RSS: Add RSS Platform from Corstone1000 template
Initial commit to commence ADAC integration on RSS.
Signed-off-by: Maulik Patel <maulik.patel@arm.com>
Change-Id: I7a8bc672ea1b2d29f700f01734282862fef92c30
diff --git a/target/trusted-firmware-m/platform/arm/rss/common/CMakeLists.txt b/target/trusted-firmware-m/platform/arm/rss/common/CMakeLists.txt
new file mode 100644
index 0000000..9634558
--- /dev/null
+++ b/target/trusted-firmware-m/platform/arm/rss/common/CMakeLists.txt
@@ -0,0 +1,30 @@
+#
+# Copyright (c) 2022 Arm Limited. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+set(TFM_SRC_DIR ${CMAKE_SOURCE_DIR})
+
+target_sources(${PROJECT_NAME}
+ PRIVATE
+ ${CMAKE_CURRENT_SOURCE_DIR}/psa_adac_platform.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/discovery.c
+ ${PSA_ADAC_ROOT}/transport_layer/transports/static_buffer_msg.c
+ ${PSA_ADAC_ROOT}/transport_layer/transports/sdc-600/sdc-600.c
+ ${PSA_ADAC_ROOT}/transport_layer/transports/sdc-600/int_com_port_driver.c
+)
+
+target_include_directories(${PROJECT_NAME}
+ PUBLIC
+ ${CMAKE_CURRENT_SOURCE_DIR}/include
+ PRIVATE
+ ${CMAKE_CURRENT_SOURCE_DIR}
+ ${PSA_ADAC_MBEDTLS_INCLUDE}
+ ${PSA_ADAC_ROOT}/transport_layer/transports
+ ${TFM_SRC_DIR}/platform/ext/target/arm/rss/common/partition
+)
+
+install(FILES
+ ${CMAKE_CURRENT_SOURCE_DIR}/include/psa_adac_platform.h
+ DESTINATION ${PSA_ADAC_INSTALL_PATH}/include
+)
diff --git a/target/trusted-firmware-m/platform/arm/rss/common/discovery.c b/target/trusted-firmware-m/platform/arm/rss/common/discovery.c
new file mode 100644
index 0000000..69519e7
--- /dev/null
+++ b/target/trusted-firmware-m/platform/arm/rss/common/discovery.c
@@ -0,0 +1,119 @@
+/*
+ * Copyright (c) 2022 Arm Limited. All rights reserved.
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include "psa_adac.h"
+#include "psa_adac_config.h"
+
+#include <stddef.h>
+#include <stdint.h>
+
+#ifdef PSA_ADAC_EC_P256
+#define EC_P256_CNT 1
+#define EC_P256_VAL ECDSA_P256_SHA256,
+#else
+#define EC_P256_CNT 0
+#define EC_P256_VAL
+#endif
+
+#ifdef PSA_ADAC_EC_P521
+#define EC_P521_CNT 1
+#define EC_P521_VAL ECDSA_P521_SHA512,
+#else
+#define EC_P521_CNT 0
+#define EC_P521_VAL
+#endif
+
+#ifdef PSA_ADAC_RSA3072
+#define RSA3072_CNT 1
+#define RSA3072_VAL RSA_3072_SHA256,
+#else
+#define RSA3072_CNT 0
+#define RSA3072_VAL
+#endif
+
+
+#ifdef PSA_ADAC_RSA4096
+#define RSA4096_CNT 1
+#define RSA4096_VAL RSA_4096_SHA256,
+#else
+#define RSA4096_CNT 0
+#define RSA4096_VAL
+#endif
+
+#ifdef PSA_ADAC_ED25519
+#define ED25519_CNT 1
+#define ED25519_VAL ED_25519_SHA512,
