Add protected-storage and internal-trusted-storage deployments
Adds SP deployments for protected-storage and
internal-trusted-storage, replacing the secure-storage deployment.
Includes service-level tests based on PSA ITS and PS APIs.
Amended to fix discovery bugs of storage sp from another sp.
Signed-off-by: Julian Hall <julian.hall@arm.com>
Change-Id: Ia1a8b6b1b694f00034c69b6d03018faa4b2588e6
diff --git a/components/service/locator/linux/ffa/linuxffa_location_strategy.c b/components/service/locator/linux/ffa/linuxffa_location_strategy.c
index 21468a9..2469e86 100644
--- a/components/service/locator/linux/ffa/linuxffa_location_strategy.c
+++ b/components/service/locator/linux/ffa/linuxffa_location_strategy.c
@@ -88,9 +88,10 @@
}
partition_lookup[] =
{
- {"crypto", "d9df52d5-16a2-4bb2-9aa4-d26d3b84e8c0"},
- {"secure-storage", "dc1eef48-b17a-4ccf-ac8b-dfcff7711b14"},
- {"test-runner", "33c75baf-ac6a-4fe4-8ac7-e9909bee2d17"},
+ {"crypto", "d9df52d5-16a2-4bb2-9aa4-d26d3b84e8c0"},
+ {"internal-trusted-storage", "dc1eef48-b17a-4ccf-ac8b-dfcff7711b14"},
+ {"protected-storage", "751bf801-3dde-4768-a514-0f10aeed1790"},
+ {"test-runner", "33c75baf-ac6a-4fe4-8ac7-e9909bee2d17"},
{NULL, NULL}
};
diff --git a/components/service/locator/standalone/services/crypto/crypto_service_context.cpp b/components/service/locator/standalone/services/crypto/crypto_service_context.cpp
index 07829e2..2679ee3 100644
--- a/components/service/locator/standalone/services/crypto/crypto_service_context.cpp
+++ b/components/service/locator/standalone/services/crypto/crypto_service_context.cpp
@@ -7,13 +7,14 @@
#include "crypto_service_context.h"
#include <service/crypto/provider/serializer/protobuf/pb_crypto_provider_serializer.h>
#include <service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.h>
-#include <service/secure_storage/backend/secure_flash_store/secure_flash_store.h>
crypto_service_context::crypto_service_context(const char *sn) :
standalone_service_context(sn),
m_crypto_provider(),
- m_storage_provider(),
- m_storage_caller()
+ m_storage_client(),
+ m_null_store(),
+ m_storage_service_context(NULL),
+ m_storage_session_handle(NULL)
{
}
@@ -25,13 +26,32 @@
void crypto_service_context::do_init()
{
- struct storage_backend *storage_backend = sfs_init();
- struct rpc_interface *storage_ep = secure_storage_provider_init(&m_storage_provider,
- storage_backend);
- struct rpc_caller *storage_caller = direct_caller_init_default(&m_storage_caller,
- storage_ep);
- struct rpc_interface *crypto_ep = mbed_crypto_provider_init(&m_crypto_provider,
- storage_caller, 0);
+ struct storage_backend *storage_backend = NULL;
+ struct storage_backend *null_storage_backend = null_store_init(&m_null_store);
+ struct rpc_caller *storage_caller = NULL;
+ int status;
+
+ /* Locate and open RPC session with internal-trusted-storage service to provide a persistent keystore */
+ m_storage_service_context = service_locator_query("sn:trustedfirmware.org:internal-trusted-storage:0", &status);
+
+ if (m_storage_service_context) {
+
+ m_storage_session_handle = service_context_open(m_storage_service_context, TS_RPC_ENCODING_PACKED_C, &storage_caller);
+
+ if (m_storage_session_handle) {
+
+ storage_backend = secure_storage_client_init(&m_storage_client, storage_caller);
+ }
+ }
+
+ if (!storage_backend) {
+
+ /* Something has gone wrong with establishing a session with the storage service endpoint */
+ storage_backend = null_storage_backend;
+ }
+
+ /* Initialse the crypto service provider */
+ struct rpc_interface *crypto_ep = mbed_crypto_provider_init(&m_crypto_provider, storage_backend, 0);
mbed_crypto_provider_register_serializer(&m_crypto_provider,
TS_RPC_ENCODING_PROTOBUF, pb_crypto_provider_serializer_instance());
@@ -44,7 +64,17 @@
void crypto_service_context::do_deinit()
{
+ if (m_storage_session_handle) {
+ service_context_close(m_storage_service_context, m_storage_session_handle);
+ m_storage_session_handle = NULL;
+ }
+
+ if (m_storage_service_context) {
+ service_context_relinquish(m_storage_service_context);
+ m_storage_service_context = NULL;
+ }
+
mbed_crypto_provider_deinit(&m_crypto_provider);
- secure_storage_provider_deinit(&m_storage_provider);
- direct_caller_deinit(&m_storage_caller);
+ secure_storage_client_deinit(&m_storage_client);
+ null_store_deinit(&m_null_store);
}
