBEDTLS_PRIVATE(n) > P521_WIDTH + 1 )
+ M.MBEDTLS_PRIVATE(n) = P521_WIDTH + 1;
+ M.MBEDTLS_PRIVATE(p) = Mp;
+ memcpy( Mp, N->MBEDTLS_PRIVATE(p) + P521_WIDTH - 1, M.MBEDTLS_PRIVATE(n) * sizeof( mbedtls_mpi_uint ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, 521 % ( 8 * sizeof( mbedtls_mpi_uint ) ) ) );
/* N = A0 */
- N->p[P521_WIDTH - 1] &= P521_MASK;
- for( i = P521_WIDTH; i < N->n; i++ )
- N->p[i] = 0;
+ N->MBEDTLS_PRIVATE(p)[P521_WIDTH - 1] &= P521_MASK;
+ for( i = P521_WIDTH; i < N->MBEDTLS_PRIVATE(n); i++ )
+ N->MBEDTLS_PRIVATE(p)[i] = 0;
/* N = A0 + A1 */
MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) );
@@ -1299,24 +1299,24 @@
mbedtls_mpi M;
mbedtls_mpi_uint Mp[P255_WIDTH + 2];
- if( N->n < P255_WIDTH )
+ if( N->MBEDTLS_PRIVATE(n) < P255_WIDTH )
return( 0 );
/* M = A1 */
- M.s = 1;
- M.n = N->n - ( P255_WIDTH - 1 );
- if( M.n > P255_WIDTH + 1 )
+ M.MBEDTLS_PRIVATE(s) = 1;
+ M.MBEDTLS_PRIVATE(n) = N->MBEDTLS_PRIVATE(n) - ( P255_WIDTH - 1 );
+ if( M.MBEDTLS_PRIVATE(n) > P255_WIDTH + 1 )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
- M.p = Mp;
+ M.MBEDTLS_PRIVATE(p) = Mp;
memset( Mp, 0, sizeof Mp );
- memcpy( Mp, N->p + P255_WIDTH - 1, M.n * sizeof( mbedtls_mpi_uint ) );
+ memcpy( Mp, N->MBEDTLS_PRIVATE(p) + P255_WIDTH - 1, M.MBEDTLS_PRIVATE(n) * sizeof( mbedtls_mpi_uint ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, 255 % ( 8 * sizeof( mbedtls_mpi_uint ) ) ) );
- M.n++; /* Make room for multiplication by 19 */
+ M.MBEDTLS_PRIVATE(n)++; /* Make room for multiplication by 19 */
/* N = A0 */
MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( N, 255, 0 ) );
- for( i = P255_WIDTH; i < N->n; i++ )
- N->p[i] = 0;
+ for( i = P255_WIDTH; i < N->MBEDTLS_PRIVATE(n); i++ )
+ N->MBEDTLS_PRIVATE(p)[i] = 0;
/* N = A0 + 19 * A1 */
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M, &M, 19 ) );
@@ -1356,29 +1356,29 @@
mbedtls_mpi M, Q;
mbedtls_mpi_uint Mp[P448_WIDTH + 1], Qp[P448_WIDTH];
- if( N->n <= P448_WIDTH )
+ if( N->MBEDTLS_PRIVATE(n) <= P448_WIDTH )
return( 0 );
/* M = A1 */
- M.s = 1;
- M.n = N->n - ( P448_WIDTH );
- if( M.n > P448_WIDTH )
+ M.MBEDTLS_PRIVATE(s) = 1;
+ M.MBEDTLS_PRIVATE(n) = N->MBEDTLS_PRIVATE(n) - ( P448_WIDTH );
+ if( M.MBEDTLS_PRIVATE(n) > P448_WIDTH )
/* Shouldn't be called with N larger than 2^896! */
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
- M.p = Mp;
+ M.MBEDTLS_PRIVATE(p) = Mp;
memset( Mp, 0, sizeof( Mp ) );
- memcpy( Mp, N->p + P448_WIDTH, M.n * sizeof( mbedtls_mpi_uint ) );
+ memcpy( Mp, N->MBEDTLS_PRIVATE(p) + P448_WIDTH, M.MBEDTLS_PRIVATE(n) * sizeof( mbedtls_mpi_uint ) );
/* N = A0 */
- for( i = P448_WIDTH; i < N->n; i++ )
- N->p[i] = 0;
+ for( i = P448_WIDTH; i < N->MBEDTLS_PRIVATE(n); i++ )
+ N->MBEDTLS_PRIVATE(p)[i] = 0;
/* N += A1 */
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &M ) );
/* Q = B1, N += B1 */
Q = M;
- Q.p = Qp;
+ Q.MBEDTLS_PRIVATE(p) = Qp;
memcpy( Qp, Mp, sizeof( Qp ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Q, 224 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &Q ) );
@@ -1386,10 +1386,10 @@
/* M = (B0 + B1) * 2^224, N += M */
if( sizeof( mbedtls_mpi_uint ) > 4 )
Mp[P224_WIDTH_MIN] &= ( (mbedtls_mpi_uint)-1 ) >> ( P224_UNUSED_BITS );
- for( i = P224_WIDTH_MAX; i < M.n; ++i )
+ for( i = P224_WIDTH_MAX; i < M.MBEDTLS_PRIVATE(n); ++i )
Mp[i] = 0;
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &M, &M, &Q ) );
- M.n = P448_WIDTH + 1; /* Make room for shifted carry bit from the addition */
+ M.MBEDTLS_PRIVATE(n) = P448_WIDTH + 1; /* Make room for shifted carry bit from the addition */
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &M, 224 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &M ) );
@@ -1418,33 +1418,33 @@
mbedtls_mpi M, R;
mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1];
- if( N->n < p_limbs )
+ if( N->MBEDTLS_PRIVATE(n) < p_limbs )
return( 0 );
/* Init R */
- R.s = 1;
- R.p = Rp;
- R.n = P_KOBLITZ_R;
+ R.MBEDTLS_PRIVATE(s) = 1;
+ R.MBEDTLS_PRIVATE(p) = Rp;
+ R.MBEDTLS_PRIVATE(n) = P_KOBLITZ_R;
/* Common setup for M */
- M.s = 1;
- M.p = Mp;
+ M.MBEDTLS_PRIVATE(s) = 1;
+ M.MBEDTLS_PRIVATE(p) = Mp;
/* M = A1 */
- M.n = N->n - ( p_limbs - adjust );
- if( M.n > p_limbs + adjust )
- M.n = p_limbs + adjust;
+ M.MBEDTLS_PRIVATE(n) = N->MBEDTLS_PRIVATE(n) - ( p_limbs - adjust );
+ if( M.MBEDTLS_PRIVATE(n) > p_limbs + adjust )
+ M.MBEDTLS_PRIVATE(n) = p_limbs + adjust;
memset( Mp, 0, sizeof Mp );
- memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) );
+ memcpy( Mp, N->MBEDTLS_PRIVATE(p) + p_limbs - adjust, M.MBEDTLS_PRIVATE(n) * sizeof( mbedtls_mpi_uint ) );
if( shift != 0 )
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) );
- M.n += R.n; /* Make room for multiplication by R */
+ M.MBEDTLS_PRIVATE(n) += R.MBEDTLS_PRIVATE(n); /* Make room for multiplication by R */
/* N = A0 */
if( mask != 0 )
- N->p[p_limbs - 1] &= mask;
- for( i = p_limbs; i < N->n; i++ )
- N->p[i] = 0;
+ N->MBEDTLS_PRIVATE(p)[p_limbs - 1] &= mask;
+ for( i = p_limbs; i < N->MBEDTLS_PRIVATE(n); i++ )
+ N->MBEDTLS_PRIVATE(p)[i] = 0;
/* N = A0 + R * A1 */
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &M, &M, &R ) );
@@ -1453,20 +1453,20 @@
/* Second pass */
/* M = A1 */
- M.n = N->n - ( p_limbs - adjust );
- if( M.n > p_limbs + adjust )
- M.n = p_limbs + adjust;
+ M.MBEDTLS_PRIVATE(n) = N->MBEDTLS_PRIVATE(n) - ( p_limbs - adjust );
+ if( M.MBEDTLS_PRIVATE(n) > p_limbs + adjust )
+ M.MBEDTLS_PRIVATE(n) = p_limbs + adjust;
memset( Mp, 0, sizeof Mp );
- memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) );
+ memcpy( Mp, N->MBEDTLS_PRIVATE(p) + p_limbs - adjust, M.MBEDTLS_PRIVATE(n) * sizeof( mbedtls_mpi_uint ) );
if( shift != 0 )
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) );
- M.n += R.n; /* Make room for multiplication by R */
+ M.MBEDTLS_PRIVATE(n) += R.MBEDTLS_PRIVATE(n); /* Make room for multiplication by R */
/* N = A0 */
if( mask != 0 )
- N->p[p_limbs - 1] &= mask;
- for( i = p_limbs; i < N->n; i++ )
- N->p[i] = 0;
+ N->MBEDTLS_PRIVATE(p)[p_limbs - 1] &= mask;
+ for( i = p_limbs; i < N->MBEDTLS_PRIVATE(n); i++ )
+ N->MBEDTLS_PRIVATE(p)[i] = 0;
/* N = A0 + R * A1 */
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &M, &M, &R ) );
diff --git a/platform/ext/target/stm/common/stm32l5xx/accelerator/rsa_alt.c b/platform/ext/target/stm/common/stm32l5xx/accelerator/rsa_alt.c
index c9f4b8a..2f457f2 100644
--- a/platform/ext/target/stm/common/stm32l5xx/accelerator/rsa_alt.c
+++ b/platform/ext/target/stm/common/stm32l5xx/accelerator/rsa_alt.c
@@ -1,7 +1,7 @@
/*
* The RSA public-key cryptosystem
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright (C) 2006-2021, ARM Limited, All Rights Reserved
* Copyright (C) 2020, STMicroelectronics, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
@@ -49,8 +49,9 @@
#if defined(MBEDTLS_RSA_C)
+#include "mbedtls/error.h"
#include "mbedtls/rsa.h"
-#include "mbedtls/rsa_internal.h"
+#include "../library/rsa_alt_helpers.h"
#include "mbedtls/oid.h"
#include "mbedtls/platform_util.h"
@@ -276,9 +277,9 @@
RSA_VALIDATE_RET( output != NULL );
if ( is_private )
- elen = mbedtls_mpi_size( &ctx->D );
+ elen = mbedtls_mpi_size( &ctx->MBEDTLS_PRIVATE(D) );
else
- elen = mbedtls_mpi_size( &ctx->E );
+ elen = mbedtls_mpi_size( &ctx->MBEDTLS_PRIVATE(E) );
/* exponent aligned on 4 bytes */
elen = ((elen + 3)/4)*4;
@@ -287,14 +288,14 @@
MBEDTLS_MPI_CHK( ( e_binary == NULL ) ? MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED : 0 );
if ( is_private )
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->D, e_binary, elen ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->MBEDTLS_PRIVATE(D), e_binary, elen ) );
else
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->E, e_binary, elen ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->MBEDTLS_PRIVATE(E), e_binary, elen ) );
- nlen = ctx->len;
+ nlen = ctx->MBEDTLS_PRIVATE(len);
n_binary = mbedtls_calloc( 1, nlen );
MBEDTLS_MPI_CHK( ( n_binary == NULL ) ? MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED : 0 );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->N, n_binary, nlen ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->MBEDTLS_PRIVATE(N), n_binary, nlen ) );
in.expSize = elen; /* Exponent length */
in.OpSize = nlen; /* modulus length */
@@ -495,17 +496,17 @@
int ret;
RSA_VALIDATE_RET( ctx != NULL );
- if( ( N != NULL && ( ret = mbedtls_mpi_copy( &ctx->N, N ) ) != 0 ) ||
- ( P != NULL && ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ) ||
- ( Q != NULL && ( ret = mbedtls_mpi_copy( &ctx->Q, Q ) ) != 0 ) ||
- ( D != NULL && ( ret = mbedtls_mpi_copy( &ctx->D, D ) ) != 0 ) ||
- ( E != NULL && ( ret = mbedtls_mpi_copy( &ctx->E, E ) ) != 0 ) )
+ if( ( N != NULL && ( ret = mbedtls_mpi_copy( &ctx->MBEDTLS_PRIVATE(N), N ) ) != 0 ) ||
+ ( P != NULL && ( ret = mbedtls_mpi_copy( &ctx->MBEDTLS_PRIVATE(P), P ) ) != 0 ) ||
+ ( Q != NULL && ( ret = mbedtls_mpi_copy( &ctx->MBEDTLS_PRIVATE(Q), Q ) ) != 0 ) ||
+ ( D != NULL && ( ret = mbedtls_mpi_copy( &ctx->MBEDTLS_PRIVATE(D), D ) ) != 0 ) ||
+ ( E != NULL && ( ret = mbedtls_mpi_copy( &ctx->MBEDTLS_PRIVATE(E), E ) ) != 0 ) )
{
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret );
}
if( N != NULL )
- ctx->len = mbedtls_mpi_size( &ctx->N );
+ ctx->MBEDTLS_PRIVATE(len) = mbedtls_mpi_size( &ctx->MBEDTLS_PRIVATE(N) );
return( 0 );
}
@@ -522,21 +523,21 @@
if( N != NULL )
{
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->N, N, N_len ) );
- ctx->len = mbedtls_mpi_size( &ctx->N );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->MBEDTLS_PRIVATE(N), N, N_len ) );
+ ctx->MBEDTLS_PRIVATE(len) = mbedtls_mpi_size( &ctx->MBEDTLS_PRIVATE(N) );
}
if( P != NULL )
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->P, P, P_len ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->MBEDTLS_PRIVATE(P), P, P_len ) );
if( Q != NULL )
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->Q, Q, Q_len ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->MBEDTLS_PRIVATE(Q), Q, Q_len ) );
if( D != NULL )
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->D, D, D_len ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->MBEDTLS_PRIVATE(D), D, D_len ) );
if( E != NULL )
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->E, E, E_len ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->MBEDTLS_PRIVATE(E), E, E_len ) );
cleanup:
@@ -560,8 +561,8 @@
((void) blinding_needed);
#endif
- if( ctx->len != mbedtls_mpi_size( &ctx->N ) ||
- ctx->len > MBEDTLS_MPI_MAX_SIZE )
+ if( ctx->MBEDTLS_PRIVATE(len) != mbedtls_mpi_size( &ctx->MBEDTLS_PRIVATE(N) ) ||
+ ctx->MBEDTLS_PRIVATE(len) > MBEDTLS_MPI_MAX_SIZE )
{
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
}
@@ -572,8 +573,8 @@
/* Modular exponentiation wrt. N is always used for
* RSA public key operations. */
- if( mbedtls_mpi_cmp_int( &ctx->N, 0 ) <= 0 ||
- mbedtls_mpi_get_bit( &ctx->N, 0 ) == 0 )
+ if( mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(N), 0 ) <= 0 ||
+ mbedtls_mpi_get_bit( &ctx->MBEDTLS_PRIVATE(N), 0 ) == 0 )
{
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
}
@@ -583,10 +584,10 @@
* used for private key operations and if CRT
* is used. */
if( is_priv &&
- ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) <= 0 ||
- mbedtls_mpi_get_bit( &ctx->P, 0 ) == 0 ||
- mbedtls_mpi_cmp_int( &ctx->Q, 0 ) <= 0 ||
- mbedtls_mpi_get_bit( &ctx->Q, 0 ) == 0 ) )
+ ( mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(P), 0 ) <= 0 ||
+ mbedtls_mpi_get_bit( &ctx->MBEDTLS_PRIVATE(P), 0 ) == 0 ||
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(Q), 0 ) <= 0 ||
+ mbedtls_mpi_get_bit( &ctx->MBEDTLS_PRIVATE(Q), 0 ) == 0 ) )
{
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
}
@@ -597,18 +598,18 @@
*/
/* Always need E for public key operations */
- if( mbedtls_mpi_cmp_int( &ctx->E, 0 ) <= 0 )
+ if( mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(E), 0 ) <= 0 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
#if defined(MBEDTLS_RSA_NO_CRT)
/* For private key operations, use D or DP & DQ
* as (unblinded) exponents. */
- if( is_priv && mbedtls_mpi_cmp_int( &ctx->D, 0 ) <= 0 )
+ if( is_priv && mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(D), 0 ) <= 0 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
#else
if( is_priv &&
- ( mbedtls_mpi_cmp_int( &ctx->DP, 0 ) <= 0 ||
- mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) <= 0 ) )
+ ( mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(DP), 0 ) <= 0 ||
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(DQ), 0 ) <= 0 ) )
{
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
}
@@ -619,8 +620,8 @@
* done as part of 1. */
#if defined(MBEDTLS_RSA_NO_CRT)
if( is_priv && blinding_needed &&
- ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) <= 0 ||
- mbedtls_mpi_cmp_int( &ctx->Q, 0 ) <= 0 ) )
+ ( mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(P), 0 ) <= 0 ||
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(Q), 0 ) <= 0 ) )
{
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
}
@@ -630,7 +631,7 @@
* but check for QP >= 1 nonetheless. */
#if !defined(MBEDTLS_RSA_NO_CRT)
if( is_priv &&
- mbedtls_mpi_cmp_int( &ctx->QP, 0 ) <= 0 )
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(QP), 0 ) <= 0 )
{
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
}
@@ -647,11 +648,11 @@
RSA_VALIDATE_RET( ctx != NULL );
- have_N = ( mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 );
- have_P = ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 );
- have_Q = ( mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 );
- have_D = ( mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 );
- have_E = ( mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0 );
+ have_N = ( mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(N), 0 ) != 0 );
+ have_P = ( mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(P), 0 ) != 0 );
+ have_Q = ( mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(Q), 0 ) != 0 );
+ have_D = ( mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(D), 0 ) != 0 );
+ have_E = ( mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(E), 0 ) != 0 );
/*
* Check whether provided parameters are enough
@@ -680,13 +681,13 @@
if( !have_N && have_P && have_Q )
{
- if( ( ret = rsa_mpi2pka_mul( &ctx->N, &ctx->P,
- &ctx->Q ) ) != 0 )
+ if( ( ret = rsa_mpi2pka_mul( &ctx->MBEDTLS_PRIVATE(N), &ctx->MBEDTLS_PRIVATE(P),
+ &ctx->MBEDTLS_PRIVATE(Q) ) ) != 0 )
{
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret );
}
- ctx->len = mbedtls_mpi_size( &ctx->N );
+ ctx->MBEDTLS_PRIVATE(len) = mbedtls_mpi_size( &ctx->MBEDTLS_PRIVATE(N) );
}
/*
@@ -695,18 +696,18 @@
if( pq_missing )
{
- ret = mbedtls_rsa_deduce_primes( &ctx->N, &ctx->E, &ctx->D,
- &ctx->P, &ctx->Q );
+ ret = mbedtls_rsa_deduce_primes( &ctx->MBEDTLS_PRIVATE(N), &ctx->MBEDTLS_PRIVATE(E), &ctx->MBEDTLS_PRIVATE(D),
+ &ctx->MBEDTLS_PRIVATE(P), &ctx->MBEDTLS_PRIVATE(Q) );
if( ret != 0 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret );
}
else if( d_missing )
{
- if( ( ret = mbedtls_rsa_deduce_private_exponent( &ctx->P,
- &ctx->Q,
- &ctx->E,
- &ctx->D ) ) != 0 )
+ if( ( ret = mbedtls_rsa_deduce_private_exponent( &ctx->MBEDTLS_PRIVATE(P),
+ &ctx->MBEDTLS_PRIVATE(Q),
+ &ctx->MBEDTLS_PRIVATE(E),
+ &ctx->MBEDTLS_PRIVATE(D) ) ) != 0 )
{
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret );
}
@@ -719,8 +720,8 @@
#if !defined(MBEDTLS_RSA_NO_CRT)
if( is_priv )
{
- ret = mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D,
- &ctx->DP, &ctx->DQ, &ctx->QP );
+ ret = mbedtls_rsa_deduce_crt( &ctx->MBEDTLS_PRIVATE(P), &ctx->MBEDTLS_PRIVATE(Q), &ctx->MBEDTLS_PRIVATE(D),
+ &ctx->MBEDTLS_PRIVATE(DP), &ctx->MBEDTLS_PRIVATE(DQ), &ctx->MBEDTLS_PRIVATE(QP) );
if( ret != 0 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret );
}
@@ -746,11 +747,11 @@
/* Check if key is private or public */
is_priv =
- mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0;
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(N), 0 ) != 0 &&
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(P), 0 ) != 0 &&
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(Q), 0 ) != 0 &&
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(D), 0 ) != 0 &&
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(E), 0 ) != 0;
if( !is_priv )
{
@@ -762,19 +763,19 @@
}
if( N != NULL )
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->N, N, N_len ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->MBEDTLS_PRIVATE(N), N, N_len ) );
if( P != NULL )
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->P, P, P_len ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->MBEDTLS_PRIVATE(P), P, P_len ) );
if( Q != NULL )
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->Q, Q, Q_len ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->MBEDTLS_PRIVATE(Q), Q, Q_len ) );
if( D != NULL )
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->D, D, D_len ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->MBEDTLS_PRIVATE(D), D, D_len ) );
if( E != NULL )
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->E, E, E_len ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->MBEDTLS_PRIVATE(E), E, E_len ) );
cleanup:
@@ -791,11 +792,11 @@
/* Check if key is private or public */
is_priv =
- mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0;
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(N), 0 ) != 0 &&
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(P), 0 ) != 0 &&
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(Q), 0 ) != 0 &&
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(D), 0 ) != 0 &&
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(E), 0 ) != 0;
if( !is_priv )
{
@@ -808,11 +809,11 @@
/* Export all requested core parameters. */
- if( ( N != NULL && ( ret = mbedtls_mpi_copy( N, &ctx->N ) ) != 0 ) ||
- ( P != NULL && ( ret = mbedtls_mpi_copy( P, &ctx->P ) ) != 0 ) ||
- ( Q != NULL && ( ret = mbedtls_mpi_copy( Q, &ctx->Q ) ) != 0 ) ||
- ( D != NULL && ( ret = mbedtls_mpi_copy( D, &ctx->D ) ) != 0 ) ||
- ( E != NULL && ( ret = mbedtls_mpi_copy( E, &ctx->E ) ) != 0 ) )
+ if( ( N != NULL && ( ret = mbedtls_mpi_copy( N, &ctx->MBEDTLS_PRIVATE(N) ) ) != 0 ) ||
+ ( P != NULL && ( ret = mbedtls_mpi_copy( P, &ctx->MBEDTLS_PRIVATE(P) ) ) != 0 ) ||
+ ( Q != NULL && ( ret = mbedtls_mpi_copy( Q, &ctx->MBEDTLS_PRIVATE(Q) ) ) != 0 ) ||
+ ( D != NULL && ( ret = mbedtls_mpi_copy( D, &ctx->MBEDTLS_PRIVATE(D) ) ) != 0 ) ||
+ ( E != NULL && ( ret = mbedtls_mpi_copy( E, &ctx->MBEDTLS_PRIVATE(E) ) ) != 0 ) )
{
return( ret );
}
@@ -835,25 +836,25 @@
/* Check if key is private or public */
is_priv =
- mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 &&
- mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0;
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(N), 0 ) != 0 &&
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(P), 0 ) != 0 &&
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(Q), 0 ) != 0 &&
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(D), 0 ) != 0 &&
+ mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(E), 0 ) != 0;
if( !is_priv )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
#if !defined(MBEDTLS_RSA_NO_CRT)
/* Export all requested blinding parameters. */
- if( ( DP != NULL && ( ret = mbedtls_mpi_copy( DP, &ctx->DP ) ) != 0 ) ||
- ( DQ != NULL && ( ret = mbedtls_mpi_copy( DQ, &ctx->DQ ) ) != 0 ) ||
- ( QP != NULL && ( ret = mbedtls_mpi_copy( QP, &ctx->QP ) ) != 0 ) )
+ if( ( DP != NULL && ( ret = mbedtls_mpi_copy( DP, &ctx->MBEDTLS_PRIVATE(DP) ) ) != 0 ) ||
+ ( DQ != NULL && ( ret = mbedtls_mpi_copy( DQ, &ctx->MBEDTLS_PRIVATE(DQ) ) ) != 0 ) ||
+ ( QP != NULL && ( ret = mbedtls_mpi_copy( QP, &ctx->MBEDTLS_PRIVATE(QP) ) ) != 0 ) )
{
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret );
}
#else
- if( ( ret = mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D,
+ if( ( ret = mbedtls_rsa_deduce_crt( &ctx->MBEDTLS_PRIVATE(P), &ctx->MBEDTLS_PRIVATE(Q), &ctx->MBEDTLS_PRIVATE(D),
DP, DQ, QP ) ) != 0 )
{
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret );
@@ -866,35 +867,31 @@
/*
* Initialize an RSA context
*/
-void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
- int padding,
- int hash_id )
+void mbedtls_rsa_init( mbedtls_rsa_context *ctx )
{
RSA_VALIDATE( ctx != NULL );
- RSA_VALIDATE( padding == MBEDTLS_RSA_PKCS_V15 ||
- padding == MBEDTLS_RSA_PKCS_V21 );
memset( ctx, 0, sizeof( mbedtls_rsa_context ) );
- mbedtls_rsa_set_padding( ctx, padding, hash_id );
-
#if defined(MBEDTLS_THREADING_C)
- mbedtls_mutex_init( &ctx->mutex );
+ mbedtls_mutex_init( &ctx->MBEDTLS_PRIVATE(mutex) );
#endif
}
/*
* Set padding for an existing RSA context
*/
-void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
- int hash_id )
+int mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
+ mbedtls_md_type_t hash_id )
{
RSA_VALIDATE( ctx != NULL );
RSA_VALIDATE( padding == MBEDTLS_RSA_PKCS_V15 ||
padding == MBEDTLS_RSA_PKCS_V21 );
- ctx->padding = padding;
- ctx->hash_id = hash_id;
+ ctx->MBEDTLS_PRIVATE(padding) = padding;
+ ctx->MBEDTLS_PRIVATE(hash_id) = hash_id;
+
+ return ( 0 );
}
/*
@@ -903,7 +900,7 @@
size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx )
{
- return( ctx->len );
+ return( ctx->MBEDTLS_PRIVATE(len) );
}
@@ -947,41 +944,41 @@
* 2. GCD( E, (P-1)*(Q-1) ) == 1
* 3. E^-1 mod LCM(P-1, Q-1) > 2^( nbits / 2 )
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->E, exponent ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->MBEDTLS_PRIVATE(E), exponent ) );
do
{
- MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, nbits >> 1,
+ MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->MBEDTLS_PRIVATE(P), nbits >> 1,
prime_quality, f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1,
+ MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->MBEDTLS_PRIVATE(Q), nbits >> 1,
prime_quality, f_rng, p_rng ) );
/* make sure the difference between p and q is not too small (FIPS 186-4 §B.3.3 step 5.4) */
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &H, &ctx->P, &ctx->Q ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &H, &ctx->MBEDTLS_PRIVATE(P), &ctx->MBEDTLS_PRIVATE(Q) ) );
if( mbedtls_mpi_bitlen( &H ) <= ( ( nbits >= 200 ) ? ( ( nbits >> 1 ) - 99 ) : 0 ) )
continue;
/* not required by any standards, but some users rely on the fact that P > Q */
- if( H.s < 0 )
- mbedtls_mpi_swap( &ctx->P, &ctx->Q );
+ if( H.MBEDTLS_PRIVATE(s) < 0 )
+ mbedtls_mpi_swap( &ctx->MBEDTLS_PRIVATE(P), &ctx->MBEDTLS_PRIVATE(Q) );
/* Temporarily replace P,Q by P-1, Q-1 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->P, &ctx->P, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->Q, &ctx->Q, 1 ) );
- MBEDTLS_MPI_CHK( rsa_mpi2pka_mul( &H, &ctx->P, &ctx->Q ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->MBEDTLS_PRIVATE(P), &ctx->MBEDTLS_PRIVATE(P), 1 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->MBEDTLS_PRIVATE(Q), &ctx->MBEDTLS_PRIVATE(Q), 1 ) );
+ MBEDTLS_MPI_CHK( rsa_mpi2pka_mul( &H, &ctx->MBEDTLS_PRIVATE(P), &ctx->MBEDTLS_PRIVATE(Q) ) );
/* check GCD( E, (P-1)*(Q-1) ) == 1 (FIPS 186-4 §B.3.1 criterion 2(a)) */
- MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->E, &H ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->MBEDTLS_PRIVATE(E), &H ) );
if( mbedtls_mpi_cmp_int( &G, 1 ) != 0 )
continue;
/* compute smallest possible D = E^-1 mod LCM(P-1, Q-1) (FIPS 186-4 §B.3.1 criterion 3(b)) */
- MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->P, &ctx->Q ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->MBEDTLS_PRIVATE(P), &ctx->MBEDTLS_PRIVATE(Q) ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &L, NULL, &H, &G ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->D, &ctx->E, &L ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->MBEDTLS_PRIVATE(D), &ctx->MBEDTLS_PRIVATE(E), &L ) );
- if( mbedtls_mpi_bitlen( &ctx->D ) <= ( ( nbits + 1 ) / 2 ) ) // (FIPS 186-4 §B.3.1 criterion 3(a))
+ if( mbedtls_mpi_bitlen( &ctx->MBEDTLS_PRIVATE(D) ) <= ( ( nbits + 1 ) / 2 ) ) // (FIPS 186-4 §B.3.1 criterion 3(a))
continue;
break;
@@ -989,12 +986,12 @@
while( 1 );
/* Restore P,Q */
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->P, &ctx->P, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->Q, &ctx->Q, 1 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->MBEDTLS_PRIVATE(P), &ctx->MBEDTLS_PRIVATE(P), 1 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->MBEDTLS_PRIVATE(Q), &ctx->MBEDTLS_PRIVATE(Q), 1 ) );
- MBEDTLS_MPI_CHK( rsa_mpi2pka_mul( &ctx->N, &ctx->P, &ctx->Q ) );
+ MBEDTLS_MPI_CHK( rsa_mpi2pka_mul( &ctx->MBEDTLS_PRIVATE(N), &ctx->MBEDTLS_PRIVATE(P), &ctx->MBEDTLS_PRIVATE(Q) ) );
- ctx->len = mbedtls_mpi_size( &ctx->N );
+ ctx->MBEDTLS_PRIVATE(len) = mbedtls_mpi_size( &ctx->MBEDTLS_PRIVATE(N) );
#if !defined(MBEDTLS_RSA_NO_CRT)
/*
@@ -1002,8 +999,8 @@
* DQ = D mod (Q - 1)
* QP = Q^-1 mod P
*/
- MBEDTLS_MPI_CHK( mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D,
- &ctx->DP, &ctx->DQ, &ctx->QP ) );
+ MBEDTLS_MPI_CHK( mbedtls_rsa_deduce_crt( &ctx->MBEDTLS_PRIVATE(P), &ctx->MBEDTLS_PRIVATE(Q), &ctx->MBEDTLS_PRIVATE(D),
+ &ctx->MBEDTLS_PRIVATE(DP), &ctx->MBEDTLS_PRIVATE(DQ), &ctx->MBEDTLS_PRIVATE(QP) ) );
#endif /* MBEDTLS_RSA_NO_CRT */
/* Double-check */
@@ -1036,14 +1033,14 @@
if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) != 0 )
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
- if( mbedtls_mpi_bitlen( &ctx->N ) < 128 )
+ if( mbedtls_mpi_bitlen( &ctx->MBEDTLS_PRIVATE(N) ) < 128 )
{
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
}
- if( mbedtls_mpi_get_bit( &ctx->E, 0 ) == 0 ||
- mbedtls_mpi_bitlen( &ctx->E ) < 2 ||
- mbedtls_mpi_cmp_mpi( &ctx->E, &ctx->N ) >= 0 )
+ if( mbedtls_mpi_get_bit( &ctx->MBEDTLS_PRIVATE(E), 0 ) == 0 ||
+ mbedtls_mpi_bitlen( &ctx->MBEDTLS_PRIVATE(E) ) < 2 ||
+ mbedtls_mpi_cmp_mpi( &ctx->MBEDTLS_PRIVATE(E), &ctx->MBEDTLS_PRIVATE(N) ) >= 0 )
{
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
}
@@ -1064,15 +1061,15 @@
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
}
- if( mbedtls_rsa_validate_params( &ctx->N, &ctx->P, &ctx->Q,
- &ctx->D, &ctx->E, NULL, NULL ) != 0 )
+ if( mbedtls_rsa_validate_params( &ctx->MBEDTLS_PRIVATE(N), &ctx->MBEDTLS_PRIVATE(P), &ctx->MBEDTLS_PRIVATE(Q),
+ &ctx->MBEDTLS_PRIVATE(D), &ctx->MBEDTLS_PRIVATE(E), NULL, NULL ) != 0 )
{
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
}
#if !defined(MBEDTLS_RSA_NO_CRT)
- else if( mbedtls_rsa_validate_crt( &ctx->P, &ctx->Q, &ctx->D,
- &ctx->DP, &ctx->DQ, &ctx->QP ) != 0 )
+ else if( mbedtls_rsa_validate_crt( &ctx->MBEDTLS_PRIVATE(P), &ctx->MBEDTLS_PRIVATE(Q), &ctx->MBEDTLS_PRIVATE(D),
+ &ctx->MBEDTLS_PRIVATE(DP), &ctx->MBEDTLS_PRIVATE(DQ), &ctx->MBEDTLS_PRIVATE(QP) ) != 0 )
{
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
}
@@ -1096,8 +1093,8 @@
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
}
- if( mbedtls_mpi_cmp_mpi( &pub->N, &prv->N ) != 0 ||
- mbedtls_mpi_cmp_mpi( &pub->E, &prv->E ) != 0 )
+ if( mbedtls_mpi_cmp_mpi( &pub->MBEDTLS_PRIVATE(N), &prv->MBEDTLS_PRIVATE(N) ) != 0 ||
+ mbedtls_mpi_cmp_mpi( &pub->MBEDTLS_PRIVATE(E), &prv->MBEDTLS_PRIVATE(E) ) != 0 )
{
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
}
@@ -1125,13 +1122,13 @@
mbedtls_mpi_init( &T );
#if defined(MBEDTLS_THREADING_C)
- if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
+ if( ( ret = mbedtls_mutex_lock( &ctx->MBEDTLS_PRIVATE(mutex) ) ) != 0 )
return( ret );
#endif
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &T, input, ctx->len ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &T, input, ctx->MBEDTLS_PRIVATE(len) ) );
- if( mbedtls_mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
+ if( mbedtls_mpi_cmp_mpi( &T, &ctx->MBEDTLS_PRIVATE(N) ) >= 0 )
{
ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
goto cleanup;
@@ -1144,7 +1141,7 @@
cleanup:
#if defined(MBEDTLS_THREADING_C)
- if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
+ if( mbedtls_mutex_unlock( &ctx->MBEDTLS_PRIVATE(mutex) ) != 0 )
return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
#endif
@@ -1194,8 +1191,8 @@
#if !defined(MBEDTLS_RSA_NO_CRT)
/* Pointers to actual exponents to be used - either the unblinded
* or the blinded ones, depending on the presence of a PRNG. */
- mbedtls_mpi *DP = &ctx->DP;
- mbedtls_mpi *DQ = &ctx->DQ;
+ mbedtls_mpi *DP = &ctx->MBEDTLS_PRIVATE(DP);
+ mbedtls_mpi *DQ = &ctx->MBEDTLS_PRIVATE(DQ);
#endif /* MBEDTLS_RSA_NO_CRT */
/* Temporaries holding the initial input and the double
@@ -1213,7 +1210,7 @@
}
#if defined(MBEDTLS_THREADING_C)
- if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
+ if( ( ret = mbedtls_mutex_lock( &ctx->MBEDTLS_PRIVATE(mutex) ) ) != 0 )
return( ret );
#endif
@@ -1224,8 +1221,8 @@
/* End of MPI initialization */
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &T, input, ctx->len ) );
- if( mbedtls_mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &T, input, ctx->MBEDTLS_PRIVATE(len) ) );
+ if( mbedtls_mpi_cmp_mpi( &T, &ctx->MBEDTLS_PRIVATE(N) ) >= 0 )
{
ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
goto cleanup;
@@ -1240,12 +1237,12 @@
/*
* Faster decryption using the CRT
*/
- MBEDTLS_MPI_CHK( rsa_crt_pka_modexp( DP, DQ, &ctx->P, &ctx->Q, &ctx->QP, input, ctx->len, output) );
+ MBEDTLS_MPI_CHK( rsa_crt_pka_modexp( DP, DQ, &ctx->MBEDTLS_PRIVATE(P), &ctx->MBEDTLS_PRIVATE(Q), &ctx->MBEDTLS_PRIVATE(QP), input, ctx->MBEDTLS_PRIVATE(len), output) );
#endif /* MBEDTLS_RSA_NO_CRT */
cleanup:
#if defined(MBEDTLS_THREADING_C)
- if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
+ if( mbedtls_mutex_unlock( &ctx->MBEDTLS_PRIVATE(mutex) ) != 0 )
return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
#endif
@@ -1282,7 +1279,7 @@
memset( mask, 0, MBEDTLS_MD_MAX_SIZE );
memset( counter, 0, 4 );
- hlen = mbedtls_md_get_size( md_ctx->md_info );
+ hlen = mbedtls_md_get_size( md_ctx->MBEDTLS_PRIVATE(md_info) );
/* Generate and apply dbMask */
p = dst;
@@ -1324,7 +1321,6 @@
int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
- int mode,
const unsigned char *label, size_t label_len,
size_t ilen,
const unsigned char *input,
@@ -1344,17 +1340,14 @@
RSA_VALIDATE_RET( ilen == 0 || input != NULL );
RSA_VALIDATE_RET( label_len == 0 || label != NULL );
- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
if( f_rng == NULL )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
- md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id );
+ md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->MBEDTLS_PRIVATE(hash_id) );
if( md_info == NULL )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
- olen = ctx->len;
+ olen = ctx->MBEDTLS_PRIVATE(len);
hlen = mbedtls_md_get_size( md_info );
/* first comparison checks for overflow */
@@ -1400,9 +1393,7 @@
if( ret != 0 )
return( ret );
- return( ( mode == MBEDTLS_RSA_PUBLIC )
- ? mbedtls_rsa_public( ctx, output, output )
- : mbedtls_rsa_private( ctx, f_rng, p_rng, output, output ) );
+ return( mbedtls_rsa_public( ctx, output, output ) );
}
#endif /* MBEDTLS_PKCS1_V21 */
@@ -1413,7 +1404,7 @@
int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
- int mode, size_t ilen,
+ size_t ilen,
const unsigned char *input,
unsigned char *output )
{
@@ -1427,10 +1418,7 @@
RSA_VALIDATE_RET( output != NULL );
RSA_VALIDATE_RET( ilen == 0 || input != NULL );
- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- olen = ctx->len;
+ olen = ctx->MBEDTLS_PRIVATE(len);
/* first comparison checks for overflow */
if( ilen + 11 < ilen || olen < ilen + 11 )
@@ -1438,44 +1426,31 @@
nb_pad = olen - 3 - ilen;
- *p++ = 0;
- if( mode == MBEDTLS_RSA_PUBLIC )
+ if( f_rng == NULL )
+ return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+ *p++ = MBEDTLS_RSA_CRYPT;
+
+ while( nb_pad-- > 0 )
{
- if( f_rng == NULL )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ int rng_dl = 100;
- *p++ = MBEDTLS_RSA_CRYPT;
+ do {
+ ret = f_rng( p_rng, p, 1 );
+ } while( *p == 0 && --rng_dl && ret == 0 );
- while( nb_pad-- > 0 )
- {
- int rng_dl = 100;
+ /* Check if RNG failed to generate data */
+ if( rng_dl == 0 || ret != 0 )
+ return( MBEDTLS_ERR_RSA_RNG_FAILED + ret );
- do {
- ret = f_rng( p_rng, p, 1 );
- } while( *p == 0 && --rng_dl && ret == 0 );
-
- /* Check if RNG failed to generate data */
- if( rng_dl == 0 || ret != 0 )
- return( MBEDTLS_ERR_RSA_RNG_FAILED + ret );
-
- p++;
- }
- }
- else
- {
- *p++ = MBEDTLS_RSA_SIGN;
-
- while( nb_pad-- > 0 )
- *p++ = 0xFF;
+ p++;
}
*p++ = 0;
if( ilen != 0 )
memcpy( p, input, ilen );
- return( ( mode == MBEDTLS_RSA_PUBLIC )
- ? mbedtls_rsa_public( ctx, output, output )
- : mbedtls_rsa_private( ctx, f_rng, p_rng, output, output ) );
+ return( mbedtls_rsa_public( ctx, output, output ) );
}
#endif /* MBEDTLS_PKCS1_V15 */
@@ -1485,27 +1460,25 @@
int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
- int mode, size_t ilen,
+ size_t ilen,
const unsigned char *input,
unsigned char *output )
{
RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( output != NULL );
RSA_VALIDATE_RET( ilen == 0 || input != NULL );
- switch( ctx->padding )
+ switch( ctx->MBEDTLS_PRIVATE(padding) )
{
#if defined(MBEDTLS_PKCS1_V15)
case MBEDTLS_RSA_PKCS_V15:
- return mbedtls_rsa_rsaes_pkcs1_v15_encrypt( ctx, f_rng, p_rng, mode, ilen,
+ return mbedtls_rsa_rsaes_pkcs1_v15_encrypt( ctx, f_rng, p_rng, ilen,
input, output );
#endif
#if defined(MBEDTLS_PKCS1_V21)
case MBEDTLS_RSA_PKCS_V21:
- return mbedtls_rsa_rsaes_oaep_encrypt( ctx, f_rng, p_rng, mode, NULL, 0,
+ return mbedtls_rsa_rsaes_oaep_encrypt( ctx, f_rng, p_rng, NULL, 0,
ilen, input, output );
#endif
@@ -1521,7 +1494,6 @@
int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
- int mode,
const unsigned char *label, size_t label_len,
size_t *olen,
const unsigned char *input,
@@ -1538,8 +1510,6 @@
mbedtls_md_context_t md_ctx;
RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
RSA_VALIDATE_RET( label_len == 0 || label != NULL );
RSA_VALIDATE_RET( input != NULL );
@@ -1548,15 +1518,12 @@
/*
* Parameters sanity checks
*/
- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- ilen = ctx->len;
+ ilen = ctx->MBEDTLS_PRIVATE(len);
if( ilen < 16 || ilen > sizeof( buf ) )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
- md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id );
+ md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->MBEDTLS_PRIVATE(hash_id) );
if( md_info == NULL )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -1569,9 +1536,7 @@
/*
* RSA operation
*/
- ret = ( mode == MBEDTLS_RSA_PUBLIC )
- ? mbedtls_rsa_public( ctx, input, buf )
- : mbedtls_rsa_private( ctx, f_rng, p_rng, input, buf );
+ ret = mbedtls_rsa_private( ctx, f_rng, p_rng, input, buf );
if( ret != 0 )
goto cleanup;
@@ -1759,7 +1724,7 @@
int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
- int mode, size_t *olen,
+ size_t *olen,
const unsigned char *input,
unsigned char *output,
size_t output_max_len )
@@ -1784,26 +1749,19 @@
unsigned output_too_large;
RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
RSA_VALIDATE_RET( input != NULL );
RSA_VALIDATE_RET( olen != NULL );
- ilen = ctx->len;
+ ilen = ctx->MBEDTLS_PRIVATE(len);
plaintext_max_size = ( output_max_len > ilen - 11 ?
ilen - 11 :
output_max_len );
- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
if( ilen < 16 || ilen > sizeof( buf ) )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
- ret = ( mode == MBEDTLS_RSA_PUBLIC )
- ? mbedtls_rsa_public( ctx, input, buf )
- : mbedtls_rsa_private( ctx, f_rng, p_rng, input, buf );
+ ret = mbedtls_rsa_private( ctx, f_rng, p_rng, input, buf );
if( ret != 0 )
goto cleanup;
@@ -1812,35 +1770,16 @@
* memory trace. The first byte must be 0. */
bad |= buf[0];
- if( mode == MBEDTLS_RSA_PRIVATE )
- {
- /* Decode EME-PKCS1-v1_5 padding: 0x00 || 0x02 || PS || 0x00
- * where PS must be at least 8 nonzero bytes. */
- bad |= buf[1] ^ MBEDTLS_RSA_CRYPT;
+ /* Decode EME-PKCS1-v1_5 padding: 0x00 || 0x02 || PS || 0x00
+ * where PS must be at least 8 nonzero bytes. */
+ bad |= buf[1] ^ MBEDTLS_RSA_CRYPT;
- /* Read the whole buffer. Set pad_done to nonzero if we find
- * the 0x00 byte and remember the padding length in pad_count. */
- for( i = 2; i < ilen; i++ )
- {
- pad_done |= ((buf[i] | (unsigned char)-buf[i]) >> 7) ^ 1;
- pad_count += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1;
- }
- }
- else
+ /* Read the whole buffer. Set pad_done to nonzero if we find
+ * the 0x00 byte and remember the padding length in pad_count. */
+ for( i = 2; i < ilen; i++ )
{
- /* Decode EMSA-PKCS1-v1_5 padding: 0x00 || 0x01 || PS || 0x00
- * where PS must be at least 8 bytes with the value 0xFF. */
- bad |= buf[1] ^ MBEDTLS_RSA_SIGN;
-
- /* Read the whole buffer. Set pad_done to nonzero if we find
- * the 0x00 byte and remember the padding length in pad_count.
