suit: Add support for MFS_VAR in suit_plat_copy

Add support for copying MFST_VAR content between manifes variables.

Ref: NCSDK-30807

Signed-off-by: Tomasz Chyrowicz <[email protected]>

Author: tomchy

subsys/suit/platform/CMakeLists.txt

@@ -16,6 +16,7 @@ zephyr_library_sources(src/suit_plat_commands.c)
 zephyr_library_sources(src/suit_plat_version.c)
 zephyr_library_sources(src/suit_plat_fetch.c)
 zephyr_library_sources(src/suit_plat_retrieve_manifest.c)
+zephyr_library_sources(src/suit_plat_copy.c)
 zephyr_library_sources(src/suit_plat_write.c)
 zephyr_library_sources(src/suit_plat_check_content.c)
 zephyr_library_sources_ifdef(CONFIG_SUIT_CHECK_IMAGE_MATCH src/suit_plat_check_image_match.c)

subsys/suit/platform/app/CMakeLists.txt

@@ -13,7 +13,7 @@ zephyr_library()
 
 zephyr_library_sources(src/suit_plat_swap.c)
 zephyr_library_sources(src/suit_plat_fetch_app_specific.c)
-zephyr_library_sources(src/suit_plat_copy.c)
+zephyr_library_sources(src/suit_plat_copy_app_specific.c)
 zephyr_library_sources(src/suit_plat_write_app_specific.c)
 zephyr_library_sources(src/suit_plat_retrieve_manifest_app_specific.c)
 zephyr_library_sources(src/suit_plat_version_app_specific.c)

subsys/suit/platform/app/src/suit_plat_copy.c

@@ -0,0 +1,33 @@
+/*
+ * Copyright (c) 2023 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+ */
+
+#include <suit_plat_copy_domain_specific.h>
+
+bool suit_plat_copy_domain_specific_is_type_supported(suit_component_type_t dst_component_type,
+						      suit_component_type_t src_component_type)
+{
+	return false;
+}
+
+int suit_plat_check_copy_domain_specific(suit_component_t dst_handle,
+					 suit_component_type_t dst_component_type,
+					 suit_component_t src_handle,
+					 suit_component_type_t src_component_type,
+					 struct zcbor_string *manifest_component_id,
+					 struct suit_encryption_info *enc_info)
+{
+	return SUIT_ERR_UNSUPPORTED_COMMAND;
+}
+
+int suit_plat_copy_domain_specific(suit_component_t dst_handle,
+				   suit_component_type_t dst_component_type,
+				   suit_component_t src_handle,
+				   suit_component_type_t src_component_type,
+				   struct zcbor_string *manifest_component_id,
+				   struct suit_encryption_info *enc_info)
+{
+	return SUIT_ERR_UNSUPPORTED_COMMAND;
+}

subsys/suit/platform/app/src/suit_plat_copy_app_specific.c

@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2024 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+ */
+
+#ifndef SUIT_PLAT_COPY_DOMAIN_SPECIFIC_H__
+#define SUIT_PLAT_COPY_DOMAIN_SPECIFIC_H__
+
+#include <stdint.h>
+#include <suit_types.h>
+#include <suit_platform_internal.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief Return destination component type supported by suit_plat_copy for the current domain.
+ */
+bool suit_plat_copy_domain_specific_is_type_supported(suit_component_type_t dst_component_type,
+						      suit_component_type_t src_component_type);
+
+/**
+ * @brief Domain specific part of the core part of the suit_plat_copy function.
+ */
+int suit_plat_check_copy_domain_specific(suit_component_t dst_handle,
+					 suit_component_type_t dst_component_type,
+					 suit_component_t src_handle,
+					 suit_component_type_t src_component_type,
+					 struct zcbor_string *manifest_component_id,
+					 struct suit_encryption_info *enc_info);
+
+/**
+ * @brief Domain specific part of the core part of the suit_plat_copy function.
+ */
+int suit_plat_copy_domain_specific(suit_component_t dst_handle,
+				   suit_component_type_t dst_component_type,
+				   suit_component_t src_handle,
+				   suit_component_type_t src_component_type,
+				   struct zcbor_string *manifest_component_id,
+				   struct suit_encryption_info *enc_info);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* SUIT_PLAT_COPY_DOMAIN_SPECIFIC_H__ */

