se-proxy: add configurable A+M proxy factory
Refactor the Cortex-A + Cortex-M service proxy factory to allow compile
time configuration of services included in the proxy. The implementation
assumes the RSE COMM protocol being used between the two subsystems.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Change-Id: Ic371ac5d9c065054ec5fdd054aa51cf6393825fc
diff --git a/deployments/se-proxy/infra/rse/service_proxy_factory.cmake b/deployments/se-proxy/infra/rse/service_proxy_factory.cmake
new file mode 100644
index 0000000..2b7717b
--- /dev/null
+++ b/deployments/se-proxy/infra/rse/service_proxy_factory.cmake
@@ -0,0 +1,90 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2025, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+# A configurable A+M infrastructure for the se-proxy.
+#-------------------------------------------------------------------------------
+
+#-------------------------------------------------------------------------------
+# Infrastructure components
+#
+#-------------------------------------------------------------------------------
+
+# Check config options
+foreach( _cfg IN ITEMS CFG_ENABLE_PS CFG_ENABLE_ITS CFG_ENABLE_CRYPTO CFG_ENABLE_CRYPTO_NANO CFG_ENABLE_IAT CFG_ENABLE_FWU)
+ if( NOT DEFINED ${_cfg})
+ message(FATAL_ERROR "Mandatory variable ${_cfg} is not defined.")
+ endif()
+endforeach()
+
+# storage common
+if (CFG_ENABLE_ITS OR CFG_ENABLE_PS)
+add_components(TARGET "se-proxy"
+ BASE_DIR ${TS_ROOT}
+ COMPONENTS
+ "components/service/secure_storage/backend/secure_storage_ipc"
+)
+endif()
+
+if (CFG_ENABLE_ITS)
+target_sources(se-proxy PRIVATE
+ ${CMAKE_CURRENT_LIST_DIR}/spf_its.c
+)
+endif()
+
+if (CFG_ENABLE_PS)
+target_sources(se-proxy PRIVATE
+ ${CMAKE_CURRENT_LIST_DIR}/spf_ps.c
+)
+endif()
+
+# crypto
+if (CFG_ENABLE_CRYPTO)
+add_components(TARGET "se-proxy"
+ BASE_DIR ${TS_ROOT}
+ COMPONENTS
+ "components/service/crypto/backend/psa_ipc"
+)
+
+target_sources(se-proxy PRIVATE
+ ${CMAKE_CURRENT_LIST_DIR}/spf_crypto.c
+)
+
+if (CFG_ENABLE_CRYPTO_NANO)
+ set_property(SOURCE ${CMAKE_CURRENT_LIST_DIR}/spf_crypto.c APPEND PROPERTY COMPILE_DEFINITIONS "CFG_ENABLE_CRYPTO_NANO")
+endif()
+
+endif()
+
+# initial attestation
+if (CFG_ENABLE_IAT)
+add_components(TARGET "se-proxy"
+ BASE_DIR ${TS_ROOT}
+ COMPONENTS
+ "components/service/attestation/client/psa_ipc"
+ "components/service/attestation/key_mngr/local"
+ "components/service/attestation/reporter/psa_ipc"
+)
+
+target_sources(se-proxy PRIVATE
+ ${CMAKE_CURRENT_LIST_DIR}/spf_iat.c
+)
+endif()
+
+# fwu
+if (CFG_ENABLE_FWU)
+add_components(TARGET "se-proxy"
+ BASE_DIR ${TS_ROOT}
+ COMPONENTS
+ "components/service/fwu/common"
+ "components/service/fwu/provider"
+ "components/service/fwu/provider/serializer"
+ "components/service/fwu/psa_fwu_m/agent"
+ "components/service/fwu/psa_fwu_m/interface/psa_ipc"
+)
+
+target_sources(se-proxy PRIVATE
+ ${CMAKE_CURRENT_LIST_DIR}/spf_fwu.c
+)
+endif()
diff --git a/deployments/se-proxy/infra/rse/spf_crypto.c b/deployments/se-proxy/infra/rse/spf_crypto.c
new file mode 100644
index 0000000..4e994b7
--- /dev/null
+++ b/deployments/se-proxy/infra/rse/spf_crypto.c
@@ -0,0 +1,64 @@
+/*
+ * Copyright (c) 2025, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <stddef.h>
