mirrors/meta-arm
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-arm synced 2026-06-07 15:10:09 +00:00
Code Issues Projects Releases Wiki Activity

arm-bsp/trusted-services:corstone1000: remove already merged patches

Browse Source 
Remove already merged patches in trusted services integration
branch to avoid clash during apply patch stage and rebase the
remaining patches.

Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit is contained in:
Rui Miguel Silva
2023-05-19 13:23:53 +02:00
committed by Jon Mason
parent a13b63f9ea
commit 6e0f3be575
27 changed files with 128 additions and 8113 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch
-287
View File
@@ -1,287 +0,0 @@
From 13de79cd4f0d25b812e5f4ad4a19bc075496be83 Mon Sep 17 00:00:00 2001
From: Vishnu Banavath <vishnu.banavath@arm.com>
Date: Fri, 3 Dec 2021 16:36:51 +0000
Subject: [PATCH 01/20] Add openamp to SE proxy deployment
Openamp is required to communicate between secure partitions(running on
Cortex-A) and trusted-firmware-m(running on Cortex-M).
These changes are to fetch libmetal and openamp from github repo's
and build it.
Upstream-Status: Pending
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
---
deployments/se-proxy/opteesp/lse.S | 28 ++++++++
deployments/se-proxy/se-proxy.cmake | 8 +++
external/openamp/libmetal-init-cache.cmake.in | 20 ++++++
external/openamp/libmetal.cmake | 67 +++++++++++++++++++
external/openamp/openamp-init-cache.cmake.in | 20 ++++++
external/openamp/openamp.cmake | 66 ++++++++++++++++++
6 files changed, 209 insertions(+)
create mode 100644 deployments/se-proxy/opteesp/lse.S
create mode 100644 external/openamp/libmetal-init-cache.cmake.in
create mode 100644 external/openamp/libmetal.cmake
create mode 100644 external/openamp/openamp-init-cache.cmake.in
create mode 100644 external/openamp/openamp.cmake
diff --git a/deployments/se-proxy/opteesp/lse.S b/deployments/se-proxy/opteesp/lse.S
new file mode 100644
index 000000000000..8e466d65fc2b
--- /dev/null
+++ b/deployments/se-proxy/opteesp/lse.S
@@ -0,0 +1,28 @@
+// SPDX-License-Identifier: BSD-3-Clause
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ */
+
+.text
+.globl __aarch64_cas4_acq_rel
+.globl __aarch64_cas4_sync
+
+__aarch64_cas4_acq_rel:
+ mov w16, w0
+ ldaxr w0, [x2]
+ cmp w0, w16
+0: bne 1f
+
+ stlxr w17, w1, [x2]
+ cbnz w17, 0b
+1: ret
+
+__aarch64_cas4_sync:
+ mov w16, w0
+ ldxr w0, [x2]
+ cmp w0, w16
+0: bne 1f
+
+ stlxr w17, w1, [x2]
+ cbnz w17, 0b
+1: ret
diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake
index 426c66c05350..d39873a0fe81 100644
--- a/deployments/se-proxy/se-proxy.cmake
+++ b/deployments/se-proxy/se-proxy.cmake
@@ -61,6 +61,7 @@ add_components(TARGET "se-proxy"
target_sources(se-proxy PRIVATE
${CMAKE_CURRENT_LIST_DIR}/common/se_proxy_sp.c
${CMAKE_CURRENT_LIST_DIR}/common/service_proxy_factory.c
+ ${CMAKE_CURRENT_LIST_DIR}/opteesp/lse.S
)
#-------------------------------------------------------------------------------
@@ -73,6 +74,13 @@ include(../../../external/nanopb/nanopb.cmake)
target_link_libraries(se-proxy PRIVATE nanopb::protobuf-nanopb-static)
protobuf_generate_all(TGT "se-proxy" NAMESPACE "protobuf" BASE_DIR "${TS_ROOT}/protocols")
+# libmetal
+include(../../../external/openamp/libmetal.cmake)
+
+# OpenAMP
+include(../../../external/openamp/openamp.cmake)
+target_link_libraries(se-proxy PRIVATE openamp libmetal)
+
#################################################################
target_include_directories(se-proxy PRIVATE
diff --git a/external/openamp/libmetal-init-cache.cmake.in b/external/openamp/libmetal-init-cache.cmake.in
new file mode 100644
index 000000000000..04c25fbde960
--- /dev/null
+++ b/external/openamp/libmetal-init-cache.cmake.in
@@ -0,0 +1,20 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2021-2022, Linaro. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+set(CMAKE_INSTALL_PREFIX "@BUILD_INSTALL_DIR@" CACHE STRING "")
+set(CMAKE_TOOLCHAIN_FILE "@TS_EXTERNAL_LIB_TOOLCHAIN_FILE@" CACHE STRING "")
+set(BUILD_SHARED_LIBS Off CACHE BOOL "")
+set(BUILD_STATIC_LIBS On CACHE BOOL "")
+
+set(WITH_DOC OFF CACHE BOOL "")
+set(WITH_TESTS OFF CACHE BOOL "")
+set(WITH_EXAMPLES OFF CACHE BOOL "")
+set(WITH_DEFAULT_LOGGER OFF CACHE BOOL "")
+set(MACHINE "template" CACHE STRING "")
+
+@_cmake_fragment@
diff --git a/external/openamp/libmetal.cmake b/external/openamp/libmetal.cmake
new file mode 100644
index 000000000000..6e5004ff555c
--- /dev/null
+++ b/external/openamp/libmetal.cmake
@@ -0,0 +1,67 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2022 Linaro Limited
+# Copyright (c) 2022, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+set (LIBMETAL_URL "https://github.com/OpenAMP/libmetal.git"
+ CACHE STRING "libmetal repository URL")
+set (LIBMETAL_INSTALL_DIR "${CMAKE_CURRENT_BINARY_DIR}/libmetal_install"
+ CACHE DIR "libmetal installation directory")
+set(LIBMETAL_SOURCE_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/libmetal"
+ CACHE DIR "libmetal source-code")
+set (LIBMETAL_PACKAGE_DIR "${LIBMETAL_INSTALL_DIR}/libmetal/cmake"
+ CACHE DIR "libmetal CMake package directory")
+set (LIBMETAL_TARGET_NAME "libmetal")
+set (LIBMETAL_REFSPEC "f252f0e007fbfb8b3a52b1d5901250ddac96baad"
+ CACHE STRING "The version of libmetal to use")
+set(LIBMETAL_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/libmetal-build")
+
+set(GIT_OPTIONS
+ GIT_REPOSITORY ${LIBMETAL_URL}
+ GIT_TAG ${LIBMETAL_REFSPEC}
+ GIT_SHALLOW FALSE
+)
+
+if(NOT LIBMETAL_DEBUG)
+ set(LIBMETAL_BUILD_TYPE "Release")
+else()
+ set(LIBMETAL_BUILD_TYPE "Debug")
+endif()
+
+include(FetchContent)
+
+# Checking git
+find_program(GIT_COMMAND "git")
+if (NOT GIT_COMMAND)
+ message(FATAL_ERROR "Please install git")
+endif()
+
+# Only pass libc settings to libmetal if needed. For environments where the
+# standard library is not overridden, this is not needed.
+if(TARGET stdlib::c)
+ include(${TS_ROOT}/tools/cmake/common/PropertyCopy.cmake)
+
+ # Save libc settings
+ save_interface_target_properties(TGT stdlib::c PREFIX LIBC)
+ # Translate libc settings to cmake code fragment. Will be inserted into
+ # libmetal-init-cache.cmake.in when LazyFetch configures the file.
+ translate_interface_target_properties(PREFIX LIBC RES _cmake_fragment)
+ unset_saved_properties(LIBC)
+endif()
+
+include(${TS_ROOT}/tools/cmake/common/LazyFetch.cmake REQUIRED)
+LazyFetch_MakeAvailable(DEP_NAME libmetal
+ FETCH_OPTIONS "${GIT_OPTIONS}"
+ INSTALL_DIR "${LIBMETAL_INSTALL_DIR}"
+ CACHE_FILE "${TS_ROOT}/external/openamp/libmetal-init-cache.cmake.in"
+ SOURCE_DIR "${LIBMETAL_SOURCE_DIR}"
+)
+unset(_cmake_fragment)
+
+#Create an imported target to have clean abstraction in the build-system.
+add_library(libmetal STATIC IMPORTED)
+set_property(TARGET libmetal PROPERTY IMPORTED_LOCATION "${LIBMETAL_INSTALL_DIR}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}metal${CMAKE_STATIC_LIBRARY_SUFFIX}")
+set_property(TARGET libmetal PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${LIBMETAL_INSTALL_DIR}/include")
diff --git a/external/openamp/openamp-init-cache.cmake.in b/external/openamp/openamp-init-cache.cmake.in
new file mode 100644
index 000000000000..302b80511bce
--- /dev/null
+++ b/external/openamp/openamp-init-cache.cmake.in
@@ -0,0 +1,20 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2021-2022, Linaro. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+set(CMAKE_INSTALL_PREFIX "@BUILD_INSTALL_DIR@" CACHE STRING "")
+set(CMAKE_TOOLCHAIN_FILE "@TS_EXTERNAL_LIB_TOOLCHAIN_FILE@" CACHE STRING "")
+set(BUILD_SHARED_LIBS Off CACHE BOOL "")
+set(BUILD_STATIC_LIBS On CACHE BOOL "")
+
+set(LIBMETAL_INCLUDE_DIR "@CMAKE_CURRENT_BINARY_DIR@/libmetal_install/include" CACHE
+ STRING "")
+set(LIBMETAL_LIB "@CMAKE_CURRENT_BINARY_DIR@/libmetal_install/lib" CACHE STRING "")
+set(RPMSG_BUFFER_SIZE "512" CACHE STRING "")
+set(MACHINE "template" CACHE STRING "")
+
+@_cmake_fragment@
diff --git a/external/openamp/openamp.cmake b/external/openamp/openamp.cmake
new file mode 100644
index 000000000000..449f35f4fda4
--- /dev/null
+++ b/external/openamp/openamp.cmake
@@ -0,0 +1,66 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2022 Linaro Limited
+# Copyright (c) 2022, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+set (OPENAMP_URL "https://github.com/OpenAMP/open-amp.git"
+ CACHE STRING "OpenAMP repository URL")
+set (OPENAMP_INSTALL_DIR "${CMAKE_CURRENT_BINARY_DIR}/openamp_install"
+ CACHE DIR "OpenAMP installation directory")
+set (OPENAMP_SOURCE_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/openamp"
+ CACHE DIR "OpenAMP source code directory")
+set (OPENAMP_PACKAGE_DIR "${OPENAMP_INSTALL_DIR}/openamp/cmake"
+ CACHE DIR "OpenAMP CMake package directory")
+set (OPENAMP_TARGET_NAME "openamp")
+set (OPENAMP_REFSPEC "347397decaa43372fc4d00f965640ebde042966d"
+ CACHE STRING "The version of openamp to use")
+
+set(GIT_OPTIONS
+ GIT_REPOSITORY ${OPENAMP_URL}
+ GIT_TAG ${OPENAMP_REFSPEC}
+ GIT_SHALLOW FALSE
+)
+
+if(NOT OPENAMP_DEBUG)
+ set(OPENAMP_BUILD_TYPE "Release")
+else()
+ set(OPENAMP_BUILD_TYPE "Debug")
+endif()
+
+include(FetchContent)
+
+# Checking git
+find_program(GIT_COMMAND "git")
+if (NOT GIT_COMMAND)
+ message(FATAL_ERROR "Please install git")
+endif()
+
+# Only pass libc settings to openamp if needed. For environments where the
+# standard library is not overridden, this is not needed.
+if(TARGET stdlib::c)
+ include(${TS_ROOT}/tools/cmake/common/PropertyCopy.cmake)
+
+ # Save libc settings
+ save_interface_target_properties(TGT stdlib::c PREFIX LIBC)
+ # Translate libc settings to cmake code fragment. Will be inserted into
+ # libmetal-init-cache.cmake.in when LazyFetch configures the file.
+ translate_interface_target_properties(PREFIX LIBC RES _cmake_fragment)
+ unset_saved_properties(LIBC)
+endif()
+
+include(${TS_ROOT}/tools/cmake/common/LazyFetch.cmake REQUIRED)
+LazyFetch_MakeAvailable(DEP_NAME openamp
+ FETCH_OPTIONS "${GIT_OPTIONS}"
+ INSTALL_DIR "${OPENAMP_INSTALL_DIR}"
+ CACHE_FILE "${TS_ROOT}/external/openamp/openamp-init-cache.cmake.in"
+ SOURCE_DIR "${OPENAMP_SOURCE_DIR}"
+)
+unset(_cmake_fragment)
+
+#Create an imported target to have clean abstraction in the build-system.
+add_library(openamp STATIC IMPORTED)
+set_property(TARGET openamp PROPERTY IMPORTED_LOCATION "${OPENAMP_INSTALL_DIR}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}open_amp${CMAKE_STATIC_LIBRARY_SUFFIX}")
+set_property(TARGET openamp PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${OPENAMP_INSTALL_DIR}/include")
--
2.38.1
meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Add-stub-capsule-update-service-components.patch → meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-stub-capsule-update-service-components.patch
+14 -74
View File
@@ -1,7 +1,7 @@
From 050be6fdfee656b0556766cc1db30f4c0ea87c79 Mon Sep 17 00:00:00 2001
From a965129153a0cca340535fe2cf99dbfef9b557da Mon Sep 17 00:00:00 2001
From: Julian Hall <julian.hall@arm.com>
Date: Tue, 12 Oct 2021 15:45:41 +0100
Subject: [PATCH 13/20] Add stub capsule update service components
Subject: [PATCH 1/6] Add stub capsule update service components
To facilitate development of a capsule update service provider,
stub components are added to provide a starting point for an
@@ -18,15 +18,12 @@ Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
.../provider/capsule_update_provider.c | 133 ++++++++++++++++++
.../provider/capsule_update_provider.h | 51 +++++++
.../capsule_update/provider/component.cmake | 13 ++
deployments/se-proxy/common/se_proxy_sp.c | 3 +
.../se-proxy/common/service_proxy_factory.c | 16 +++
.../se-proxy/common/service_proxy_factory.h | 1 +
deployments/se-proxy/se-proxy.cmake | 1 +
.../se-proxy/infra/corstone1000/infra.cmake | 1 +
deployments/se-proxy/se_proxy_interfaces.h | 9 +-
.../capsule_update/capsule_update_proto.h | 13 ++
protocols/service/capsule_update/opcodes.h | 17 +++
protocols/service/capsule_update/parameters.h | 15 ++
12 files changed, 292 insertions(+), 4 deletions(-)
9 files changed, 272 insertions(+), 4 deletions(-)
create mode 100644 components/service/capsule_update/backend/capsule_update_backend.h
create mode 100644 components/service/capsule_update/provider/capsule_update_provider.c
create mode 100644 components/service/capsule_update/provider/capsule_update_provider.h
@@ -280,75 +277,18 @@ index 000000000000..1d412eb234d9
+target_sources(${TGT} PRIVATE
+ "${CMAKE_CURRENT_LIST_DIR}/capsule_update_provider.c"
+ )
diff --git a/deployments/se-proxy/common/se_proxy_sp.c b/deployments/se-proxy/common/se_proxy_sp.c
index a37396f4454b..a38ad6ca3f56 100644
--- a/deployments/se-proxy/common/se_proxy_sp.c
+++ b/deployments/se-proxy/common/se_proxy_sp.c
@@ -77,6 +77,9 @@ void __noreturn sp_main(struct ffa_init_info *init_info)
}
rpc_demux_attach(&rpc_demux, SE_PROXY_INTERFACE_ID_ATTEST, rpc_iface);
+ rpc_iface = capsule_update_proxy_create();
+ rpc_demux_attach(&rpc_demux, SE_PROXY_INTERFACE_ID_CAPSULE_UPDATE, rpc_iface);
+
/* End of boot phase */
result = sp_msg_wait(&req_msg);
if (result != SP_RESULT_OK) {
diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c
index 7edeef8b434a..591cc9eeb59e 100644
--- a/deployments/se-proxy/common/service_proxy_factory.c
+++ b/deployments/se-proxy/common/service_proxy_factory.c
@@ -13,6 +13,7 @@
#include <service/crypto/factory/crypto_provider_factory.h>
#include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h>
#include <trace.h>
+#include <service/capsule_update/provider/capsule_update_provider.h>
/* Stub backends */
#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
@@ -93,3 +94,18 @@ struct rpc_interface *its_proxy_create(void)
return secure_storage_provider_init(&its_provider, backend);
}
+
+struct rpc_interface *capsule_update_proxy_create(void)
+{
+ static struct capsule_update_provider capsule_update_provider;
+ static struct rpc_caller *capsule_update_caller;
+
+ capsule_update_caller = openamp_caller_init(&openamp);
+
+ if (!capsule_update_caller)
+ return NULL;
+
+ capsule_update_provider.client.caller = capsule_update_caller;
+
+ return capsule_update_provider_init(&capsule_update_provider);
+}
diff --git a/deployments/se-proxy/common/service_proxy_factory.h b/deployments/se-proxy/common/service_proxy_factory.h
index 298d407a2371..02aa7fe2550d 100644
--- a/deployments/se-proxy/common/service_proxy_factory.h
+++ b/deployments/se-proxy/common/service_proxy_factory.h
@@ -17,6 +17,7 @@ struct rpc_interface *attest_proxy_create(void);
struct rpc_interface *crypto_proxy_create(void);
struct rpc_interface *ps_proxy_create(void);
struct rpc_interface *its_proxy_create(void);
+struct rpc_interface *capsule_update_proxy_create(void);
#ifdef __cplusplus
}
diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake
index 3dbbc36c968d..f0db2d43f443 100644
--- a/deployments/se-proxy/se-proxy.cmake
+++ b/deployments/se-proxy/se-proxy.cmake
@@ -51,6 +51,7 @@ add_components(TARGET "se-proxy"
"components/service/attestation/provider/serializer/packed-c"
diff --git a/deployments/se-proxy/infra/corstone1000/infra.cmake b/deployments/se-proxy/infra/corstone1000/infra.cmake
index 4e7e2bd58028..e60b5400617f 100644
--- a/deployments/se-proxy/infra/corstone1000/infra.cmake
+++ b/deployments/se-proxy/infra/corstone1000/infra.cmake
@@ -21,6 +21,7 @@ add_components(TARGET "se-proxy"
"components/service/attestation/key_mngr/local"
"components/service/attestation/reporter/psa_ipc"
"components/service/attestation/client/psa_ipc"
"components/service/crypto/backend/psa_ipc"
+ "components/service/capsule_update/provider"
"components/rpc/openamp/caller/sp"
"components/service/secure_storage/backend/secure_storage_ipc"
)
# Stub service provider backends
diff --git a/deployments/se-proxy/se_proxy_interfaces.h b/deployments/se-proxy/se_proxy_interfaces.h
index 48908f846990..3d4a7c204785 100644
--- a/deployments/se-proxy/se_proxy_interfaces.h
@@ -432,5 +372,5 @@ index 000000000000..285d924186be
+
+#endif /* CAPSULE_UPDATE_PARAMETERS_H */
--
2.38.1
2.40.0
meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch → meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch
+4 -4
View File
@@ -1,7 +1,7 @@
From 1a4d46fdc0b5745b9cfb0789e4b778111bd6dbbb Mon Sep 17 00:00:00 2001
From 51a7024967187644011c5043ef0f733cf81b26be Mon Sep 17 00:00:00 2001
From: Satish Kumar <satish.kumar01@arm.com>
Date: Mon, 14 Feb 2022 08:22:25 +0000
Subject: [PATCH 18/20] Fixes in AEAD for psa-arch test 54 and 58.
