diff options
Diffstat (limited to 'meta-arm/meta-arm-bsp/recipes-security/trusted-services')
5 files changed, 658 insertions, 1 deletions
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch index 0fdb254f99..9ab1157ead 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch @@ -1,9 +1,11 @@ +Upstream-Status: Pending [Not submitted to upstream yet] +Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> + From a1da63a8c4d55d52321608a72129af49e0a498b2 Mon Sep 17 00:00:00 2001 From: Satish Kumar <satish.kumar01@arm.com> Date: Mon, 14 Feb 2022 08:22:25 +0000 Subject: [PATCH 18/19] Fixes in AEAD for psa-arch test 54 and 58. -Upstream-Status: Pending Signed-off-by: Satish Kumar <satish.kumar01@arm.com> Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> --- diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch new file mode 100644 index 0000000000..79429c7747 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch @@ -0,0 +1,417 @@ +From 6430bf31a25a1ef67e9141f85dbd070feb0d1a1e Mon Sep 17 00:00:00 2001 +From: Satish Kumar <satish.kumar01@arm.com> +Date: Fri, 8 Jul 2022 09:48:06 +0100 +Subject: [PATCH] FMP Support in Corstone1000. + +The FMP support is used by u-boot to pupolate ESRT information +for the kernel. + +The solution is platform specific and needs to be revisted. + +Signed-off-by: Satish Kumar <satish.kumar01@arm.com> + +Upstream-Status: Inappropriate [The solution is platform specific and needs to be revisted] +--- + .../provider/capsule_update_provider.c | 5 + + .../capsule_update/provider/component.cmake | 1 + + .../provider/corstone1000_fmp_service.c | 307 ++++++++++++++++++ + .../provider/corstone1000_fmp_service.h | 26 ++ + 4 files changed, 339 insertions(+) + create mode 100644 components/service/capsule_update/provider/corstone1000_fmp_service.c + create mode 100644 components/service/capsule_update/provider/corstone1000_fmp_service.h + +diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c +index 9bbd7abc..871d6bcf 100644 +--- a/components/service/capsule_update/provider/capsule_update_provider.c ++++ b/components/service/capsule_update/provider/capsule_update_provider.c +@@ -11,6 +11,7 @@ + #include <protocols/service/capsule_update/capsule_update_proto.h> + #include <protocols/rpc/common/packed-c/status.h> + #include "capsule_update_provider.h" ++#include "corstone1000_fmp_service.h" + + + #define CAPSULE_UPDATE_REQUEST (0x1) +@@ -47,6 +48,8 @@ struct rpc_interface *capsule_update_provider_init( + rpc_interface = service_provider_get_rpc_interface(&context->base_provider); + } + ++ provision_fmp_variables_metadata(context->client.caller); ++ + return rpc_interface; + } + +@@ -85,6 +88,7 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller) + } + psa_call(caller,handle, PSA_IPC_CALL, + in_vec,IOVEC_LEN(in_vec), NULL, 0); ++ set_fmp_image_info(caller, handle); + break; + + case KERNEL_STARTED_EVENT: +@@ -99,6 +103,7 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller) + } + psa_call(caller,handle, PSA_IPC_CALL, + in_vec,IOVEC_LEN(in_vec), NULL, 0); ++ set_fmp_image_info(caller, handle); + break; + default: + EMSG("%s unsupported opcode", __func__); +diff --git a/components/service/capsule_update/provider/component.cmake b/components/service/capsule_update/provider/component.cmake +index 1d412eb2..6b060149 100644 +--- a/components/service/capsule_update/provider/component.cmake ++++ b/components/service/capsule_update/provider/component.cmake +@@ -10,4 +10,5 @@ endif() + + target_sources(${TGT} PRIVATE + "${CMAKE_CURRENT_LIST_DIR}/capsule_update_provider.c" ++ "${CMAKE_CURRENT_LIST_DIR}/corstone1000_fmp_service.c" + ) +diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c +new file mode 100644 +index 00000000..6a7a47a7 +--- /dev/null ++++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c +@@ -0,0 +1,307 @@ ++/* ++ * Copyright (c) 2022, Arm Limited and Contributors. All rights reserved. ++ * ++ * SPDX-License-Identifier: BSD-3-Clause ++ */ ++ ++#include "corstone1000_fmp_service.h" ++#include <psa/client.h> ++#include <psa/sid.h> ++#include <psa/storage_common.h> ++#include <trace.h> ++ ++#include <service/smm_variable/backend/variable_index.h> ++ ++#define VARIABLE_INDEX_STORAGE_UID (0x787) ++ ++/** ++ * Variable attributes ++ */ ++#define EFI_VARIABLE_NON_VOLATILE (0x00000001) ++#define EFI_VARIABLE_BOOTSERVICE_ACCESS (0x00000002) ++#define EFI_VARIABLE_RUNTIME_ACCESS (0x00000004) ++#define EFI_VARIABLE_HARDWARE_ERROR_RECORD (0x00000008) ++#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS (0x00000010) ++#define EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS (0x00000020) ++#define EFI_VARIABLE_APPEND_WRITE (0x00000040) ++#define EFI_VARIABLE_MASK \ ++ (EFI_VARIABLE_NON_VOLATILE | \ ++ EFI_VARIABLE_BOOTSERVICE_ACCESS | \ ++ EFI_VARIABLE_RUNTIME_ACCESS | \ ++ EFI_VARIABLE_HARDWARE_ERROR_RECORD | \ ++ EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | \ ++ EFI_VARIABLE_APPEND_WRITE) ++ ++#define FMP_VARIABLES_COUNT 6 ++ ++static struct variable_metadata fmp_variables_metadata[FMP_VARIABLES_COUNT] = { ++ { ++ { 0x86c77a67, 0x0b97, 0x4633, \ ++ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} }, ++ /* name size = (variable_name + \0) * sizeof(u16) */ ++ .name_size = 42, { 'F', 'm', 'p', 'D', 'e', 's', 'c', 'r', 'i', 'p', 't', 'o', 'r', 'V', 'e', 'r', 's', 'i', 'o', 'n' }, ++ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0 ++ }, ++ { ++ { 0x86c77a67, 0x0b97, 0x4633, \ ++ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} }, ++ /* name size = (variable_name + \0) * sizeof(u16) */ ++ .name_size = 34, { 'F', 'm', 'p', 'I', 'm', 'a', 'g', 'e', 'I', 'n', 'f', 'o', 'S', 'i', 'z', 'e' }, ++ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0 ++ }, ++ { ++ { 0x86c77a67, 0x0b97, 0x4633, \ ++ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} }, ++ /* name size = (variable_name + \0) * sizeof(u16) */ ++ .name_size = 38, { 'F', 'm', 'p', 'D', 'e', 's', 'c', 'r', 'i', 'p', 't', 'o', 'r', 'C', 'o', 'u', 'n', 't' }, ++ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0 ++ }, ++ { ++ { 0x86c77a67, 0x0b97, 0x4633, \ ++ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} }, ++ /* name size = (variable_name + \0) * sizeof(u16) */ ++ .name_size = 26, { 'F', 'm', 'p', 'I', 'm', 'a', 'g', 'e', 'I', 'n', 'f', 'o' }, ++ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0 ++ }, ++ { ++ { 0x86c77a67, 0x0b97, 0x4633, \ ++ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} }, ++ /* name size = (variable_name + \0) * sizeof(u16) */ ++ .name_size = 28, { 'F', 'm', 'p', 'I', 'm', 'a', 'g', 'e', 'N', 'a', 'm', 'e', '1' }, ++ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0 ++ }, ++ { ++ { 0x86c77a67, 0x0b97, 0x4633, \ ++ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} }, ++ /* name size = (variable_name + \0) * sizeof(u16) */ ++ .name_size = 32, { 'F', 'm', 'p', 'V', 'e', 'r', 's', 'i', 'o', 'n', 'N', 'a', 'm', 'e', '1' }, ++ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0 ++ }, ++}; ++ ++static psa_status_t protected_storage_set(struct rpc_caller *caller, ++ psa_storage_uid_t uid, size_t data_length, const void *p_data) ++{ ++ psa_status_t psa_status; ++ psa_storage_create_flags_t create_flags = PSA_STORAGE_FLAG_NONE; ++ ++ struct psa_invec in_vec[] = { ++ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) }, ++ { .base = psa_ptr_const_to_u32(p_data), .len = data_length }, ++ { .base = psa_ptr_to_u32(&create_flags), .len = sizeof(create_flags) }, ++ }; ++ ++ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, TFM_PS_ITS_SET, ++ in_vec, IOVEC_LEN(in_vec), NULL, 0); ++ if (psa_status < 0) ++ EMSG("ipc_set: psa_call failed: %d", psa_status); ++ ++ return psa_status; ++} ++ ++static psa_status_t protected_storage_get(struct rpc_caller *caller, ++ psa_storage_uid_t uid, size_t data_size, void *p_data) ++{ ++ psa_status_t psa_status; ++ uint32_t offset = 0; ++ ++ struct psa_invec in_vec[] = { ++ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) }, ++ { .base = psa_ptr_to_u32(&offset), .len = sizeof(offset) }, ++ }; ++ ++ struct psa_outvec out_vec[] = { ++ { .base = psa_ptr_to_u32(p_data), .len = data_size }, ++ }; ++ ++ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, ++ TFM_PS_ITS_GET, in_vec, IOVEC_LEN(in_vec), ++ out_vec, IOVEC_LEN(out_vec)); ++ ++ if (psa_status == PSA_SUCCESS && out_vec[0].len != data_size) { ++ EMSG("Return size does not match with expected size."); ++ return PSA_ERROR_BUFFER_TOO_SMALL; ++ } ++ ++ return psa_status; ++} ++ ++static uint64_t name_hash(EFI_GUID *guid, size_t name_size, ++ const int16_t *name) ++{ ++ /* Using djb2 hash by Dan Bernstein */ ++ uint64_t hash = 5381; ++ ++ /* Calculate hash over GUID */ ++ hash = ((hash << 5) + hash) + guid->Data1; ++ hash = ((hash << 5) + hash) + guid->Data2; ++ hash = ((hash << 5) + hash) + guid->Data3; ++ ++ for (int i = 0; i < 8; ++i) { ++ ++ hash = ((hash << 5) + hash) + guid->Data4[i]; ++ } ++ ++ /* Extend to cover name up to but not including null terminator */ ++ for (int i = 0; i < name_size / sizeof(int16_t); ++i) { ++ ++ if (!name[i]) break; ++ hash = ((hash << 5) + hash) + name[i]; ++ } ++ ++ return hash; ++} ++ ++ ++static void initialize_metadata(void) ++{ ++ for (int i = 0; i < FMP_VARIABLES_COUNT; i++) { ++ ++ fmp_variables_metadata[i].uid = name_hash( ++ &fmp_variables_metadata[i].guid, ++ fmp_variables_metadata[i].name_size, ++ fmp_variables_metadata[i].name); ++ } ++} ++ ++ ++void provision_fmp_variables_metadata(struct rpc_caller *caller) ++{ ++ struct variable_metadata metadata; ++ psa_status_t status; ++ uint32_t dummy_values = 0xDEAD; ++ ++ EMSG("Provisioning FMP metadata."); ++ ++ initialize_metadata(); ++ ++ status = protected_storage_get(caller, VARIABLE_INDEX_STORAGE_UID, ++ sizeof(struct variable_metadata), &metadata); ++ ++ if (status == PSA_SUCCESS) { ++ EMSG("UEFI variables store is already provisioned."); ++ return; ++ } ++ ++ /* Provision FMP variables with dummy values. */ ++ for (int i = 0; i < FMP_VARIABLES_COUNT; i++) { ++ protected_storage_set(caller, fmp_variables_metadata[i].uid, ++ sizeof(dummy_values), &dummy_values); ++ } ++ ++ status = protected_storage_set(caller, VARIABLE_INDEX_STORAGE_UID, ++ sizeof(struct variable_metadata) * FMP_VARIABLES_COUNT, ++ fmp_variables_metadata); ++ ++ if (status != EFI_SUCCESS) { ++ return; ++ } ++ ++ EMSG("FMP metadata is provisioned"); ++} ++ ++typedef struct { ++ void *base; ++ int len; ++} variable_data_t; ++ ++static variable_data_t fmp_variables_data[FMP_VARIABLES_COUNT]; ++ ++#define IMAGE_INFO_BUFFER_SIZE 256 ++static char image_info_buffer[IMAGE_INFO_BUFFER_SIZE]; ++#define IOCTL_CORSTONE1000_FMP_IMAGE_INFO 2 ++ ++static psa_status_t unpack_image_info(void *buffer, uint32_t size) ++{ ++ typedef struct __attribute__ ((__packed__)) { ++ uint32_t variable_count; ++ uint32_t variable_size[FMP_VARIABLES_COUNT]; ++ uint8_t variable[]; ++ } packed_buffer_t; ++ ++ packed_buffer_t *packed_buffer = buffer; ++ int runner = 0; ++ ++ if (packed_buffer->variable_count != FMP_VARIABLES_COUNT) { ++ EMSG("Expected fmp varaibles = %u, but received = %u", ++ FMP_VARIABLES_COUNT, packed_buffer->variable_count); ++ return PSA_ERROR_PROGRAMMER_ERROR; ++ } ++ ++ for (int i = 0; i < packed_buffer->variable_count; i++) { ++ EMSG("FMP variable %d : size %u", i, packed_buffer->variable_size[i]); ++ fmp_variables_data[i].base = &packed_buffer->variable[runner]; ++ fmp_variables_data[i].len= packed_buffer->variable_size[i]; ++ runner += packed_buffer->variable_size[i]; ++ } ++ ++ return PSA_SUCCESS; ++} ++ ++static psa_status_t get_image_info(struct rpc_caller *caller, ++ psa_handle_t platform_service_handle) ++{ ++ psa_status_t status; ++ psa_handle_t handle; ++ uint32_t ioctl_id = IOCTL_CORSTONE1000_FMP_IMAGE_INFO; ++ ++ struct psa_invec in_vec[] = { ++ { .base = &ioctl_id, .len = sizeof(ioctl_id) }, ++ }; ++ ++ struct psa_outvec out_vec[] = { ++ { .base = image_info_buffer, .len = IMAGE_INFO_BUFFER_SIZE }, ++ }; ++ ++ memset(image_info_buffer, 0, IMAGE_INFO_BUFFER_SIZE); ++ ++ psa_call(caller, platform_service_handle, PSA_IPC_CALL, ++ in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); ++ ++ status = unpack_image_info(image_info_buffer, IMAGE_INFO_BUFFER_SIZE); ++ if (status != PSA_SUCCESS) { ++ return status; ++ } ++ ++ return PSA_SUCCESS; ++} ++ ++static psa_status_t set_image_info(struct rpc_caller *caller) ++{ ++ psa_status_t status; ++ ++ for (int i = 0; i < FMP_VARIABLES_COUNT; i++) { ++ ++ status = protected_storage_set(caller, ++ fmp_variables_metadata[i].uid, ++ fmp_variables_data[i].len, fmp_variables_data[i].base); ++ ++ if (status != PSA_SUCCESS) { ++ ++ EMSG("FMP variable %d set unsuccessful", i); ++ return status; ++ } ++ ++ EMSG("FMP variable %d set success", i); ++ } ++ ++ return PSA_SUCCESS; ++} ++ ++void set_fmp_image_info(struct rpc_caller *caller, ++ psa_handle_t platform_service_handle) ++{ ++ psa_status_t status; ++ ++ status = get_image_info(caller, platform_service_handle); ++ if (status != PSA_SUCCESS) { ++ return; ++ } ++ ++ status = set_image_info(caller); ++ if (status != PSA_SUCCESS) { ++ return; ++ } ++ ++ return; ++} +diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.h b/components/service/capsule_update/provider/corstone1000_fmp_service.h +new file mode 100644 +index 00000000..95fba2a0 +--- /dev/null ++++ b/components/service/capsule_update/provider/corstone1000_fmp_service.h +@@ -0,0 +1,26 @@ ++/* ++ * Copyright (c) 2022, Arm Limited and Contributors. All rights reserved. ++ * ++ * SPDX-License-Identifier: BSD-3-Clause ++ */ ++ ++#ifndef CORSTONE1000_FMP_SERVICE_H ++#define CORSTONE1000_FMP_SERVICE_H ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++#include <rpc_caller.h> ++#include <psa/client.h> ++ ++void provision_fmp_variables_metadata(struct rpc_caller *caller); ++ ++void set_fmp_image_info(struct rpc_caller *caller, ++ psa_handle_t platform_service_handle); ++ ++#ifdef __cplusplus ++} /* extern "C" */ ++#endif ++ ++#endif /* CORSTONE1000_FMP_SERVICE_H */ +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/ts-psa-crypto-api-test/0001-corstone1000-port-crypto-config.