Age | Commit message (Collapse) | Author |
|
The connection handle is not created while SP is processing
PSA_IPC_CONNECT message, this causes a failed calling of
psa_set_rhandle(). Remove this limitation by setting reverse
handle in psa_reply().
Change-Id: I15b3022aed981b529ad7771472a50e01e4d697d2
Signed-off-by: Edison Ai <edison.ai@arm.com>
|
|
The function update_running_head(...) updates the pointer pointing to
the highest priority runnable thread.
The old implementation updates RUNN_HEAD pointer to the new running
thread, if the new running thread has the same or higher priority then
current RUNN_HEAD. However this is not the correct behaviour.
If a thread with the same priority as a running thread becomes running,
then RUNN_HEAD is updated to this thread. Then if this second thread
gets blocked, then the previous thread will never be scheduled, as the
RUNN_HEAD pointer is past it, and the search always starts at
RUNN_HEAD.
Fix: Change tfm_thrd_set_status to update the RUNN_HEAD to the new
running thread, if it has higher priority than the thread at RUNN_HEAD.
In other cases start the search from the beginning of the thread list.
Change-Id: I3738fa2e728d731b5b2553ad64ba232b47509c5a
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
|
|
tfm_spm_hal_configure_default_isolation(...) should also be called for
partitions supporting PSA API
Change-Id: I06b2a090a6939600c390d4b5a5c1b0fe57f407e1
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
|
|
Implement the IPC Client APIs in syscalls.c file.
Change-Id: I8e71a9803bc5ae1fc5e779aba0bbe5ab99290702
Signed-off-by: Summer Qin <summer.qin@arm.com>
|
|
Implement all PSA service functions. Interrupt and
doorbell APIs are not verified.
Change-Id: I14ded96b69f5d494b81aa9b3d47ae0f2c3fe1dc0
Signed-off-by: Edison Ai <edison.ai@arm.com>
|
|
In IPC, memory data could come from secure or non-secure side,
and the added function will check the memory limit for both of
them. It is used to check the parameter(memory reference) for
IPC client and service APIs.
Change-Id: If2a19a29e489267f2be935abac60764777736a12
Signed-off-by: Summer Qin <summer.qin@arm.com>
|
|
PSA API handler is implemented. Adapt veneer of non-secure PSA API with
implemented handler instead of dummy handler.
Change-Id: If51ae1882cbf630511db7f94c9555615bb3b2e4c
Signed-off-by: Summer Qin <summer.qin@arm.com>
|
|
Add one region ER_TFM_DATA in gcc linker script.
Change-Id: I6022d4556bc62cca5dc74eb3e7c0ed6093ee5d78
Signed-off-by: Summer Qin <summer.qin@arm.com>
|
|
This secure partition manager is mainly for IPC functions which is
different from the library SPM.
- Manage IPC service handler, IPC message, RoT of services and event.
- Add thread info and stack in library SPM structure for data separate
between different partitions.
- Add some library SPM partition functions for IPC.
- The partition data come from library SPM, while the services data
come from manifest.
- Init thread and trigger scheduler when SPM init.
Change-Id: Icfb1151e1d453409c0eda07ac72e26a673133c73
Signed-off-by: Edison Ai <edison.ai@arm.com>
|
|
Below enhancements need to be applied to follow PSA:
- IPC related parameters added in manifest file (such as signal, sid,
minor_version and minor_policy).
- IPC service partition manifest file added to generate secure partion
source.
- Remove "tfm_partition_name" from manifest file and use "name"
directly.
- Remove IPC unused template: tfm_sfid_list.inc.template
Note:
- Signal header also need to be added manually by hardcode for tool
cannot support it now.
Change-Id: I47c2c4058e99a0b278c7b05b1e8d80058bc185a1
Signed-off-by: Edison Ai <edison.ai@arm.com>
|
|
Add Secure Partition for IPC Client and Service. Generate new partition
information by executing tfm_parse_manifest_list.py.
Change-Id: I8a0fe54113f9c5c2a32dd5d651a9722f0057dd2b
Signed-off-by: Summer Qin <summer.qin@arm.com>
|
|
Those functions are fundamental components for IPC implement.