Subject: [PATCH 2/6] Fixes in AEAD for psa-arch test 54 and 58.
Upstream-Status: Pending [Not submitted to upstream yet]
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
@@ -29,7 +29,7 @@ index c4ffb20cf7f8..a91f66c14008 100644
/* Mandatory input data parameter */
diff --git a/components/service/crypto/include/psa/crypto_sizes.h b/components/service/crypto/include/psa/crypto_sizes.h
index 4d7bf6e959b0..e3c4df2927b3 100644
index 30aa102da581..130d27295878 100644
--- a/components/service/crypto/include/psa/crypto_sizes.h
+++ b/components/service/crypto/include/psa/crypto_sizes.h
@@ -351,7 +351,7 @@
@@ -117,5 +117,5 @@ index 0be266b52403..435fd3b523ce 100644
/* Variable length input parameter tags */
--
2.38.1
2.40.0
meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch
-1091
View File
File diff suppressed because it is too large Load Diff
meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch
-1196
View File
File diff suppressed because it is too large Load Diff
meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch → meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-FMP-Support-in-Corstone1000.patch
+3 -3
View File
@@ -1,7 +1,7 @@
From 70cf374fb55f2d62ecbe28049253df33b42b6749 Mon Sep 17 00:00:00 2001
From 5c8ac10337ac853d8a82992fb6e1d91b122b99d2 Mon Sep 17 00:00:00 2001
From: Satish Kumar <satish.kumar01@arm.com>
Date: Fri, 8 Jul 2022 09:48:06 +0100
Subject: [PATCH 20/20] FMP Support in Corstone1000.
Subject: [PATCH 3/6] FMP Support in Corstone1000.
The FMP support is used by u-boot to pupolate ESRT information
for the kernel.
@@ -414,5 +414,5 @@ index 000000000000..95fba2a04d5c
+
+#endif /* CORSTONE1000_FMP_SERVICE_H */
--
2.38.1
2.40.0
meta-arm-bsp/recipes-security/trusted-services/corstone1000/0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch → meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch
+13 -19
View File
@@ -1,24 +1,25 @@
From ca7d37502f9453125aead14c7ee5181336cbe8f4 Mon Sep 17 00:00:00 2001
From c294197b17358b20c75757b9a06d628f43cd7884 Mon Sep 17 00:00:00 2001
From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
Date: Thu, 9 Feb 2023 00:22:40 +0000
Subject: [PATCH 1/3] TF-Mv1.7 alignment: Align PSA Crypto SIDs
Subject: [PATCH 4/6] TF-Mv1.7 alignment: Align PSA Crypto SIDs
This patch is to change the PSA Crypto SIDs to match the values of the
PSA Crypto SID definitions in TF-M v1.7 running on the secure enclave
Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
Upstream-Status: Pending [Not submitted yet]
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
---
.../service/common/include/psa/crypto_sid.h | 241 ++++++++++++++++++
components/service/common/include/psa/sid.h | 78 +-----
components/service/common/include/psa/sid.h | 76 +-----
.../caller/psa_ipc/crypto_caller_sign_hash.h | 4 +-
.../psa_ipc/crypto_caller_verify_hash.h | 4 +-
4 files changed, 249 insertions(+), 78 deletions(-)
4 files changed, 248 insertions(+), 77 deletions(-)
create mode 100644 components/service/common/include/psa/crypto_sid.h
diff --git a/components/service/common/include/psa/crypto_sid.h b/components/service/common/include/psa/crypto_sid.h
new file mode 100644
index 00000000..5b05f46d
index 000000000000..5b05f46d7d72
--- /dev/null
+++ b/components/service/common/include/psa/crypto_sid.h
@@ -0,0 +1,241 @@
@@ -264,16 +265,9 @@ index 00000000..5b05f46d
+
+#endif /* __PSA_CRYPTO_SID_H__ */
diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
index 8103a9af..50ad070e 100644
index 8e2c6bdf2919..5aaa659d49a0 100644
--- a/components/service/common/include/psa/sid.h
+++ b/components/service/common/include/psa/sid.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -12,6 +12,9 @@
extern "C" {
#endif
@@ -284,9 +278,9 @@ index 8103a9af..50ad070e 100644
/******** TFM_SP_PS ********/
#define TFM_PROTECTED_STORAGE_SERVICE_SID (0x00000060U)
#define TFM_PROTECTED_STORAGE_SERVICE_VERSION (1U)
@@ -43,79 +46,6 @@ extern "C" {
#define TFM_PLATFORM_SERVICE_HANDLE (0x40000105U)
@@ -37,79 +40,6 @@ extern "C" {
#define TFM_CRYPTO_VERSION (1U)
#define TFM_CRYPTO_HANDLE (0x40000100U)
-/**
- * \brief Define a progressive numerical value for each SID which can be used
@@ -365,7 +359,7 @@ index 8103a9af..50ad070e 100644
#define TFM_SP_PLATFORM_SYSTEM_RESET_SID (0x00000040U)
#define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION (1U)
diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
index e4a2b167..9276748d 100644
index 29bd56e60708..bebfe05c7c49 100644
--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
@@ -37,7 +37,7 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex
@@ -387,7 +381,7 @@ index e4a2b167..9276748d 100644
.alg = alg,
};
diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
index cc9279ee..bcd8e0e4 100644
index 66281d588626..d0a3850678cb 100644
--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
@@ -63,7 +63,7 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont
@@ -409,5 +403,5 @@ index cc9279ee..bcd8e0e4 100644
#ifdef __cplusplus
--
2.25.1
2.40.0
meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch
-298
View File
@@ -1,298 +0,0 @@
From fb6d2f33e26c7b6ef88d552feca1f835da3f0df6 Mon Sep 17 00:00:00 2001
From: Vishnu Banavath <vishnu.banavath@arm.com>
Date: Fri, 3 Dec 2021 19:05:18 +0000
Subject: [PATCH 04/20] add psa client definitions for ff-m
Add PSA client definitions in common include to add future
ff-m support.
Upstream-Status: Pending
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
---
.../service/common/include/psa/client.h | 194 ++++++++++++++++++
components/service/common/include/psa/sid.h | 71 +++++++
2 files changed, 265 insertions(+)
create mode 100644 components/service/common/include/psa/client.h
create mode 100644 components/service/common/include/psa/sid.h
diff --git a/components/service/common/include/psa/client.h b/components/service/common/include/psa/client.h
new file mode 100644
index 000000000000..69ccf14f40a3
--- /dev/null
+++ b/components/service/common/include/psa/client.h
@@ -0,0 +1,194 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef SERVICE_PSA_IPC_H
+#define SERVICE_PSA_IPC_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <rpc_caller.h>
+#include <psa/error.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef IOVEC_LEN
+#define IOVEC_LEN(arr) ((uint32_t)(sizeof(arr)/sizeof(arr[0])))
+#endif
+
+/*********************** PSA Client Macros and Types *************************/
+
+typedef int32_t psa_handle_t;
+
+/**
+ * The version of the PSA Framework API that is being used to build the calling
+ * firmware. Only part of features of FF-M v1.1 have been implemented. FF-M v1.1
+ * is compatible with v1.0.
+ */
+#define PSA_FRAMEWORK_VERSION (0x0101u)
+
+/**
+ * Return value from psa_version() if the requested RoT Service is not present
+ * in the system.
+ */
+#define PSA_VERSION_NONE (0u)
+
+/**
+ * The zero-value null handle can be assigned to variables used in clients and
+ * RoT Services, indicating that there is no current connection or message.
+ */
+#define PSA_NULL_HANDLE ((psa_handle_t)0)
+
+/**
+ * Tests whether a handle value returned by psa_connect() is valid.
+ */
+#define PSA_HANDLE_IS_VALID(handle) ((psa_handle_t)(handle) > 0)
+
+/**
+ * Converts the handle value returned from a failed call psa_connect() into
+ * an error code.
+ */
+#define PSA_HANDLE_TO_ERROR(handle) ((psa_status_t)(handle))
+
+/**
+ * Maximum number of input and output vectors for a request to psa_call().
+ */
+#define PSA_MAX_IOVEC (4u)
+
+/**
+ * An IPC message type that indicates a generic client request.
+ */
+#define PSA_IPC_CALL (0)
+
+/**
+ * A read-only input memory region provided to an RoT Service.
+ */
+struct __attribute__ ((__packed__)) psa_invec {
+ uint32_t base; /*!< the start address of the memory buffer */
+ uint32_t len; /*!< the size in bytes */
+};
+
+/**
+ * A writable output memory region provided to an RoT Service.
+ */
+struct __attribute__ ((__packed__)) psa_outvec {
+ uint32_t base; /*!< the start address of the memory buffer */
+ uint32_t len; /*!< the size in bytes */
+};
+
+/*************************** PSA Client API **********************************/
+
+/**
+ * \brief Retrieve the version of the PSA Framework API that is implemented.
+ *
+ * \param[in] rpc_caller RPC caller to use
+ * \return version The version of the PSA Framework implementation
+ * that is providing the runtime services to the
+ * caller. The major and minor version are encoded
+ * as follows:
+ * \arg version[15:8] -- major version number.
+ * \arg version[7:0] -- minor version number.
+ */
+uint32_t psa_framework_version(struct rpc_caller *caller);
+
+/**
+ * \brief Retrieve the version of an RoT Service or indicate that it is not
+ * present on this system.
+ *
+ * \param[in] rpc_caller RPC caller to use
+ * \param[in] sid ID of the RoT Service to query.
+ *
+ * \retval PSA_VERSION_NONE The RoT Service is not implemented, or the
+ * caller is not permitted to access the service.
+ * \retval > 0 The version of the implemented RoT Service.
+ */
+uint32_t psa_version(struct rpc_caller *caller, uint32_t sid);
+
+/**
+ * \brief Connect to an RoT Service by its SID.
+ *
+ * \param[in] rpc_caller RPC caller to use
+ * \param[in] sid ID of the RoT Service to connect to.
+ * \param[in] version Requested version of the RoT Service.
+ *
+ * \retval > 0 A handle for the connection.
+ * \retval PSA_ERROR_CONNECTION_REFUSED The SPM or RoT Service has refused the
+ * connection.
+ * \retval PSA_ERROR_CONNECTION_BUSY The SPM or RoT Service cannot make the
+ * connection at the moment.
+ * \retval "PROGRAMMER ERROR" The call is a PROGRAMMER ERROR if one or more
+ * of the following are true:
+ * \arg The RoT Service ID is not present.
+ * \arg The RoT Service version is not supported.
+ * \arg The caller is not allowed to access the RoT
+ * service.
+ */
+psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
+ uint32_t version);
+
+/**
+ * \brief Call an RoT Service on an established connection.
+ *
+ * \note FF-M 1.0 proposes 6 parameters for psa_call but the secure gateway ABI
+ * support at most 4 parameters. TF-M chooses to encode 'in_len',
+ * 'out_len', and 'type' into a 32-bit integer to improve efficiency.
+ * Compared with struct-based encoding, this method saves extra memory
+ * check and memory copy operation. The disadvantage is that the 'type'
+ * range has to be reduced into a 16-bit integer. So with this encoding,
+ * the valid range for 'type' is 0-32767.
+ *
+ * \param[in] rpc_caller RPC caller to use
+ * \param[in] handle A handle to an established connection.
+ * \param[in] type The request type.
+ * Must be zero( \ref PSA_IPC_CALL) or positive.
+ * \param[in] in_vec Array of input \ref psa_invec structures.
+ * \param[in] in_len Number of input \ref psa_invec structures.
+ * \param[in,out] out_vec Array of output \ref psa_outvec structures.
+ * \param[in] out_len Number of output \ref psa_outvec structures.
+ *
+ * \retval >=0 RoT Service-specific status value.
+ * \retval <0 RoT Service-specific error code.
+ * \retval PSA_ERROR_PROGRAMMER_ERROR The connection has been terminated by the
+ * RoT Service. The call is a PROGRAMMER ERROR if
+ * one or more of the following are true:
+ * \arg An invalid handle was passed.
+ * \arg The connection is already handling a request.
+ * \arg type < 0.
+ * \arg An invalid memory reference was provided.
+ * \arg in_len + out_len > PSA_MAX_IOVEC.
+ * \arg The message is unrecognized by the RoT
+ * Service or incorrectly formatted.
+ */
+psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t handle,
+ int32_t type, const struct psa_invec *in_vec,
+ size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+
+/**
+ * \brief Close a connection to an RoT Service.
+ *
+ * \param[in] rpc_caller RPC caller to use
+ * \param[in] handle A handle to an established connection, or the
+ * null handle.
+ *
+ * \retval void Success.
+ * \retval "PROGRAMMER ERROR" The call is a PROGRAMMER ERROR if one or more
+ * of the following are true:
+ * \arg An invalid handle was provided that is not
+ * the null handle.
+ * \arg The connection is currently handling a
+ * request.
