TF-M sources integration to Mbed-OS

.astyleignore

@@ -22,4 +22,5 @@ TESTS/mbed_hal/trng/pithy
 targets
 components/802.15.4_RF
 components/wifi
+components/TARGET_PSA/TARGET_TFM
 tools

.travis.yml

@@ -323,6 +323,8 @@ matrix:
     - env:
         - NAME=psa-autogen
       script:
-        # Run SPM code generator and check that changes are not needed
-        - python tools/spm/generate_partition_code.py
+        # Run SPM code generators and check that changes are not needed
+        - python tools/psa/generate_mbed_spm_partition_code.py
+        - git diff --exit-code
+        - python tools/psa/generate_tfm_partition_code.py
         - git diff --exit-code

LICENSE

@@ -5,6 +5,7 @@ Folders containing files under different permissive license than Apache 2.0 are
 
 - [cmsis](./cmsis) - MIT, BSD-3-Clause
 - [components/802.15.4_RF/mcr20a-rf-driver](./components/802.15.4_RF/mcr20a-rf-driver) - BSD-3-Clause
+- [components/TARGET_PSA/TARGET_TFM](./components/TARGET_PSA/TARGET_TFM) - BSD-3-Clause
 - [features/cryptocell/FEATURE_CRYPTOCELL310](./features/cryptocell/FEATURE_CRYPTOCELL310) - ARM Object Code and Header Files License
 - [features/FEATURE_BOOTLOADER](./features/FEATURE_BOOTLOADER) - PBL
 - [features/FEATURE_BLE/targets](./features/FEATURE_BLE/targets) - BSD-style, PBL, MIT-style

TESTS/psa/spm_client/COMPONENT_NSPE/client_ipc_tests.cpp

@@ -19,6 +19,10 @@
 #error [NOT_SUPPORTED] SPM tests can run only on SPM-enabled targets
 #endif // COMPONENT_PSA_SRV_IPC
 
+#ifndef TARGET_MBED_SPM
+#error [NOT_SUPPORTED] SPM tests currently only run on MBED_SPM targets
+#endif // TARGET_MBED_SPM
+
 #include "mbed.h"
 #include "greentea-client/test_env.h"
 #include "unity.h"

TESTS/psa/spm_server/COMPONENT_NSPE/main.cpp

@@ -19,6 +19,10 @@
 #error [NOT_SUPPORTED] SPM tests can run only on SPM-enabled targets
 #endif // COMPONENT_PSA_SRV_IPC
 
+#ifndef TARGET_MBED_SPM
+#error [NOT_SUPPORTED] SPM tests currently only run on MBED_SPM targets
+#endif // TARGET_MBED_SPM
+
 #include "mbed.h"
 #include "greentea-client/test_env.h"
 #include "unity.h"

TESTS/psa/spm_smoke/COMPONENT_NSPE/main.cpp

@@ -19,6 +19,11 @@
 #ifndef COMPONENT_PSA_SRV_IPC
 #error [NOT_SUPPORTED] SPM tests can run only on SPM-enabled targets
 #endif // COMPONENT_PSA_SRV_IPC
+
+#ifndef TARGET_MBED_SPM
+#error [NOT_SUPPORTED] SPM tests currently only run on MBED_SPM targets
+#endif // TARGET_MBED_SPM
+
 /* -------------------------------------- Includes ----------------------------------- */
 
 #include "greentea-client/test_env.h"

components/TARGET_PSA/TARGET_TFM/COMPONENT_NSPE/interface/src/tfm_ns_lock_rtx.c

@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 2017-2018, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+#include <stdint.h>
+#include <stdbool.h>
+
+#include "cmsis.h"
+#include "rtx_os.h"
+#include "cmsis_os2.h"
+
+#include "tfm_api.h"
+#include "tfm_ns_lock.h"
+
+/**
+ * \brief struct ns_lock_state type
+ */
+struct ns_lock_state
+{
+    bool        init;
+    osMutexId_t id;
+};
+
+/**
+ * \brief ns_lock status
+ */
+static struct ns_lock_state ns_lock = {.init=false, .id=NULL};
+
+/**
+ * \brief Mutex properties, NS lock
+ */
+
+static osRtxMutex_t ns_lock_cb = { 0 };
+
+static const osMutexAttr_t ns_lock_attrib = {
+    .name = "ns_lock",
+    .attr_bits = osMutexPrioInherit,
+    .cb_mem = &ns_lock_cb,
+    .cb_size = sizeof(ns_lock_cb)
+};
+
+/**
+ * \brief NS world, NS lock based dispatcher
+ */
+uint32_t tfm_ns_lock_dispatch(veneer_fn fn,
+                              uint32_t arg0, uint32_t arg1,
+                              uint32_t arg2, uint32_t arg3)
+{
+    uint32_t result;
+
+    /* Check the NS lock has been initialized */
+    if (ns_lock.init == false) {
+        return TFM_ERROR_GENERIC;
+    }
+
+    /* TFM request protected by NS lock */
+    osMutexAcquire(ns_lock.id,osWaitForever);
+
+    result = fn(arg0, arg1, arg2, arg3);
+
+    osMutexRelease(ns_lock.id);
+
+    return result;
+}
+
+/**
+ * \brief NS world, Init NS lock
+ */
+uint32_t tfm_ns_lock_init()
+{
+    if (ns_lock.init == false) {
+        ns_lock.id = osMutexNew(&ns_lock_attrib);
+        ns_lock.init = true;
+        return TFM_SUCCESS;
+    }
+    else {
+        return TFM_ERROR_GENERIC;
+    }
+}
+
+bool tfm_ns_lock_get_init_state()
+{
+    return ns_lock.init;
+}
+