- * If there's a non-0xff byte in the padding, the padding is bad. */
- for( i = 2; i < ilen; i++ )
- {
- pad_done |= if_int( buf[i], 0, 1 );
- pad_count += if_int( pad_done, 0, 1 );
- bad |= if_int( pad_done, 0, buf[i] ^ 0xFF );
- }
+ pad_done |= ((buf[i] | (unsigned char)-buf[i]) >> 7) ^ 1;
+ pad_count += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1;
}
/* If pad_done is still zero, there's no data, only unfinished padding. */
@@ -1931,29 +1870,27 @@
int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
- int mode, size_t *olen,
+ size_t *olen,
const unsigned char *input,
unsigned char *output,
- size_t output_max_len)
+ size_t output_max_len )
{
RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
RSA_VALIDATE_RET( input != NULL );
RSA_VALIDATE_RET( olen != NULL );
- switch( ctx->padding )
+ switch( ctx->MBEDTLS_PRIVATE(padding) )
{
#if defined(MBEDTLS_PKCS1_V15)
case MBEDTLS_RSA_PKCS_V15:
- return mbedtls_rsa_rsaes_pkcs1_v15_decrypt( ctx, f_rng, p_rng, mode, olen,
+ return mbedtls_rsa_rsaes_pkcs1_v15_decrypt( ctx, f_rng, p_rng, olen,
input, output, output_max_len );
#endif
#if defined(MBEDTLS_PKCS1_V21)
case MBEDTLS_RSA_PKCS_V21:
- return mbedtls_rsa_rsaes_oaep_decrypt( ctx, f_rng, p_rng, mode, NULL, 0,
+ return mbedtls_rsa_rsaes_oaep_decrypt( ctx, f_rng, p_rng, NULL, 0,
olen, input, output,
output_max_len );
#endif
@@ -1970,7 +1907,6 @@
int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
- int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
@@ -1985,20 +1921,15 @@
const mbedtls_md_info_t *md_info;
mbedtls_md_context_t md_ctx;
RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
hashlen == 0 ) ||
hash != NULL );
RSA_VALIDATE_RET( sig != NULL );
- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
if( f_rng == NULL )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
- olen = ctx->len;
+ olen = ctx->MBEDTLS_PRIVATE(len);
if( md_alg != MBEDTLS_MD_NONE )
{
@@ -2010,7 +1941,7 @@
hashlen = mbedtls_md_get_size( md_info );
}
- md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id );
+ md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->MBEDTLS_PRIVATE(hash_id) );
if( md_info == NULL )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -2037,7 +1968,7 @@
return( MBEDTLS_ERR_RSA_RNG_FAILED + ret );
/* Note: EMSA-PSS encoding is over the length of N - 1 bits */
- msb = mbedtls_mpi_bitlen( &ctx->N ) - 1;
+ msb = mbedtls_mpi_bitlen( &ctx->MBEDTLS_PRIVATE(N) ) - 1;
p += olen - hlen - slen - 2;
*p++ = 0x01;
memcpy( p, salt, slen );
@@ -2068,7 +1999,7 @@
&md_ctx ) ) != 0 )
goto exit;
- msb = mbedtls_mpi_bitlen( &ctx->N ) - 1;
+ msb = mbedtls_mpi_bitlen( &ctx->MBEDTLS_PRIVATE(N) ) - 1;
sig[0] &= 0xFF >> ( olen * 8 - msb );
p += hlen;
@@ -2082,9 +2013,7 @@
if( ret != 0 )
return( ret );
- return( ( mode == MBEDTLS_RSA_PUBLIC )
- ? mbedtls_rsa_public( ctx, sig, sig )
- : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig ) );
+ return( mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig ) );
}
#endif /* MBEDTLS_PKCS1_V21 */
@@ -2229,7 +2158,6 @@
int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
- int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
@@ -2239,45 +2167,34 @@
unsigned char *sig_try = NULL, *verif = NULL;
RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
hashlen == 0 ) ||
hash != NULL );
RSA_VALIDATE_RET( sig != NULL );
- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
/*
* Prepare PKCS1-v1.5 encoding (padding and hash identifier)
*/
if( ( ret = rsa_rsassa_pkcs1_v15_encode( md_alg, hashlen, hash,
- ctx->len, sig ) ) != 0 )
+ ctx->MBEDTLS_PRIVATE(len), sig ) ) != 0 )
return( ret );
/*
* Call respective RSA primitive
*/
- if( mode == MBEDTLS_RSA_PUBLIC )
- {
- /* Skip verification on a public key operation */
- return( mbedtls_rsa_public( ctx, sig, sig ) );
- }
-
/* Private key operation
*
* In order to prevent Lenstra's attack, make the signature in a
* temporary buffer and check it before returning it.
*/
- sig_try = mbedtls_calloc( 1, ctx->len );
+ sig_try = mbedtls_calloc( 1, ctx->MBEDTLS_PRIVATE(len) );
if( sig_try == NULL )
return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
- verif = mbedtls_calloc( 1, ctx->len );
+ verif = mbedtls_calloc( 1, ctx->MBEDTLS_PRIVATE(len) );
if( verif == NULL )
{
mbedtls_free( sig_try );
@@ -2287,13 +2204,13 @@
MBEDTLS_MPI_CHK( mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig_try ) );
MBEDTLS_MPI_CHK( mbedtls_rsa_public( ctx, sig_try, verif ) );
- if( mbedtls_safer_memcmp( verif, sig, ctx->len ) != 0 )
+ if( mbedtls_safer_memcmp( verif, sig, ctx->MBEDTLS_PRIVATE(len) ) != 0 )
{
ret = MBEDTLS_ERR_RSA_PRIVATE_FAILED;
goto cleanup;
}
- memcpy( sig, sig_try, ctx->len );
+ memcpy( sig, sig_try, ctx->MBEDTLS_PRIVATE(len) );
cleanup:
mbedtls_free( sig_try );
@@ -2309,31 +2226,28 @@
int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
- int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
unsigned char *sig )
{
RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
hashlen == 0 ) ||
hash != NULL );
RSA_VALIDATE_RET( sig != NULL );
- switch( ctx->padding )
+ switch( ctx->MBEDTLS_PRIVATE(padding) )
{
#if defined(MBEDTLS_PKCS1_V15)
case MBEDTLS_RSA_PKCS_V15:
- return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng, mode, md_alg,
+ return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng, md_alg,
hashlen, hash, sig );
#endif
#if defined(MBEDTLS_PKCS1_V21)
case MBEDTLS_RSA_PKCS_V21:
- return mbedtls_rsa_rsassa_pss_sign( ctx, f_rng, p_rng, mode, md_alg,
+ return mbedtls_rsa_rsassa_pss_sign( ctx, f_rng, p_rng, md_alg,
hashlen, hash, sig );
#endif
@@ -2347,9 +2261,6 @@
* Implementation of the PKCS#1 v2.1 RSASSA-PSS-VERIFY function
*/
int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
@@ -2370,24 +2281,17 @@
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( sig != NULL );
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
hashlen == 0 ) ||
hash != NULL );
- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
- siglen = ctx->len;
+ siglen = ctx->MBEDTLS_PRIVATE(len);
if( siglen < 16 || siglen > sizeof( buf ) )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
- ret = ( mode == MBEDTLS_RSA_PUBLIC )
- ? mbedtls_rsa_public( ctx, sig, buf )
- : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, buf );
+ ret = mbedtls_rsa_public( ctx, sig, buf );
if( ret != 0 )
return( ret );
@@ -2418,7 +2322,7 @@
/*
* Note: EMSA-PSS verification is over the length of N - 1 bits
*/
- msb = mbedtls_mpi_bitlen( &ctx->N ) - 1;
+ msb = mbedtls_mpi_bitlen( &ctx->MBEDTLS_PRIVATE(N) ) - 1;
if( buf[0] >> ( 8 - siglen * 8 + msb ) )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -2497,9 +2401,6 @@
* Simplified PKCS#1 v2.1 RSASSA-PSS-VERIFY function
*/
int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
@@ -2507,19 +2408,16 @@
{
mbedtls_md_type_t mgf1_hash_id;
RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( sig != NULL );
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
hashlen == 0 ) ||
hash != NULL );
- mgf1_hash_id = ( ctx->hash_id != MBEDTLS_MD_NONE )
- ? (mbedtls_md_type_t) ctx->hash_id
+ mgf1_hash_id = ( ctx->MBEDTLS_PRIVATE(hash_id) != MBEDTLS_MD_NONE )
+ ? (mbedtls_md_type_t) ctx->MBEDTLS_PRIVATE(hash_id)
: md_alg;
- return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, f_rng, p_rng, mode,
- md_alg, hashlen, hash,
+ return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, md_alg, hashlen, hash,
mgf1_hash_id, MBEDTLS_RSA_SALT_LEN_ANY,
sig ) );
@@ -2531,9 +2429,6 @@
* Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-v1_5-VERIFY function
*/
int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
@@ -2544,17 +2439,12 @@
unsigned char *encoded = NULL, *encoded_expected = NULL;
RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( sig != NULL );
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
hashlen == 0 ) ||
hash != NULL );
- sig_len = ctx->len;
-
- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ sig_len = ctx->MBEDTLS_PRIVATE(len);
/*
* Prepare expected PKCS1 v1.5 encoding of hash.
@@ -2575,9 +2465,7 @@
* Apply RSA primitive to get what should be PKCS1 encoded hash.
*/
- ret = ( mode == MBEDTLS_RSA_PUBLIC )
- ? mbedtls_rsa_public( ctx, sig, encoded )
- : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, encoded );
+ ret = mbedtls_rsa_public( ctx, sig, encoded );
if( ret != 0 )
goto cleanup;
@@ -2614,33 +2502,28 @@
* Do an RSA operation and check the message digest
*/
int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
const unsigned char *sig )
{
RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( sig != NULL );
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
hashlen == 0 ) ||
hash != NULL );
- switch( ctx->padding )
+ switch( ctx->MBEDTLS_PRIVATE(padding) )
{
#if defined(MBEDTLS_PKCS1_V15)
case MBEDTLS_RSA_PKCS_V15:
- return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, f_rng, p_rng, mode, md_alg,
+ return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, md_alg,
hashlen, hash, sig );
#endif
#if defined(MBEDTLS_PKCS1_V21)
case MBEDTLS_RSA_PKCS_V21:
- return mbedtls_rsa_rsassa_pss_verify( ctx, f_rng, p_rng, mode, md_alg,
+ return mbedtls_rsa_rsassa_pss_verify( ctx, md_alg,
hashlen, hash, sig );
#endif
@@ -2658,31 +2541,31 @@
RSA_VALIDATE_RET( dst != NULL );
RSA_VALIDATE_RET( src != NULL );
- dst->ver = src->ver;
- dst->len = src->len;
+ dst->MBEDTLS_PRIVATE(ver) = src->MBEDTLS_PRIVATE(ver);
+ dst->MBEDTLS_PRIVATE(len) = src->MBEDTLS_PRIVATE(len);
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->N, &src->N ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->E, &src->E ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(N), &src->MBEDTLS_PRIVATE(N) ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(E), &src->MBEDTLS_PRIVATE(E) ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->D, &src->D ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->P, &src->P ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Q, &src->Q ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(D), &src->MBEDTLS_PRIVATE(D) ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(P), &src->MBEDTLS_PRIVATE(P) ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(Q), &src->MBEDTLS_PRIVATE(Q) ) );
#if !defined(MBEDTLS_RSA_NO_CRT)
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->DP, &src->DP ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->DQ, &src->DQ ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->QP, &src->QP ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RP, &src->RP ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RQ, &src->RQ ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(DP), &src->MBEDTLS_PRIVATE(DP) ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(DQ), &src->MBEDTLS_PRIVATE(DQ) ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(QP), &src->MBEDTLS_PRIVATE(QP) ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(RP), &src->MBEDTLS_PRIVATE(RP) ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(RQ), &src->MBEDTLS_PRIVATE(RQ) ) );
#endif
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RN, &src->RN ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(RN), &src->MBEDTLS_PRIVATE(RN) ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Vi, &src->Vi ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Vf, &src->Vf ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(Vi), &src->MBEDTLS_PRIVATE(Vi) ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(Vf), &src->MBEDTLS_PRIVATE(Vf) ) );
- dst->padding = src->padding;
- dst->hash_id = src->hash_id;
+ dst->MBEDTLS_PRIVATE(padding) = src->MBEDTLS_PRIVATE(padding);
+ dst->MBEDTLS_PRIVATE(hash_id) = src->MBEDTLS_PRIVATE(hash_id);
cleanup:
if( ret != 0 )
@@ -2699,25 +2582,25 @@
if( ctx == NULL )
return;
- mbedtls_mpi_free( &ctx->Vi );
- mbedtls_mpi_free( &ctx->Vf );
- mbedtls_mpi_free( &ctx->RN );
- mbedtls_mpi_free( &ctx->D );
- mbedtls_mpi_free( &ctx->Q );
- mbedtls_mpi_free( &ctx->P );
- mbedtls_mpi_free( &ctx->E );
- mbedtls_mpi_free( &ctx->N );
+ mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(Vi) );
+ mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(Vf) );
+ mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(RN) );
+ mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(D) );
+ mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(Q) );
+ mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(P) );
+ mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(E) );
+ mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(N) );
#if !defined(MBEDTLS_RSA_NO_CRT)
- mbedtls_mpi_free( &ctx->RQ );
- mbedtls_mpi_free( &ctx->RP );
- mbedtls_mpi_free( &ctx->QP );
- mbedtls_mpi_free( &ctx->DQ );
- mbedtls_mpi_free( &ctx->DP );
+ mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(RQ) );
+ mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(RP) );
+ mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(QP) );
+ mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(DQ) );
+ mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(DP) );
#endif /* MBEDTLS_RSA_NO_CRT */
#if defined(MBEDTLS_THREADING_C)
- mbedtls_mutex_free( &ctx->mutex );
+ mbedtls_mutex_free( &ctx->MBEDTLS_PRIVATE(mutex) );
#endif
}
diff --git a/platform/ext/target/stm/common/stm32l5xx/accelerator/rsa_alt.h b/platform/ext/target/stm/common/stm32l5xx/accelerator/rsa_alt.h
index 65c8023..59ab0fa 100644
--- a/platform/ext/target/stm/common/stm32l5xx/accelerator/rsa_alt.h
+++ b/platform/ext/target/stm/common/stm32l5xx/accelerator/rsa_alt.h
@@ -10,7 +10,7 @@
*
*/
/*
- * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
+ * Copyright (C) 2006-2021, Arm Limited (or its affiliates), All Rights Reserved
* Copyright (C) 2020, STMicroelectronics, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
@@ -50,37 +50,37 @@
*/
typedef struct mbedtls_rsa_context
{
- int ver; /*!< Always 0.*/
- size_t len; /*!< The size of \p N in Bytes. */
+ int MBEDTLS_PRIVATE(ver); /*!< Always 0.*/
+ size_t MBEDTLS_PRIVATE(len); /*!< The size of \p N in Bytes. */
- mbedtls_mpi N; /*!< The public modulus. */
- mbedtls_mpi E; /*!< The public exponent. */
+ mbedtls_mpi MBEDTLS_PRIVATE(N); /*!< The public modulus. */
+ mbedtls_mpi MBEDTLS_PRIVATE(E); /*!< The public exponent. */
- mbedtls_mpi D; /*!< The private exponent. */
- mbedtls_mpi P; /*!< The first prime factor. */
- mbedtls_mpi Q; /*!< The second prime factor. */
+ mbedtls_mpi MBEDTLS_PRIVATE(D); /*!< The private exponent. */
+ mbedtls_mpi MBEDTLS_PRIVATE(P); /*!< The first prime factor. */
+ mbedtls_mpi MBEDTLS_PRIVATE(Q); /*!< The second prime factor. */
- mbedtls_mpi DP; /*!< <code>D % (P - 1)</code>. */
- mbedtls_mpi DQ; /*!< <code>D % (Q - 1)</code>. */
- mbedtls_mpi QP; /*!< <code>1 / (Q % P)</code>. */
+ mbedtls_mpi MBEDTLS_PRIVATE(DP); /*!< <code>D % (P - 1)</code>. */
+ mbedtls_mpi MBEDTLS_PRIVATE(DQ); /*!< <code>D % (Q - 1)</code>. */
+ mbedtls_mpi MBEDTLS_PRIVATE(QP); /*!< <code>1 / (Q % P)</code>. */
- mbedtls_mpi RN; /*!< cached <code>R^2 mod N</code>. */
+ mbedtls_mpi MBEDTLS_PRIVATE(RN); /*!< cached <code>R^2 mod N</code>. */
- mbedtls_mpi RP; /*!< cached <code>R^2 mod P</code>. */
- mbedtls_mpi RQ; /*!< cached <code>R^2 mod Q</code>. */
+ mbedtls_mpi MBEDTLS_PRIVATE(RP); /*!< cached <code>R^2 mod P</code>. */
+ mbedtls_mpi MBEDTLS_PRIVATE(RQ); /*!< cached <code>R^2 mod Q</code>. */
- mbedtls_mpi Vi; /*!< The cached blinding value. */
- mbedtls_mpi Vf; /*!< The cached un-blinding value. */
+ mbedtls_mpi MBEDTLS_PRIVATE(Vi); /*!< The cached blinding value. */
+ mbedtls_mpi MBEDTLS_PRIVATE(Vf); /*!< The cached un-blinding value. */
- int padding; /*!< Selects padding mode:
+ int MBEDTLS_PRIVATE(padding); /*!< Selects padding mode:
#MBEDTLS_RSA_PKCS_V15 for 1.5 padding and
#MBEDTLS_RSA_PKCS_V21 for OAEP or PSS. */
- int hash_id; /*!< Hash identifier of mbedtls_md_type_t type,
+ int MBEDTLS_PRIVATE(hash_id); /*!< Hash identifier of mbedtls_md_type_t type,
as specified in md.h for use in the MGF
mask generating function used in the
EME-OAEP and EMSA-PSS encodings. */
#if defined(MBEDTLS_THREADING_C)
- mbedtls_threading_mutex_t mutex; /*!< Thread-safety mutex. */
+ mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< Thread-safety mutex. */
#endif
}
mbedtls_rsa_context;
diff --git a/platform/ext/target/stm/common/stm32l5xx/accelerator/sha256_alt.c b/platform/ext/target/stm/common/stm32l5xx/accelerator/sha256_alt.c
index 3153ba7..46ba21c 100644
--- a/platform/ext/target/stm/common/stm32l5xx/accelerator/sha256_alt.c
+++ b/platform/ext/target/stm/common/stm32l5xx/accelerator/sha256_alt.c
@@ -1,7 +1,7 @@
/*
* FIPS-180-2 compliant SHA-256 implementation
*
- * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright (C) 2006-2021, ARM Limited, All Rights Reserved
* Copyright (C) 2019, STMicroelectronics, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
@@ -27,6 +27,7 @@
/* Includes ------------------------------------------------------------------*/
#include "mbedtls/sha256.h"
+#include "mbedtls/error.h"
#if defined(MBEDTLS_SHA256_C)
#if defined(MBEDTLS_SHA256_ALT)
@@ -86,7 +87,7 @@
*dst = *src;
}
-int mbedtls_sha256_starts_ret(mbedtls_sha256_context *ctx, int is224)
+int mbedtls_sha256_starts(mbedtls_sha256_context *ctx, int is224)
{
SHA256_VALIDATE_RET( ctx != NULL );
SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
@@ -102,7 +103,7 @@
return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
}
- ctx->is224 = is224;
+ ctx->MBEDTLS_PRIVATE(is224) = is224;
/* first block on 17 words */
ctx->first = ST_SHA256_EXTRA_BYTES;
@@ -127,7 +128,7 @@
HAL_HASH_ContextRestoring(&ctx->hhash, ctx->ctx_save_regs);
#endif /* ST_HW_CONTEXT_SAVING */
- if (ctx->is224 == 0) {
+ if (ctx->MBEDTLS_PRIVATE(is224) == 0) {
if (HAL_HASHEx_SHA256_Accmlt(&ctx->hhash, (uint8_t *) data, ST_SHA256_BLOCK_SIZE) != 0) {
return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
}
@@ -145,7 +146,7 @@
return 0;
}
-int mbedtls_sha256_update_ret(mbedtls_sha256_context *ctx, const unsigned char *input, size_t ilen)
+int mbedtls_sha256_update(mbedtls_sha256_context *ctx, const unsigned char *input, size_t ilen)
{
size_t currentlen = ilen;
@@ -169,7 +170,7 @@
memcpy(ctx->sbuf + ctx->sbuf_len, input, (ST_SHA256_BLOCK_SIZE + ctx->first - ctx->sbuf_len));
currentlen -= (ST_SHA256_BLOCK_SIZE + ctx->first - ctx->sbuf_len);
- if (ctx->is224 == 0)
+ if (ctx->MBEDTLS_PRIVATE(is224) == 0)
{
if (HAL_HASHEx_SHA256_Accmlt(&ctx->hhash, (uint8_t *)(ctx->sbuf), ST_SHA256_BLOCK_SIZE + ctx->first) != 0)
{
@@ -188,7 +189,7 @@
size_t iter = currentlen / ST_SHA256_BLOCK_SIZE;
if (iter != 0)
{
- if (ctx->is224 == 0)
+ if (ctx->MBEDTLS_PRIVATE(is224) == 0)
{
if (HAL_HASHEx_SHA256_Accmlt(&ctx->hhash, (uint8_t *)(input + ST_SHA256_BLOCK_SIZE + ctx->first - ctx->sbuf_len), (iter * ST_SHA256_BLOCK_SIZE)) != 0)
{
@@ -222,7 +223,7 @@
return 0;
}
-int mbedtls_sha256_finish_ret(mbedtls_sha256_context *ctx, unsigned char output[32])
+int mbedtls_sha256_finish(mbedtls_sha256_context *ctx, unsigned char output[32])
{
SHA256_VALIDATE_RET( ctx != NULL );
SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
@@ -233,7 +234,7 @@
#endif /* ST_HW_CONTEXT_SAVING */
/* Last accumulation for pending bytes in sbuf_len, then trig processing and get digest */
- if (ctx->is224 == 0)
+ if (ctx->MBEDTLS_PRIVATE(is224) == 0)
{
if (HAL_HASHEx_SHA256_Accmlt_End(&ctx->hhash, ctx->sbuf, ctx->sbuf_len, output, ST_SHA256_TIMEOUT) != 0)
{
diff --git a/platform/ext/target/stm/common/stm32l5xx/accelerator/sha256_alt.h b/platform/ext/target/stm/common/stm32l5xx/accelerator/sha256_alt.h
index 872d763..3c7b7cf 100644
--- a/platform/ext/target/stm/common/stm32l5xx/accelerator/sha256_alt.h
+++ b/platform/ext/target/stm/common/stm32l5xx/accelerator/sha256_alt.h
@@ -7,7 +7,7 @@
* hash functions are defined in <em>FIPS 180-4: Secure Hash Standard (SHS)</em>.
*/
/*
- * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
+ * Copyright (C) 2006-2021, Arm Limited (or its affiliates), All Rights Reserved
* Copyright (C) 2019, STMicroelectronics, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
@@ -47,7 +47,7 @@
*/
typedef struct mbedtls_sha256_context
{
- int is224; /*!< 0 = use SHA256, 1 = use SHA224 */
+ int MBEDTLS_PRIVATE(is224); /*!< 0 = use SHA256, 1 = use SHA224 */
HASH_HandleTypeDef hhash; /*!< Handle of HASH HAL */
uint8_t sbuf[ST_SHA256_BLOCK_SIZE + ST_SHA256_EXTRA_BYTES];
/*!< Buffer to store input data
@@ -62,4 +62,4 @@
#endif /* MBEDTLS_SHA256_ALT */
-#endif /* MBEDTLS_SHA256_ALT_H */
\ No newline at end of file
+#endif /* MBEDTLS_SHA256_ALT_H */
diff --git a/platform/ext/target/stm/common/stm32l5xx/secure/tfm_platform_system.c b/platform/ext/target/stm/common/stm32l5xx/secure/tfm_platform_system.c
index ee68f7a..c3615f8 100644
--- a/platform/ext/target/stm/common/stm32l5xx/secure/tfm_platform_system.c
+++ b/platform/ext/target/stm/common/stm32l5xx/secure/tfm_platform_system.c
@@ -38,9 +38,3 @@
return TFM_PLATFORM_ERR_NOT_SUPPORTED;
}
-
-void Error_Handler(void)
-{
- /* Reset the system */
- NVIC_SystemReset();
-}
diff --git a/platform/ext/target/stm/nucleo_l552ze_q/accelerator/mbedtls_accelerator_config.h b/platform/ext/target/stm/nucleo_l552ze_q/accelerator/mbedtls_accelerator_config.h
index bb2125f..97c8e2b 100644
--- a/platform/ext/target/stm/nucleo_l552ze_q/accelerator/mbedtls_accelerator_config.h
+++ b/platform/ext/target/stm/nucleo_l552ze_q/accelerator/mbedtls_accelerator_config.h
@@ -15,7 +15,7 @@
/* RNG Config */
-#undef MBEDTLS_TEST_NULL_ENTROPY
+#undef MBEDTLS_ENTROPY_NV_SEED
#undef MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
#define MBEDTLS_PLATFORM_ENTROPY
#define MBEDTLS_ENTROPY_C
@@ -29,6 +29,8 @@
#define MBEDTLS_SHA256_ALT
#endif /* MBEDTLS_SHA256_C */
+#undef MBEDTLS_AES_SETKEY_DEC_ALT
+#undef MBEDTLS_AES_DECRYPT_ALT
#ifdef __cplusplus
}
#endif /* __cplusplus */
diff --git a/platform/ext/target/stm/nucleo_l552ze_q/config.cmake b/platform/ext/target/stm/nucleo_l552ze_q/config.cmake
index 74c5a80..a1158ce 100644
--- a/platform/ext/target/stm/nucleo_l552ze_q/config.cmake
+++ b/platform/ext/target/stm/nucleo_l552ze_q/config.cmake
@@ -1,5 +1,5 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2020, Arm Limited. All rights reserved.
+# Copyright (c) 2020-2021, Arm Limited. All rights reserved.
# Copyright (c) 2021 STMicroelectronics. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
@@ -12,4 +12,5 @@
################################## Dependencies ################################
set(CRYPTO_HW_ACCELERATOR ON CACHE BOOL "Whether to enable the crypto hardware accelerator on supported platforms")
+set(PLATFORM_DUMMY_NV_SEED FALSE CACHE BOOL "Use dummy NV seed implementation. Should not be used in production.")
set(MBEDCRYPTO_BUILD_TYPE minsizerel CACHE STRING "Build type of Mbed Crypto library")
diff --git a/platform/ext/target/stm/nucleo_l552ze_q/include/flash_layout.h b/platform/ext/target/stm/nucleo_l552ze_q/include/flash_layout.h
index 705e230..7d29e64 100644
--- a/platform/ext/target/stm/nucleo_l552ze_q/include/flash_layout.h
+++ b/platform/ext/target/stm/nucleo_l552ze_q/include/flash_layout.h
@@ -76,7 +76,7 @@
#define FLASH_AREA_SCRATCH_OFFSET (FLASH_AREA_BL2_NOHDP_OFFSET+FLASH_AREA_BL2_NOHDP_SIZE)
#define FLASH_AREA_SCRATCH_SIZE (0x2000)
/* according to test flash layout can change */
-#if defined(FLASH_LAYOUT_FOR_TEST) || defined(TEST_FRAMEWORK_S) || defined(TEST_FRAMEWORK_NS)
+#if defined(FLASH_LAYOUT_FOR_TEST)
/* Non Volatile Counters definitions */
#define FLASH_NV_COUNTERS_SECTOR_SIZE (0x1000)
/* fix me with overwrite scratch is not required */
diff --git a/platform/ext/target/stm/nucleo_l552ze_q/readme.rst b/platform/ext/target/stm/nucleo_l552ze_q/readme.rst
index 448aa11..f234692 100644
--- a/platform/ext/target/stm/nucleo_l552ze_q/readme.rst
+++ b/platform/ext/target/stm/nucleo_l552ze_q/readme.rst
@@ -12,11 +12,12 @@
``> mkdir build && cd build``
-``> cmake .. -DTFM_PLATFORM=stm/nucleo_l552ze_q -DCMAKE_TOOLCHAIN_FILE=../toolchain_GNUARM.cmake -G"Unix Makefiles"``
+``> cmake .. -DTFM_PLATFORM=stm/nucleo_l552ze_q -DTFM_TOOLCHAIN_FILE=../toolchain_GNUARM.cmake -G"Unix Makefiles"``
``> cmake --build ./ -- install``
-------------
-*Copyright (c) 2019 STMicroelectronics. All rights reserved.*
+*Copyright (c) 2021, Arm Limited. All rights reserved.*
+*Copyright (c) 2019, STMicroelectronics. All rights reserved.*
*SPDX-License-Identifier: BSD-3-Clause*
diff --git a/platform/ext/target/stm/stm32l562e_dk/accelerator/mbedtls_accelerator_config.h b/platform/ext/target/stm/stm32l562e_dk/accelerator/mbedtls_accelerator_config.h
index 89473e4..58d5c8a 100644
--- a/platform/ext/target/stm/stm32l562e_dk/accelerator/mbedtls_accelerator_config.h
+++ b/platform/ext/target/stm/stm32l562e_dk/accelerator/mbedtls_accelerator_config.h
@@ -15,7 +15,7 @@
/* RNG Config */
-#undef MBEDTLS_TEST_NULL_ENTROPY
+#undef MBEDTLS_ENTROPY_NV_SEED
#undef MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
#undef MBEDTLS_ECP_NIST_OPTIM
#define MBEDTLS_PLATFORM_ENTROPY
@@ -53,6 +53,9 @@
#define MBEDTLS_MD5_ALT
#endif /* MBEDTLS_ECP_C && MBEDTLS_MD_C */
+#undef MBEDTLS_AES_SETKEY_DEC_ALT
+#undef MBEDTLS_AES_DECRYPT_ALT
+
#ifdef __cplusplus
}
#endif /* __cplusplus */
diff --git a/platform/ext/target/stm/stm32l562e_dk/config.cmake b/platform/ext/target/stm/stm32l562e_dk/config.cmake
index 1f43c21..5e98476 100644
--- a/platform/ext/target/stm/stm32l562e_dk/config.cmake
+++ b/platform/ext/target/stm/stm32l562e_dk/config.cmake
@@ -1,5 +1,5 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2020, Arm Limited. All rights reserved.
+# Copyright (c) 2020-2021, Arm Limited. All rights reserved.
# Copyright (c) 2021 STMicroelectronics. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
@@ -12,5 +12,6 @@
################################## Dependencies ################################
set(CRYPTO_HW_ACCELERATOR ON CACHE BOOL "Whether to enable the crypto hardware accelerator on supported platforms")
+set(PLATFORM_DUMMY_NV_SEED FALSE CACHE BOOL "Use dummy NV seed implementation. Should not be used in production.")
set(MBEDCRYPTO_BUILD_TYPE minsizerel CACHE STRING "Build type of Mbed Crypto library")
-set(TFM_EXTRA_GENERATED_FILE_LIST_PATH ${CMAKE_CURRENT_SOURCE_DIR}/platform/ext/target/stm/common/generated_file_list.yaml CACHE PATH "Path to extra generated file list. Appended to stardard TFM generated file list." FORCE)
\ No newline at end of file
+set(TFM_EXTRA_GENERATED_FILE_LIST_PATH ${CMAKE_CURRENT_SOURCE_DIR}/platform/ext/target/stm/common/generated_file_list.yaml CACHE PATH "Path to extra generated file list. Appended to stardard TFM generated file list." FORCE)
diff --git a/platform/ext/target/stm/stm32l562e_dk/include/flash_layout.h b/platform/ext/target/stm/stm32l562e_dk/include/flash_layout.h
index f02175a..5318f04 100644
--- a/platform/ext/target/stm/stm32l562e_dk/include/flash_layout.h
+++ b/platform/ext/target/stm/stm32l562e_dk/include/flash_layout.h
@@ -109,7 +109,7 @@
#define FLASH_AREA_SCRATCH_OFFSET (FLASH_AREA_BL2_NOHDP_OFFSET+FLASH_AREA_BL2_NOHDP_SIZE)
#define FLASH_AREA_SCRATCH_SIZE (0x2000)
/* according to test flash layout can change */
-#if defined(FLASH_LAYOUT_FOR_TEST) || defined(TEST_FRAMEWORK_S) || defined(TEST_FRAMEWORK_NS)
+#if defined(FLASH_LAYOUT_FOR_TEST)
/* Non Volatile Counters definitions */
#define FLASH_NV_COUNTERS_SECTOR_SIZE (0x1000)
#if defined(EXTERNAL_FLASH)
diff --git a/platform/ext/target/stm/stm32l562e_dk/readme.rst b/platform/ext/target/stm/stm32l562e_dk/readme.rst
index 5ad6dad..7dd0e88 100644
--- a/platform/ext/target/stm/stm32l562e_dk/readme.rst
+++ b/platform/ext/target/stm/stm32l562e_dk/readme.rst
@@ -11,11 +11,12 @@
``> mkdir build && cd build``
-``> cmake .. -DTFM_PLATFORM=stm/nucleo_l552ze_q -DCMAKE_TOOLCHAIN_FILE=../toolchain_GNUARM.cmake -G"Unix Makefiles"``
+``> cmake .. -DTFM_PLATFORM=stm/stm32l562e-dk -DTFM_TOOLCHAIN_FILE=../toolchain_GNUARM.cmake -G"Unix Makefiles"``
``> cmake --build ./ -- install``
-------------
-*Copyright (c) 2019 STMicroelectronics. All rights reserved.*
+*Copyright (c) 2021, Arm Limited. All rights reserved.*
+*Copyright (c) 2019, STMicroelectronics. All rights reserved.*
*SPDX-License-Identifier: BSD-3-Clause*
diff --git a/platform/ext/target/arm/mps2/an521/mbedtls_an521_conf.h b/platform/include/mbedtls_entropy_nv_seed_config.h
similarity index 81%
rename from platform/ext/target/arm/mps2/an521/mbedtls_an521_conf.h
rename to platform/include/mbedtls_entropy_nv_seed_config.h
index ba37aff..1ea442b 100644
--- a/platform/ext/target/arm/mps2/an521/mbedtls_an521_conf.h
+++ b/platform/include/mbedtls_entropy_nv_seed_config.h
@@ -4,8 +4,8 @@
* SPDX-License-Identifier: BSD-3-Clause
*
*/
-#ifndef __MBEDTLS_AN521_CONF_H__
-#define __MBEDTLS_AN521_CONF_H__
+#ifndef __MBEDTLS_ENTROPY_NV_SEED_CONF_H__
+#define __MBEDTLS_ENTROPY_NV_SEED_CONF_H__
#include "tfm_plat_crypto_nv_seed.h"
@@ -13,7 +13,6 @@
extern "C" {
#endif /* __cplusplus */
-#undef MBEDTLS_TEST_NULL_ENTROPY
#undef MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
#undef MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
@@ -29,4 +28,4 @@
}
#endif /* __cplusplus */
-#endif /* __MBEDTLS_AN521_CONF_H__ */
+#endif /* __MBEDTLS_ENTROPY_NV_SEED_CONF_H__ */
diff --git a/platform/include/tfm_plat_test.h b/platform/include/tfm_plat_test.h
index 013081d..da41346 100644
--- a/platform/include/tfm_plat_test.h
+++ b/platform/include/tfm_plat_test.h
@@ -54,9 +54,9 @@
* the timer should be long enough so that the test service can go to the state
* where it starts waiting for the interrupt.
*/
-#ifdef TFM_ENABLE_SLIH_TEST
+#ifdef TEST_NS_SLIH_IRQ
TFM_LINK_SET_RO_IN_PARTITION_SECTION("TFM_SP_SLIH_TEST", "APP-ROT")
-#elif defined(TFM_ENABLE_FLIH_TEST)
+#elif defined(TEST_NS_FLIH_IRQ)
TFM_LINK_SET_RO_IN_PARTITION_SECTION("TFM_SP_FLIH_TEST", "APP-ROT")
#endif
void tfm_plat_test_secure_timer_start(void);
@@ -65,9 +65,9 @@
/**
* \brief Clears Secure timer interrupt
*/
-#ifdef TFM_ENABLE_SLIH_TEST
+#ifdef TEST_NS_SLIH_IRQ
TFM_LINK_SET_RO_IN_PARTITION_SECTION("TFM_SP_SLIH_TEST", "APP-ROT")
-#elif TFM_ENABLE_FLIH_TEST
+#elif TEST_NS_FLIH_IRQ
TFM_LINK_SET_RO_IN_PARTITION_SECTION("TFM_SP_FLIH_TEST", "APP-ROT")
#endif
void tfm_plat_test_secure_timer_clear_intr(void);
@@ -75,9 +75,9 @@
/**
* \brief Stops the Secure timer and clears the timer interrupt.
*/
-#ifdef TFM_ENABLE_SLIH_TEST
+#ifdef TEST_NS_SLIH_IRQ
TFM_LINK_SET_RO_IN_PARTITION_SECTION("TFM_SP_SLIH_TEST", "APP-ROT")
-#elif defined(TFM_ENABLE_FLIH_TEST)
+#elif defined(TEST_NS_FLIH_IRQ)
TFM_LINK_SET_RO_IN_PARTITION_SECTION("TFM_SP_FLIH_TEST", "APP-ROT")
#endif
void tfm_plat_test_secure_timer_stop(void);
diff --git a/secure_fw/CMakeLists.txt b/secure_fw/CMakeLists.txt
index bf8d21a..02a666b 100644
--- a/secure_fw/CMakeLists.txt
+++ b/secure_fw/CMakeLists.txt
@@ -28,8 +28,7 @@
add_subdirectory(partitions/platform)
add_subdirectory(partitions/psa_proxy)
add_subdirectory(partitions/firmware_update)
-add_subdirectory(partitions/tfm_ffm11_partition)
-add_subdirectory(partitions/ns_proxy_partition)
+add_subdirectory(partitions/ns_agent)
add_subdirectory(partitions/idle_partition)
target_include_directories(secure_fw
diff --git a/secure_fw/include/tfm/array.h b/secure_fw/include/array.h
similarity index 100%
rename from secure_fw/include/tfm/array.h
rename to secure_fw/include/array.h
diff --git a/secure_fw/include/tfm/tfm_spm_services.h b/secure_fw/include/tfm/tfm_spm_services.h
deleted file mode 100644
index c1f4238..0000000
--- a/secure_fw/include/tfm/tfm_spm_services.h
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-#ifndef __TFM_SPM_SERVICES_H__
-#define __TFM_SPM_SERVICES_H__
-
-#include "psa/service.h"
-
-enum tfm_spm_request_type_t {
- TFM_SPM_REQUEST_RESET_VOTE,
-};
-
-/**
- * \brief Request a vote from SPM on a system reset
- *
- * \return Returns 0 if request is accepted, any other value means reject
- */
-int32_t tfm_spm_request_reset_vote(void);
-
-#ifndef TFM_PSA_API
-void tfm_enable_irq(psa_signal_t irq_signal);
-void tfm_disable_irq(psa_signal_t irq_signal);
-#endif
-
-#endif /* __TFM_SPM_SERVICES_H__ */
diff --git a/secure_fw/partitions/crypto/CMakeLists.txt b/secure_fw/partitions/crypto/CMakeLists.txt
index 9b7fe7b..6c62445 100644
--- a/secure_fw/partitions/crypto/CMakeLists.txt
+++ b/secure_fw/partitions/crypto/CMakeLists.txt
@@ -75,7 +75,6 @@
$<$<BOOL:${CRYPTO_ENGINE_BUF_SIZE}>:TFM_CRYPTO_ENGINE_BUF_SIZE=${CRYPTO_ENGINE_BUF_SIZE}>
$<$<BOOL:${CRYPTO_CONC_OPER_NUM}>:TFM_CRYPTO_CONC_OPER_NUM=${CRYPTO_CONC_OPER_NUM}>
$<$<AND:$<BOOL:${TFM_PSA_API}>,$<BOOL:${CRYPTO_IOVEC_BUFFER_SIZE}>>:TFM_CRYPTO_IOVEC_BUFFER_SIZE=${CRYPTO_IOVEC_BUFFER_SIZE}>
- $<$<BOOL:${CRYPTO_KEY_ID_ENCODES_OWNER}>:CRYPTO_KEY_ID_ENCODES_OWNER>
)
################ Display the configuration being applied #######################
@@ -93,7 +92,6 @@
message(STATUS "CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED is set to ${CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED}")
message(STATUS "CRYPTO_ENGINE_BUF_SIZE is set to ${CRYPTO_ENGINE_BUF_SIZE}")
message(STATUS "CRYPTO_CONC_OPER_NUM is set to ${CRYPTO_CONC_OPER_NUM}")
-message(STATUS "CRYPTO_KEY_ID_ENCODES_OWNER is set to ${CRYPTO_KEY_ID_ENCODES_OWNER}")
if (${TFM_PSA_API})
message(STATUS "CRYPTO_IOVEC_BUFFER_SIZE is set to ${CRYPTO_IOVEC_BUFFER_SIZE}")
endif()
@@ -142,6 +140,7 @@
PSA_CRYPTO_SECURE
# Workaround for https://github.com/ARMmbed/mbedtls/issues/1077
$<$<OR:$<STREQUAL:${CMAKE_SYSTEM_ARCHITECTURE},armv8-m.base>,$<STREQUAL:${CMAKE_SYSTEM_ARCHITECTURE},armv6-m>>:MULADDC_CANNOT_USE_R7>
+ $<$<BOOL:${PLATFORM_DUMMY_NV_SEED}>:PLATFORM_DUMMY_NV_SEED>
)
cmake_policy(SET CMP0079 NEW)
diff --git a/secure_fw/partitions/crypto/crypto_aead.c b/secure_fw/partitions/crypto/crypto_aead.c
index bb43499..012ffcf 100644
--- a/secure_fw/partitions/crypto/crypto_aead.c
+++ b/secure_fw/partitions/crypto/crypto_aead.c
@@ -53,11 +53,6 @@
/* Initialise ciphertext_length to zero. */
out_vec[0].len = 0;
- status = tfm_crypto_check_handle_owner(key_id);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
status = tfm_crypto_encode_id_and_owner(key_id, &encoded_key);
if (status != PSA_SUCCESS) {
return status;
@@ -103,11 +98,6 @@
/* Initialise plaintext_length to zero. */
out_vec[0].len = 0;
- status = tfm_crypto_check_handle_owner(key_id);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
status = tfm_crypto_encode_id_and_owner(key_id, &encoded_key);
if (status != PSA_SUCCESS) {
return status;
diff --git a/secure_fw/partitions/crypto/crypto_asymmetric.c b/secure_fw/partitions/crypto/crypto_asymmetric.c
index 1291562..6640403 100644
--- a/secure_fw/partitions/crypto/crypto_asymmetric.c
+++ b/secure_fw/partitions/crypto/crypto_asymmetric.c
@@ -20,6 +20,75 @@
*/
/*!@{*/
+psa_status_t tfm_crypto_sign_message(psa_invec in_vec[],
+ size_t in_len,
+ psa_outvec out_vec[],
+ size_t out_len)
+{
+#ifdef TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
+ CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 2, out_len, 0, 1);
+
+ if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
+ return PSA_ERROR_PROGRAMMER_ERROR;
+ }
+
+ const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
+ psa_key_id_t key_id = iov->key_id;
+ psa_algorithm_t alg = iov->alg;
+ const uint8_t *input = in_vec[1].base;
+ size_t input_length = in_vec[1].len;
+ uint8_t *signature = out_vec[0].base;
+ size_t signature_size = out_vec[0].len;
+ mbedtls_svc_key_id_t encoded_key;
+ psa_status_t status;
+
+ status = tfm_crypto_encode_id_and_owner(key_id, &encoded_key);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+
+ return psa_sign_message(encoded_key, alg, input, input_length,
+ signature, signature_size, &(out_vec[0].len));
+#endif /* TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED */
+}
+
+psa_status_t tfm_crypto_verify_message(psa_invec in_vec[],
+ size_t in_len,
+ psa_outvec out_vec[],
+ size_t out_len)
+{
+#ifdef TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
+ CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 3, out_len, 0, 0);
+
+ if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
+ return PSA_ERROR_PROGRAMMER_ERROR;
+ }
+
+ const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
+
+ psa_key_id_t key_id = iov->key_id;
+ psa_algorithm_t alg = iov->alg;
+ const uint8_t *input = in_vec[1].base;
+ size_t input_length = in_vec[1].len;
+ const uint8_t *signature = in_vec[2].base;
+ size_t signature_length = in_vec[2].len;
+ mbedtls_svc_key_id_t encoded_key;
+ psa_status_t status;
+
+ status = tfm_crypto_encode_id_and_owner(key_id, &encoded_key);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+
+ return psa_verify_message(encoded_key, alg, input, input_length,
+ signature, signature_length);
+#endif /* TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED */
+}
+
psa_status_t tfm_crypto_sign_hash(psa_invec in_vec[],
size_t in_len,
psa_outvec out_vec[],
@@ -42,11 +111,7 @@
uint8_t *signature = out_vec[0].base;
size_t signature_size = out_vec[0].len;
mbedtls_svc_key_id_t encoded_key;
-
- psa_status_t status = tfm_crypto_check_handle_owner(key_id);
- if (status != PSA_SUCCESS) {
- return status;
- }
+ psa_status_t status;
status = tfm_crypto_encode_id_and_owner(key_id, &encoded_key);
if (status != PSA_SUCCESS) {
@@ -81,11 +146,7 @@
const uint8_t *signature = in_vec[2].base;
size_t signature_length = in_vec[2].len;
mbedtls_svc_key_id_t encoded_key;
- psa_status_t status = tfm_crypto_check_handle_owner(key_id);
-
- if (status != PSA_SUCCESS) {
- return status;
- }
+ psa_status_t status;
status = tfm_crypto_encode_id_and_owner(key_id, &encoded_key);
if (status != PSA_SUCCESS) {
@@ -127,11 +188,6 @@
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t encoded_key;
- status = tfm_crypto_check_handle_owner(key_id);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
status = tfm_crypto_encode_id_and_owner(key_id, &encoded_key);
if (status != PSA_SUCCESS) {
return status;
@@ -185,11 +241,6 @@
psa_status_t status;
mbedtls_svc_key_id_t encoded_key;
- status = tfm_crypto_check_handle_owner(key_id);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
status = tfm_crypto_encode_id_and_owner(key_id, &encoded_key);
if (status != PSA_SUCCESS) {
return status;
diff --git a/secure_fw/partitions/crypto/crypto_cipher.c b/secure_fw/partitions/crypto/crypto_cipher.c
index aea6c46..a45d239 100644
--- a/secure_fw/partitions/crypto/crypto_cipher.c
+++ b/secure_fw/partitions/crypto/crypto_cipher.c
@@ -123,11 +123,6 @@
psa_algorithm_t alg = iov->alg;
mbedtls_svc_key_id_t encoded_key;
- status = tfm_crypto_check_handle_owner(key_id);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
/* Allocate the operation context in the secure world */
status = tfm_crypto_operation_alloc(TFM_CRYPTO_CIPHER_OPERATION,
&handle,
@@ -180,11 +175,6 @@
psa_algorithm_t alg = iov->alg;
mbedtls_svc_key_id_t encoded_key;
- status = tfm_crypto_check_handle_owner(key_id);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
/* Allocate the operation context in the secure world */
status = tfm_crypto_operation_alloc(TFM_CRYPTO_CIPHER_OPERATION,
&handle,
@@ -360,9 +350,9 @@
#else
psa_status_t status = PSA_SUCCESS;
- CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 2, out_len, 0, 1);
+ CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 2, out_len, 1, 1);
- if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
+ if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) {
return PSA_ERROR_PROGRAMMER_ERROR;
}
@@ -375,21 +365,13 @@
size_t output_size = out_vec[0].len;
mbedtls_svc_key_id_t encoded_key;
- /* Initialise plaintext_length to zero. */
- out_vec[0].len = 0;
-
- status = tfm_crypto_check_handle_owner(key_id);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
status = tfm_crypto_encode_id_and_owner(key_id, &encoded_key);
if (status != PSA_SUCCESS) {
return status;
}
- return psa_cipher_encrypt(encoded_key, alg, input, input_length,
- output, output_size, &out_vec[0].len);
+ return psa_cipher_encrypt(encoded_key, alg, input, input_length, output,
+ output_size, &out_vec[0].len);
#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
@@ -403,12 +385,11 @@
#else
psa_status_t status = PSA_SUCCESS;
- CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 2, out_len, 0, 1);
+ CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 2, out_len, 1, 1);
- if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
+ if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) {
return PSA_ERROR_PROGRAMMER_ERROR;
}
-
const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
psa_key_id_t key_id = iov->key_id;
psa_algorithm_t alg = iov->alg;
@@ -418,21 +399,13 @@
size_t output_size = out_vec[0].len;
mbedtls_svc_key_id_t encoded_key;
- /* Initialise plaintext_length to zero. */
- out_vec[0].len = 0;
-
- status = tfm_crypto_check_handle_owner(key_id);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
status = tfm_crypto_encode_id_and_owner(key_id, &encoded_key);
if (status != PSA_SUCCESS) {
return status;
}
- return psa_cipher_decrypt(encoded_key, alg, input, input_length,
- output, output_size, &out_vec[0].len);
+ return psa_cipher_decrypt(encoded_key, alg, input, input_length, output,
+ output_size, &out_vec[0].len);
#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
/*!@}*/
diff --git a/secure_fw/partitions/crypto/crypto_init.c b/secure_fw/partitions/crypto/crypto_init.c
index bcb336e..6dd7bf2 100644
--- a/secure_fw/partitions/crypto/crypto_init.c
+++ b/secure_fw/partitions/crypto/crypto_init.c
@@ -276,12 +276,8 @@
static psa_status_t tfm_crypto_engine_init(void)
{
- /* Log unsafe entropy source */
-#if defined (MBEDTLS_TEST_NULL_ENTROPY)
- LOG_INFFMT("\033[1;34m[Crypto] MBEDTLS_TEST_NULL_ENTROPY is not suitable for production!\033[0m\r\n");
-#endif
-
#ifdef PLATFORM_DUMMY_NV_SEED
+ LOG_INFFMT("\033[1;34m[Crypto] Dummy Entropy NV Seed is not suitable for production!\033[0m\r\n");
if (tfm_plat_crypto_create_entropy_seed() != TFM_CRYPTO_NV_SEED_SUCCESS) {
return PSA_ERROR_GENERIC_ERROR;
}
diff --git a/secure_fw/partitions/crypto/crypto_key.c b/secure_fw/partitions/crypto/crypto_key.c
index dd03417..892ce11 100644
--- a/secure_fw/partitions/crypto/crypto_key.c
+++ b/secure_fw/partitions/crypto/crypto_key.c
@@ -14,129 +14,10 @@
#include "tfm_crypto_defs.h"
#include "tfm_crypto_private.h"
-#ifndef TFM_CRYPTO_KEY_MODULE_DISABLED
-#ifdef CRYPTO_KEY_ID_ENCODES_OWNER
-#ifndef TFM_CRYPTO_MAX_KEY_HANDLES
-#define TFM_CRYPTO_MAX_KEY_HANDLES (32)
+#ifndef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
+#error "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER must be selected in Mbed TLS config file"
#endif
-struct tfm_crypto_handle_owner_s {
- int32_t owner; /*!< Owner of the allocated handle */
- psa_key_id_t key; /*!< Allocated key */
- uint8_t in_use; /*!< Flag to indicate if this in use */
-};
-
-static struct tfm_crypto_handle_owner_s
- handle_owner[TFM_CRYPTO_MAX_KEY_HANDLES] = {0};
-
-static void set_handle_owner(uint8_t idx, int32_t client_id,
- psa_key_id_t key_handle)
-{
- /* Skip checking idx */
-
- handle_owner[idx].owner = client_id;
- handle_owner[idx].key = key_handle;
- handle_owner[idx].in_use = TFM_CRYPTO_IN_USE;
-}
-
-static void clean_handle_owner(uint8_t idx)
-{
- /* Skip checking idx */
-
- handle_owner[idx].owner = TFM_INVALID_CLIENT_ID;
- handle_owner[idx].key = NULL;
- handle_owner[idx].in_use = TFM_CRYPTO_NOT_IN_USE;
-}
-
-static psa_status_t find_empty_handle_owner_slot(uint8_t *idx)
-{
- uint8_t i;
-
- for (i = 0; i < TFM_CRYPTO_MAX_KEY_HANDLES; i++) {
- if (handle_owner[i].in_use == TFM_CRYPTO_NOT_IN_USE) {
- *idx = i;
- return PSA_SUCCESS;
- }
- }
-
- return PSA_ERROR_INSUFFICIENT_MEMORY;
-}
-
-/*
- * Check that the requested handle belongs to the requesting partition
- *
- * Argument idx is optional. It points to the buffer to hold the internal
- * index corresponding to the input handle. Valid only on PSA_SUCCESS.
