Merge pull request #662 from danielinux/zephyr-psa

zephyr integration as TEE.

Author: dgarske

.gitmodules

@@ -10,3 +10,6 @@
 [submodule "lib/wolfHSM"]
 	path = lib/wolfHSM
 	url = https://github.com/wolfssl/wolfhsm.git
+[submodule "lib/wolfPSA"]
+	path = lib/wolfPSA
+	url = [email protected]:wolfSSL/wolfPSA.git

Makefile

@@ -140,18 +140,21 @@ endif
 WOLFBOOT_LIB_WOLFSSL?=lib/wolfssl
 WOLFBOOT_LIB_WOLFTPM?=lib/wolfTPM
 WOLFBOOT_LIB_WOLFPKCS11?=lib/wolfPKCS11
+WOLFBOOT_LIB_WOLFPSA?=lib/wolfPSA
 WOLFBOOT_LIB_WOLFHSM?=lib/wolfHSM
 
 # Convert to absolute paths using abspath function
 WOLFBOOT_LIB_WOLFSSL:=$(abspath $(WOLFBOOT_LIB_WOLFSSL))
 WOLFBOOT_LIB_WOLFTPM:=$(abspath $(WOLFBOOT_LIB_WOLFTPM))
 WOLFBOOT_LIB_WOLFPKCS11:=$(abspath $(WOLFBOOT_LIB_WOLFPKCS11))
+WOLFBOOT_LIB_WOLFPSA:=$(abspath $(WOLFBOOT_LIB_WOLFPSA))
 WOLFBOOT_LIB_WOLFHSM:=$(abspath $(WOLFBOOT_LIB_WOLFHSM))
 
 # Export variables so they are available to sub-makefiles
 export WOLFBOOT_LIB_WOLFSSL
 export WOLFBOOT_LIB_WOLFTPM
 export WOLFBOOT_LIB_WOLFPKCS11
+export WOLFBOOT_LIB_WOLFPSA
 export WOLFBOOT_LIB_WOLFHSM
 
 ## Architecture/CPU configuration
@@ -169,6 +172,7 @@ CFLAGS+= \
   -Wno-array-bounds \
   -D"WOLFSSL_USER_SETTINGS" \
   -D"WOLFTPM_USER_SETTINGS"
+CFLAGS+=$(WOLFPSA_CFLAGS)
 
 # Setup default optimizations (for GCC)
 ifeq ($(USE_GCC_HEADLESS),1)

config/examples/stm32h5-tz-psa.config

@@ -0,0 +1,35 @@
+ARCH?=ARM
+TZEN?=1
+TARGET?=stm32h5
+SIGN?=ECC256
+HASH?=SHA256
+DEBUG?=0
+VTOR?=1
+CORTEX_M0?=0
+CORTEX_M33?=1
+NO_ASM?=0
+NO_MPU=1
+EXT_FLASH?=0
+SPI_FLASH?=0
+ALLOW_DOWNGRADE?=0
+NVM_FLASH_WRITEONCE?=1
+WOLFBOOT_VERSION?=1
+V?=0
+SPMATH?=1
+RAM_CODE?=1
+DUALBANK_SWAP?=0
+WOLFBOOT_PARTITION_SIZE?=0xA0000
+WOLFBOOT_SECTOR_SIZE?=0x2000
+WOLFBOOT_KEYVAULT_ADDRESS?=0x0C040000
+WOLFBOOT_KEYVAULT_SIZE?=0x1C000
+WOLFBOOT_NSC_ADDRESS?=0x0C05C000
+WOLFBOOT_NSC_SIZE?=0x4000
+WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x08060000
+WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x0C100000
+WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x0C1A0000
+FLAGS_HOME=0
+DISABLE_BACKUP=0
+WOLFCRYPT_TZ=1
+WOLFCRYPT_TZ_PSA=1
+IMAGE_HEADER_SIZE?=1024
+ARMORED=1

docs/STM32-TZ.md

@@ -27,6 +27,12 @@ non-secure domain can access wolfCrypt through a standard PKCS11 interface and
 use the crypto library with pre-provisioned keys that are never exposed to the
 non-secure domain.
 