+ */
+void psa_close(struct rpc_caller *caller, psa_handle_t handle);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* SERVICE_PSA_IPC_H */
+
+
diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
new file mode 100644
index 000000000000..aaa973c6e987
--- /dev/null
+++ b/components/service/common/include/psa/sid.h
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __PSA_MANIFEST_SID_H__
+#define __PSA_MANIFEST_SID_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/******** TFM_SP_PS ********/
+#define TFM_PROTECTED_STORAGE_SERVICE_SID (0x00000060U)
+#define TFM_PROTECTED_STORAGE_SERVICE_VERSION (1U)
+#define TFM_PROTECTED_STORAGE_SERVICE_HANDLE (0x40000101U)
+
+/* Invalid UID */
+#define TFM_PS_INVALID_UID 0
+
+/* PS message types that distinguish PS services. */
+#define TFM_PS_SET 1001
+#define TFM_PS_GET 1002
+#define TFM_PS_GET_INFO 1003
+#define TFM_PS_REMOVE 1004
+#define TFM_PS_GET_SUPPORT 1005
+
+/******** TFM_SP_ITS ********/
+#define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_SID (0x00000070U)
+#define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_VERSION (1U)
+#define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE (0x40000102U)
+
+/******** TFM_SP_CRYPTO ********/
+#define TFM_CRYPTO_SID (0x00000080U)
+#define TFM_CRYPTO_VERSION (1U)
+#define TFM_CRYPTO_HANDLE (0x40000100U)
+
+/******** TFM_SP_PLATFORM ********/
+#define TFM_SP_PLATFORM_SYSTEM_RESET_SID (0x00000040U)
+#define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION (1U)
+#define TFM_SP_PLATFORM_IOCTL_SID (0x00000041U)
+#define TFM_SP_PLATFORM_IOCTL_VERSION (1U)
+#define TFM_SP_PLATFORM_NV_COUNTER_SID (0x00000042U)
+#define TFM_SP_PLATFORM_NV_COUNTER_VERSION (1U)
+
+/******** TFM_SP_INITIAL_ATTESTATION ********/
+#define TFM_ATTESTATION_SERVICE_SID (0x00000020U)
+#define TFM_ATTESTATION_SERVICE_VERSION (1U)
+#define TFM_ATTESTATION_SERVICE_HANDLE (0x40000103U)
+
+/******** TFM_SP_FWU ********/
+#define TFM_FWU_WRITE_SID (0x000000A0U)
+#define TFM_FWU_WRITE_VERSION (1U)
+#define TFM_FWU_INSTALL_SID (0x000000A1U)
+#define TFM_FWU_INSTALL_VERSION (1U)
+#define TFM_FWU_ABORT_SID (0x000000A2U)
+#define TFM_FWU_ABORT_VERSION (1U)
+#define TFM_FWU_QUERY_SID (0x000000A3U)
+#define TFM_FWU_QUERY_VERSION (1U)
+#define TFM_FWU_REQUEST_REBOOT_SID (0x000000A4U)
+#define TFM_FWU_REQUEST_REBOOT_VERSION (1U)
+#define TFM_FWU_ACCEPT_SID (0x000000A5U)
+#define TFM_FWU_ACCEPT_VERSION (1U)
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __PSA_MANIFEST_SID_H__ */
--
2.38.1
meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch
-295
View File
@@ -1,295 +0,0 @@
From 0311fc8f131fe7a2b0f4dd9988c610fda47394aa Mon Sep 17 00:00:00 2001
From: Vishnu Banavath <vishnu.banavath@arm.com>
Date: Fri, 3 Dec 2021 19:13:03 +0000
Subject: [PATCH 05/20] Add common service component to ipc support
Add support for inter processor communication for PSA
including, the openamp client side structures lib.
Upstream-Status: Pending
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
---
.../service/common/psa_ipc/component.cmake | 13 ++
.../service/common/psa_ipc/service_psa_ipc.c | 97 +++++++++++++
.../psa_ipc/service_psa_ipc_openamp_lib.h | 131 ++++++++++++++++++
deployments/se-proxy/se-proxy.cmake | 1 +
4 files changed, 242 insertions(+)
create mode 100644 components/service/common/psa_ipc/component.cmake
create mode 100644 components/service/common/psa_ipc/service_psa_ipc.c
create mode 100644 components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h
diff --git a/components/service/common/psa_ipc/component.cmake b/components/service/common/psa_ipc/component.cmake
new file mode 100644
index 000000000000..5a1c9e62e2f0
--- /dev/null
+++ b/components/service/common/psa_ipc/component.cmake
@@ -0,0 +1,13 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+if (NOT DEFINED TGT)
+ message(FATAL_ERROR "mandatory parameter TGT is not defined.")
+endif()
+
+target_sources(${TGT} PRIVATE
+ "${CMAKE_CURRENT_LIST_DIR}/service_psa_ipc.c"
+ )
diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c
new file mode 100644
index 000000000000..e8093c20a523
--- /dev/null
+++ b/components/service/common/psa_ipc/service_psa_ipc.c
@@ -0,0 +1,97 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+#include <string.h>
+#include <trace.h>
+
+#include <protocols/rpc/common/packed-c/status.h>
+#include <psa/error.h>
+#include <rpc_caller.h>
+
+#include <psa/client.h>
+#include "service_psa_ipc_openamp_lib.h"
+
+psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
+ uint32_t version)
+{
+ psa_status_t psa_status = PSA_SUCCESS;
+ struct s_openamp_msg *resp_msg = NULL;
+ struct ns_openamp_msg *req_msg;
+ rpc_call_handle rpc_handle;
+ size_t resp_len;
+ uint8_t *resp;
+ uint8_t *req;
+ int ret;
+
+ rpc_handle = rpc_caller_begin(caller, &req,
+ sizeof(struct ns_openamp_msg));
+ if (!rpc_handle) {
+ EMSG("psa_connect: could not get handle");
+ return PSA_ERROR_GENERIC_ERROR;
+ }
+
+ req_msg = (struct ns_openamp_msg *)req;
+
+ req_msg->call_type = OPENAMP_PSA_CONNECT;
+ req_msg->params.psa_connect_params.sid = sid;
+ req_msg->params.psa_connect_params.version = version;
+
+ ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp,
+ &resp_len);
+ if (ret != TS_RPC_CALL_ACCEPTED) {
+ EMSG("psa_connect: invoke failed: %d", ret);
+ return PSA_ERROR_GENERIC_ERROR;
+ }
+
+ if (psa_status == PSA_SUCCESS)
+ resp_msg = (struct s_openamp_msg *)resp;
+
+ rpc_caller_end(caller, rpc_handle);
+
+ return resp_msg ? (psa_handle_t)resp_msg->reply : PSA_NULL_HANDLE;
+}
+
+psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t handle,
+ int32_t type, const struct psa_invec *in_vec,
+ size_t in_len, struct psa_outvec *out_vec, size_t out_len)
+{
+
+}
+
+void psa_close(struct rpc_caller *caller, psa_handle_t handle)
+{
+ psa_status_t psa_status = PSA_SUCCESS;
+ struct s_openamp_msg *resp_msg = NULL;
+ struct ns_openamp_msg *req_msg;
+ rpc_call_handle rpc_handle;
+ size_t resp_len;
+ uint8_t *resp;
+ uint8_t *req;
+ int ret;
+
+ rpc_handle = rpc_caller_begin(caller, &req,
+ sizeof(struct ns_openamp_msg));
+ if (!rpc_handle) {
+ EMSG("psa_close: could not get handle");
+ return;
+ }
+
+ req_msg = (struct ns_openamp_msg *)req;
+
+ req_msg->call_type = OPENAMP_PSA_CLOSE;
+ req_msg->params.psa_close_params.handle = handle;
+
+ ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp,
+ &resp_len);
+ if (ret != TS_RPC_CALL_ACCEPTED) {
+ EMSG("psa_close: invoke failed: %d", ret);
+ return;
+ }
+
+ rpc_caller_end(caller, rpc_handle);
+}
diff --git a/components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h b/components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h
new file mode 100644
index 000000000000..33ea96660572
--- /dev/null
+++ b/components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h
@@ -0,0 +1,131 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef SERVICE_PSA_IPC_OPENAMP_LIB_H
+#define SERVICE_PSA_IPC_OPENAMP_LIB_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <compiler.h>
+#include <psa/error.h>
+
+#include <stdint.h>
+#include <psa/client.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* PSA client call type value */
+#define OPENAMP_PSA_FRAMEWORK_VERSION (0x1)
+#define OPENAMP_PSA_VERSION (0x2)
+#define OPENAMP_PSA_CONNECT (0x3)
+#define OPENAMP_PSA_CALL (0x4)
+#define OPENAMP_PSA_CLOSE (0x5)
+
+/* Return code of openamp APIs */
+#define OPENAMP_SUCCESS (0)
+#define OPENAMP_MAP_FULL (INT32_MIN + 1)
+#define OPENAMP_MAP_ERROR (INT32_MIN + 2)
+#define OPENAMP_INVAL_PARAMS (INT32_MIN + 3)
+#define OPENAMP_NO_PERMS (INT32_MIN + 4)
+#define OPENAMP_NO_PEND_EVENT (INT32_MIN + 5)
+#define OPENAMP_CHAN_BUSY (INT32_MIN + 6)
+#define OPENAMP_CALLBACK_REG_ERROR (INT32_MIN + 7)
+#define OPENAMP_INIT_ERROR (INT32_MIN + 8)
+
+#define HOLD_INPUT_BUFFER (1) /* IF true, TF-M Library will hold the openamp
+ * buffer so that openamp shared memory buffer
+ * does not get freed.
+ */
+
+/*
+ * This structure holds the parameters used in a PSA client call.
+ */
+typedef struct __packed psa_client_in_params {
+ union {
+ struct __packed {
+ uint32_t sid;
+ } psa_version_params;
+
+ struct __packed {
+ uint32_t sid;
+ uint32_t version;
+ } psa_connect_params;
+
+ struct __packed {
+ psa_handle_t handle;
+ int32_t type;
+ uint32_t in_vec;
+ uint32_t in_len;
+ uint32_t out_vec;
+ uint32_t out_len;
+ } psa_call_params;
+
+ struct __packed {
+ psa_handle_t handle;
+ } psa_close_params;
+ };
+} psa_client_in_params_t;
+
+/* Openamp message passed from NSPE to SPE to deliver a PSA client call */
+struct __packed ns_openamp_msg {
+ uint32_t call_type; /* PSA client call type */
+ struct psa_client_in_params params; /* Contain parameters used in PSA
+ * client call
+ */
+
+ int32_t client_id; /* Optional client ID of the
+ * non-secure caller.
+ * It is required to identify the
+ * non-secure task when NSPE OS
+ * enforces non-secure task
+ * isolation
+ */
+ int32_t request_id; /* This is the unique ID for a
+ * request send to TF-M by the
+ * non-secure core. TF-M forward
+ * the ID back to non-secure on the
+ * reply to a given request. Using
+ * this id, the non-secure library
+ * can identify the request for
+ * which the reply has received.
+ */
+};
+
+/*
+ * This structure holds the location of the out data of the PSA client call.
+ */
+struct __packed psa_client_out_params {
+ uint32_t out_vec;
+ uint32_t out_len;
+};
+
+
+/* Openamp message from SPE to NSPE delivering the reply back for a PSA client
+ * call.
+ */
+struct __packed s_openamp_msg {
+ int32_t request_id; /* Using this id, the non-secure
+ * library identifies the request.
+ * TF-M forwards the same
+ * request-id received on the
+ * initial request.
+ */
+ int32_t reply; /* Reply of the PSA client call */
+ struct psa_client_out_params params; /* Contain out data result of the
+ * PSA client call.
+ */
+};
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* SERVICE_PSA_IPC_OPENAMP_LIB_H */
+
+
diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake
index 34fe5ff1b925..dd0c5d00c21e 100644
--- a/deployments/se-proxy/se-proxy.cmake
+++ b/deployments/se-proxy/se-proxy.cmake
@@ -24,6 +24,7 @@ add_components(TARGET "se-proxy"
"components/service/common/include"
"components/service/common/serializer/protobuf"
"components/service/common/client"
+ "components/service/common/psa_ipc"
"components/service/common/provider"
"components/service/discovery/provider"
"components/service/discovery/provider/serializer/packed-c"
--
2.38.1
meta-arm-bsp/recipes-security/trusted-services/corstone1000/0025-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch → meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch
+68 -67
View File
@@ -1,7 +1,7 @@
From a3e203136e7c552069ae582273e0540a219c105f Mon Sep 17 00:00:00 2001
From 355e9e1425bbe1d4f27eadf81b91ad047d7b42b5 Mon Sep 17 00:00:00 2001
From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
Date: Thu, 9 Feb 2023 00:01:06 +0000
Subject: [PATCH 2/3] TF-Mv1.7 alignment: Align crypto iovec definition
Subject: [PATCH 5/6] TF-Mv1.7 alignment: Align crypto iovec definition
This patch is to align psa_ipc_crypto_pack_iovec with TF-M v1.7
And propagate changes accross psa_ipc functions
@@ -9,6 +9,7 @@ More accuratly change sfn_id to function_id
Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
Upstream-Status: Pending [Not submitted yet]
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
---
.../backend/psa_ipc/crypto_ipc_backend.h | 34 +++++++++----------
.../caller/psa_ipc/crypto_caller_aead.h | 24 ++++++-------
@@ -32,7 +33,7 @@ Upstream-Status: Pending [Not submitted yet]
19 files changed, 73 insertions(+), 73 deletions(-)
diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
index ec25eaf8..aacd3fcc 100644
index 678a35810d71..47243648a99f 100644
--- a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
+++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
@@ -28,23 +28,23 @@ struct psa_ipc_crypto_aead_pack_input {
@@ -77,7 +78,7 @@ index ec25eaf8..aacd3fcc 100644
#define iov_size sizeof(struct psa_ipc_crypto_pack_iovec)
diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
index f6aadd8b..efdffdf7 100644
index 66a2bc958687..f63996a8aad3 100644
--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
@@ -44,7 +44,7 @@ static inline psa_status_t crypto_caller_aead_encrypt(
@@ -102,94 +103,94 @@ index f6aadd8b..efdffdf7 100644
struct rpc_caller *caller = ipc->caller;
psa_status_t status;
struct psa_ipc_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
+ .function_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
.key_id = key,
.alg = alg,
.op_handle = (*op_handle),
@@ -185,7 +185,7 @@ static inline psa_status_t crypto_caller_aead_decrypt_setup(
- .sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
+ .function_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
.key_id = key,
.alg = alg,
.op_handle = (*op_handle),
@@ -186,7 +186,7 @@ static inline psa_status_t crypto_caller_aead_decrypt_setup(
struct rpc_caller *caller = ipc->caller;
psa_status_t status;
struct psa_ipc_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
+ .function_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
.key_id = key,
.alg = alg,
.op_handle = (*op_handle),
@@ -214,7 +214,7 @@ static inline psa_status_t crypto_caller_aead_generate_nonce(
- .sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
+ .function_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
.key_id = key,
.alg = alg,
.op_handle = (*op_handle),
@@ -217,7 +217,7 @@ static inline psa_status_t crypto_caller_aead_generate_nonce(
struct rpc_caller *caller = ipc->caller;
psa_status_t status;
struct psa_ipc_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
+ .function_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
.op_handle = op_handle,
- .sfn_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
+ .function_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
.op_handle = op_handle,
};
@@ -243,7 +243,7 @@ static inline psa_status_t crypto_caller_aead_set_nonce(
@@ -248,7 +248,7 @@ static inline psa_status_t crypto_caller_aead_set_nonce(
struct rpc_caller *caller = ipc->caller;
psa_status_t status;
struct psa_ipc_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_AEAD_SET_NONCE_SID,
+ .function_id = TFM_CRYPTO_AEAD_SET_NONCE_SID,
.op_handle = op_handle,
- .sfn_id = TFM_CRYPTO_AEAD_SET_NONCE_SID,
+ .function_id = TFM_CRYPTO_AEAD_SET_NONCE_SID,
.op_handle = op_handle,
};
@@ -270,7 +270,7 @@ static inline psa_status_t crypto_caller_aead_set_lengths(
@@ -277,7 +277,7 @@ static inline psa_status_t crypto_caller_aead_set_lengths(
struct rpc_caller *caller = ipc->caller;
psa_status_t status;
struct psa_ipc_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
+ .function_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
.ad_length = ad_length,
.plaintext_length = plaintext_length,
.op_handle = op_handle,
@@ -299,7 +299,7 @@ static inline psa_status_t crypto_caller_aead_update_ad(
- .sfn_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
+ .function_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
.ad_length = ad_length,
.plaintext_length = plaintext_length,
.op_handle = op_handle,
@@ -307,7 +307,7 @@ static inline psa_status_t crypto_caller_aead_update_ad(
struct rpc_caller *caller = ipc->caller;
psa_status_t status;
struct psa_ipc_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID,
+ .function_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID,
.op_handle = op_handle,
- .sfn_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID,
+ .function_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID,
.op_handle = op_handle,
};
@@ -339,7 +339,7 @@ static inline psa_status_t crypto_caller_aead_update(