subsys/suit/platform/include/suit_plat_copy_domain_specific.h

@@ -13,7 +13,7 @@ zephyr_library()
 
 zephyr_library_sources(src/suit_plat_swap.c)
 zephyr_library_sources(src/suit_plat_fetch_sdfw_specific.c)
-zephyr_library_sources(src/suit_plat_copy.c)
+zephyr_library_sources(src/suit_plat_copy_sdfw_specific.c)
 zephyr_library_sources(src/suit_plat_write_sdfw_specific.c)
 zephyr_library_sources(src/suit_plat_retrieve_manifest_sdfw_specific.c)
 zephyr_library_sources(src/suit_plat_version_sdfw_specific.c)

subsys/suit/platform/sdfw/CMakeLists.txt

@@ -13,6 +13,7 @@
 #include <suit_plat_digest_cache.h>
 #include <suit_plat_memptr_size_update.h>
 #include <suit_memory_layout.h>
+#include <suit_plat_copy_domain_specific.h>
 
 #if CONFIG_SUIT_IPUC
 #include <suit_plat_ipuc.h>
@@ -33,53 +34,98 @@
 #include <suit_decrypt_filter.h>
 #endif /* CONFIG_SUIT_STREAM_FILTER_DECRYPT */
 
-LOG_MODULE_REGISTER(suit_plat_copy, CONFIG_SUIT_LOG_LEVEL);
+LOG_MODULE_DECLARE(suit_plat_copy, CONFIG_SUIT_LOG_LEVEL);
 
-int suit_plat_check_copy(suit_component_t dst_handle, suit_component_t src_handle,
-			 struct zcbor_string *manifest_component_id,
-			 struct suit_encryption_info *enc_info)
+#ifdef CONFIG_SUIT_STREAM
+static bool
+decode_supported_soc_specific_component(suit_component_t handle,
+					suit_secure_domain_component_number_t *soc_component)
+{
+	struct zcbor_string *component_id = NULL;
+	uint32_t component_number = 0;
+	suit_plat_err_t plat_ret;
+	int ret;
+
+	ret = suit_plat_component_id_get(handle, &component_id);
+	if (ret != SUIT_SUCCESS) {
+		LOG_ERR("Failed to get component ID: %d", ret);
+		return false;
+	}
+
+	plat_ret = suit_plat_decode_component_number(component_id, &component_number);
+	if (plat_ret != SUIT_PLAT_SUCCESS) {
+		LOG_ERR("Failed to decode SOC specific component number: %d", plat_ret);
+		ret = suit_plat_err_to_processor_err_convert(plat_ret);
+		return false;
+	}
+
+	*soc_component = (suit_secure_domain_component_number_t)component_number;
+
+	if ((*soc_component) != SUIT_SECDOM_COMPONENT_NUMBER_SDFW &&
+	    (*soc_component) != SUIT_SECDOM_COMPONENT_NUMBER_SDFW_RECOVERY) {
+		LOG_ERR("Unsupported SOC specific component type: %d", *soc_component);
+		return false;
+	}
+
+	return true;
+}
+#endif /* CONFIG_SUIT_STREAM */
+
+bool suit_plat_copy_domain_specific_is_type_supported(suit_component_type_t dst_component_type,
+						      suit_component_type_t src_component_type)
 {
 #ifdef CONFIG_SUIT_STREAM
+	/* Check if destination component type is supported */
+	if ((dst_component_type != SUIT_COMPONENT_TYPE_MEM) &&
+	    (dst_component_type != SUIT_COMPONENT_TYPE_SOC_SPEC)) {
+		return false;
+	}
+
+	/* Check if source component type is supported */
+	if ((src_component_type != SUIT_COMPONENT_TYPE_MEM) &&
+	    (src_component_type != SUIT_COMPONENT_TYPE_CAND_IMG)) {
+		return false;
+	}
+
+	return true;
+#else  /* CONFIG_SUIT_STREAM */
+	return false;
+#endif /* CONFIG_SUIT_STREAM */
+}
+
+int suit_plat_check_copy_domain_specific(suit_component_t dst_handle,
+					 suit_component_type_t dst_component_type,
+					 suit_component_t src_handle,
+					 suit_component_type_t src_component_type,
+					 struct zcbor_string *manifest_component_id,
+					 struct suit_encryption_info *enc_info)
+{
+#ifdef CONFIG_SUIT_STREAM
+	suit_secure_domain_component_number_t soc_component = 0;
 	struct stream_sink dst_sink;
 #ifdef CONFIG_SUIT_STREAM_SOURCE_MEMPTR
 	const uint8_t *payload_ptr;
 	size_t payload_size;
 #endif /* CONFIG_SUIT_STREAM_SOURCE_MEMPTR */
-	suit_component_type_t src_component_type = SUIT_COMPONENT_TYPE_UNSUPPORTED;
-	suit_component_type_t dst_component_type = SUIT_COMPONENT_TYPE_UNSUPPORTED;
 	suit_plat_err_t plat_ret = SUIT_PLAT_SUCCESS;
 	int ret = SUIT_SUCCESS;
 