- Common list operation functions
- IPC message queue operation functions
- Memory pool management function: declare pool first by using
“TFM_POOL_DECLARE”, then initialize memory to pool by
tfm_pool_init(). tfm_pool_alloc() and tfm_pool_free() are
used to allocate and free memory.
- Add internal defines header for macros only be used inside the
IPC functions.
Change-Id: I80770ee2c295c04142f5bbcebda03ff9d7d1af62
Signed-off-by: Edison Ai <edison.ai@arm.com>
Co-authored-by: Ken Liu <ken.liu@arm.com>
|
|
This patch provides Thread, Wait and ARCH related APIs
for PSA secure IPC implementation.
Change-Id: I338cd82563d20d75db4fd60441896f76dc85c6e2
Signed-off-by: Ken Liu <ken.liu@arm.com>
|
|
Initial IPC patches showcases API usage with a rough design. To follow
PSA FF specification, an updated framework needs to take place instead
of previous design.
The modification details are:
- Remove legacy version files which unused anymore: psa_api.c,
tfm_queue.c, tfm_queue.h, tfm_thread.c and tfm_thread.h.
- Add psa client and service implement on secure side in thread mode.
- Add syscalls for psa client and service, empty now and to be
implemented.
- Those files in 'core' folder which needed by ipc will be added in
'ipc' folder. So there is no ipc file to be built in 'library' mode.
Change-Id: I5ab5ea2774dfb70b24f4bfd0499129ae48b2b3de
Signed-off-by: Edison Ai <edison.ai@arm.com>
Co-authored-by: Ken Liu <ken.liu@arm.com>
|
|
- Renamed psa_error_t to psa_status_t
- All functions that accept or return signals now use the psa_signal_t
type
- Removed PSA_CONNECTION_ACCEPTED and replaced its use in connection
messages by PSA_SUCCESS
- Added PSA_CONNECTION_BUSY to indicate transient error conditions
during calls to psa_connect() and renumbered the PSA error codes
- Removed psa_identity() and replaced it with client_id in psa_msg_t
- Renamed psa_end() to psa_reply()
- Combine psa_wait_any() and psa_wait_interrupt() into psa_wait().
Change-Id: Id3ba56f145a29aff297cc56e66810e0dbe0f913b
Signed-off-by: Edison Ai <edison.ai@arm.com>
Co-authored-by: Summer Qin <summer.qin@arm.com>
|
|
Cypto references type 'psa_status_t'. This type is defined in PSA FF
1.0-beta0. Add PSA FF version checking to decide proper way of reference
it.
Change-Id: I61f9324031e8e28c2bac2ef5bb9148b702183f8c
Signed-off-by: Edison Ai <edison.ai@arm.com>
|
|
Existing regression tests cases and test partitions does
not rely on IPC mode. Disable regression tests and update
related switches for IPC configuration.
Change-Id: Iee075e29e16667c76935bf243fbc5b70428a53dd
Signed-off-by: Edison Ai <edison.ai@arm.com>
|
|
Incorrect offset is applied in context which caused
hang occasionally. Fix it to avoid such problem.
Change-Id: I2d5092d78403f72a0a3b0e2adef8afc74fe86b1b
Signed-off-by: Ken Liu <ken.liu@arm.com>
|
|
Align NS IPC calls with thread mode NS-S transition
changes
Change-Id: Ifbc4a5229ee0400bde9755d2964bcf82e8fcfca2
Signed-off-by: Miklos Balint <miklos.balint@arm.com>
|
|
Move ipc related source code to 'ipc' folder for easier code
browsing. This also readies codebase for future additions.
Change-Id: Icc78338a3832b73e9a71bf33577829bf310da890
Signed-off-by: Ken Liu <ken.liu@arm.com>
|
|
Add tests in non-secure side to call the IPC client APIs.
Change-Id: Ie7eb3c82f73b0e1f1c14dbf9ad74861067a284fa
Signed-off-by: Summer Qin <summer.qin@arm.com>
|
|
Add PSA message processing in veneer functions:
- Send PSA message to IPC queue and it will trigger IPC event.
- Schedule out to let CPU to process IPC event.
- Return PSA_VERSION_NONE in tfm_psa_version_veneer function.