+#else
+#define ED25519_CNT 0
+#define ED25519_VAL
+#endif
+
+#ifdef PSA_ADAC_ED448
+#define ED448_CNT 1
+#define ED448_VAL ED_448_SHAKE256,
+#else
+#define ED448_CNT 0
+#define ED448_VAL
+#endif
+
+#ifdef PSA_ADAC_SM2SM3
+#define SM2SM3_CNT 1
+#define SM2SM3_VAL SM_SM2_SM3,
+#else
+#define SM2SM3_CNT 0
+#define SM2SM3_VAL
+#endif
+
+#ifdef PSA_ADAC_HMAC
+#define HMAC_CNT 1
+#define HMAC_VAL CMAC_AES,
+#else
+#define HMAC_CNT 0
+#define HMAC_VAL
+#endif
+
+#ifdef PSA_ADAC_CMAC
+#define CMAC_CNT 1
+#define CMAC_VAL HMAC_SHA256,
+#else
+#define CMAC_CNT 0
+#define CMAC_VAL
+#endif
+
+#define CRYPTO_CNT EC_P256_CNT + EC_P521_CNT + RSA3072_CNT + RSA4096_CNT + \
+ ED25519_CNT + ED448_CNT + SM2SM3_CNT + HMAC_CNT + CMAC_CNT
+#define CRYPTO_VALS EC_P256_VAL EC_P521_VAL RSA3072_VAL RSA4096_VAL \
+ ED25519_VAL ED448_VAL SM2SM3_VAL HMAC_VAL CMAC_VAL
+
+uint8_t discovery_template[] = {
+ /* @+00 (12 bytes) psa_auth_version: 1.0 */
+ 0x00, 0x00, 0x01, 0x00, 0x02, 0x00, 0x00, 0x00,
+ 0x01, 0x00, 0x00, 0x00,
+ /* @+12 (12 bytes) vendor_id: {0x04, 0x3B} => 0x023B ("ARM Ltd.") */
+ 0x00, 0x00, 0x02, 0x00, 0x02, 0x00, 0x00, 0x00,
+ 0x04, 0x3B, 0x00, 0x00,
+ /* @+24 (12 bytes) soc_class: [0x00, 0x00, 0x00, 0x00] */
+ 0x00, 0x00, 0x03, 0x00, 0x04, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ /* @+36 (24 bytes) soc_id: [0x00] * 16 */
+ 0x00, 0x00, 0x04, 0x00, 0x10, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ /* @+60 (12 bytes) psa_lifecycle: PSA_LIFECYCLE_SECURED */
+ 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, 0x00, 0x00,
+ 0x00, 0x30, 0x00, 0x00,
+ /* @+72 (12 bytes) token_formats: [{0x00, 0x02} (token_psa_debug)] */
+ 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00,
+ 0x00, 0x02, 0x00, 0x00,
+ /* @+84 (12 bytes) cert_formats: [{0x01, 0x02} (cert_psa_debug)] */
+ 0x00, 0x00, 0x01, 0x01, 0x02, 0x00, 0x00, 0x00,
+ 0x01, 0x02, 0x00, 0x00,
+ /* @+96 (8 + X bytes) cryptosystems: [...] */
+ 0x00, 0x00, 0x02, 0x01, CRYPTO_CNT, 0x00, 0x00, 0x00, CRYPTO_VALS
+ /* Maximum padding */
+ 0x00, 0x00, 0x00
+};
+
+size_t discovery_template_len = sizeof(discovery_template) - (sizeof(discovery_template) % 4);
diff --git a/target/trusted-firmware-m/platform/arm/rss/common/include/platform/msg_interface.h b/target/trusted-firmware-m/platform/arm/rss/common/include/platform/msg_interface.h
new file mode 100644
index 0000000..53c16e4
--- /dev/null
+++ b/target/trusted-firmware-m/platform/arm/rss/common/include/platform/msg_interface.h
@@ -0,0 +1,64 @@
+/*
+ * Copyright (c) 2022 Arm Limited. All rights reserved.