 	/*
 	 * Validate streaming operation.
 	 */
 
-	/* Get destination component type based on component handle*/
-	ret = suit_plat_component_type_get(dst_handle, &dst_component_type);
-	if (ret != SUIT_SUCCESS) {
-		LOG_ERR("Failed to decode destination component type");
-		return ret;
-	}
-
-	/* Check if destination component type is supported */
-	if ((dst_component_type != SUIT_COMPONENT_TYPE_MEM) &&
-	    (dst_component_type != SUIT_COMPONENT_TYPE_SOC_SPEC)) {
-		LOG_ERR("Unsupported destination component type");
+	if (!suit_plat_copy_domain_specific_is_type_supported(dst_component_type,
+							      src_component_type)) {
+		LOG_ERR("Unsupported component type pair: (dst: %d, src: %d)", dst_component_type,
+			src_component_type);
 		return SUIT_ERR_UNSUPPORTED_COMPONENT_ID;
 	}
 
-	/* Get source component type based on component handle*/
-	ret = suit_plat_component_type_get(src_handle, &src_component_type);
-	if (ret != SUIT_SUCCESS) {
-		LOG_ERR("Failed to decode source component type");
-		return ret;
-	}
-
-	/* Check if source component type is supported */
-	if ((src_component_type != SUIT_COMPONENT_TYPE_MEM) &&
-	    (src_component_type != SUIT_COMPONENT_TYPE_CAND_IMG)) {
-		LOG_ERR("Unsupported source component type");
-		return SUIT_ERR_UNSUPPORTED_COMPONENT_ID;
+	if (dst_component_type == SUIT_COMPONENT_TYPE_SOC_SPEC) {
+		if (!decode_supported_soc_specific_component(dst_handle, &soc_component)) {
+			LOG_ERR("Failed to decode SOC specific component");
+			return SUIT_ERR_UNSUPPORTED_COMPONENT_ID;
+		}
 	}
 
 	/*
@@ -146,77 +192,41 @@ int suit_plat_check_copy(suit_component_t dst_handle, suit_component_t src_handl
 #endif /* CONFIG_SUIT_STREAM */
 }
 
-int suit_plat_copy(suit_component_t dst_handle, suit_component_t src_handle,
-		   struct zcbor_string *manifest_component_id,
-		   struct suit_encryption_info *enc_info)
+int suit_plat_copy_domain_specific(suit_component_t dst_handle,
+				   suit_component_type_t dst_component_type,
+				   suit_component_t src_handle,
+				   suit_component_type_t src_component_type,
+				   struct zcbor_string *manifest_component_id,
+				   struct suit_encryption_info *enc_info)
 {
 #ifdef CONFIG_SUIT_STREAM
+	suit_secure_domain_component_number_t soc_component = 0;
 	struct stream_sink dst_sink;
-	uint32_t soc_spec_number = 0;
 #ifdef CONFIG_SUIT_STREAM_SOURCE_MEMPTR
 	const uint8_t *payload_ptr;
 	size_t payload_size;
 #endif /* CONFIG_SUIT_STREAM_SOURCE_MEMPTR */
-	suit_component_type_t src_component_type = SUIT_COMPONENT_TYPE_UNSUPPORTED;
-	suit_component_type_t dst_component_type = SUIT_COMPONENT_TYPE_UNSUPPORTED;
 	suit_plat_err_t plat_ret = SUIT_PLAT_SUCCESS;
 	int ret = SUIT_SUCCESS;
 
