boards: st: nucleo_u5a5zj_q: Import TF-M code

Signed-off-by: BUDKE Gerson Fernando <[email protected]>

Author: nandojve

boards/st/nucleo_u5a5zj_q/tfm/CMakeLists.txt

@@ -0,0 +1,80 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2020, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+set(NUCLEO_U5A5ZJ_Q_DIR ${CMAKE_CURRENT_LIST_DIR})
+set(STM_COMMON_DIR ${PLATFORM_DIR}/ext/target/stm/common)
+
+include(${STM_COMMON_DIR}/stm32u5xx/CMakeLists.txt)
+
+#========================= Platform defs ===============================#
+
+# Specify the location of platform specific build dependencies.
+target_sources(tfm_s
+    PRIVATE
+        ${STM_COMMON_DIR}/stm32u5xx/Device/Source/startup_stm32u5xx_s.c
+)
+
+# cpuarch.cmake is used to set things that related to the platform that are both
+install(FILES
+    ${TARGET_PLATFORM_PATH}/cpuarch.cmake
+    DESTINATION ${INSTALL_PLATFORM_NS_DIR}
+)
+
+install(FILES
+    ${STM_COMMON_DIR}/stm32u5xx/Device/Source/startup_stm32u5xx_ns.c
+    DESTINATION ${INSTALL_PLATFORM_NS_DIR}/Device/Source
+)
+
+install(DIRECTORY
+    ${TARGET_PLATFORM_PATH}/ns/
+    DESTINATION ${INSTALL_PLATFORM_NS_DIR}
+)
+
+install(DIRECTORY
+    ${TARGET_PLATFORM_PATH}/include
+    DESTINATION ${INSTALL_PLATFORM_NS_DIR}
+)
+
+install(FILES
+    ${TARGET_PLATFORM_PATH}/accelerator/crypto_accelerator_config.h
+    DESTINATION ${INSTALL_PLATFORM_NS_DIR}/include
+)
+
+install(DIRECTORY
+    ${STM_COMMON_DIR}/hal/accelerator/
+    DESTINATION ${INSTALL_PLATFORM_NS_DIR}/include
+    FILES_MATCHING PATTERN "*.h"
+)
+
+install(FILES
+    ${NUCLEO_U5A5ZJ_Q_DIR}/partition/flash_layout.h
+    ${NUCLEO_U5A5ZJ_Q_DIR}/partition/region_defs.h
+    DESTINATION ${INSTALL_PLATFORM_NS_DIR}/partition
+)
+
+if(BL2)
+    target_sources(bl2
+        PRIVATE
+            ${STM_COMMON_DIR}/stm32u5xx/Device/Source/startup_stm32u5xx_bl2.c
+            ${STM_COMMON_DIR}/hal/provision/nvm_init.c
+            ${STM_COMMON_DIR}/hal/provision/nvmcnt_init.c
+            ${NUCLEO_U5A5ZJ_Q_DIR}/keys/otp_provision.c
+    )
+endif()
+#install flash layout for postbuild.sh
+install(FILES
+    ${NUCLEO_U5A5ZJ_Q_DIR}/partition/flash_layout.h
+    ${NUCLEO_U5A5ZJ_Q_DIR}/partition/region_defs.h
+    DESTINATION ${CMAKE_INSTALL_PREFIX}
+)
+set (BL2_FILE_TO_PREPROCESS ${CMAKE_CURRENT_BINARY_DIR}/image_macros_to_preprocess_bl2.c)
+file(WRITE ${BL2_FILE_TO_PREPROCESS} ${BL2_PREPROCESSING})
+
+install(FILES
+    ${BL2_FILE_TO_PREPROCESS}
+    DESTINATION ${CMAKE_INSTALL_PREFIX}
+)