+#include "deployments/se-proxy/env/commonsp/proxy_service_factory_list.h"
+#include "rpc/common/caller/rpc_caller.h"
+#include "rpc/common/caller/rpc_caller_session.h"
+#include "rpc/common/interface/rpc_status.h"
+#include "rpc/common/interface/rpc_uuid.h"
+#include "rpc/rse_comms/caller/sp/rse_comms_caller.h"
+
+#include "service_provider.h"
+
+#include "service/crypto/backend/psa_ipc/crypto_ipc_backend.h"
+#include "service/crypto/factory/crypto_provider_factory.h"
+#include "service/crypto/provider/crypto_provider.h"
+
+struct rpc_service_interface *crypto_proxy_create(void)
+{
+ struct crypto_provider *crypto_provider = NULL;
+ rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
+
+ /* Static objects for proxy instance */
+ static struct rpc_caller_interface rse_comms = { 0 };
+ static struct rpc_caller_session rpc_session = { 0 };
+
+ const struct rpc_uuid dummy_uuid = { 0 };
+
+ rpc_status = rse_comms_caller_init(&rse_comms);
+ if (rpc_status != RPC_SUCCESS)
+ return NULL;
+
+ rpc_status = rpc_caller_session_open(&rpc_session, &rse_comms, &dummy_uuid, 0, 0);
+ if (rpc_status != RPC_SUCCESS)
+ return NULL;
+
+ if (crypto_ipc_backend_init(&rpc_session) != PSA_SUCCESS)
+ return NULL;
+
+ crypto_provider = crypto_provider_factory_create();
+ return service_provider_get_rpc_interface(&crypto_provider->base_provider);
+}
+
+ADD_PROXY_SERVICE_FACTORY(crypto_proxy_create, PSACRYPTO_PROXY, SE_PROXY_INTERFACE_PRIO_CRYPTO);
+
+
+#ifdef CFG_ENABLE_CRYPTO_NANO
+struct rpc_service_interface *crypto_protobuf_proxy_create(void)
+{
+ struct crypto_provider *crypto_protobuf_provider = NULL;
+
+ crypto_protobuf_provider = crypto_protobuf_provider_factory_create();
+ if (!crypto_protobuf_provider) {
+ return NULL;
+ }
+
+ return service_provider_get_rpc_interface(&crypto_protobuf_provider->base_provider);
+}
+
+ADD_PROXY_SERVICE_FACTORY(crypto_protobuf_proxy_create, PSACRYPTO_PROXY_NANO, SE_PROXY_INTERFACE_PRIO_CRYPTO_NANO);
+#endif
diff --git a/deployments/se-proxy/infra/rse/spf_fwu.c b/deployments/se-proxy/infra/rse/spf_fwu.c
new file mode 100644
index 0000000..4f123ba
--- /dev/null
+++ b/deployments/se-proxy/infra/rse/spf_fwu.c
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2025, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <stddef.h>
+#include "deployments/se-proxy/env/commonsp/proxy_service_factory_list.h"
+#include "rpc/common/caller/rpc_caller.h"
+#include "rpc/common/caller/rpc_caller_session.h"
+#include "rpc/common/interface/rpc_status.h"
+#include "rpc/common/interface/rpc_uuid.h"
+#include "rpc/rse_comms/caller/sp/rse_comms_caller.h"
+
+#include "service/fwu/provider/fwu_provider.h"
+#include "service/fwu/psa_fwu_m/agent/psa_fwu_m_update_agent.h"
+#include "service/fwu/provider/fwu_provider.h"
+#include "service/fwu/common/update_agent_interface.h"
+#include "service/fwu/psa_fwu_m/interface/psa_ipc/psa_fwu_ipc.h"
+
+struct rpc_service_interface *fwu_proxy_create(void)
+{
+ rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
+ static struct update_agent *agent;
+ static struct fwu_provider fwu_provider = { 0 };
+
+ /* Static objects for proxy instance */
+ static struct rpc_caller_interface rse_comms = { 0 };
+ static struct rpc_caller_session rpc_session = { 0 };
+
+ const struct rpc_uuid dummy_uuid = { 0 };