@@ -349,7 +349,7 @@ static inline psa_status_t crypto_caller_aead_update(
struct rpc_caller *caller = ipc->caller;
psa_status_t status;
struct psa_ipc_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_AEAD_UPDATE_SID,
+ .function_id = TFM_CRYPTO_AEAD_UPDATE_SID,
.op_handle = op_handle,
- .sfn_id = TFM_CRYPTO_AEAD_UPDATE_SID,
+ .function_id = TFM_CRYPTO_AEAD_UPDATE_SID,
.op_handle = op_handle,
};
@@ -383,7 +383,7 @@ static inline psa_status_t crypto_caller_aead_finish(
@@ -395,7 +395,7 @@ static inline psa_status_t crypto_caller_aead_finish(
struct rpc_caller *caller = ipc->caller;
psa_status_t status;
struct psa_ipc_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_AEAD_FINISH_SID,
+ .function_id = TFM_CRYPTO_AEAD_FINISH_SID,
.op_handle = op_handle,
- .sfn_id = TFM_CRYPTO_AEAD_FINISH_SID,
+ .function_id = TFM_CRYPTO_AEAD_FINISH_SID,
.op_handle = op_handle,
};
@@ -436,7 +436,7 @@ static inline psa_status_t crypto_caller_aead_verify(
@@ -448,7 +448,7 @@ static inline psa_status_t crypto_caller_aead_verify(
struct rpc_caller *caller = ipc->caller;
psa_status_t status;
struct psa_ipc_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_AEAD_VERIFY_SID,
+ .function_id = TFM_CRYPTO_AEAD_VERIFY_SID,
.op_handle = op_handle,
- .sfn_id = TFM_CRYPTO_AEAD_VERIFY_SID,
+ .function_id = TFM_CRYPTO_AEAD_VERIFY_SID,
.op_handle = op_handle,
};
@@ -482,7 +482,7 @@ static inline psa_status_t crypto_caller_aead_abort(
@@ -494,7 +494,7 @@ static inline psa_status_t crypto_caller_aead_abort(
struct rpc_caller *caller = ipc->caller;
psa_status_t status;
struct psa_ipc_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_AEAD_ABORT_SID,
+ .function_id = TFM_CRYPTO_AEAD_ABORT_SID,
.op_handle = op_handle,
- .sfn_id = TFM_CRYPTO_AEAD_ABORT_SID,
+ .function_id = TFM_CRYPTO_AEAD_ABORT_SID,
.op_handle = op_handle,
};
diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h
index ff01815c..c387eb55 100644
index d3e43b25f7e5..03682e7cdaa0 100644
--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h
+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h
@@ -38,7 +38,7 @@ static inline psa_status_t crypto_caller_asymmetric_decrypt(
@@ -202,7 +203,7 @@ index ff01815c..c387eb55 100644
.alg = alg,
};
diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h
index 1daf1689..8eb3de45 100644
index 124b088f94d8..60f5770e3a1e 100644
--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h
+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h
@@ -38,7 +38,7 @@ static inline psa_status_t crypto_caller_asymmetric_encrypt(
@@ -215,7 +216,7 @@ index 1daf1689..8eb3de45 100644
.alg = alg,
};
diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
index fbefb28d..20aa46a5 100644
index 8d906aeef2a0..4f885f3445ab 100644
--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
@@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_cipher_encrypt_setup(
@@ -282,7 +283,7 @@ index fbefb28d..20aa46a5 100644
};
struct psa_invec in_vec[] = {
diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h
index 9a988171..48157d7e 100644
index b2e57e1e7255..71cf4381dfe5 100644
--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h
+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h
@@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_copy_key(struct service_client *context
@@ -295,7 +296,7 @@ index 9a988171..48157d7e 100644
};
struct psa_invec in_vec[] = {
diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h
index d00f4faa..6d0a05e6 100644
index 94a01580b482..85bd2b4cde97 100644
--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h
+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h
@@ -31,7 +31,7 @@ static inline psa_status_t crypto_caller_destroy_key(struct service_client *cont
@@ -308,7 +309,7 @@ index d00f4faa..6d0a05e6 100644
};
struct psa_invec in_vec[] = {
diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h
index 8ac5477f..9a6b7013 100644
index b6dfda38bc23..5e9543085139 100644
--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h
+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h
@@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_export_key(struct service_client *conte
@@ -321,7 +322,7 @@ index 8ac5477f..9a6b7013 100644
};
struct psa_invec in_vec[] = {
diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h
index b24c47f1..52bdd757 100644
index d154db89bf0b..349dc6cb949c 100644
--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h
+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h
@@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_export_public_key(struct service_client
@@ -334,7 +335,7 @@ index b24c47f1..52bdd757 100644
};
struct psa_invec in_vec[] = {
diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h
index 1b66ed40..7ed1673b 100644
index 41dc3a1806ec..31c6901ab88a 100644
--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h
+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h
@@ -32,7 +32,7 @@ static inline psa_status_t crypto_caller_generate_key(struct service_client *con
@@ -347,7 +348,7 @@ index 1b66ed40..7ed1673b 100644
struct psa_invec in_vec[] = {
{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h
index 7c538237..4fb87aa8 100644
index 50437327ec2a..ce51ded30b1f 100644
--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h
+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h
@@ -32,7 +32,7 @@ static inline psa_status_t crypto_caller_generate_random(struct service_client *
@@ -360,7 +361,7 @@ index 7c538237..4fb87aa8 100644
struct psa_invec in_vec[] = {
{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h
index 22f1d18f..2caa3bd3 100644
index 3531bd06147f..ea90af7df782 100644
--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h
+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h
@@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_get_key_attributes(
@@ -373,7 +374,7 @@ index 22f1d18f..2caa3bd3 100644
};
struct psa_invec in_vec[] = {
diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
index 9f37908a..4fb60d44 100644
index f63e9812af6c..f7ffaf38c7d0 100644
--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
@@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_hash_setup(
@@ -431,7 +432,7 @@ index 9f37908a..4fb60d44 100644
};
struct psa_invec in_vec[] = {
diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h
index d4703366..1458163c 100644
index 72a43c428adf..0c946a25488f 100644
--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h
+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h
@@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_import_key(struct service_client *conte
@@ -444,7 +445,7 @@ index d4703366..1458163c 100644
struct psa_invec in_vec[] = {
{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h
index 5ce4fb6c..16be9916 100644
index cacadf09d2c4..8bc32977535d 100644
--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h
+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h
@@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_key_derivation_setup(
@@ -538,7 +539,7 @@ index 5ce4fb6c..16be9916 100644
.key_id = private_key,
};
diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h
index 3a820192..30222800 100644
index a0092bfd94e7..596923387596 100644
--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h
+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h
@@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_mac_sign_setup(
@@ -596,7 +597,7 @@ index 3a820192..30222800 100644
};
struct psa_invec in_vec[] = {
diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h
index a3a796e2..f6ab0978 100644
index 36a01765b1a3..b5894e06d1ff 100644
--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h
+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h
@@ -31,7 +31,7 @@ static inline psa_status_t crypto_caller_purge_key(struct service_client *contex
@@ -609,7 +610,7 @@ index a3a796e2..f6ab0978 100644
};
struct psa_invec in_vec[] = {
diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
index 9276748d..8b53e3dc 100644
index bebfe05c7c49..254ee5a90d89 100644
--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
@@ -37,7 +37,7 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex
@@ -631,7 +632,7 @@ index 9276748d..8b53e3dc 100644
.alg = alg,
};
diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
index bcd8e0e4..c9ed865b 100644
index d0a3850678cb..515f2a8da39f 100644
--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
@@ -31,13 +31,13 @@ static inline psa_status_t crypto_caller_common(struct service_client *context,
@@ -651,5 +652,5 @@ index bcd8e0e4..c9ed865b 100644
.alg = alg,
};
--
2.25.1
2.40.0
meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch
-523
View File
@@ -1,523 +0,0 @@
From ed4371d63cb52c121be9678bc225055944286c30 Mon Sep 17 00:00:00 2001
From: Vishnu Banavath <vishnu.banavath@arm.com>
Date: Fri, 3 Dec 2021 19:19:24 +0000
Subject: [PATCH 06/20] Add secure storage ipc backend
Add secure storage ipc ff-m implementation which may use
openamp as rpc to communicate with other processor.
Upstream-Status: Pending
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
---
.../service/common/psa_ipc/service_psa_ipc.c | 143 +++++++++++-
.../secure_storage_ipc/component.cmake | 14 ++
.../secure_storage_ipc/secure_storage_ipc.c | 214 ++++++++++++++++++
.../secure_storage_ipc/secure_storage_ipc.h | 52 +++++
deployments/se-proxy/se-proxy.cmake | 1 +
5 files changed, 420 insertions(+), 4 deletions(-)
create mode 100644 components/service/secure_storage/backend/secure_storage_ipc/component.cmake
create mode 100644 components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
create mode 100644 components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c
index e8093c20a523..95a07c135f31 100644
--- a/components/service/common/psa_ipc/service_psa_ipc.c
+++ b/components/service/common/psa_ipc/service_psa_ipc.c
@@ -16,6 +16,52 @@
#include <psa/client.h>
#include "service_psa_ipc_openamp_lib.h"
+static struct psa_invec *psa_call_in_vec_param(uint8_t *req)
+{
+ return (struct psa_invec *)(req + sizeof(struct ns_openamp_msg));
+}
+
+static struct psa_outvec *psa_call_out_vec_param(uint8_t *req, size_t in_len)
+{
+ return (struct psa_outvec *)(req + sizeof(struct ns_openamp_msg) +
+ (in_len * sizeof(struct psa_invec)));
+}
+
+static size_t psa_call_header_len(const struct psa_invec *in_vec, size_t in_len,
+ struct psa_outvec *out_vec, size_t out_len)
+{
+ return sizeof(struct ns_openamp_msg) + (in_len * sizeof(*in_vec)) +
+ (out_len * sizeof(*out_vec));
+}
+
+static size_t psa_call_in_vec_len(const struct psa_invec *in_vec, size_t in_len)
+{
+ size_t req_len = 0;
+ int i;
+
+ if (!in_vec || !in_len)
+ return 0;
+
+ for (i = 0; i < in_len; i++)
+ req_len += in_vec[i].len;
+
+ return req_len;
+}
+
+static size_t psa_call_out_vec_len(const struct psa_outvec *out_vec, size_t out_len)
+{
+ size_t resp_len = 0;
+ int i;
+
+ if (!out_vec || !out_len)
+ return 0;
+
+ for (i = 0; i < out_len; i++)
+ resp_len += out_vec[i].len;
+
+ return resp_len;
+}
+
psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
uint32_t version)
{
@@ -31,7 +77,7 @@ psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
rpc_handle = rpc_caller_begin(caller, &req,
sizeof(struct ns_openamp_msg));
if (!rpc_handle) {
- EMSG("psa_connect: could not get handle");
+ EMSG("psa_connect: could not get rpc handle");
return PSA_ERROR_GENERIC_ERROR;
}
@@ -56,14 +102,100 @@ psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
return resp_msg ? (psa_handle_t)resp_msg->reply : PSA_NULL_HANDLE;
}
-psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t handle,
+psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle,
int32_t type, const struct psa_invec *in_vec,
size_t in_len, struct psa_outvec *out_vec, size_t out_len)
{
+ psa_status_t psa_status = PSA_SUCCESS;
+ struct s_openamp_msg *resp_msg = NULL;
+ struct psa_outvec *out_vec_param;
+ struct psa_invec *in_vec_param;
+ struct ns_openamp_msg *req_msg;
+ rpc_call_handle rpc_handle;
+ size_t out_vec_len;
+ size_t in_vec_len;
+ size_t header_len;
+ uint8_t *payload;
+ size_t resp_len;
+ uint8_t *resp;
+ uint8_t *req;
+ int ret;
+ int i;
+
+ if ((psa_handle == PSA_NULL_HANDLE) || !caller)
+ return PSA_ERROR_INVALID_ARGUMENT;
+
+ header_len = psa_call_header_len(in_vec, in_len, out_vec, out_len);
+ in_vec_len = psa_call_in_vec_len(in_vec, in_len);
+ out_vec_len = psa_call_out_vec_len(out_vec, out_len);
+ rpc_handle = rpc_caller_begin(caller, &req, header_len + in_vec_len);
+ if (!rpc_handle) {
+ EMSG("psa_call: could not get handle");
+ return PSA_ERROR_GENERIC_ERROR;
+ }
+
+ payload = req + header_len;
+
+ out_vec_param = psa_call_out_vec_param(req, in_len);
+ in_vec_param = psa_call_in_vec_param(req);
+
+ req_msg = (struct ns_openamp_msg *)req;
+
+ req_msg->call_type = OPENAMP_PSA_CALL;
+ req_msg->request_id = 1234;
+ req_msg->params.psa_call_params.handle = psa_handle;
+ req_msg->params.psa_call_params.type = type;
+ req_msg->params.psa_call_params.in_len = in_len;
+ req_msg->params.psa_call_params.in_vec = rpc_caller_virt_to_phys(caller, in_vec_param);
+ req_msg->params.psa_call_params.out_len = out_len;
+ req_msg->params.psa_call_params.out_vec = rpc_caller_virt_to_phys(caller, out_vec_param);
+
+ for (i = 0; i < in_len; i++) {
+ in_vec_param[i].base = rpc_caller_virt_to_phys(caller, payload);
+ in_vec_param[i].len = in_vec[i].len;
+
+ memcpy(payload, in_vec[i].base, in_vec[i].len);
+ payload += in_vec[i].len;
+ }
+
+ for (i = 0; i < out_len; i++) {
+ out_vec_param[i].base = NULL;
+ out_vec_param[i].len = out_vec[i].len;
+ }
+
+ ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp,
+ &resp_len);
+ if (ret != TS_RPC_CALL_ACCEPTED) {
+ EMSG("psa_call: invoke failed: %d", ret);
+ return PSA_ERROR_GENERIC_ERROR;
+ }
+
+ if (psa_status != PSA_SUCCESS) {
+ EMSG("psa_call: psa_status invoke failed: %d", psa_status);
+ return PSA_ERROR_GENERIC_ERROR;
+ }
+
+ resp_msg = (struct s_openamp_msg *)resp;
+
+ if (!resp_msg || !out_len || resp_msg->reply != PSA_SUCCESS)
+ goto caller_end;
+
+ out_vec_param = (struct psa_outvec *)rpc_caller_phys_to_virt(caller,
+ resp_msg->params.out_vec);
+
+ for (i = 0; i < resp_msg->params.out_len; i++) {
+ memcpy(out_vec[i].base, rpc_caller_phys_to_virt(caller, out_vec_param[i].base),
+ out_vec[i].len);
+ }
+
+caller_end:
+ rpc_caller_end(caller, rpc_handle);
+
+ return resp_msg ? resp_msg->reply : PSA_ERROR_COMMUNICATION_FAILURE;
}
-void psa_close(struct rpc_caller *caller, psa_handle_t handle)
+void psa_close(struct rpc_caller *caller, psa_handle_t psa_handle)
{
psa_status_t psa_status = PSA_SUCCESS;
struct s_openamp_msg *resp_msg = NULL;
@@ -74,6 +206,9 @@ void psa_close(struct rpc_caller *caller, psa_handle_t handle)
uint8_t *req;
int ret;
+ if ((psa_handle == PSA_NULL_HANDLE) || !caller)
+ return;
+
rpc_handle = rpc_caller_begin(caller, &req,
sizeof(struct ns_openamp_msg));
if (!rpc_handle) {
@@ -84,7 +219,7 @@ void psa_close(struct rpc_caller *caller, psa_handle_t handle)
req_msg = (struct ns_openamp_msg *)req;
req_msg->call_type = OPENAMP_PSA_CLOSE;
- req_msg->params.psa_close_params.handle = handle;
+ req_msg->params.psa_close_params.handle = psa_handle;
ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp,
&resp_len);
diff --git a/components/service/secure_storage/backend/secure_storage_ipc/component.cmake b/components/service/secure_storage/backend/secure_storage_ipc/component.cmake
new file mode 100644
index 000000000000..5d8f6714e0bd
--- /dev/null
+++ b/components/service/secure_storage/backend/secure_storage_ipc/component.cmake
@@ -0,0 +1,14 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+if (NOT DEFINED TGT)
+ message(FATAL_ERROR "mandatory parameter TGT is not defined.")