+### PSA Crypto API in non-secure world
+
+The `WOLFCRYPT_TZ_PSA` option provides a standard PSA Crypto interface using
+wolfPSA in the secure domain. The key storage uses the same secure flash
+keystore backend as PKCS11, exposed through the wolfPSA store API.
+
 ### Image header size
 
 The `IMAGE_HEADER_SIZE` option has to be carefully tuned to accommodate for the

docs/Targets.md

@@ -208,7 +208,7 @@ SECWM2_STRT=0x1  SECWM2_END=0x0   No page of internal Flash Bank2 set as secure,
 This is similar to Scenario 1, but also includes wolfCrypt in secure mode, and
 that can be accessed via PKCS11 interface by non-secure applications.
 
-This option can be enabled with the `WOLFCRYPT_TZ=1` and `WOLFCRYPT_TZ_PKCS11=1`
+This option can be enabled with `WOLFCRYPT_TZ=1` and `WOLFCRYPT_TZ_PKCS11=1` or `WOLFCRYPT_TZ_PSA=1`
 options in your configuration. This enables a PKCS11 accessible from NS domain via
 non-secure callables (NSC).
 
@@ -349,7 +349,7 @@ SECWM2_STRT=0x1  SECWM2_END=0x0   No page of internal Flash Bank2 set as secure,
 This is similar to Scenario 1, but also includes wolfCrypt in secure mode, and
 that can be accessed via PKCS11 interface by non-secure applications.
 
-This option can be enabled with the `WOLFCRYPT_TZ=1` and `WOLFCRYPT_TZ_PKCS11=1`
+This option can be enabled with `WOLFCRYPT_TZ=1` and `WOLFCRYPT_TZ_PKCS11=1` or `WOLFCRYPT_TZ_PSA=1`
 options in your configuration. This enables a PKCS11 accessible from NS domain via
 non-secure callables (NSC).
 
@@ -1337,6 +1337,7 @@ SRAM memories into two parts:
 
 The example configuration for this scenario is available in [/config/examples/stm32h5.config](/config/examples/stm32h5.config).
 
+
 #### How to use it
 
 - set the option bytes to enable trustzone:
@@ -1372,7 +1373,7 @@ STM32_Programmer_CLI -c port=swd -d update.bin 0x0C100000
 This is similar to Scenario 1, but also includes wolfCrypt in secure mode, and
 that can be accessed via PKCS11 interface by non-secure applications.
 
-This option can be enabled with the `WOLFCRYPT_TZ=1` and `WOLFCRYPT_TZ_PKCS11=1`
+This option can be enabled with `WOLFCRYPT_TZ=1` and `WOLFCRYPT_TZ_PKCS11=1` or `WOLFCRYPT_TZ_PSA=1`
 options in your configuration. This enables a PKCS11 accessible from NS domain via
 non-secure callables (NSC).
 
@@ -1424,6 +1425,11 @@ STM32_Programmer_CLI -c port=swd -d test-app/image_v3_signed.bin 0x08160000
 Reboot the board to initiate an update via DUALBANK hw-assisted swap.
 Any version except the first one will also turn on the orange LED.
 
+### Scenario 4: Replace TF-M with wolfBoot in Zephyr
+
+For a full Zephyr integration walkthrough (build + flash), see:
+[/zephyr/README.md](/zephyr/README.md)
+
 ### STM32H5 Debugging
 
 

docs/compile.md

@@ -354,6 +354,7 @@ Available overrides:
 - `WOLFBOOT_LIB_WOLFSSL`: Path to the [wolfSSL](https://github.com/wolfSSL/wolfssl) library source code
 - `WOLFBOOT_LIB_WOLFTPM`: Path to the [wolfTPM](https://github.com/wolfSSL/wolfTPM) library source code
 - `WOLFBOOT_LIB_WOLFPKCS11`: Path to the [wolfPKCS11](https://github.com/wolfssl/wolfpkcs11) library source code
+- `WOLFBOOT_LIB_WOLFPSA`: Path to the wolfPSA library source code
 - `WOLFBOOT_LIB_WOLFHSM`: Path to the [wolfHSM](https://github.com/wolfSSL/wolfHSM) library source code
 