- * It is filled only if the input pointer is not NULL.
- *
- * Return values as described in \ref psa_status_t
- */
-static psa_status_t check_handle_owner(psa_key_id_t key, uint8_t *idx)
-{
- int32_t client_id = 0;
- uint8_t i = 0;
- psa_status_t status;
-
- status = tfm_crypto_get_caller_id(&client_id);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
- for (i = 0; i < TFM_CRYPTO_MAX_KEY_HANDLES; i++) {
- if (handle_owner[i].in_use && handle_owner[i].key == key) {
- if (handle_owner[i].owner == client_id) {
- if (idx) {
- *idx = i;
- }
- return PSA_SUCCESS;
- } else {
- return PSA_ERROR_NOT_PERMITTED;
- }
- }
- }
-
- return PSA_ERROR_INVALID_HANDLE;
-}
-
-static void encoded_key_id_make(psa_key_id_t key, uint8_t slot_idx,
- mbedtls_svc_key_id_t *encoded_key)
-{
- /* Skip checking encoded_key */
- *encoded_key = mbedtls_svc_key_id_make(handle_owner[slot_idx].owner, key);
-}
-#else /* CRYPTO_KEY_ID_ENCODES_OWNER */
-#define set_handle_owner(idx, client_id, key_handle) do {} while (0)
-#define clean_handle_owner(idx) do {} while (0)
-
-static inline psa_status_t find_empty_handle_owner_slot(uint8_t *idx)
-{
- *idx = 0;
-
- return PSA_SUCCESS;
-}
-
-static inline psa_status_t check_handle_owner(psa_key_id_t key, uint8_t *idx)
-{
- (void)key;
-
- if (idx) {
- *idx = 0;
- }
-
- return PSA_SUCCESS;
-}
-
-static inline void encoded_key_id_make(psa_key_id_t key, uint8_t slot_idx,
- mbedtls_svc_key_id_t *encoded_key)
-{
- (void)slot_idx;
-
- /* Skip checking encoded_key */
- *encoded_key = mbedtls_svc_key_id_make(TFM_INVALID_CLIENT_ID, key);
-}
-#endif /* CRYPTO_KEY_ID_ENCODES_OWNER */
-#endif /* !TFM_CRYPTO_KEY_MODULE_DISABLED */
-
/*!
* \defgroup public Public functions
*
@@ -147,26 +28,27 @@
int32_t client_id,
psa_key_attributes_t *key_attributes)
{
+ psa_core_key_attributes_t *core;
+
if (client_key_attr == NULL || key_attributes == NULL) {
return PSA_ERROR_PROGRAMMER_ERROR;
}
*key_attributes = psa_key_attributes_init();
+ core = &(key_attributes->MBEDTLS_PRIVATE(core));
/* Copy core key attributes from the client core key attributes */
- key_attributes->core.type = client_key_attr->type;
- key_attributes->core.lifetime = client_key_attr->lifetime;
- key_attributes->core.policy.usage = client_key_attr->usage;
- key_attributes->core.policy.alg = client_key_attr->alg;
- key_attributes->core.bits = client_key_attr->bits;
+ core->MBEDTLS_PRIVATE(type) = client_key_attr->type;
+ core->MBEDTLS_PRIVATE(lifetime) = client_key_attr->lifetime;
+ core->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage) =
+ client_key_attr->usage;
+ core->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg) =
+ client_key_attr->alg;
+ core->MBEDTLS_PRIVATE(bits) = client_key_attr->bits;
/* Use the client key id as the key_id and its partition id as the owner */
-#ifdef CRYPTO_KEY_ID_ENCODES_OWNER
- key_attributes->core.id.key_id = client_key_attr->id;
- key_attributes->core.id.owner = client_id;
-#else
- key_attributes->core.id = client_key_attr->id;
-#endif
+ core->MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(key_id) = client_key_attr->id;
+ core->MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(owner) = client_id;
return PSA_SUCCESS;
}
@@ -181,33 +63,21 @@
struct psa_client_key_attributes_s v = PSA_CLIENT_KEY_ATTRIBUTES_INIT;
*client_key_attr = v;
+ psa_core_key_attributes_t core = key_attributes->MBEDTLS_PRIVATE(core);
/* Copy core key attributes from the client core key attributes */
- client_key_attr->type = key_attributes->core.type;
- client_key_attr->lifetime = key_attributes->core.lifetime;
- client_key_attr->usage = key_attributes->core.policy.usage;
- client_key_attr->alg = key_attributes->core.policy.alg;
- client_key_attr->bits = key_attributes->core.bits;
+ client_key_attr->type = core.MBEDTLS_PRIVATE(type);
+ client_key_attr->lifetime = core.MBEDTLS_PRIVATE(lifetime);
+ client_key_attr->usage = core.MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage);
+ client_key_attr->alg = core.MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg);
+ client_key_attr->bits = core.MBEDTLS_PRIVATE(bits);
/* Return the key_id as the client key id, do not return the owner */
-#ifdef CRYPTO_KEY_ID_ENCODES_OWNER
- client_key_attr->id = key_attributes->core.id.key_id;
-#else
- client_key_attr->id = key_attributes->core.id;
-#endif
+ client_key_attr->id = core.MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(key_id);
return PSA_SUCCESS;
}
-psa_status_t tfm_crypto_check_handle_owner(psa_key_id_t key)
-{
-#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
- return PSA_ERROR_NOT_SUPPORTED;
-#else
- return check_handle_owner(key, NULL);
-#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
-}
-
psa_status_t tfm_crypto_encode_id_and_owner(psa_key_id_t key_id,
mbedtls_svc_key_id_t *enc_key_ptr)
{
@@ -229,35 +99,6 @@
return PSA_SUCCESS;
}
-psa_status_t tfm_crypto_check_key_storage(uint32_t *index)
-{
-#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
- return PSA_ERROR_NOT_SUPPORTED;
-#else
- return find_empty_handle_owner_slot((uint8_t *)index);
-#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
-}
-
-psa_status_t tfm_crypto_set_key_storage(uint32_t index,
- psa_key_id_t key_handle)
-{
-#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
- return PSA_ERROR_NOT_SUPPORTED;
-#else
- psa_status_t status;
- int32_t partition_id;
-
- status = tfm_crypto_get_caller_id(&partition_id);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
- set_handle_owner(index, partition_id, key_handle);
-
- return PSA_SUCCESS;
-#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
-}
-
psa_status_t tfm_crypto_set_key_domain_parameters(psa_invec in_vec[],
size_t in_len,
psa_outvec out_vec[],
@@ -307,15 +148,9 @@
psa_status_t status;
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
- uint8_t i = 0;
mbedtls_svc_key_id_t encoded_key;
int32_t partition_id = 0;
- status = find_empty_handle_owner_slot(&i);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
status = tfm_crypto_get_caller_id(&partition_id);
if (status != PSA_SUCCESS) {
return status;
@@ -329,17 +164,13 @@
}
status = psa_import_key(&key_attributes, data, data_length, &encoded_key);
- /* Update the imported key id */
-#ifdef CRYPTO_KEY_ID_ENCODES_OWNER
- *psa_key = encoded_key.key_id;
-#else
- *psa_key = (psa_key_id_t)encoded_key;
-#endif
-
- if (status == PSA_SUCCESS) {
- set_handle_owner(i, partition_id, *psa_key);
+ if (status != PSA_SUCCESS) {
+ return status;
}
+ /* Update the imported key id */
+ *psa_key = encoded_key.MBEDTLS_PRIVATE(key_id);
+
return status;
#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
@@ -365,13 +196,7 @@
psa_key_id_t *key = out_vec[0].base;
psa_status_t status;
mbedtls_svc_key_id_t encoded_key;
- int32_t partition_id;
- uint8_t i;
-
- status = find_empty_handle_owner_slot(&i);
- if (status != PSA_SUCCESS) {
- return status;
- }
+ int32_t partition_id = 0;
status = tfm_crypto_get_caller_id(&partition_id);
if (status != PSA_SUCCESS) {
@@ -382,16 +207,12 @@
encoded_key = mbedtls_svc_key_id_make(partition_id, client_key_id);
status = psa_open_key(encoded_key, &encoded_key);
-#ifdef CRYPTO_KEY_ID_ENCODES_OWNER
- *key = encoded_key.key_id;
-#else
- *key = (psa_key_id_t)encoded_key;
-#endif
-
- if (status == PSA_SUCCESS) {
- set_handle_owner(i, partition_id, *key);
+ if (status != PSA_SUCCESS) {
+ return status;
}
+ *key = encoded_key.MBEDTLS_PRIVATE(key_id);
+
return status;
#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
@@ -414,23 +235,18 @@
const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
psa_key_id_t key = iov->key_id;
- uint8_t index;
mbedtls_svc_key_id_t encoded_key;
+ int32_t partition_id = 0;
psa_status_t status;
- status = check_handle_owner(key, &index);
+ status = tfm_crypto_get_caller_id(&partition_id);
if (status != PSA_SUCCESS) {
return status;
}
- encoded_key_id_make(key, index, &encoded_key);
+ encoded_key = mbedtls_svc_key_id_make(partition_id, key);
- status = psa_close_key(encoded_key);
- if (status == PSA_SUCCESS) {
- clean_handle_owner(index);
- }
-
- return status;
+ return psa_close_key(encoded_key);
#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
@@ -451,23 +267,18 @@
}
const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
psa_key_id_t key = iov->key_id;
- uint8_t index;
mbedtls_svc_key_id_t encoded_key;
+ int32_t partition_id = 0;
psa_status_t status;
- status = check_handle_owner(key, &index);
+ status = tfm_crypto_get_caller_id(&partition_id);
if (status != PSA_SUCCESS) {
return status;
}
- encoded_key_id_make(key, index, &encoded_key);
+ encoded_key = mbedtls_svc_key_id_make(partition_id, key);
- status = psa_destroy_key(encoded_key);
- if (status == PSA_SUCCESS) {
- clean_handle_owner(index);
- }
-
- return status;
+ return psa_destroy_key(encoded_key);
#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
@@ -493,14 +304,14 @@
psa_status_t status;
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t encoded_key;
- uint8_t index;
+ int32_t partition_id = 0;
- status = check_handle_owner(key, &index);
+ status = tfm_crypto_get_caller_id(&partition_id);
if (status != PSA_SUCCESS) {
return status;
}
- encoded_key_id_make(key, index, &encoded_key);
+ encoded_key = mbedtls_svc_key_id_make(partition_id, key);
status = psa_get_key_attributes(encoded_key, &key_attributes);
if (status == PSA_SUCCESS) {
@@ -572,15 +383,15 @@
uint8_t *data = out_vec[0].base;
size_t data_size = out_vec[0].len;
mbedtls_svc_key_id_t encoded_key;
+ int32_t partition_id = 0;
psa_status_t status;
- uint8_t index;
- status = check_handle_owner(key, &index);
+ status = tfm_crypto_get_caller_id(&partition_id);
if (status != PSA_SUCCESS) {
return status;
}
- encoded_key_id_make(key, index, &encoded_key);
+ encoded_key = mbedtls_svc_key_id_make(partition_id, key);
return psa_export_key(encoded_key, data, data_size,
&(out_vec[0].len));
@@ -606,15 +417,15 @@
uint8_t *data = out_vec[0].base;
size_t data_size = out_vec[0].len;
mbedtls_svc_key_id_t encoded_key;
+ int32_t partition_id = 0;
psa_status_t status;
- uint8_t index;
- status = check_handle_owner(key, &index);
+ status = tfm_crypto_get_caller_id(&partition_id);
if (status != PSA_SUCCESS) {
return status;
}
- encoded_key_id_make(key, index, &encoded_key);
+ encoded_key = mbedtls_svc_key_id_make(partition_id, key);
return psa_export_public_key(encoded_key, data, data_size,
&(out_vec[0].len));
@@ -639,22 +450,17 @@
const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
psa_key_id_t key = iov->key_id;
mbedtls_svc_key_id_t encoded_key;
+ int32_t partition_id = 0;
psa_status_t status;
- uint8_t index;
- status = check_handle_owner(key, &index);
+ status = tfm_crypto_get_caller_id(&partition_id);
if (status != PSA_SUCCESS) {
return status;
}
- encoded_key_id_make(key, index, &encoded_key);
+ encoded_key = mbedtls_svc_key_id_make(partition_id, key);
- status = psa_purge_key(encoded_key);
- if (status == PSA_SUCCESS) {
- clean_handle_owner(index);
- }
-
- return status;
+ return psa_purge_key(encoded_key);
#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
@@ -681,16 +487,10 @@
const struct psa_client_key_attributes_s *client_key_attr = in_vec[1].base;
psa_status_t status;
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
- uint8_t i = 0;
int32_t partition_id = 0;
mbedtls_svc_key_id_t target_key;
mbedtls_svc_key_id_t encoded_key;
- status = find_empty_handle_owner_slot(&i);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
status = tfm_crypto_get_caller_id(&partition_id);
if (status != PSA_SUCCESS) {
return status;
@@ -703,22 +503,14 @@
return status;
}
- status = check_handle_owner(source_key_id, NULL);
+ encoded_key = mbedtls_svc_key_id_make(partition_id, source_key_id);
+
+ status = psa_copy_key(encoded_key, &key_attributes, &target_key);
if (status != PSA_SUCCESS) {
return status;
}
- encoded_key_id_make(source_key_id, i, &encoded_key);
-
- status = psa_copy_key(encoded_key, &key_attributes, &target_key);
-#ifdef CRYPTO_KEY_ID_ENCODES_OWNER
- *target_key_id = target_key.key_id;
-#else
- *target_key_id = (psa_key_id_t)target_key;
-#endif
- if (status == PSA_SUCCESS) {
- set_handle_owner(i, partition_id, *target_key_id);
- }
+ *target_key_id = target_key.MBEDTLS_PRIVATE(key_id);
return status;
#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
@@ -744,15 +536,9 @@
const struct psa_client_key_attributes_s *client_key_attr = in_vec[1].base;
psa_status_t status;
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
- uint8_t i = 0;
int32_t partition_id = 0;
mbedtls_svc_key_id_t encoded_key;
- status = find_empty_handle_owner_slot(&i);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
status = tfm_crypto_get_caller_id(&partition_id);
if (status != PSA_SUCCESS) {
return status;
@@ -766,16 +552,12 @@
}
status = psa_generate_key(&key_attributes, &encoded_key);
-#ifdef CRYPTO_KEY_ID_ENCODES_OWNER
- *key_handle = encoded_key.key_id;
-#else
- *key_handle = (psa_key_id_t)encoded_key;
-#endif
-
- if (status == PSA_SUCCESS) {
- set_handle_owner(i, partition_id, *key_handle);
+ if (status != PSA_SUCCESS) {
+ return status;
}
+ *key_handle = encoded_key.MBEDTLS_PRIVATE(key_id);
+
return status;
#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
diff --git a/secure_fw/partitions/crypto/crypto_key_derivation.c b/secure_fw/partitions/crypto/crypto_key_derivation.c
index 38fda1b..1850b86 100644
--- a/secure_fw/partitions/crypto/crypto_key_derivation.c
+++ b/secure_fw/partitions/crypto/crypto_key_derivation.c
@@ -29,7 +29,7 @@
psa_key_derivation_operation_t *operation,
psa_algorithm_t alg)
{
- operation->alg = TFM_CRYPTO_ALG_HUK_DERIVATION;
+ operation->MBEDTLS_PRIVATE(alg) = TFM_CRYPTO_ALG_HUK_DERIVATION;
return PSA_SUCCESS;
}
@@ -41,6 +41,7 @@
{
psa_status_t status;
int32_t partition_id;
+ psa_tls12_prf_key_derivation_t *tls12_prf;
if (step != PSA_KEY_DERIVATION_INPUT_LABEL) {
return PSA_ERROR_INVALID_ARGUMENT;
@@ -66,16 +67,18 @@
/* Put the label in the tls12_prf ctx to make it available in the output key
* step.
*/
- operation->ctx.tls12_prf.label = mbedtls_calloc(1, sizeof(partition_id)
- + data_length);
- if (operation->ctx.tls12_prf.label == NULL) {
+ tls12_prf = &(operation->MBEDTLS_PRIVATE(ctx).MBEDTLS_PRIVATE(tls12_prf));
+ tls12_prf->MBEDTLS_PRIVATE(label) =
+ mbedtls_calloc(1, sizeof(partition_id) + data_length);
+ if (tls12_prf->MBEDTLS_PRIVATE(label) == NULL) {
return PSA_ERROR_INSUFFICIENT_MEMORY;
}
- (void)tfm_memcpy(operation->ctx.tls12_prf.label, &partition_id,
+ (void)tfm_memcpy(tls12_prf->MBEDTLS_PRIVATE(label), &partition_id,
sizeof(partition_id));
- (void)tfm_memcpy(operation->ctx.tls12_prf.label + sizeof(partition_id),
+ (void)tfm_memcpy(tls12_prf->MBEDTLS_PRIVATE(label) + sizeof(partition_id),
data, data_length);
- operation->ctx.tls12_prf.label_length = sizeof(partition_id) + data_length;
+ tls12_prf->MBEDTLS_PRIVATE(label_length) = sizeof(partition_id) +
+ data_length;
return PSA_SUCCESS;
}
@@ -87,32 +90,37 @@
{
enum tfm_plat_err_t err;
size_t bytes = PSA_BITS_TO_BYTES(psa_get_key_bits(attributes));
+ psa_tls12_prf_key_derivation_t *tls12_prf =
+ &(operation->MBEDTLS_PRIVATE(ctx).MBEDTLS_PRIVATE(tls12_prf));
- if (sizeof(operation->ctx.tls12_prf.output_block) < bytes) {
+ if (sizeof(tls12_prf->MBEDTLS_PRIVATE(output_block)) < bytes) {
return PSA_ERROR_INSUFFICIENT_MEMORY;
}
/* Derive key material from the HUK and output it to the operation buffer */
- err = tfm_plat_get_huk_derived_key(operation->ctx.tls12_prf.label,
- operation->ctx.tls12_prf.label_length,
+ err = tfm_plat_get_huk_derived_key(tls12_prf->MBEDTLS_PRIVATE(label),
+ tls12_prf->MBEDTLS_PRIVATE(label_length),
NULL, 0,
- operation->ctx.tls12_prf.output_block,
+ tls12_prf->MBEDTLS_PRIVATE(output_block),
bytes);
if (err != TFM_PLAT_ERR_SUCCESS) {
return PSA_ERROR_HARDWARE_FAILURE;
}
- return psa_import_key(attributes, operation->ctx.tls12_prf.output_block,
+ return psa_import_key(attributes, tls12_prf->MBEDTLS_PRIVATE(output_block),
bytes, key_id);
}
static psa_status_t tfm_crypto_huk_derivation_abort(
psa_key_derivation_operation_t *operation)
{
- if (operation->ctx.tls12_prf.label != NULL) {
- (void)tfm_memset(operation->ctx.tls12_prf.label, 0,
- operation->ctx.tls12_prf.label_length);
- mbedtls_free(operation->ctx.tls12_prf.label);
+ psa_tls12_prf_key_derivation_t *tls12_prf =
+ &(operation->MBEDTLS_PRIVATE(ctx).MBEDTLS_PRIVATE(tls12_prf));
+
+ if (tls12_prf->MBEDTLS_PRIVATE(label) != NULL) {
+ (void)tfm_memset(tls12_prf->MBEDTLS_PRIVATE(label), 0,
+ tls12_prf->MBEDTLS_PRIVATE(label_length));
+ mbedtls_free(tls12_prf->MBEDTLS_PRIVATE(label));
}
(void)tfm_memset(operation, 0, sizeof(*operation));
@@ -273,7 +281,7 @@
return status;
}
- if (operation->alg == TFM_CRYPTO_ALG_HUK_DERIVATION) {
+ if (operation->MBEDTLS_PRIVATE(alg) == TFM_CRYPTO_ALG_HUK_DERIVATION) {
return tfm_crypto_huk_derivation_input_bytes(operation, step, data,
data_length);
} else {
@@ -339,11 +347,6 @@
psa_key_derivation_operation_t *operation = NULL;
mbedtls_svc_key_id_t encoded_key;
- status = tfm_crypto_check_handle_owner(key_id);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
/* Look up the corresponding operation context */
status = tfm_crypto_operation_lookup(TFM_CRYPTO_KEY_DERIVATION_OPERATION,
handle,
@@ -386,7 +389,6 @@
psa_key_id_t *key_handle = out_vec[0].base;
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
int32_t partition_id;
- uint32_t index;
mbedtls_svc_key_id_t encoded_key;
/* Look up the corresponding operation context */
@@ -397,11 +399,6 @@
return status;
}
- status = tfm_crypto_check_key_storage(&index);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
status = tfm_crypto_get_caller_id(&partition_id);
if (status != PSA_SUCCESS) {
return status;
@@ -414,22 +411,15 @@
return status;
}
- if (operation->alg == TFM_CRYPTO_ALG_HUK_DERIVATION) {
+ if (operation->MBEDTLS_PRIVATE(alg) == TFM_CRYPTO_ALG_HUK_DERIVATION) {
status = tfm_crypto_huk_derivation_output_key(&key_attributes,
operation, &encoded_key);
} else {
status = psa_key_derivation_output_key(&key_attributes, operation,
&encoded_key);
}
-#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
- *key_handle = encoded_key.key_id;
-#else
- *key_handle = (psa_key_id_t)encoded_key;
-#endif
- if (status == PSA_SUCCESS) {
- status = tfm_crypto_set_key_storage(index, *key_handle);
- }
+ *key_handle = encoded_key.MBEDTLS_PRIVATE(key_id);
return status;
#endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
@@ -471,7 +461,7 @@
*handle_out = handle;
- if (operation->alg == TFM_CRYPTO_ALG_HUK_DERIVATION) {
+ if (operation->MBEDTLS_PRIVATE(alg) == TFM_CRYPTO_ALG_HUK_DERIVATION) {
status = tfm_crypto_huk_derivation_abort(operation);
} else {
status = psa_key_derivation_abort(operation);
@@ -513,11 +503,6 @@
psa_key_derivation_step_t step = iov->step;
mbedtls_svc_key_id_t encoded_key;
- status = tfm_crypto_check_handle_owner(private_key);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
/* Look up the corresponding operation context */
status = tfm_crypto_operation_lookup(TFM_CRYPTO_KEY_DERIVATION_OPERATION,
handle,
@@ -560,12 +545,7 @@
const uint8_t *peer_key = in_vec[1].base;
size_t peer_key_length = in_vec[1].len;
mbedtls_svc_key_id_t encoded_key;
-
- psa_status_t status = tfm_crypto_check_handle_owner(private_key);
-
- if (status != PSA_SUCCESS) {
- return status;
- }
+ psa_status_t status;
status = tfm_crypto_encode_id_and_owner(private_key, &encoded_key);
if (status != PSA_SUCCESS) {
diff --git a/secure_fw/partitions/crypto/crypto_mac.c b/secure_fw/partitions/crypto/crypto_mac.c
index 3580826..4c9ba2d 100644
--- a/secure_fw/partitions/crypto/crypto_mac.c
+++ b/secure_fw/partitions/crypto/crypto_mac.c
@@ -44,11 +44,6 @@
psa_algorithm_t alg = iov->alg;
mbedtls_svc_key_id_t encoded_key;
- status = tfm_crypto_check_handle_owner(key_id);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
/* Init the handle in the operation with the one passed from the iov */
*handle_out = iov->op_handle;
@@ -105,11 +100,6 @@
psa_algorithm_t alg = iov->alg;
mbedtls_svc_key_id_t encoded_key;
- status = tfm_crypto_check_handle_owner(key_id);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
/* Init the handle in the operation with the one passed from the iov */
*handle_out = iov->op_handle;
@@ -324,21 +314,20 @@
#ifdef TFM_CRYPTO_MAC_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
#else
+ psa_status_t status = PSA_SUCCESS;
- CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 2, out_len, 0, 1);
+ CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 2, out_len, 1, 1);
- if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
- return PSA_ERROR_PROGRAMMER_ERROR;
+ if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) {
+ return PSA_ERROR_PROGRAMMER_ERROR;
}
-
const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
- psa_algorithm_t alg = iov->alg;
psa_key_id_t key_id = iov->key_id;
+ psa_algorithm_t alg = iov->alg;
const uint8_t *input = in_vec[1].base;
size_t input_length = in_vec[1].len;
- uint8_t *output = out_vec[0].base;
- size_t output_size = out_vec[0].len;
- psa_status_t status;
+ uint8_t *mac = out_vec[0].base;
+ size_t mac_size = out_vec[0].len;
mbedtls_svc_key_id_t encoded_key;
status = tfm_crypto_encode_id_and_owner(key_id, &encoded_key);
@@ -346,9 +335,8 @@
return status;
}
- return psa_mac_compute(encoded_key, alg, input, input_length,
- output, output_size, &out_vec[0].len);
-
+ return psa_mac_compute(encoded_key, alg, input, input_length, mac, mac_size,
+ &out_vec[0].len);
#endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */
}
@@ -360,32 +348,29 @@
#ifdef TFM_CRYPTO_MAC_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
#else
+ psa_status_t status = PSA_SUCCESS;
CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 3, out_len, 0, 0);
- if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
- return PSA_ERROR_PROGRAMMER_ERROR;
+ if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) {
+ return PSA_ERROR_PROGRAMMER_ERROR;
}
-
const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
- psa_algorithm_t alg = iov->alg;
psa_key_id_t key_id = iov->key_id;
+ psa_algorithm_t alg = iov->alg;
const uint8_t *input = in_vec[1].base;
size_t input_length = in_vec[1].len;
const uint8_t *mac = in_vec[2].base;
size_t mac_length = in_vec[2].len;
mbedtls_svc_key_id_t encoded_key;
- psa_status_t status;
status = tfm_crypto_encode_id_and_owner(key_id, &encoded_key);
if (status != PSA_SUCCESS) {
return status;
}
- return psa_mac_verify(encoded_key, alg,
- input, input_length,
- mac, mac_length);
-
+ return psa_mac_verify(encoded_key, alg, input, input_length, mac,
+ mac_length);
#endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */
}
/*!@}*/
diff --git a/secure_fw/partitions/crypto/crypto_spe.h b/secure_fw/partitions/crypto/crypto_spe.h
index 58f761f..9308bbd 100644
--- a/secure_fw/partitions/crypto/crypto_spe.h
+++ b/secure_fw/partitions/crypto/crypto_spe.h
@@ -126,6 +126,10 @@
PSA_FUNCTION_NAME(psa_mac_verify)
#define psa_mac_abort \
PSA_FUNCTION_NAME(psa_mac_abort)
+#define psa_sign_message \
+ PSA_FUNCTION_NAME(psa_sign_message)
+#define psa_verify_message \
+ PSA_FUNCTION_NAME(psa_verify_message)
#define psa_sign_hash \
PSA_FUNCTION_NAME(psa_sign_hash)
#define psa_verify_hash \
diff --git a/secure_fw/partitions/crypto/tfm_crypto.yaml b/secure_fw/partitions/crypto/tfm_crypto.yaml
index 449668a..980849a 100644
--- a/secure_fw/partitions/crypto/tfm_crypto.yaml
+++ b/secure_fw/partitions/crypto/tfm_crypto.yaml
@@ -344,6 +344,20 @@
"minor_policy": "STRICT"
},
{
+ "name": "TFM_CRYPTO_SIGN_MESSAGE",
+ "signal": "TFM_CRYPTO_SIGN_MESSAGE",
+ "non_secure_clients": true,
+ "version": 1,
+ "version_policy": "STRICT"
+ },
+ {
+ "name": "TFM_CRYPTO_VERIFY_MESSAGE",
+ "signal": "TFM_CRYPTO_VERIFY_MESSAGE",
+ "non_secure_clients": true,
+ "version": 1,
+ "version_policy": "STRICT"
+ },
+ {
"name": "TFM_CRYPTO_SIGN_HASH",
"signal": "TFM_CRYPTO_SIGN_HASH",
"non_secure_clients": true,
@@ -468,9 +482,6 @@
},
],
"dependencies": [
- "TFM_ITS_SET",
- "TFM_ITS_GET",
- "TFM_ITS_GET_INFO",
- "TFM_ITS_REMOVE",
+ "TFM_INTERNAL_TRUSTED_STORAGE_SERVICE"
]
}
diff --git a/secure_fw/partitions/crypto/tfm_crypto_api.h b/secure_fw/partitions/crypto/tfm_crypto_api.h
index 7e85b22..cfdf747 100644
--- a/secure_fw/partitions/crypto/tfm_crypto_api.h
+++ b/secure_fw/partitions/crypto/tfm_crypto_api.h
@@ -96,37 +96,6 @@
struct psa_client_key_attributes_s *client_key_attr);
/**
- * \brief Checks that the requested handle belongs to the requesting
- * partition
- *
- * \param[in] key key given as input
- *
- * \return Return values as described in \ref psa_status_t
- */
-psa_status_t tfm_crypto_check_handle_owner(psa_key_id_t key);
-
-/**
- * \brief Checks that there is enough local storage in RAM to keep another key,
- * and returns the index of the storage to use.
- *
- * \param[out] index Index of the local storage to use
- *
- * \return Return values as described in \ref psa_status_t
- */
-psa_status_t tfm_crypto_check_key_storage(uint32_t *index);
-
-/**
- * \brief Sets the index of the local storage in use with a key requested by the
- * calling partition, and stores the corresponding key_handle.
- *
- * \param[in] index Index of the local storage to use
- * \param[in] key_handle Corresponding key handle to associate
- *
- * \return Return values as described in \ref psa_status_t
- */
-psa_status_t tfm_crypto_set_key_storage(uint32_t index,
- psa_key_id_t key_handle);
-/**
* \brief Allocate an operation context in the backend
*
* \param[in] type Type of the operation context to allocate
@@ -218,6 +187,8 @@
X(tfm_crypto_aead_finish) \
X(tfm_crypto_aead_verify) \
X(tfm_crypto_aead_abort) \
+ X(tfm_crypto_sign_message) \
+ X(tfm_crypto_verify_message) \
X(tfm_crypto_sign_hash) \
X(tfm_crypto_verify_hash) \
X(tfm_crypto_asymmetric_encrypt) \
diff --git a/secure_fw/partitions/crypto/tfm_crypto_secure_api.c b/secure_fw/partitions/crypto/tfm_crypto_secure_api.c
index 118e289..b0e27ff 100644
--- a/secure_fw/partitions/crypto/tfm_crypto_secure_api.c
+++ b/secure_fw/partitions/crypto/tfm_crypto_secure_api.c
@@ -1038,16 +1038,68 @@
#endif /* TFM_CRYPTO_AEAD_MODULE_DISABLED */
}
-psa_status_t psa_asymmetric_sign(psa_key_id_t key_id,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- uint8_t *signature,
- size_t signature_size,
- size_t *signature_length)
+psa_status_t psa_sign_message(psa_key_id_t key_id,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length)
{
- return psa_sign_hash(key_id, alg, hash, hash_length, signature,
- signature_size, signature_length);
+#ifdef TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_SIGN_MESSAGE_SID,
+ .key_id = key_id,
+ .alg = alg,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = input, .len = input_length},
+ };
+ psa_outvec out_vec[] = {
+ {.base = signature, .len = signature_size},
+ };
+
+ status = API_DISPATCH(tfm_crypto_sign_message,
+ TFM_CRYPTO_SIGN_MESSAGE);
+
+ *signature_length = out_vec[0].len;
+ return status;
+#endif /* TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED */
+}
+
+psa_status_t psa_verify_message(psa_key_id_t key_id,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *signature,
+ size_t signature_length)
+{
+#ifdef TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_VERIFY_MESSAGE_SID,
+ .key_id = key_id,
+ .alg = alg
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = input, .len = input_length},
+ {.base = signature, .len = signature_length}
+ };
+
+ status = API_DISPATCH_NO_OUTVEC(tfm_crypto_verify_message,
+ TFM_CRYPTO_VERIFY_MESSAGE);
+
+ return status;
+#endif /* TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED */
}
psa_status_t psa_sign_hash(psa_key_id_t key_id,
@@ -1085,17 +1137,6 @@
#endif /* TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED */
}
-psa_status_t psa_asymmetric_verify(psa_key_id_t key_id,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- const uint8_t *signature,
- size_t signature_length)
-{
- return psa_verify_hash(key_id, alg, hash, hash_length,
- signature, signature_length);
-}
-
psa_status_t psa_verify_hash(psa_key_id_t key_id,
psa_algorithm_t alg,
const uint8_t *hash,
@@ -1482,7 +1523,7 @@
return status;
}
-psa_status_t psa_mac_compute(psa_key_id_t key,
+psa_status_t psa_mac_compute(psa_key_id_t key_id,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
@@ -1490,20 +1531,22 @@
size_t mac_size,
size_t *mac_length)
{
+#ifdef TFM_CRYPTO_MAC_MODULE_DISABLED
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_MAC_COMPUTE_SID,
+ .key_id = key_id,
.alg = alg,
- .key_id = key,
};
psa_invec in_vec[] = {
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
- {.base = input, .len = input_length}
+ {.base = input, .len = input_length},
};
-
psa_outvec out_vec[] = {
- {.base = mac, .len = mac_size}
+ {.base = mac, .len = mac_size},
};
status = API_DISPATCH(tfm_crypto_mac_compute,
@@ -1511,32 +1554,37 @@
*mac_length = out_vec[0].len;
return status;
+#endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */
}
-psa_status_t psa_mac_verify(psa_key_id_t key,
+psa_status_t psa_mac_verify(psa_key_id_t key_id,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
const uint8_t *mac,
const size_t mac_length)
{
+#ifdef TFM_CRYPTO_MAC_MODULE_DISABLED
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_MAC_VERIFY_SID,
+ .key_id = key_id,
.alg = alg,
- .key_id = key,
};
psa_invec in_vec[] = {
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
{.base = input, .len = input_length},
- {.base = mac, .len = mac_length}
+ {.base = mac, .len = mac_length},
};
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_mac_verify,
TFM_CRYPTO_MAC_VERIFY);
return status;
+#endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */
}
psa_status_t psa_cipher_encrypt(psa_key_id_t key_id,
@@ -1553,15 +1601,14 @@
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_CIPHER_ENCRYPT_SID,
+ .key_id = key_id,
.alg = alg,
- .key_id = key_id
};
psa_invec in_vec[] = {
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
{.base = input, .len = input_length},
};
-
psa_outvec out_vec[] = {
{.base = output, .len = output_size},
};
@@ -1570,7 +1617,6 @@
TFM_CRYPTO_CIPHER_ENCRYPT);
*output_length = out_vec[0].len;
-
return status;
#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
@@ -1589,15 +1635,14 @@
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_CIPHER_DECRYPT_SID,
+ .key_id = key_id,
.alg = alg,
- .key_id = key_id
};
psa_invec in_vec[] = {
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
{.base = input, .len = input_length},
};
-
psa_outvec out_vec[] = {
{.base = output, .len = output_size},
};
@@ -1606,7 +1651,6 @@
TFM_CRYPTO_CIPHER_DECRYPT);
*output_length = out_vec[0].len;
-
return status;
#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
diff --git a/secure_fw/partitions/crypto/tfm_mbedcrypto_alt.c b/secure_fw/partitions/crypto/tfm_mbedcrypto_alt.c
index 9cf9277..3275766 100644
--- a/secure_fw/partitions/crypto/tfm_mbedcrypto_alt.c
+++ b/secure_fw/partitions/crypto/tfm_mbedcrypto_alt.c
@@ -18,6 +18,7 @@
#include "tfm_mbedcrypto_include.h"
#if defined(MBEDTLS_AES_DECRYPT_ALT) || defined(MBEDTLS_AES_SETKEY_DEC_ALT)
#include "mbedtls/aes.h"
+#include "mbedtls/error.h"
#endif
#if defined(MBEDTLS_AES_DECRYPT_ALT) && defined(MBEDTLS_CCM_C)
@@ -35,7 +36,7 @@
(void)input;
(void)output;
- return MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE;
+ return MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED;
}
#endif
@@ -53,6 +54,6 @@
(void)key;
(void)keybits;
- return MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE;
+ return MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED;
}
#endif
diff --git a/secure_fw/partitions/firmware_update/CMakeLists.txt b/secure_fw/partitions/firmware_update/CMakeLists.txt
index bebea75..0fcd127 100644
--- a/secure_fw/partitions/firmware_update/CMakeLists.txt
+++ b/secure_fw/partitions/firmware_update/CMakeLists.txt
@@ -16,7 +16,7 @@
target_include_directories(tfm_psa_rot_partition_fwu
INTERFACE
- ${CMAKE_SOURCE_DIR}/secure_fw/include/tfm
+ ${CMAKE_SOURCE_DIR}/secure_fw/include
PRIVATE
$<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}>
${CMAKE_BINARY_DIR}/generated/secure_fw/partitions/firmware_update
@@ -56,6 +56,7 @@
target_compile_definitions(tfm_psa_rot_partition_fwu
PRIVATE
$<$<BOOL:${TFM_PSA_API}>:TFM_PSA_API>
+ $<$<BOOL:${DEFAULT_MCUBOOT_FLASH_MAP}>:DEFAULT_MCUBOOT_FLASH_MAP>
)
############################ Secure API ########################################
diff --git a/secure_fw/partitions/firmware_update/bootloader/mcuboot/CMakeLists.txt b/secure_fw/partitions/firmware_update/bootloader/mcuboot/CMakeLists.txt
index 077a0a6..271ed0a 100644
--- a/secure_fw/partitions/firmware_update/bootloader/mcuboot/CMakeLists.txt
+++ b/secure_fw/partitions/firmware_update/bootloader/mcuboot/CMakeLists.txt
@@ -16,6 +16,7 @@
${CMAKE_SOURCE_DIR}/bl2/src/flash_map.c
${CMAKE_SOURCE_DIR}/bl2/ext/mcuboot/flash_map_extended.c
./tfm_mcuboot_fwu.c
+ $<$<BOOL:${DEFAULT_MCUBOOT_FLASH_MAP}>:${CMAKE_SOURCE_DIR}/bl2/src/default_flash_map.c>
)
target_include_directories(tfm_fwu_mcuboot_util
@@ -25,6 +26,7 @@
${MCUBOOT_PATH}/boot/bootutil/include
${MCUBOOT_PATH}/boot/bootutil/src
${CMAKE_CURRENT_SOURCE_DIR}/../
+ ${MBEDCRYPTO_PATH}/include
)
target_link_libraries(tfm_fwu_mcuboot_util
diff --git a/secure_fw/partitions/idle_partition/idle_partition.c b/secure_fw/partitions/idle_partition/idle_partition.c
index e2725b4..90cd4da 100644
--- a/secure_fw/partitions/idle_partition/idle_partition.c
+++ b/secure_fw/partitions/idle_partition/idle_partition.c
@@ -7,18 +7,33 @@
#include "cmsis.h"
#include "fih.h"
+#include "psa/service.h"
void tfm_idle_thread(void)
{
while (1) {
- __WFI();
+ /*
+ * There could be other Partitions becoming RUNABLE after wake up.