boards/st/nucleo_u5a5zj_q/tfm/accelerator/CMakeLists.txt

@@ -0,0 +1,79 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2020-2024, Arm Limited. All rights reserved.
+# Copyright (c) 2021 STMicroelectronics. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+############################ Crypto Service ####################################
+
+if (TFM_PARTITION_CRYPTO)
+    target_sources(crypto_service_crypto_hw
+        PRIVATE
+            ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/rsa_alt.c
+            ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/ecdsa_alt.c
+            ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/gcm_alt.c
+            ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/aes_alt.c
+            ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/ccm_alt.c
+            ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/ecp_alt.c
+            ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/ecp_curves_alt.c
+            ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/sha1_alt.c
+            ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/sha256_alt.c
+            ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/stm.c
+    )
+
+    target_include_directories(crypto_service_crypto_hw
+        PRIVATE
+            ${PLATFORM_DIR}/ext/target/${TFM_PLATFORM}/accelerator/
+            ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/
+            ${PLATFORM_DIR}/ext/target/${TFM_PLATFORM}/include/
+            ${PLATFORM_DIR}/ext/target/stm/common/stm32u5xx/hal/Inc/
+            ${PLATFORM_DIR}/ext/target/stm/common/stm32u5xx/Device/Include/
+            ${PLATFORM_DIR}/include
+            ${CMAKE_BINARY_DIR}/generated
+            ${CMAKE_SOURCE_DIR}/interface/include
+    )
+    target_include_directories(crypto_service_mbedcrypto
+        PUBLIC
+            ${PLATFORM_DIR}/ext/target/${TFM_PLATFORM}/accelerator/
+            ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/
+            ${PLATFORM_DIR}/ext/target/${TFM_PLATFORM}/include/
+            ${PLATFORM_DIR}/ext/target/stm/common/stm32u5xx/hal/Inc/
+            ${PLATFORM_DIR}/ext/target/stm/common/stm32u5xx/Device/Include/
+    )
+
+    target_include_directories(psa_crypto_config
+        INTERFACE
+            $<BUILD_INTERFACE:${PLATFORM_DIR}/ext/target/${TFM_PLATFORM}/accelerator/>
+    )
+
+    target_compile_definitions(crypto_service_crypto_hw
+        PRIVATE
+            ST_HW_CONTEXT_SAVING
+            $<$<AND:$<BOOL:${TFM_PARTITION_PROTECTED_STORAGE}>,$<STREQUAL:${PS_CRYPTO_AEAD_ALG},PSA_ALG_GCM>>:BUILD_CRYPTO_TFM>
+        INTERFACE
+            $<$<AND:$<BOOL:${TFM_PARTITION_PROTECTED_STORAGE}>,$<STREQUAL:${PS_CRYPTO_AEAD_ALG},PSA_ALG_GCM>>:PSA_WANT_ALG_GCM>
+    )
+
+    target_link_libraries(crypto_service_crypto_hw
+        PRIVATE
+            crypto_service_mbedcrypto
+            platform_s
+            cmsis
+    )
+
+    target_link_libraries(crypto_service_mbedcrypto
+        PUBLIC
+            cmsis
+    )
+
+    target_link_libraries(platform_s
+        PRIVATE
+            crypto_service_crypto_hw
+    )
+    target_link_libraries(crypto_service_crypto_hw
+         INTERFACE
+            tfm_config
+    )
+endif()

boards/st/nucleo_u5a5zj_q/tfm/accelerator/crypto_accelerator_config.h

@@ -0,0 +1,77 @@
+/*
+ * Copyright (c) 2019-2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2021 STMicroelectronics. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef CRYPTO_ACCELERATOR_CONF_H
+#define CRYPTO_ACCELERATOR_CONF_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+/****************************************************************/
+/* Require built-in implementations based on PSA requirements */
+/****************************************************************/
+#ifdef PSA_USE_SE_ST
+/* secure element define */
+#define PSA_WANT_KEY_TYPE_AES
+#ifdef MBEDTLS_PSA_CRYPTO_C
+#define MBEDTLS_PSA_CRYPTO_SE_C
+#define MBEDTLS_CMAC_C
+#define MBEDTLS_CIPHER_MODE_CBC
+#endif
+
+#ifdef PSA_WANT_ALG_SHA_1
+#define MBEDTLS_SHA1_ALT
+#endif /* PSA_WANT_ALG_SHA_1 */
+
+#ifdef PSA_WANT_ALG_SHA_256
+#define MBEDTLS_SHA256_ALT
+#endif /* PSA_WANT_ALG_SHA_256 */
+
+#if defined(PSA_WANT_ALG_RSA_OAEP)			|| \
+	defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT)	|| \
+	defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)		|| \
+	defined(PSA_WANT_ALG_RSA_PSS)			|| \
+	defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)	|| \
+	defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
+#define MBEDTLS_RSA_ALT
+#endif
+
+#if defined(PSA_WANT_ALG_ECDH)				|| \
+	defined(PSA_WANT_ALG_ECDSA)			|| \
+	defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)	|| \
+	defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
+#define MBEDTLS_ECP_ALT
+#undef MBEDTLS_ECP_NIST_OPTIM
+#endif
+
+#ifdef PSA_WANT_ALG_CCM
+#define MBEDTLS_CCM_ALT
+#endif /* PSA_WANT_ALG_CCM */
+
+#ifdef PSA_WANT_KEY_TYPE_AES
+#define MBEDTLS_AES_ALT
+#endif /* PSA_WANT_KEY_TYPE_AES */
+
+#ifdef PSA_WANT_ALG_GCM
+#define MBEDTLS_GCM_ALT
+#endif /* PSA_WANT_ALG_GCM */
+
+#if defined(PSA_WANT_ALG_ECDSA)				||  \
+	defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
+#define MBEDTLS_ECDSA_VERIFY_ALT
+#define MBEDTLS_ECDSA_SIGN_ALT
+#endif
+
+#endif
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* CRYPTO_ACCELERATOR_CONF_H */

