Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PSA: PSoC 6 Correct TRNG behaviour #10025

Merged
merged 1 commit into from Mar 11, 2019

Conversation

Projects
None yet
7 participants
@orenc17
Copy link
Contributor

commented Mar 10, 2019

Description

On PSA targets the TRNG should be accessible from the secure-side only.
By removing NVSEED and restricting TRNG to secure-core we achieve that requirement.

Relevant tests passed

Pull request type

[ ] Fix
[X] Refactor
[ ] Target update
[ ] Functionality change
[ ] Docs update
[ ] Test update
[ ] Breaking change

Reviewers

Release Notes

@ARMmbed/team-cypress @ARMmbed/mbed-os-psa

PSoC 6 Correct TRNG behaviour
* Remove NVSEED from M0_PSA
* Disable TRNG support for PSA M4
@NirSonnenschein

This comment has been minimized.

Copy link
Contributor

commented Mar 10, 2019

starting CI pending reviews

@NirSonnenschein NirSonnenschein requested review from ARMmbed/mbed-os-psa Mar 10, 2019

@alzix
Copy link
Contributor

left a comment

Removing an API from compilation is not sufficient from security perspective.
Is the peripheral accessible from cm4?

@orenc17

This comment has been minimized.

Copy link
Contributor Author

commented Mar 10, 2019

I'm not removing the API, I'm letting the HRNG API take over

In PSoC 6 boards the crypto block is assigned to the m0+ core, access from the m4 core will result in Hardfault

@mbed-ci

This comment has been minimized.

Copy link

commented Mar 10, 2019

Test run: SUCCESS

Summary: 13 of 13 test jobs passed
Build number : 1
Build artifacts

@@ -8067,7 +8066,7 @@
"inherits": ["NSPE_Target", "CY8CKIT_062_WIFI_BT"],
"extra_labels_add": ["PSA", "MBED_SPM"],
"components_add": ["SPM_MAILBOX", "FLASHIAP"],
"device_has_remove": ["TRNG", "CRC"],

This comment has been minimized.

Copy link
@alzix

alzix Mar 11, 2019

Contributor

TRNG must be restored
it is device_has_remove

@alzix

alzix approved these changes Mar 11, 2019

Copy link
Contributor

left a comment

LGTM

@0xc0170

This comment has been minimized.

Copy link
Member

commented Mar 11, 2019

@ARMmbed/team-cypress Review please, we would like to integrate this PR soon

@NirSonnenschein

This comment has been minimized.

Copy link
Contributor

commented Mar 11, 2019

Hi @0xc0170 : as this doesn't directly modify any cypress code Oren says he added cypress so they are aware of the change. will provide more details here shortly

@OlegKapshii

This comment has been minimized.

Copy link
Contributor

commented Mar 11, 2019

For me, removing TRNG device from CM4_PSA target (as it was before) looks more logical, than a simple NV_SEED disabling. If there are no TRNG device - than nobody can work with it. If only one feature that needs TRNG is disabled, somebody can try to work with TRNG via another feature. In case anybody tries to work with TRNG (HW PSoC6 block) from CM4, it causes a CM4 HardFault.
But I am not enough familiar with the feature/system internals. If it is ok for ARM, than it is ok for me.

@orenc17

This comment has been minimized.

Copy link
Contributor Author

commented Mar 11, 2019

@0xc0170 this PR doesn't actually change any of the Cypress code.
@ARMmbed/team-cypress The change is needed due to the nature of the PSA target with memory protection scheme.

if a user will try to access the TRNG from the M4 core on a PSA target, the user will get into HardFault.
that is why we enable the HRNG API which calls psa_crypto over SPM, access the TRNG on the M0+ core and return the random data.

the HRNG API relies on the platform having TRNG macro, that is why we add #if !(defined(TARGET_PSA) && defined(COMPONENT_NSPE)) to disable the access to the real TRNG from the M4 core.

@orenc17

This comment has been minimized.

Copy link
Contributor Author

commented Mar 11, 2019

@OlegKapshii defining NVSEED basically sets it as the only entropy source, which is causing the issue
it masks the TRNG functionality

@OlegKapshii

This comment has been minimized.

Copy link
Contributor

commented Mar 11, 2019

Now I understand. LGTM

@0xc0170 0xc0170 merged commit e0c7e08 into ARMmbed:master Mar 11, 2019

28 checks passed

continuous-integration/jenkins/pr-head This commit looks good
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
jenkins-ci/build-ARMC5 Success
Details
jenkins-ci/build-ARMC6 Success
Details
jenkins-ci/build-GCC_ARM Success
Details
jenkins-ci/build-IAR8 Success
Details
jenkins-ci/cloud-client-test Success
Details
jenkins-ci/dynamic-memory-usage RTOS ROM(+0 bytes) RAM(+0 bytes)
Details
jenkins-ci/exporter Success
Details
jenkins-ci/greentea-test Success
Details
jenkins-ci/mbed2-build-ARMC5 Success
Details
jenkins-ci/mbed2-build-ARMC6 Success
Details
jenkins-ci/mbed2-build-GCC_ARM Success
Details
jenkins-ci/mbed2-build-IAR8 Success
Details
jenkins-ci/unittests Success
Details
travis-ci/astyle Local astyle testing has passed
Details
travis-ci/docs Local docs testing has passed
Details
travis-ci/doxy-spellcheck Local doxy-spellcheck testing has passed
Details
travis-ci/events Passed, runtime is 9074 cycles
Details
travis-ci/gitattributestest Local gitattributestest testing has passed
Details
travis-ci/include_check Local include_check testing has passed
Details
travis-ci/licence_check Local licence_check testing has passed
Details
travis-ci/littlefs Passed, code size is 8408B
Details
travis-ci/psa-autogen Local psa-autogen testing has passed
Details
travis-ci/tools-py2.7 Local tools-py2.7 testing has passed
Details
travis-ci/tools-py3.5 Local tools-py3.5 testing has passed
Details
travis-ci/tools-py3.6 Local tools-py3.6 testing has passed
Details
travis-ci/tools-py3.7 Local tools-py3.7 testing has passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.