+ * This is a dummy psa_wait to let SPM check possible scheduling.
+ * It does not expect any signals.
+ */
+ if (psa_wait(PSA_WAIT_ANY, PSA_POLL) == 0) {
+ __WFI();
+ }
}
#ifdef TFM_FIH_PROFILE_ON
fih_delay();
while (1) {
- __WFI();
+ /*
+ * There could be other Partitions becoming RUNABLE after wake up.
+ * This is a dummy psa_wait to let SPM check possible scheduling.
+ * It does not expect any signals.
+ */
+ if (psa_wait(PSA_WAIT_ANY, PSA_POLL) == 0) {
+ __WFI();
+ }
}
#endif
}
diff --git a/secure_fw/partitions/idle_partition/load_info_idle_sp.c b/secure_fw/partitions/idle_partition/load_info_idle_sp.c
index 0f9dd6f..6f69630 100644
--- a/secure_fw/partitions/idle_partition/load_info_idle_sp.c
+++ b/secure_fw/partitions/idle_partition/load_info_idle_sp.c
@@ -8,7 +8,6 @@
#include <stdint.h>
#include <stddef.h>
#include "spm_ipc.h"
-#include "spm_partition_defs.h"
#include "load/partition_defs.h"
#include "load/service_defs.h"
#include "load/asset_defs.h"
@@ -29,6 +28,10 @@
uint8_t idle_sp_stack[IDLE_SP_STACK_SIZE] __attribute__((aligned(8)));
/* Partition load, deps, service load data. Put to a dedicated section. */
+#if defined(__ICCARM__)
+#pragma location = ".part_load"
+__root
+#endif
const struct partition_tfm_sp_idle_load_info_t
tfm_sp_idle_load __attribute__((used, section(".part_load"))) = {
.load_info = {
@@ -48,5 +51,9 @@
};
/* Placeholder for partition runtime space. Do not reference it. */
+#if defined(__ICCARM__)
+#pragma location = ".bss.part_runtime"
+__root
+#endif
static struct partition_t tfm_idle_partition_runtime_item
__attribute__((used, section(".bss.part_runtime")));
diff --git a/secure_fw/partitions/initial_attestation/CMakeLists.txt b/secure_fw/partitions/initial_attestation/CMakeLists.txt
index a11b2fb..2c6c1b3 100644
--- a/secure_fw/partitions/initial_attestation/CMakeLists.txt
+++ b/secure_fw/partitions/initial_attestation/CMakeLists.txt
@@ -60,7 +60,7 @@
tfm_secure_api
platform_s
tfm_qcbor
- tfm_t_cose
+ tfm_t_cose_s
secure_fw
psa_interface
tfm_sprt
diff --git a/secure_fw/partitions/initial_attestation/attest_asymmetric_key.c b/secure_fw/partitions/initial_attestation/attest_asymmetric_key.c
index 66052b4..99317d7 100644
--- a/secure_fw/partitions/initial_attestation/attest_asymmetric_key.c
+++ b/secure_fw/partitions/initial_attestation/attest_asymmetric_key.c
@@ -49,7 +49,8 @@
static psa_ecc_family_t attestation_key_curve;
#ifdef INCLUDE_COSE_KEY_ID
-static uint8_t attestation_key_id[PSA_HASH_SIZE(PSA_ALG_SHA_256)]; /* 32bytes */
+/* 32bytes */
+static uint8_t attestation_key_id[PSA_HASH_LENGTH(PSA_ALG_SHA_256)];
#endif
/* Instance ID for asymmetric IAK */
@@ -81,7 +82,7 @@
}
/* Setup the key policy for private key */
- psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_SIGN);
+ psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_SIGN_HASH);
psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDSA(PSA_ALG_SHA_256));
psa_set_key_type(&key_attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(psa_curve));
@@ -228,7 +229,7 @@
/* Note: Mapping is not complete. */
switch (psa_curve) {
- case PSA_ECC_CURVE_SECP256R1:
+ case PSA_ECC_FAMILY_SECP_R1:
cose_curve = COSE_ELLIPTIC_CURVE_P_256;
break;
default:
@@ -402,7 +403,7 @@
struct q_useful_buf buffer_for_attest_key_id;
buffer_for_attest_key_id.ptr = attestation_key_id;
- buffer_for_attest_key_id.len = PSA_HASH_SIZE(PSA_ALG_SHA_256);
+ buffer_for_attest_key_id.len = PSA_HASH_LENGTH(PSA_ALG_SHA_256);
/* Needs to calculate only once */
if (attest_key_id_calculated == 0) {
diff --git a/secure_fw/partitions/initial_attestation/attest_symmetric_key.c b/secure_fw/partitions/initial_attestation/attest_symmetric_key.c
index 4fa24a4..759fc33 100644
--- a/secure_fw/partitions/initial_attestation/attest_symmetric_key.c
+++ b/secure_fw/partitions/initial_attestation/attest_symmetric_key.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
* Copyright (c) 2018-2019, Laurence Lundblade.
*
* SPDX-License-Identifier: BSD-3-Clause
@@ -27,7 +27,7 @@
static psa_key_handle_t symmetric_iak_handle = 0;
/* Instance ID for symmetric IAK */
-static uint8_t instance_id_buf[PSA_HASH_SIZE(INSTANCE_ID_HASH_ALG) + 1];
+static uint8_t instance_id_buf[PSA_HASH_LENGTH(INSTANCE_ID_HASH_ALG) + 1];
static size_t instance_id_len = 0;
#ifdef INCLUDE_COSE_KEY_ID
@@ -177,7 +177,7 @@
}
/* Setup the key attributes */
- psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_SIGN);
+ psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_SIGN_HASH);
psa_set_key_algorithm(&key_attributes, key_alg);
psa_set_key_type(&key_attributes, PSA_KEY_TYPE_HMAC);
diff --git a/secure_fw/partitions/initial_attestation/tfm_attest_req_mngr.c b/secure_fw/partitions/initial_attestation/tfm_attest_req_mngr.c
index dc14e41..d33db15 100644
--- a/secure_fw/partitions/initial_attestation/tfm_attest_req_mngr.c
+++ b/secure_fw/partitions/initial_attestation/tfm_attest_req_mngr.c
@@ -16,6 +16,7 @@
#include "psa/service.h"
#include "psa_manifest/tfm_initial_attestation.h"
#include "region_defs.h"
+#include "tfm_attest_defs.h"
#define ECC_P256_PUBLIC_KEY_SIZE PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(256)
@@ -108,22 +109,20 @@
;
}
-static void attest_signal_handle(psa_signal_t signal, attest_func_t pfn)
+static void attest_signal_handle(psa_signal_t signal)
{
psa_msg_t msg;
psa_status_t status;
status = psa_get(signal, &msg);
switch (msg.type) {
- case PSA_IPC_CONNECT:
- psa_reply(msg.handle, PSA_SUCCESS);
- break;
- case PSA_IPC_CALL:
- status = (psa_status_t)pfn(&msg);
+ case TFM_ATTEST_GET_TOKEN:
+ status = psa_attest_get_token(&msg);
psa_reply(msg.handle, status);
break;
- case PSA_IPC_DISCONNECT:
- psa_reply(msg.handle, PSA_SUCCESS);
+ case TFM_ATTEST_GET_TOKEN_SIZE:
+ status = psa_attest_get_token_size(&msg);
+ psa_reply(msg.handle, status);
break;
default:
tfm_abort();
@@ -143,12 +142,8 @@
while (1) {
signals = psa_wait(PSA_WAIT_ANY, PSA_BLOCK);
- if (signals & TFM_ATTEST_GET_TOKEN_SIGNAL) {
- attest_signal_handle(TFM_ATTEST_GET_TOKEN_SIGNAL,
- psa_attest_get_token);
- } else if (signals & TFM_ATTEST_GET_TOKEN_SIZE_SIGNAL) {
- attest_signal_handle(TFM_ATTEST_GET_TOKEN_SIZE_SIGNAL,
- psa_attest_get_token_size);
+ if (signals & TFM_ATTESTATION_SERVICE_SIGNAL) {
+ attest_signal_handle(TFM_ATTESTATION_SERVICE_SIGNAL);
} else {
tfm_abort();
}
diff --git a/secure_fw/partitions/initial_attestation/tfm_attest_secure_api.c b/secure_fw/partitions/initial_attestation/tfm_attest_secure_api.c
index ab32645..1e8c642 100644
--- a/secure_fw/partitions/initial_attestation/tfm_attest_secure_api.c
+++ b/secure_fw/partitions/initial_attestation/tfm_attest_secure_api.c
@@ -12,6 +12,7 @@
#ifdef TFM_PSA_API
#include "psa/client.h"
#include "psa_manifest/sid.h"
+#include "tfm_attest_defs.h"
#else
#include "tfm_veneers.h"
#endif
@@ -33,18 +34,12 @@
};
#ifdef TFM_PSA_API
- psa_handle_t handle = PSA_NULL_HANDLE;
- handle = psa_connect(TFM_ATTEST_GET_TOKEN_SID,
- TFM_ATTEST_GET_TOKEN_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_HANDLE_TO_ERROR(handle);
- }
- status = psa_call(handle, PSA_IPC_CALL,
+ status = psa_call(TFM_ATTESTATION_SERVICE_HANDLE, TFM_ATTEST_GET_TOKEN,
in_vec, IOVEC_LEN(in_vec),
out_vec, IOVEC_LEN(out_vec));
- psa_close(handle);
#else
+
status = tfm_initial_attest_get_token_veneer(in_vec, IOVEC_LEN(in_vec),
out_vec, IOVEC_LEN(out_vec));
#endif
@@ -68,17 +63,10 @@
};
#ifdef TFM_PSA_API
- psa_handle_t handle = PSA_NULL_HANDLE;
- handle = psa_connect(TFM_ATTEST_GET_TOKEN_SIZE_SID,
- TFM_ATTEST_GET_TOKEN_SIZE_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_HANDLE_TO_ERROR(handle);
- }
- status = psa_call(handle, PSA_IPC_CALL,
+ status = psa_call(TFM_ATTESTATION_SERVICE_HANDLE, TFM_ATTEST_GET_TOKEN_SIZE,
in_vec, IOVEC_LEN(in_vec),
out_vec, IOVEC_LEN(out_vec));
- psa_close(handle);
#else
status = tfm_initial_attest_get_token_size_veneer(in_vec, IOVEC_LEN(in_vec),
diff --git a/secure_fw/partitions/initial_attestation/tfm_initial_attestation.yaml b/secure_fw/partitions/initial_attestation/tfm_initial_attestation.yaml
index d50bb80..9bb716d 100644
--- a/secure_fw/partitions/initial_attestation/tfm_initial_attestation.yaml
+++ b/secure_fw/partitions/initial_attestation/tfm_initial_attestation.yaml
@@ -6,10 +6,11 @@
#-------------------------------------------------------------------------------
{
- "psa_framework_version": 1.0,
+ "psa_framework_version": 1.1,
"name": "TFM_SP_INITIAL_ATTESTATION",
"type": "PSA-ROT",
"priority": "NORMAL",
+ "model": "IPC",
"entry_point": "attest_partition_init",
"stack_size": "0x0A80",
"secure_functions": [
@@ -32,19 +33,14 @@
],
"services": [
{
- "name": "TFM_ATTEST_GET_TOKEN",
+ "name": "TFM_ATTESTATION_SERVICE",
"sid": "0x00000020",
"non_secure_clients": true,
+ "connection_based": false,
+ "stateless_handle": 4,
"version": 1,
"version_policy": "STRICT"
- },
- {
- "name": "TFM_ATTEST_GET_TOKEN_SIZE",
- "sid": "0x00000021",
- "non_secure_clients": true,
- "version": 1,
- "version_policy": "STRICT"
- },
+ }
],
"dependencies": [
"TFM_CRYPTO"
diff --git a/secure_fw/partitions/internal_trusted_storage/tfm_internal_trusted_storage.yaml b/secure_fw/partitions/internal_trusted_storage/tfm_internal_trusted_storage.yaml
index 3af1aef..5907370 100644
--- a/secure_fw/partitions/internal_trusted_storage/tfm_internal_trusted_storage.yaml
+++ b/secure_fw/partitions/internal_trusted_storage/tfm_internal_trusted_storage.yaml
@@ -1,15 +1,16 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2019-2020, Arm Limited. All rights reserved.
+# Copyright (c) 2019-2021, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
#-------------------------------------------------------------------------------
{
- "psa_framework_version": 1.0,
+ "psa_framework_version": 1.1,
"name": "TFM_SP_ITS",
"type": "PSA-ROT",
"priority": "NORMAL",
+ "model": "IPC",
"entry_point": "tfm_its_req_mngr_init",
"stack_size": "0x680",
"secure_functions": [
@@ -42,33 +43,15 @@
"version_policy": "STRICT"
}
],
- "services" : [{
- "name": "TFM_ITS_SET",
- "sid": "0x00000070",
- "non_secure_clients": true,
- "version": 1,
- "version_policy": "STRICT"
- },
- {
- "name": "TFM_ITS_GET",
- "sid": "0x00000071",
- "non_secure_clients": true,
- "version": 1,
- "version_policy": "STRICT"
- },
- {
- "name": "TFM_ITS_GET_INFO",
- "sid": "0x00000072",
- "non_secure_clients": true,
- "version": 1,
- "version_policy": "STRICT"
- },
- {
- "name": "TFM_ITS_REMOVE",
- "sid": "0x00000073",
- "non_secure_clients": true,
- "version": 1,
- "version_policy": "STRICT"
- }
+ "services" : [
+ {
+ "name": "TFM_INTERNAL_TRUSTED_STORAGE_SERVICE",
+ "sid": "0x00000070",
+ "non_secure_clients": true,
+ "connection_based": false,
+ "stateless_handle": 3,
+ "version": 1,
+ "version_policy": "STRICT"
+ }
]
}
diff --git a/secure_fw/partitions/internal_trusted_storage/tfm_its_req_mngr.c b/secure_fw/partitions/internal_trusted_storage/tfm_its_req_mngr.c
index e844a5d..1c05331 100644
--- a/secure_fw/partitions/internal_trusted_storage/tfm_its_req_mngr.c
+++ b/secure_fw/partitions/internal_trusted_storage/tfm_its_req_mngr.c
@@ -16,6 +16,7 @@
#ifdef TFM_PSA_API
#include "psa/service.h"
#include "psa_manifest/tfm_internal_trusted_storage.h"
+#include "tfm_its_defs.h"
#else
#include <stdbool.h>
#include "tfm_secure_api.h"
@@ -284,7 +285,7 @@
return tfm_its_remove(msg.client_id, uid);
}
-static void its_signal_handle(psa_signal_t signal, its_func_t pfn)
+static void its_signal_handle(psa_signal_t signal)
{
psa_status_t status;
@@ -294,15 +295,21 @@
}
switch (msg.type) {
- case PSA_IPC_CONNECT:
- psa_reply(msg.handle, PSA_SUCCESS);
- break;
- case PSA_IPC_CALL:
- status = pfn();
+ case TFM_ITS_SET:
+ status = tfm_its_set_ipc();
psa_reply(msg.handle, status);
break;
- case PSA_IPC_DISCONNECT:
- psa_reply(msg.handle, PSA_SUCCESS);
+ case TFM_ITS_GET:
+ status = tfm_its_get_ipc();
+ psa_reply(msg.handle, status);
+ break;
+ case TFM_ITS_GET_INFO:
+ status = tfm_its_get_info_ipc();
+ psa_reply(msg.handle, status);
+ break;
+ case TFM_ITS_REMOVE:
+ status = tfm_its_remove_ipc();
+ psa_reply(msg.handle, status);
break;
default:
psa_panic();
@@ -321,14 +328,8 @@
while (1) {
signals = psa_wait(PSA_WAIT_ANY, PSA_BLOCK);
- if (signals & TFM_ITS_SET_SIGNAL) {
- its_signal_handle(TFM_ITS_SET_SIGNAL, tfm_its_set_ipc);
- } else if (signals & TFM_ITS_GET_SIGNAL) {
- its_signal_handle(TFM_ITS_GET_SIGNAL, tfm_its_get_ipc);
- } else if (signals & TFM_ITS_GET_INFO_SIGNAL) {
- its_signal_handle(TFM_ITS_GET_INFO_SIGNAL, tfm_its_get_info_ipc);
- } else if (signals & TFM_ITS_REMOVE_SIGNAL) {
- its_signal_handle(TFM_ITS_REMOVE_SIGNAL, tfm_its_remove_ipc);
+ if (signals & TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_SIGNAL) {
+ its_signal_handle(TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_SIGNAL);
} else {
psa_panic();
}
diff --git a/secure_fw/partitions/internal_trusted_storage/tfm_its_secure_api.c b/secure_fw/partitions/internal_trusted_storage/tfm_its_secure_api.c
index 491d16d..cbe7270 100644
--- a/secure_fw/partitions/internal_trusted_storage/tfm_its_secure_api.c
+++ b/secure_fw/partitions/internal_trusted_storage/tfm_its_secure_api.c
@@ -12,6 +12,7 @@
#ifdef TFM_PSA_API
#include "psa/client.h"
#include "psa_manifest/sid.h"
+#include "tfm_its_defs.h"
#else
#include "tfm_veneers.h"
#endif
@@ -22,9 +23,6 @@
psa_storage_create_flags_t create_flags)
{
psa_status_t status;
-#ifdef TFM_PSA_API
- psa_handle_t handle;
-#endif
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) },
@@ -33,14 +31,10 @@
};
#ifdef TFM_PSA_API
- handle = psa_connect(TFM_ITS_SET_SID, TFM_ITS_SET_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_ERROR_GENERIC_ERROR;
- }
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), NULL, 0);
+ status = psa_call(TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE, TFM_ITS_SET,
+ in_vec, IOVEC_LEN(in_vec), NULL, 0);
- psa_close(handle);
#else
status = tfm_its_set_req_veneer(in_vec, IOVEC_LEN(in_vec), NULL, 0);
@@ -65,9 +59,6 @@
size_t *p_data_length)
{
psa_status_t status;
-#ifdef TFM_PSA_API
- psa_handle_t handle;
-#endif
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) },
@@ -83,15 +74,10 @@
}
#ifdef TFM_PSA_API
- handle = psa_connect(TFM_ITS_GET_SID, TFM_ITS_GET_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_ERROR_GENERIC_ERROR;
- }
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
- IOVEC_LEN(out_vec));
+ status = psa_call(TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE, TFM_ITS_GET,
+ in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
- psa_close(handle);
#else
status = tfm_its_get_req_veneer(in_vec, IOVEC_LEN(in_vec),
out_vec, IOVEC_LEN(out_vec));
@@ -116,9 +102,6 @@
struct psa_storage_info_t *p_info)
{
psa_status_t status;
-#ifdef TFM_PSA_API
- psa_handle_t handle;
-#endif
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) }
@@ -129,15 +112,11 @@
};
#ifdef TFM_PSA_API
- handle = psa_connect(TFM_ITS_GET_INFO_SID, TFM_ITS_GET_INFO_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_ERROR_GENERIC_ERROR;
- }
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
+ status = psa_call(TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE,
+ TFM_ITS_GET_INFO, in_vec, IOVEC_LEN(in_vec), out_vec,
IOVEC_LEN(out_vec));
- psa_close(handle);
#else
status = tfm_its_get_info_req_veneer(in_vec, IOVEC_LEN(in_vec),
out_vec, IOVEC_LEN(out_vec));
@@ -158,23 +137,15 @@
psa_status_t psa_its_remove(psa_storage_uid_t uid)
{
psa_status_t status;
-#ifdef TFM_PSA_API
- psa_handle_t handle;
-#endif
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) }
};
#ifdef TFM_PSA_API
- handle = psa_connect(TFM_ITS_REMOVE_SID, TFM_ITS_REMOVE_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_ERROR_GENERIC_ERROR;
- }
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), NULL, 0);
-
- psa_close(handle);
+ status = psa_call(TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE,
+ TFM_ITS_REMOVE, in_vec, IOVEC_LEN(in_vec), NULL, 0);
#else
status = tfm_its_remove_req_veneer(in_vec, IOVEC_LEN(in_vec), NULL, 0);
diff --git a/secure_fw/partitions/lib/sprt/CMakeLists.txt b/secure_fw/partitions/lib/sprt/CMakeLists.txt
index 35f8f43..0f3a7d9 100644
--- a/secure_fw/partitions/lib/sprt/CMakeLists.txt
+++ b/secure_fw/partitions/lib/sprt/CMakeLists.txt
@@ -12,7 +12,7 @@
target_include_directories(tfm_sprt
PUBLIC
$<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>
- ${CMAKE_SOURCE_DIR}/secure_fw/include/tfm
+ ${CMAKE_SOURCE_DIR}/secure_fw/include
)
target_sources(tfm_sprt
diff --git a/secure_fw/partitions/ns_proxy_partition/CMakeLists.txt b/secure_fw/partitions/ns_agent/CMakeLists.txt
similarity index 95%
rename from secure_fw/partitions/ns_proxy_partition/CMakeLists.txt
rename to secure_fw/partitions/ns_agent/CMakeLists.txt
index 45da7b6..0f5bfac 100644
--- a/secure_fw/partitions/ns_proxy_partition/CMakeLists.txt
+++ b/secure_fw/partitions/ns_agent/CMakeLists.txt
@@ -10,5 +10,5 @@
target_sources(tfm_partitions
INTERFACE
- $<$<BOOL:${TFM_PSA_API}>:${CMAKE_CURRENT_SOURCE_DIR}/load_info_ns_proxy.c>
+ $<$<BOOL:${TFM_PSA_API}>:${CMAKE_CURRENT_SOURCE_DIR}/load_info_ns_agent.c>
)
diff --git a/secure_fw/partitions/ns_proxy_partition/load_info_ns_proxy.c b/secure_fw/partitions/ns_agent/load_info_ns_agent.c
similarity index 74%
rename from secure_fw/partitions/ns_proxy_partition/load_info_ns_proxy.c
rename to secure_fw/partitions/ns_agent/load_info_ns_agent.c
index 85e6387..7c7c25a 100644
--- a/secure_fw/partitions/ns_proxy_partition/load_info_ns_proxy.c
+++ b/secure_fw/partitions/ns_agent/load_info_ns_agent.c
@@ -12,15 +12,14 @@
#include "region.h"
#include "region_defs.h"
#include "spm_ipc.h"
-#include "spm_partition_defs.h"
#include "load/partition_defs.h"
#include "load/service_defs.h"
#include "load/asset_defs.h"
-#define TFM_SP_NS_PROXY_NDEPS (0)
-#define TFM_SP_NS_PROXY_NSERVS (0)
+#define TFM_SP_NS_AGENT_NDEPS (0)
+#define TFM_SP_NS_AGENT_NSERVS (0)
#if TFM_LVL == 3
-#define TFM_SP_NS_PROXY_NASSETS (1)
+#define TFM_SP_NS_AGENT_NASSETS (1)
#endif
/* Memory region declaration */
@@ -30,20 +29,24 @@
/* Entrypoint function declaration */
extern void tfm_nspm_thread_entry(void);
-struct partition_tfm_sp_ns_proxy_load_info_t {
+struct partition_tfm_sp_ns_agent_load_info_t {
/* common length load data */
struct partition_load_info_t load_info;
/* per-partition variable length load data */
uintptr_t stack_addr;
uintptr_t heap_addr;
#if TFM_LVL == 3
- struct asset_desc_t assets[TFM_SP_NS_PROXY_NASSETS];
+ struct asset_desc_t assets[TFM_SP_NS_AGENT_NASSETS];
#endif
} __attribute__((aligned(4)));
/* Partition load, deps, service load data. Put to a dedicated section. */
-const struct partition_tfm_sp_ns_proxy_load_info_t
- tfm_sp_ns_proxy_load __attribute__((used, section(".part_load"))) = {
+#if defined(__ICCARM__)
+#pragma location = ".part_load"
+__root
+#endif
+const struct partition_tfm_sp_ns_agent_load_info_t
+ tfm_sp_ns_agent_load __attribute__((used, section(".part_load"))) = {
.load_info = {
.psa_ff_ver = 0x0100 | PARTITION_INFO_MAGIC,
.pid = TFM_SP_NON_SECURE_ID,
@@ -56,10 +59,10 @@
.entry = ENTRY_TO_POSITION(tfm_nspm_thread_entry),
.stack_size = S_PSP_STACK_SIZE,
.heap_size = 0,
- .ndeps = TFM_SP_NS_PROXY_NDEPS,
- .nservices = TFM_SP_NS_PROXY_NSERVS,
+ .ndeps = TFM_SP_NS_AGENT_NDEPS,
+ .nservices = TFM_SP_NS_AGENT_NSERVS,
#if TFM_LVL == 3
- .nassets = TFM_SP_NS_PROXY_NASSETS,
+ .nassets = TFM_SP_NS_AGENT_NASSETS,
#endif
},
.stack_addr = PART_REGION_ADDR(ARM_LIB_STACK,
@@ -77,7 +80,10 @@
},
#endif
};
-
+#if defined(__ICCARM__)
+#pragma location = ".bss.part_runtime"
+__root
+#endif
/* Placeholder for partition runtime space. Do not reference it. */
-static struct partition_t tfm_sp_ns_proxy_partition_runtime_item
+static struct partition_t tfm_sp_ns_agent_partition_runtime_item
__attribute__((used, section(".bss.part_runtime")));
diff --git a/secure_fw/partitions/platform/platform_sp.c b/secure_fw/partitions/platform/platform_sp.c
index 70fbf1a..8f4702f 100644
--- a/secure_fw/partitions/platform/platform_sp.c
+++ b/secure_fw/partitions/platform/platform_sp.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -9,7 +9,6 @@
#include "tfm_platform_system.h"
#include "tfm_plat_nv_counters.h"
-#include "tfm/tfm_spm_services.h"
#include "tfm_secure_api.h"
#include "psa_manifest/pid.h"
@@ -67,12 +66,6 @@
enum tfm_platform_err_t platform_sp_system_reset(void)
{
- /* Check if SPM allows the system reset */
-
- if (tfm_spm_request_reset_vote() != 0) {
- return TFM_PLATFORM_ERR_SYSTEM_ERROR;
- }
-
/* FIXME: The system reset functionality is only supported in isolation
* level 1.
*/
diff --git a/secure_fw/partitions/protected_storage/CMakeLists.txt b/secure_fw/partitions/protected_storage/CMakeLists.txt
index 79d5d46..b396ae2 100644
--- a/secure_fw/partitions/protected_storage/CMakeLists.txt
+++ b/secure_fw/partitions/protected_storage/CMakeLists.txt
@@ -42,9 +42,9 @@
ps_utils.c
$<$<BOOL:${PS_ENCRYPTION}>:crypto/ps_crypto_interface.c>
$<$<BOOL:${PS_ENCRYPTION}>:ps_encrypted_object.c>
- # The test_ps_nv_counters.c will be used instead, when secure test is ON
- # and PS_TEST_NV_COUNTERS ON
- $<$<NOT:$<AND:$<BOOL:${TEST_S}>,$<BOOL:${PS_TEST_NV_COUNTERS}>>>:nv_counters/ps_nv_counters.c>
+ # The test_ps_nv_counters.c will be used instead, when PS secure test is
+ # ON and PS_TEST_NV_COUNTERS is ON
+ $<$<NOT:$<AND:$<BOOL:${TEST_S_PS}>,$<BOOL:${PS_TEST_NV_COUNTERS}>>>:nv_counters/ps_nv_counters.c>
)
# The generated sources
diff --git a/secure_fw/partitions/protected_storage/crypto/ps_crypto_interface.c b/secure_fw/partitions/protected_storage/crypto/ps_crypto_interface.c
index e4b66ff..1015fae 100644
--- a/secure_fw/partitions/protected_storage/crypto/ps_crypto_interface.c
+++ b/secure_fw/partitions/protected_storage/crypto/ps_crypto_interface.c
@@ -24,7 +24,7 @@
/* The PSA algorithm used by this implementation */
#define PS_CRYPTO_ALG \
- PSA_ALG_AEAD_WITH_TAG_LENGTH(PS_CRYPTO_AEAD_ALG, PS_TAG_LEN_BYTES)
+ PSA_ALG_AEAD_WITH_SHORTENED_TAG(PS_CRYPTO_AEAD_ALG, PS_TAG_LEN_BYTES)
/*
* \brief Check whether the PS AEAD algorithm is a valid one
@@ -35,7 +35,6 @@
*/
typedef char PS_ERROR_NOT_AEAD_ALG[(PSA_ALG_IS_AEAD(PS_CRYPTO_ALG)) ? 1 : -1];
-static const uint8_t ps_key_label[] = "storage_key";
static psa_key_id_t ps_key;
static uint8_t ps_crypto_iv_buf[PS_IV_LEN_BYTES];
@@ -47,12 +46,16 @@
return PSA_SUCCESS;
}
-psa_status_t ps_crypto_setkey(void)
+psa_status_t ps_crypto_setkey(const uint8_t *key_label, size_t key_label_len)
{
psa_status_t status;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_derivation_operation_t op = PSA_KEY_DERIVATION_OPERATION_INIT;
+ if (key_label_len == 0 || key_label == NULL) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+
/* Set the key attributes for the storage key */
psa_set_key_usage_flags(&attributes, PS_KEY_USAGE);
psa_set_key_algorithm(&attributes, PS_CRYPTO_ALG);
@@ -67,8 +70,8 @@
/* Supply the PS key label as an input to the key derivation */
status = psa_key_derivation_input_bytes(&op, PSA_KEY_DERIVATION_INPUT_LABEL,
- ps_key_label,
- sizeof(ps_key_label));
+ key_label,
+ key_label_len);
if (status != PSA_SUCCESS) {
goto err_release_op;
}
diff --git a/secure_fw/partitions/protected_storage/crypto/ps_crypto_interface.h b/secure_fw/partitions/protected_storage/crypto/ps_crypto_interface.h
index 2fda956..4377bc2 100644
--- a/secure_fw/partitions/protected_storage/crypto/ps_crypto_interface.h
+++ b/secure_fw/partitions/protected_storage/crypto/ps_crypto_interface.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2017-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -29,6 +29,8 @@
struct {
uint8_t tag[PS_TAG_LEN_BYTES]; /*!< MAC value of AEAD object */
uint8_t iv[PS_IV_LEN_BYTES]; /*!< IV value of AEAD object */
+ psa_storage_uid_t uid; /*!< UID for key label */
+ int32_t client_id; /*!< Owner client ID for key label */
} ref;
};
@@ -42,9 +44,12 @@
/**
* \brief Sets the key to use for crypto operations for the current client.
*
+ * \param[in] key_label Pointer to the key label
+ * \param[in] key_label_len Length of the key label
+ *
* \return Returns values as described in \ref psa_status_t
*/
-psa_status_t ps_crypto_setkey(void);
+psa_status_t ps_crypto_setkey(const uint8_t *key_label, size_t key_label_len);
/**
* \brief Destroys the transient key used for crypto operations.
diff --git a/secure_fw/partitions/protected_storage/ps_encrypted_object.c b/secure_fw/partitions/protected_storage/ps_encrypted_object.c
index 4e5a2f4..5893885 100644
--- a/secure_fw/partitions/protected_storage/ps_encrypted_object.c
+++ b/secure_fw/partitions/protected_storage/ps_encrypted_object.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -28,10 +28,29 @@
/* FIXME: add the tag length to the crypto buffer size to account for the tag
* being appended to the ciphertext by the crypto layer.
*/
-#define PS_CRYPTO_BUF_LEN (PS_MAX_ENCRYPTED_OBJ_SIZE + PS_TAG_LEN_BYTES)
+#define PS_TAG_IV_LEN_MAX ((PS_TAG_LEN_BYTES > PS_IV_LEN_BYTES) ? \
+ PS_TAG_LEN_BYTES : PS_IV_LEN_BYTES)
+#define PS_CRYPTO_BUF_LEN (PS_MAX_ENCRYPTED_OBJ_SIZE + PS_TAG_IV_LEN_MAX)
static uint8_t ps_crypto_buf[PS_CRYPTO_BUF_LEN];
+static psa_status_t fill_key_label(struct ps_object_t *obj, size_t *length)
+{
+ psa_storage_uid_t uid = obj->header.crypto.ref.uid;
+ int32_t client_id = obj->header.crypto.ref.client_id;
+
+ if (PS_CRYPTO_BUF_LEN < (sizeof(client_id) + sizeof(uid))) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+ }
+
+ tfm_memcpy(ps_crypto_buf, &client_id, sizeof(client_id));
+ tfm_memcpy(ps_crypto_buf + sizeof(client_id), &uid, sizeof(uid));
+
+ *length = sizeof(client_id) + sizeof(uid);
+
+ return PSA_SUCCESS;
+}
+
/**
* \brief Performs authenticated decryption on object data, with the header as
* the associated data.
@@ -51,9 +70,14 @@
{
psa_status_t err;
uint8_t *p_obj_data = (uint8_t *)&obj->header.info;
- size_t out_len;
+ size_t out_len, label_length;
- err = ps_crypto_setkey();
+ err = fill_key_label(obj, &label_length);
+ if (err != PSA_SUCCESS) {
+ return err;
+ }
+
+ err = ps_crypto_setkey(ps_crypto_buf, label_length);
if (err != PSA_SUCCESS) {
return err;
}
@@ -98,9 +122,14 @@
{
psa_status_t err;
uint8_t *p_obj_data = (uint8_t *)&obj->header.info;
- size_t out_len;
+ size_t out_len, label_length;
- err = ps_crypto_setkey();
+ err = fill_key_label(obj, &label_length);
+ if (err != PSA_SUCCESS) {
+ return err;
+ }
+
+ err = ps_crypto_setkey(ps_crypto_buf, label_length);
if (err != PSA_SUCCESS) {
return err;
}
@@ -141,14 +170,22 @@
/* Read the encrypted object from the the persistent area */
err = psa_its_get(fid, PS_OBJECT_START_POSITION,
PS_MAX_OBJECT_SIZE,
- (void *)obj->header.crypto.ref.iv,
+ (void *)ps_crypto_buf,
&data_length);
if (err != PSA_SUCCESS) {
return err;
}
- /* Get the decrypt size */
+ /* Get the decrypt size. IV is also stored by ITS service. It is at the end
+ * of the read out data. Toolchains may add padding byte after iv array in
+ * crypto.ref structure. Separate the copies of header.info and iv array to
+ * skip the padding byte.
+ */
decrypt_size = data_length - sizeof(obj->header.crypto.ref.iv);
+ tfm_memcpy(&obj->header.info, ps_crypto_buf, decrypt_size);
+ tfm_memcpy(obj->header.crypto.ref.iv,
+ ps_crypto_buf + decrypt_size,
+ sizeof(obj->header.crypto.ref.iv));
/* Decrypt the object data */
err = ps_object_auth_decrypt(fid, decrypt_size, obj);
@@ -172,11 +209,19 @@
return err;
}
+ /* The IV will also be stored. The encrypted data is stored in ps_crypto_buf
+ * now. Append the value of the 'iv' to the end of the encrypted data.
+ * Toolchains may add padding byte after iv array in crypto.ref structure.
+ * The padding byte shall not be written into the storage area.
+ */
+ (void)tfm_memcpy(ps_crypto_buf + wrt_size,
+ obj->header.crypto.ref.iv,
+ sizeof(obj->header.crypto.ref.iv));
wrt_size += sizeof(obj->header.crypto.ref.iv);
/* Write the encrypted object to the persistent area. The tag values is not
* copied as it is stored in the object table.
*/
- return psa_its_set(fid, wrt_size, (const void *)obj->header.crypto.ref.iv,
+ return psa_its_set(fid, wrt_size, (const void *)ps_crypto_buf,
PSA_STORAGE_FLAG_NONE);
}
diff --git a/secure_fw/partitions/protected_storage/ps_object_system.c b/secure_fw/partitions/protected_storage/ps_object_system.c
index d081ca9..5cdcc71 100644
--- a/secure_fw/partitions/protected_storage/ps_object_system.c
+++ b/secure_fw/partitions/protected_storage/ps_object_system.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2017-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -188,6 +188,9 @@
/* Read object */
#ifdef PS_ENCRYPTION
+ g_ps_object.header.crypto.ref.uid = uid;
+ g_ps_object.header.crypto.ref.client_id = client_id;
+
err = ps_encrypted_object_read(g_obj_tbl_info.fid, &g_ps_object);
#else
/* Read object header */
@@ -243,6 +246,9 @@
if (err == PSA_SUCCESS) {
#ifdef PS_ENCRYPTION
/* Read the object */
+ g_ps_object.header.crypto.ref.uid = uid;
+ g_ps_object.header.crypto.ref.client_id = client_id;
+
err = ps_encrypted_object_read(g_obj_tbl_info.fid, &g_ps_object);
#else
/* Read the object header */
@@ -294,6 +300,9 @@
}
#ifdef PS_ENCRYPTION
+ g_ps_object.header.crypto.ref.uid = uid;
+ g_ps_object.header.crypto.ref.client_id = client_id;
+
err = ps_encrypted_object_write(g_obj_tbl_info.fid, &g_ps_object);
#else
wrt_size = PS_OBJECT_SIZE(g_ps_object.header.info.current_size);
@@ -354,6 +363,9 @@
/* Read the object */
#ifdef PS_ENCRYPTION
+ g_ps_object.header.crypto.ref.uid = uid;
+ g_ps_object.header.crypto.ref.client_id = client_id;
+
err = ps_encrypted_object_read(g_obj_tbl_info.fid, &g_ps_object);
#else
err = ps_read_object(READ_ALL_OBJECT);
@@ -404,6 +416,9 @@
}
#ifdef PS_ENCRYPTION
+ g_ps_object.header.crypto.ref.uid = uid;
+ g_ps_object.header.crypto.ref.client_id = client_id;
+
err = ps_encrypted_object_write(g_obj_tbl_info.fid, &g_ps_object);
#else
wrt_size = PS_OBJECT_SIZE(g_ps_object.header.info.current_size);
@@ -453,6 +468,9 @@
}
#ifdef PS_ENCRYPTION
+ g_ps_object.header.crypto.ref.uid = uid;
+ g_ps_object.header.crypto.ref.client_id = client_id;
+
err = ps_encrypted_object_read(g_obj_tbl_info.fid, &g_ps_object);
#else
err = ps_read_object(READ_HEADER_ONLY);
@@ -486,6 +504,9 @@
}
#ifdef PS_ENCRYPTION
+ g_ps_object.header.crypto.ref.uid = uid;
+ g_ps_object.header.crypto.ref.client_id = client_id;
+
err = ps_encrypted_object_read(g_obj_tbl_info.fid, &g_ps_object);
#else
err = ps_read_object(READ_HEADER_ONLY);
diff --git a/secure_fw/partitions/protected_storage/ps_object_table.c b/secure_fw/partitions/protected_storage/ps_object_table.c
index e7dd252..e600f9d 100644
--- a/secure_fw/partitions/protected_storage/ps_object_table.c
+++ b/secure_fw/partitions/protected_storage/ps_object_table.c
@@ -71,6 +71,8 @@
*/
};
+static uint8_t ps_table_key_label[] = "table_key_label";
+
/* Object table indexes */
#define PS_OBJ_TABLE_IDX_0 0
#define PS_OBJ_TABLE_IDX_1 1
@@ -546,7 +548,7 @@
#ifdef PS_ENCRYPTION
/* Set object table key */
- err = ps_crypto_setkey();
+ err = ps_crypto_setkey(ps_table_key_label, sizeof(ps_table_key_label));
if (err != PSA_SUCCESS) {
return err;
}
@@ -844,7 +846,7 @@
#ifdef PS_ENCRYPTION
/* Set object table key */
- err = ps_crypto_setkey();
+ err = ps_crypto_setkey(ps_table_key_label, sizeof(ps_table_key_label));
if (err != PSA_SUCCESS) {
return err;
}
diff --git a/secure_fw/partitions/protected_storage/ps_utils.c b/secure_fw/partitions/protected_storage/ps_utils.c
index decf690..91540e0 100644
--- a/secure_fw/partitions/protected_storage/ps_utils.c
+++ b/secure_fw/partitions/protected_storage/ps_utils.c
@@ -1,11 +1,12 @@
/*
- * Copyright (c) 2017-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2017-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
*/
#include "ps_utils.h"
+#include "tfm_memory_utils.h"
psa_status_t ps_utils_check_contained_in(uint32_t superset_size,
uint32_t subset_offset,
diff --git a/secure_fw/partitions/protected_storage/ps_utils.h b/secure_fw/partitions/protected_storage/ps_utils.h
index c9a3d80..4722ed0 100644
--- a/secure_fw/partitions/protected_storage/ps_utils.h
+++ b/secure_fw/partitions/protected_storage/ps_utils.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2017-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
diff --git a/secure_fw/partitions/protected_storage/tfm_protected_storage.yaml b/secure_fw/partitions/protected_storage/tfm_protected_storage.yaml
index 5c4e084..8d71688 100644
--- a/secure_fw/partitions/protected_storage/tfm_protected_storage.yaml
+++ b/secure_fw/partitions/protected_storage/tfm_protected_storage.yaml
@@ -1,15 +1,16 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+# Copyright (c) 2018-2021, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
#-------------------------------------------------------------------------------
{
- "psa_framework_version": 1.0,
+ "psa_framework_version": 1.1,
"name": "TFM_SP_PS",
"type": "APPLICATION-ROT",
"priority": "NORMAL",
+ "model": "IPC",
"entry_point": "tfm_ps_req_mngr_init",
"stack_size": "0x800",
"secure_functions": [
@@ -49,48 +50,20 @@
"version_policy": "STRICT"
}
],
- "services" : [{
- "name": "TFM_PS_SET",
- "sid": "0x00000060",
- "non_secure_clients": true,
- "version": 1,
- "version_policy": "STRICT"
- },
- {
- "name": "TFM_PS_GET",
- "sid": "0x00000061",
- "non_secure_clients": true,
- "version": 1,
- "version_policy": "STRICT"
- },
- {
- "name": "TFM_PS_GET_INFO",
- "sid": "0x00000062",
- "non_secure_clients": true,
- "version": 1,
- "version_policy": "STRICT"
- },
- {
- "name": "TFM_PS_REMOVE",
- "sid": "0x00000063",
- "non_secure_clients": true,
- "version": 1,
- "version_policy": "STRICT"
- },
- {
- "name": "TFM_PS_GET_SUPPORT",
- "sid": "0x00000064",
- "non_secure_clients": true,
- "version": 1,
- "version_policy": "STRICT"
- }
+ "services" : [
+ {
+ "name": "TFM_PROTECTED_STORAGE_SERVICE",
+ "sid": "0x00000060",
+ "non_secure_clients": true,
+ "connection_based": false,
+ "stateless_handle": 2,
+ "version": 1,
+ "version_policy": "STRICT"
+ }
],
"dependencies": [
"TFM_CRYPTO",
- "TFM_ITS_SET",
- "TFM_ITS_GET",
- "TFM_ITS_GET_INFO",
- "TFM_ITS_REMOVE",
+ "TFM_INTERNAL_TRUSTED_STORAGE_SERVICE",
"TFM_SP_PLATFORM_NV_COUNTER"
]
}
diff --git a/secure_fw/partitions/protected_storage/tfm_ps_req_mngr.c b/secure_fw/partitions/protected_storage/tfm_ps_req_mngr.c
index 5cca280..f5b2031 100644
--- a/secure_fw/partitions/protected_storage/tfm_ps_req_mngr.c
+++ b/secure_fw/partitions/protected_storage/tfm_ps_req_mngr.c
@@ -17,6 +17,7 @@
#ifdef TFM_PSA_API
#include "psa/service.h"
#include "psa_manifest/tfm_protected_storage.h"
+#include "tfm_ps_defs.h"
#endif
#ifndef TFM_PSA_API
@@ -359,21 +360,31 @@
return PSA_SUCCESS;
}
-static void ps_signal_handle(psa_signal_t signal, ps_func_t pfn)
+static void ps_signal_handle(psa_signal_t signal)
{
psa_status_t status;
status = psa_get(signal, &msg);
switch (msg.type) {
- case PSA_IPC_CONNECT:
- psa_reply(msg.handle, PSA_SUCCESS);
- break;
- case PSA_IPC_CALL:
- status = pfn();
+ case TFM_PS_SET:
+ status = tfm_ps_set_ipc();
psa_reply(msg.handle, status);
break;
- case PSA_IPC_DISCONNECT:
- psa_reply(msg.handle, PSA_SUCCESS);
+ case TFM_PS_GET:
+ status = tfm_ps_get_ipc();
+ psa_reply(msg.handle, status);
+ break;
+ case TFM_PS_GET_INFO:
+ status = tfm_ps_get_info_ipc();
+ psa_reply(msg.handle, status);
+ break;
+ case TFM_PS_REMOVE:
+ status = tfm_ps_remove_ipc();
+ psa_reply(msg.handle, status);
+ break;
+ case TFM_PS_GET_SUPPORT:
+ status = tfm_ps_get_support_ipc();
+ psa_reply(msg.handle, status);
break;
default:
psa_panic();
@@ -392,17 +403,8 @@
while (1) {
signals = psa_wait(PSA_WAIT_ANY, PSA_BLOCK);
- if (signals & TFM_PS_SET_SIGNAL) {
- ps_signal_handle(TFM_PS_SET_SIGNAL, tfm_ps_set_ipc);
- } else if (signals & TFM_PS_GET_SIGNAL) {
- ps_signal_handle(TFM_PS_GET_SIGNAL, tfm_ps_get_ipc);
- } else if (signals & TFM_PS_GET_INFO_SIGNAL) {
- ps_signal_handle(TFM_PS_GET_INFO_SIGNAL, tfm_ps_get_info_ipc);
- } else if (signals & TFM_PS_REMOVE_SIGNAL) {
- ps_signal_handle(TFM_PS_REMOVE_SIGNAL, tfm_ps_remove_ipc);
- } else if (signals & TFM_PS_GET_SUPPORT_SIGNAL) {
- ps_signal_handle(TFM_PS_GET_SUPPORT_SIGNAL,
- tfm_ps_get_support_ipc);
+ if (signals & TFM_PROTECTED_STORAGE_SERVICE_SIGNAL) {
+ ps_signal_handle(TFM_PROTECTED_STORAGE_SERVICE_SIGNAL);
} else {
psa_panic();
}
diff --git a/secure_fw/partitions/protected_storage/tfm_ps_secure_api.c b/secure_fw/partitions/protected_storage/tfm_ps_secure_api.c
index 0f69022..bf573f5 100644
--- a/secure_fw/partitions/protected_storage/tfm_ps_secure_api.c
+++ b/secure_fw/partitions/protected_storage/tfm_ps_secure_api.c
@@ -10,6 +10,7 @@
#ifdef TFM_PSA_API
#include "psa/client.h"
#include "psa_manifest/sid.h"
+#include "tfm_ps_defs.h"
#else
#include "tfm_veneers.h"
#endif
@@ -20,9 +21,6 @@
psa_storage_create_flags_t create_flags)
{
psa_status_t status;
-#ifdef TFM_PSA_API
- psa_handle_t handle;
-#endif
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) },
@@ -31,15 +29,8 @@
};
#ifdef TFM_PSA_API
- handle = psa_connect(TFM_PS_SET_SID, TFM_PS_SET_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_ERROR_GENERIC_ERROR;
- }
-
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec),
- NULL, 0);
-
- psa_close(handle);
+ status = psa_call(TFM_PROTECTED_STORAGE_SERVICE_HANDLE, TFM_PS_SET, in_vec,
+ IOVEC_LEN(in_vec), NULL, 0);
#else
status = tfm_ps_set_req_veneer(in_vec, IOVEC_LEN(in_vec), NULL, 0);
@@ -63,9 +54,6 @@
size_t *p_data_length)
{
psa_status_t status;
-#ifdef TFM_PSA_API
- psa_handle_t handle;
-#endif
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) },
@@ -80,15 +68,8 @@
return PSA_ERROR_INVALID_ARGUMENT;
}
#ifdef TFM_PSA_API
- handle = psa_connect(TFM_PS_GET_SID, TFM_PS_GET_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_ERROR_GENERIC_ERROR;
- }
-
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
- IOVEC_LEN(out_vec));
-
- psa_close(handle);
+ status = psa_call(TFM_PROTECTED_STORAGE_SERVICE_HANDLE, TFM_PS_GET, in_vec,
+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
#else
status = tfm_ps_get_req_veneer(in_vec, IOVEC_LEN(in_vec),
@@ -111,9 +92,6 @@
struct psa_storage_info_t *p_info)
{
psa_status_t status;
-#ifdef TFM_PSA_API
- psa_handle_t handle;
-#endif
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) }
@@ -124,15 +102,8 @@
};
#ifdef TFM_PSA_API
- handle = psa_connect(TFM_PS_GET_INFO_SID, TFM_PS_GET_INFO_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_ERROR_GENERIC_ERROR;
- }
-
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
- IOVEC_LEN(out_vec));
-
- psa_close(handle);
+ status = psa_call(TFM_PROTECTED_STORAGE_SERVICE_HANDLE, TFM_PS_GET_INFO,
+ in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
#else
status = tfm_ps_get_info_req_veneer(in_vec, IOVEC_LEN(in_vec),
@@ -148,24 +119,14 @@
psa_status_t psa_ps_remove(psa_storage_uid_t uid)
{
psa_status_t status;
-#ifdef TFM_PSA_API
- psa_handle_t handle;
-#endif
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) }
};
#ifdef TFM_PSA_API
- handle = psa_connect(TFM_PS_REMOVE_SID, TFM_PS_REMOVE_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_ERROR_GENERIC_ERROR;
- }
-
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec),
- NULL, 0);
-
- psa_close(handle);
+ status = psa_call(TFM_PROTECTED_STORAGE_SERVICE_HANDLE, TFM_PS_REMOVE,
+ in_vec, IOVEC_LEN(in_vec), NULL, 0);
#else
status = tfm_ps_remove_req_veneer(in_vec, IOVEC_LEN(in_vec), NULL, 0);
@@ -204,9 +165,6 @@
* uninitialised value in case the secure function fails.