boards/st/nucleo_u5a5zj_q/tfm/accelerator/mbedtls_accelerator_config.h

@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 2019-2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2021 STMicroelectronics. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef MBEDTLS_ACCELERATOR_CONF_H
+#define MBEDTLS_ACCELERATOR_CONF_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+/* RNG Config */
+#undef MBEDTLS_ENTROPY_NV_SEED
+#undef MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+#define MBEDTLS_ENTROPY_C
+#define MBEDTLS_ENTROPY_HARDWARE_ALT
+
+#undef MBEDTLS_AES_SETKEY_DEC_ALT
+#undef MBEDTLS_AES_DECRYPT_ALT
+
+/* specific Define for platform hardware accelerator */
+#define GENERATOR_HW_PKA_EXTENDED_API
+#define GENERATOR_HW_CRYPTO_DPA_SUPPORTED
+#define HW_CRYPTO_DPA_AES
+#define HW_CRYPTO_DPA_GCM
+
+/****************************************************************/
+/* Infer PSA requirements from Mbed TLS capabilities */
+/****************************************************************/
+#ifndef MBEDTLS_PSA_CRYPTO_CONFIG
+
+#ifdef MBEDTLS_SHA1_C
+#define MBEDTLS_SHA1_ALT
+#endif /* MBEDTLS_SHA1_C */
+
+#ifdef MBEDTLS_SHA256_C
+#define MBEDTLS_SHA256_ALT
+#endif /* MBEDTLS_SHA256_C */
+
+#ifdef MBEDTLS_RSA_C
+#define MBEDTLS_RSA_ALT
+#endif /* MBEDTLS_RSA_C */
+
+#if defined(MBEDTLS_ECP_C)
+#define MBEDTLS_ECP_ALT
+#undef MBEDTLS_ECP_NIST_OPTIM
+/*#define MBEDTLS_MD5_ALT*/
+#endif /* MBEDTLS_ECP_C && MBEDTLS_MD_C */
+
+#ifdef MBEDTLS_CCM_C
+#define MBEDTLS_CCM_ALT
+#endif /* MBEDTLS_CCM_C */
+
+#ifdef MBEDTLS_AES_C
+#define MBEDTLS_AES_ALT
+#endif /* MBEDTLS_AES_C */
+
+#ifdef MBEDTLS_GCM_C
+#define MBEDTLS_GCM_ALT
+#endif /* MBEDTLS_GCM_C */
+
+#ifdef MBEDTLS_ECDSA_C
+#define MBEDTLS_ECDSA_VERIFY_ALT
+#define MBEDTLS_ECDSA_SIGN_ALT
+#endif /* MBEDTLS_ECDSA_C */
+
+/* secure element define */
+#ifdef MBEDTLS_PSA_CRYPTO_C
+#ifdef PSA_USE_SE_ST
+#define MBEDTLS_PSA_CRYPTO_SE_C
+#define MBEDTLS_CMAC_C
+#define MBEDTLS_CIPHER_MODE_CBC
+#endif
+#endif
+
+#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* MBEDTLS_ACCELERATOR_CONF_H */