Change-Id: Ie3ed12dc95ccf5cc1153dabe1ae20449c7eb6830
Signed-off-by: Edison Ai <edison.ai@arm.com>
|
|
This is the first version for IPC secure function test service:
- Only psa_wait_any(), psa_get(), psa_read(), psa_write() and
psa_end() are used now.
- Only support "block" mode for psa_wait_any()
Note:
- Remaining PSA functions TBD
- "Poll" mode for psa_wait_any() TBD
Change-Id: I882716075b9c92839d41372df355c364d24d7574
Signed-off-by: Edison Ai <edison.ai@arm.com>
|
|
Add test framework skeleton for secure and non-secure side IPC
validation. Actual tests will be added in subsequent patches.
Change-Id: Iaef5668e3d57e50493b72a4977d3f0145ec0cd97
Signed-off-by: Edison Ai <edison.ai@arm.com>
|
|
Draft PSA servie APIs. A global based message queue,
and necessary APIs for first IPC Service Partition.
Change-Id: Ifd46eaa13eb5ba2a62584f1335e438db3b2738d9
Signed-off-by: Ken Liu <ken.liu@arm.com>
|
|
IPC draft needs to block current running context while
calling blocking APIs and add base thread context for this
purpose. First version just consider two threads switch
in symmetric mode -- threads and scheduler run in same mode.
Only ARMv8-M Mainline profile is currently implemented.
Change-Id: I7ead5af98eb4584b236cabfd98465d177094be2d
Signed-off-by: Ken Liu <ken.liu@arm.com>
|
|
Add ConfigCoreIPC.cmake file for enabling IPC function,
TFM_PSA_API and CORE_TEST_IPC depend on it.
Change-Id: I6bcadfc3d7a8184e4c55aaf56e2958520be5a94a
Signed-off-by: Edison Ai <edison.ai@arm.com>
|
|
NS client infrastructure for PSA API created in
conformance with v8M secure gateway call restrictions
and TF-M rules.
Note:
- S SVC handlers TBD
- Buffer read/write funtions TBD
- Sanity checks in S SVC handlers TBD
Change-Id: Ia2947c28247af699d337754db2f22e2e25235c41
Signed-off-by: Miklos Balint <miklos.balint@arm.com>
|
|
This patch defines a platform abstraction layer for the initial debug
configuration, which needs to be implemented per each platform,
and executed in tfm_core.c, as an extra step in the tfm_core_init
function.
Change-Id: I27bdbe35b47e3124f7176a931f1895bd06187dc4
Signed-off-by: Marc Moreno <marc.morenoberengue@arm.com>
|
|
This change introduces an interface layer towards the
secure world which exposes the same API exposed to NS
instead of calling the veneers directly. This layer is
placed into the SFN section during TFM build process.
The secure suite for Audit Log test is updated to use
this interface.
Change-Id: I716633cc95d7804412d0f2ed33ca39a6159e9e20
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
|
|
This patch introduces support for building with Armclang 6.10
and Armclang 6.11. It also fixes a typo inside the cmake build
system files, and rename architecture names to be consistent.
Change-Id: I9b7db4751c225f092e84c85d9d421fa6d158c929
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
|
|
Changes the build system to compile Mbed TLS without debug symbols by
default. It can still be built with debug symbols by adding
-DMBEDTLS_DEBUG=ON to the CMake command. Most of the time TF-M
developers do not need to debug Mbed TLS, and building it as
"MinSizeRel" by default allows for smaller, faster binaries. It also
eliminates the need for Musca-specific build settings to shrink the
binary size.
Change-Id: I4b691a50f63ddbb4707a196bf7950f8e7603a32c
Signed-off-by: Jamie Fox <jamie.fox@arm.com>
|
|
Changes the build system to build Mbed TLS with MULADDC_CANNOT_USE_R7
defined for Armv8-M Baseline targets. This compiles-out some inline
assembly in Mbed TLS that is not compatible with Armv8-M Baseline
instruction encoding.
Change-Id: Ibe8ac799a4a5d5f56f11ae8caccac431995902ac
Signed-off-by: Jamie Fox <jamie.fox@arm.com>
|
|
This patch introduces an integration guide to the Initial
Attestation Service which provides a high level overview of
the service and provides guidance on its usage from
applications.
Change-Id: I256db731173ddd1ecfbe4d2a8c3a0eda58eafe61
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
|
|
Initial test cases for Attestation Service prototype added.