*/
uint32_t support_flags = 0;
-#ifdef TFM_PSA_API
- psa_handle_t handle;
-#endif
psa_outvec out_vec[] = {
{ .base = &support_flags, .len = sizeof(support_flags) }
@@ -216,14 +174,8 @@
* ignored.
*/
#ifdef TFM_PSA_API
- handle = psa_connect(TFM_PS_GET_SUPPORT_SID, TFM_PS_GET_SUPPORT_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return support_flags;
- }
-
- (void)psa_call(handle, PSA_IPC_CALL, NULL, 0, out_vec, IOVEC_LEN(out_vec));
-
- psa_close(handle);
+ (void)psa_call(TFM_PROTECTED_STORAGE_SERVICE_HANDLE, TFM_PS_GET_SUPPORT,
+ NULL, 0, out_vec, IOVEC_LEN(out_vec));
#else
(void)tfm_ps_get_support_req_veneer(NULL, 0, out_vec, IOVEC_LEN(out_vec));
#endif
diff --git a/secure_fw/partitions/psa_proxy/psa_proxy.c b/secure_fw/partitions/psa_proxy/psa_proxy.c
index 7f30bca..f175a46 100644
--- a/secure_fw/partitions/psa_proxy/psa_proxy.c
+++ b/secure_fw/partitions/psa_proxy/psa_proxy.c
@@ -1,5 +1,6 @@
/*
* Copyright (c) 2020-2021, Arm Limited. All rights reserved.
+ * Copyright (c) 2021, Cypress Semiconductor Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -13,7 +14,6 @@
#include "psa_manifest/sid.h"
#include "tfm_multi_core_api.h"
#include "tfm_ns_mailbox.h"
-#include "platform_multicore.h"
#include "psa_proxy_shared_mem_mngr.h"
#define NON_SECURE_CLIENT_ID (-1)
@@ -43,15 +43,37 @@
tfm_pool_free(forward_handle_pool, h);
}
-static psa_status_t forward_psa_call_to_secure_enclave(const psa_msg_t *msg)
+static psa_status_t forward_message_to_secure_enclave(psa_signal_t signal,
+ const psa_msg_t *msg)
{
psa_status_t status;
- psa_handle_t *forward_handle_ptr = (psa_handle_t *)msg->rhandle;
struct psa_client_params_t params;
int32_t ret;
- params.psa_call_params.handle = *forward_handle_ptr;
- params.psa_call_params.type = PSA_IPC_CALL;
+ /* Use stateless handle for stateless services. */
+ switch (signal) {
+ case TFM_CRYPTO_SIGNAL:
+ params.psa_call_params.handle = TFM_CRYPTO_HANDLE;
+ params.psa_call_params.type = msg->type;
+ break;
+ case TFM_PROTECTED_STORAGE_SERVICE_SIGNAL:
+ params.psa_call_params.handle = TFM_PROTECTED_STORAGE_SERVICE_HANDLE;
+ params.psa_call_params.type = msg->type;
+ break;
+ case TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_SIGNAL:
+ params.psa_call_params.handle =
+ TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE;
+ params.psa_call_params.type = msg->type;
+ break;
+ case TFM_ATTESTATION_SERVICE_SIGNAL:
+ params.psa_call_params.handle = TFM_ATTESTATION_SERVICE_HANDLE;
+ params.psa_call_params.type = msg->type;
+ break;
+ default:
+ params.psa_call_params.handle = *((psa_handle_t *)msg->rhandle);
+ params.psa_call_params.type = PSA_IPC_CALL;
+ break;
+ }
status = psa_proxy_put_msg_into_shared_mem(msg, ¶ms);
@@ -90,34 +112,6 @@
uint32_t *version)
{
switch (signal) {
- case TFM_CRYPTO_SIGNAL:
- *sid = TFM_CRYPTO_SID;
- *version = TFM_CRYPTO_VERSION;
- break;
- case TFM_ATTEST_GET_TOKEN_SIGNAL:
- *sid = TFM_ATTEST_GET_TOKEN_SID;
- *version = TFM_ATTEST_GET_TOKEN_VERSION;
- break;
- case TFM_ATTEST_GET_TOKEN_SIZE_SIGNAL:
- *sid = TFM_ATTEST_GET_TOKEN_SIZE_SID;
- *version = TFM_ATTEST_GET_TOKEN_SIZE_VERSION;
- break;
- case TFM_ITS_SET_SIGNAL:
- *sid = TFM_ITS_SET_SID;
- *version = TFM_ITS_SET_VERSION;
- break;
- case TFM_ITS_GET_SIGNAL:
- *sid = TFM_ITS_GET_SID;
- *version = TFM_ITS_GET_VERSION;
- break;
- case TFM_ITS_GET_INFO_SIGNAL:
- *sid = TFM_ITS_GET_INFO_SID;
- *version = TFM_ITS_GET_INFO_VERSION;
- break;
- case TFM_ITS_REMOVE_SIGNAL:
- *sid = TFM_ITS_REMOVE_SID;
- *version = TFM_ITS_REMOVE_VERSION;
- break;
case TFM_SP_PLATFORM_SYSTEM_RESET_SIGNAL:
*sid = TFM_SP_PLATFORM_SYSTEM_RESET_SID;
*version = TFM_SP_PLATFORM_SYSTEM_RESET_VERSION;
@@ -130,26 +124,6 @@
*sid = TFM_SP_PLATFORM_NV_COUNTER_SID;
*version = TFM_SP_PLATFORM_NV_COUNTER_VERSION;
break;
- case TFM_PS_SET_SIGNAL:
- *sid = TFM_PS_SET_SID;
- *version = TFM_PS_SET_VERSION;
- break;
- case TFM_PS_GET_SIGNAL:
- *sid = TFM_PS_GET_SID;
- *version = TFM_PS_GET_VERSION;
- break;
- case TFM_PS_GET_INFO_SIGNAL:
- *sid = TFM_PS_GET_INFO_SID;
- *version = TFM_PS_GET_INFO_VERSION;
- break;
- case TFM_PS_REMOVE_SIGNAL:
- *sid = TFM_PS_REMOVE_SID;
- *version = TFM_PS_REMOVE_VERSION;
- break;
- case TFM_PS_GET_SUPPORT_SIGNAL:
- *sid = TFM_PS_GET_SUPPORT_SID;
- *version = TFM_PS_GET_SUPPORT_VERSION;
- break;
default:
psa_panic();
break;
@@ -201,16 +175,13 @@
status = psa_connect_to_secure_enclave(signal, &msg);
psa_reply(msg.handle, status);
break;
- case PSA_IPC_CALL:
- status = forward_psa_call_to_secure_enclave(&msg);
- psa_reply(msg.handle, status);
- break;
case PSA_IPC_DISCONNECT:
psa_disconnect_from_secure_enclave(&msg);
psa_reply(msg.handle, PSA_SUCCESS);
break;
default:
- psa_panic();
+ status = forward_message_to_secure_enclave(signal, &msg);
+ psa_reply(msg.handle, status);
break;
}
}
diff --git a/secure_fw/partitions/psa_proxy/psa_proxy_shared_mem_mngr.c b/secure_fw/partitions/psa_proxy/psa_proxy_shared_mem_mngr.c
index dc5614e..68eeee8 100644
--- a/secure_fw/partitions/psa_proxy/psa_proxy_shared_mem_mngr.c
+++ b/secure_fw/partitions/psa_proxy/psa_proxy_shared_mem_mngr.c
@@ -1,12 +1,12 @@
/*
* Copyright (c) 2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2021, Cypress Semiconductor Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
*/
#include "psa_proxy_shared_mem_mngr.h"
-#include "platform_multicore.h"
#include "region_defs.h"
#include "psa/service.h"
#ifdef PSA_PROXY_ADDR_TRANSLATION
diff --git a/secure_fw/partitions/psa_proxy/tfm_psa_proxy.yaml b/secure_fw/partitions/psa_proxy/tfm_psa_proxy.yaml
index 5a07e0b..7429ed6 100644
--- a/secure_fw/partitions/psa_proxy/tfm_psa_proxy.yaml
+++ b/secure_fw/partitions/psa_proxy/tfm_psa_proxy.yaml
@@ -6,10 +6,11 @@
#-------------------------------------------------------------------------------
{
- "psa_framework_version": 1.0,
+ "psa_framework_version": 1.1,
"name": "TFM_SP_PSA_PROXY",
"type": "PSA-ROT",
"priority": "HIGH",
+ "model": "IPC",
"entry_point": "psa_proxy_sp_init",
"stack_size": "0x0A00",
"services": [
@@ -17,48 +18,26 @@
"name": "TFM_CRYPTO",
"sid": "0x00000080",
"non_secure_clients": true,
+ "connection_based": false,
+ "stateless_handle": 1,
"version": 1,
"version_policy": "STRICT"
},
{
- "name": "TFM_ATTEST_GET_TOKEN",
+ "name": "TFM_ATTESTATION_SERVICE",
"sid": "0x00000020",
"non_secure_clients": true,
+ "connection_based": false,
+ "stateless_handle": 4,
"version": 1,
"version_policy": "STRICT"
},
{
- "name": "TFM_ATTEST_GET_TOKEN_SIZE",
- "sid": "0x00000021",
- "non_secure_clients": true,
- "version": 1,
- "version_policy": "STRICT"
- },
- {
- "name": "TFM_ITS_SET",
+ "name": "TFM_INTERNAL_TRUSTED_STORAGE_SERVICE",
"sid": "0x00000070",
"non_secure_clients": true,
- "version": 1,
- "version_policy": "STRICT"
- },
- {
- "name": "TFM_ITS_GET",
- "sid": "0x00000071",
- "non_secure_clients": true,
- "version": 1,
- "version_policy": "STRICT"
- },
- {
- "name": "TFM_ITS_GET_INFO",
- "sid": "0x00000072",
- "non_secure_clients": true,
- "version": 1,
- "version_policy": "STRICT"
- },
- {
- "name": "TFM_ITS_REMOVE",
- "sid": "0x00000073",
- "non_secure_clients": true,
+ "connection_based": false,
+ "stateless_handle": 3,
"version": 1,
"version_policy": "STRICT"
},
@@ -66,6 +45,7 @@
"name": "TFM_SP_PLATFORM_SYSTEM_RESET",
"sid": "0x00000040",
"non_secure_clients": true,
+ "connection_based": true,
"minor_version": 1,
"minor_policy": "STRICT"
},
@@ -73,6 +53,7 @@
"name": "TFM_SP_PLATFORM_IOCTL",
"sid": "0x00000041",
"non_secure_clients": true,
+ "connection_based": true,
"minor_version": 1,
"minor_policy": "STRICT"
},
@@ -80,43 +61,18 @@
"name": "TFM_SP_PLATFORM_NV_COUNTER",
"sid": "0x00000042",
"non_secure_clients": false,
+ "connection_based": true,
"version": 1,
"version_policy": "STRICT"
},
{
- "name": "TFM_PS_SET",
+ "name": "TFM_PROTECTED_STORAGE_SERVICE",
"sid": "0x00000060",
"non_secure_clients": true,
+ "connection_based": false,
+ "stateless_handle": 2,
"version": 1,
"version_policy": "STRICT"
- },
- {
- "name": "TFM_PS_GET",
- "sid": "0x00000061",
- "non_secure_clients": true,
- "version": 1,
- "version_policy": "STRICT"
- },
- {
- "name": "TFM_PS_GET_INFO",
- "sid": "0x00000062",
- "non_secure_clients": true,
- "version": 1,
- "version_policy": "STRICT"
- },
- {
- "name": "TFM_PS_REMOVE",
- "sid": "0x00000063",
- "non_secure_clients": true,
- "version": 1,
- "version_policy": "STRICT"
- },
- {
- "name": "TFM_PS_GET_SUPPORT",
- "sid": "0x00000064",
- "non_secure_clients": true,
- "version": 1,
- "version_policy": "STRICT"
- }
+ }
]
}
diff --git a/secure_fw/partitions/tfm_ffm11_partition/CMakeLists.txt b/secure_fw/partitions/tfm_ffm11_partition/CMakeLists.txt
deleted file mode 100644
index b3870d6..0000000
--- a/secure_fw/partitions/tfm_ffm11_partition/CMakeLists.txt
+++ /dev/null
@@ -1,60 +0,0 @@
-
-#-------------------------------------------------------------------------------
-# Copyright (c) 2021, Arm Limited. All rights reserved.
-#
-# SPDX-License-Identifier: BSD-3-Clause
-#
-#-------------------------------------------------------------------------------
-if (NOT TFM_PARTITION_FFM11)
- return()
-endif()
-
-cmake_minimum_required(VERSION 3.15)
-cmake_policy(SET CMP0079 NEW)
-
-add_library(tfm_app_rot_partition_ffm11 STATIC)
-
-target_sources(tfm_app_rot_partition_ffm11
- PRIVATE
- tfm_ffm11_partition.c
-)
-
-# The generated sources
-target_sources(tfm_app_rot_partition_ffm11
- PRIVATE
- ${CMAKE_BINARY_DIR}/generated/secure_fw/partitions/tfm_ffm11_partition/auto_generated/intermedia_tfm_ffm11_partition.c
-)
-target_sources(tfm_partitions
- INTERFACE
- $<$<BOOL:${TFM_PSA_API}>:
- ${CMAKE_BINARY_DIR}/generated/secure_fw/partitions/tfm_ffm11_partition/auto_generated/load_info_tfm_ffm11_partition.c>
-)
-
-# Set include directory
-target_include_directories(tfm_app_rot_partition_ffm11
- PRIVATE
- $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}>
- ${CMAKE_BINARY_DIR}/generated/secure_fw/partitions/tfm_ffm11_partition
-)
-target_include_directories(tfm_partitions
- INTERFACE
- ${CMAKE_BINARY_DIR}/generated/secure_fw/partitions/tfm_ffm11_partition
-)
-
-target_link_libraries(tfm_app_rot_partition_ffm11
- PRIVATE
- tfm_secure_api
- psa_interface
- platform_s
- tfm_sprt
-)
-
-############################ Partition Defs ####################################
-target_link_libraries(tfm_partitions
- INTERFACE
- tfm_app_rot_partition_ffm11
-)
-target_compile_definitions(tfm_partition_defs
- INTERFACE
- TFM_PARTITION_FFM11
-)
diff --git a/secure_fw/partitions/tfm_ffm11_partition/tfm_ffm11_partition.c b/secure_fw/partitions/tfm_ffm11_partition/tfm_ffm11_partition.c
deleted file mode 100644
index d7f5be0..0000000
--- a/secure_fw/partitions/tfm_ffm11_partition/tfm_ffm11_partition.c
+++ /dev/null
@@ -1,73 +0,0 @@
-
-/*
- * Copyright (c) 2021, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-#include <stdint.h>
-#include "psa/service.h"
-#include "psa_manifest/tfm_ffm11_partition.h"
-#include "tfm/tfm_spm_services.h"
-#include "tfm_sp_log.h"
-
-/**
- * \brief An example service implementation that prints out a message.
- */
-static void tfm_ffm11_service1(void)
-{
- psa_status_t status;
- uint32_t arg;
- psa_msg_t msg;
- size_t num;
-
- /* Retrieve the message corresponding to the example service signal */
- status = psa_get(TFM_FFM11_SERVICE1_SIGNAL, &msg);
- if (status != PSA_SUCCESS) {
- return;
- }
-
- /* Decode the message */
- switch (msg.type) {
- case PSA_IPC_CALL:
- if (msg.in_size[0] != sizeof(arg)) {
- status = PSA_ERROR_PROGRAMMER_ERROR;
- break;
- }
- /* Print arg from client */
- num = psa_read(msg.handle, 0, &arg, sizeof(arg));
- if (num != msg.in_size[0]) {
- status = PSA_ERROR_PROGRAMMER_ERROR;
- break;
- }
- LOG_INFFMT("[Example FFM11 partition] Service called! arg=%x\r\n", arg);
- status = PSA_SUCCESS;
- break;
- default:
- /* Invalid message type */
- status = PSA_ERROR_PROGRAMMER_ERROR;
- break;
- }
- /* Reply with the message result status to unblock the client */
- psa_reply(msg.handle, status);
-}
-
-/**
- * \brief The example FFM-1.1 partition's entry function.
- */
-void tfm_ffm11_partition_main(void)
-{
- psa_signal_t signals;
-
- while (1) {
- signals = psa_wait(PSA_WAIT_ANY, PSA_BLOCK);
- if (signals & TFM_FFM11_SERVICE1_SIGNAL) {
- tfm_ffm11_service1();
- }
- /*
- * The other services are created in yaml for testing manifest tool,
- * but not handled here. They are reserved for future use.
- */
- }
-}
diff --git a/secure_fw/partitions/tfm_ffm11_partition/tfm_ffm11_partition.yaml b/secure_fw/partitions/tfm_ffm11_partition/tfm_ffm11_partition.yaml
deleted file mode 100644
index 9efdd7c..0000000
--- a/secure_fw/partitions/tfm_ffm11_partition/tfm_ffm11_partition.yaml
+++ /dev/null
@@ -1,45 +0,0 @@
-#-------------------------------------------------------------------------------
-# Copyright (c) 2021, Arm Limited. All rights reserved.
-#
-# SPDX-License-Identifier: BSD-3-Clause
-#
-#-------------------------------------------------------------------------------
-
-{
- "psa_framework_version": 1.1,
- "name": "TFM_SP_FFM11",
- "type": "APPLICATION-ROT",
- "priority": "NORMAL",
- "model": "IPC",
- "entry_point": "tfm_ffm11_partition_main",
- "stack_size": "0x200",
- "services": [
- {
- "name": "TFM_FFM11_SERVICE1",
- "sid": "0x0000F120",
- "non_secure_clients": true,
- "connection_based": false,
- "stateless_handle": 4,
- "version": 1,
- "version_policy": "RELAXED"
- },
- {
- "name": "TFM_FFM11_SERVICE2",
- "sid": "0x0000F121",
- "non_secure_clients": true,
- "connection_based": false,
- "stateless_handle": "auto",
- "version": 1,
- "version_policy": "RELAXED"
- },
- {
- "name": "TFM_FFM11_SERVICE3",
- "sid": "0x0000F122",
- "non_secure_clients": true,
- "connection_based": false,
- "stateless_handle": 3,
- "version": 1,
- "version_policy": "RELAXED"
- }
- ],
-}
diff --git a/secure_fw/spm/CMakeLists.txt b/secure_fw/spm/CMakeLists.txt
index 098c518..ad4537d 100755
--- a/secure_fw/spm/CMakeLists.txt
+++ b/secure_fw/spm/CMakeLists.txt
@@ -24,7 +24,7 @@
$<$<NOT:$<BOOL:${TFM_PSA_API}>>:${CMAKE_CURRENT_SOURCE_DIR}/cmsis_func/include>
PRIVATE
${CMAKE_SOURCE_DIR}
- ${CMAKE_SOURCE_DIR}/secure_fw/include/tfm
+ ${CMAKE_SOURCE_DIR}/secure_fw/include
${CMAKE_BINARY_DIR}/generated
$<$<BOOL:${TFM_PSA_API}>:${CMAKE_BINARY_DIR}/generated/secure_fw/spm/cmsis_psa>
$<$<NOT:$<BOOL:${TFM_PSA_API}>>:${CMAKE_BINARY_DIR}/generated/secure_fw/spm/cmsis_func>
@@ -40,14 +40,13 @@
$<$<BOOL:${TFM_MULTI_CORE_TOPOLOGY}>:cmsis_psa/tfm_multi_core.c>
$<$<BOOL:${TFM_MULTI_CORE_TOPOLOGY}>:cmsis_psa/tfm_multi_core_mem_check.c>
$<$<BOOL:${TFM_MULTI_CORE_TOPOLOGY}>:cmsis_psa/tfm_rpc.c>
- $<$<BOOL:${TFM_MULTI_CORE_TOPOLOGY}>:cmsis_psa/tfm_spe_mailbox.c>
+ $<$<AND:$<BOOL:${TFM_MULTI_CORE_TOPOLOGY}>,$<NOT:$<BOOL:${TFM_PLAT_SPECIFIC_MULTI_CORE_COMM}>>>:cmsis_psa/tfm_spe_mailbox.c>
$<$<NOT:$<BOOL:${TFM_PSA_API}>>:ffm/tfm_core_mem_check.c>
$<$<BOOL:${TFM_PSA_API}>:cmsis_psa/arch/tfm_arch.c>
$<$<BOOL:${TFM_PSA_API}>:cmsis_psa/main.c>
$<$<BOOL:${TFM_PSA_API}>:cmsis_psa/spm_ipc.c>
$<$<BOOL:${TFM_PSA_API}>:cmsis_psa/static_load.c>
- $<$<BOOL:${TFM_PSA_API}>:ffm/spm_psa_client_call.c>
- $<$<BOOL:${TFM_PSA_API}>:ffm/psa_client_service_apis.c>
+ $<$<BOOL:${TFM_PSA_API}>:ffm/psa_api.c>
$<$<BOOL:${TFM_PSA_API}>:cmsis_psa/tfm_core_svcalls_ipc.c>
$<$<AND:$<BOOL:${TFM_PSA_API}>,$<NOT:$<BOOL:${TFM_MULTI_CORE_TOPOLOGY}>>>:cmsis_psa/tfm_nspm_ipc.c>
$<$<BOOL:${TFM_PSA_API}>:cmsis_psa/tfm_pools.c>
diff --git a/secure_fw/spm/cmsis_func/arch.c b/secure_fw/spm/cmsis_func/arch.c
index bf637da..39446c0 100644
--- a/secure_fw/spm/cmsis_func/arch.c
+++ b/secure_fw/spm/cmsis_func/arch.c
@@ -9,7 +9,6 @@
#include "compiler_ext_defs.h"
#include "exception_info.h"
#include "tfm_secure_api.h"
-#include "tfm/tfm_spm_services.h"
#if defined(__ICCARM__)
uint32_t tfm_core_svc_handler(uint32_t *msp, uint32_t *psp, uint32_t exc_return);
@@ -27,20 +26,6 @@
}
__attribute__((naked))
-static int32_t tfm_spm_request(int32_t request_type)
-{
- __ASM volatile(
- "SVC %0\n"
- "BX lr\n"
- : : "I" (TFM_SVC_SPM_REQUEST));
-}
-
-int32_t tfm_spm_request_reset_vote(void)
-{
- return tfm_spm_request((int32_t)TFM_SPM_REQUEST_RESET_VOTE);
-}
-
-__attribute__((naked))
void tfm_enable_irq(psa_signal_t irq_signal)
{
__ASM("SVC %0\n"
diff --git a/secure_fw/spm/cmsis_func/include/spm_func.h b/secure_fw/spm/cmsis_func/include/spm_func.h
index 568b456..72fa860 100644
--- a/secure_fw/spm/cmsis_func/include/spm_func.h
+++ b/secure_fw/spm/cmsis_func/include/spm_func.h
@@ -374,12 +374,6 @@
uint32_t tfm_spm_partition_get_privileged_mode(uint32_t partition_flags);
/**
- * \brief Handle an SPM request by a secure service
- * \param[in] svc_ctx The stacked SVC context
- */
-void tfm_spm_request_handler(const struct tfm_state_context_t *svc_ctx);
-
-/**
* \brief Function to seal the PSP stacks for Function mode.
*/
void tfm_spm_seal_psp_stacks(void);
diff --git a/secure_fw/spm/include/spm_partition_defs.h b/secure_fw/spm/cmsis_func/include/spm_partition_defs.h
similarity index 87%
rename from secure_fw/spm/include/spm_partition_defs.h
rename to secure_fw/spm/cmsis_func/include/spm_partition_defs.h
index 252f99c..54240f1 100644
--- a/secure_fw/spm/include/spm_partition_defs.h
+++ b/secure_fw/spm/cmsis_func/include/spm_partition_defs.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2017-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -24,14 +24,13 @@
* operations.
*/
#define TFM_SP_NON_SECURE_ID (0)
-#define TFM_SP_IDLE_ID (1)
+
/* A dummy partition for TFM_SP_CORE is created to handle secure partition
* calls done directly from the core, before NS execution started.
*/
#define TFM_SP_CORE_ID (1)
#include "psa_manifest/pid.h"
-#include "psa/service.h"
/* This limit is only used to define the size of the database reserved for
* partitions. There's no requirement that it match the number of partitions
@@ -40,6 +39,5 @@
#define SPM_MAX_PARTITIONS (TFM_MAX_USER_PARTITIONS + TFM_INTERNAL_PARTITIONS)
typedef void(*sp_entry_point)(void);
-typedef psa_flih_result_t (*psa_flih_func)(void);
#endif /* __SPM_PARTITION_DEFS_H__ */
diff --git a/secure_fw/spm/cmsis_func/include/tfm_core_svc.h b/secure_fw/spm/cmsis_func/include/tfm_core_svc.h
index ce4eed8..d732de7 100644
--- a/secure_fw/spm/cmsis_func/include/tfm_core_svc.h
+++ b/secure_fw/spm/cmsis_func/include/tfm_core_svc.h
@@ -16,14 +16,13 @@
#define TFM_SVC_SFN_REQUEST (0x2)
#define TFM_SVC_SFN_RETURN (0x3)
#define TFM_SVC_SFN_COMPLETION (0x4)
-#define TFM_SVC_SPM_REQUEST (0x5)
-#define TFM_SVC_GET_BOOT_DATA (0x6)
-#define TFM_SVC_DEPRIV_REQ (0x7)
-#define TFM_SVC_DEPRIV_RET (0x8)
-#define TFM_SVC_ENABLE_IRQ (0x9)
-#define TFM_SVC_DISABLE_IRQ (0xA)
+#define TFM_SVC_GET_BOOT_DATA (0x5)
+#define TFM_SVC_DEPRIV_REQ (0x6)
+#define TFM_SVC_DEPRIV_RET (0x7)
+#define TFM_SVC_ENABLE_IRQ (0x8)
+#define TFM_SVC_DISABLE_IRQ (0x9)
#if (TFM_SPM_LOG_LEVEL > TFM_SPM_LOG_LEVEL_SILENCE)
-#define TFM_SVC_OUTPUT_UNPRIV_STRING (0xB)
+#define TFM_SVC_OUTPUT_UNPRIV_STRING (0xA)
#endif
#endif /* __TFM_CORE_SVC_H__ */
diff --git a/secure_fw/spm/cmsis_func/include/tfm_spm_services.h b/secure_fw/spm/cmsis_func/include/tfm_spm_services.h
new file mode 100644
index 0000000..a556573
--- /dev/null
+++ b/secure_fw/spm/cmsis_func/include/tfm_spm_services.h
@@ -0,0 +1,18 @@
+/*
+ * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __TFM_SPM_SERVICES_H__
+#define __TFM_SPM_SERVICES_H__
+
+#include <stdint.h>
+
+typedef uint32_t psa_signal_t;
+
+void tfm_enable_irq(psa_signal_t irq_signal);
+void tfm_disable_irq(psa_signal_t irq_signal);
+
+#endif /* __TFM_SPM_SERVICES_H__ */
diff --git a/secure_fw/spm/cmsis_func/spm_func.c b/secure_fw/spm/cmsis_func/spm_func.c
index 252716e..882f517 100644
--- a/secure_fw/spm/cmsis_func/spm_func.c
+++ b/secure_fw/spm/cmsis_func/spm_func.c
@@ -26,7 +26,7 @@
#include "region.h"
#include "spm_partition_defs.h"
#include "psa_manifest/pid.h"
-#include "tfm/tfm_spm_services.h"
+#include "tfm_spm_services.h"
#include "tfm_spm_db_func.inc"
/* Structure to temporarily save iovec parameters from PSA client */
@@ -1372,39 +1372,6 @@
partition->runtime_data.orig_outvec = 0;
}
-void tfm_spm_request_handler(const struct tfm_state_context_t *svc_ctx)
-{
- uint32_t *res_ptr = (uint32_t *)&svc_ctx->r0;
- uint32_t running_partition_flags = 0;
- uint32_t running_partition_idx;
-
- /* Check permissions on request type basis */
-
- switch (svc_ctx->r0) {
- case TFM_SPM_REQUEST_RESET_VOTE:
- running_partition_idx =
- tfm_spm_partition_get_running_partition_idx();
- running_partition_flags = tfm_spm_partition_get_flags(
- running_partition_idx);
-
- /* Currently only PSA Root of Trust services are allowed to make Reset
- * vote request
- */
- if ((running_partition_flags & SPM_PART_FLAG_PSA_ROT) == 0) {
- *res_ptr = (uint32_t)TFM_ERROR_GENERIC;
- }
-
- /* FixMe: this is a placeholder for checks to be performed before
- * allowing execution of reset
- */
- *res_ptr = (uint32_t)TFM_SUCCESS;
-
- break;
- default:
- *res_ptr = (uint32_t)TFM_ERROR_INVALID_PARAMETER;
- }
-}
-
enum spm_err_t tfm_spm_db_init(void)
{
uint32_t i;
diff --git a/secure_fw/spm/cmsis_func/tfm_core_svcalls_func.c b/secure_fw/spm/cmsis_func/tfm_core_svcalls_func.c
index e6412a5..ef37f1b 100644
--- a/secure_fw/spm/cmsis_func/tfm_core_svcalls_func.c
+++ b/secure_fw/spm/cmsis_func/tfm_core_svcalls_func.c
@@ -68,9 +68,6 @@
case TFM_SVC_SFN_COMPLETION:
tfm_spm_partition_completion_handler(svc_args[0], svc_args[1], msp);
break;
- case TFM_SVC_SPM_REQUEST:
- tfm_spm_request_handler((struct tfm_state_context_t *)svc_args);
- break;
case TFM_SVC_DEPRIV_REQ:
retval = tfm_spm_depriv_req_handler(svc_args, exc_return);
break;
diff --git a/secure_fw/spm/cmsis_func/tfm_secure_irq_handlers.inc.template b/secure_fw/spm/cmsis_func/tfm_secure_irq_handlers.inc.template
index 08a82ea..bdc5408 100644
--- a/secure_fw/spm/cmsis_func/tfm_secure_irq_handlers.inc.template
+++ b/secure_fw/spm/cmsis_func/tfm_secure_irq_handlers.inc.template
@@ -52,7 +52,7 @@
{% endif %}
{% endif %}
{% endfor %}
- {0, 0, 0, 0} /* add dummy element to avoid non-standard empty array */
+ {0,0,0} /* add dummy element to avoid non-standard empty array */
};
const size_t tfm_core_irq_signals_count = (sizeof(tfm_core_irq_signals) /
diff --git a/secure_fw/spm/cmsis_psa/arch/tfm_arch.c b/secure_fw/spm/cmsis_psa/arch/tfm_arch.c
index 34b347d..3d9f076 100644
--- a/secure_fw/spm/cmsis_psa/arch/tfm_arch.c
+++ b/secure_fw/spm/cmsis_psa/arch/tfm_arch.c
@@ -8,21 +8,7 @@
#include "svc_num.h"
#include "tfm_arch.h"
#include "tfm_core_utils.h"
-#include "tfm/tfm_spm_services.h"
-__attribute__((naked))
-static int32_t tfm_spm_request(int32_t request_type)
-{
- __ASM volatile(
- "SVC %0\n"
- "BX lr\n"
- : : "I" (TFM_SVC_SPM_REQUEST));
-}
-
-int32_t tfm_spm_request_reset_vote(void)
-{
- return tfm_spm_request((int32_t)TFM_SPM_REQUEST_RESET_VOTE);
-}
static void tfm_arch_init_state_ctx(struct tfm_state_context_t *p_stat_ctx,
void *param, uintptr_t pfn)
diff --git a/secure_fw/spm/cmsis_psa/arch/tfm_arch_v6m_v7m.h b/secure_fw/spm/cmsis_psa/arch/tfm_arch_v6m_v7m.h
index 5058dd8..b29af05 100644
--- a/secure_fw/spm/cmsis_psa/arch/tfm_arch_v6m_v7m.h
+++ b/secure_fw/spm/cmsis_psa/arch/tfm_arch_v6m_v7m.h
@@ -30,6 +30,11 @@
/* processor mode for return: 0=Handler mode 1=Thread mod. */
#define EXC_RETURN_MODE (1UL << 3)
+/* Exception numbers */
+#define EXC_NUM_THREAD_MODE (0)
+#define EXC_NUM_SVCALL (11)
+#define EXC_NUM_PENDSV (14)
+
struct tfm_arch_ctx_t {
uint32_t r8;
uint32_t r9;
diff --git a/secure_fw/spm/cmsis_psa/spm_ipc.c b/secure_fw/spm/cmsis_psa/spm_ipc.c
index 2db3dce..84441e3 100644
--- a/secure_fw/spm/cmsis_psa/spm_ipc.c
+++ b/secure_fw/spm/cmsis_psa/spm_ipc.c
@@ -27,9 +27,8 @@
#include "tfm_core_trustzone.h"
#include "lists.h"
#include "tfm_pools.h"
-#include "spm_partition_defs.h"
+#include "region.h"
#include "psa_manifest/pid.h"
-#include "tfm/tfm_spm_services.h"
#include "load/partition_defs.h"
#include "load/service_defs.h"
#include "load/asset_defs.h"
@@ -45,6 +44,10 @@
TFM_POOL_DECLARE(conn_handle_pool, sizeof(struct tfm_conn_handle_t),
TFM_CONN_HANDLE_MAX_NUM);
+/* The veneer section names come from the scatter file */
+REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
+REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
+
void spm_interrupt_handler(struct partition_load_info_t *p_ldinf,
psa_signal_t signal,
uint32_t irq_line,
@@ -305,11 +308,12 @@
struct service_t *tfm_spm_get_service_by_sid(uint32_t sid)
{
- struct service_t *p_serv;
+ struct service_t *p_prev, *p_curr;
- UNI_LIST_FOR_EACH(p_serv, &services_listhead) {
- if (p_serv->p_ldinf->sid == sid) {
- return p_serv;
+ UNI_LIST_FOR_EACH_PREV(p_prev, p_curr, &services_listhead) {
+ if (p_curr->p_ldinf->sid == sid) {
+ UNI_LIST_MOVE_AFTER(&services_listhead, p_prev, p_curr);
+ return p_curr;
}
}
@@ -604,6 +608,43 @@
return SPM_ERROR_MEMORY_CHECK;
}
+bool tfm_spm_is_ns_caller(void)
+{
+#if defined(TFM_MULTI_CORE_TOPOLOGY) || defined(FORWARD_PROT_MSG)
+ /* Multi-core NS PSA API request is processed by pendSV. */
+ return (__get_active_exc_num() == EXC_NUM_PENDSV);
+#else
+ struct partition_t *partition = tfm_spm_get_running_partition();
+
+ if (!partition) {
+ tfm_core_panic();
+ }
+
+ return (partition->p_ldinf->pid == TFM_SP_NON_SECURE_ID);
+#endif
+}
+
+uint32_t tfm_spm_get_caller_privilege_mode(void)
+{
+ struct partition_t *partition;
+
+#if defined(TFM_MULTI_CORE_TOPOLOGY) || defined(FORWARD_PROT_MSG)
+ /*
+ * In multi-core topology, if PSA request is from mailbox, the client
+ * is unprivileged.
+ */
+ if (__get_active_exc_num() == EXC_NUM_PENDSV) {
+ return TFM_PARTITION_UNPRIVILEGED_MODE;
+ }
+#endif
+ partition = tfm_spm_get_running_partition();
+ if (!partition) {
+ tfm_core_panic();
+ }
+
+ return tfm_spm_partition_get_privileged_mode(partition->p_ldinf->flags);
+}
+
uint32_t tfm_spm_init(void)
{
uint32_t i;
@@ -949,24 +990,47 @@
}
#if !defined(__ARM_ARCH_8_1M_MAIN__)
-void tfm_spm_validate_caller(struct partition_t *p_cur_sp, uint32_t *p_ctx,
- uint32_t exc_return, bool ns_caller)
+void tfm_spm_validate_caller(uint32_t *p_ctx, uint32_t exc_return)
{
+ /*
+ * TODO: the reentrant detection mechanism needs to be changed when there
+ * is no boundaries.
+ */
uintptr_t stacked_ctx_pos;
+ bool ns_caller = false;
+ struct partition_t *p_cur_sp = tfm_spm_get_running_partition();
+ uint32_t veneer_base =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
+ uint32_t veneer_limit =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
+
+ if (!p_cur_sp) {
+ tfm_core_panic();
+ }
+
+ /*
+ * The caller security attribute detection bases on LR of state context.
+ * However, if SP calls PSA APIs based on its customized SVC, the LR may be
+ * occupied by general purpose value while calling SVC.
+ * Check if caller comes from non-secure: return address (p_ctx[6]) belongs
+ * to veneer section, and the bit0 of LR (p_ctx[5]) is zero.
+ */
+ if (p_ctx[6] >= veneer_base && p_ctx[6] < veneer_limit &&
+ !(p_ctx[5] & TFM_VENEER_LR_BIT0_MASK)) {
+ ns_caller = true;
+ }
+
+ /* If called from ns, partition ID should be TFM_SP_NON_SECURE_ID. */
+ if ((ns_caller == true) !=
+ (p_cur_sp->p_ldinf->pid == TFM_SP_NON_SECURE_ID)) {
+ tfm_core_panic();
+ }
if (ns_caller) {
/*
* The background IRQ can't be supported, since if SP is executing,
* the preempted context of SP can be different with the one who
- * preempts veneer.
- */
- if (p_cur_sp->p_ldinf->pid != TFM_SP_NON_SECURE_ID) {
- tfm_core_panic();
- }
-
- /*
- * It is non-secure caller, check if veneer stack contains
- * multiple contexts.
+ * preempts veneer. Check if veneer stack contains multiple contexts.
*/
stacked_ctx_pos = (uintptr_t)p_ctx +
sizeof(struct tfm_state_context_t) +
@@ -985,42 +1049,6 @@
if (stacked_ctx_pos != p_cur_sp->sp_thread.stk_top) {
tfm_core_panic();
}
- } else if (p_cur_sp->p_ldinf->pid <= 0) {
- tfm_core_panic();
}
}
#endif
-
-void tfm_spm_request_handler(const struct tfm_state_context_t *svc_ctx)
-{
- uint32_t *res_ptr = (uint32_t *)&svc_ctx->r0;
- uint32_t running_partition_flags = 0;
- const struct partition_t *partition = NULL;
-
- /* Check permissions on request type basis */
-
- switch (svc_ctx->r0) {
- case TFM_SPM_REQUEST_RESET_VOTE:
- partition = tfm_spm_get_running_partition();
- if (!partition) {
- tfm_core_panic();
- }
- running_partition_flags = partition->p_ldinf->flags;
-
- /* Currently only PSA Root of Trust services are allowed to make Reset
- * vote request
- */
- if ((running_partition_flags & SPM_PART_FLAG_PSA_ROT) == 0) {
- *res_ptr = (uint32_t)TFM_ERROR_GENERIC;
- }
-
- /* FixMe: this is a placeholder for checks to be performed before
- * allowing execution of reset
- */
- *res_ptr = (uint32_t)TFM_SUCCESS;
-
- break;
- default:
- *res_ptr = (uint32_t)TFM_ERROR_INVALID_PARAMETER;
- }
-}
diff --git a/secure_fw/spm/cmsis_psa/spm_ipc.h b/secure_fw/spm/cmsis_psa/spm_ipc.h
index 43b836b..e3c7a2f 100644
--- a/secure_fw/spm/cmsis_psa/spm_ipc.h
+++ b/secure_fw/spm/cmsis_psa/spm_ipc.h
@@ -9,7 +9,6 @@
#define __SPM_IPC_H__
#include <stdint.h>
-#include "spm_partition_defs.h"
#include "tfm_arch.h"
#include "lists.h"
#include "tfm_wait.h"
@@ -56,6 +55,8 @@
#define TFM_MSG_MAGIC 0x15154343
+typedef psa_flih_result_t (*psa_flih_func)(void);
+
/* Message struct to collect parameter from client */
struct tfm_msg_body_t {
int32_t magic;
@@ -141,12 +142,6 @@
uint32_t tfm_spm_partition_get_privileged_mode(uint32_t partition_flags);
/**
- * \brief Handle an SPM request by a secure service
- * \param[in] svc_ctx The stacked SVC context
- */
-void tfm_spm_request_handler(const struct tfm_state_context_t *svc_ctx);
-
-/**
* \brief Get the running partition ID.