boards/st/nucleo_u5a5zj_q/tfm/config.cmake

@@ -0,0 +1,53 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2020-2023, Arm Limited. All rights reserved.
+# Copyright (c) 2021 STMicroelectronics. All rights reserved.
+# Copyright (c) 2022 Cypress Semiconductor Corporation (an Infineon company)
+# or an affiliate of Cypress Semiconductor Corporation. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+################################## BL2 #########################################################################################################
+set(MCUBOOT_IMAGE_NUMBER                   2           CACHE STRING    "Whether to combine S and NS into either 1 image, or sign each separately")
+set(BL2_TRAILER_SIZE                       0x9000      CACHE STRING    "Trailer size")
+set(MCUBOOT_ALIGN_VAL                      16          CACHE STRING    "Align option to build image with imgtool")
+set(MCUBOOT_UPGRADE_STRATEGY      "SWAP_USING_SCRATCH" CACHE STRING    "Upgrade strategy for images")
+set(TFM_PARTITION_PLATFORM                 ON          CACHE BOOL      "Enable platform partition")
+set(MCUBOOT_CONFIRM_IMAGE                  ON          CACHE BOOL      "Whether to confirm the image if REVERT is supported in MCUboot")
+set(MCUBOOT_BOOTSTRAP                      ON          CACHE BOOL      "Allow initial state with images in secondary slots(empty primary slots)")
+set(MCUBOOT_ENC_IMAGES                     ON          CACHE BOOL      "Enable encrypted image upgrade support")
+set(MCUBOOT_ENCRYPT_RSA                    ON          CACHE BOOL      "Use RSA for encrypted image upgrade support")
+set(MCUBOOT_DATA_SHARING                   ON          CACHE BOOL      "Enable Data Sharing")
+cmake_path(NORMAL_PATH MCUBOOT_KEY_S)
+cmake_path(NORMAL_PATH MCUBOOT_KEY_NS)
+cmake_path(GET MCUBOOT_KEY_S PARENT_PATH MCUBOOT_KEY_PATH)
+set(MCUBOOT_KEY_ENC "${MCUBOOT_KEY_PATH}/rsa-2048-public-bl2.pem" CACHE FILEPATH "Path to key with which to encrypt binary")
+
+################################## Dependencies ################################################################################################
+set(TFM_PARTITION_INTERNAL_TRUSTED_STORAGE ON          CACHE BOOL      "Enable Internal Trusted Storage partition")
+set(TFM_PARTITION_CRYPTO                   ON          CACHE BOOL      "Enable Crypto partition")
+set(CRYPTO_HW_ACCELERATOR                  ON          CACHE BOOL      "Whether to enable the crypto hardware accelerator on supported platforms")
+set(MBEDCRYPTO_BUILD_TYPE                  minsizerel  CACHE STRING    "Build type of Mbed Crypto library")
+set(TFM_DUMMY_PROVISIONING                 OFF         CACHE BOOL      "Provision with dummy values. NOT to be used in production")
+set(PLATFORM_DEFAULT_OTP_WRITEABLE         OFF         CACHE BOOL      "Use on chip flash with write support")
+set(PLATFORM_DEFAULT_NV_COUNTERS           OFF         CACHE BOOL      "Use default nv counter implementation.")
+set(PS_CRYPTO_AEAD_ALG                     PSA_ALG_GCM CACHE STRING    "The AEAD algorithm to use for authenticated encryption in Protected Storage")
+set(MCUBOOT_FIH_PROFILE                    LOW         CACHE STRING    "Fault injection hardening profile [OFF, LOW, MEDIUM, HIGH]")
+
+################################## Platform-specific configurations ############################################################################
+set(CONFIG_TFM_USE_TRUSTZONE               ON          CACHE BOOL      "Use TrustZone")
+set(TFM_MULTI_CORE_TOPOLOGY                OFF         CACHE BOOL      "Platform has multi core")
+set(PLATFORM_HAS_FIRMWARE_UPDATE_SUPPORT   ON          CACHE BOOL      "Whether the platform has firmware update support")
+set(STSAFEA                                OFF         CACHE BOOL      "Activate ST SAFE SUPPORT")
+
+################################## FIRMWARE_UPDATE #############################################################################################
+set(TFM_PARTITION_FIRMWARE_UPDATE          ON          CACHE BOOL      "Enable firmware update partition")
+set(MCUBOOT_HW_ROLLBACK_PROT               ON          CACHE BOOL      "Security counter validation against non-volatile HW counters")
+set(TFM_FWU_BOOTLOADER_LIB                 "mcuboot"   CACHE STRING    "Bootloader configure file for Firmware Update partition")
+set(TFM_CONFIG_FWU_MAX_WRITE_SIZE          8192        CACHE STRING    "The maximum permitted size for block in psa_fwu_write, in bytes.")
+set(TFM_CONFIG_FWU_MAX_MANIFEST_SIZE       0           CACHE STRING    "The maximum permitted size for manifest in psa_fwu_start(), in bytes.")
+set(FWU_DEVICE_CONFIG_FILE                 ""          CACHE STRING    "The device configuration file for Firmware Update partition")
+set(FWU_SUPPORT_TRIAL_STATE                ON          CACHE BOOL      "Device support TRIAL component state.")
+set(DMCUBOOT_UPGRADE_STRATEGY              SWAP_USING_MOVE)
+set(DEFAULT_MCUBOOT_FLASH_MAP              ON          CACHE BOOL      "Whether to use the default flash map defined by TF-M project")