Add se-proxy deployment
Remove mock up backend for secure storage in se proxy
deployment, setup crypto, attestation, secure storage
and its ipc backend with openamp as messenger to
secure enclave side.
Include the makefiles for libmetal and openamp,
setup the memory regions for mhu and openamp.
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Change-Id: Ifc6f2cb105085388c6987308df2fd9c53a04f181
diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c
index acfb6e8..bacab1d 100644
--- a/deployments/se-proxy/common/service_proxy_factory.c
+++ b/deployments/se-proxy/common/service_proxy_factory.c
@@ -1,29 +1,42 @@
/*
- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2021-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2021-2023, Linaro Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <stddef.h>
+#include <psa/sid.h>
#include <rpc/common/endpoint/rpc_interface.h>
+#include <rpc/psa_ipc/caller/sp/psa_ipc_caller.h>
#include <service/attestation/provider/attest_provider.h>
#include <service/attestation/provider/serializer/packed-c/packedc_attest_provider_serializer.h>
#include <service/crypto/factory/crypto_provider_factory.h>
#include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h>
+#include <trace.h>
-/* Stub backends */
-#include <service/crypto/backend/stub/stub_crypto_backend.h>
-#include <service/secure_storage/backend/mock_store/mock_store.h>
+/* backends */
+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
+#include <service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h>
+#include <service/attestation/client/psa/iat_client.h>
+
+struct psa_ipc_caller psa_ipc;
struct rpc_interface *attest_proxy_create(void)
{
struct rpc_interface *attest_iface;
+ struct rpc_caller *attest_caller;
/* Static objects for proxy instance */
static struct attest_provider attest_provider;
+ attest_caller = psa_ipc_caller_init(&psa_ipc);
+ if (!attest_caller)
+ return NULL;
+
/* Initialize the service provider */
attest_iface = attest_provider_init(&attest_provider);
+ psa_iat_client_init(&psa_ipc.rpc_caller);
attest_provider_register_serializer(&attest_provider,
TS_RPC_ENCODING_PACKED_C, packedc_attest_provider_serializer_instance());
@@ -35,32 +48,49 @@
{
struct rpc_interface *crypto_iface = NULL;
struct crypto_provider *crypto_provider;
+ struct rpc_caller *crypto_caller;
- if (stub_crypto_backend_init() == PSA_SUCCESS) {
+ crypto_caller = psa_ipc_caller_init(&psa_ipc);
+ if (!crypto_caller)
+ return NULL;
- crypto_provider = crypto_provider_factory_create();
- crypto_iface = service_provider_get_rpc_interface(&crypto_provider->base_provider);
- }
+ if (crypto_ipc_backend_init(&psa_ipc.rpc_caller) != PSA_SUCCESS)
+ return NULL;
+
+ crypto_provider = crypto_provider_factory_create();
+ crypto_iface = service_provider_get_rpc_interface(&crypto_provider->base_provider);
return crypto_iface;
}
struct rpc_interface *ps_proxy_create(void)
{
- static struct mock_store ps_backend;
static struct secure_storage_provider ps_provider;
+ static struct secure_storage_ipc ps_backend;
+ struct rpc_caller *storage_caller;
+ struct storage_backend *backend;
- struct storage_backend *backend = mock_store_init(&ps_backend);
+ storage_caller = psa_ipc_caller_init(&psa_ipc);
+ if (!storage_caller)
+ return NULL;
+ backend = secure_storage_ipc_init(&ps_backend, &psa_ipc.rpc_caller);
+ ps_backend.service_handle = TFM_PROTECTED_STORAGE_SERVICE_HANDLE;
return secure_storage_provider_init(&ps_provider, backend);
}
struct rpc_interface *its_proxy_create(void)
{
- static struct mock_store its_backend;
static struct secure_storage_provider its_provider;
+ static struct secure_storage_ipc its_backend;
+ struct rpc_caller *storage_caller;
+ struct storage_backend *backend;
- struct storage_backend *backend = mock_store_init(&its_backend);
+ storage_caller = psa_ipc_caller_init(&psa_ipc);
+ if (!storage_caller)
+ return NULL;
+ backend = secure_storage_ipc_init(&its_backend, &psa_ipc.rpc_caller);
+ its_backend.service_handle = TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE;
return secure_storage_provider_init(&its_provider, backend);
}
diff --git a/deployments/se-proxy/opteesp/default_se-proxy.dts.in b/deployments/se-proxy/opteesp/default_se-proxy.dts.in
index 5748d2f..a191c76 100644
--- a/deployments/se-proxy/opteesp/default_se-proxy.dts.in
+++ b/deployments/se-proxy/opteesp/default_se-proxy.dts.in
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2021-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -17,4 +17,26 @@
xlat-granule = <0>; /* 4KiB */
messaging-method = <3>; /* Direct messaging only */
legacy-elf-format = <1>;
+
+ device-regions {
+ compatible = "arm,ffa-manifest-device-regions";
+ mhu-sender {
+ /* Armv8 A Foundation Platform values */
+ base-address = <0x00000000 0x1b820000>;
+ pages-count = <16>;
+ attributes = <0x3>; /* read-write */
+ };
+ mhu-receiver {
+ /* Armv8 A Foundation Platform values */
+ base-address = <0x00000000 0x1b830000>;
+ pages-count = <16>;
+ attributes = <0x3>; /* read-write */
+ };
+ openamp-virtio {
+ /* Armv8 A Foundation Platform values */
+ base-address = <0x00000000 0x88000000>;
+ pages-count = <256>;
+ attributes = <0x3>; /* read-write */
+ };
+ };
};
diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake
index 368f9b4..76056c1 100644
--- a/deployments/se-proxy/se-proxy.cmake
+++ b/deployments/se-proxy/se-proxy.cmake
@@ -19,6 +19,7 @@
"components/config/loader/sp"
"components/messaging/ffa/libsp"
"components/rpc/ffarpc/endpoint"
+ "components/rpc/psa_ipc"
"components/rpc/common/interface"
"components/rpc/common/demux"
"components/service/common/include"
@@ -44,16 +45,19 @@
"components/service/crypto/factory/full"
"components/service/secure_storage/include"
"components/service/secure_storage/frontend/secure_storage_provider"
+ "components/service/secure_storage/backend/secure_storage_ipc"
"components/service/attestation/include"
"components/service/attestation/provider"
"components/service/attestation/provider/serializer/packed-c"
+ "components/service/attestation/reporter/psa_ipc"
+ "components/service/attestation/client/psa_ipc"
+ "components/messaging/openamp/sp"
# Stub service provider backends
"components/rpc/dummy"
"components/rpc/common/caller"
- "components/service/attestation/reporter/stub"
- "components/service/attestation/key_mngr/stub"
- "components/service/crypto/backend/stub"
+ "components/service/attestation/key_mngr/local"
+ "components/service/crypto/backend/psa_ipc"
"components/service/crypto/client/psa"
"components/service/secure_storage/backend/mock_store"
)
@@ -73,6 +77,13 @@
target_link_libraries(se-proxy PRIVATE nanopb::protobuf-nanopb-static)
protobuf_generate_all(TGT "se-proxy" NAMESPACE "protobuf" BASE_DIR "${TS_ROOT}/protocols")
+# libmetal
+include(../../../external/openamp/libmetal.cmake)
+
+# OpenAMP
+include(../../../external/openamp/openamp.cmake)
+target_link_libraries(se-proxy PRIVATE openamp libmetal)
+
#################################################################
target_include_directories(se-proxy PRIVATE