 ## Key Generation and Signing

include/user_settings.h

@@ -367,6 +367,32 @@ extern int tolower(int c);
 #   define HAVE_AESGCM
 #   define HAVE_PKCS8
 #endif
+
+#if defined(WOLFCRYPT_TZ_PSA)
+#   define WOLFSSL_AES_COUNTER
+#   define WOLFSSL_AES_GCM
+#   define HAVE_AESGCM
+#   define HAVE_AESCCM
+#   define HAVE_AES_ECB
+#   define WOLFSSL_AES_CFB
+#   define WOLFSSL_AES_OFB
+#   define WOLFSSL_DES3
+#   define WOLFSSL_DES_ECB
+#   define HAVE_CHACHA
+#   define HAVE_POLY1305
+#   define WOLFSSL_CMAC
+#   define WOLFSSL_ECDSA_DETERMINISTIC_K
+#   define WOLFSSL_HAVE_PRF
+#   define HAVE_HKDF
+#   define HAVE_PBKDF2
+#   define HAVE_PWDBASED
+#   define WOLFSSL_KEY_GEN
+#   define WC_RSA_PSS
+#   define WOLFSSL_PSS_SALT_LEN_DISCOVER
+#   define WOLFSSL_RSA_OAEP
+#   define HAVE_ECC_KEY_EXPORT
+#   define HAVE_ECC_KEY_IMPORT
+#endif
 /* PKCS11 for wolfBoot is always static */
 #define HAVE_PKCS11_STATIC
 
@@ -502,6 +528,12 @@ extern int tolower(int c);
 #define NO_CRYPT_TEST
 #define NO_CRYPT_BENCHMARK
 
+#if defined(WOLFCRYPT_TZ_PSA)
+#undef NO_CMAC
+#undef NO_DES3
+#undef NO_KDF
+#endif
+
 #ifdef __QNX__
 #   define WOLFSSL_HAVE_MIN
 #   define WOLFSSL_HAVE_MAX
@@ -524,7 +556,8 @@ extern int tolower(int c);
 #       define WOLFSSL_SP_NO_MALLOC
 #       define WOLFSSL_SP_NO_DYN_STACK
 #   endif
-#   if !defined(SECURE_PKCS11) && !defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER)
+#   if !defined(SECURE_PKCS11) && !defined(WOLFCRYPT_TZ_PSA) && \
+       !defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER)
 #       define NO_WOLFSSL_MEMORY
 #       define WOLFSSL_NO_MALLOC
 #   endif