 	/*
 	 * Validate streaming operation.
 	 */
 
-	/* Get destination component type based on component handle*/
-	ret = suit_plat_component_type_get(dst_handle, &dst_component_type);
-	if (ret != SUIT_SUCCESS) {
-		LOG_ERR("Failed to decode destination component type");
-		return ret;
-	}
-
-	/* Check if destination component type is supported */
-	if ((dst_component_type != SUIT_COMPONENT_TYPE_MEM) &&
-	    (dst_component_type != SUIT_COMPONENT_TYPE_SOC_SPEC)) {
-		LOG_ERR("Unsupported destination component type");
+	if (!suit_plat_copy_domain_specific_is_type_supported(dst_component_type,
+							      src_component_type)) {
+		LOG_ERR("Unsupported component type pair: (dst: %d, src: %d)", dst_component_type,
+			src_component_type);
 		return SUIT_ERR_UNSUPPORTED_COMPONENT_ID;
 	}
 
 	if (dst_component_type == SUIT_COMPONENT_TYPE_SOC_SPEC) {
-		struct zcbor_string *component_id = NULL;
-
-		ret = suit_plat_component_id_get(dst_handle, &component_id);
-		if (ret != SUIT_SUCCESS) {
-			LOG_ERR("suit_plat_component_id_get failed - error %i", ret);
-			return ret;
-		}
-
-		plat_ret = suit_plat_decode_component_number(component_id, &soc_spec_number);
-		if (plat_ret != SUIT_PLAT_SUCCESS) {
-			LOG_ERR("suit_plat_decode_component_number failed - error %i", plat_ret);
-			ret = suit_plat_err_to_processor_err_convert(plat_ret);
-			return ret;
-		}
-
-		if (soc_spec_number != SUIT_SECDOM_COMPONENT_NUMBER_SDFW &&
-		    soc_spec_number != SUIT_SECDOM_COMPONENT_NUMBER_SDFW_RECOVERY) {
-			LOG_ERR("Unsupported destination component type");
+		if (!decode_supported_soc_specific_component(dst_handle, &soc_component)) {
+			LOG_ERR("Failed to decode SOC specific component");
 			return SUIT_ERR_UNSUPPORTED_COMPONENT_ID;
 		}
 	}
 
-	/* Get source component type based on component handle*/
-	ret = suit_plat_component_type_get(src_handle, &src_component_type);
-	if (ret != SUIT_SUCCESS) {
-		LOG_ERR("Failed to decode source component type");
-		return ret;
-	}
-
-	/* Check if source component type is supported */
-	if ((src_component_type != SUIT_COMPONENT_TYPE_MEM) &&
-	    (src_component_type != SUIT_COMPONENT_TYPE_CAND_IMG)) {
-		LOG_ERR("Unsupported source component type");
-		return SUIT_ERR_UNSUPPORTED_COMPONENT_ID;
-	}
-
 	/*
 	 * Construct the stream.
 	 */
@@ -295,8 +305,8 @@ int suit_plat_copy(suit_component_t dst_handle, suit_component_t src_handle,
 	}
 
 	if (ret == SUIT_SUCCESS && dst_component_type == SUIT_COMPONENT_TYPE_SOC_SPEC &&
-	    (soc_spec_number == SUIT_SECDOM_COMPONENT_NUMBER_SDFW ||
-	     soc_spec_number == SUIT_SECDOM_COMPONENT_NUMBER_SDFW_RECOVERY)) {
+	    (soc_component == SUIT_SECDOM_COMPONENT_NUMBER_SDFW ||
+	     soc_component == SUIT_SECDOM_COMPONENT_NUMBER_SDFW_RECOVERY)) {
 		uintptr_t sdfw_update_area_addr = 0;
 		size_t sdfw_update_area_size = 0;