components/TARGET_PSA/TARGET_TFM/COMPONENT_NSPE/interface/src/tfm_psa_ns_api.c

@@ -0,0 +1,75 @@
+/*
+ * Copyright (c) 2018, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "interface/include/psa_client.h"
+#include "tfm_ns_lock.h"
+#include "tfm_api.h"
+
+/**** API functions ****/
+
+uint32_t psa_framework_version(void)
+{
+    return tfm_ns_lock_dispatch((veneer_fn)tfm_psa_framework_version_veneer,
+                                0,
+                                0,
+                                0,
+                                0);
+}
+
+uint32_t psa_version(uint32_t sid)
+{
+    return tfm_ns_lock_dispatch((veneer_fn)tfm_psa_version_veneer,
+                                sid,
+                                0,
+                                0,
+                                0);
+}
+
+psa_handle_t psa_connect(uint32_t sid, uint32_t minor_version)
+{
+    return tfm_ns_lock_dispatch((veneer_fn)tfm_psa_connect_veneer,
+                                sid,
+                                minor_version,
+                                0,
+                                0);
+}
+
+psa_status_t psa_call(psa_handle_t handle,
+                      const psa_invec *in_vec,
+                      size_t in_len,
+                      psa_outvec *out_vec,
+                      size_t out_len)
+{
+    /* FixMe: sanity check can be added to offload some NS thread checks from
+     * TFM secure API
+     */
+
+    /* Due to v8M restrictions, TF-M NS API needs to add another layer of
+     * serialization in order for NS to pass arguments to S
+     */
+    psa_invec in_vecs, out_vecs;
+
+    in_vecs.base = in_vec;
+    in_vecs.len = in_len;
+    out_vecs.base = out_vec;
+    out_vecs.len = out_len;
+    return tfm_ns_lock_dispatch((veneer_fn)tfm_psa_call_veneer,
+                                (uint32_t)handle,
+                                (uint32_t)&in_vecs,
+                                (uint32_t)&out_vecs,
+                                0);
+}
+
+void psa_close(psa_handle_t handle)
+{
+    tfm_ns_lock_dispatch((veneer_fn)tfm_psa_close_veneer,
+                         (uint32_t)handle,
+                         0,
+                         0,
+                         0);
+}
+

components/TARGET_PSA/TARGET_TFM/COMPONENT_SPE/autogen/tfm_partition_defs.inc

@@ -0,0 +1,37 @@
+/* Copyright (c) 2017-2019 ARM Limited
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*********** WARNING: This is an auto-generated file. Do not edit! ***********/
+
+#ifndef __TFM_PARTITION_DEFS_INC__
+#define __TFM_PARTITION_DEFS_INC__
+
+#ifdef TFM_PSA_API
+#define ITS_ID (TFM_SP_BASE + 0)
+#endif
+
+#ifdef TFM_PSA_API
+#define PLATFORM_ID (TFM_SP_BASE + 1)
+#endif
+
+#ifdef TFM_PSA_API
+#define CRYPTO_SRV_ID (TFM_SP_BASE + 2)
+#endif
+
+#define TFM_MAX_USER_PARTITIONS (3)
+
+#endif /* __TFM_PARTITION_DEFS_INC__ */

components/TARGET_PSA/TARGET_TFM/COMPONENT_SPE/autogen/tfm_partition_list.inc

@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+/*********** WARNING: This is an auto-generated file. Do not edit! ***********/
+
+#ifndef __TFM_PARTITION_LIST_INC__
+#define __TFM_PARTITION_LIST_INC__
+
+#ifdef TFM_PSA_API
+/******** ITS ********/
+PARTITION_DECLARE(ITS, 0
+    | SPM_PART_FLAG_IPC
+    , "APPLICATION-ROT", 10, NORMAL, 2048);
+PARTITION_ADD_INIT_FUNC(ITS, its_entry);
+#endif /* TFM_PSA_API */
+
+#ifdef TFM_PSA_API
+/******** PLATFORM ********/
+PARTITION_DECLARE(PLATFORM, 0
+    | SPM_PART_FLAG_IPC
+    , "APPLICATION-ROT", 8, NORMAL, 1024);
+PARTITION_ADD_INIT_FUNC(PLATFORM, platform_partition_entry);
+#endif /* TFM_PSA_API */
+
+#ifdef TFM_PSA_API
+/******** CRYPTO_SRV ********/
+PARTITION_DECLARE(CRYPTO_SRV, 0
+    | SPM_PART_FLAG_IPC
+    , "APPLICATION-ROT", 35, NORMAL, 16384);
+PARTITION_ADD_INIT_FUNC(CRYPTO_SRV, crypto_main);
+#endif /* TFM_PSA_API */
+
+#endif /* __TFM_PARTITION_LIST_INC__ */