include/wolfboot/arm_tee_api.h

@@ -0,0 +1,97 @@
+/* arm_tee_api.h
+ *
+ * ARM TEE style PSA client veneers for Zephyr integration.
+ *
+ * Copyright (C) 2025 wolfSSL Inc.
+ *
+ * This file is part of wolfBoot.
+ *
+ * wolfBoot is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ */
+
+#ifndef WOLFBOOT_ARM_TEE_API_H
+#define WOLFBOOT_ARM_TEE_API_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Provide minimal PSA client types if PSA client headers are unavailable. */
+#ifndef __PSA_CLIENT_H__
+typedef int32_t psa_handle_t;
+typedef struct psa_invec {
+    const void *base;
+    size_t len;
+} psa_invec;
+typedef struct psa_outvec {
+    void *base;
+    size_t len;
+} psa_outvec;
+#endif
+
+#ifndef PSA_ERROR_INVALID_ARGUMENT
+#define PSA_ERROR_INVALID_ARGUMENT ((int32_t)-132)
+#endif
+#ifndef PSA_ERROR_NOT_SUPPORTED
+#define PSA_ERROR_NOT_SUPPORTED ((int32_t)-138)
+#endif
+
+/* Pack extra args to keep veneers <= 4 args (ARM TEE style). */
+#define WOLFBOOT_ARM_TEE_TYPE_MASK      0xFFFFUL
+#define WOLFBOOT_ARM_TEE_IN_LEN_OFFSET  24
+#define WOLFBOOT_ARM_TEE_IN_LEN_MASK    (0x7UL << WOLFBOOT_ARM_TEE_IN_LEN_OFFSET)
+#define WOLFBOOT_ARM_TEE_OUT_LEN_OFFSET 16
+#define WOLFBOOT_ARM_TEE_OUT_LEN_MASK   (0x7UL << WOLFBOOT_ARM_TEE_OUT_LEN_OFFSET)
+
+#define WOLFBOOT_ARM_TEE_PARAM_PACK(type, in_len, out_len)                \
+    ((((uint32_t)(type)) & WOLFBOOT_ARM_TEE_TYPE_MASK)                  | \
+     ((((uint32_t)(in_len)) << WOLFBOOT_ARM_TEE_IN_LEN_OFFSET) &         \
+      WOLFBOOT_ARM_TEE_IN_LEN_MASK)                                    | \
+     ((((uint32_t)(out_len)) << WOLFBOOT_ARM_TEE_OUT_LEN_OFFSET) &       \
+      WOLFBOOT_ARM_TEE_OUT_LEN_MASK))
+
+#define WOLFBOOT_ARM_TEE_PARAM_UNPACK_TYPE(ctrl_param)                   \
+    ((int32_t)(int16_t)((ctrl_param) & WOLFBOOT_ARM_TEE_TYPE_MASK))
+#define WOLFBOOT_ARM_TEE_PARAM_UNPACK_IN_LEN(ctrl_param)                 \
+    ((size_t)(((ctrl_param) & WOLFBOOT_ARM_TEE_IN_LEN_MASK) >>           \
+              WOLFBOOT_ARM_TEE_IN_LEN_OFFSET))
+#define WOLFBOOT_ARM_TEE_PARAM_UNPACK_OUT_LEN(ctrl_param)                \
+    ((size_t)(((ctrl_param) & WOLFBOOT_ARM_TEE_OUT_LEN_MASK) >>          \
+              WOLFBOOT_ARM_TEE_OUT_LEN_OFFSET))
+
+#if defined(__ARM_FEATURE_CMSE) && defined(__GNUC__)
+#define WOLFBOOT_CMSE_NS_ENTRY __attribute__((cmse_nonsecure_entry))
+#else
+#define WOLFBOOT_CMSE_NS_ENTRY
+#endif
+
+/* Secure-side NSC veneers expected by Zephyr ARM TEE client. */
+uint32_t WOLFBOOT_CMSE_NS_ENTRY arm_tee_psa_framework_version_veneer(void);
+uint32_t WOLFBOOT_CMSE_NS_ENTRY arm_tee_psa_version_veneer(uint32_t sid);
+psa_handle_t WOLFBOOT_CMSE_NS_ENTRY arm_tee_psa_connect_veneer(uint32_t sid,
+                                                          uint32_t version);
+int32_t WOLFBOOT_CMSE_NS_ENTRY arm_tee_psa_call_veneer(psa_handle_t handle,
+    uint32_t ctrl_param,
+    const psa_invec *in_vec, psa_outvec *out_vec);
+void WOLFBOOT_CMSE_NS_ENTRY arm_tee_psa_close_veneer(psa_handle_t handle);
+
+/* Backing PSA IPC hooks (override in secure code). */
+uint32_t arm_tee_psa_framework_version(void);
+uint32_t arm_tee_psa_version(uint32_t sid);
+psa_handle_t arm_tee_psa_connect(uint32_t sid, uint32_t version);
+int32_t arm_tee_psa_call(psa_handle_t handle, int32_t type,
+    const psa_invec *in_vec, size_t in_len,
+    psa_outvec *out_vec, size_t out_len);
+void arm_tee_psa_close(psa_handle_t handle);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* WOLFBOOT_ARM_TEE_API_H */