+endif()
+
+target_sources(${TGT} PRIVATE
+ "${CMAKE_CURRENT_LIST_DIR}/secure_storage_ipc.c"
+ )
+
diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
new file mode 100644
index 000000000000..9b55f77dd395
--- /dev/null
+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
@@ -0,0 +1,214 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <protocols/rpc/common/packed-c/status.h>
+#include "secure_storage_ipc.h"
+#include <psa/client.h>
+#include <psa/sid.h>
+#include <rpc_caller.h>
+#include <string.h>
+#include <trace.h>
+
+
+static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id,
+ psa_storage_uid_t uid, size_t data_length,
+ const void *p_data, psa_storage_create_flags_t create_flags)
+{
+ struct secure_storage_ipc *ipc = context;
+ struct rpc_caller *caller = ipc->client.caller;
+ psa_handle_t psa_handle;
+ psa_status_t psa_status;
+ struct psa_invec in_vec[] = {
+ { .base = &uid, .len = sizeof(uid) },
+ { .base = p_data, .len = data_length },
+ { .base = &create_flags, .len = sizeof(create_flags) },
+ };
+
+ (void)client_id;
+
+ ipc->client.rpc_status = TS_RPC_CALL_ACCEPTED;
+
+ /* Validating input parameters */
+ if (p_data == NULL)
+ return PSA_ERROR_INVALID_ARGUMENT;
+
+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
+ TFM_PS_SET, in_vec, IOVEC_LEN(in_vec), NULL, 0);
+ if (psa_status < 0)
+ EMSG("ipc_set: psa_call failed: %d", psa_status);
+
+ return psa_status;
+}
+
+static psa_status_t secure_storage_ipc_get(void *context,
+ uint32_t client_id,
+ psa_storage_uid_t uid,
+ size_t data_offset,
+ size_t data_size,
+ void *p_data,
+ size_t *p_data_length)
+{
+ struct secure_storage_ipc *ipc = context;
+ struct rpc_caller *caller = ipc->client.caller;
+ psa_handle_t psa_handle;
+ psa_status_t psa_status;
+ uint32_t offset = (uint32_t)data_offset;
+ struct psa_invec in_vec[] = {
+ { .base = &uid, .len = sizeof(uid) },
+ { .base = &offset, .len = sizeof(offset) },
+ };
+ struct psa_outvec out_vec[] = {
+ { .base = p_data, .len = data_size },
+ };
+
+ if (!p_data_length) {
+ EMSG("ipc_get: p_data_length not defined");
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+
+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
+ TFM_PS_GET, in_vec, IOVEC_LEN(in_vec),
+ out_vec, IOVEC_LEN(out_vec));
+ if (psa_status == PSA_SUCCESS)
+ *p_data_length = out_vec[0].len;
+
+ return psa_status;
+}
+
+static psa_status_t secure_storage_ipc_get_info(void *context,
+ uint32_t client_id,
+ psa_storage_uid_t uid,
+ struct psa_storage_info_t *p_info)
+{
+ struct secure_storage_ipc *ipc = context;
+ struct rpc_caller *caller = ipc->client.caller;
+ psa_handle_t psa_handle;
+ psa_status_t psa_status;
+ struct psa_invec in_vec[] = {
+ { .base = &uid, .len = sizeof(uid) },
+ };
+ struct psa_outvec out_vec[] = {
+ { .base = p_info, .len = sizeof(*p_info) },
+ };
+
+ (void)client_id;
+
+ /* Validating input parameters */
+ if (!p_info)
+ return PSA_ERROR_INVALID_ARGUMENT;
+
+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
+ TFM_PS_GET_INFO, in_vec,
+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
+ if (psa_status != PSA_SUCCESS)
+ EMSG("ipc_get_info: failed to psa_call: %d", psa_status);
+
+ return psa_status;
+}
+
+static psa_status_t secure_storage_ipc_remove(void *context,
+ uint32_t client_id,
+ psa_storage_uid_t uid)
+{
+ struct secure_storage_ipc *ipc = context;
+ struct rpc_caller *caller = ipc->client.caller;
+ psa_handle_t psa_handle;
+ psa_status_t psa_status;
+ struct psa_invec in_vec[] = {
+ { .base = &uid, .len = sizeof(uid) },
+ };
+
+ (void)client_id;
+
+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
+ TFM_PS_REMOVE, in_vec,
+ IOVEC_LEN(in_vec), NULL, 0);
+ if (psa_status != PSA_SUCCESS)
+ EMSG("ipc_remove: failed to psa_call: %d", psa_status);
+
+ return psa_status;
+}
+
+static psa_status_t secure_storage_ipc_create(void *context,
+ uint32_t client_id,
+ uint64_t uid,
+ size_t capacity,
+ uint32_t create_flags)
+{
+ (void)context;
+ (void)uid;
+ (void)client_id;
+ (void)capacity;
+ (void)create_flags;
+
+ return PSA_ERROR_NOT_SUPPORTED;
+}
+
+static psa_status_t secure_storage_set_extended(void *context,
+ uint32_t client_id,
+ uint64_t uid,
+ size_t data_offset,
+ size_t data_length,
+ const void *p_data)
+{
+ (void)context;
+ (void)uid;
+ (void)client_id;
+ (void)data_offset;
+ (void)data_length;
+ (void)p_data;
+
+ return PSA_ERROR_NOT_SUPPORTED;
+}
+
+static uint32_t secure_storage_get_support(void *context, uint32_t client_id)
+{
+ struct secure_storage_ipc *ipc = context;
+ struct rpc_caller *caller = ipc->client.caller;
+ psa_handle_t psa_handle;
+ psa_status_t psa_status;
+ uint32_t support_flags;
+ struct psa_outvec out_vec[] = {
+ { .base = &support_flags, .len = sizeof(support_flags) },
+ };
+
+ (void)client_id;
+
+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
+ TFM_PS_GET_SUPPORT, NULL, 0,
+ out_vec, IOVEC_LEN(out_vec));
+ if (psa_status != PSA_SUCCESS)
+ EMSG("ipc_get_support: failed to psa_call: %d", psa_status);
+
+ return psa_status;
+}
+
+struct storage_backend *secure_storage_ipc_init(struct secure_storage_ipc *context,
+ struct rpc_caller *caller)
+{
+ service_client_init(&context->client, caller);
+
+ static const struct storage_backend_interface interface =
+ {
+ .set = secure_storage_ipc_set,
+ .get = secure_storage_ipc_get,
+ .get_info = secure_storage_ipc_get_info,
+ .remove = secure_storage_ipc_remove,
+ .create = secure_storage_ipc_create,
+ .set_extended = secure_storage_set_extended,
+ .get_support = secure_storage_get_support,
+ };
+
+ context->backend.context = context;
+ context->backend.interface = &interface;
+
+ return &context->backend;
+}
+
+void secure_storage_ipc_deinit(struct secure_storage_ipc *context)
+{
+ service_client_deinit(&context->client);
+}
diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
new file mode 100644
index 000000000000..e8c1e8fd2f92
--- /dev/null
+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef SECURE_STORAGE_IPC_H
+#define SECURE_STORAGE_IPC_H
+
+#include <service/secure_storage/backend/storage_backend.h>
+#include <service/common/client/service_client.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief Secure storage ipc instance
+ */
+struct secure_storage_ipc
+{
+ struct storage_backend backend;
+ struct service_client client;
+};
+
+/**
+ * @brief Initialize a secure storage ipc client
+ *
+ * A secure storage client is a storage backend that makes RPC calls
+ * to a remote secure storage provider.
+ *
+ * @param[in] context Instance data
+ * @param[in] rpc_caller RPC caller instance
+ *
+ *
+ * @return Pointer to inialized storage backend or NULL on failure
+ */
+struct storage_backend *secure_storage_ipc_init(struct secure_storage_ipc *context,
+ struct rpc_caller *caller);
+
+/**
+ * @brief Deinitialize a secure storage ipc client
+ *
+ * @param[in] context Instance data
+ */
+void secure_storage_ipc_deinit(struct secure_storage_ipc *context);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* SECURE_STORAGE_IPC_H */
diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake
index dd0c5d00c21e..cd51460406ca 100644
--- a/deployments/se-proxy/se-proxy.cmake
+++ b/deployments/se-proxy/se-proxy.cmake
@@ -45,6 +45,7 @@ add_components(TARGET "se-proxy"
"components/service/crypto/factory/full"
"components/service/secure_storage/include"
"components/service/secure_storage/frontend/secure_storage_provider"
+ "components/service/secure_storage/backend/secure_storage_ipc"
"components/service/attestation/include"
"components/service/attestation/provider"
"components/service/attestation/provider/serializer/packed-c"
--
2.38.1
meta-arm-bsp/recipes-security/trusted-services/corstone1000/0026-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch → meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch
+20 -19
View File
@@ -1,7 +1,7 @@
From ee7e13dcc14110aa16f7c6453cfe72f088857ed2 Mon Sep 17 00:00:00 2001
From 507008e501c4f5bea0841547a052b3dffd86eb20 Mon Sep 17 00:00:00 2001
From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
Date: Thu, 9 Feb 2023 00:34:23 +0000
Subject: [PATCH 3/3] TF-Mv1.7 alignment: PSA crypto client in/out_vec
Subject: [PATCH 6/6] TF-Mv1.7 alignment: PSA crypto client in/out_vec
Few psa crypto operations have different in/out_vec expectations
This patch is fixing the differences between psa crypto client in TS
@@ -20,6 +20,7 @@ operations:
Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
Upstream-Status: Pending [Not submitted yet]
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
---
.../crypto/client/caller/psa_ipc/crypto_caller_aead.h | 6 ++----
.../crypto/client/caller/psa_ipc/crypto_caller_cipher.h | 6 ++----
@@ -27,44 +28,44 @@ Upstream-Status: Pending [Not submitted yet]
3 files changed, 6 insertions(+), 8 deletions(-)
diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
index efdffdf7..e862c2de 100644
index f63996a8aad3..393ba447663a 100644
--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
@@ -222,14 +222,13 @@ static inline psa_status_t crypto_caller_aead_generate_nonce(
{.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
@@ -226,14 +226,13 @@ static inline psa_status_t crypto_caller_aead_generate_nonce(
.len = sizeof(struct psa_ipc_crypto_pack_iovec) },
};
struct psa_outvec out_vec[] = {
- {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
{.base = psa_ptr_to_u32(nonce), .len = nonce_size}
- { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
{ .base = psa_ptr_to_u32(nonce), .len = nonce_size },
};
status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
- *nonce_length = out_vec[1].len;
+ *nonce_length = out_vec[0].len;
return status;
}
@@ -353,7 +352,6 @@ static inline psa_status_t crypto_caller_aead_update(
{.base = psa_ptr_const_to_u32(input), .len = input_length}
@@ -364,7 +363,6 @@ static inline psa_status_t crypto_caller_aead_update(
{ .base = psa_ptr_const_to_u32(input), .len = input_length },
};
struct psa_outvec out_vec[] = {
- {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
{.base = psa_ptr_const_to_u32(output), .len = output_size},
- { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
{ .base = psa_ptr_const_to_u32(output), .len = output_size },
};
@@ -365,7 +363,7 @@ static inline psa_status_t crypto_caller_aead_update(
@@ -376,7 +374,7 @@ static inline psa_status_t crypto_caller_aead_update(
status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
in_len, out_vec, IOVEC_LEN(out_vec));
in_len, out_vec, IOVEC_LEN(out_vec));
- *output_length = out_vec[1].len;
+ *output_length = out_vec[0].len;
return status;
}
diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
index 20aa46a5..948865e4 100644
index 4f885f3445ab..0d32444b6bbf 100644
--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
@@ -98,14 +98,13 @@ static inline psa_status_t crypto_caller_cipher_generate_iv(
@@ -100,7 +101,7 @@ index 20aa46a5..948865e4 100644
return status;
}
diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
index 4fb60d44..1e422130 100644
index f7ffaf38c7d0..77ef4ead1d03 100644
--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
@@ -172,6 +172,8 @@ static inline psa_status_t crypto_caller_hash_clone(
@@ -113,5 +114,5 @@ index 4fb60d44..1e422130 100644
struct psa_outvec out_vec[] = {
{ .base = psa_ptr_to_u32(target_op_handle),
--
2.25.1
2.40.0
meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch
-63
View File
@@ -1,63 +0,0 @@
From d1377a5ed909e3a1d9caca56aeda262a80322a4b Mon Sep 17 00:00:00 2001
From: Vishnu Banavath <vishnu.banavath@arm.com>
Date: Fri, 3 Dec 2021 19:25:34 +0000
Subject: [PATCH 07/20] Use secure storage ipc and openamp for se_proxy
Remove mock up backend for secure storage in se proxy
deployment and use instead the secure storage ipc backend with
openamp as rpc to secure enclave side.
Upstream-Status: Pending
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
---
.../se-proxy/common/service_proxy_factory.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c
index acfb6e8873fa..57290056d614 100644
--- a/deployments/se-proxy/common/service_proxy_factory.c
+++ b/deployments/se-proxy/common/service_proxy_factory.c
@@ -6,15 +6,20 @@
#include <stddef.h>
#include <rpc/common/endpoint/rpc_interface.h>
+#include <rpc/openamp/caller/sp/openamp_caller.h>
#include <service/attestation/provider/attest_provider.h>
#include <service/attestation/provider/serializer/packed-c/packedc_attest_provider_serializer.h>
#include <service/crypto/factory/crypto_provider_factory.h>
#include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h>
+#include <trace.h>
/* Stub backends */
#include <service/crypto/backend/stub/stub_crypto_backend.h>
+#include <service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h>
#include <service/secure_storage/backend/mock_store/mock_store.h>
+struct openamp_caller openamp;
+
struct rpc_interface *attest_proxy_create(void)
{
struct rpc_interface *attest_iface;
@@ -47,10 +52,15 @@ struct rpc_interface *crypto_proxy_create(void)
struct rpc_interface *ps_proxy_create(void)
{
- static struct mock_store ps_backend;
static struct secure_storage_provider ps_provider;
-
- struct storage_backend *backend = mock_store_init(&ps_backend);
+ static struct secure_storage_ipc ps_backend;
+ static struct rpc_caller *storage_caller;
+ struct storage_backend *backend;
+
+ storage_caller = openamp_caller_init(&openamp);
+ if (!storage_caller)
+ return NULL;
+ backend = secure_storage_ipc_init(&ps_backend, &openamp.rpc_caller);
return secure_storage_provider_init(&ps_provider, backend);
}
--
2.38.1
meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch
-72
View File
@@ -1,72 +0,0 @@
From 1b50ab6b6ff1c6f27ab320e18fb0d4aeb1122f0d Mon Sep 17 00:00:00 2001
From: Satish Kumar <satish.kumar01@arm.com>
Date: Sun, 12 Dec 2021 10:43:48 +0000
Subject: [PATCH 08/20] Run psa-arch-test
Fixes needed to run psa-arch-test
Upstream-Status: Pending
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
---
components/service/common/psa_ipc/service_psa_ipc.c | 1 +
.../backend/secure_storage_ipc/secure_storage_ipc.c | 8 --------
.../service/secure_storage/include/psa/storage_common.h | 4 ++--
3 files changed, 3 insertions(+), 10 deletions(-)
diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c
index 95a07c135f31..5e5815dbc9cf 100644
--- a/components/service/common/psa_ipc/service_psa_ipc.c
+++ b/components/service/common/psa_ipc/service_psa_ipc.c
@@ -185,6 +185,7 @@ psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle,
resp_msg->params.out_vec);
for (i = 0; i < resp_msg->params.out_len; i++) {
+ out_vec[i].len = out_vec_param[i].len;
memcpy(out_vec[i].base, rpc_caller_phys_to_virt(caller, out_vec_param[i].base),
out_vec[i].len);
}
diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
index 9b55f77dd395..a1f369db253e 100644
--- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
@@ -31,10 +31,6 @@ static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id,
ipc->client.rpc_status = TS_RPC_CALL_ACCEPTED;
- /* Validating input parameters */
- if (p_data == NULL)
- return PSA_ERROR_INVALID_ARGUMENT;
-
psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
TFM_PS_SET, in_vec, IOVEC_LEN(in_vec), NULL, 0);
if (psa_status < 0)
@@ -96,10 +92,6 @@ static psa_status_t secure_storage_ipc_get_info(void *context,
(void)client_id;
- /* Validating input parameters */
- if (!p_info)
- return PSA_ERROR_INVALID_ARGUMENT;
-
psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
TFM_PS_GET_INFO, in_vec,
IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
diff --git a/components/service/secure_storage/include/psa/storage_common.h b/components/service/secure_storage/include/psa/storage_common.h
index 4f6ba2a7d822..1fd6b40dc803 100644
--- a/components/service/secure_storage/include/psa/storage_common.h
+++ b/components/service/secure_storage/include/psa/storage_common.h
@@ -20,8 +20,8 @@ typedef uint64_t psa_storage_uid_t;
typedef uint32_t psa_storage_create_flags_t;
struct psa_storage_info_t {
- size_t capacity;
- size_t size;
+ uint32_t capacity;
+ uint32_t size;
psa_storage_create_flags_t flags;
};
--
2.38.1
meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch
-168
View File
@@ -1,168 +0,0 @@
From a6fba503ffddae004e23b32559212e749e8586f6 Mon Sep 17 00:00:00 2001
From: Satish Kumar <satish.kumar01@arm.com>
Date: Sun, 12 Dec 2021 10:57:17 +0000
Subject: [PATCH 09/20] Use address instead of pointers
Since secure enclave is 32bit and we 64bit there is an issue
in the protocol communication design that force us to handle
on our side the manipulation of address and pointers to make
this work.