*
* \return Returns the partition ID
@@ -355,6 +350,23 @@
uint32_t privileged);
/**
+ * \brief Get the ns_caller info from runtime context.
+ *
+ * \retval - true: the PSA API caller is from non-secure
+ * - false: the PSA API caller is from secure
+ */
+bool tfm_spm_is_ns_caller(void);
+
+/**
+ * \brief Get the privilege mode of service caller.
+ *
+ * \retval Privilege mode of the service caller
+ * \ref TFM_PARTITION_UNPRIVILEGED_MODE
+ * \ref TFM_PARTITION_PRIVILEGED_MODE
+ */
+uint32_t tfm_spm_get_caller_privilege_mode(void);
+
+/**
* \brief Set up the isolation boundary of the given partition.
*
* \param[in] partition The partition of which the boundary is set up.
@@ -387,11 +399,8 @@
/**
* \brief Validate the whether NS caller re-enter.
*
- * \param[in] p_cur_sp Pointer to current partition.
* \param[in] p_ctx Pointer to current stack context.
* \param[in] exc_return EXC_RETURN value.
- * \param[in] ns_caller If 'true', call from non-secure client.
- * Or from secure client.
*
* \retval void Success.
*
@@ -399,20 +408,16 @@
* For architecture v8.1m and later, will use hardware re-entrant detection.
* Otherwise will use the software solution to validate the caller.
*/
-void tfm_spm_validate_caller(struct partition_t *p_cur_sp, uint32_t *p_ctx,
- uint32_t exc_return, bool ns_caller);
+void tfm_spm_validate_caller(uint32_t *p_ctx, uint32_t exc_return);
#else
/**
* In v8.1 mainline, will use hardware re-entrant detection instead.
*/
__STATIC_INLINE
-void tfm_spm_validate_caller(struct partition_t *p_cur_sp, uint32_t *p_ctx,
- uint32_t exc_return, bool ns_caller)
+void tfm_spm_validate_caller(uint32_t *p_ctx, uint32_t exc_return)
{
- (void)p_cur_sp;
(void)p_ctx;
(void)exc_return;
- (void)ns_caller;
return;
}
#endif
diff --git a/secure_fw/spm/cmsis_psa/tfm_core_svcalls_ipc.c b/secure_fw/spm/cmsis_psa/tfm_core_svcalls_ipc.c
index 7ca5cfc..9819416 100644
--- a/secure_fw/spm/cmsis_psa/tfm_core_svcalls_ipc.c
+++ b/secure_fw/spm/cmsis_psa/tfm_core_svcalls_ipc.c
@@ -6,23 +6,20 @@
*/
#include <string.h>
-#include "load/partition_defs.h"
#include "region.h"
#include "spm_ipc.h"
+#include "svc_num.h"
#include "tfm_api.h"
#include "tfm_arch.h"
#include "tfm_core_trustzone.h"
#include "tfm_core_utils.h"
#include "tfm_svcalls.h"
#include "utilities.h"
-#include "svc_num.h"
#include "ffm/tfm_boot_data.h"
-#include "ffm/psa_client_service_apis.h"
+#include "ffm/psa_api.h"
#include "tfm_hal_spm_logdev.h"
-
-/* The section names come from the scatter file */
-REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
+#include "load/partition_defs.h"
+#include "psa/client.h"
/* MSP bottom (higher address) */
REGION_DECLARE(Image$$, ARM_LIB_STACK_MSP, $$ZI$$Limit);
@@ -42,75 +39,54 @@
static int32_t SVC_Handler_IPC(uint8_t svc_num, uint32_t *ctx,
uint32_t lr)
{
- bool ns_caller = false;
- struct partition_t *partition = NULL;
- uint32_t veneer_base =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
- uint32_t veneer_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
-
- /*
- * The caller security attribute detection bases on LR of state context.
- * However, if SP calls PSA APIs based on its customized SVC, the LR may be
- * occupied by general purpose value while calling SVC.
- * Check if caller comes from non-secure: return address (ctx[6]) is belongs
- * to veneer section, and the bit0 of LR (ctx[5]) is zero.
- */
- if (ctx[6] >= veneer_base && ctx[6] < veneer_limit &&
- !(ctx[5] & TFM_VENEER_LR_BIT0_MASK)) {
- ns_caller = true;
- }
-
- partition = tfm_spm_get_running_partition();
- if (!partition) {
- tfm_core_panic();
- }
-
- tfm_spm_validate_caller(partition, ctx, lr, ns_caller);
+ tfm_spm_validate_caller(ctx, lr);
switch (svc_num) {
case TFM_SVC_PSA_FRAMEWORK_VERSION:
- return tfm_spm_psa_framework_version();
+ return tfm_spm_client_psa_framework_version();
case TFM_SVC_PSA_VERSION:
- return tfm_spm_psa_version(ctx, ns_caller);
+ return tfm_spm_client_psa_version(ctx[0]);
case TFM_SVC_PSA_CONNECT:
- return tfm_spm_psa_connect(ctx, ns_caller);
+ return tfm_spm_client_psa_connect(ctx[0], ctx[1]);
case TFM_SVC_PSA_CALL:
- return tfm_spm_psa_call(ctx, ns_caller, lr);
+ return tfm_spm_client_psa_call((psa_handle_t)ctx[0], ctx[1],
+ (const psa_invec *)ctx[2],
+ (psa_outvec *)ctx[3]);
case TFM_SVC_PSA_CLOSE:
- tfm_spm_psa_close(ctx, ns_caller);
+ tfm_spm_client_psa_close((psa_handle_t)ctx[0]);
break;
case TFM_SVC_PSA_WAIT:
- return tfm_spm_psa_wait(ctx);
+ return tfm_spm_partition_psa_wait((psa_signal_t)ctx[0], ctx[1]);
case TFM_SVC_PSA_GET:
- return tfm_spm_psa_get(ctx);
+ return tfm_spm_partition_psa_get((psa_signal_t)ctx[0],
+ (psa_msg_t *)ctx[1]);
case TFM_SVC_PSA_SET_RHANDLE:
- tfm_spm_psa_set_rhandle(ctx);
+ tfm_spm_partition_psa_set_rhandle((psa_handle_t)ctx[0], (void *)ctx[1]);
break;
case TFM_SVC_PSA_READ:
- return tfm_spm_psa_read(ctx);
+ return tfm_spm_partition_psa_read((psa_handle_t)ctx[0], ctx[1],
+ (void *)ctx[2], (size_t)ctx[3]);
case TFM_SVC_PSA_SKIP:
- return tfm_spm_psa_skip(ctx);
+ return tfm_spm_partition_psa_skip((psa_handle_t)ctx[0], ctx[1],
+ (size_t)ctx[2]);
case TFM_SVC_PSA_WRITE:
- tfm_spm_psa_write(ctx);
+ tfm_spm_partition_psa_write((psa_handle_t)ctx[0], ctx[1],
+ (void *)ctx[2], (size_t)ctx[3]);
break;
case TFM_SVC_PSA_REPLY:
- tfm_spm_psa_reply(ctx);
+ tfm_spm_partition_psa_reply((psa_handle_t)ctx[0], (psa_status_t)ctx[1]);
break;
case TFM_SVC_PSA_NOTIFY:
- tfm_spm_psa_notify(ctx);
+ tfm_spm_partition_psa_notify((int32_t)ctx[0]);
break;
case TFM_SVC_PSA_CLEAR:
- tfm_spm_psa_clear();
+ tfm_spm_partition_psa_clear();
break;
case TFM_SVC_PSA_EOI:
- tfm_spm_psa_eoi(ctx);
+ tfm_spm_partition_psa_eoi((psa_signal_t)ctx[0]);
break;
case TFM_SVC_PSA_PANIC:
- tfm_spm_psa_panic();
- break;
- case TFM_SVC_SPM_REQUEST:
- tfm_spm_request_handler((const struct tfm_state_context_t *)ctx);
+ tfm_spm_partition_psa_panic();
break;
case TFM_SVC_PSA_LIFECYCLE:
return tfm_spm_get_lifecycle_state();
@@ -119,12 +95,12 @@
return tfm_hal_output_spm_log((const char *)ctx[0], ctx[1]);
#endif
case TFM_SVC_PSA_IRQ_ENABLE:
- tfm_spm_irq_enable(ctx);
+ tfm_spm_partition_irq_enable((psa_signal_t)ctx[0]);
break;
case TFM_SVC_PSA_IRQ_DISABLE:
- return tfm_spm_irq_disable(ctx);
+ return tfm_spm_partition_irq_disable((psa_signal_t)ctx[0]);
case TFM_SVC_PSA_RESET_SIGNAL:
- tfm_spm_psa_reset_signal(ctx);
+ tfm_spm_partition_psa_reset_signal((psa_signal_t)ctx[0]);
break;
default:
#ifdef PLATFORM_SVC_HANDLERS
diff --git a/secure_fw/spm/cmsis_psa/tfm_multi_core.c b/secure_fw/spm/cmsis_psa/tfm_multi_core.c
index 03a1afe..54b5da2 100644
--- a/secure_fw/spm/cmsis_psa/tfm_multi_core.c
+++ b/secure_fw/spm/cmsis_psa/tfm_multi_core.c
@@ -1,14 +1,14 @@
/*
- * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include "tfm_arch.h"
#include "tfm_assert.h"
-#include "tfm_spe_mailbox.h"
#include "tfm_spm_hal.h"
#include "tfm_spm_log.h"
+#include "tfm_multi_core.h"
#define DEFAULT_NS_CLIENT_ID (-1)
@@ -27,7 +27,7 @@
tfm_spm_hal_boot_ns_cpu(tfm_spm_hal_get_ns_VTOR());
tfm_spm_hal_wait_for_ns_cpu_ready();
- tfm_mailbox_init();
+ tfm_inter_core_comm_init();
/*
* TODO
diff --git a/secure_fw/spm/cmsis_psa/tfm_multi_core.h b/secure_fw/spm/cmsis_psa/tfm_multi_core.h
index 0cf4ba2..87c8bc7 100644
--- a/secure_fw/spm/cmsis_psa/tfm_multi_core.h
+++ b/secure_fw/spm/cmsis_psa/tfm_multi_core.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -89,4 +89,12 @@
*/
int32_t tfm_has_access_to_region(const void *p, size_t s, uint32_t attr);
+/**
+ * \brief Initialization of the multi core communication.
+ *
+ * \retval 0 Operation succeeded.
+ * \retval Other return code Operation failed with an error code.
+ */
+int32_t tfm_inter_core_comm_init(void);
+
#endif /* __TFM_MULTI_CORE_H__ */
diff --git a/secure_fw/spm/cmsis_psa/tfm_rpc.c b/secure_fw/spm/cmsis_psa/tfm_rpc.c
index a4fbc0c..9fc1ced 100644
--- a/secure_fw/spm/cmsis_psa/tfm_rpc.c
+++ b/secure_fw/spm/cmsis_psa/tfm_rpc.c
@@ -6,10 +6,11 @@
*/
#include "spm_ipc.h"
-#include "ffm/spm_psa_client_call.h"
+#include "ffm/psa_api.h"
#include "tfm_rpc.h"
#include "utilities.h"
#include "load/partition_defs.h"
+#include "tfm_psa_call_param.h"
static void default_handle_req(void)
{
@@ -39,39 +40,36 @@
return tfm_spm_client_psa_framework_version();
}
-uint32_t tfm_rpc_psa_version(const struct client_call_params_t *params,
- bool ns_caller)
+uint32_t tfm_rpc_psa_version(const struct client_call_params_t *params)
{
TFM_CORE_ASSERT(params != NULL);
- return tfm_spm_client_psa_version(params->sid, ns_caller);
+ return tfm_spm_client_psa_version(params->sid);
}
-psa_status_t tfm_rpc_psa_connect(const struct client_call_params_t *params,
- bool ns_caller)
+psa_status_t tfm_rpc_psa_connect(const struct client_call_params_t *params)
{
TFM_CORE_ASSERT(params != NULL);
- return tfm_spm_client_psa_connect(params->sid, params->version, ns_caller);
+ return tfm_spm_client_psa_connect(params->sid, params->version);
}
-psa_status_t tfm_rpc_psa_call(const struct client_call_params_t *params,
- bool ns_caller)
+psa_status_t tfm_rpc_psa_call(const struct client_call_params_t *params)
{
TFM_CORE_ASSERT(params != NULL);
- return tfm_spm_client_psa_call(params->handle, params->type,
- params->in_vec, params->in_len,
- params->out_vec, params->out_len, ns_caller,
- TFM_PARTITION_UNPRIVILEGED_MODE);
+ return tfm_spm_client_psa_call(params->handle,
+ PARAM_PACK(params->type,
+ params->in_len,
+ params->out_len),
+ params->in_vec, params->out_vec);
}
-void tfm_rpc_psa_close(const struct client_call_params_t *params,
- bool ns_caller)
+void tfm_rpc_psa_close(const struct client_call_params_t *params)
{
TFM_CORE_ASSERT(params != NULL);
- tfm_spm_client_psa_close(params->handle, ns_caller);
+ tfm_spm_client_psa_close(params->handle);
}
int32_t tfm_rpc_register_ops(const struct tfm_rpc_ops_t *ops_ptr)
diff --git a/secure_fw/spm/cmsis_psa/tfm_rpc.h b/secure_fw/spm/cmsis_psa/tfm_rpc.h
index c07ac82..8fb0fad 100644
--- a/secure_fw/spm/cmsis_psa/tfm_rpc.h
+++ b/secure_fw/spm/cmsis_psa/tfm_rpc.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -72,20 +72,17 @@
* \brief RPC handler for \ref psa_version.
*
* \param[in] params Base address of parameters
- * \param[in] ns_caller If 'true', indicate the non-secure caller
*
* \retval PSA_VERSION_NONE The RoT Service is not implemented, or the
* caller is not permitted to access the service.
* \retval > 0 The version of the implemented RoT Service.
*/
-uint32_t tfm_rpc_psa_version(const struct client_call_params_t *params,
- bool ns_caller);
+uint32_t tfm_rpc_psa_version(const struct client_call_params_t *params);
/**
* \brief RPC handler for \ref psa_connect.
*
* \param[in] params Base address of parameters
- * \param[in] ns_caller If 'true', indicate the non-secure caller
*
* \retval PSA_SUCCESS Success.
* \retval PSA_CONNECTION_BUSY The SPM cannot make the connection
@@ -94,14 +91,12 @@
* supported, or the caller is not permitted to
* access the service.
*/
-psa_status_t tfm_rpc_psa_connect(const struct client_call_params_t *params,
- bool ns_caller);
+psa_status_t tfm_rpc_psa_connect(const struct client_call_params_t *params);
/**
* \brief RPC handler for \ref psa_call.
*
* \param[in] params Base address of parameters
- * \param[in] ns_caller If 'true', indicate the non-secure caller
*
* \retval PSA_SUCCESS Success.
* \retval "Does not return" The call is invalid, one or more of the
@@ -113,14 +108,12 @@
* \arg The message is unrecognized or
* incorrectly formatted.
*/
-psa_status_t tfm_rpc_psa_call(const struct client_call_params_t *params,
- bool ns_caller);
+psa_status_t tfm_rpc_psa_call(const struct client_call_params_t *params);
/**
* \brief RPC handler for \ref psa_close.
*
* \param[in] params Base address of parameters
- * \param[in] ns_caller If 'true', indicate the non-secure caller
*
* \retval void Success.
* \retval "Does not return" The call is invalid, one or more of the
@@ -128,8 +121,7 @@
* \arg An invalid handle was provided that is not
* the null handle..
*/
-void tfm_rpc_psa_close(const struct client_call_params_t *params,
- bool ns_caller);
+void tfm_rpc_psa_close(const struct client_call_params_t *params);
/**
* \brief Register underlying mailbox communication operations.
diff --git a/secure_fw/spm/cmsis_psa/tfm_spe_mailbox.c b/secure_fw/spm/cmsis_psa/tfm_spe_mailbox.c
index fe30726..c4eb2e1 100644
--- a/secure_fw/spm/cmsis_psa/tfm_spe_mailbox.c
+++ b/secure_fw/spm/cmsis_psa/tfm_spe_mailbox.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -12,8 +12,7 @@
#include "utilities.h"
#include "tfm_spe_mailbox.h"
#include "tfm_rpc.h"
-
-#define NS_CALLER_FLAG (true)
+#include "tfm_multi_core.h"
static struct secure_mailbox_queue_t spe_mailbox_queue;
@@ -35,12 +34,12 @@
return MAILBOX_SUCCESS;
case MAILBOX_PSA_VERSION:
spm_params.sid = params->psa_version_params.sid;
- *psa_ret = tfm_rpc_psa_version(&spm_params, NS_CALLER_FLAG);
+ *psa_ret = tfm_rpc_psa_version(&spm_params);
return MAILBOX_SUCCESS;
case MAILBOX_PSA_CONNECT:
spm_params.sid = params->psa_connect_params.sid;
spm_params.version = params->psa_connect_params.version;
- *psa_ret = tfm_rpc_psa_connect(&spm_params, NS_CALLER_FLAG);
+ *psa_ret = tfm_rpc_psa_connect(&spm_params);
return MAILBOX_SUCCESS;
case MAILBOX_PSA_CALL:
spm_params.handle = params->psa_call_params.handle;
@@ -49,11 +48,11 @@
spm_params.in_len = params->psa_call_params.in_len;
spm_params.out_vec = params->psa_call_params.out_vec;
spm_params.out_len = params->psa_call_params.out_len;
- *psa_ret = tfm_rpc_psa_call(&spm_params, NS_CALLER_FLAG);
+ *psa_ret = tfm_rpc_psa_call(&spm_params);
return MAILBOX_SUCCESS;
case MAILBOX_PSA_CLOSE:
spm_params.handle = params->psa_close_params.handle;
- tfm_rpc_psa_close(&spm_params, NS_CALLER_FLAG);
+ tfm_rpc_psa_close(&spm_params);
return MAILBOX_SUCCESS;
default:
return MAILBOX_INVAL_PARAMS;
@@ -404,3 +403,8 @@
return MAILBOX_SUCCESS;
}
+
+int32_t tfm_inter_core_comm_init(void)
+{
+ return tfm_mailbox_init();
+}
diff --git a/secure_fw/spm/cmsis_psa/tfm_thread.h b/secure_fw/spm/cmsis_psa/tfm_thread.h
index 76a274f..f02b524 100644
--- a/secure_fw/spm/cmsis_psa/tfm_thread.h
+++ b/secure_fw/spm/cmsis_psa/tfm_thread.h
@@ -82,7 +82,7 @@
* Set thread priority. Priority is set to THRD_PRIOR_MEDIUM in
* tfm_core_thrd_init().
*/
-void __STATIC_INLINE tfm_core_thrd_set_priority(struct tfm_core_thread_t *pth,
+__STATIC_INLINE void tfm_core_thrd_set_priority(struct tfm_core_thread_t *pth,
uint32_t prior)
{
pth->prior &= ~THRD_PRIOR_MASK;
@@ -99,7 +99,7 @@
* Notes
* Reuse prior of thread context to shift down non-secure thread priority.
*/
-void __STATIC_INLINE tfm_core_thrd_set_secure(struct tfm_core_thread_t *pth,
+__STATIC_INLINE void tfm_core_thrd_set_secure(struct tfm_core_thread_t *pth,
uint32_t attr_secure)
{
pth->prior &= ~THRD_ATTR_NON_SECURE;
@@ -130,7 +130,7 @@
* Return :
* State of thread
*/
-uint32_t __STATIC_INLINE tfm_core_thrd_get_state(struct tfm_core_thread_t *pth)
+__STATIC_INLINE uint32_t tfm_core_thrd_get_state(struct tfm_core_thread_t *pth)
{
return pth->state;
}
@@ -146,7 +146,7 @@
* This API is useful for blocked syscall blocking thread. Syscall
* could set its return value to the caller before caller goes.
*/
-void __STATIC_INLINE tfm_core_thrd_set_retval(struct tfm_core_thread_t *pth,
+__STATIC_INLINE void tfm_core_thrd_set_retval(struct tfm_core_thread_t *pth,
uint32_t retval)
{
TFM_STATE_RET_VAL(&pth->arch_ctx) = retval;
diff --git a/secure_fw/spm/cmsis_psa/tfm_wait.h b/secure_fw/spm/cmsis_psa/tfm_wait.h
index 7d2055b..7e6f468 100644
--- a/secure_fw/spm/cmsis_psa/tfm_wait.h
+++ b/secure_fw/spm/cmsis_psa/tfm_wait.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -25,7 +25,7 @@
* Parameters:
* pevnt - The pointer of event object allocated by the caller
*/
-void __STATIC_INLINE tfm_event_init(struct tfm_event_t *pevnt)
+__STATIC_INLINE void tfm_event_init(struct tfm_event_t *pevnt)
{
pevnt->magic = TFM_EVENT_MAGIC;
pevnt->owner = NULL;
diff --git a/secure_fw/spm/ffm/psa_api.c b/secure_fw/spm/ffm/psa_api.c
new file mode 100644
index 0000000..6d5b746
--- /dev/null
+++ b/secure_fw/spm/ffm/psa_api.c
@@ -0,0 +1,931 @@
+/*
+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include <stdint.h>
+#include "bitops.h"
+#include "psa/lifecycle.h"
+#include "psa/service.h"
+#include "spm_ipc.h"
+#include "tfm_arch.h"
+#include "tfm_core_utils.h"
+#include "load/partition_defs.h"
+#include "load/service_defs.h"
+#include "load/irq_defs.h"
+#include "psa_api.h"
+#include "utilities.h"
+#include "tfm_wait.h"
+#include "tfm_nspm.h"
+#include "ffm/spm_error_base.h"
+#include "tfm_rpc.h"
+#include "tfm_spm_hal.h"
+#include "tfm_hal_platform.h"
+#include "tfm_psa_call_param.h"
+
+#define GET_STATELESS_SERVICE(index) (stateless_services_ref_tbl[index])
+extern struct service_t *stateless_services_ref_tbl[];
+
+
+uint32_t tfm_spm_get_lifecycle_state(void)
+{
+ /*
+ * FixMe: return PSA_LIFECYCLE_UNKNOWN to the caller directly. It will be
+ * implemented in the future.
+ */
+ return PSA_LIFECYCLE_UNKNOWN;
+}
+
+/* PSA Client API function body */
+
+uint32_t tfm_spm_client_psa_framework_version(void)
+{
+ return PSA_FRAMEWORK_VERSION;
+}
+
+uint32_t tfm_spm_client_psa_version(uint32_t sid)
+{
+ struct service_t *service;
+ bool ns_caller = tfm_spm_is_ns_caller();
+
+ /*
+ * It should return PSA_VERSION_NONE if the RoT Service is not
+ * implemented.
+ */
+ service = tfm_spm_get_service_by_sid(sid);
+ if (!service) {
+ return PSA_VERSION_NONE;
+ }
+
+ /*
+ * It should return PSA_VERSION_NONE if the caller is not authorized
+ * to access the RoT Service.
+ */
+ if (tfm_spm_check_authorization(sid, service, ns_caller) != SPM_SUCCESS) {
+ return PSA_VERSION_NONE;
+ }
+
+ return service->p_ldinf->version;
+}
+
+psa_status_t tfm_spm_client_psa_connect(uint32_t sid, uint32_t version)
+{
+ struct service_t *service;
+ struct tfm_msg_body_t *msg;
+ struct tfm_conn_handle_t *connect_handle;
+ int32_t client_id;
+ psa_handle_t handle;
+ bool ns_caller = tfm_spm_is_ns_caller();
+
+ /*
+ * It is a PROGRAMMER ERROR if the RoT Service does not exist on the
+ * platform.
+ */
+ service = tfm_spm_get_service_by_sid(sid);
+ if (!service) {
+ TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_CONNECTION_REFUSED);
+ }
+
+ /* It is a PROGRAMMER ERROR if connecting to a stateless service. */
+ if (SERVICE_IS_STATELESS(service->p_ldinf->flags)) {
+ TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_PROGRAMMER_ERROR);
+ }
+
+ /*
+ * It is a PROGRAMMER ERROR if the caller is not authorized to access the
+ * RoT Service.
+ */
+ if (tfm_spm_check_authorization(sid, service, ns_caller) != SPM_SUCCESS) {
+ TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_CONNECTION_REFUSED);
+ }
+
+ /*
+ * It is a PROGRAMMER ERROR if the version of the RoT Service requested is
+ * not supported on the platform.
+ */
+ if (tfm_spm_check_client_version(service, version) != SPM_SUCCESS) {
+ TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_CONNECTION_REFUSED);
+ }
+
+ if (ns_caller) {
+ client_id = tfm_nspm_get_current_client_id();
+ } else {
+ client_id = tfm_spm_partition_get_running_partition_id();
+ }
+
+ /*
+ * Create connection handle here since it is possible to return the error
+ * code to client when creation fails.
+ */
+ connect_handle = tfm_spm_create_conn_handle(service, client_id);
+ if (!connect_handle) {
+ return PSA_ERROR_CONNECTION_BUSY;
+ }
+
+ msg = tfm_spm_get_msg_buffer_from_conn_handle(connect_handle);
+ if (!msg) {
+ /* Have no enough resource to create message */
+ return PSA_ERROR_CONNECTION_BUSY;
+ }
+
+ handle = tfm_spm_to_user_handle(connect_handle);
+ /* No input or output needed for connect message */
+ tfm_spm_fill_msg(msg, service, handle, PSA_IPC_CONNECT,
+ client_id, NULL, 0, NULL, 0, NULL);
+
+ /*
+ * Send message and wake up the SP who is waiting on message queue,
+ * and scheduler triggered
+ */
+ tfm_spm_send_event(service, msg);
+
+ return PSA_SUCCESS;
+}
+
+psa_status_t tfm_spm_client_psa_call(psa_handle_t handle,
+ uint32_t ctrl_param,
+ const psa_invec *inptr,
+ psa_outvec *outptr)
+{
+ psa_invec invecs[PSA_MAX_IOVEC];
+ psa_outvec outvecs[PSA_MAX_IOVEC];
+ struct tfm_conn_handle_t *conn_handle;
+ struct service_t *service;
+ struct tfm_msg_body_t *msg;
+ int i, j;
+ int32_t client_id;
+ uint32_t sid, version, index;
+ uint32_t privileged;
+ bool ns_caller = tfm_spm_is_ns_caller();
+ int32_t type = (int32_t)(int16_t)((ctrl_param & TYPE_MASK) >> TYPE_OFFSET);
+ size_t in_num = (size_t)((ctrl_param & IN_LEN_MASK) >> IN_LEN_OFFSET);
+ size_t out_num = (size_t)((ctrl_param & OUT_LEN_MASK) >> OUT_LEN_OFFSET);
+
+ /* The request type must be zero or positive. */
+ if (type < 0) {
+ TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_PROGRAMMER_ERROR);
+ }
+
+ /* It is a PROGRAMMER ERROR if in_len + out_len > PSA_MAX_IOVEC. */
+ if ((in_num > PSA_MAX_IOVEC) ||
+ (out_num > PSA_MAX_IOVEC) ||
+ (in_num + out_num > PSA_MAX_IOVEC)) {
+ TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_PROGRAMMER_ERROR);
+ }
+
+ if (ns_caller) {
+ client_id = tfm_nspm_get_current_client_id();
+ } else {
+ client_id = tfm_spm_partition_get_running_partition_id();
+ }
+
+ /* Allocate space from handle pool for static handle. */
+ if (IS_STATIC_HANDLE(handle)) {
+ index = GET_INDEX_FROM_STATIC_HANDLE(handle);
+
+ if (!IS_VALID_STATIC_HANDLE_IDX(index)) {
+ TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_PROGRAMMER_ERROR);
+ }
+
+ service = GET_STATELESS_SERVICE(index);
+ if (!service) {
+ tfm_core_panic();
+ }
+
+ sid = service->p_ldinf->sid;
+
+ /*
+ * It is a PROGRAMMER ERROR if the caller is not authorized to access
+ * the RoT Service.
+ */
+ if (tfm_spm_check_authorization(sid, service, ns_caller)
+ != SPM_SUCCESS) {
+ TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_CONNECTION_REFUSED);
+ }
+
+ version = GET_VERSION_FROM_STATIC_HANDLE(handle);
+
+ if (tfm_spm_check_client_version(service, version) != SPM_SUCCESS) {
+ TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_PROGRAMMER_ERROR);
+ }
+
+ conn_handle = tfm_spm_create_conn_handle(service, client_id);
+
+ if (!conn_handle) {
+ TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_CONNECTION_BUSY);
+ }
+
+ conn_handle->rhandle = NULL;
+ handle = tfm_spm_to_user_handle(conn_handle);
+ } else {
+ conn_handle = tfm_spm_to_handle_instance(handle);
+
+ /* It is a PROGRAMMER ERROR if an invalid handle was passed. */
+ if (tfm_spm_validate_conn_handle(conn_handle, client_id)
+ != SPM_SUCCESS) {
+ TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_PROGRAMMER_ERROR);
+ }
+
+ /*
+ * It is a PROGRAMMER ERROR if the connection is currently
+ * handling a request.
+ */
+ if (conn_handle->status == TFM_HANDLE_STATUS_ACTIVE) {
+ TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_PROGRAMMER_ERROR);
+ }
+
+ /*
+ * Return PSA_ERROR_PROGRAMMER_ERROR immediately for the connection
+ * has been terminated by the RoT Service.
+ */
+ if (conn_handle->status == TFM_HANDLE_STATUS_CONNECT_ERROR) {
+ return PSA_ERROR_PROGRAMMER_ERROR;
+ }
+
+ service = conn_handle->service;
+ }
+
+ if (!service) {
+ /* FixMe: Need to implement one mechanism to resolve this failure. */
+ tfm_core_panic();
+ }
+
+ privileged = tfm_spm_get_caller_privilege_mode();
+
+ /*
+ * Read client invecs from the wrap input vector. It is a PROGRAMMER ERROR
+ * if the memory reference for the wrap input vector is invalid or not
+ * readable.
+ */
+ if (tfm_memory_check(inptr, in_num * sizeof(psa_invec), ns_caller,
+ TFM_MEMORY_ACCESS_RO, privileged) != SPM_SUCCESS) {
+ TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_PROGRAMMER_ERROR);
+ }
+
+ /*
+ * Read client outvecs from the wrap output vector and will update the
+ * actual length later. It is a PROGRAMMER ERROR if the memory reference for
+ * the wrap output vector is invalid or not read-write.
+ */
+ if (tfm_memory_check(outptr, out_num * sizeof(psa_outvec), ns_caller,
+ TFM_MEMORY_ACCESS_RW, privileged) != SPM_SUCCESS) {
+ TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_PROGRAMMER_ERROR);
+ }
+
+ spm_memset(invecs, 0, sizeof(invecs));
+ spm_memset(outvecs, 0, sizeof(outvecs));
+
+ /* Copy the address out to avoid TOCTOU attacks. */
+ spm_memcpy(invecs, inptr, in_num * sizeof(psa_invec));
+ spm_memcpy(outvecs, outptr, out_num * sizeof(psa_outvec));
+
+ /*
+ * For client input vector, it is a PROGRAMMER ERROR if the provided payload
+ * memory reference was invalid or not readable.
+ */
+ for (i = 0; i < in_num; i++) {
+ if (tfm_memory_check(invecs[i].base, invecs[i].len, ns_caller,
+ TFM_MEMORY_ACCESS_RO, privileged) != SPM_SUCCESS) {
+ TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_PROGRAMMER_ERROR);
+ }
+ }
+
+ /*
+ * Clients must never overlap input parameters because of the risk of a
+ * double-fetch inconsistency.
+ * Overflow is checked in tfm_memory_check functions.
+ */
+ for (i = 0; i + 1 < in_num; i++) {
+ for (j = i+1; j < in_num; j++) {
+ if (!((char *) invecs[j].base + invecs[j].len <=
+ (char *) invecs[i].base ||
+ (char *) invecs[j].base >=
+ (char *) invecs[i].base + invecs[i].len)) {
+ TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_PROGRAMMER_ERROR);
+ }
+ }
+ }
+
+ /*
+ * For client output vector, it is a PROGRAMMER ERROR if the provided
+ * payload memory reference was invalid or not read-write.
+ */
+ for (i = 0; i < out_num; i++) {
+ if (tfm_memory_check(outvecs[i].base, outvecs[i].len,
+ ns_caller, TFM_MEMORY_ACCESS_RW, privileged) != SPM_SUCCESS) {
+ TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_PROGRAMMER_ERROR);
+ }
+ }
+
+ /*
+ * FixMe: Need to check if the message is unrecognized by the RoT
+ * Service or incorrectly formatted.
+ */
+ msg = tfm_spm_get_msg_buffer_from_conn_handle(conn_handle);
+ if (!msg) {
+ /* FixMe: Need to implement one mechanism to resolve this failure. */
+ TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_PROGRAMMER_ERROR);
+ }
+
+ tfm_spm_fill_msg(msg, service, handle, type, client_id,
+ invecs, in_num, outvecs, out_num, outptr);
+
+ /*
+ * Send message and wake up the SP who is waiting on message queue,
+ * and scheduler triggered
+ */
+ tfm_spm_send_event(service, msg);
+
+ return PSA_SUCCESS;
+}
+
+void tfm_spm_client_psa_close(psa_handle_t handle)
+{
+ struct service_t *service;
+ struct tfm_msg_body_t *msg;
+ struct tfm_conn_handle_t *conn_handle;
+ int32_t client_id;
+ bool ns_caller = tfm_spm_is_ns_caller();
+
+ /* It will have no effect if called with the NULL handle */
+ if (handle == PSA_NULL_HANDLE) {
+ return;
+ }
+
+ /* It is a PROGRAMMER ERROR if called with a stateless handle. */
+ if (IS_STATIC_HANDLE(handle)) {
+ TFM_PROGRAMMER_ERROR(ns_caller, PROGRAMMER_ERROR_NULL);
+ }
+
+ if (ns_caller) {
+ client_id = tfm_nspm_get_current_client_id();
+ } else {
+ client_id = tfm_spm_partition_get_running_partition_id();
+ }
+
+ conn_handle = tfm_spm_to_handle_instance(handle);
+ /*
+ * It is a PROGRAMMER ERROR if an invalid handle was provided that is not
+ * the null handle.
+ */
+ if (tfm_spm_validate_conn_handle(conn_handle, client_id) != SPM_SUCCESS) {
+ TFM_PROGRAMMER_ERROR(ns_caller, PROGRAMMER_ERROR_NULL);
+ }
+
+ service = conn_handle->service;
+ if (!service) {
+ /* FixMe: Need to implement one mechanism to resolve this failure. */
+ tfm_core_panic();
+ }
+
+ msg = tfm_spm_get_msg_buffer_from_conn_handle(conn_handle);
+ if (!msg) {
+ /* FixMe: Need to implement one mechanism to resolve this failure. */
+ tfm_core_panic();
+ }
+
+ /*
+ * It is a PROGRAMMER ERROR if the connection is currently handling a
+ * request.
+ */
+ if (conn_handle->status == TFM_HANDLE_STATUS_ACTIVE) {
+ TFM_PROGRAMMER_ERROR(ns_caller, PROGRAMMER_ERROR_NULL);
+ }
+
+ /* No input or output needed for close message */
+ tfm_spm_fill_msg(msg, service, handle, PSA_IPC_DISCONNECT, client_id,
+ NULL, 0, NULL, 0, NULL);
+
+ /*
+ * Send message and wake up the SP who is waiting on message queue,
+ * and scheduler triggered
+ */
+ tfm_spm_send_event(service, msg);
+}
+
+/* PSA Partition API function body */
+
+psa_signal_t tfm_spm_partition_psa_wait(psa_signal_t signal_mask,
+ uint32_t timeout)
+{
+ struct partition_t *partition = NULL;
+
+ /*
+ * Timeout[30:0] are reserved for future use.
+ * SPM must ignore the value of RES.
+ */
+ timeout &= PSA_TIMEOUT_MASK;
+
+ partition = tfm_spm_get_running_partition();
+ if (!partition) {
+ tfm_core_panic();
+ }
+
+ /*
+ * It is a PROGRAMMER ERROR if the signal_mask does not include any assigned
+ * signals.
+ */
+ if ((partition->signals_allowed & signal_mask) == 0) {
+ tfm_core_panic();
+ }
+
+ /*
+ * tfm_event_wait() blocks the caller thread if no signals are available.
+ * In this case, the return value of this function is temporary set into
+ * runtime context. After new signal(s) are available, the return value
+ * is updated with the available signal(s) and blocked thread gets to run.
+ */
+ if (timeout == PSA_BLOCK &&
+ (partition->signals_asserted & signal_mask) == 0) {
+ partition->signals_waiting = signal_mask;
+ tfm_event_wait(&partition->event);
+ } else if ((partition->signals_asserted & signal_mask) == 0) {
+ /* Activate scheduler to check if any higher priority thread to run */
+ tfm_core_thrd_activate_schedule();
+ }
+
+ return partition->signals_asserted & signal_mask;
+}
+
+psa_status_t tfm_spm_partition_psa_get(psa_signal_t signal, psa_msg_t *msg)
+{
+ struct tfm_msg_body_t *tmp_msg = NULL;
+ struct partition_t *partition = NULL;
+ uint32_t privileged;
+
+ /*
+ * Only one message could be retrieved every time for psa_get(). It is a
+ * fatal error if the input signal has more than a signal bit set.
+ */
+ if (!IS_ONLY_ONE_BIT_IN_UINT32(signal)) {
+ tfm_core_panic();
+ }
+
+ partition = tfm_spm_get_running_partition();
+ if (!partition) {
+ tfm_core_panic();
+ }
+ privileged = tfm_spm_partition_get_privileged_mode(
+ partition->p_ldinf->flags);
+
+ /*
+ * Write the message to the service buffer. It is a fatal error if the
+ * input msg pointer is not a valid memory reference or not read-write.
+ */
+ if (tfm_memory_check(msg, sizeof(psa_msg_t), false, TFM_MEMORY_ACCESS_RW,
+ privileged) != SPM_SUCCESS) {
+ tfm_core_panic();
+ }
+
+ /*
+ * It is a fatal error if the caller call psa_get() when no message has
+ * been set. The caller must call this function after an RoT Service signal
+ * is returned by psa_wait().
+ */
+ if (partition->signals_asserted == 0) {
+ tfm_core_panic();
+ }
+
+ /*
+ * It is a fatal error if the RoT Service signal is not currently asserted.
+ */
+ if ((partition->signals_asserted & signal) == 0) {
+ tfm_core_panic();
+ }
+
+ /*
+ * Get message by signal from partition. It is a fatal error if getting
+ * failed, which means the input signal is not correspond to an RoT service.
+ */
+ tmp_msg = tfm_spm_get_msg_by_signal(partition, signal);
+ if (!tmp_msg) {
+ return PSA_ERROR_DOES_NOT_EXIST;
+ }
+
+ (TO_CONTAINER(tmp_msg,
+ struct tfm_conn_handle_t,
+ internal_msg))->status = TFM_HANDLE_STATUS_ACTIVE;
+
+ spm_memcpy(msg, &tmp_msg->msg, sizeof(psa_msg_t));
+
+ return PSA_SUCCESS;
+}
+
+void tfm_spm_partition_psa_set_rhandle(psa_handle_t msg_handle, void *rhandle)
+{
+ struct tfm_msg_body_t *msg = NULL;
+ struct tfm_conn_handle_t *conn_handle;
+
+ /* It is a fatal error if message handle is invalid */
+ msg = tfm_spm_get_msg_from_handle(msg_handle);
+ if (!msg) {
+ tfm_core_panic();
+ }
+
+ /* It is a PROGRAMMER ERROR if a stateless service sets rhandle. */
+ if (SERVICE_IS_STATELESS(msg->service->p_ldinf->flags)) {
+ tfm_core_panic();
+ }
+
+ msg->msg.rhandle = rhandle;
+ conn_handle = tfm_spm_to_handle_instance(msg_handle);
+
+ /* Store reverse handle for following client calls. */
+ tfm_spm_set_rhandle(msg->service, conn_handle, rhandle);
+}
+
+size_t tfm_spm_partition_psa_read(psa_handle_t msg_handle, uint32_t invec_idx,
+ void *buffer, size_t num_bytes)
+{
+ size_t bytes;
+ struct tfm_msg_body_t *msg = NULL;
+ uint32_t privileged;
+ struct partition_t *partition = NULL;
+
+ /* It is a fatal error if message handle is invalid */
+ msg = tfm_spm_get_msg_from_handle(msg_handle);
+ if (!msg) {
+ tfm_core_panic();
+ }
+
+ partition = msg->service->partition;
+ privileged = tfm_spm_partition_get_privileged_mode(
+ partition->p_ldinf->flags);
+
+ /*
+ * It is a fatal error if message handle does not refer to a request
+ * message
+ */
+ if (msg->msg.type < PSA_IPC_CALL) {
+ tfm_core_panic();
+ }
+
+ /*
+ * It is a fatal error if invec_idx is equal to or greater than
+ * PSA_MAX_IOVEC
+ */
+ if (invec_idx >= PSA_MAX_IOVEC) {
+ tfm_core_panic();
+ }
+
+ /* There was no remaining data in this input vector */
+ if (msg->msg.in_size[invec_idx] == 0) {
+ return 0;
+ }
+
+ /*
+ * Copy the client data to the service buffer. It is a fatal error
+ * if the memory reference for buffer is invalid or not read-write.
+ */
+ if (tfm_memory_check(buffer, num_bytes, false,
+ TFM_MEMORY_ACCESS_RW, privileged) != SPM_SUCCESS) {
+ tfm_core_panic();
+ }
+
+ bytes = num_bytes > msg->msg.in_size[invec_idx] ?
+ msg->msg.in_size[invec_idx] : num_bytes;
+
+ spm_memcpy(buffer, msg->invec[invec_idx].base, bytes);
+
+ /* There maybe some remaining data */
+ msg->invec[invec_idx].base = (char *)msg->invec[invec_idx].base + bytes;
+ msg->msg.in_size[invec_idx] -= bytes;
+
+ return bytes;
+}
+
+size_t tfm_spm_partition_psa_skip(psa_handle_t msg_handle, uint32_t invec_idx,
+ size_t num_bytes)
+{
+ struct tfm_msg_body_t *msg = NULL;
+
+ /* It is a fatal error if message handle is invalid */
+ msg = tfm_spm_get_msg_from_handle(msg_handle);
+ if (!msg) {
+ tfm_core_panic();
+ }
+
+ /*
+ * It is a fatal error if message handle does not refer to a request
+ * message
+ */
+ if (msg->msg.type < PSA_IPC_CALL) {
+ tfm_core_panic();
+ }
+
+ /*
+ * It is a fatal error if invec_idx is equal to or greater than
+ * PSA_MAX_IOVEC
+ */
+ if (invec_idx >= PSA_MAX_IOVEC) {
+ tfm_core_panic();
+ }
+
+ /* There was no remaining data in this input vector */
+ if (msg->msg.in_size[invec_idx] == 0) {
+ return 0;
+ }
+
+ /*
+ * If num_bytes is greater than the remaining size of the input vector then
+ * the remaining size of the input vector is used.
+ */
+ if (num_bytes > msg->msg.in_size[invec_idx]) {
+ num_bytes = msg->msg.in_size[invec_idx];
+ }
+
+ /* There maybe some remaining data */
+ msg->invec[invec_idx].base = (char *)msg->invec[invec_idx].base +
+ num_bytes;
+ msg->msg.in_size[invec_idx] -= num_bytes;
+
+ return num_bytes;
+}
+
+void tfm_spm_partition_psa_write(psa_handle_t msg_handle, uint32_t outvec_idx,
+ const void *buffer, size_t num_bytes)
+{
+ struct tfm_msg_body_t *msg = NULL;
+ uint32_t privileged;
+ struct partition_t *partition = NULL;
+
+ /* It is a fatal error if message handle is invalid */
+ msg = tfm_spm_get_msg_from_handle(msg_handle);
+ if (!msg) {
+ tfm_core_panic();
+ }
+
+ partition = msg->service->partition;
+ privileged = tfm_spm_partition_get_privileged_mode(
+ partition->p_ldinf->flags);
+
+ /*
+ * It is a fatal error if message handle does not refer to a request
+ * message
+ */
+ if (msg->msg.type < PSA_IPC_CALL) {
+ tfm_core_panic();
+ }
+
+ /*
+ * It is a fatal error if outvec_idx is equal to or greater than
+ * PSA_MAX_IOVEC
+ */
+ if (outvec_idx >= PSA_MAX_IOVEC) {
+ tfm_core_panic();
+ }
+
+ /*
+ * It is a fatal error if the call attempts to write data past the end of
+ * the client output vector
+ */
+ if (num_bytes > msg->msg.out_size[outvec_idx] -
+ msg->outvec[outvec_idx].len) {
+ tfm_core_panic();
+ }
+
+ /*
+ * Copy the service buffer to client outvecs. It is a fatal error
+ * if the memory reference for buffer is invalid or not readable.
