Add new platform partition

Author: Alexander Zilberkant

components/TARGET_PSA/inc/psa/lifecycle.h

@@ -0,0 +1,69 @@
+/* Copyright (c) 2018 ARM Limited
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __LIFECYCLE_H__
+#define __LIFECYCLE_H__
+
+/** @file
+@brief This file describes the PSA RoT Lifecycle API
+*/
+
+#include <stddef.h>
+#include <stdint.h>
+
+#ifdef   __cplusplus
+extern "C"
+{
+#endif
+
+typedef int32_t psa_status_t;
+
+#define PSA_LIFECYCLE_STATE_MASK    (0xff00u)  /**< A mask value that extracts the main lifecycle state */
+#define PSA_LIFECYCLE_SUBSTATE_MASK (0x00ffu)  /**< A mask value that extracts the IMPLEMENTATION DEFINED lifecycle sub-state */
+
+#define PSA_LIFECYCLE_UNKNOWN                     (0x0000u)  /**< State is unknown */
+#define PSA_LIFECYCLE_ASSEMBLY_AND_TEST           (0x1000u)  /**< Assembly and Test state */
+#define PSA_LIFECYCLE_PSA_ROT_PROVISIONING        (0x2000u)  /**< PSA RoT Provisioning state */
+#define PSA_LIFECYCLE_SECURED                     (0x3000u)  /**< Secured state */
+#define PSA_LIFECYCLE_NON_PSA_ROT_DEBUG           (0x4000u)  /**< Non PSA RoT debug state */
+#define PSA_LIFECYCLE_RECOVERABLE_PSA_ROT_DEBUG   (0x5000u)  /**< Recoverable PSA RoT Debug state */
+#define PSA_LIFECYCLE_DECOMMISSIONED              (0x6000u)  /**< Decommissioned state */
+
+#define PSA_LIFECYCLE_SUCCESS 0
+#define PSA_LIFECYCLE_ERROR   (INT32_MIN + 1000)
+
+/** \brief Get PSA RoT lifecycle state
+ *
+ * \retval The main state and sub-state are encoded as follows:@n
+        @a version[15:8] – main lifecycle state
+        @a version[7:0] – IMPLEMENTATION DEFINED sub-state
+ */
+uint32_t psa_security_lifecycle_state(void);
+
+/** \brief Request state change
+ *
+ * State change requested and the system.
+ * TODO when not drunk
+ */
+psa_status_t mbed_psa_reboot_and_request_new_security_state(uint32_t new_state);
+
+
+#ifdef   __cplusplus
+}
+#endif
+
+#endif // __LIFECYCLE_H__

components/TARGET_PSA/services/platform/COMPONENT_PSA_SRV_EMUL/platform_emul.c

@@ -0,0 +1,30 @@
+/* Copyright (c) 2018 ARM Limited
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "psa/lifecycle.h"
+#include "platform_srv_impl.h"
+
+uint32_t psa_security_lifecycle_state(void)
+{
+    uint32_t lc_state = 0;
+    return psa_platfrom_lifecycle_get_impl(&lc_state);
+}
+
+psa_status_t mbed_psa_reboot_and_request_new_security_state(uint32_t new_state)
+{
+    return psa_platfrom_lifecycle_change_request_impl(new_state);
+}

components/TARGET_PSA/services/platform/COMPONENT_PSA_SRV_IMPL/platform_srv_impl.c

@@ -0,0 +1,41 @@
+/* Copyright (c) 2018 ARM Limited
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "psa/lifecycle.h"
+#include "psa/internal_trusted_storage.h"
+#include "platform_srv_impl.h"
+
+#ifndef MBED_CONF_LIFECYCLE_STATE
+#define MBED_CONF_LIFECYCLE_STATE PSA_LIFECYCLE_ASSEMBLY_AND_TEST
+#endif
+
+psa_status_t psa_platfrom_lifecycle_get_impl(uint32_t *lc_state)
+{
+//    SPM_ASSERT(lc_state);
+    *lc_state = MBED_CONF_LIFECYCLE_STATE;
+    return PSA_LIFECYCLE_SUCCESS;
+}
+
+psa_its_status_t psa_its_reset();
+
+psa_status_t psa_platfrom_lifecycle_change_request_impl(uint32_t state)
+{
+    if (PSA_LIFECYCLE_ASSEMBLY_AND_TEST == state) {
+        return psa_its_reset();
+    }
+    return PSA_LIFECYCLE_ERROR;
+}

components/TARGET_PSA/services/platform/COMPONENT_PSA_SRV_IMPL/platform_srv_impl.h