+
+ rpc_status = rse_comms_caller_init(&rse_comms);
+ if (rpc_status != RPC_SUCCESS)
+ return NULL;
+
+ rpc_status = rpc_caller_session_open(&rpc_session, &rse_comms, &dummy_uuid, 0, 0);
+ if (rpc_status != RPC_SUCCESS)
+ return NULL;
+
+ agent = psa_fwu_m_update_agent_init(NULL, 0, 4096);
+ if (psa_fwu_ipc_init(&rpc_session) != PSA_SUCCESS)
+ return NULL;
+
+ return fwu_provider_init(&fwu_provider, agent);
+}
+
+ADD_PROXY_SERVICE_FACTORY(fwu_proxy_create, FWU_PROXY, SE_PROXY_INTERFACE_PRIO_FWU);
diff --git a/deployments/se-proxy/infra/rse/spf_iat.c b/deployments/se-proxy/infra/rse/spf_iat.c
new file mode 100644
index 0000000..4a25c3e
--- /dev/null
+++ b/deployments/se-proxy/infra/rse/spf_iat.c
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 2025, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <stddef.h>
+#include "deployments/se-proxy/env/commonsp/proxy_service_factory_list.h"
+#include "rpc/common/caller/rpc_caller.h"
+#include "rpc/common/caller/rpc_caller_session.h"
+#include "rpc/common/interface/rpc_status.h"
+#include "rpc/common/interface/rpc_uuid.h"
+#include "rpc/rse_comms/caller/sp/rse_comms_caller.h"
+
+#include "service/attestation/client/psa/iat_client.h"
+#include "service/attestation/provider/attest_provider.h"
+#include "service/attestation/provider/serializer/packed-c/packedc_attest_provider_serializer.h"
+
+struct rpc_service_interface *attest_proxy_create(void)
+{
+ static struct attest_provider attest_provider = { 0 };
+ struct rpc_service_interface *attest_iface = NULL;
+ rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
+
+ /* Static objects for proxy instance */
+ static struct rpc_caller_interface rse_comms = { 0 };
+ static struct rpc_caller_session rpc_session = { 0 };
+
+ const struct rpc_uuid dummy_uuid = { 0 };
+
+ rpc_status = rse_comms_caller_init(&rse_comms);
+ if (rpc_status != RPC_SUCCESS)
+ return NULL;
+
+ rpc_status = rpc_caller_session_open(&rpc_session, &rse_comms, &dummy_uuid, 0, 0);
+ if (rpc_status != RPC_SUCCESS)
+ return NULL;
+
+ /* Initialize the service provider */
+ attest_iface = attest_provider_init(&attest_provider);
+ psa_iat_client_init(&rpc_session);
+
+ attest_provider_register_serializer(&attest_provider,
+ packedc_attest_provider_serializer_instance());
+
+ return attest_iface;
+}
+
+ADD_PROXY_SERVICE_FACTORY(attest_proxy_create, PSAIAT_PROXY, SE_PROXY_INTERFACE_PRIO_ATTEST);
diff --git a/deployments/se-proxy/infra/rse/spf_its.c b/deployments/se-proxy/infra/rse/spf_its.c
new file mode 100644
index 0000000..6096b7a
--- /dev/null
+++ b/deployments/se-proxy/infra/rse/spf_its.c
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 2025, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <stddef.h>
+#include "deployments/se-proxy/env/commonsp/proxy_service_factory_list.h"
+#include "rpc/common/caller/rpc_caller.h"
+#include "rpc/common/caller/rpc_caller_session.h"
+#include "rpc/common/interface/rpc_status.h"
+#include "rpc/common/interface/rpc_uuid.h"
+#include "rpc/rse_comms/caller/sp/rse_comms_caller.h"
+
+#include "service/secure_storage/frontend/secure_storage_provider/secure_storage_uuid.h"
+#include "service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h"
+#include "service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h"