Change-Id: I7e60a90d85a1f9299214d6ce1cf94af05b1236c8
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
|
|
Details:
- implement initial version of API
- implement veneer function and SVC handler
- implement wrapper functions around veneers on S and NS side
- create manifest files and generate new partition defines
- add attestation service to build system
- update linker scripts for ARMCLANG and GNUARM
Change-Id: I987509c6cad08fcd082667bca7dbc9a328ea03de
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
|
|
Initial Attestation Service allows the application to prove the device
identity during an authentication process to a verification entity.
Attestation Service creates a token, which contains device specific data
and signed with unique attestation key. The API provides the retrieval
of signed initial attestation token.
Change-Id: I914597100bba502901e00c4b1ef0e1ec3f042926
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
|
|
Add a getter function to platform code, to retrieve
the Universal Entity ID (UEID) of the device.
Change-Id: Id1f9abc5e96409da463098e92230099c1983c0c9
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
|
|
Add a getter function to platform code, which makes possible
to get the boot seed value. Boot seed is a mandatory claim
in the initial attestation token.
Change-Id: Ifd547c541a51093f0766b57ba9e9cdd124cd840d
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
|
|
In long term standard C library might be removed from TF-M project or
replaced with a secure implementation due to security concerns.
Wrappers are introduced to indicate this concern and future change
to developers.
Change-Id: I86e9cd8563fd89bf70b0df59cb2ae1aeee9c02b9
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
|
|
This change is necessary to fit to the available RAM
memory on Musca-A board, if isolation level is TFM_LVL=3.
Change-Id: I47248dcc10d757fb6b4fc9d26f1bd9adc83e5abb
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
|
|
The checking of memory limit was missing from ARMCLANG
scatter file. Without this fix linker can easily over allocate
the data memory without noticing it. GCC has this feature in place.
Change-Id: If6923bfe5e78f405b562b652f696330b6f3f971d
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
|
|
Details:
- extend SPM's services API with new functions, which
is used by partitions to retrive relevant data from bootloader
Change-Id: I0efecfd86137f8059be2221ba5e3f9386f1b60d0
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
|
|
Details:
- PSA requirement: Attestation service must include
the measured boot status to attestation token. Secure
bootloader measuring the runtime SW (calculatinig its hash)
ans shares the measurements with runtime SW through a shared
memory area.
- add new functions to save the boot status in TLV
encoded format to the shared data area
- save combined (S+NS) image hash to boot status
Change-Id: I4f7b4f134294aea75fe5bce10cd98c74614c32e8
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
|
|
Change-Id: Iba827776797da72d21f2afc705be7fd937bf7598
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
|
|
This patch fix a compilation error which was occurred
with GNUARM if BL2 was turned off.
Change-Id: I2f5be9fe1b35b24781fa12b1ed7036a473e91087
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
|
|
Change-Id: I63b34fcb8170df69084d67ff1d8eb086a8020300
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
|
|
Details:
- To enable any secure service to use the standard C library
functions.
- Only read-only(code&ro-data) section was moved.
- Data section of C library remains in the data section of
secure test service to make possible the usage of printf.
Change-Id: Iff106b72af3cc0cc4c0f1ebdab668886644b777c
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
|
|
Details:
- ARMCLANG: relocate heap and stack allocation to scatter file
from start-up assembly, to be aligned with GNUARM
- Explicitly distinguish main and process stack
- Reorder the allocation of heap and stack area in
RAM: main stack, process stack, heap
- Introduce shared data area b/w bootloader and runtime to exchange
data
- Main stack and shared area are overlapping sections in memory,
to prepare the recycling the shared area as stack
- Increase bootloader stack size to avoid overflow
- Remove unnecessary .heap(COPY) section from GCC linker script
Change-Id: Id8702fd9262764814250356868fb8de630b4a1af
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
|
|
This patch fixies the code logic in sst_set_active_object_table when
table 0 is valid and table 1 is invalid. If both tables are valid an
extra evaluation is required to determine which table contains the
latest content based on NV counters, if SST_ROLLBACK_PROTECTION is
set, or swap counter.
Change-Id: I3a751c003b5c7b272005ecacd26f607f37978e1e
Signed-off-by: Marc Moreno <marc.morenoberengue@arm.com>
|