Allow alternative backends for attestation provider
Refactors attestation service components to allow alternative
reporting and key management backends to be added. This enables
alternative deployments to be supported that realize the
reporting function differently e.g. delegated to a seperate
secure enclave.
Signed-off-by: Julian Hall <julian.hall@arm.com>
Change-Id: I55f8886dd05071b33d8d2deddf0a4a1d5c7c77ae
diff --git a/deployments/attestation/opteesp/CMakeLists.txt b/deployments/attestation/opteesp/CMakeLists.txt
index cd54450..5cd47d7 100644
--- a/deployments/attestation/opteesp/CMakeLists.txt
+++ b/deployments/attestation/opteesp/CMakeLists.txt
@@ -58,8 +58,9 @@
"components/service/attestation/claims/sources/instance_id"
"components/service/attestation/claims/sources/event_log"
"components/service/attestation/claims/sources/event_log/mock"
- "components/service/attestation/reporter/psa"
- "components/service/attestation/key_mngr"
+ "components/service/attestation/reporter/local"
+ "components/service/attestation/reporter/eat"
+ "components/service/attestation/key_mngr/local"
"components/service/attestation/provider"
"components/service/attestation/provider/serializer/packed-c"
"protocols/rpc/common/packed-c"
diff --git a/deployments/attestation/opteesp/attestation_sp.c b/deployments/attestation/opteesp/attestation_sp.c
index c891f4d..0bb5fa2 100644
--- a/deployments/attestation/opteesp/attestation_sp.c
+++ b/deployments/attestation/opteesp/attestation_sp.c
@@ -16,6 +16,7 @@
#include <service/attestation/claims/sources/boot_seed_generator/boot_seed_generator.h>
#include <service/attestation/claims/sources/null_lifecycle/null_lifecycle_claim_source.h>
#include <service/attestation/claims/sources/instance_id/instance_id_claim_source.h>
+#include <service/attestation/key_mngr/local/local_attest_key_mngr.h>
#include <ffa_api.h>
#include <sp_api.h>
#include <sp_rxtx.h>
@@ -80,7 +81,8 @@
*/
psa_crypto_init(); /* temporary */
- attest_iface = attest_provider_init(&attest_provider, ATTEST_KEY_MNGR_VOLATILE_IAK);
+ local_attest_key_mngr_init(LOCAL_ATTEST_KEY_MNGR_VOLATILE_IAK);
+ attest_iface = attest_provider_init(&attest_provider);
attest_provider_register_serializer(&attest_provider,
TS_RPC_ENCODING_PACKED_C, packedc_attest_provider_serializer_instance());
diff --git a/deployments/component-test/component-test.cmake b/deployments/component-test/component-test.cmake
index 9b6dcf8..7c82cb7 100644
--- a/deployments/component-test/component-test.cmake
+++ b/deployments/component-test/component-test.cmake
@@ -51,9 +51,10 @@
"components/service/attestation/claims/sources/event_log"
"components/service/attestation/claims/sources/event_log/mock"
"components/service/attestation/claims/sources/event_log/test"
- "components/service/attestation/reporter/psa"
+ "components/service/attestation/reporter/local"
+ "components/service/attestation/reporter/eat"
"components/service/attestation/reporter/dump/raw"
- "components/service/attestation/key_mngr"
+ "components/service/attestation/key_mngr/local"
"components/service/attestation/provider"
"components/service/attestation/provider/serializer/packed-c"
"components/service/attestation/client/psa"
diff --git a/deployments/libts/linux-pc/CMakeLists.txt b/deployments/libts/linux-pc/CMakeLists.txt
index 3f0bbcf..f8ab349 100644
--- a/deployments/libts/linux-pc/CMakeLists.txt
+++ b/deployments/libts/linux-pc/CMakeLists.txt
@@ -49,8 +49,9 @@
"components/service/attestation/claims/sources/instance_id"
"components/service/attestation/claims/sources/event_log"
"components/service/attestation/claims/sources/event_log/mock"
- "components/service/attestation/reporter/psa"
- "components/service/attestation/key_mngr"
+ "components/service/attestation/reporter/local"
+ "components/service/attestation/reporter/eat"
+ "components/service/attestation/key_mngr/local"
"components/service/attestation/provider"
"components/service/attestation/provider/serializer/packed-c"
"components/service/crypto/provider"
diff --git a/deployments/se-proxy/opteesp/CMakeLists.txt b/deployments/se-proxy/opteesp/CMakeLists.txt
index 4ab8906..29d2edc 100644
--- a/deployments/se-proxy/opteesp/CMakeLists.txt
+++ b/deployments/se-proxy/opteesp/CMakeLists.txt
@@ -74,8 +74,9 @@
"components/service/attestation/claims/sources/instance_id"
"components/service/attestation/claims/sources/event_log"
"components/service/attestation/claims/sources/event_log/mock"
- "components/service/attestation/reporter/psa"
- "components/service/attestation/key_mngr"
+ "components/service/attestation/reporter/local"
+ "components/service/attestation/reporter/eat"
+ "components/service/attestation/key_mngr/local"
"components/service/secure_storage/frontend/psa/its"
"components/service/secure_storage/backend/secure_flash_store"
"components/service/secure_storage/backend/secure_flash_store/flash_fs"
diff --git a/deployments/se-proxy/opteesp/service_proxy_factory.c b/deployments/se-proxy/opteesp/service_proxy_factory.c
index 303ff0f..6bbee65 100644
--- a/deployments/se-proxy/opteesp/service_proxy_factory.c
+++ b/deployments/se-proxy/opteesp/service_proxy_factory.c
@@ -21,6 +21,7 @@
#include <service/attestation/claims/sources/instance_id/instance_id_claim_source.h>
#include <service/secure_storage/backend/secure_flash_store/secure_flash_store.h>
#include <service/crypto/backend/mbedcrypto/mbedcrypto_backend.h>
+#include <service/attestation/key_mngr/local/local_attest_key_mngr.h>
/* A shared storage backend - should be removed when proxy backends are added */
@@ -61,7 +62,8 @@
claims_register_add_claim_source(CLAIM_CATEGORY_DEVICE, claim_source);
/* Initialize the service provider */
- attest_iface = attest_provider_init(&attest_provider, ATTEST_KEY_MNGR_VOLATILE_IAK);
+ local_attest_key_mngr_init(LOCAL_ATTEST_KEY_MNGR_VOLATILE_IAK);
+ attest_iface = attest_provider_init(&attest_provider);
attest_provider_register_serializer(&attest_provider,
TS_RPC_ENCODING_PACKED_C, packedc_attest_provider_serializer_instance());