diff --git a/components/service/locator/standalone/services/crypto/crypto_service_context.h b/components/service/locator/standalone/services/crypto/crypto_service_context.h
index 84360ba..8d815b5 100644
--- a/components/service/locator/standalone/services/crypto/crypto_service_context.h
+++ b/components/service/locator/standalone/services/crypto/crypto_service_context.h
@@ -10,7 +10,8 @@
#include <service/locator/standalone/standalone_service_context.h>
#include <rpc/direct/direct_caller.h>
#include <service/crypto/provider/mbedcrypto/crypto_provider.h>
-#include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h>
+#include <service/secure_storage/backend/secure_storage_client/secure_storage_client.h>
+#include <service/secure_storage/backend/null_store/null_store.h>
class crypto_service_context : public standalone_service_context
{
@@ -24,8 +25,10 @@
void do_deinit();
struct mbed_crypto_provider m_crypto_provider;
- struct secure_storage_provider m_storage_provider;
- struct direct_caller m_storage_caller;
+ struct secure_storage_client m_storage_client;
+ struct null_store m_null_store;
+ struct service_context *m_storage_service_context;
+ rpc_session_handle m_storage_session_handle;
};
#endif /* STANDALONE_CRYPTO_SERVICE_CONTEXT_H */
diff --git a/components/service/locator/standalone/services/internal-trusted-storage/component.cmake b/components/service/locator/standalone/services/internal-trusted-storage/component.cmake
new file mode 100644
index 0000000..1e193ba
--- /dev/null
+++ b/components/service/locator/standalone/services/internal-trusted-storage/component.cmake
@@ -0,0 +1,14 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+if (NOT DEFINED TGT)
+ message(FATAL_ERROR "mandatory parameter TGT is not defined.")
+endif()
+
+target_sources(${TGT} PRIVATE
+ "${CMAKE_CURRENT_LIST_DIR}/its_service_context.cpp"
+ )
+
diff --git a/components/service/locator/standalone/services/internal-trusted-storage/its_service_context.cpp b/components/service/locator/standalone/services/internal-trusted-storage/its_service_context.cpp
new file mode 100644
index 0000000..72cc62e
--- /dev/null
+++ b/components/service/locator/standalone/services/internal-trusted-storage/its_service_context.cpp
@@ -0,0 +1,34 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include "its_service_context.h"
+
+its_service_context::its_service_context(const char *sn) :
+ standalone_service_context(sn),
+ m_storage_provider(),
+ m_mock_store()
+{
+
+}
+
+its_service_context::~its_service_context()
+{
+
+}
+
+void its_service_context::do_init()
+{
+ struct storage_backend *storage_backend = mock_store_init(&m_mock_store);
+ struct rpc_interface *storage_ep = secure_storage_provider_init(&m_storage_provider, storage_backend);
+
+ standalone_service_context::set_rpc_interface(storage_ep);
+}
+
+void its_service_context::do_deinit()
+{
+ secure_storage_provider_deinit(&m_storage_provider);
+ mock_store_deinit(&m_mock_store);
+}
diff --git a/components/service/locator/standalone/services/internal-trusted-storage/its_service_context.h b/components/service/locator/standalone/services/internal-trusted-storage/its_service_context.h
new file mode 100644
index 0000000..713e0e9
--- /dev/null
+++ b/components/service/locator/standalone/services/internal-trusted-storage/its_service_context.h
@@ -0,0 +1,29 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef STANDALONE_ITS_SERVICE_CONTEXT_H
+#define STANDALONE_ITS_SERVICE_CONTEXT_H
+
+#include <service/locator/standalone/standalone_service_context.h>
+#include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h>
+#include <service/secure_storage/backend/mock_store/mock_store.h>
+
+class its_service_context : public standalone_service_context
+{
+public:
+ its_service_context(const char *sn);
+ virtual ~its_service_context();
+
+private:
+
+ void do_init();
+ void do_deinit();
+
+ struct secure_storage_provider m_storage_provider;
+ struct mock_store m_mock_store;
+};
+
+#endif /* STANDALONE_ITS_SERVICE_CONTEXT_H */
diff --git a/components/service/locator/standalone/services/protected-storage/component.cmake b/components/service/locator/standalone/services/protected-storage/component.cmake
new file mode 100644
index 0000000..ad1a603
--- /dev/null
+++ b/components/service/locator/standalone/services/protected-storage/component.cmake
@@ -0,0 +1,14 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+if (NOT DEFINED TGT)
+ message(FATAL_ERROR "mandatory parameter TGT is not defined.")