components/TARGET_PSA/TARGET_TFM/COMPONENT_SPE/autogen/tfm_service_list.inc

@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+/*********** WARNING: This is an auto-generated file. Do not edit! ***********/
+
+#ifndef __TFM_SERVICE_LIST_INC__
+#define __TFM_SERVICE_LIST_INC__
+
+#ifdef TFM_PSA_API
+/******** ITS ********/
+{"PSA_ITS_GET", ITS_ID, PSA_ITS_GET_MSK, 0x00011A00, true, 1, TFM_VERSION_POLICY_RELAXED},
+{"PSA_ITS_SET", ITS_ID, PSA_ITS_SET_MSK, 0x00011A01, true, 1, TFM_VERSION_POLICY_RELAXED},
+{"PSA_ITS_INFO", ITS_ID, PSA_ITS_INFO_MSK, 0x00011A02, true, 1, TFM_VERSION_POLICY_RELAXED},
+{"PSA_ITS_REMOVE", ITS_ID, PSA_ITS_REMOVE_MSK, 0x00011A03, true, 1, TFM_VERSION_POLICY_RELAXED},
+{"PSA_ITS_RESET", ITS_ID, PSA_ITS_RESET_MSK, 0x00011A04, false, 1, TFM_VERSION_POLICY_RELAXED},
+#endif /* TFM_PSA_API */
+
+#ifdef TFM_PSA_API
+/******** PLATFORM ********/
+{"PSA_PLATFORM_LC_GET", PLATFORM_ID, PSA_PLATFORM_LC_GET_MSK, 0x00011000, true, 1, TFM_VERSION_POLICY_RELAXED},
+{"PSA_PLATFORM_LC_SET", PLATFORM_ID, PSA_PLATFORM_LC_SET_MSK, 0x00011001, true, 1, TFM_VERSION_POLICY_RELAXED},
+{"PSA_PLATFORM_SYSTEM_RESET", PLATFORM_ID, PSA_PLATFORM_SYSTEM_RESET_MSK, 0x00011002, true, 1, TFM_VERSION_POLICY_RELAXED},
+#endif /* TFM_PSA_API */
+
+#ifdef TFM_PSA_API
+/******** CRYPTO_SRV ********/
+{"PSA_CRYPTO_INIT_ID", CRYPTO_SRV_ID, PSA_CRYPTO_INIT, 0x00000F00, true, 1, TFM_VERSION_POLICY_STRICT},
+{"PSA_MAC_ID", CRYPTO_SRV_ID, PSA_MAC, 0x00000F01, true, 1, TFM_VERSION_POLICY_STRICT},
+{"PSA_HASH_ID", CRYPTO_SRV_ID, PSA_HASH, 0x00000F02, true, 1, TFM_VERSION_POLICY_STRICT},
+{"PSA_ASYMMETRIC_ID", CRYPTO_SRV_ID, PSA_ASYMMETRIC, 0x00000F03, true, 1, TFM_VERSION_POLICY_STRICT},
+{"PSA_SYMMETRIC_ID", CRYPTO_SRV_ID, PSA_SYMMETRIC, 0x00000F04, true, 1, TFM_VERSION_POLICY_STRICT},
+{"PSA_AEAD_ID", CRYPTO_SRV_ID, PSA_AEAD, 0x00000F05, true, 1, TFM_VERSION_POLICY_STRICT},
+{"PSA_KEY_MNG_ID", CRYPTO_SRV_ID, PSA_KEY_MNG, 0x00000F06, true, 1, TFM_VERSION_POLICY_STRICT},
+{"PSA_RNG_ID", CRYPTO_SRV_ID, PSA_RNG, 0x00000F07, true, 1, TFM_VERSION_POLICY_STRICT},
+{"PSA_CRYPTO_FREE_ID", CRYPTO_SRV_ID, PSA_CRYPTO_FREE, 0x00000F08, true, 1, TFM_VERSION_POLICY_STRICT},
+{"PSA_GENERATOR_ID", CRYPTO_SRV_ID, PSA_GENERATOR, 0x00000F09, true, 1, TFM_VERSION_POLICY_STRICT},
+{"PSA_ENTROPY_ID", CRYPTO_SRV_ID, PSA_ENTROPY_INJECT, 0x00000F0A, true, 1, TFM_VERSION_POLICY_STRICT},
+#endif /* TFM_PSA_API */
+
+#endif /* __TFM_SERVICE_LIST_INC__ */