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef __MSG_INTERFACE_H__
+#define __MSG_INTERFACE_H__
+
+#include "psa_adac.h"
+#include "platform/platform.h"
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+#if defined(PSA_ADAC_AUTHENTICATOR_IMPLICIT_TRANSPORT)
+
+int msg_interface_init(void *ctx, uint8_t buffer[], size_t size);
+int msg_interface_free(void *ctx);
+
+request_packet_t *request_packet_lock(size_t *max_data_size);
+response_packet_t *response_packet_lock(size_t *max_data_size);
+int response_packet_release(response_packet_t *packet);
+int request_packet_release(request_packet_t *packet);
+
+request_packet_t *request_packet_receive();
+response_packet_t *response_packet_build(uint16_t status, uint8_t *data, size_t data_size);
+int response_packet_send(response_packet_t *packet);
+
+#else
+
+#error "Explicit Transport API Currently not defined"
+
+/* This is a very early draft */
+
+typedef int (*msg_interface_init_t)(void *ctx, uint8_t buffer[], size_t size);
+typedef int (*msg_interface_free_t)(void *ctx);
+
+/* Target */
+typedef request_packet_t *(*request_packet_receive_t)(void *ctx);
+typedef int (*request_packet_release_t)(void *ctx, request_packet_t * packet);
+typedef response_packet_t *(*response_packet_lock_t)(void *ctx, size_t *max_data_size);
+typedef response_packet_t *(*response_packet_build_t)(void *ctx, uint16_t status, uint8_t *data, size_t data_size);
+typedef int (*response_packet_send_t)(void *ctx, response_packet_t *packet);
+
+typedef struct {
+ msg_interface_init_t msg_interface_init;
+ msg_interface_free_t msg_interface_free;
+ request_packet_receive_t request_packet_receive;
+ request_packet_release_t request_packet_release;
+ response_packet_lock_t response_packet_lock;
+ response_packet_build_t response_packet_build;
+ response_packet_send_t response_packet_send;
+ response_packet_release_t response_packet_release;
+} target_msg_interface_t;
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __MSG_INTERFACE_H__ */
diff --git a/target/trusted-firmware-m/platform/arm/rss/common/include/platform/platform.h b/target/trusted-firmware-m/platform/arm/rss/common/include/platform/platform.h
new file mode 100644
index 0000000..394feea
--- /dev/null
+++ b/target/trusted-firmware-m/platform/arm/rss/common/include/platform/platform.h
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2022 Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef __PLATFORM_H__
+#define __PLATFORM_H__
+
+#include <stdint.h>
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifdef PSA_ADAC_PLATFORM_CONFIG_FILE
+#include PSA_ADAC_PLATFORM_CONFIG_FILE
+#else
+#include "psa_adac_platform.h"
+#endif
+
+#ifndef PSA_ADAC_PLATFORM_BANNER
+#define PSA_ADAC_PLATFORM_BANNER "PSA ADAC "
+#endif
+
+void platform_init(void);
+void psa_adac_platform_lock(void);
+int psa_adac_platform_check_token(uint8_t *token, size_t token_size);
+int psa_adac_platform_check_certificate(uint8_t *crt, size_t crt_size);
+void psa_adac_platform_init(void);
+int psa_adac_detect_debug_request(void);
+void psa_adac_acknowledge_debug_request(void);
+int psa_adac_apply_permissions(uint8_t permissions_mask[16]);
+
+/**
+ * \brief This function is called on response to the discovery command from the
+ * debug host. It returns information about the target and set of all
+ * response fragments format supported by the debug target.
+ *
+ * \param[in] reply Pointer to \p reply buffer.
+ * \param[in] reply_size Size of the \p reply buffer in bytes.
+ *
+ * \retval Returns size of actual populated reply buffer.
+ */
+size_t psa_adac_platform_discovery(uint8_t *reply, size_t reply_size);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __PLATFORM_H__ */
diff --git a/target/trusted-firmware-m/platform/arm/rss/common/include/psa_adac_platform.h b/target/trusted-firmware-m/platform/arm/rss/common/include/psa_adac_platform.h
new file mode 100644
index 0000000..0bbcbd1
--- /dev/null
+++ b/target/trusted-firmware-m/platform/arm/rss/common/include/psa_adac_platform.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2022 Arm Limited. All rights reserved.