@@ -0,0 +1,26 @@
+/* Copyright (c) 2018 ARM Limited
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __PLATFROM_SRV_IMPL_H__
+#define __PLATFROM_SRV_IMPL_H__
+
+#include "psa/client.h"
+
+psa_status_t psa_platfrom_lifecycle_get_impl(uint32_t *lc_state);
+psa_status_t psa_platfrom_lifecycle_change_request_impl(uint32_t lc_state);
+
+#endif // __PLATFROM_SRV_IMPL_H__

components/TARGET_PSA/services/platform/COMPONENT_PSA_SRV_IPC/platform_ipc.c

@@ -0,0 +1,58 @@
+/* Copyright (c) 2018 ARM Limited
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "psa_platform_ifs.h"
+#include "psa/lifecycle.h"
+#include "psa/client.h"
+
+uint32_t psa_security_lifecycle_state(void)
+{
+    psa_handle_t conn = psa_connect(PSA_PLATFORM_LC_GET, 1);
+    if (conn <= PSA_NULL_HANDLE) {
+        return PSA_LIFECYCLE_UNKNOWN;
+    }
+
+    uint32_t lc_state = 0;
+    psa_outvec resp[1] = { &lc_state, sizeof(lc_state) };
+
+    psa_status_t status = psa_call(conn, NULL, 0, resp, 1);
+    if (status == PSA_DROP_CONNECTION) {
+        lc_state = PSA_LIFECYCLE_UNKNOWN;
+    }
+
+    psa_close(conn);
+
+    return lc_state;
+}
+
+psa_status_t mbed_psa_reboot_and_request_new_security_state(uint32_t new_state)
+{
+    psa_handle_t conn = psa_connect(PSA_PLATFORM_LC_SET, 1);
+    if (conn <= PSA_NULL_HANDLE) {
+        return (psa_status_t) conn;
+    }
+
+    psa_invec msg[1] = {
+        { &new_state, sizeof(new_state) }
+    };
+
+    psa_status_t status = psa_call(conn, msg, 1, NULL, 0);
+
+    psa_close(conn);
+    return status;
+}
+

components/TARGET_PSA/services/platform/COMPONENT_SPE/TARGET_MBED_SPM/psa_platform_partition.c

@@ -0,0 +1,117 @@
+/* Copyright (c) 2017-2018 ARM Limited
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/***********************************************************************************************************************
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * THIS FILE IS AN AUTO-GENERATED FILE - DO NOT MODIFY IT.
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * Template Version 1.0
+ * Generated by tools/spm/generate_partition_code.py Version 1.0
+ **********************************************************************************************************************/
+
+#if !defined(TARGET_TFM)
+
+#include "cmsis.h"
+#include "mbed_toolchain.h" /* For using MBED_ALIGN macro */
+#include "rtx_os.h"
+#include "spm_panic.h"
+#include "spm_internal.h"
+#include "psa_platform_partition.h"
+#include "psa_platform_ifs.h"
+
+
+/* Threads stacks */
+MBED_ALIGN(8) uint8_t platform_thread_stack[1024] = {0};
+
+/* Threads control blocks */
+osRtxThread_t platform_thread_cb = {0};
+
+/* Thread attributes - for thread initialization */
+osThreadAttr_t platform_thread_attr = {
+    .name = "platform",
+    .attr_bits = 0,
+    .cb_mem = &platform_thread_cb,
+    .cb_size = sizeof(platform_thread_cb),
+    .stack_mem = platform_thread_stack,
+    .stack_size = 1024,
+    .priority = osPriorityNormal,
+    .tz_module = 0,
+    .reserved = 0
+};
+
+spm_rot_service_t platform_rot_services[PLATFORM_ROT_SRV_COUNT] = {
+    {
+        .sid = PSA_PLATFORM_LC_GET,
+        .mask = PSA_PLATFORM_LC_GET_MSK,
+        .partition = NULL,
+        .min_version = 1,
+        .min_version_policy = PSA_MINOR_VERSION_POLICY_RELAXED,
+        .allow_nspe = true,
+        .queue = {
+            .head = NULL,
+            .tail = NULL
+        }
+    },
+    {
+        .sid = PSA_PLATFORM_LC_SET,
+        .mask = PSA_PLATFORM_LC_SET_MSK,
+        .partition = NULL,
+        .min_version = 1,
+        .min_version_policy = PSA_MINOR_VERSION_POLICY_RELAXED,
+        .allow_nspe = true,
+        .queue = {
+            .head = NULL,
+            .tail = NULL
+        }
+    },
+};
+
+
+static osRtxMutex_t platform_mutex = {0};
+static const osMutexAttr_t platform_mutex_attr = {
+    .name = "platform_mutex",
+    .attr_bits = osMutexRecursive | osMutexPrioInherit | osMutexRobust,
+    .cb_mem = &platform_mutex,
+    .cb_size = sizeof(platform_mutex),
+};
+
+
+extern void platform_partition_entry(void *ptr);
+
+void platform_init(spm_partition_t *partition)
+{
+    if (NULL == partition) {
+        SPM_PANIC("partition is NULL!\n");
+    }
+
+    partition->mutex = osMutexNew(&platform_mutex_attr);
+    if (NULL == partition->mutex) {
+        SPM_PANIC("Failed to create mutex for secure partition platform!\n");
+    }
+
+    for (uint32_t i = 0; i < PLATFORM_ROT_SRV_COUNT; ++i) {
+        platform_rot_services[i].partition = partition;
+    }
+    partition->rot_services = platform_rot_services;
+
+    partition->thread_id = osThreadNew(platform_partition_entry, NULL, &platform_thread_attr);
+    if (NULL == partition->thread_id) {
+        SPM_PANIC("Failed to create start main thread of partition platform!\n");
+    }
+}
+
+#endif // !defined(TARGET_TFM)