+ */
+ if (tfm_memory_check(buffer, num_bytes, false,
+ TFM_MEMORY_ACCESS_RO, privileged) != SPM_SUCCESS) {
+ tfm_core_panic();
+ }
+
+ spm_memcpy((char *)msg->outvec[outvec_idx].base +
+ msg->outvec[outvec_idx].len, buffer, num_bytes);
+
+ /* Update the write number */
+ msg->outvec[outvec_idx].len += num_bytes;
+}
+
+void tfm_spm_partition_psa_reply(psa_handle_t msg_handle, psa_status_t status)
+{
+ struct service_t *service = NULL;
+ struct tfm_msg_body_t *msg = NULL;
+ int32_t ret = PSA_SUCCESS;
+ struct tfm_conn_handle_t *conn_handle;
+
+ /* It is a fatal error if message handle is invalid */
+ msg = tfm_spm_get_msg_from_handle(msg_handle);
+ if (!msg) {
+ tfm_core_panic();
+ }
+
+ /*
+ * RoT Service information is needed in this function, stored it in message
+ * body structure. Only two parameters are passed in this function: handle
+ * and status, so it is useful and simply to do like this.
+ */
+ service = msg->service;
+ if (!service) {
+ tfm_core_panic();
+ }
+
+ /*
+ * Three type of message are passed in this function: CONNECTION, REQUEST,
+ * DISCONNECTION. It needs to process differently for each type.
+ */
+ conn_handle = tfm_spm_to_handle_instance(msg_handle);
+ switch (msg->msg.type) {
+ case PSA_IPC_CONNECT:
+ /*
+ * Reply to PSA_IPC_CONNECT message. Connect handle is returned if the
+ * input status is PSA_SUCCESS. Others return values are based on the
+ * input status.
+ */
+ if (status == PSA_SUCCESS) {
+ ret = msg_handle;
+ } else if (status == PSA_ERROR_CONNECTION_REFUSED) {
+ /* Refuse the client connection, indicating a permanent error. */
+ tfm_spm_free_conn_handle(service, conn_handle);
+ ret = PSA_ERROR_CONNECTION_REFUSED;
+ } else if (status == PSA_ERROR_CONNECTION_BUSY) {
+ /* Fail the client connection, indicating a transient error. */
+ ret = PSA_ERROR_CONNECTION_BUSY;
+ } else {
+ tfm_core_panic();
+ }
+ break;
+ case PSA_IPC_DISCONNECT:
+ /* Service handle is not used anymore */
+ tfm_spm_free_conn_handle(service, conn_handle);
+
+ /*
+ * If the message type is PSA_IPC_DISCONNECT, then the status code is
+ * ignored
+ */
+ break;
+ default:
+ if (msg->msg.type >= PSA_IPC_CALL) {
+ /* Reply to a request message. Return values are based on status */
+ ret = status;
+ /*
+ * The total number of bytes written to a single parameter must be
+ * reported to the client by updating the len member of the
+ * psa_outvec structure for the parameter before returning from
+ * psa_call().
+ */
+ update_caller_outvec_len(msg);
+ if (SERVICE_IS_STATELESS(service->p_ldinf->flags)) {
+ tfm_spm_free_conn_handle(service, conn_handle);
+ }
+ } else {
+ tfm_core_panic();
+ }
+ }
+
+ if (ret == PSA_ERROR_PROGRAMMER_ERROR) {
+ /*
+ * If the source of the programmer error is a Secure Partition, the SPM
+ * must panic the Secure Partition in response to a PROGRAMMER ERROR.
+ */
+ if (TFM_CLIENT_ID_IS_NS(msg->msg.client_id)) {
+ conn_handle->status = TFM_HANDLE_STATUS_CONNECT_ERROR;
+ } else {
+ tfm_core_panic();
+ }
+ } else {
+ conn_handle->status = TFM_HANDLE_STATUS_IDLE;
+ }
+
+ if (is_tfm_rpc_msg(msg)) {
+ tfm_rpc_client_call_reply(msg, ret);
+ } else {
+ tfm_event_wake(&msg->ack_evnt, ret);
+ }
+}
+
+void tfm_spm_partition_psa_notify(int32_t partition_id)
+{
+ notify_with_signal(partition_id, PSA_DOORBELL);
+}
+
+void tfm_spm_partition_psa_clear(void)
+{
+ struct partition_t *partition = NULL;
+
+ partition = tfm_spm_get_running_partition();
+ if (!partition) {
+ tfm_core_panic();
+ }
+
+ /*
+ * It is a fatal error if the Secure Partition's doorbell signal is not
+ * currently asserted.
+ */
+ if ((partition->signals_asserted & PSA_DOORBELL) == 0) {
+ tfm_core_panic();
+ }
+ partition->signals_asserted &= ~PSA_DOORBELL;
+}
+
+void tfm_spm_partition_psa_eoi(psa_signal_t irq_signal)
+{
+ struct irq_load_info_t *irq_info = NULL;
+ struct partition_t *partition = NULL;
+
+ partition = tfm_spm_get_running_partition();
+ if (!partition) {
+ tfm_core_panic();
+ }
+
+ irq_info = get_irq_info_for_signal(partition->p_ldinf, irq_signal);
+ /* It is a fatal error if passed signal is not an interrupt signal. */
+ if (!irq_info) {
+ tfm_core_panic();
+ }
+
+ if (irq_info->flih_func) {
+ /* This API is for SLIH IRQs only */
+ psa_panic();
+ }
+
+ /* It is a fatal error if passed signal is not currently asserted */
+ if ((partition->signals_asserted & irq_signal) == 0) {
+ tfm_core_panic();
+ }
+
+ partition->signals_asserted &= ~irq_signal;
+
+ tfm_spm_hal_clear_pending_irq((IRQn_Type)(irq_info->source));
+ tfm_spm_hal_enable_irq((IRQn_Type)(irq_info->source));
+}
+
+void tfm_spm_partition_psa_panic(void)
+{
+ /*
+ * PSA FF recommends that the SPM causes the system to restart when a secure
+ * partition panics.
+ */
+ tfm_hal_system_reset();
+}
+
+void tfm_spm_partition_irq_enable(psa_signal_t irq_signal)
+{
+ struct partition_t *partition;
+ struct irq_load_info_t *irq_info;
+
+ partition = tfm_spm_get_running_partition();
+ if (!partition) {
+ tfm_core_panic();
+ }
+
+ irq_info = get_irq_info_for_signal(partition->p_ldinf, irq_signal);
+ if (!irq_info) {
+ tfm_core_panic();
+ }
+
+ tfm_spm_hal_enable_irq((IRQn_Type)(irq_info->source));
+}
+
+psa_irq_status_t tfm_spm_partition_irq_disable(psa_signal_t irq_signal)
+{
+ struct partition_t *partition;
+ struct irq_load_info_t *irq_info;
+
+ partition = tfm_spm_get_running_partition();
+ if (!partition) {
+ tfm_core_panic();
+ }
+
+ irq_info = get_irq_info_for_signal(partition->p_ldinf, irq_signal);
+ if (!irq_info) {
+ tfm_core_panic();
+ }
+
+ tfm_spm_hal_disable_irq((IRQn_Type)(irq_info->source));
+
+ return 1;
+}
+
+void tfm_spm_partition_psa_reset_signal(psa_signal_t irq_signal)
+{
+ struct irq_load_info_t *irq_info;
+ struct partition_t *partition;
+
+ partition = tfm_spm_get_running_partition();
+ if (!partition) {
+ tfm_core_panic();
+ }
+
+ irq_info = get_irq_info_for_signal(partition->p_ldinf, irq_signal);
+ if (!irq_info) {
+ tfm_core_panic();
+ }
+
+ if (!irq_info->flih_func) {
+ /* This API is for FLIH IRQs only */
+ tfm_core_panic();
+ }
+
+ if ((partition->signals_asserted & irq_signal) == 0) {
+ /* The signal is not asserted */
+ tfm_core_panic();
+ }
+
+ partition->signals_asserted &= ~irq_signal;
+}
diff --git a/secure_fw/spm/ffm/psa_api.h b/secure_fw/spm/ffm/psa_api.h
new file mode 100644
index 0000000..9ed6d0f
--- /dev/null
+++ b/secure_fw/spm/ffm/psa_api.h
@@ -0,0 +1,352 @@
+/*
+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __PSA_API_H__
+#define __PSA_API_H__
+
+#include <stdint.h>
+#include <stdbool.h>
+#include "psa/client.h"
+#include "psa/service.h"
+
+#define PROGRAMMER_ERROR_NULL
+#define TFM_PROGRAMMER_ERROR(ns_caller, error_status) \
+ do { \
+ if (ns_caller) { \
+ return error_status; \
+ } else { \
+ tfm_core_panic(); \
+ } \
+ } while (0)
+
+/**
+ * \brief This function get the current PSA RoT lifecycle state.
+ *
+ * \return state The current security lifecycle state of the PSA
+ * RoT. The PSA state and implementation state are
+ * encoded as follows:
+ * \arg state[15:8] – PSA lifecycle state
+ * \arg state[7:0] – IMPLEMENTATION DEFINED state
+ */
+uint32_t tfm_spm_get_lifecycle_state(void);
+
+/* PSA Client API function body, for privileged use only. */
+
+/**
+ * \brief handler for \ref psa_framework_version.
+ *
+ * \return version The version of the PSA Framework implementation
+ * that is providing the runtime services.
+ */
+uint32_t tfm_spm_client_psa_framework_version(void);
+
+/**
+ * \brief handler for \ref psa_version.
+ *
+ * \param[in] sid RoT Service identity.
+ *
+ * \retval PSA_VERSION_NONE The RoT Service is not implemented, or the
+ * caller is not permitted to access the service.
+ * \retval > 0 The version of the implemented RoT Service.
+ */
+uint32_t tfm_spm_client_psa_version(uint32_t sid);
+
+/**
+ * \brief handler for \ref psa_connect.
+ *
+ * \param[in] sid RoT Service identity.
+ * \param[in] version The version of the RoT Service.
+ *
+ * \retval PSA_SUCCESS Success.
+ * \retval PSA_ERROR_CONNECTION_REFUSED The SPM or RoT Service has refused the
+ * connection.
+ * \retval PSA_ERROR_CONNECTION_BUSY The SPM or RoT Service cannot make the
+ * connection at the moment.
+ * \retval "Does not return" The RoT Service ID and version are not
+ * supported, or the caller is not permitted to
+ * access the service.
+ */
+psa_status_t tfm_spm_client_psa_connect(uint32_t sid, uint32_t version);
+
+/**
+ * \brief handler for \ref psa_call.
+ *
+ * \param[in] handle Service handle to the established connection,
+ * \ref psa_handle_t
+ * \param[in] ctrl_param Parameters combined in uint32_t,
+ * includes request type, in_num and out_num.
+ * \param[in] inptr Array of input psa_invec structures.
+ * \ref psa_invec
+ * \param[in] outptr Array of output psa_outvec structures.
+ * \ref psa_outvec
+ *
+ * \retval PSA_SUCCESS Success.
+ * \retval "Does not return" The call is invalid, one or more of the
+ * following are true:
+ * \arg An invalid handle was passed.
+ * \arg The connection is already handling a request.
+ * \arg An invalid memory reference was provided.
+ * \arg in_num + out_num > PSA_MAX_IOVEC.
+ * \arg The message is unrecognized by the RoT
+ * Service or incorrectly formatted.
+ */
+psa_status_t tfm_spm_client_psa_call(psa_handle_t handle,
+ uint32_t ctrl_param,
+ const psa_invec *inptr,
+ psa_outvec *outptr);
+
+/**
+ * \brief handler for \ref psa_close.
+ *
+ * \param[in] handle Service handle to the connection to be closed,
+ * \ref psa_handle_t
+ *
+ * \retval void Success.
+ * \retval "Does not return" The call is invalid, one or more of the
+ * following are true:
+ * \arg An invalid handle was provided that is not
+ * the null handle.
+ * \arg The connection is handling a request.
+ */
+void tfm_spm_client_psa_close(psa_handle_t handle);
+
+/* PSA Partition API function body, for privileged use only. */
+
+/**
+ * \brief Function body of \ref psa_wait.
+ *
+ * \param[in] signal_mask A set of signals to query. Signals that are not
+ * in this set will be ignored.
+ * \param[in] timeout Specify either blocking \ref PSA_BLOCK or
+ * polling \ref PSA_POLL operation.
+ *
+ * \retval >0 At least one signal is asserted.
+ * \retval 0 No signals are asserted. This is only seen when
+ * a polling timeout is used.
+ */
+psa_signal_t tfm_spm_partition_psa_wait(psa_signal_t signal_mask,
+ uint32_t timeout);
+
+/**
+ * \brief Function body of \ref psa_get.
+ *
+ * \param[in] signal The signal value for an asserted RoT Service.
+ * \param[out] msg Pointer to \ref psa_msg_t object for receiving
+ * the message.
+ *
+ * \retval PSA_SUCCESS Success, *msg will contain the delivered
+ * message.
+ * \retval PSA_ERROR_DOES_NOT_EXIST Message could not be delivered.
+ * \retval "PROGRAMMER ERROR" The call is invalid because one or more of the
+ * following are true:
+ * \arg signal has more than a single bit set.
+ * \arg signal does not correspond to an RoT Service.
+ * \arg The RoT Service signal is not currently
+ * asserted.
+ * \arg The msg pointer provided is not a valid memory
+ * reference.
+ */
+psa_status_t tfm_spm_partition_psa_get(psa_signal_t signal, psa_msg_t *msg);
+
+/**
+ * \brief Function body of \ref psa_set_rhandle.
+ *
+ * \param[in] msg_handle Handle for the client's message.
+ * \param[in] rhandle Reverse handle allocated by the RoT Service.
+ *
+ * \retval void Success, rhandle will be provided with all
+ * subsequent messages delivered on this
+ * connection.
+ * \retval "PROGRAMMER ERROR" msg_handle is invalid.
+ */
+void tfm_spm_partition_psa_set_rhandle(psa_handle_t msg_handle, void *rhandle);
+
+/**
+ * \brief Function body of \ref psa_read.
+ *
+ * \param[in] msg_handle Handle for the client's message.
+ * \param[in] invec_idx Index of the input vector to read from. Must be
+ * less than \ref PSA_MAX_IOVEC.
+ * \param[out] buffer Buffer in the Secure Partition to copy the
+ * requested data to.
+ * \param[in] num_bytes Maximum number of bytes to be read from the
+ * client input vector.
+ *
+ * \retval >0 Number of bytes copied.
+ * \retval 0 There was no remaining data in this input
+ * vector.
+ * \retval "PROGRAMMER ERROR" The call is invalid, one or more of the
+ * following are true:
+ * \arg msg_handle is invalid.
+ * \arg msg_handle does not refer to a
+ * \ref PSA_IPC_CALL message.
+ * \arg invec_idx is equal to or greater than
+ * \ref PSA_MAX_IOVEC.
+ * \arg the memory reference for buffer is invalid or
+ * not writable.
+ */
+size_t tfm_spm_partition_psa_read(psa_handle_t msg_handle, uint32_t invec_idx,
+ void *buffer, size_t num_bytes);
+
+/**
+ * \brief Function body of psa_skip.
+ *
+ * \param[in] msg_handle Handle for the client's message.
+ * \param[in] invec_idx Index of input vector to skip from. Must be
+ * less than \ref PSA_MAX_IOVEC.
+ * \param[in] num_bytes Maximum number of bytes to skip in the client
+ * input vector.
+ *
+ * \retval >0 Number of bytes skipped.
+ * \retval 0 There was no remaining data in this input
+ * vector.
+ * \retval "PROGRAMMER ERROR" The call is invalid, one or more of the
+ * following are true:
+ * \arg msg_handle is invalid.
+ * \arg msg_handle does not refer to a request
+ * message.
+ * \arg invec_idx is equal to or greater than
+ * \ref PSA_MAX_IOVEC.
+ */
+size_t tfm_spm_partition_psa_skip(psa_handle_t msg_handle, uint32_t invec_idx,
+ size_t num_bytes);
+
+/**
+ * \brief Function body of \ref psa_write.
+ *
+ * \param[in] msg_handle Handle for the client's message.
+ * \param[out] outvec_idx Index of output vector in message to write to.
+ * Must be less than \ref PSA_MAX_IOVEC.
+ * \param[in] buffer Buffer with the data to write.
+ * \param[in] num_bytes Number of bytes to write to the client output
+ * vector.
+ *
+ * \retval void Success
+ * \retval "PROGRAMMER ERROR" The call is invalid, one or more of the
+ * following are true:
+ * \arg msg_handle is invalid.
+ * \arg msg_handle does not refer to a request
+ * message.
+ * \arg outvec_idx is equal to or greater than
+ * \ref PSA_MAX_IOVEC.
+ * \arg The memory reference for buffer is invalid.
+ * \arg The call attempts to write data past the end
+ * of the client output vector.
+ */
+void tfm_spm_partition_psa_write(psa_handle_t msg_handle, uint32_t outvec_idx,
+ const void *buffer, size_t num_bytes);
+
+/**
+ * \brief Function body of \ref psa_reply.
+ *
+ * \param[in] msg_handle Handle for the client's message.
+ * \param[in] status Message result value to be reported to the
+ * client.
+ *
+ * \retval void Success.
+ * \retval "PROGRAMMER ERROR" The call is invalid, one or more of the
+ * following are true:
+ * \arg msg_handle is invalid.
+ * \arg An invalid status code is specified for the
+ * type of message.
+ */
+void tfm_spm_partition_psa_reply(psa_handle_t msg_handle, psa_status_t status);
+
+/**
+ * \brief Function body of \ref psa_norify.
+ *
+ * \param[in] partition_id Secure Partition ID of the target partition.
+ *
+ * \retval void Success.
+ * \retval "PROGRAMMER ERROR" partition_id does not correspond to a Secure
+ * Partition.
+ */
+void tfm_spm_partition_psa_notify(int32_t partition_id);
+
+/**
+ * \brief Function body of \ref psa_clear.
+ *
+ * \retval void Success.
+ * \retval "PROGRAMMER ERROR" The Secure Partition's doorbell signal is not
+ * currently asserted.
+ */
+void tfm_spm_partition_psa_clear(void);
+
+/**
+ * \brief Function body of \ref psa_eoi.
+ *
+ * \param[in] irq_signal The interrupt signal that has been processed.
+ *
+ * \retval void Success.
+ * \retval "PROGRAMMER ERROR" The call is invalid, one or more of the
+ * following are true:
+ * \arg irq_signal is not an interrupt signal.
+ * \arg irq_signal indicates more than one signal.
+ * \arg irq_signal is not currently asserted.
+ * \arg The interrupt is not using SLIH.
+ */
+void tfm_spm_partition_psa_eoi(psa_signal_t irq_signal);
+
+/**
+ * \brief Function body of \ref psa_panic.
+ *
+ * \retval "Does not return"
+ */
+void tfm_spm_partition_psa_panic(void);
+
+/**
+ * \brief Function body of \ref psa_irq_enable.
+ *
+ * \param[in] irq_signal The signal for the interrupt to be enabled.
+ * This must have a single bit set, which must be the
+ * signal value for an interrupt in the calling Secure
+ * Partition.
+ *
+ * \retval void
+ * \retval "PROGRAMMER ERROR" If one or more of the following are true:
+ * \arg \a irq_signal is not an interrupt signal.
+ * \arg \a irq_signal indicates more than one signal.
+ */
+void tfm_spm_partition_irq_enable(psa_signal_t irq_signal);
+
+/**
+ * \brief Function body of psa_irq_disable.
+ *
+ * \param[in] irq_signal The signal for the interrupt to be disabled.
+ * This must have a single bit set, which must be the
+ * signal value for an interrupt in the calling Secure
+ * Partition.
+ *
+ * \retval 0 The interrupt was disabled prior to this call.
+ * 1 The interrupt was enabled prior to this call.
+ * \retval "PROGRAMMER ERROR" If one or more of the following are true:
+ * \arg \a irq_signal is not an interrupt signal.
+ * \arg \a irq_signal indicates more than one signal.
+ *
+ * \note The current implementation always return 1. Do not use the return.
+ */
+psa_irq_status_t tfm_spm_partition_irq_disable(psa_signal_t irq_signal);
+
+/**
+ * \brief Function body of \ref psa_reset_signal.
+ *
+ * \param[in] irq_signal The interrupt signal to be reset.
+ * This must have a single bit set, corresponding to a
+ * currently asserted signal for an interrupt that is
+ * defined to use FLIH handling.
+ *
+ * \retval void
+ * \retval "Programmer Error" if one or more of the following are true:
+ * \arg \a irq_signal is not a signal for an interrupt
+ * that is specified with FLIH handling in the Secure
+ * Partition manifest.
+ * \arg \a irq_signal indicates more than one signal.
+ * \arg \a irq_signal is not currently asserted.
+ */
+void tfm_spm_partition_psa_reset_signal(psa_signal_t irq_signal);
+
+#endif /* __PSA_API_H__ */
diff --git a/secure_fw/spm/ffm/psa_client_service_apis.c b/secure_fw/spm/ffm/psa_client_service_apis.c
deleted file mode 100644
index 9cb287f..0000000
--- a/secure_fw/spm/ffm/psa_client_service_apis.c
+++ /dev/null
@@ -1,697 +0,0 @@
-/*
- * Copyright (c) 2020-2021, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-#include <stdint.h>
-#include "bitops.h"
-#include "spm_psa_client_call.h"
-#include "psa/lifecycle.h"
-#include "spm_ipc.h"
-#include "tfm_core_utils.h"
-#include "tfm_hal_defs.h"
-#include "tfm_hal_platform.h"
-#include "ffm/spm_error_base.h"
-#include "tfm_rpc.h"
-#include "tfm_spm_hal.h"
-#include "tfm_psa_call_param.h"
-#include "load/irq_defs.h"
-#include "load/partition_defs.h"
-#include "load/service_defs.h"
-
-/*********************** SPM functions for PSA Client APIs *******************/
-
-uint32_t tfm_spm_get_lifecycle_state(void)
-{
- /*
- * FixMe: return PSA_LIFECYCLE_UNKNOWN to the caller directly. It will be
- * implemented in the future.
- */
- return PSA_LIFECYCLE_UNKNOWN;
-}
-
-uint32_t tfm_spm_psa_framework_version(void)
-{
- return tfm_spm_client_psa_framework_version();
-}
-
-uint32_t tfm_spm_psa_version(uint32_t *args, bool ns_caller)
-{
- uint32_t sid;
-
- TFM_CORE_ASSERT(args != NULL);
- sid = (uint32_t)args[0];
-
- return tfm_spm_client_psa_version(sid, ns_caller);
-}
-
-psa_status_t tfm_spm_psa_connect(uint32_t *args, bool ns_caller)
-{
- uint32_t sid;
- uint32_t version;
-
- TFM_CORE_ASSERT(args != NULL);
- sid = (uint32_t)args[0];
- version = (uint32_t)args[1];
-
- return tfm_spm_client_psa_connect(sid, version, ns_caller);
-}
-
-psa_status_t tfm_spm_psa_call(uint32_t *args, bool ns_caller, uint32_t lr)
-{
- psa_handle_t handle;
- psa_invec *inptr;
- psa_outvec *outptr;
- size_t in_num, out_num;
- struct partition_t *partition = NULL;
- uint32_t privileged;
- int32_t type;
-
- TFM_CORE_ASSERT(args != NULL);
- handle = (psa_handle_t)args[0];
-
- partition = tfm_spm_get_running_partition();
- if (!partition) {
- tfm_core_panic();
- }
- privileged = tfm_spm_partition_get_privileged_mode(
- partition->p_ldinf->flags);
-
- type = (int32_t)(int16_t)((args[1] & TYPE_MASK) >> TYPE_OFFSET);
- in_num = (size_t)((args[1] & IN_LEN_MASK) >> IN_LEN_OFFSET);
- out_num = (size_t)((args[1] & OUT_LEN_MASK) >> OUT_LEN_OFFSET);
- inptr = (psa_invec *)args[2];
- outptr = (psa_outvec *)args[3];
-
- /* The request type must be zero or positive. */
- if (type < 0) {
- TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_PROGRAMMER_ERROR);
- }
-
- return tfm_spm_client_psa_call(handle, type, inptr, in_num, outptr, out_num,
- ns_caller, privileged);
-}
-
-void tfm_spm_psa_close(uint32_t *args, bool ns_caller)
-{
- psa_handle_t handle;
-
- TFM_CORE_ASSERT(args != NULL);
- handle = args[0];
-
- tfm_spm_client_psa_close(handle, ns_caller);
-}
-
-/********************* SPM functions for PSA Service APIs ********************/
-
-psa_signal_t tfm_spm_psa_wait(uint32_t *args)
-{
- psa_signal_t signal_mask;
- uint32_t timeout;
- struct partition_t *partition = NULL;
-
- TFM_CORE_ASSERT(args != NULL);
- signal_mask = (psa_signal_t)args[0];
- timeout = args[1];
-
- /*
- * Timeout[30:0] are reserved for future use.
- * SPM must ignore the value of RES.
- */
- timeout &= PSA_TIMEOUT_MASK;
-
- partition = tfm_spm_get_running_partition();
- if (!partition) {
- tfm_core_panic();
- }
-
- /*
- * It is a PROGRAMMER ERROR if the signal_mask does not include any assigned
- * signals.
- */
- if ((partition->signals_allowed & signal_mask) == 0) {
- tfm_core_panic();
- }
-
- /*
- * tfm_event_wait() blocks the caller thread if no signals are available.
- * In this case, the return value of this function is temporary set into
- * runtime context. After new signal(s) are available, the return value
- * is updated with the available signal(s) and blocked thread gets to run.
- */
- if (timeout == PSA_BLOCK &&
- (partition->signals_asserted & signal_mask) == 0) {
- partition->signals_waiting = signal_mask;
- tfm_event_wait(&partition->event);
- }
-
- return partition->signals_asserted & signal_mask;
-}
-
-psa_status_t tfm_spm_psa_get(uint32_t *args)
-{
- psa_signal_t signal;
- psa_msg_t *msg = NULL;
- struct tfm_msg_body_t *tmp_msg = NULL;
- struct partition_t *partition = NULL;
- uint32_t privileged;
-
- TFM_CORE_ASSERT(args != NULL);
- signal = (psa_signal_t)args[0];
- msg = (psa_msg_t *)args[1];
-
- /*
- * Only one message could be retrieved every time for psa_get(). It is a
- * fatal error if the input signal has more than a signal bit set.
- */
- if (!IS_ONLY_ONE_BIT_IN_UINT32(signal)) {
- tfm_core_panic();
- }
-
- partition = tfm_spm_get_running_partition();
- if (!partition) {
- tfm_core_panic();
- }
- privileged = tfm_spm_partition_get_privileged_mode(
- partition->p_ldinf->flags);
-
- /*
- * Write the message to the service buffer. It is a fatal error if the
- * input msg pointer is not a valid memory reference or not read-write.
- */
- if (tfm_memory_check(msg, sizeof(psa_msg_t), false, TFM_MEMORY_ACCESS_RW,
- privileged) != SPM_SUCCESS) {
- tfm_core_panic();
- }
-
- /*
- * It is a fatal error if the caller call psa_get() when no message has
- * been set. The caller must call this function after an RoT Service signal
- * is returned by psa_wait().
- */
- if (partition->signals_asserted == 0) {
- tfm_core_panic();
- }
-
- /*
- * It is a fatal error if the RoT Service signal is not currently asserted.
- */
- if ((partition->signals_asserted & signal) == 0) {
- tfm_core_panic();
- }
-
- /*
- * Get message by signal from partition. It is a fatal error if getting
- * failed, which means the input signal is not correspond to an RoT service.
- */
- tmp_msg = tfm_spm_get_msg_by_signal(partition, signal);
- if (!tmp_msg) {
- return PSA_ERROR_DOES_NOT_EXIST;
- }
-
- (TO_CONTAINER(tmp_msg,
- struct tfm_conn_handle_t,
- internal_msg))->status = TFM_HANDLE_STATUS_ACTIVE;
-
- spm_memcpy(msg, &tmp_msg->msg, sizeof(psa_msg_t));
-
- return PSA_SUCCESS;
-}
-
-void tfm_spm_psa_set_rhandle(uint32_t *args)
-{
- psa_handle_t msg_handle;
- void *rhandle = NULL;
- struct tfm_msg_body_t *msg = NULL;
- struct tfm_conn_handle_t *conn_handle;
-
- TFM_CORE_ASSERT(args != NULL);
- msg_handle = (psa_handle_t)args[0];
- rhandle = (void *)args[1];
-
- /* It is a fatal error if message handle is invalid */
- msg = tfm_spm_get_msg_from_handle(msg_handle);
- if (!msg) {
- tfm_core_panic();
- }
-
- /* It is a PROGRAMMER ERROR if a stateless service sets rhandle. */
- if (SERVICE_IS_STATELESS(msg->service->p_ldinf->flags)) {
- tfm_core_panic();
- }
-
- msg->msg.rhandle = rhandle;
- conn_handle = tfm_spm_to_handle_instance(msg_handle);
-
- /* Store reverse handle for following client calls. */
- tfm_spm_set_rhandle(msg->service, conn_handle, rhandle);
-}
-
-size_t tfm_spm_psa_read(uint32_t *args)
-{
- psa_handle_t msg_handle;
- uint32_t invec_idx;
- void *buffer = NULL;
- size_t num_bytes;
- size_t bytes;
- struct tfm_msg_body_t *msg = NULL;
- uint32_t privileged;
- struct partition_t *partition = NULL;
-
- TFM_CORE_ASSERT(args != NULL);
- msg_handle = (psa_handle_t)args[0];
- invec_idx = args[1];
- buffer = (void *)args[2];
- num_bytes = (size_t)args[3];
-
- /* It is a fatal error if message handle is invalid */
- msg = tfm_spm_get_msg_from_handle(msg_handle);
- if (!msg) {
- tfm_core_panic();
- }
-
- partition = msg->service->partition;
- privileged = tfm_spm_partition_get_privileged_mode(
- partition->p_ldinf->flags);
-
- /*
- * It is a fatal error if message handle does not refer to a request
- * message
- */
- if (msg->msg.type < PSA_IPC_CALL) {
- tfm_core_panic();
- }
-
- /*
- * It is a fatal error if invec_idx is equal to or greater than
- * PSA_MAX_IOVEC
- */
- if (invec_idx >= PSA_MAX_IOVEC) {
- tfm_core_panic();
- }
-
- /* There was no remaining data in this input vector */
- if (msg->msg.in_size[invec_idx] == 0) {
- return 0;
- }
-
- /*
- * Copy the client data to the service buffer. It is a fatal error
- * if the memory reference for buffer is invalid or not read-write.
- */
- if (tfm_memory_check(buffer, num_bytes, false,
- TFM_MEMORY_ACCESS_RW, privileged) != SPM_SUCCESS) {
- tfm_core_panic();
- }
-
- bytes = num_bytes > msg->msg.in_size[invec_idx] ?
- msg->msg.in_size[invec_idx] : num_bytes;
-
- spm_memcpy(buffer, msg->invec[invec_idx].base, bytes);
-
- /* There maybe some remaining data */
- msg->invec[invec_idx].base = (char *)msg->invec[invec_idx].base + bytes;
- msg->msg.in_size[invec_idx] -= bytes;
-
- return bytes;
-}
-
-size_t tfm_spm_psa_skip(uint32_t *args)
-{
- psa_handle_t msg_handle;
- uint32_t invec_idx;
- size_t num_bytes;
- struct tfm_msg_body_t *msg = NULL;
-
- TFM_CORE_ASSERT(args != NULL);
- msg_handle = (psa_handle_t)args[0];
- invec_idx = args[1];
- num_bytes = (size_t)args[2];
-
- /* It is a fatal error if message handle is invalid */
- msg = tfm_spm_get_msg_from_handle(msg_handle);
- if (!msg) {
- tfm_core_panic();
- }
-
- /*
- * It is a fatal error if message handle does not refer to a request
- * message
- */
- if (msg->msg.type < PSA_IPC_CALL) {
- tfm_core_panic();
- }
-
- /*
- * It is a fatal error if invec_idx is equal to or greater than
- * PSA_MAX_IOVEC
- */
- if (invec_idx >= PSA_MAX_IOVEC) {
- tfm_core_panic();
- }
-
- /* There was no remaining data in this input vector */
- if (msg->msg.in_size[invec_idx] == 0) {
- return 0;
- }
-
- /*
- * If num_bytes is greater than the remaining size of the input vector then
- * the remaining size of the input vector is used.
- */
- if (num_bytes > msg->msg.in_size[invec_idx]) {
- num_bytes = msg->msg.in_size[invec_idx];
- }
-
- /* There maybe some remaining data */
- msg->invec[invec_idx].base = (char *)msg->invec[invec_idx].base +
- num_bytes;
- msg->msg.in_size[invec_idx] -= num_bytes;
-
- return num_bytes;
-}
-
-void tfm_spm_psa_write(uint32_t *args)
-{
- psa_handle_t msg_handle;
- uint32_t outvec_idx;
- void *buffer = NULL;
- size_t num_bytes;
- struct tfm_msg_body_t *msg = NULL;
- uint32_t privileged;
- struct partition_t *partition = NULL;
-
- TFM_CORE_ASSERT(args != NULL);
- msg_handle = (psa_handle_t)args[0];
- outvec_idx = args[1];
- buffer = (void *)args[2];
- num_bytes = (size_t)args[3];
-
- /* It is a fatal error if message handle is invalid */
- msg = tfm_spm_get_msg_from_handle(msg_handle);
- if (!msg) {
- tfm_core_panic();
- }
-
- partition = msg->service->partition;
- privileged = tfm_spm_partition_get_privileged_mode(
- partition->p_ldinf->flags);
-
- /*
- * It is a fatal error if message handle does not refer to a request
- * message
- */
- if (msg->msg.type < PSA_IPC_CALL) {
- tfm_core_panic();
- }
-
- /*
- * It is a fatal error if outvec_idx is equal to or greater than
- * PSA_MAX_IOVEC
- */
- if (outvec_idx >= PSA_MAX_IOVEC) {
- tfm_core_panic();
- }
-
- /*
- * It is a fatal error if the call attempts to write data past the end of
- * the client output vector
- */
- if (num_bytes > msg->msg.out_size[outvec_idx] -
- msg->outvec[outvec_idx].len) {
- tfm_core_panic();
- }
-
- /*
- * Copy the service buffer to client outvecs. It is a fatal error
- * if the memory reference for buffer is invalid or not readable.
- */
- if (tfm_memory_check(buffer, num_bytes, false,
- TFM_MEMORY_ACCESS_RO, privileged) != SPM_SUCCESS) {
- tfm_core_panic();
- }
-
- spm_memcpy((char *)msg->outvec[outvec_idx].base +
- msg->outvec[outvec_idx].len, buffer, num_bytes);
-
- /* Update the write number */
- msg->outvec[outvec_idx].len += num_bytes;
-}
-
-void tfm_spm_psa_reply(uint32_t *args)
-{
- psa_handle_t msg_handle;
- psa_status_t status;
- struct service_t *service = NULL;
- struct tfm_msg_body_t *msg = NULL;
- int32_t ret = PSA_SUCCESS;
- struct tfm_conn_handle_t *conn_handle;
-
- TFM_CORE_ASSERT(args != NULL);
- msg_handle = (psa_handle_t)args[0];
- status = (psa_status_t)args[1];
-
- /* It is a fatal error if message handle is invalid */
- msg = tfm_spm_get_msg_from_handle(msg_handle);
- if (!msg) {
- tfm_core_panic();
- }
-
- /*
- * RoT Service information is needed in this function, stored it in message
- * body structure. Only two parameters are passed in this function: handle
- * and status, so it is useful and simply to do like this.
- */
- service = msg->service;
- if (!service) {
- tfm_core_panic();
- }
-
- /*
- * Three type of message are passed in this function: CONNECTION, REQUEST,
- * DISCONNECTION. It needs to process differently for each type.
- */
- conn_handle = tfm_spm_to_handle_instance(msg_handle);
- switch (msg->msg.type) {
- case PSA_IPC_CONNECT:
- /*
- * Reply to PSA_IPC_CONNECT message. Connect handle is returned if the
- * input status is PSA_SUCCESS. Others return values are based on the
- * input status.
- */
- if (status == PSA_SUCCESS) {
- ret = msg_handle;
- } else if (status == PSA_ERROR_CONNECTION_REFUSED) {
- /* Refuse the client connection, indicating a permanent error. */
- tfm_spm_free_conn_handle(service, conn_handle);
- ret = PSA_ERROR_CONNECTION_REFUSED;
- } else if (status == PSA_ERROR_CONNECTION_BUSY) {
- /* Fail the client connection, indicating a transient error. */
- ret = PSA_ERROR_CONNECTION_BUSY;
- } else {
- tfm_core_panic();
- }
- break;
- case PSA_IPC_DISCONNECT:
- /* Service handle is not used anymore */
- tfm_spm_free_conn_handle(service, conn_handle);
-
- /*
- * If the message type is PSA_IPC_DISCONNECT, then the status code is
- * ignored
- */
- break;
- default:
- if (msg->msg.type >= PSA_IPC_CALL) {
- /* Reply to a request message. Return values are based on status */
- ret = status;
- /*
- * The total number of bytes written to a single parameter must be
- * reported to the client by updating the len member of the
- * psa_outvec structure for the parameter before returning from
- * psa_call().
- */
- update_caller_outvec_len(msg);
- if (SERVICE_IS_STATELESS(service->p_ldinf->flags)) {
- tfm_spm_free_conn_handle(service, conn_handle);
- }
- } else {
- tfm_core_panic();
- }
- }
-
- if (ret == PSA_ERROR_PROGRAMMER_ERROR) {
- /*
- * If the source of the programmer error is a Secure Partition, the SPM
- * must panic the Secure Partition in response to a PROGRAMMER ERROR.
- */
- if (TFM_CLIENT_ID_IS_NS(msg->msg.client_id)) {
- conn_handle->status = TFM_HANDLE_STATUS_CONNECT_ERROR;
- } else {
- tfm_core_panic();
- }
- } else {
- conn_handle->status = TFM_HANDLE_STATUS_IDLE;
- }
-
- if (is_tfm_rpc_msg(msg)) {
- tfm_rpc_client_call_reply(msg, ret);
- } else {
- tfm_event_wake(&msg->ack_evnt, ret);
- }
-}
-
-void tfm_spm_psa_notify(uint32_t *args)
-{
- int32_t partition_id;
-
- TFM_CORE_ASSERT(args != NULL);
- partition_id = (int32_t)args[0];
-
- notify_with_signal(partition_id, PSA_DOORBELL);
-}
-
-void tfm_spm_psa_clear(void)
-{
- struct partition_t *partition = NULL;
-
- partition = tfm_spm_get_running_partition();
- if (!partition) {
- tfm_core_panic();
- }
-
- /*
- * It is a fatal error if the Secure Partition's doorbell signal is not
- * currently asserted.
- */
- if ((partition->signals_asserted & PSA_DOORBELL) == 0) {
- tfm_core_panic();
- }
- partition->signals_asserted &= ~PSA_DOORBELL;
-}
-
-void tfm_spm_psa_eoi(uint32_t *args)
-{
- psa_signal_t irq_signal;
- struct irq_load_info_t *irq_info = NULL;
- struct partition_t *partition = NULL;
-
- TFM_CORE_ASSERT(args != NULL);
- irq_signal = (psa_signal_t)args[0];
-
- partition = tfm_spm_get_running_partition();
- if (!partition) {
- tfm_core_panic();
- }
-
- irq_info = get_irq_info_for_signal(partition->p_ldinf, irq_signal);
- /* It is a fatal error if passed signal is not an interrupt signal. */
- if (!irq_info) {
- tfm_core_panic();
- }
-
- if (irq_info->flih_func) {
- /* This API is for SLIH IRQs only */
- psa_panic();
- }
-
- /* It is a fatal error if passed signal is not currently asserted */
- if ((partition->signals_asserted & irq_signal) == 0) {
- tfm_core_panic();
- }
-
- partition->signals_asserted &= ~irq_signal;
-
- tfm_spm_hal_clear_pending_irq((IRQn_Type)(irq_info->source));
- tfm_spm_hal_enable_irq((IRQn_Type)(irq_info->source));
-}
-
-void tfm_spm_psa_panic(void)
-{
- /*
- * PSA FF recommends that the SPM causes the system to restart when a secure
- * partition panics.
- */
- tfm_hal_system_reset();
-}
-
-void tfm_spm_irq_enable(uint32_t *args)
-{
- struct partition_t *partition;
- psa_signal_t irq_signal;
- struct irq_load_info_t *irq_info;
-
- irq_signal = (psa_signal_t)args[0];
-
- partition = tfm_spm_get_running_partition();
- if (!partition) {
- tfm_core_panic();
- }
-
- irq_info = get_irq_info_for_signal(partition->p_ldinf, irq_signal);
- if (!irq_info) {
- tfm_core_panic();
- }
-
- tfm_spm_hal_enable_irq((IRQn_Type)(irq_info->source));
-}
-
-psa_irq_status_t tfm_spm_irq_disable(uint32_t *args)
-{
- struct partition_t *partition;
- psa_signal_t irq_signal;
- struct irq_load_info_t *irq_info;
-
- irq_signal = (psa_signal_t)args[0];
-
- partition = tfm_spm_get_running_partition();
- if (!partition) {
- tfm_core_panic();
- }
-
- irq_info = get_irq_info_for_signal(partition->p_ldinf, irq_signal);
- if (!irq_info) {
- tfm_core_panic();
- }
-
- tfm_spm_hal_disable_irq((IRQn_Type)(irq_info->source));
-
- return 1;
-}
-
-void tfm_spm_psa_reset_signal(uint32_t *args)
-{
- psa_signal_t irq_signal;
- struct irq_load_info_t *irq_info;
- struct partition_t *partition;
-
- if (!args) {
- tfm_core_panic();
- }
-
- irq_signal = (psa_signal_t)args[0];
-
- partition = tfm_spm_get_running_partition();
- if (!partition) {
- tfm_core_panic();
- }
-
- irq_info = get_irq_info_for_signal(partition->p_ldinf, irq_signal);
- if (!irq_info) {
- tfm_core_panic();
- }
-
- if (!irq_info->flih_func) {
- /* This API is for FLIH IRQs only */
- tfm_core_panic();
- }
-
- if ((partition->signals_asserted & irq_signal) == 0) {
- /* The signal is not asserted */
- tfm_core_panic();
- }
-
- partition->signals_asserted &= ~irq_signal;
-}
diff --git a/secure_fw/spm/ffm/psa_client_service_apis.h b/secure_fw/spm/ffm/psa_client_service_apis.h
deleted file mode 100644
index 166890a..0000000
--- a/secure_fw/spm/ffm/psa_client_service_apis.h
+++ /dev/null
@@ -1,312 +0,0 @@
-/*
- * Copyright (c) 2020-2021, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-#ifndef __PSA_CLIENT_SERVICE_APIS_H__
-#define __PSA_CLIENT_SERVICE_APIS_H__
-
-/* Svcall for PSA Client APIs */
-
-/*
- * \brief This function get the current PSA RoT lifecycle state.
- *
- * \return state The current security lifecycle state of the PSA
- * RoT. The PSA state and implementation state are
- * encoded as follows:
- * \arg state[15:8] – PSA lifecycle state
- * \arg state[7:0] – IMPLEMENTATION DEFINED state
- */
-uint32_t tfm_spm_get_lifecycle_state(void);
-
-/**
- * \brief SVC handler for \ref psa_framework_version.
- *
- * \return version The version of the PSA Framework implementation
- * that is providing the runtime services to the
- * caller.
- */
-uint32_t tfm_spm_psa_framework_version(void);
-
-/**
- * \brief SVC handler for \ref psa_version.
- *
- * \param[in] args Include all input arguments: sid.
- * \param[in] ns_caller If 'true', call from non-secure client.
- * Or from secure client.
- *
- * \retval PSA_VERSION_NONE The RoT Service is not implemented, or the
- * caller is not permitted to access the service.
- * \retval > 0 The version of the implemented RoT Service.
- */
-uint32_t tfm_spm_psa_version(uint32_t *args, bool ns_caller);
-
-/**
- * \brief SVC handler for \ref psa_connect.
- *
- * \param[in] args Include all input arguments:
- * sid, version.
- * \param[in] ns_caller If 'true', call from non-secure client.
- * Or from secure client.
- *
- * \retval PSA_SUCCESS Success.
- * \retval PSA_ERROR_CONNECTION_REFUSED The SPM or RoT Service has refused the
- * connection.