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef __PSA_ADAC_PLATFORM_H__
+#define __PSA_ADAC_PLATFORM_H__
+
+#include <psa_adac_config.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define PSA_ADAC_PLATFORM_BANNER "PSA ADAC: Trusted-Firmware-M RSS platform."
+#define PSA_ADAC_AUTHENTICATOR_IMPLICIT_TRANSPORT
+
+/*
+ * From tf-m to psa-adac.
+ * Call to this function will wait for host debugger to initiate the
+ * secure debug connection and will perform the secure debug authentication
+ * proces.
+ */
+int tfm_to_psa_adac_rss_secure_debug(uint8_t *secure_debug_rotpk, uint32_t len);
+
+/*
+ * From psa-adac to tfm
+ * The platform code in the tf-m can use this function to apply
+ * secure debug permissions.
+ */
+int psa_adac_to_tfm_apply_permissions(uint8_t permissions_mask[16]);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __PSA_ADAC_PLATFORM_H__ */
diff --git a/target/trusted-firmware-m/platform/arm/rss/common/int_com_port_config.h b/target/trusted-firmware-m/platform/arm/rss/common/int_com_port_config.h
new file mode 100644
index 0000000..8a9f7fd
--- /dev/null
+++ b/target/trusted-firmware-m/platform/arm/rss/common/int_com_port_config.h
@@ -0,0 +1,29 @@
+/*
+ * Copyright (c) 2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __INT_COM_PORT_CONFIG_H__
+#define __INT_COM_PORT_CONFIG_H__
+
+#include "platform_base_address.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define HAL_SOCID_SIZE (32)
+
+/* FIXME - Check internal APB com address to see if secure or non-secure */
+#define SE_HOST_ACCESS HOST_ACCESS_BASE_S
+#define SE_APBCOM_BASE ((unsigned int)SE_HOST_ACCESS + 0x1B900000)
+
+#define HAL_APBCOM_BASE SE_APBCOM_BASE
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __INT_COM_PORT_CONFIG_H__ */
diff --git a/target/trusted-firmware-m/platform/arm/rss/common/psa_adac_platform.c b/target/trusted-firmware-m/platform/arm/rss/common/psa_adac_platform.c
new file mode 100644
index 0000000..1f8569b
--- /dev/null
+++ b/target/trusted-firmware-m/platform/arm/rss/common/psa_adac_platform.c
@@ -0,0 +1,119 @@
+/*
+ * Copyright (c) 2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "psa_adac_config.h"
+#include "psa_adac_debug.h"
+#include "psa_adac_sda.h"
+#include "platform/platform.h"
+#include "platform/msg_interface.h"
+#include <string.h>
+
+#define ROTPK_ANCHOR_ALG PSA_ALG_SHA_512
+
+void psa_adac_platform_init(void)
+{
+ /* TODO: Code me */
+}
+
+extern uint8_t discovery_template[];
+extern size_t discovery_template_len;
+
+static uint8_t buffer[512];
+static uint8_t messages[512];
+static uint8_t *rotpk_anchors[1];
+static size_t rotpk_anchors_size[1];
+static uint8_t rotpk_anchors_type[] = {
+ ECDSA_P521_SHA512,
+};
+static size_t rotpk_anchors_length = sizeof(rotpk_anchors) / sizeof(uint8_t *);
+
+size_t psa_adac_platform_discovery(uint8_t *reply, size_t reply_size)
+{
+ if (reply_size >= discovery_template_len) {
+ memcpy(reply, discovery_template, discovery_template_len);
+ return discovery_template_len;
+ }
+ return 0;
+}
+
+void psa_adac_platform_lock(void)
