FIH: Add fih.h interop for MCUBoot
To allow platform code to target fih.h, which will then either be
provided by the TF-M fih.h or redirected to MCUBoot's
fault_injection_hardening.h if the platform code is being compiled into
bl2.
Change-Id: I120798c59664de71b3d1b76bf1457427331715b4
Signed-off-by: Raef Coles <raef.coles@arm.com>
diff --git a/bl2/ext/mcuboot/include/fih.h b/bl2/ext/mcuboot/include/fih.h
new file mode 100644
index 0000000..120585b
--- /dev/null
+++ b/bl2/ext/mcuboot/include/fih.h
@@ -0,0 +1,109 @@
+/*
+ * Copyright (c) 2020-2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+/* Interop between TF-M fih.h and mcuboot fault_injection_hardening.h, so that
+ * platform code can target fih.h and for bl2 this will be redirected to
+ * fault_injection_hardening.h
+ */
+
+#ifndef __INTEROP_FIH_H__
+#define __INTEROP_FIH_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include "stdint.h"
+
+#undef FIH_ENABLE_GLOBAL_FAIL
+#undef FIH_ENABLE_CFI
+#undef FIH_ENABLE_DOUBLE_VARS
+#undef FIH_ENABLE_DELAY
+
+#if !defined(MCUBOOT_FIH_PROFILE_OFF)
+
+#if defined(MCUBOOT_FIH_PROFILE_LOW)
+#define FIH_ENABLE_GLOBAL_FAIL
+#define FIH_ENABLE_CFI
+
+#elif defined(MCUBOOT_FIH_PROFILE_MEDIUM)
+#define FIH_ENABLE_DOUBLE_VARS
+#define FIH_ENABLE_GLOBAL_FAIL
+#define FIH_ENABLE_CFI
+
+#elif defined(MCUBOOT_FIH_PROFILE_HIGH)
+#define FIH_ENABLE_DELAY /* Requires an hardware entropy source */
+#define FIH_ENABLE_DOUBLE_VARS
+#define FIH_ENABLE_GLOBAL_FAIL
+#define FIH_ENABLE_CFI
+
+#else
+#error "Invalid FIH Profile configuration"
+#endif /* MCUBOOT_FIH_PROFILE */
+
+/*
+ * FIH return type macro changes the function return types to fih_int.
+ * All functions that need to be protected by FIH and called via FIH_CALL must
+ * return a fih_int type.
+ */
+#define FIH_RET_TYPE(type) fih_int
+
+#include "bootutil/fault_injection_hardening.h"
+
+#else /* MCUBOOT_FIH_PROFILE_OFF */
+typedef int32_t fih_int;
+
+#define FIH_INT_INIT(x) (x)
+
+#define FIH_SUCCESS 0
+#define FIH_FAILURE -1
+
+#define fih_int_validate(x)
+
+#define fih_int_decode(x) (x)
+
+#define fih_int_encode(x) (x)
+
+#define fih_int_encode_zero_equality(x) ((x) == 0 ? 0 : 1)
+
+#define fih_eq(x, y) ((x) == (y))
+
+#define fih_not_eq(x, y) ((x) != (y))
+
+#define fih_delay_init() (0)
+#define fih_delay()
+
+#define FIH_CALL(f, ret, ...) \
+ do { \
+ ret = f(__VA_ARGS__); \
+ } while (0)
+
+#define FIH_RET(ret) \
+ do { \
+ return ret; \
+ } while (0)
+
+#define FIH_PANIC do { \
+ while(1) {}; \
+ } while (0)
+
+#define FIH_RET_TYPE(type) type
+
+#define FIH_CFI_STEP_INIT(x)
+#define FIH_CFI_STEP_DECREMENT()
+#define FIH_CFI_STEP_ERR_RESET()
+
+#define FIH_LABEL_CRITICAL_POINT()
+
+#endif /* !MCUBOOT_FIH_PROFILE_OFF */
+
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __INTEROP_FIH_H__ */
diff --git a/lib/fih/inc/fih.h b/lib/fih/inc/fih.h
index 2c36d3a..fcb604b 100644
--- a/lib/fih/inc/fih.h
+++ b/lib/fih/inc/fih.h
@@ -5,8 +5,8 @@
*
*/
-#ifndef __FAULT_INJECTION_HARDENING_H__
-#define __FAULT_INJECTION_HARDENING_H__
+#ifndef __TFM_FIH_H__
+#define __TFM_FIH_H__
#include <stddef.h>
#include <stdint.h>
@@ -541,4 +541,4 @@
}
#endif /* __cplusplus */
-#endif /* __FAULT_INJECTION_HARDENING_H__ */
+#endif /* __TFM_FIH_H__ */
diff --git a/platform/CMakeLists.txt b/platform/CMakeLists.txt
index e3cd388..53cf443 100755
--- a/platform/CMakeLists.txt
+++ b/platform/CMakeLists.txt
@@ -180,7 +180,6 @@
PUBLIC
platform_common_interface
platform_region_defs
- tfm_fih_headers
PRIVATE
bl2_hal
mcuboot_config
diff --git a/platform/ext/common/boot_hal_bl2.c b/platform/ext/common/boot_hal_bl2.c
index 9a35d20..46646e4 100644
--- a/platform/ext/common/boot_hal_bl2.c
+++ b/platform/ext/common/boot_hal_bl2.c
@@ -13,7 +13,7 @@