+endif()
+
+target_sources(${TGT} PRIVATE
+ "${CMAKE_CURRENT_LIST_DIR}/ps_service_context.cpp"
+ )
+
diff --git a/components/service/locator/standalone/services/protected-storage/ps_service_context.cpp b/components/service/locator/standalone/services/protected-storage/ps_service_context.cpp
new file mode 100644
index 0000000..cda49f6
--- /dev/null
+++ b/components/service/locator/standalone/services/protected-storage/ps_service_context.cpp
@@ -0,0 +1,34 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include "ps_service_context.h"
+
+ps_service_context::ps_service_context(const char *sn) :
+ standalone_service_context(sn),
+ m_storage_provider(),
+ m_mock_store()
+{
+
+}
+
+ps_service_context::~ps_service_context()
+{
+
+}
+
+void ps_service_context::do_init()
+{
+ struct storage_backend *storage_backend = mock_store_init(&m_mock_store);
+ struct rpc_interface *storage_ep = secure_storage_provider_init(&m_storage_provider, storage_backend);
+
+ standalone_service_context::set_rpc_interface(storage_ep);
+}
+
+void ps_service_context::do_deinit()
+{
+ secure_storage_provider_deinit(&m_storage_provider);
+ mock_store_deinit(&m_mock_store);
+}
diff --git a/components/service/locator/standalone/services/protected-storage/ps_service_context.h b/components/service/locator/standalone/services/protected-storage/ps_service_context.h
new file mode 100644
index 0000000..2e3c46e
--- /dev/null
+++ b/components/service/locator/standalone/services/protected-storage/ps_service_context.h
@@ -0,0 +1,29 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef STANDALONE_PS_SERVICE_CONTEXT_H
+#define STANDALONE_PS_SERVICE_CONTEXT_H
+
+#include <service/locator/standalone/standalone_service_context.h>
+#include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h>
+#include <service/secure_storage/backend/mock_store/mock_store.h>
+
+class ps_service_context : public standalone_service_context
+{
+public:
+ ps_service_context(const char *sn);
+ virtual ~ps_service_context();
+
+private:
+
+ void do_init();
+ void do_deinit();
+
+ struct secure_storage_provider m_storage_provider;
+ struct mock_store m_mock_store;
+};
+
+#endif /* STANDALONE_PS_SERVICE_CONTEXT_H */
diff --git a/components/service/locator/standalone/standalone_env.cpp b/components/service/locator/standalone/standalone_env.cpp
index 41dd206..132b6d5 100644
--- a/components/service/locator/standalone/standalone_env.cpp
+++ b/components/service/locator/standalone/standalone_env.cpp
@@ -6,6 +6,8 @@
#include <service_locator.h>
#include <service/locator/standalone/services/crypto/crypto_service_context.h>
+#include <service/locator/standalone/services/internal-trusted-storage/its_service_context.h>
+#include <service/locator/standalone/services/protected-storage/ps_service_context.h>
#include <service/locator/standalone/services/test-runner/test_runner_service_context.h>
#include "standalone_location_strategy.h"
#include "standalone_service_registry.h"
@@ -15,8 +17,14 @@
static crypto_service_context crypto_context("sn:trustedfirmware.org:crypto:0");
standalone_service_registry::instance()->regsiter_service_instance(&crypto_context);
+ static its_service_context its_service_context("sn:trustedfirmware.org:internal-trusted-storage:0");
+ standalone_service_registry::instance()->regsiter_service_instance(&its_service_context);
+
+ static ps_service_context ps_service_context("sn:trustedfirmware.org:protected-storage:0");
+ standalone_service_registry::instance()->regsiter_service_instance(&ps_service_context);
+
static test_runner_service_context test_runner_context("sn:trustedfirmware.org:test-runner:0");
standalone_service_registry::instance()->regsiter_service_instance(&test_runner_context);
service_locator_register_strategy(standalone_location_strategy());
-}
\ No newline at end of file
+}