Upstream-Status: Pending
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
---
.../service/common/include/psa/client.h | 15 ++++++++++++++
.../service/common/psa_ipc/service_psa_ipc.c | 20 ++++++++++++-------
.../secure_storage_ipc/secure_storage_ipc.c | 20 +++++++++----------
3 files changed, 38 insertions(+), 17 deletions(-)
diff --git a/components/service/common/include/psa/client.h b/components/service/common/include/psa/client.h
index 69ccf14f40a3..12dcd68f8a76 100644
--- a/components/service/common/include/psa/client.h
+++ b/components/service/common/include/psa/client.h
@@ -81,6 +81,21 @@ struct __attribute__ ((__packed__)) psa_outvec {
uint32_t len; /*!< the size in bytes */
};
+static void *psa_u32_to_ptr(uint32_t addr)
+{
+ return (void *)(uintptr_t)addr;
+}
+
+static uint32_t psa_ptr_to_u32(void *ptr)
+{
+ return (uintptr_t)ptr;
+}
+
+static uint32_t psa_ptr_const_to_u32(const void *ptr)
+{
+ return (uintptr_t)ptr;
+}
+
/*************************** PSA Client API **********************************/
/**
diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c
index 5e5815dbc9cf..435c6c0a2eba 100644
--- a/components/service/common/psa_ipc/service_psa_ipc.c
+++ b/components/service/common/psa_ipc/service_psa_ipc.c
@@ -62,6 +62,11 @@ static size_t psa_call_out_vec_len(const struct psa_outvec *out_vec, size_t out_
return resp_len;
}
+static uint32_t psa_virt_to_phys_u32(struct rpc_caller *caller, void *va)
+{
+ return (uintptr_t)rpc_caller_virt_to_phys(caller, va);
+}
+
psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
uint32_t version)
{
@@ -147,20 +152,20 @@ psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle,
req_msg->params.psa_call_params.handle = psa_handle;
req_msg->params.psa_call_params.type = type;
req_msg->params.psa_call_params.in_len = in_len;
- req_msg->params.psa_call_params.in_vec = rpc_caller_virt_to_phys(caller, in_vec_param);
+ req_msg->params.psa_call_params.in_vec = psa_virt_to_phys_u32(caller, in_vec_param);
req_msg->params.psa_call_params.out_len = out_len;
- req_msg->params.psa_call_params.out_vec = rpc_caller_virt_to_phys(caller, out_vec_param);
+ req_msg->params.psa_call_params.out_vec = psa_virt_to_phys_u32(caller, out_vec_param);
for (i = 0; i < in_len; i++) {
- in_vec_param[i].base = rpc_caller_virt_to_phys(caller, payload);
+ in_vec_param[i].base = psa_virt_to_phys_u32(caller, payload);
in_vec_param[i].len = in_vec[i].len;
- memcpy(payload, in_vec[i].base, in_vec[i].len);
+ memcpy(payload, psa_u32_to_ptr(in_vec[i].base), in_vec[i].len);
payload += in_vec[i].len;
}
for (i = 0; i < out_len; i++) {
- out_vec_param[i].base = NULL;
+ out_vec_param[i].base = 0;
out_vec_param[i].len = out_vec[i].len;
}
@@ -182,11 +187,12 @@ psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle,
goto caller_end;
out_vec_param = (struct psa_outvec *)rpc_caller_phys_to_virt(caller,
- resp_msg->params.out_vec);
+ psa_u32_to_ptr(resp_msg->params.out_vec));
for (i = 0; i < resp_msg->params.out_len; i++) {
out_vec[i].len = out_vec_param[i].len;
- memcpy(out_vec[i].base, rpc_caller_phys_to_virt(caller, out_vec_param[i].base),
+ memcpy(psa_u32_to_ptr(out_vec[i].base),
+ rpc_caller_phys_to_virt(caller, psa_u32_to_ptr(out_vec_param[i].base)),
out_vec[i].len);
}
diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
index a1f369db253e..bda442a61d5c 100644
--- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
@@ -22,9 +22,9 @@ static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id,
psa_handle_t psa_handle;
psa_status_t psa_status;
struct psa_invec in_vec[] = {
- { .base = &uid, .len = sizeof(uid) },
- { .base = p_data, .len = data_length },
- { .base = &create_flags, .len = sizeof(create_flags) },
+ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
+ { .base = psa_ptr_const_to_u32(p_data), .len = data_length },
+ { .base = psa_ptr_to_u32(&create_flags), .len = sizeof(create_flags) },
};
(void)client_id;
@@ -53,11 +53,11 @@ static psa_status_t secure_storage_ipc_get(void *context,
psa_status_t psa_status;
uint32_t offset = (uint32_t)data_offset;
struct psa_invec in_vec[] = {
- { .base = &uid, .len = sizeof(uid) },
- { .base = &offset, .len = sizeof(offset) },
+ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
+ { .base = psa_ptr_to_u32(&offset), .len = sizeof(offset) },
};
struct psa_outvec out_vec[] = {
- { .base = p_data, .len = data_size },
+ { .base = psa_ptr_to_u32(p_data), .len = data_size },
};
if (!p_data_length) {
@@ -84,10 +84,10 @@ static psa_status_t secure_storage_ipc_get_info(void *context,
psa_handle_t psa_handle;
psa_status_t psa_status;
struct psa_invec in_vec[] = {
- { .base = &uid, .len = sizeof(uid) },
+ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
};
struct psa_outvec out_vec[] = {
- { .base = p_info, .len = sizeof(*p_info) },
+ { .base = psa_ptr_to_u32(p_info), .len = sizeof(*p_info) },
};
(void)client_id;
@@ -110,7 +110,7 @@ static psa_status_t secure_storage_ipc_remove(void *context,
psa_handle_t psa_handle;
psa_status_t psa_status;
struct psa_invec in_vec[] = {
- { .base = &uid, .len = sizeof(uid) },
+ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
};
(void)client_id;
@@ -164,7 +164,7 @@ static uint32_t secure_storage_get_support(void *context, uint32_t client_id)
psa_status_t psa_status;
uint32_t support_flags;
struct psa_outvec out_vec[] = {
- { .base = &support_flags, .len = sizeof(support_flags) },
+ { .base = psa_ptr_to_u32(&support_flags), .len = sizeof(support_flags) },
};
(void)client_id;
--
2.38.1
meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch
-323
View File
@@ -1,323 +0,0 @@
From b142f3c162fb1c28982d26b5ac2181ba79197a28 Mon Sep 17 00:00:00 2001
From: Rui Miguel Silva <rui.silva@linaro.org>
Date: Tue, 7 Dec 2021 11:50:00 +0000
Subject: [PATCH 10/20] Add psa ipc attestation to se proxy
Implement attestation client API as psa ipc and include it to
se proxy deployment.
Upstream-Status: Pending
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
---
.../client/psa_ipc/component.cmake | 13 +++
.../client/psa_ipc/iat_ipc_client.c | 86 +++++++++++++++++++
.../reporter/psa_ipc/component.cmake | 13 +++
.../reporter/psa_ipc/psa_ipc_attest_report.c | 45 ++++++++++
components/service/common/include/psa/sid.h | 4 +
.../se-proxy/common/service_proxy_factory.c | 6 ++
deployments/se-proxy/se-proxy.cmake | 7 +-
...ble-using-hard-coded-attestation-key.patch | 29 -------
external/psa_arch_tests/psa_arch_tests.cmake | 4 -
9 files changed, 171 insertions(+), 36 deletions(-)
create mode 100644 components/service/attestation/client/psa_ipc/component.cmake
create mode 100644 components/service/attestation/client/psa_ipc/iat_ipc_client.c
create mode 100644 components/service/attestation/reporter/psa_ipc/component.cmake
create mode 100644 components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c
delete mode 100644 external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch
diff --git a/components/service/attestation/client/psa_ipc/component.cmake b/components/service/attestation/client/psa_ipc/component.cmake
new file mode 100644
index 000000000000..a5bc6b4a387e
--- /dev/null
+++ b/components/service/attestation/client/psa_ipc/component.cmake
@@ -0,0 +1,13 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+if (NOT DEFINED TGT)
+ message(FATAL_ERROR "mandatory parameter TGT is not defined.")
+endif()
+
+target_sources(${TGT} PRIVATE
+ "${CMAKE_CURRENT_LIST_DIR}/iat_ipc_client.c"
+ )
diff --git a/components/service/attestation/client/psa_ipc/iat_ipc_client.c b/components/service/attestation/client/psa_ipc/iat_ipc_client.c
new file mode 100644
index 000000000000..30bd0a13a385
--- /dev/null
+++ b/components/service/attestation/client/psa_ipc/iat_ipc_client.c
@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <stddef.h>
+#include <string.h>
+
+#include "../psa/iat_client.h"
+#include <protocols/rpc/common/packed-c/status.h>
+#include <psa/initial_attestation.h>
+#include <psa/client.h>
+#include <psa/sid.h>
+#include <service/common/client/service_client.h>
+
+/**
+ * @brief The singleton psa_iat_client instance
+ *
+ * The psa attestation C API assumes a single backend service provider.
+ */
+static struct service_client instance;
+
+
+psa_status_t psa_iat_client_init(struct rpc_caller *caller)
+{
+ return service_client_init(&instance, caller);
+}
+
+void psa_iat_client_deinit(void)
+{
+ service_client_deinit(&instance);
+}
+
+int psa_iat_client_rpc_status(void)
+{
+ return instance.rpc_status;
+}
+
+psa_status_t psa_initial_attest_get_token(const uint8_t *auth_challenge,
+ size_t challenge_size,
+ uint8_t *token_buf,
+ size_t token_buf_size,
+ size_t *token_size)
+{
+ psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
+ struct rpc_caller *caller = instance.caller;
+ struct psa_invec in_vec[] = {
+ { .base = psa_ptr_const_to_u32(auth_challenge), .len = challenge_size},
+ };
+ struct psa_outvec out_vec[] = {
+ { .base = psa_ptr_to_u32(token_buf), .len = token_buf_size},
+ };
+
+ if (!token_buf || !token_buf_size)
+ return PSA_ERROR_INVALID_ARGUMENT;
+
+ status = psa_call(caller, TFM_ATTESTATION_SERVICE_HANDLE,
+ TFM_ATTEST_GET_TOKEN, in_vec, IOVEC_LEN(in_vec),
+ out_vec, IOVEC_LEN(out_vec));
+ if (status == PSA_SUCCESS) {
+ *token_size = out_vec[0].len;
+ }
+
+ return status;
+}
+
+psa_status_t psa_initial_attest_get_token_size(size_t challenge_size,
+ size_t *token_size)
+{
+ struct rpc_caller *caller = instance.caller;
+ psa_status_t status;
+ struct psa_invec in_vec[] = {
+ { .base = psa_ptr_to_u32(&challenge_size), .len = sizeof(uint32_t)}
+ };
+ struct psa_outvec out_vec[] = {
+ { .base = psa_ptr_to_u32(token_size), .len = sizeof(uint32_t)}
+ };
+
+ status = psa_call(caller, TFM_ATTESTATION_SERVICE_HANDLE,
+ TFM_ATTEST_GET_TOKEN_SIZE,
+ in_vec, IOVEC_LEN(in_vec),
+ out_vec, IOVEC_LEN(out_vec));
+
+ return status;
+}
diff --git a/components/service/attestation/reporter/psa_ipc/component.cmake b/components/service/attestation/reporter/psa_ipc/component.cmake
new file mode 100644
index 000000000000..b37830c618fe
--- /dev/null
+++ b/components/service/attestation/reporter/psa_ipc/component.cmake
@@ -0,0 +1,13 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+if (NOT DEFINED TGT)
+ message(FATAL_ERROR "mandatory parameter TGT is not defined.")
+endif()
+
+target_sources(${TGT} PRIVATE
+ "${CMAKE_CURRENT_LIST_DIR}/psa_ipc_attest_report.c"
+ )
diff --git a/components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c b/components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c
new file mode 100644
index 000000000000..15805e8ed4b1
--- /dev/null
+++ b/components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/**
+ * A attestation reporter for psa ipc
+ */
+
+#include <stddef.h>
+#include <psa/error.h>
+#include <service/attestation/reporter/attest_report.h>
+#include <psa/initial_attestation.h>
+
+#define TOKEN_BUF_SIZE 1024
+
+static uint8_t token_buf[TOKEN_BUF_SIZE];
+
+int attest_report_create(int32_t client_id, const uint8_t *auth_challenge_data,
+ size_t auth_challenge_len, const uint8_t **report,
+ size_t *report_len)
+{
+ *report = token_buf;
+ psa_status_t ret;
+ size_t token_size = 0;
+
+ ret = psa_initial_attest_get_token(auth_challenge_data,
+ auth_challenge_len, token_buf,
+ TOKEN_BUF_SIZE, &token_size);
+ if (ret != PSA_SUCCESS) {
+ *report = NULL;
+ *report_len = 0;
+ return ret;
+ }
+
+ *report_len = token_size;
+
+ return PSA_SUCCESS;
+}
+
+void attest_report_destroy(const uint8_t *report)
+{
+ (void)report;
+}
diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
index aaa973c6e987..833f5039425f 100644
--- a/components/service/common/include/psa/sid.h
+++ b/components/service/common/include/psa/sid.h
@@ -50,6 +50,10 @@ extern "C" {
#define TFM_ATTESTATION_SERVICE_VERSION (1U)
#define TFM_ATTESTATION_SERVICE_HANDLE (0x40000103U)
+/* Initial Attestation message types that distinguish Attest services. */
+#define TFM_ATTEST_GET_TOKEN 1001
+#define TFM_ATTEST_GET_TOKEN_SIZE 1002
+
/******** TFM_SP_FWU ********/
#define TFM_FWU_WRITE_SID (0x000000A0U)
#define TFM_FWU_WRITE_VERSION (1U)
diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c
index 57290056d614..4b8cceccbe4d 100644
--- a/deployments/se-proxy/common/service_proxy_factory.c
+++ b/deployments/se-proxy/common/service_proxy_factory.c
@@ -23,12 +23,18 @@ struct openamp_caller openamp;
struct rpc_interface *attest_proxy_create(void)
{
struct rpc_interface *attest_iface;
+ struct rpc_caller *attest_caller;
/* Static objects for proxy instance */
static struct attest_provider attest_provider;
+ attest_caller = openamp_caller_init(&openamp);
+ if (!attest_caller)
+ return NULL;
+
/* Initialize the service provider */
attest_iface = attest_provider_init(&attest_provider);
+ psa_iat_client_init(&openamp.rpc_caller);
attest_provider_register_serializer(&attest_provider,
TS_RPC_ENCODING_PACKED_C, packedc_attest_provider_serializer_instance());
diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake
index cd51460406ca..3dbbc36c968d 100644
--- a/deployments/se-proxy/se-proxy.cmake
+++ b/deployments/se-proxy/se-proxy.cmake
@@ -49,14 +49,15 @@ add_components(TARGET "se-proxy"
"components/service/attestation/include"
"components/service/attestation/provider"
"components/service/attestation/provider/serializer/packed-c"
+ "components/service/attestation/reporter/psa_ipc"
+ "components/service/attestation/client/psa_ipc"
"components/rpc/openamp/caller/sp"
# Stub service provider backends
"components/rpc/dummy"
"components/rpc/common/caller"
- "components/service/attestation/reporter/stub"
- "components/service/attestation/key_mngr/stub"
- "components/service/crypto/backend/stub"
+ "components/service/attestation/key_mngr/local"
+ "components/service/crypto/backend/psa_ipc"
"components/service/crypto/client/psa"
"components/service/secure_storage/backend/mock_store"
)
diff --git a/external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch b/external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch
deleted file mode 100644
index 6664961ab662..000000000000
--- a/external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From dbd25f94eb62a9855bf342dd97503a49ea50f83e Mon Sep 17 00:00:00 2001
-From: Gyorgy Szing <Gyorgy.Szing@arm.com>
-Date: Tue, 8 Feb 2022 17:06:37 +0000
-Subject: [PATCH 1/1] Disable using hard-coded attestation key
-
-Modify platform config to disable using a hard-coded attestation
-key.
-
-Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
----
- api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h
-index 6112ba7..1cdf581 100755
---- a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h
-+++ b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h
-@@ -60,7 +60,7 @@ typedef uint32_t cfg_id_t;
- #define CRYPTO_VERSION_BETA3
-
- /* Use hardcoded public key */
--#define PLATFORM_OVERRIDE_ATTEST_PK
-+//#define PLATFORM_OVERRIDE_ATTEST_PK
-
- /*
- * Include of PSA defined Header files
---
-2.17.1
-
diff --git a/external/psa_arch_tests/psa_arch_tests.cmake b/external/psa_arch_tests/psa_arch_tests.cmake
index a8b77a1fc05e..1995df3e0b49 100644
--- a/external/psa_arch_tests/psa_arch_tests.cmake
+++ b/external/psa_arch_tests/psa_arch_tests.cmake
@@ -15,10 +15,6 @@ set(GIT_OPTIONS
GIT_REPOSITORY ${PSA_ARCH_TESTS_URL}
GIT_TAG ${PSA_ARCH_TESTS_REFSPEC}
GIT_SHALLOW FALSE
- PATCH_COMMAND git stash
- COMMAND git tag -f ts-before-am
- COMMAND git am ${CMAKE_CURRENT_LIST_DIR}/0001-Disable-using-hard-coded-attestation-key.patch
- COMMAND git reset ts-before-am
)
# Ensure list of defines is separated correctly
--
2.38.1
meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch
-163
View File
@@ -1,163 +0,0 @@
From 4240977f7c38950f5edb316bb08ae05cb7b99875 Mon Sep 17 00:00:00 2001
From: Satish Kumar <satish.kumar01@arm.com>
Date: Thu, 9 Dec 2021 14:11:06 +0000
Subject: [PATCH 11/20] Setup its backend as openamp rpc using secure storage
ipc implementation.