#include "flash_layout.h"
#ifdef CRYPTO_HW_ACCELERATOR
#include "crypto_hw.h"
-#include "bootutil/fault_injection_hardening.h"
+#include "fih.h"
#endif /* CRYPTO_HW_ACCELERATOR */
#ifdef MEASURED_BOOT_API
diff --git a/platform/ext/target/arm/corstone1000/bl1/bl1_boot_hal.c b/platform/ext/target/arm/corstone1000/bl1/bl1_boot_hal.c
index 3462075..9caa26b 100644
--- a/platform/ext/target/arm/corstone1000/bl1/bl1_boot_hal.c
+++ b/platform/ext/target/arm/corstone1000/bl1/bl1_boot_hal.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2022, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -11,7 +11,7 @@
#include "boot_hal.h"
#include "Driver_Flash.h"
#include "flash_layout.h"
-#include "bootutil/fault_injection_hardening.h"
+#include "fih.h"
#include "bootutil/bootutil_log.h"
#include "firewall.h"
#include "watchdog.h"
diff --git a/platform/ext/target/arm/corstone1000/boot_hal_bl2.c b/platform/ext/target/arm/corstone1000/boot_hal_bl2.c
index 134315a..323d970 100644
--- a/platform/ext/target/arm/corstone1000/boot_hal_bl2.c
+++ b/platform/ext/target/arm/corstone1000/boot_hal_bl2.c
@@ -11,7 +11,7 @@
#include "boot_hal.h"
#include "Driver_Flash.h"
#include "flash_layout.h"
-#include "bootutil/fault_injection_hardening.h"
+#include "fih.h"
#include "bootutil/bootutil_log.h"
#include "fip_parser.h"
#include "flash_map/flash_map.h"
diff --git a/platform/ext/target/arm/musca_b1/CMakeLists.txt b/platform/ext/target/arm/musca_b1/CMakeLists.txt
index 9f8310c..c2b998c 100644
--- a/platform/ext/target/arm/musca_b1/CMakeLists.txt
+++ b/platform/ext/target/arm/musca_b1/CMakeLists.txt
@@ -175,6 +175,7 @@
CMSIS_Driver/Config
Device/Config
Native_Driver
+ ${CMAKE_SOURCE_DIR}/bl2/ext/mcuboot/include # for fih.h interop only
${MCUBOOT_PATH}/boot/bootutil/include # for fault_injection_hardening.h only
${CMAKE_BINARY_DIR}/bl2/ext/mcuboot # for mcuboot_config.h only
Native_Driver
diff --git a/platform/ext/target/arm/musca_s1/CMakeLists.txt b/platform/ext/target/arm/musca_s1/CMakeLists.txt
index e0d2897..5c9c99b 100644
--- a/platform/ext/target/arm/musca_s1/CMakeLists.txt
+++ b/platform/ext/target/arm/musca_s1/CMakeLists.txt
@@ -174,6 +174,7 @@
CMSIS_Driver/Config
Device/Config
Native_Driver
+ ${CMAKE_SOURCE_DIR}/bl2/ext/mcuboot/include # for fih.h interop only
${MCUBOOT_PATH}/boot/bootutil/include # for fault_injection_hardening.h only
${CMAKE_BINARY_DIR}/bl2/ext/mcuboot # for mcuboot_config.h only
)
diff --git a/platform/ext/target/arm/rss/bl2/boot_hal_bl2.c b/platform/ext/target/arm/rss/bl2/boot_hal_bl2.c
index 7d2e8f8..edb4bb6 100644
--- a/platform/ext/target/arm/rss/bl2/boot_hal_bl2.c
+++ b/platform/ext/target/arm/rss/bl2/boot_hal_bl2.c
@@ -16,7 +16,7 @@
#include "platform_base_address.h"
#ifdef CRYPTO_HW_ACCELERATOR
#include "crypto_hw.h"
-#include "bootutil/fault_injection_hardening.h"
+#include "fih.h"
#endif /* CRYPTO_HW_ACCELERATOR */
int32_t boot_platform_post_init(void)
diff --git a/platform/ext/target/stm/common/stm32l5xx/bl2/boot_hal_bl2.c b/platform/ext/target/stm/common/stm32l5xx/bl2/boot_hal_bl2.c
index 70eaa34..5476224 100644
--- a/platform/ext/target/stm/common/stm32l5xx/bl2/boot_hal_bl2.c
+++ b/platform/ext/target/stm/common/stm32l5xx/bl2/boot_hal_bl2.c
@@ -8,6 +8,7 @@
* @attention
*
* <h2><center>© Copyright (c) 2020 STMicroelectronics.
+ * <h2><center>© Copyright (c) 2022 Arm Limited.
* All rights reserved.</center></h2>
*
* This software component is licensed by ST under BSD 3-Clause license,
@@ -31,7 +32,7 @@
#ifdef CRYPTO_HW_ACCELERATOR
#include "crypto_hw.h"
#endif
-#include "bootutil/fault_injection_hardening.h"
+#include "fih.h"
#if defined(EXTERNAL_FLASH)
#include "flash_map_backend/flash_map_backend.h"
#endif /* defined(EXTERNAL_FLASH) */