+#include "service/secure_storage/backend/storage_backend.h"
+#include "service/common/include/psa/sid.h"
+
+struct rpc_service_interface *its_proxy_create(void)
+{
+ static struct secure_storage_provider its_provider;
+ static struct secure_storage_ipc its_backend;
+ struct storage_backend *backend;
+ rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
+ const struct rpc_uuid its_uuid = { .uuid = TS_PSA_INTERNAL_TRUSTED_STORAGE_UUID };
+
+ /* Static objects for proxy instance */
+ static struct rpc_caller_interface rse_comms = { 0 };
+ static struct rpc_caller_session rpc_session = { 0 };
+
+ const struct rpc_uuid dummy_uuid = { 0 };
+
+ rpc_status = rse_comms_caller_init(&rse_comms);
+ if (rpc_status != RPC_SUCCESS)
+ return NULL;
+
+ rpc_status = rpc_caller_session_open(&rpc_session, &rse_comms, &dummy_uuid, 0, 0);
+ if (rpc_status != RPC_SUCCESS)
+ return NULL;
+
+ backend = secure_storage_ipc_init(&its_backend, &rpc_session);
+ its_backend.service_handle = TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE;
+
+ return secure_storage_provider_init(&its_provider, backend, &its_uuid);
+}
+
+ADD_PROXY_SERVICE_FACTORY(its_proxy_create, PSAITS_PROXY, SE_PROXY_INTERFACE_PRIO_ITS);
diff --git a/deployments/se-proxy/infra/rse/spf_ps.c b/deployments/se-proxy/infra/rse/spf_ps.c
new file mode 100644
index 0000000..60e2d58
--- /dev/null
+++ b/deployments/se-proxy/infra/rse/spf_ps.c
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 2025, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <stddef.h>
+#include "deployments/se-proxy/env/commonsp/proxy_service_factory_list.h"
+#include "rpc/common/caller/rpc_caller.h"
+#include "rpc/common/caller/rpc_caller_session.h"
+#include "rpc/common/interface/rpc_status.h"
+#include "rpc/common/interface/rpc_uuid.h"
+#include "rpc/rse_comms/caller/sp/rse_comms_caller.h"
+
+#include "service/secure_storage/frontend/secure_storage_provider/secure_storage_uuid.h"
+#include "service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h"
+#include "service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h"
+#include "service/secure_storage/backend/storage_backend.h"
+#include "service/common/include/psa/sid.h"
+
+struct rpc_service_interface *ps_proxy_create(void)
+{
+ static struct secure_storage_provider ps_provider;
+ static struct secure_storage_ipc ps_backend;
+ struct storage_backend *backend;
+ rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
+ const struct rpc_uuid ps_uuid = { .uuid = TS_PSA_PROTECTED_STORAGE_UUID };
+
+ /* Static objects for proxy instance */
+ static struct rpc_caller_interface rse_comms = { 0 };
+ static struct rpc_caller_session rpc_session = { 0 };
+
+ const struct rpc_uuid dummy_uuid = { 0 };
+
+ rpc_status = rse_comms_caller_init(&rse_comms);
+ if (rpc_status != RPC_SUCCESS)
+ return NULL;
+
+ rpc_status = rpc_caller_session_open(&rpc_session, &rse_comms, &dummy_uuid, 0, 0);
+ if (rpc_status != RPC_SUCCESS)
+ return NULL;
+
+ backend = secure_storage_ipc_init(&ps_backend, &rpc_session);
+ ps_backend.service_handle = TFM_PROTECTED_STORAGE_SERVICE_HANDLE;
+
+ return secure_storage_provider_init(&ps_provider, backend, &ps_uuid);
+}
+
+ADD_PROXY_SERVICE_FACTORY(ps_proxy_create, PSAPS_PROXY, SE_PROXY_INTERFACE_PRIO_PS);