lib/wolfPSA

@@ -681,6 +681,12 @@ ifeq ($(WOLFBOOT_HUGE_STACK),1)
   CFLAGS+=-DWOLFBOOT_HUGE_STACK
 endif
 
+ifeq ($(WOLFCRYPT_TZ_PKCS11),1)
+  ifeq ($(WOLFCRYPT_TZ_PSA),1)
+    $(error WOLFCRYPT_TZ_PKCS11 and WOLFCRYPT_TZ_PSA are mutually exclusive)
+  endif
+endif
+
 ifeq ($(WOLFCRYPT_TZ_PKCS11),1)
   CFLAGS+=-DSECURE_PKCS11
   CFLAGS+=-DWOLFSSL_PKCS11_RW_TOKENS
@@ -725,6 +731,51 @@ ifeq ($(WOLFCRYPT_TZ_PKCS11),1)
   endif
 endif
 
+ifeq ($(WOLFCRYPT_TZ_PSA),1)
+  CFLAGS+=-DWOLFCRYPT_TZ_PSA
+  CFLAGS+=-DWOLFSSL_PSA_ENGINE
+  CFLAGS+=-DWOLFPSA_CUSTOM_STORE
+  WOLFPSA_CFLAGS+=-I$(WOLFBOOT_LIB_WOLFPSA)
+  WOLFPSA_CFLAGS+=-I$(WOLFBOOT_LIB_WOLFPSA)/wolfpsa
+  LDFLAGS+=--specs=nano.specs
+  WOLFCRYPT_OBJS+=src/psa_store.o
+  WOLFCRYPT_OBJS+=src/arm_tee_psa_veneer.o
+  WOLFCRYPT_OBJS+=src/arm_tee_psa_ipc.o
+  WOLFCRYPT_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/pwdbased.o
+  WOLFCRYPT_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/hmac.o
+  WOLFCRYPT_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/dh.o
+  ifeq ($(findstring random.o,$(WOLFCRYPT_OBJS)),)
+    WOLFCRYPT_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/random.o
+  endif
+  WOLFPSA_SRCS := $(filter-out $(WOLFBOOT_LIB_WOLFPSA)/src/psa_store_posix.c, \
+    $(wildcard $(WOLFBOOT_LIB_WOLFPSA)/src/*.c))
+  WOLFPSA_OBJS := $(patsubst %.c,%.o,$(WOLFPSA_SRCS))
+  WOLFCRYPT_OBJS+=$(WOLFPSA_OBJS)
+  STACK_USAGE=16688
+  ifneq ($(ENCRYPT),1)
+      WOLFCRYPT_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/aes.o
+  endif
+  ifeq ($(findstring RSA,$(SIGN)),)
+  ifeq ($(findstring RSA,$(SIGN_SECONDARY)),)
+      WOLFCRYPT_OBJS+=$(RSA_OBJS)
+  endif
+  endif
+  ifeq ($(findstring ECC,$(SIGN)),)
+  ifeq ($(findstring ECC,$(SIGN_SECONDARY)),)
+      WOLFCRYPT_OBJS+=$(ECC_OBJS)
+  endif
+  endif
+  ifeq ($(findstring ECC,$(SIGN)),)
+  ifeq ($(findstring ECC,$(SIGN_SECONDARY)),)
+  ifeq ($(findstring RSA,$(SIGN)),)
+  ifeq ($(findstring RSA,$(SIGN_SECONDARY)),)
+	  WOLFCRYPT_OBJS+=$(MATH_OBJS)
+  endif
+  endif
+  endif
+  endif
+endif
+
 OBJS+=$(PUBLIC_KEY_OBJS)
 ifneq ($(STAGE1),1)
   OBJS+=$(UPDATE_OBJS)
@@ -762,12 +813,14 @@ ifeq ($(WOLFTPM),1)
     endif
   endif
   ifneq ($(WOLFCRYPT_TZ_PKCS11),1)
+  ifneq ($(WOLFCRYPT_TZ_PSA),1)
     ifneq ($(ENCRYPT),1)
       WOLFCRYPT_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/aes.o
     endif
     WOLFCRYPT_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/hmac.o
     WOLFCRYPT_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/random.o
   endif
+  endif
   ifeq ($(DEBUG),1)
     CFLAGS+=-DWOLFBOOT_DEBUG_TPM=1
   endif