+{
+ /* TODO: Code me */
+}
+
+int psa_adac_platform_check_token(uint8_t *token, size_t token_size)
+{
+ /* TODO: Code me */
+ return 0;
+}
+
+int psa_adac_platform_check_certificate(uint8_t *crt, size_t crt_size)
+{
+ /* TODO: Code me */
+ return 0;
+}
+
+int psa_adac_apply_permissions(uint8_t permissions_mask[16])
+{
+ int ret = crypto_hw_apply_debug_permissions(permissions_mask);
+ if (ret) {
+ PSA_ADAC_LOG_ERR("platform", "psa_adac_to_tfm_apply_permissions "
+ "failed\r\n");
+ return ret;
+ }
+
+ PSA_ADAC_LOG_INFO("platform",
+ "\r\nPlatform unlocked for the secure debug %s\n");
+ return ret;
+}
+
+int tfm_to_psa_adac_rss_secure_debug(uint8_t *secure_debug_roptpk, uint32_t len)
+{
+ authentication_context_t auth_ctx;
+ int ret = -1;
+
+ if (psa_adac_detect_debug_request()) {
+ PSA_ADAC_LOG_INFO("main", "%s:%d Connection establised\r\n",
+ __func__, __LINE__);
+
+ msg_interface_init(NULL, messages, sizeof(messages));
+
+ psa_adac_init();
+ psa_adac_acknowledge_debug_request();
+
+ rotpk_anchors[0] = secure_debug_roptpk;
+ rotpk_anchors_size[0] = len;
+ authentication_context_init(&auth_ctx, buffer, sizeof(buffer),
+ ROTPK_ANCHOR_ALG,
+ rotpk_anchors, rotpk_anchors_size,
+ rotpk_anchors_type,
+ rotpk_anchors_length);
+#ifndef PSA_ADAC_QUIET
+ PSA_ADAC_LOG_INFO("main", "Starting authentication.\r\n");
+#endif
+ authentication_handle(&auth_ctx);
+
+ PSA_ADAC_LOG_INFO("main", "\r\n\r\n\r\nAuthentication is a %s\r\n\r\n",
+ auth_ctx.state == AUTH_SUCCESS ? "success" : "failure");
+
+ if (auth_ctx.state == AUTH_SUCCESS) {
+ ret = 0;
+ }
+
+ msg_interface_free(NULL);
+ } else {
+ PSA_ADAC_LOG_INFO("main", "%s:%d No secure debug connection.\r\n",
+ __func__, __LINE__);
+ }
+
+ return ret;
+}
+
+void platform_init(void)
+{
+ /* TODO: Code me */
+}
diff --git a/target/trusted-firmware-m/platform/arm/rss/tc/CMakeLists.txt b/target/trusted-firmware-m/platform/arm/rss/tc/CMakeLists.txt
new file mode 100644
index 0000000..b503a69
--- /dev/null
+++ b/target/trusted-firmware-m/platform/arm/rss/tc/CMakeLists.txt
@@ -0,0 +1,11 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2022, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+cmake_policy(SET CMP0076 NEW)
+set(CMAKE_CURRENT_SOURCE_DIR ${CMAKE_CURRENT_LIST_DIR})
+
+add_subdirectory(${CMAKE_CURRENT_LIST_DIR}/../common common)
diff --git a/target/trusted-firmware-m/platform/arm/rss/tc/config.cmake b/target/trusted-firmware-m/platform/arm/rss/tc/config.cmake
new file mode 100644
index 0000000..07f15b4
--- /dev/null
+++ b/target/trusted-firmware-m/platform/arm/rss/tc/config.cmake
@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2022 Arm Limited. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+set(ARM_SYSTEM_PROCESSOR cortex-m55)
+set(ARM_SYSTEM_ARCHITECTURE armv8.1-m.main)
+set(ARM_SYSTEM_FP OFF)
+
+set(PSA_ADAC_EC_P256 OFF CACHE BOOL "Enable support for ECDSA P-256")
+set(PSA_ADAC_EC_P521 ON CACHE BOOL "Enable support for ECDSA P-521")
+set(PSA_ADAC_HW_CRYPTO ON CACHE BOOL "Support for hardware cryptography")
+
+set(PSA_ADAC_USE_CRYPTOCELL On)