- * \retval PSA_ERROR_CONNECTION_BUSY The SPM or RoT Service cannot make the
- * connection at the moment.
- * \retval "Does not return" The RoT Service ID and version are not
- * supported, or the caller is not permitted to
- * access the service.
- */
-psa_status_t tfm_spm_psa_connect(uint32_t *args, bool ns_caller);
-
-/**
- * \brief SVC handler for \ref psa_call.
- *
- * \param[in] args Include all input arguments:
- * handle, in_vec, in_len, out_vec, out_len.
- * \param[in] ns_caller If 'true', call from non-secure client.
- * Or from secure client.
- * \param[in] lr EXC_RETURN value of the SVC.
- *
- * \retval >=0 RoT Service-specific status value.
- * \retval <0 RoT Service-specific error code.
- * \retval PSA_ERROR_PROGRAMMER_ERROR The connection has been terminated by the
- * RoT Service. The call is a PROGRAMMER ERROR if
- * one or more of the following are true:
- * \arg An invalid handle was passed.
- * \arg The connection is already handling a request.
- * \arg type < 0.
- * \arg An invalid memory reference was provided.
- * \arg in_len + out_len > PSA_MAX_IOVEC.
- * \arg The message is unrecognized by the RoT
- * Service or incorrectly formatted.
- */
-psa_status_t tfm_spm_psa_call(uint32_t *args, bool ns_caller, uint32_t lr);
-
-/**
- * \brief SVC handler for \ref psa_close.
- *
- * \param[in] args Include all input arguments: handle.
- * \param[in] ns_caller If 'true', call from non-secure client.
- * Or from secure client.
- *
- * \retval void Success.
- * \retval "Does not return" The call is invalid, one or more of the
- * following are true:
- * \arg An invalid handle was provided that is not
- * the null handle.
- * \arg The connection is handling a request.
- */
-void tfm_spm_psa_close(uint32_t *args, bool ns_caller);
-
-/* Svcall for PSA Service APIs */
-
-/**
- * \brief SVC handler for \ref psa_wait.
- *
- * \param[in] args Include all input arguments:
- * signal_mask, timeout.
- *
- * \retval >0 At least one signal is asserted.
- * \retval 0 No signals are asserted. This is only seen when
- * a polling timeout is used.
- */
-psa_signal_t tfm_spm_psa_wait(uint32_t *args);
-
-/**
- * \brief SVC handler for \ref psa_get.
- *
- * \param[in] args Include all input arguments: signal, msg.
- *
- * \retval PSA_SUCCESS Success, *msg will contain the delivered
- * message.
- * \retval PSA_ERROR_DOES_NOT_EXIST Message could not be delivered.
- * \retval "Does not return" The call is invalid because one or more of the
- * following are true:
- * \arg signal has more than a single bit set.
- * \arg signal does not correspond to an RoT Service.
- * \arg The RoT Service signal is not currently
- * asserted.
- * \arg The msg pointer provided is not a valid memory
- * reference.
- */
-psa_status_t tfm_spm_psa_get(uint32_t *args);
-
-/**
- * \brief SVC handler for \ref psa_set_rhandle.
- *
- * \param[in] args Include all input arguments:
- * msg_handle, rhandle.
- *
- * \retval void Success, rhandle will be provided with all
- * subsequent messages delivered on this
- * connection.
- * \retval "Does not return" msg_handle is invalid.
- */
-void tfm_spm_psa_set_rhandle(uint32_t *args);
-
-/**
- * \brief SVC handler for \ref psa_read.
- *
- * \param[in] args Include all input arguments:
- * msg_handle, invec_idx, buffer, num_bytes.
- *
- * \retval >0 Number of bytes copied.
- * \retval 0 There was no remaining data in this input
- * vector.
- * \retval "Does not return" The call is invalid, one or more of the
- * following are true:
- * \arg msg_handle is invalid.
- * \arg msg_handle does not refer to a request
- * message.
- * \arg invec_idx is equal to or greater than
- * \ref PSA_MAX_IOVEC.
- * \arg the memory reference for buffer is invalid or
- * not writable.
- */
-size_t tfm_spm_psa_read(uint32_t *args);
-
-/**
- * \brief SVC handler for \ref psa_skip.
- *
- * \param[in] args Include all input arguments:
- * msg_handle, invec_idx, num_bytes.
- *
- * \retval >0 Number of bytes skipped.
- * \retval 0 There was no remaining data in this input
- * vector.
- * \retval "Does not return" The call is invalid, one or more of the
- * following are true:
- * \arg msg_handle is invalid.
- * \arg msg_handle does not refer to a request
- * message.
- * \arg invec_idx is equal to or greater than
- * \ref PSA_MAX_IOVEC.
- */
-size_t tfm_spm_psa_skip(uint32_t *args);
-
-/**
- * \brief SVC handler for \ref psa_write.
- *
- * \param[in] args Include all input arguments:
- * msg_handle, outvec_idx, buffer, num_bytes.
- *
- * \retval void Success
- * \retval "Does not return" The call is invalid, one or more of the
- * following are true:
- * \arg msg_handle is invalid.
- * \arg msg_handle does not refer to a request
- * message.
- * \arg outvec_idx is equal to or greater than
- * \ref PSA_MAX_IOVEC.
- * \arg The memory reference for buffer is invalid.
- * \arg The call attempts to write data past the end
- * of the client output vector.
- */
-void tfm_spm_psa_write(uint32_t *args);
-
-/**
- * \brief SVC handler for \ref psa_reply.
- *
- * \param[in] args Include all input arguments:
- * msg_handle, status.
- *
- * \retval void Success.
- * \retval "Does not return" The call is invalid, one or more of the
- * following are true:
- * \arg msg_handle is invalid.
- * \arg An invalid status code is specified for the
- * type of message.
- */
-void tfm_spm_psa_reply(uint32_t *args);
-
-/**
- * \brief SVC handler for \ref psa_notify.
- *
- * \param[in] args Include all input arguments: partition_id.
- *
- * \retval void Success.
- * \retval "Does not return" partition_id does not correspond to a Secure
- * Partition.
- */
-void tfm_spm_psa_notify(uint32_t *args);
-
-/**
- * \brief SVC handler for \ref psa_clear.
- *
- * \retval void Success.
- * \retval "Does not return" The Secure Partition's doorbell signal is not
- * currently asserted.
- */
-void tfm_spm_psa_clear(void);
-
-/**
- * \brief SVC handler for \ref psa_eoi.
- *
- * \param[in] args Include all input arguments: irq_signal.
- *
- * \retval void Success.
- * \retval "Does not return" The call is invalid, one or more of the
- * following are true:
- * \arg irq_signal is not an interrupt signal.
- * \arg irq_signal indicates more than one signal.
- * \arg irq_signal is not currently asserted.
- */
-void tfm_spm_psa_eoi(uint32_t *args);
-
-/**
- * \brief Terminate execution within the calling Secure Partition and will not
- * return.
- *
- * \retval "Does not return"
- */
-void tfm_spm_psa_panic(void);
-
-/**
- * \brief SVC handler for \ref psa_irq_enable.
- *
- * \param[in] args Include all input arguments: irq_signal.
- *
- * \retval void
- * \retval "Does not return" The call is invalid, if one or more of the
- * following are true:
- * \arg irq_signal does not belong to the calling
- * partition.
- * \arg irq_signal indicates more than one signal.
- */
-void tfm_spm_irq_enable(uint32_t *args);
-
-/**
- * \brief SVC handler for \ref psa_irq_disable.
- *
- * \param[in] args Include all input arguments: irq_signal.
- *
- * \retval 0 The interrupt was disabled prior to this call
- * 1 The interrupt was enabled prior to this call
- * \retval "Does not return" The call is invalid, if one or more of the
- * following are true:
- * \arg irq_signal does not belong to the calling
- * partition.
- * \arg irq_signal indicates more than one signal.
- */
-psa_irq_status_t tfm_spm_irq_disable(uint32_t *args);
-
-/**
- * \brief SVC handler for \ref psa_reset_signal.
- *
- * \param[in] args Include all input arguments: irq_signal.
- *
- * \retval void
- * \retval "Does not return" if one or more of the following are true:
- * \arg irq_signal is not a signal for an interrupt
- * that is specified with FLIH handling in the Secure
- * Partition manifest.
- * \arg irq_signal indicates more than one signal.
- * \arg irq_signal is not currently asserted.
- */
-void tfm_spm_psa_reset_signal(uint32_t *args);
-
-#endif /* __PSA_CLIENT_SERVICE_APIS_H__ */
diff --git a/secure_fw/spm/ffm/spm_psa_client_call.c b/secure_fw/spm/ffm/spm_psa_client_call.c
deleted file mode 100644
index 8eaf3e5..0000000
--- a/secure_fw/spm/ffm/spm_psa_client_call.c
+++ /dev/null
@@ -1,367 +0,0 @@
-/*
- * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-#include "psa/service.h"
-#include "spm_ipc.h"
-#include "tfm_core_utils.h"
-#include "tfm_memory_utils.h"
-#include "load/service_defs.h"
-#include "spm_psa_client_call.h"
-#include "utilities.h"
-#include "tfm_wait.h"
-#include "tfm_nspm.h"
-#include "ffm/spm_error_base.h"
-
-#define GET_STATELESS_SERVICE(index) (stateless_services_ref_tbl[index])
-extern struct service_t *stateless_services_ref_tbl[];
-
-uint32_t tfm_spm_client_psa_framework_version(void)
-{
- return PSA_FRAMEWORK_VERSION;
-}
-
-uint32_t tfm_spm_client_psa_version(uint32_t sid, bool ns_caller)
-{
- struct service_t *service;
-
- /*
- * It should return PSA_VERSION_NONE if the RoT Service is not
- * implemented.
- */
- service = tfm_spm_get_service_by_sid(sid);
- if (!service) {
- return PSA_VERSION_NONE;
- }
-
- /*
- * It should return PSA_VERSION_NONE if the caller is not authorized
- * to access the RoT Service.
- */
- if (tfm_spm_check_authorization(sid, service, ns_caller) != SPM_SUCCESS) {
- return PSA_VERSION_NONE;
- }
-
- return service->p_ldinf->version;
-}
-
-psa_status_t tfm_spm_client_psa_connect(uint32_t sid, uint32_t version,
- bool ns_caller)
-{
- struct service_t *service;
- struct tfm_msg_body_t *msg;
- struct tfm_conn_handle_t *connect_handle;
- int32_t client_id;
- psa_handle_t handle;
-
- /*
- * It is a PROGRAMMER ERROR if the RoT Service does not exist on the
- * platform.
- */
- service = tfm_spm_get_service_by_sid(sid);
- if (!service) {
- TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_CONNECTION_REFUSED);
- }
-
- /* It is a PROGRAMMER ERROR if connecting to a stateless service. */
- if (SERVICE_IS_STATELESS(service->p_ldinf->flags)) {
- TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_PROGRAMMER_ERROR);
- }
-
- /*
- * It is a PROGRAMMER ERROR if the caller is not authorized to access the
- * RoT Service.
- */
- if (tfm_spm_check_authorization(sid, service, ns_caller) != SPM_SUCCESS) {
- TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_CONNECTION_REFUSED);
- }
-
- /*
- * It is a PROGRAMMER ERROR if the version of the RoT Service requested is
- * not supported on the platform.
- */
- if (tfm_spm_check_client_version(service, version) != SPM_SUCCESS) {
- TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_CONNECTION_REFUSED);
- }
-
- if (ns_caller) {
- client_id = tfm_nspm_get_current_client_id();
- } else {
- client_id = tfm_spm_partition_get_running_partition_id();
- }
-
- /*
- * Create connection handle here since it is possible to return the error
- * code to client when creation fails.
- */
- connect_handle = tfm_spm_create_conn_handle(service, client_id);
- if (!connect_handle) {
- return PSA_ERROR_CONNECTION_BUSY;
- }
-
- msg = tfm_spm_get_msg_buffer_from_conn_handle(connect_handle);
- if (!msg) {
- /* Have no enough resource to create message */
- return PSA_ERROR_CONNECTION_BUSY;
- }
-
- handle = tfm_spm_to_user_handle(connect_handle);
- /* No input or output needed for connect message */
- tfm_spm_fill_msg(msg, service, handle, PSA_IPC_CONNECT,
- client_id, NULL, 0, NULL, 0, NULL);
-
- /*
- * Send message and wake up the SP who is waiting on message queue,
- * and scheduler triggered
- */
- tfm_spm_send_event(service, msg);
-
- return PSA_SUCCESS;
-}
-
-psa_status_t tfm_spm_client_psa_call(psa_handle_t handle, int32_t type,
- const psa_invec *inptr, size_t in_num,
- psa_outvec *outptr, size_t out_num,
- bool ns_caller, uint32_t privileged)
-{
- psa_invec invecs[PSA_MAX_IOVEC];
- psa_outvec outvecs[PSA_MAX_IOVEC];
- struct tfm_conn_handle_t *conn_handle;
- struct service_t *service;
- struct tfm_msg_body_t *msg;
- int i, j;
- int32_t client_id;
- uint32_t sid, version, index;
-
- /* It is a PROGRAMMER ERROR if in_len + out_len > PSA_MAX_IOVEC. */
- if ((in_num > PSA_MAX_IOVEC) ||
- (out_num > PSA_MAX_IOVEC) ||
- (in_num + out_num > PSA_MAX_IOVEC)) {
- TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_PROGRAMMER_ERROR);
- }
-
- if (ns_caller) {
- client_id = tfm_nspm_get_current_client_id();
- } else {
- client_id = tfm_spm_partition_get_running_partition_id();
- }
-
- /* Allocate space from handle pool for static handle. */
- if (IS_STATIC_HANDLE(handle)) {
- index = GET_INDEX_FROM_STATIC_HANDLE(handle);
-
- if (!IS_VALID_STATIC_HANDLE_IDX(index)) {
- TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_PROGRAMMER_ERROR);
- }
-
- service = GET_STATELESS_SERVICE(index);
- sid = service->p_ldinf->sid;
-
- /*
- * It is a PROGRAMMER ERROR if the caller is not authorized to access
- * the RoT Service.
- */
- if (tfm_spm_check_authorization(sid, service, ns_caller)
- != SPM_SUCCESS) {
- TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_CONNECTION_REFUSED);
- }
-
- version = GET_VERSION_FROM_STATIC_HANDLE(handle);
-
- if (tfm_spm_check_client_version(service, version) != SPM_SUCCESS) {
- TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_PROGRAMMER_ERROR);
- }
-
- conn_handle = tfm_spm_create_conn_handle(service, client_id);
-
- if (!conn_handle) {
- TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_CONNECTION_BUSY);
- }
-
- conn_handle->rhandle = NULL;
- handle = tfm_spm_to_user_handle(conn_handle);
- } else {
- conn_handle = tfm_spm_to_handle_instance(handle);
-
- /* It is a PROGRAMMER ERROR if an invalid handle was passed. */
- if (tfm_spm_validate_conn_handle(conn_handle, client_id)
- != SPM_SUCCESS) {
- TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_PROGRAMMER_ERROR);
- }
-
- /*
- * It is a PROGRAMMER ERROR if the connection is currently
- * handling a request.
- */
- if (conn_handle->status == TFM_HANDLE_STATUS_ACTIVE) {
- TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_PROGRAMMER_ERROR);
- }
-
- /*
- * Return PSA_ERROR_PROGRAMMER_ERROR immediately for the connection
- * has been terminated by the RoT Service.
- */
- if (conn_handle->status == TFM_HANDLE_STATUS_CONNECT_ERROR) {
- return PSA_ERROR_PROGRAMMER_ERROR;
- }
-
- service = conn_handle->service;
- }
-
- if (!service) {
- /* FixMe: Need to implement one mechanism to resolve this failure. */
- tfm_core_panic();
- }
-
- /*
- * Read client invecs from the wrap input vector. It is a PROGRAMMER ERROR
- * if the memory reference for the wrap input vector is invalid or not
- * readable.
- */
- if (tfm_memory_check(inptr, in_num * sizeof(psa_invec), ns_caller,
- TFM_MEMORY_ACCESS_RO, privileged) != SPM_SUCCESS) {
- TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_PROGRAMMER_ERROR);
- }
-
- /*
- * Read client outvecs from the wrap output vector and will update the
- * actual length later. It is a PROGRAMMER ERROR if the memory reference for
- * the wrap output vector is invalid or not read-write.
- */
- if (tfm_memory_check(outptr, out_num * sizeof(psa_outvec), ns_caller,
- TFM_MEMORY_ACCESS_RW, privileged) != SPM_SUCCESS) {
- TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_PROGRAMMER_ERROR);
- }
-
- spm_memset(invecs, 0, sizeof(invecs));
- spm_memset(outvecs, 0, sizeof(outvecs));
-
- /* Copy the address out to avoid TOCTOU attacks. */
- spm_memcpy(invecs, inptr, in_num * sizeof(psa_invec));
- spm_memcpy(outvecs, outptr, out_num * sizeof(psa_outvec));
-
- /*
- * For client input vector, it is a PROGRAMMER ERROR if the provided payload
- * memory reference was invalid or not readable.
- */
- for (i = 0; i < in_num; i++) {
- if (tfm_memory_check(invecs[i].base, invecs[i].len, ns_caller,
- TFM_MEMORY_ACCESS_RO, privileged) != SPM_SUCCESS) {
- TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_PROGRAMMER_ERROR);
- }
- }
-
- /*
- * Clients must never overlap input parameters because of the risk of a
- * double-fetch inconsistency.
- * Overflow is checked in tfm_memory_check functions.
- */
- for (i = 0; i + 1 < in_num; i++) {
- for (j = i+1; j < in_num; j++) {
- if (!((char *) invecs[j].base + invecs[j].len <=
- (char *) invecs[i].base ||
- (char *) invecs[j].base >=
- (char *) invecs[i].base + invecs[i].len)) {
- TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_PROGRAMMER_ERROR);
- }
- }
- }
-
- /*
- * For client output vector, it is a PROGRAMMER ERROR if the provided
- * payload memory reference was invalid or not read-write.
- */
- for (i = 0; i < out_num; i++) {
- if (tfm_memory_check(outvecs[i].base, outvecs[i].len,
- ns_caller, TFM_MEMORY_ACCESS_RW, privileged) != SPM_SUCCESS) {
- TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_PROGRAMMER_ERROR);
- }
- }
-
- /*
- * FixMe: Need to check if the message is unrecognized by the RoT
- * Service or incorrectly formatted.
- */
- msg = tfm_spm_get_msg_buffer_from_conn_handle(conn_handle);
- if (!msg) {
- /* FixMe: Need to implement one mechanism to resolve this failure. */
- TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_PROGRAMMER_ERROR);
- }
-
- tfm_spm_fill_msg(msg, service, handle, type, client_id,
- invecs, in_num, outvecs, out_num, outptr);
-
- /*
- * Send message and wake up the SP who is waiting on message queue,
- * and scheduler triggered
- */
- tfm_spm_send_event(service, msg);
-
- return PSA_SUCCESS;
-}
-
-void tfm_spm_client_psa_close(psa_handle_t handle, bool ns_caller)
-{
- struct service_t *service;
- struct tfm_msg_body_t *msg;
- struct tfm_conn_handle_t *conn_handle;
- int32_t client_id;
-
- /* It will have no effect if called with the NULL handle */
- if (handle == PSA_NULL_HANDLE) {
- return;
- }
-
- /* It is a PROGRAMMER ERROR if called with a stateless handle. */
- if (IS_STATIC_HANDLE(handle)) {
- TFM_PROGRAMMER_ERROR(ns_caller, PROGRAMMER_ERROR_NULL);
- }
-
- if (ns_caller) {
- client_id = tfm_nspm_get_current_client_id();
- } else {
- client_id = tfm_spm_partition_get_running_partition_id();
- }
-
- conn_handle = tfm_spm_to_handle_instance(handle);
- /*
- * It is a PROGRAMMER ERROR if an invalid handle was provided that is not
- * the null handle.
- */
- if (tfm_spm_validate_conn_handle(conn_handle, client_id) != SPM_SUCCESS) {
- TFM_PROGRAMMER_ERROR(ns_caller, PROGRAMMER_ERROR_NULL);
- }
-
- service = conn_handle->service;
- if (!service) {
- /* FixMe: Need to implement one mechanism to resolve this failure. */
- tfm_core_panic();
- }
-
- msg = tfm_spm_get_msg_buffer_from_conn_handle(conn_handle);
- if (!msg) {
- /* FixMe: Need to implement one mechanism to resolve this failure. */
- tfm_core_panic();
- }
-
- /*
- * It is a PROGRAMMER ERROR if the connection is currently handling a
- * request.
- */
- if (conn_handle->status == TFM_HANDLE_STATUS_ACTIVE) {
- TFM_PROGRAMMER_ERROR(ns_caller, PROGRAMMER_ERROR_NULL);
- }
-
- /* No input or output needed for close message */
- tfm_spm_fill_msg(msg, service, handle, PSA_IPC_DISCONNECT, client_id,
- NULL, 0, NULL, 0, NULL);
-
- /*
- * Send message and wake up the SP who is waiting on message queue,
- * and scheduler triggered
- */
- tfm_spm_send_event(service, msg);
-}
diff --git a/secure_fw/spm/ffm/spm_psa_client_call.h b/secure_fw/spm/ffm/spm_psa_client_call.h
deleted file mode 100644
index 0a05a0e..0000000
--- a/secure_fw/spm/ffm/spm_psa_client_call.h
+++ /dev/null
@@ -1,121 +0,0 @@
-/*
- * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-#ifndef __TFM_PSA_CLIENT_CALL_H__
-#define __TFM_PSA_CLIENT_CALL_H__
-
-#include <stdint.h>
-#include <stdbool.h>
-#include "psa/client.h"
-
-#define PROGRAMMER_ERROR_NULL
-#define TFM_PROGRAMMER_ERROR(ns_caller, error_status) \
- do { \
- if (ns_caller) { \
- return error_status; \
- } else { \
- tfm_core_panic(); \
- } \
- } while (0)
-
-/* Common handlers for PSA client calls */
-
-/**
- * \brief handler for \ref psa_framework_version.
- *
- * \return version The version of the PSA Framework implementation
- * that is providing the runtime services.
- */
-uint32_t tfm_spm_client_psa_framework_version(void);
-
-/**
- * \brief handler for \ref psa_version.
- *
- * \param[in] sid RoT Service identity.
- * \param[in] ns_caller If 'true', call from non-secure client.
- * Otherwise from secure client.
- *
- * \retval PSA_VERSION_NONE The RoT Service is not implemented, or the
- * caller is not permitted to access the service.
- * \retval > 0 The version of the implemented RoT Service.
- */
-uint32_t tfm_spm_client_psa_version(uint32_t sid, bool ns_caller);
-
-/**
- * \brief handler for \ref psa_connect.
- *
- * \param[in] sid RoT Service identity.
- * \param[in] version The version of the RoT Service.
- * \param[in] ns_caller If 'true', call from non-secure client.
- * Otherwise from secure client.
- *
- * \retval PSA_SUCCESS Success.
- * \retval PSA_ERROR_CONNECTION_REFUSED The SPM or RoT Service has refused the
- * connection.
- * \retval PSA_ERROR_CONNECTION_BUSY The SPM or RoT Service cannot make the
- * connection at the moment.
- * \retval "Does not return" The RoT Service ID and version are not
- * supported, or the caller is not permitted to
- * access the service.
- */
-psa_status_t tfm_spm_client_psa_connect(uint32_t sid, uint32_t version,
- bool ns_caller);
-
-/**
- * \brief handler for \ref psa_call.
- *
- * \param[in] handle Service handle to the established connection,
- * \ref psa_handle_t
- * \param[in] type The request type.
- * Must be zero( \ref PSA_IPC_CALL) or positive.
- * \param[in] inptr Array of input psa_invec structures.
- * \ref psa_invec
- * \param[in] in_num Number of input psa_invec structures.
- * \ref psa_invec
- * \param[in] outptr Array of output psa_outvec structures.
- * \ref psa_outvec
- * \param[in] out_num Number of outut psa_outvec structures.
- * \ref psa_outvec
- * \param[in] ns_caller If 'true', call from non-secure client.
- * Otherwise from secure client.
- * \param[in] privileged Privileged mode or unprivileged mode:
- * \ref TFM_PARTITION_UNPRIVILEGED_MODE
- * \ref TFM_PARTITION_PRIVILEGED_MODE
- *
- * \retval PSA_SUCCESS Success.
- * \retval "Does not return" The call is invalid, one or more of the
- * following are true:
- * \arg An invalid handle was passed.
- * \arg The connection is already handling a request.
- * \arg An invalid memory reference was provided.
- * \arg in_num + out_num > PSA_MAX_IOVEC.
- * \arg The message is unrecognized by the RoT
- * Service or incorrectly formatted.
- */
-psa_status_t tfm_spm_client_psa_call(psa_handle_t handle, int32_t type,
- const psa_invec *inptr, size_t in_num,
- psa_outvec *outptr, size_t out_num,
- bool ns_caller, uint32_t privileged);
-
-/**
- * \brief handler for \ref psa_close.
- *
- * \param[in] handle Service handle to the connection to be closed,
- * \ref psa_handle_t
- * \param[in] ns_caller If 'true', call from non-secure client.
- * Otherwise from secure client.
- *
- * \retval void Success.
- * \retval "Does not return" The call is invalid, one or more of the
- * following are true:
- * \arg An invalid handle was provided that is not
- * the null handle.
- * \arg The connection is handling a request.
- */
-void tfm_spm_client_psa_close(psa_handle_t handle, bool ns_caller);
-
-#endif
diff --git a/secure_fw/spm/ffm/tfm_boot_data.c b/secure_fw/spm/ffm/tfm_boot_data.c
index d7db303..03854b8 100644
--- a/secure_fw/spm/ffm/tfm_boot_data.c
+++ b/secure_fw/spm/ffm/tfm_boot_data.c
@@ -12,7 +12,7 @@
#include "tfm_memory_utils.h"
#include "tfm_api.h"
#include "tfm_core_utils.h"
-#include "spm_partition_defs.h"
+#include "psa_manifest/pid.h"
#ifdef TFM_PSA_API
#include "internal_errors.h"
#include "utilities.h"
@@ -69,8 +69,12 @@
* (identified by major_type).
*/
static const struct boot_data_access_policy access_policy_table[] = {
+#ifdef TFM_PARTITION_INITIAL_ATTESTATION
{TFM_SP_INITIAL_ATTESTATION, TLV_MAJOR_IAS},
+#endif
+#ifdef TFM_PARTITION_FIRMWARE_UPDATE
{TFM_SP_FWU, TLV_MAJOR_FWU},
+#endif
};
/*!
diff --git a/secure_fw/spm/include/interface/svc_num.h b/secure_fw/spm/include/interface/svc_num.h
index 7a3c3c5..2b88e16 100644
--- a/secure_fw/spm/include/interface/svc_num.h
+++ b/secure_fw/spm/include/interface/svc_num.h
@@ -39,10 +39,9 @@
#define TFM_SVC_PSA_IRQ_DISABLE (0x12)
#define TFM_SVC_PSA_RESET_SIGNAL (0x13)
/* TF-M specific, starts from 0x40 */
-#define TFM_SVC_SPM_REQUEST (0x40)
-#define TFM_SVC_GET_BOOT_DATA (0x41)
-#define TFM_SVC_SPM_INIT (0x42)
-#define TFM_SVC_FLIH_FUNC_RETURN (0x43)
+#define TFM_SVC_GET_BOOT_DATA (0x40)
+#define TFM_SVC_SPM_INIT (0x41)
+#define TFM_SVC_FLIH_FUNC_RETURN (0x42)
#define TFM_SVC_THREAD_NUMBER_END (0x7F)
#if (TFM_SPM_LOG_LEVEL > TFM_SPM_LOG_LEVEL_SILENCE)
#define TFM_SVC_OUTPUT_UNPRIV_STRING (TFM_SVC_THREAD_NUMBER_END)
diff --git a/secure_fw/spm/include/lists.h b/secure_fw/spm/include/lists.h
index c0962c5..1a11dee 100644
--- a/secure_fw/spm/include/lists.h
+++ b/secure_fw/spm/include/lists.h
@@ -75,8 +75,22 @@
(curr)->next = node; \
} while (0)
+/* Move a node after posi node */
+#define UNI_LIST_MOVE_AFTER(posi, prev, node) do {\
+ if (prev != NULL) { \
+ (prev)->next = (node)->next; \
+ (node)->next = (posi)->next; \
+ (posi)->next = node; \
+ } \
+} while (0)
+
/* Go through each node of a list */
#define UNI_LIST_FOR_EACH(node, head) \
for (node = (head)->next; node != NULL; node = (node)->next)
+/* Go through each node of a list with prev node */
+#define UNI_LIST_FOR_EACH_PREV(prev, node, head) \
+ for (prev = NULL, node = (head)->next; \
+ node != NULL; prev = node, node = (prev)->next)
+
#endif /* __LISTS_H__ */
diff --git a/secure_fw/spm/include/load/partition_defs.h b/secure_fw/spm/include/load/partition_defs.h
index 9eb3ea9..449c9db 100644
--- a/secure_fw/spm/include/load/partition_defs.h
+++ b/secure_fw/spm/include/load/partition_defs.h
@@ -11,6 +11,11 @@
#include <stddef.h>
#include <stdint.h>
+/* TF-M internal partition ID */
+#define TFM_SP_NON_SECURE_ID (0)
+#define TFM_SP_IDLE_ID (1)
+#define INVALID_PARTITION_ID (~0U)
+
/* Encode a magic number into version for validating partition info */
#define PARTITION_INFO_VERSION_MASK (0x0000FFFF)
#define PARTITION_INFO_MAGIC_MASK (0xFFFF0000)
diff --git a/secure_fw/spm/include/tfm_arch_v8m.h b/secure_fw/spm/include/tfm_arch_v8m.h
index 5fbc2b2..e615c3c 100644
--- a/secure_fw/spm/include/tfm_arch_v8m.h
+++ b/secure_fw/spm/include/tfm_arch_v8m.h
@@ -40,6 +40,11 @@
EXC_RETURN_STACK_MAIN | EXC_RETURN_RES0 | \
EXC_RETURN_EXC_SECURE
+/* Exception numbers */
+#define EXC_NUM_THREAD_MODE (0)
+#define EXC_NUM_SVCALL (11)
+#define EXC_NUM_PENDSV (14)
+
#if defined(__ARM_ARCH_8_1M_MAIN__) || defined(__ARM_ARCH_8M_MAIN__)
struct tfm_arch_ctx_t {
uint32_t r4;
diff --git a/secure_fw/spm/include/tfm_version.h b/secure_fw/spm/include/tfm_version.h
index 8e24665..7a0e69e 100644
--- a/secure_fw/spm/include/tfm_version.h
+++ b/secure_fw/spm/include/tfm_version.h
@@ -12,7 +12,7 @@
* Defines for TFM version.
*/
#define VERSION_MAJOR 1
-#define VERSION_MINOR 3
+#define VERSION_MINOR 4
#define VERSION_HOTFIX 0
#define VERSION_STRING ""
diff --git a/tools/CMakeLists.txt b/tools/CMakeLists.txt
index 7accf48..6c27680 100644
--- a/tools/CMakeLists.txt
+++ b/tools/CMakeLists.txt
@@ -1,5 +1,5 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2020, Arm Limited. All rights reserved.
+# Copyright (c) 2020-2021, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -10,10 +10,10 @@
############################### Manifest declaration ###########################
-configure_file(${CMAKE_CURRENT_SOURCE_DIR}/tfm_manifest_list.yaml
- ${CMAKE_CURRENT_BINARY_DIR}/tfm_manifest_list.yaml)
+get_filename_component(list_name ${TFM_MANIFEST_LIST} NAME)
+configure_file(${TFM_MANIFEST_LIST} ${CMAKE_CURRENT_BINARY_DIR}/${list_name})
-set(MANIFEST_LISTS ${CMAKE_CURRENT_BINARY_DIR}/tfm_manifest_list.yaml)
+set(MANIFEST_LISTS ${CMAKE_CURRENT_BINARY_DIR}/${list_name})
set(MANIFEST_LISTS ${MANIFEST_LISTS} ${TFM_EXTRA_MANIFEST_LIST_PATH})
if ("${TEST_PSA_API}" STREQUAL "IPC")
diff --git a/secure_fw/partitions/manifestfilename.template b/tools/templates/manifestfilename.template
similarity index 100%
rename from secure_fw/partitions/manifestfilename.template
rename to tools/templates/manifestfilename.template
diff --git a/secure_fw/partitions/partition_intermedia.template b/tools/templates/partition_intermedia.template
similarity index 100%
rename from secure_fw/partitions/partition_intermedia.template
rename to tools/templates/partition_intermedia.template
diff --git a/secure_fw/partitions/partition_load_info.template b/tools/templates/partition_load_info.template
similarity index 88%
rename from secure_fw/partitions/partition_load_info.template
rename to tools/templates/partition_load_info.template
index 908944b..ca9161a 100644
--- a/secure_fw/partitions/partition_load_info.template
+++ b/tools/templates/partition_load_info.template
@@ -20,34 +20,18 @@
#include "psa_manifest/sid.h"
#include "psa_manifest/{{manifest_out_basename}}.h"
-{% set counter = namespace(dep_counter=0, service_counter=0, asset_counter=0, irq_counter=0) %}
-{% if manifest.dependencies %}
- {% for dep in manifest.dependencies %}
- {% set counter.dep_counter = counter.dep_counter + 1 %}
- {% endfor %}
-{% endif %}
-{% if manifest.services %}
- {% for service in manifest.services %}
- {% set counter.service_counter = counter.service_counter + 1 %}
- {% endfor %}
-{% endif %}
-{% if manifest.mmio_regions %}
- {% for asset in manifest.mmio_regions %}
- {% set counter.asset_counter = counter.asset_counter + 1 %}
- {% endfor %}
-{% endif %}
-{% if manifest.irqs %}
- {% for irq in manifest.irqs %}
- {% set counter.irq_counter = counter.irq_counter + 1 %}
- {% endfor %}
-{% endif %}
+{% set counter = namespace() %}
+{% set counter.dep_counter = manifest.dependencies|count %}
#define {{"%-55s"|format(manifest.name|upper + "_NDEPS")}} ({{"%d"|format(counter.dep_counter)}})
+{% set counter.service_counter = manifest.services|count %}
#define {{"%-55s"|format(manifest.name|upper + "_NSERVS")}} ({{"%d"|format(counter.service_counter)}})
+{% set counter.asset_counter = manifest.mmio_regions|count %}
#if TFM_LVL == 3
#define {{"%-55s"|format(manifest.name|upper + "_NASSETS")}} ({{"%d"|format(counter.asset_counter)}} + 1)
#else
#define {{"%-55s"|format(manifest.name|upper + "_NASSETS")}} ({{"%d"|format(counter.asset_counter)}})
#endif
+{% set counter.irq_counter = manifest.irqs|count %}
#define {{"%-55s"|format(manifest.name|upper + "_NIRQS")}} ({{"%d"|format(counter.irq_counter)}})
/* Memory region declaration */
@@ -78,25 +62,29 @@
/* per-partition variable length load data */
uintptr_t stack_addr;
uintptr_t heap_addr;
-{% if manifest.dependencies %}
+{% if counter.dep_counter > 0 %}
uint32_t deps[{{(manifest.name|upper + "_NDEPS")}}];
{% endif %}
-{% if manifest.services %}
+{% if counter.service_counter > 0 %}
struct service_load_info_t services[{{(manifest.name|upper + "_NSERVS")}}];
{% endif %}
#if TFM_LVL == 3
struct asset_desc_t assets[{{(manifest.name|upper + "_NASSETS")}}];
#else
-{% if manifest.mmio_regions %}
+{% if counter.asset_counter > 0 %}
struct asset_desc_t assets[{{(manifest.name|upper + "_NASSETS")}}];
{% endif %}
#endif
-{% if manifest.irqs %}
+{% if counter.irq_counter > 0 %}
struct irq_load_info_t irqs[{{(manifest.name|upper + "_NIRQS")}}];
{% endif %}
} __attribute__((aligned(4)));
/* Partition load, deps, service load data. Put to a dedicated section. */
+#if defined(__ICCARM__)
+#pragma location = ".part_load"
+__root
+#endif /* __ICCARM__ */
const struct partition_{{manifest.name|lower}}_load_info_t {{manifest.name|lower}}_load
__attribute__((used, section(".part_load"))) = {
.load_info = {
@@ -134,14 +122,14 @@
},
.stack_addr = (uintptr_t){{manifest.name|lower}}_stack,
.heap_addr = 0,
-{% if manifest.dependencies %}
+{% if counter.dep_counter > 0 %}
.deps = {
{% for dep in manifest.dependencies %}
{{dep}}_SID,
{% endfor %}
},
{% endif %}
-{% if manifest.services %}
+{% if counter.service_counter > 0 %}
.services = {
{% for service in manifest.services %}
{
@@ -180,21 +168,23 @@
.mem.addr_y = PART_REGION_ADDR(PT_{{manifest.name}}_PRIVATE, _DATA_END$$Base),
.attr = ASSET_MEM_RD_BIT | ASSET_MEM_WR_BIT,
},
-{% for region in manifest.mmio_regions %}
- {% if region.conditional %}
+{% if counter.asset_counter > 0 %}
+ {% for region in manifest.mmio_regions %}
+ {% if region.conditional %}
#ifdef {{region.conditional}}
- {% endif %}
+ {% endif %}
{
.dev.addr_ref = PTR_TO_REFERENCE({{region.name}}),
.attr = ASSET_DEV_REF_BIT,
},
- {% if region.conditional %}
+ {% if region.conditional %}
#endif
- {% endif %}
-{% endfor %}
+ {% endif %}
+ {% endfor %}
+{% endif %}
},
#else
-{% if manifest.mmio_regions %}
+{% if counter.asset_counter > 0 %}
.assets = {
{% for region in manifest.mmio_regions %}
{% if region.conditional %}
@@ -211,7 +201,7 @@
},
{% endif %}
#endif
-{% if manifest.irqs %}
+{% if counter.irq_counter > 0 %}
.irqs = {
{% for irq in manifest.irqs %}
{% set irq_info = namespace() %}
@@ -237,7 +227,17 @@
};
/* Placeholder for partition and service runtime space. Do not reference it. */
+#if defined(__ICCARM__)
+#pragma location=".bss.part_runtime"
+__root
+#endif /* __ICCARM__ */
static struct partition_t {{manifest.name|lower}}_partition_runtime_item
__attribute__((used, section(".bss.part_runtime")));
+{% if counter.service_counter > 0 %}
+#if defined(__ICCARM__)
+#pragma location = ".bss.serv_runtime"
+__root
+#endif /* __ICCARM__ */
static struct service_t {{manifest.name|lower}}_service_runtime_item[{{(manifest.name|upper + "_NSERVS")}}]
__attribute__((used, section(".bss.serv_runtime")));
+{% endif %}
diff --git a/tools/tfm_manifest_list.yaml b/tools/tfm_manifest_list.yaml
index ae3b05c..210bd0b 100644
--- a/tools/tfm_manifest_list.yaml
+++ b/tools/tfm_manifest_list.yaml
@@ -201,21 +201,6 @@
}
},
{
- "name": "TF-M PSA Proxy Service",
- "short_name": "TFM_SP_PSA_PROXY",
- "manifest": "secure_fw/partitions/psa_proxy/tfm_psa_proxy.yaml",
- "tfm_extensions": true,
- "conditional": "TFM_PARTITION_PSA_PROXY",
- "version_major": 0,
- "version_minor": 1,
- "pid": 270,
- "linker_pattern": {
- "library_list": [
- "*tfm_*partition_psa_proxy.*"
- ]
- }
- },
- {
"name": "TFM Firmware Update Service",
"short_name": "TFM_SP_FWU",
"manifest": "secure_fw/partitions/firmware_update/tfm_firmware_update.yaml",
@@ -230,20 +215,6 @@
}
},
{
- "name": "TFM FFM11 Partition Service",
- "short_name": "TFM_SP_FFM11",
- "manifest": "secure_fw/partitions/tfm_ffm11_partition/tfm_ffm11_partition.yaml",
- "conditional": "TFM_PARTITION_FFM11",
- "version_major": 0,
- "version_minor": 1,
- "pid": 272,
- "linker_pattern": {
- "library_list": [
- "*tfm_*partition_ffm11.*"
- ]
- }
- },
- {
"name": "TFM Initial Attestation Test Service",
"short_name": "TFM_ATTEST_TEST_SERVICE",
"manifest": "${TFM_TEST_PATH}/test_services/tfm_attest_test_service/tfm_attest_test_service.yaml",
@@ -251,7 +222,7 @@
"conditional": "ATTEST_TEST_GET_PUBLIC_KEY",
"version_major": 0,
"version_minor": 1,
- "pid": 273,
+ "pid": 272,
"linker_pattern": {
"library_list": [
"*tfm_*partition_attest_test_service.*"
@@ -263,7 +234,7 @@
"short_name": "TFM_SP_SLIH_TEST",
"manifest": "${TFM_TEST_PATH}/test_services/tfm_slih_test_service/tfm_slih_test_service.yaml",
"source_path": "${TFM_TEST_PATH}",
- "conditional": "TFM_ENABLE_SLIH_TEST",
+ "conditional": "TEST_NS_SLIH_IRQ",
"version_major": 0,
"version_minor": 1,
"linker_pattern": {
@@ -277,7 +248,7 @@
"short_name": "TFM_SP_FLIH_TEST",
"manifest": "${TFM_TEST_PATH}/test_services/tfm_flih_test_service/tfm_flih_test_service.yaml",
"source_path": "${TFM_TEST_PATH}",
- "conditional": "TFM_ENABLE_FLIH_TEST",
+ "conditional": "TEST_NS_FLIH_IRQ",
"version_major": 0,
"version_minor": 1,
"linker_pattern": {
diff --git a/tools/tfm_parse_manifest_list.py b/tools/tfm_parse_manifest_list.py
index 11c0690..d2eae65 100644
--- a/tools/tfm_parse_manifest_list.py
+++ b/tools/tfm_parse_manifest_list.py
@@ -124,21 +124,21 @@
intermedia_file = os.path.join(manifest_dir, "auto_generated", 'intermedia_' + manifest_out_basename + '.c').replace('\\', '/')
load_info_file = os.path.join(manifest_dir, "auto_generated", 'load_info_' + manifest_out_basename + '.c').replace('\\', '/')
- """
- Remove the `source_path` portion of the filepaths, so that it can be
- interpreted as a relative path from the OUT_DIR.
- """
- if 'source_path' in manifest_item:
- # Replace environment variables in the source path
- source_path = os.path.expandvars(manifest_item['source_path'])
- manifest_head_file = os.path.relpath(manifest_head_file, start = source_path)
- intermedia_file = os.path.relpath(intermedia_file, start = source_path)
- load_info_file = os.path.relpath(load_info_file, start = source_path)
-
if OUT_DIR is not None:
- manifest_head_file = os.path.join(OUT_DIR, manifest_head_file)
- intermedia_file = os.path.join(OUT_DIR, intermedia_file)
- load_info_file = os.path.join(OUT_DIR, load_info_file)
+ """
+ Remove the `source_path` portion of the filepaths, so that it can be
+ interpreted as a relative path from the OUT_DIR.
+ """
+ if 'source_path' in manifest_item:
+ # Replace environment variables in the source path
+ source_path = os.path.expandvars(manifest_item['source_path'])
+ manifest_head_file = os.path.relpath(manifest_head_file, start = source_path)
+ intermedia_file = os.path.relpath(intermedia_file, start = source_path)
+ load_info_file = os.path.relpath(load_info_file, start = source_path)
+
+ manifest_head_file = os.path.join(OUT_DIR, manifest_head_file).replace('\\', '/')
+ intermedia_file = os.path.join(OUT_DIR, intermedia_file).replace('\\', '/')
+ load_info_file = os.path.join(OUT_DIR, load_info_file).replace('\\', '/')
partition_list.append({"manifest": manifest, "attr": manifest_item,
"manifest_out_basename": manifest_out_basename,
@@ -164,9 +164,9 @@
subcontext = {}
subcontext['utilities'] = subutilities
- manifesttemplate = ENV.get_template('secure_fw/partitions/manifestfilename.template')
- memorytemplate = ENV.get_template('secure_fw/partitions/partition_intermedia.template')
- infotemplate = ENV.get_template('secure_fw/partitions/partition_load_info.template')
+ manifesttemplate = ENV.get_template(os.path.join(os.path.relpath(os.path.dirname(__file__)), 'templates/manifestfilename.template'))
+ memorytemplate = ENV.get_template(os.path.join(os.path.relpath(os.path.dirname(__file__)), 'templates/partition_intermedia.template'))
+ infotemplate = ENV.get_template(os.path.join(os.path.relpath(os.path.dirname(__file__)), 'templates/partition_load_info.template'))
print ("Start to generate partition files:")
@@ -387,11 +387,6 @@
manifest_list = [os.path.abspath(x) for x in args.manifest_args]
gen_file_list = [os.path.abspath(x) for x in args.gen_file_args]
- # Arguments could be relative path.
- # Convert to absolute path as we are going to change diretory later
- if OUT_DIR is not None:
- OUT_DIR = os.path.abspath(OUT_DIR)
-
"""
Relative path to TF-M root folder is supported in the manifests
and default value of manifest list and generated file list are relative to TF-M root folder as well,