Upstream-Status: Pending
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
---
components/service/common/include/psa/sid.h | 12 +++++-----
.../secure_storage_ipc/secure_storage_ipc.c | 20 ++++++++---------
.../secure_storage_ipc/secure_storage_ipc.h | 1 +
.../se-proxy/common/service_proxy_factory.c | 22 +++++++++++++------
4 files changed, 32 insertions(+), 23 deletions(-)
diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
index 833f5039425f..4a951d4a3502 100644
--- a/components/service/common/include/psa/sid.h
+++ b/components/service/common/include/psa/sid.h
@@ -20,12 +20,12 @@ extern "C" {
/* Invalid UID */
#define TFM_PS_INVALID_UID 0
-/* PS message types that distinguish PS services. */
-#define TFM_PS_SET 1001
-#define TFM_PS_GET 1002
-#define TFM_PS_GET_INFO 1003
-#define TFM_PS_REMOVE 1004
-#define TFM_PS_GET_SUPPORT 1005
+/* PS / ITS message types that distinguish PS services. */
+#define TFM_PS_ITS_SET 1001
+#define TFM_PS_ITS_GET 1002
+#define TFM_PS_ITS_GET_INFO 1003
+#define TFM_PS_ITS_REMOVE 1004
+#define TFM_PS_ITS_GET_SUPPORT 1005
/******** TFM_SP_ITS ********/
#define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_SID (0x00000070U)
diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
index bda442a61d5c..0e1b48c0d2e2 100644
--- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
@@ -31,8 +31,8 @@ static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id,
ipc->client.rpc_status = TS_RPC_CALL_ACCEPTED;
- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
- TFM_PS_SET, in_vec, IOVEC_LEN(in_vec), NULL, 0);
+ psa_status = psa_call(caller, ipc->service_handle, TFM_PS_ITS_SET,
+ in_vec, IOVEC_LEN(in_vec), NULL, 0);
if (psa_status < 0)
EMSG("ipc_set: psa_call failed: %d", psa_status);
@@ -65,8 +65,8 @@ static psa_status_t secure_storage_ipc_get(void *context,
return PSA_ERROR_INVALID_ARGUMENT;
}
- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
- TFM_PS_GET, in_vec, IOVEC_LEN(in_vec),
+ psa_status = psa_call(caller, ipc->service_handle,
+ TFM_PS_ITS_GET, in_vec, IOVEC_LEN(in_vec),
out_vec, IOVEC_LEN(out_vec));
if (psa_status == PSA_SUCCESS)
*p_data_length = out_vec[0].len;
@@ -92,8 +92,8 @@ static psa_status_t secure_storage_ipc_get_info(void *context,
(void)client_id;
- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
- TFM_PS_GET_INFO, in_vec,
+ psa_status = psa_call(caller, ipc->service_handle,
+ TFM_PS_ITS_GET_INFO, in_vec,
IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
if (psa_status != PSA_SUCCESS)
EMSG("ipc_get_info: failed to psa_call: %d", psa_status);
@@ -115,8 +115,8 @@ static psa_status_t secure_storage_ipc_remove(void *context,
(void)client_id;
- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
- TFM_PS_REMOVE, in_vec,
+ psa_status = psa_call(caller, ipc->service_handle,
+ TFM_PS_ITS_REMOVE, in_vec,
IOVEC_LEN(in_vec), NULL, 0);
if (psa_status != PSA_SUCCESS)
EMSG("ipc_remove: failed to psa_call: %d", psa_status);
@@ -169,8 +169,8 @@ static uint32_t secure_storage_get_support(void *context, uint32_t client_id)
(void)client_id;
- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
- TFM_PS_GET_SUPPORT, NULL, 0,
+ psa_status = psa_call(caller, ipc->service_handle,
+ TFM_PS_ITS_GET_SUPPORT, NULL, 0,
out_vec, IOVEC_LEN(out_vec));
if (psa_status != PSA_SUCCESS)
EMSG("ipc_get_support: failed to psa_call: %d", psa_status);
diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
index e8c1e8fd2f92..d9949f6a9305 100644
--- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
@@ -21,6 +21,7 @@ struct secure_storage_ipc
{
struct storage_backend backend;
struct service_client client;
+ int32_t service_handle;
};
/**
diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c
index 4b8cceccbe4d..1110ac46bf8b 100644
--- a/deployments/se-proxy/common/service_proxy_factory.c
+++ b/deployments/se-proxy/common/service_proxy_factory.c
@@ -5,6 +5,7 @@
*/
#include <stddef.h>
+#include <psa/sid.h>
#include <rpc/common/endpoint/rpc_interface.h>
#include <rpc/openamp/caller/sp/openamp_caller.h>
#include <service/attestation/provider/attest_provider.h>
@@ -60,23 +61,30 @@ struct rpc_interface *ps_proxy_create(void)
{
static struct secure_storage_provider ps_provider;
static struct secure_storage_ipc ps_backend;
- static struct rpc_caller *storage_caller;
+ struct rpc_caller *storage_caller;
struct storage_backend *backend;
storage_caller = openamp_caller_init(&openamp);
if (!storage_caller)
return NULL;
backend = secure_storage_ipc_init(&ps_backend, &openamp.rpc_caller);
+ ps_backend.service_handle = TFM_PROTECTED_STORAGE_SERVICE_HANDLE;
return secure_storage_provider_init(&ps_provider, backend);
}
struct rpc_interface *its_proxy_create(void)
{
- static struct mock_store its_backend;
- static struct secure_storage_provider its_provider;
-
- struct storage_backend *backend = mock_store_init(&its_backend);
-
- return secure_storage_provider_init(&its_provider, backend);
+ static struct secure_storage_provider its_provider;
+ static struct secure_storage_ipc its_backend;
+ struct rpc_caller *storage_caller;
+ struct storage_backend *backend;
+
+ storage_caller = openamp_caller_init(&openamp);
+ if (!storage_caller)
+ return NULL;
+ backend = secure_storage_ipc_init(&its_backend, &openamp.rpc_caller);
+ its_backend.service_handle = TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE;
+
+ return secure_storage_provider_init(&its_provider, backend);
}
--
2.38.1
meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch
-2570
View File
File diff suppressed because it is too large Load Diff
meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch
-42
View File
@@ -1,42 +0,0 @@
From 229ec29154a4404426ad3083af68ca111a214e13 Mon Sep 17 00:00:00 2001
From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
Date: Thu, 16 Dec 2021 21:31:40 +0000
Subject: [PATCH 14/20] Configure storage size
Upstream-Status: Pending
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
---
.../service/smm_variable/backend/uefi_variable_store.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c
index 611e2e225c6b..6c3b9ed81c25 100644
--- a/components/service/smm_variable/backend/uefi_variable_store.c
+++ b/components/service/smm_variable/backend/uefi_variable_store.c
@@ -88,6 +88,7 @@ static efi_status_t check_name_terminator(
* may be overridden using uefi_variable_store_set_storage_limits()
*/
#define DEFAULT_MAX_VARIABLE_SIZE (2048)
+#define CONFIGURE_STORAGE_SIZE (50)
efi_status_t uefi_variable_store_init(
struct uefi_variable_store *context,
@@ -101,13 +102,13 @@ efi_status_t uefi_variable_store_init(
/* Initialise persistent store defaults */
context->persistent_store.is_nv = true;
context->persistent_store.max_variable_size = DEFAULT_MAX_VARIABLE_SIZE;
- context->persistent_store.total_capacity = DEFAULT_MAX_VARIABLE_SIZE * max_variables;
+ context->persistent_store.total_capacity = CONFIGURE_STORAGE_SIZE * max_variables;
context->persistent_store.storage_backend = persistent_store;
/* Initialise volatile store defaults */
context->volatile_store.is_nv = false;
context->volatile_store.max_variable_size = DEFAULT_MAX_VARIABLE_SIZE;
- context->volatile_store.total_capacity = DEFAULT_MAX_VARIABLE_SIZE * max_variables;
+ context->volatile_store.total_capacity = CONFIGURE_STORAGE_SIZE * max_variables;
context->volatile_store.storage_backend = volatile_store;
context->owner_id = owner_id;
--
2.38.1
meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch
-31
View File
@@ -1,31 +0,0 @@
From cf83184500703f9b4f2ac04be59cc7d624d8fd66 Mon Sep 17 00:00:00 2001
From: Satish Kumar <satish.kumar01@arm.com>
Date: Sun, 13 Feb 2022 09:01:10 +0000
Subject: [PATCH 15/20] Fix: Crypto interface structure aligned with tf-m
change.
NO NEED TO RAISE PR: The PR for this FIX is raied by Emek.
Upstream-Status: Pending
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
---
components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
index c13c20e84131..ec25eaf868c7 100644
--- a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
+++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
@@ -38,7 +38,8 @@ struct psa_ipc_crypto_pack_iovec {
* multipart operation
*/
uint32_t capacity; /*!< Key derivation capacity */
-
+ uint32_t ad_length; /*!< Additional Data length for multipart AEAD */
+ uint32_t plaintext_length; /*!< Plaintext length for multipart AEAD */
struct psa_ipc_crypto_aead_pack_input aead_in; /*!< FixMe: Temporarily used for
* AEAD until the API is
* restructured
--
2.38.1
meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch
-494
View File
@@ -1,494 +0,0 @@
From 551d8722769fa2f2d2ac74adcb289333a9b03598 Mon Sep 17 00:00:00 2001
From: Satish Kumar <satish.kumar01@arm.com>
Date: Sun, 13 Feb 2022 09:49:51 +0000
Subject: [PATCH 16/20] Integrate remaining psa-ipc client APIs.
Upstream-Status: Pending
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
---
.../caller/psa_ipc/crypto_caller_aead.h | 297 +++++++++++++++++-
.../caller/psa_ipc/crypto_caller_sign_hash.h | 35 +++
.../psa_ipc/crypto_caller_verify_hash.h | 33 +-
3 files changed, 352 insertions(+), 13 deletions(-)
diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
index 78517fe32ca9..f6aadd8b9098 100644
--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
@@ -152,7 +152,27 @@ static inline psa_status_t crypto_caller_aead_encrypt_setup(
psa_key_id_t key,
psa_algorithm_t alg)
{
- return PSA_ERROR_NOT_SUPPORTED;
+ struct service_client *ipc = context;
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
+ .key_id = key,
+ .alg = alg,
+ .op_handle = (*op_handle),
+ };
+
+ struct psa_invec in_vec[] = {
+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}
+ };
+ struct psa_outvec out_vec[] = {
+ {.base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t)}
+ };
+
+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
+
+ return status;
}
static inline psa_status_t crypto_caller_aead_decrypt_setup(
@@ -161,7 +181,26 @@ static inline psa_status_t crypto_caller_aead_decrypt_setup(
psa_key_id_t key,
psa_algorithm_t alg)
{
- return PSA_ERROR_NOT_SUPPORTED;
+ struct service_client *ipc = context;
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
+ .key_id = key,
+ .alg = alg,
+ .op_handle = (*op_handle),
+ };
+
+ struct psa_invec in_vec[] = {
+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}
+ };
+ struct psa_outvec out_vec[] = {
+ {.base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t)}
+ };
+
+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
+ return status;
}
static inline psa_status_t crypto_caller_aead_generate_nonce(
@@ -171,7 +210,27 @@ static inline psa_status_t crypto_caller_aead_generate_nonce(
size_t nonce_size,
size_t *nonce_length)
{
- return PSA_ERROR_NOT_SUPPORTED;
+ struct service_client *ipc = context;
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
+ .op_handle = op_handle,
+ };
+
+ struct psa_invec in_vec[] = {
+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
+ };
+ struct psa_outvec out_vec[] = {
+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
+ {.base = psa_ptr_to_u32(nonce), .len = nonce_size}
+ };
+
+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
+
+ *nonce_length = out_vec[1].len;
+ return status;
}
static inline psa_status_t crypto_caller_aead_set_nonce(
@@ -180,7 +239,25 @@ static inline psa_status_t crypto_caller_aead_set_nonce(
const uint8_t *nonce,
size_t nonce_length)
{
- return PSA_ERROR_NOT_SUPPORTED;
+ struct service_client *ipc = context;
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_SET_NONCE_SID,
+ .op_handle = op_handle,
+ };
+
+ struct psa_invec in_vec[] = {
+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
+ {.base = psa_ptr_to_u32(nonce), .len = nonce_length}
+ };
+ struct psa_outvec out_vec[] = {
+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}
+ };
+
+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
+ return status;
}
static inline psa_status_t crypto_caller_aead_set_lengths(
@@ -189,7 +266,27 @@ static inline psa_status_t crypto_caller_aead_set_lengths(
size_t ad_length,
size_t plaintext_length)
{
- return PSA_ERROR_NOT_SUPPORTED;
+ struct service_client *ipc = context;
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
+ .ad_length = ad_length,
+ .plaintext_length = plaintext_length,
+ .op_handle = op_handle,
+ };
+
+ struct psa_invec in_vec[] = {
+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
+ };
+ struct psa_outvec out_vec[] = {
+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}
+ };
+
+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
+
+ return status;
}
static inline psa_status_t crypto_caller_aead_update_ad(
@@ -198,7 +295,35 @@ static inline psa_status_t crypto_caller_aead_update_ad(
const uint8_t *input,
size_t input_length)
{
- return PSA_ERROR_NOT_SUPPORTED;
+ struct service_client *ipc = context;
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID,
+ .op_handle = op_handle,
+ };
+
+ /* Sanitize the optional input */
+ if ((input == NULL) && (input_length != 0)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+
+ struct psa_invec in_vec[] = {
+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
+ {.base = psa_ptr_const_to_u32(input), .len = input_length}
+ };
+ struct psa_outvec out_vec[] = {
+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}
+ };
+
+ size_t in_len = IOVEC_LEN(in_vec);
+
+ if (input == NULL) {
+ in_len--;
+ }
+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
+ in_len, out_vec, IOVEC_LEN(out_vec));
+ return status;
}
static inline psa_status_t crypto_caller_aead_update(
@@ -210,7 +335,38 @@ static inline psa_status_t crypto_caller_aead_update(
size_t output_size,
size_t *output_length)
{
- return PSA_ERROR_NOT_SUPPORTED;
+ struct service_client *ipc = context;
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_UPDATE_SID,
+ .op_handle = op_handle,
+ };
+
+ /* Sanitize the optional input */
+ if ((input == NULL) && (input_length != 0)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+
+ struct psa_invec in_vec[] = {
+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
+ {.base = psa_ptr_const_to_u32(input), .len = input_length}
+ };
+ struct psa_outvec out_vec[] = {
+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
+ {.base = psa_ptr_const_to_u32(output), .len = output_size},
+ };
+
+ size_t in_len = IOVEC_LEN(in_vec);
+
+ if (input == NULL) {
+ in_len--;
+ }
+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
+ in_len, out_vec, IOVEC_LEN(out_vec));
+
+ *output_length = out_vec[1].len;
+ return status;
}
static inline psa_status_t crypto_caller_aead_finish(
@@ -223,7 +379,48 @@ static inline psa_status_t crypto_caller_aead_finish(
size_t tag_size,
size_t *tag_length)
{
- return PSA_ERROR_NOT_SUPPORTED;
+ struct service_client *ipc = context;
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_FINISH_SID,
+ .op_handle = op_handle,
+ };
+
+ /* Sanitize the optional output */
+ if ((aeadtext == NULL) && (aeadtext_size != 0)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+
+ struct psa_invec in_vec[] = {
+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
+ };
+ struct psa_outvec out_vec[] = {
+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
+ {.base = psa_ptr_const_to_u32(tag), .len = tag_size},
+ {.base = psa_ptr_const_to_u32(aeadtext), .len = aeadtext_size}
+ };
+
+ size_t out_len = IOVEC_LEN(out_vec);
+
+ if (aeadtext == NULL || aeadtext_size == 0) {
+ out_len--;
+ }
+ if ((out_len == 3) && (aeadtext_length == NULL)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+
+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
+ IOVEC_LEN(in_vec), out_vec, out_len);
+
+ *tag_length = out_vec[1].len;
+
+ if (out_len == 3) {
+ *aeadtext_length = out_vec[2].len;
+ } else {
+ *aeadtext_length = 0;
+ }
+ return status;
}
static inline psa_status_t crypto_caller_aead_verify(
@@ -235,14 +432,94 @@ static inline psa_status_t crypto_caller_aead_verify(
const uint8_t *tag,
size_t tag_length)
{
- return PSA_ERROR_NOT_SUPPORTED;
+ struct service_client *ipc = context;
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_VERIFY_SID,
+ .op_handle = op_handle,
+ };
+
+ /* Sanitize the optional output */
+ if ((plaintext == NULL) && (plaintext_size != 0)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+
+ struct psa_invec in_vec[] = {
+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
+ {.base = psa_ptr_const_to_u32(tag), .len = tag_length}
+ };
+ struct psa_outvec out_vec[] = {
+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
+ {.base = psa_ptr_const_to_u32(plaintext), .len = plaintext_size},
+ };
+
+ size_t out_len = IOVEC_LEN(out_vec);
+
+ if (plaintext == NULL || plaintext_size == 0) {
+ out_len--;
+ }
+ if ((out_len == 2) && (plaintext_length == NULL)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+
+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
+ IOVEC_LEN(in_vec), out_vec, out_len);
+
+ if (out_len == 2) {
+ *plaintext_length = out_vec[1].len;
+ } else {
+ *plaintext_length = 0;
+ }
+ return status;
}
static inline psa_status_t crypto_caller_aead_abort(
struct service_client *context,
uint32_t op_handle)
{
- return PSA_ERROR_NOT_SUPPORTED;
+ struct service_client *ipc = context;
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_ABORT_SID,
+ .op_handle = op_handle,
+ };
+
+ struct psa_invec in_vec[] = {
+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
+ };
+ struct psa_outvec out_vec[] = {
+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
+ };
+
+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
+ return status;
+}
+
+static inline size_t crypto_caller_aead_max_update_size(const struct service_client *context)
+{
+ /* Returns the maximum number of bytes that may be
+ * carried as a parameter of the mac_update operation
+ * using the packed-c encoding.
+ */
+ size_t payload_space = context->service_info.max_payload;
+ size_t overhead = iov_size;
+
+ return (payload_space > overhead) ? payload_space - overhead : 0;
+}
+
+static inline size_t crypto_caller_aead_max_update_ad_size(const struct service_client *context)
+{
+ /* Returns the maximum number of bytes that may be
+ * carried as a parameter of the mac_update operation
+ * using the packed-c encoding.
+ */
+ size_t payload_space = context->service_info.max_payload;
+ size_t overhead = iov_size;
+
+ return (payload_space > overhead) ? payload_space - overhead : 0;
}
#ifdef __cplusplus
diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
index 71d88cededf5..e4a2b167defb 100644
--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
@@ -57,6 +57,41 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex
return status;
}
+static inline psa_status_t crypto_caller_sign_message(struct service_client *context,
+ psa_key_id_t id,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length)
+{
+ struct service_client *ipc = context;
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_SIGN_MESSAGE_SID,
+ .key_id = id,
+ .alg = alg,
+ };
+ struct psa_invec in_vec[] = {
+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
+ { .base = psa_ptr_const_to_u32(hash), .len = hash_length },
+ };
+ struct psa_outvec out_vec[] = {
+ { .base = psa_ptr_to_u32(signature), .len = signature_size },
+ };
+
+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
+
+ *signature_length = out_vec[0].len;
+
+ return status;
+}
+
+
+
#ifdef __cplusplus
}
#endif
diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
index e16f6e5450af..cc9279ee79f2 100644
--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
@@ -24,19 +24,20 @@
extern "C" {
#endif
-static inline psa_status_t crypto_caller_verify_hash(struct service_client *context,
+static inline psa_status_t crypto_caller_common(struct service_client *context,
psa_key_id_t id,
psa_algorithm_t alg,
const uint8_t *hash,
size_t hash_length,
const uint8_t *signature,
- size_t signature_length)
+ size_t signature_length,
+ uint32_t sfn_id)
{
struct service_client *ipc = context;
struct rpc_caller *caller = ipc->caller;
psa_status_t status;
struct psa_ipc_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_VERIFY_HASH_SID,
+ .sfn_id = sfn_id,
.key_id = id,
.alg = alg,
};
@@ -52,6 +53,32 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont
return status;
}
+static inline psa_status_t crypto_caller_verify_hash(struct service_client *context,
+ psa_key_id_t id,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ const uint8_t *signature,
+ size_t signature_length)
+{
+
+ return crypto_caller_common(context,id,alg,hash,hash_length,
+ signature,signature_length, TFM_CRYPTO_VERIFY_HASH_SID);
+}
+
+static inline psa_status_t crypto_caller_verify_message(struct service_client *context,
+ psa_key_id_t id,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ const uint8_t *signature,
+ size_t signature_length)
+{
+
+ return crypto_caller_common(context,id,alg,hash,hash_length,
+ signature,signature_length, TFM_CRYPTO_VERIFY_MESSAGE_SID);
+}
+
#ifdef __cplusplus
}
#endif
--
2.38.1
meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch
-40
View File
@@ -1,40 +0,0 @@
From 5a5e162e17c9decb04b3b2905a0fb604e8f06e91 Mon Sep 17 00:00:00 2001
From: Satish Kumar <satish.kumar01@arm.com>
Date: Mon, 14 Feb 2022 17:52:00 +0000
Subject: [PATCH 17/20] Fix : update psa_set_key_usage_flags definition to the
latest from the tf-m
Upstream-Status: Pending
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
---
components/service/crypto/include/psa/crypto_struct.h | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/components/service/crypto/include/psa/crypto_struct.h b/components/service/crypto/include/psa/crypto_struct.h
index 1bc55e375eea..b4a7ed4b39d3 100644
--- a/components/service/crypto/include/psa/crypto_struct.h
+++ b/components/service/crypto/include/psa/crypto_struct.h
@@ -155,9 +155,19 @@ static inline psa_key_lifetime_t psa_get_key_lifetime(
return( attributes->lifetime );
}
+static inline void psa_extend_key_usage_flags( psa_key_usage_t *usage_flags )
+{
+ if( *usage_flags & PSA_KEY_USAGE_SIGN_HASH )
+ *usage_flags |= PSA_KEY_USAGE_SIGN_MESSAGE;
+
+ if( *usage_flags & PSA_KEY_USAGE_VERIFY_HASH )
+ *usage_flags |= PSA_KEY_USAGE_VERIFY_MESSAGE;
+}
+
static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
psa_key_usage_t usage_flags)
{
+ psa_extend_key_usage_flags( &usage_flags );
attributes->usage = usage_flags;
}
--
2.38.1
meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch
-37
View File
@@ -1,37 +0,0 @@
From c519bae79629bfe551d79cfeb4e7d8a059545145 Mon Sep 17 00:00:00 2001
From: Rui Miguel Silva <rui.silva@linaro.org>
Date: Tue, 11 Oct 2022 10:46:10 +0100
Subject: [PATCH 19/20] plat: corstone1000: change default smm values
Smm gateway uses SE proxy to route the calls for any NV
storage so set the NV_STORE_SN.
Change the storage index uid because TF-M in the secure
enclave reserves the default value (0x1) to some internal
operation.
Increase the maximum number of uefi variables to cope with all
the needs for testing and certification
Upstream-Status: Pending
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
---
platform/providers/arm/corstone1000/platform.cmake | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake
index 51e5faa3e4d8..04b629a81906 100644
--- a/platform/providers/arm/corstone1000/platform.cmake
+++ b/platform/providers/arm/corstone1000/platform.cmake
@@ -10,3 +10,9 @@
include(${TS_ROOT}/platform/drivers/arm/mhu_driver/component.cmake)
add_compile_definitions(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+
+target_compile_definitions(${TGT} PRIVATE
+ SMM_GATEWAY_NV_STORE_SN="sn:ffa:46bb39d1-b4d9-45b5-88ff-040027dab249:1"
+ SMM_VARIABLE_INDEX_STORAGE_UID=0x787
+ SMM_GATEWAY_MAX_UEFI_VARIABLES=100
+)
--
2.38.1
meta-arm-bsp/recipes-security/trusted-services/corstone1000/0021-smm_gateway-add-checks-for-null-attributes.patch
-35
View File
@@ -1,35 +0,0 @@
From 6d3cac6f3a6e977e9330c9c06514a372ade170a2 Mon Sep 17 00:00:00 2001
From: Emekcan <emekcan.aras@arm.com>
Date: Wed, 2 Nov 2022 09:58:27 +0000
Subject: [PATCH] smm_gateway: add checks for null attributes
As par EDK-2 and EDK-2 test code, setVariable() with 0
attributes means a delete variable request. Currently,
smm gatway doesn't handle this scenario. This commit adds
that support.
Upstream-Status: Pending
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
---
components/service/smm_variable/backend/uefi_variable_store.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c
index 6c3b9ed8..a691dc5d 100644
--- a/components/service/smm_variable/backend/uefi_variable_store.c
+++ b/components/service/smm_variable/backend/uefi_variable_store.c
@@ -202,9 +202,9 @@ efi_status_t uefi_variable_store_set_variable(
if (info->is_variable_set) {
/* It's a request to update to an existing variable */
- if (!(var->Attributes &
+ if (!(var->Attributes) || (!(var->Attributes &
(EFI_VARIABLE_APPEND_WRITE | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS_MASK)) &&
- !var->DataSize) {
+ !var->DataSize)) {
/* It's a remove operation - for a remove, the variable
* data must be removed from the storage backend before
--
2.17.1
meta-arm-bsp/recipes-security/trusted-services/corstone1000/0022-GetNextVariableName-Fix.patch
-33
View File
@@ -1,33 +0,0 @@
From 2aa665ad2cb13bc79b645db41686449a47593aab Mon Sep 17 00:00:00 2001
From: Emekcan <emekcan.aras@arm.com>
Date: Thu, 3 Nov 2022 17:43:40 +0000
Subject: [PATCH] smm_gateway: GetNextVariableName Fix
GetNextVariableName() should return EFI_BUFFER_TOO_SMALL
when NameSize is smaller than the actual NameSize. It
currently returns EFI_BUFFER_OUT_OF_RESOURCES due to setting
max_name_len incorrectly. This fixes max_name_len error by
replacing it with actual NameSize request by u-boot.
Upstream-Status: Pending
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
---
.../service/smm_variable/provider/smm_variable_provider.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/components/service/smm_variable/provider/smm_variable_provider.c b/components/service/smm_variable/provider/smm_variable_provider.c
index a9679b7e..6a4b6fa7 100644
--- a/components/service/smm_variable/provider/smm_variable_provider.c
+++ b/components/service/smm_variable/provider/smm_variable_provider.c
@@ -197,7 +197,7 @@ static rpc_status_t get_next_variable_name_handler(void *context, struct call_re
efi_status = uefi_variable_store_get_next_variable_name(
&this_instance->variable_store,
(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME*)resp_buf->data,
- max_name_len,
+ ((SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME*)resp_buf->data)->NameSize,
&resp_buf->data_len);
}
else {
--
2.17.1
meta-arm-bsp/recipes-security/trusted-services/corstone1000/0023-Use-the-stateless-platform-service.patch
-140
View File
@@ -1,140 +0,0 @@
From 956b8a8e1dd5702b9c1657f4ec27a7aeddb0758e Mon Sep 17 00:00:00 2001
From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
Date: Mon, 21 Nov 2022 00:08:20 +0000
Subject: [PATCH] Use the stateless platform service calls
Calls to psa_connect is not needed and psa_call can be called
directly with a pre defined handle.
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
Upstream-Status: Inappropriate [Design is to revisted]
---
.../provider/capsule_update_provider.c | 24 ++++---------------
.../provider/corstone1000_fmp_service.c | 10 ++++----
.../provider/corstone1000_fmp_service.h | 3 +--
components/service/common/include/psa/sid.h | 6 +++++
4 files changed, 16 insertions(+), 27 deletions(-)
diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c
index 991a2235..6809249f 100644
--- a/components/service/capsule_update/provider/capsule_update_provider.c
+++ b/components/service/capsule_update/provider/capsule_update_provider.c
@@ -61,7 +61,6 @@ void capsule_update_provider_deinit(struct capsule_update_provider *context)
static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller)
{
uint32_t ioctl_id;
- psa_handle_t handle;
rpc_status_t rpc_status = TS_RPC_CALL_ACCEPTED;
struct psa_invec in_vec[] = {
@@ -79,31 +78,18 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller)
case CAPSULE_UPDATE_REQUEST:
/* Openamp call with IOCTL for firmware update*/
ioctl_id = IOCTL_CORSTONE1000_FWU_FLASH_IMAGES;
- handle = psa_connect(caller, TFM_SP_PLATFORM_IOCTL_SID,
- TFM_SP_PLATFORM_IOCTL_VERSION);
- if (handle <= 0) {
- EMSG("%s Invalid handle", __func__);
- rpc_status = TS_RPC_ERROR_INVALID_PARAMETER;
- return rpc_status;
- }
- psa_call(caller,handle, PSA_IPC_CALL,
+ psa_call(caller,TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL,
in_vec,IOVEC_LEN(in_vec), NULL, 0);
- set_fmp_image_info(caller, handle);
+ set_fmp_image_info(caller);
break;
case KERNEL_STARTED_EVENT:
ioctl_id = IOCTL_CORSTONE1000_FWU_HOST_ACK;
/*openamp call with IOCTL for kernel start*/
- handle = psa_connect(caller, TFM_SP_PLATFORM_IOCTL_SID,
- TFM_SP_PLATFORM_IOCTL_VERSION);
- if (handle <= 0) {
- EMSG("%s Invalid handle", __func__);
- rpc_status = TS_RPC_ERROR_INVALID_PARAMETER;
- return rpc_status;
- }
- psa_call(caller,handle, PSA_IPC_CALL,
+
+ psa_call(caller,TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL,
in_vec,IOVEC_LEN(in_vec), NULL, 0);
- set_fmp_image_info(caller, handle);
+ set_fmp_image_info(caller);
break;
default:
EMSG("%s unsupported opcode", __func__);
diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c
index 6a7a47a7..d811af9f 100644
--- a/components/service/capsule_update/provider/corstone1000_fmp_service.c
+++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c
@@ -238,8 +238,7 @@ static psa_status_t unpack_image_info(void *buffer, uint32_t size)
return PSA_SUCCESS;
}
-static psa_status_t get_image_info(struct rpc_caller *caller,
- psa_handle_t platform_service_handle)
+static psa_status_t get_image_info(struct rpc_caller *caller)
{
psa_status_t status;
psa_handle_t handle;
@@ -255,7 +254,7 @@ static psa_status_t get_image_info(struct rpc_caller *caller,
memset(image_info_buffer, 0, IMAGE_INFO_BUFFER_SIZE);
- psa_call(caller, platform_service_handle, PSA_IPC_CALL,
+ psa_call(caller, TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL,
in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
status = unpack_image_info(image_info_buffer, IMAGE_INFO_BUFFER_SIZE);
@@ -288,12 +287,11 @@ static psa_status_t set_image_info(struct rpc_caller *caller)
return PSA_SUCCESS;
}
-void set_fmp_image_info(struct rpc_caller *caller,
- psa_handle_t platform_service_handle)
+void set_fmp_image_info(struct rpc_caller *caller)
{
psa_status_t status;
- status = get_image_info(caller, platform_service_handle);
+ status = get_image_info(caller);
if (status != PSA_SUCCESS) {
return;
}
diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.h b/components/service/capsule_update/provider/corstone1000_fmp_service.h
index 95fba2a0..963223e8 100644
--- a/components/service/capsule_update/provider/corstone1000_fmp_service.h
+++ b/components/service/capsule_update/provider/corstone1000_fmp_service.h
@@ -16,8 +16,7 @@ extern "C" {
void provision_fmp_variables_metadata(struct rpc_caller *caller);
-void set_fmp_image_info(struct rpc_caller *caller,
- psa_handle_t platform_service_handle);
+void set_fmp_image_info(struct rpc_caller *caller);
#ifdef __cplusplus
} /* extern "C" */
diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
index 7a29cc25..8103a9af 100644
--- a/components/service/common/include/psa/sid.h
+++ b/components/service/common/include/psa/sid.h
@@ -37,6 +37,12 @@ extern "C" {
#define TFM_CRYPTO_VERSION (1U)
#define TFM_CRYPTO_HANDLE (0x40000100U)
+
+/******** TFM_PLATFORM_SERVICE *******/
+#define TFM_PLATFORM_API_ID_IOCTL (1013)
+#define TFM_PLATFORM_SERVICE_HANDLE (0x40000105U)
+
+
/**
* \brief Define a progressive numerical value for each SID which can be used
* when dispatching the requests to the service
--
2.25.1
meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
+6 -26
View File
@@ -2,32 +2,12 @@ FILESEXTRAPATHS:prepend:corstone1000 := "${THISDIR}/corstone1000:"
COMPATIBLE_MACHINE:corstone1000 = "corstone1000"
SRC_URI:append:corstone1000 = " \
file://0001-Add-openamp-to-SE-proxy-deployment.patch;patchdir=../trusted-services \
file://0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch;patchdir=../trusted-services \
file://0003-Add-openamp-rpc-caller.patch;patchdir=../trusted-services \
file://0004-add-psa-client-definitions-for-ff-m.patch;patchdir=../trusted-services \
file://0005-Add-common-service-component-to-ipc-support.patch;patchdir=../trusted-services \
file://0006-Add-secure-storage-ipc-backend.patch;patchdir=../trusted-services \
file://0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch;patchdir=../trusted-services \
file://0008-Run-psa-arch-test.patch;patchdir=../trusted-services \
file://0009-Use-address-instead-of-pointers.patch;patchdir=../trusted-services \
file://0010-Add-psa-ipc-attestation-to-se-proxy.patch;patchdir=../trusted-services \
file://0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch;patchdir=../trusted-services;patchdir=../trusted-services \
file://0012-add-psa-ipc-crypto-backend.patch;patchdir=../trusted-services \
file://0013-Add-stub-capsule-update-service-components.patch;patchdir=../trusted-services \
file://0014-Configure-storage-size.patch;patchdir=../trusted-services \
file://0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch;patchdir=../trusted-services;patchdir=../trusted-services \
file://0016-Integrate-remaining-psa-ipc-client-APIs.patch;patchdir=../trusted-services \
file://0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch;patchdir=../trusted-services;patchdir=../trusted-services \
file://0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch;patchdir=../trusted-services \
file://0019-plat-corstone1000-change-default-smm-values.patch;patchdir=../trusted-services \
file://0020-FMP-Support-in-Corstone1000.patch;patchdir=../trusted-services \
file://0021-smm_gateway-add-checks-for-null-attributes.patch;patchdir=../trusted-services \
file://0022-GetNextVariableName-Fix.patch;patchdir=../trusted-services \
file://0023-Use-the-stateless-platform-service.patch;patchdir=../trusted-services \
file://0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch;patchdir=../trusted-services \
file://0025-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch;patchdir=../trusted-services \
file://0026-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch;patchdir=../trusted-services \
file://0001-Add-stub-capsule-update-service-components.patch;patchdir=../trusted-services \
file://0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch;patchdir=../trusted-services \
file://0003-FMP-Support-in-Corstone1000.patch;patchdir=../trusted-services \
file://0004-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch;patchdir=../trusted-services \
file://0005-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch;patchdir=../trusted-services \
file://0006-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch;patchdir=../trusted-services \
"