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/ts-psa-crypto-api-test/0001-corstone1000-port-crypto-config.patch new file mode 100644 index 0000000000..c7289562bd --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/ts-psa-crypto-api-test/0001-corstone1000-port-crypto-config.patch @@ -0,0 +1,230 @@ +Upstream-Status: Pending [Not submitted to upstream yet] +Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> + +From c1bcab09bb5b73e0f7131d9433f5e23c3943f007 Mon Sep 17 00:00:00 2001 +From: Satish Kumar <satish.kumar01@arm.com> +Date: Sat, 11 Dec 2021 11:06:57 +0000 +Subject: [PATCH] corstone1000: port crypto config + + +Signed-off-by: Satish Kumar <satish.kumar01@arm.com> + +%% original patch: 0002-corstone1000-port-crypto-config.patch + +Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> +--- + .../nspe/pal_crypto_config.h | 81 +++++++++++++++---- + 1 file changed, 65 insertions(+), 16 deletions(-) + +diff --git a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h +index 218a94c69502..c6d4aadd8476 100755 +--- a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h ++++ b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h +@@ -34,10 +34,14 @@ + * + * Comment macros to disable the types + */ ++#ifndef TF_M_PROFILE_SMALL ++#ifndef TF_M_PROFILE_MEDIUM + #define ARCH_TEST_RSA + #define ARCH_TEST_RSA_1024 + #define ARCH_TEST_RSA_2048 + #define ARCH_TEST_RSA_3072 ++#endif ++#endif + + /** + * \def ARCH_TEST_ECC +@@ -50,11 +54,17 @@ + * Requires: ARCH_TEST_ECC + * Comment macros to disable the curve + */ ++#ifndef TF_M_PROFILE_SMALL + #define ARCH_TEST_ECC + #define ARCH_TEST_ECC_CURVE_SECP192R1 ++#ifndef TF_M_PROFILE_MEDIUM + #define ARCH_TEST_ECC_CURVE_SECP224R1 ++#endif + #define ARCH_TEST_ECC_CURVE_SECP256R1 ++#ifndef TF_M_PROFILE_MEDIUM + #define ARCH_TEST_ECC_CURVE_SECP384R1 ++#endif ++#endif + + /** + * \def ARCH_TEST_AES +@@ -78,10 +88,10 @@ + * + * Comment macros to disable the types + */ +-#define ARCH_TEST_DES +-#define ARCH_TEST_DES_1KEY +-#define ARCH_TEST_DES_2KEY +-#define ARCH_TEST_DES_3KEY ++//#define ARCH_TEST_DES ++//#define ARCH_TEST_DES_1KEY ++//#define ARCH_TEST_DES_2KEY ++//#define ARCH_TEST_DES_3KEY + + /** + * \def ARCH_TEST_RAW +@@ -104,7 +114,7 @@ + * + * Enable the ARC4 key type. + */ +-#define ARCH_TEST_ARC4 ++//#define ARCH_TEST_ARC4 + + /** + * \def ARCH_TEST_CIPHER_MODE_CTR +@@ -113,7 +123,11 @@ + * + * Requires: ARCH_TEST_CIPHER + */ ++#ifndef TF_M_PROFILE_SMALL ++#ifndef TF_M_PROFILE_MEDIUM + #define ARCH_TEST_CIPHER_MODE_CTR ++#endif ++#endif + + /** + * \def ARCH_TEST_CIPHER_MODE_CFB +@@ -138,7 +152,11 @@ + * + * Requires: ARCH_TEST_CIPHER, ARCH_TEST_AES, ARCH_TEST_CIPHER_MODE_CTR + */ ++#ifndef TF_M_PROFILE_SMALL ++#ifndef TF_M_PROFILE_MEDIUM + #define ARCH_TEST_CTR_AES ++#endif ++#endif + + /** + * \def ARCH_TEST_CBC_AES +@@ -157,7 +175,11 @@ + * + * Comment macros to disable the types + */ ++#ifndef TF_M_PROFILE_SMALL ++#ifndef TF_M_PROFILE_MEDIUM + #define ARCH_TEST_CBC_NO_PADDING ++#endif ++#endif + + /** + * \def ARCH_TEST_CFB_AES +@@ -177,11 +199,15 @@ + * + * Comment macros to disable the types + */ ++#ifndef TF_M_PROFILE_SMALL ++#ifndef TF_M_PROFILE_MEDIUM + #define ARCH_TEST_PKCS1V15 + #define ARCH_TEST_RSA_PKCS1V15_SIGN + #define ARCH_TEST_RSA_PKCS1V15_SIGN_RAW + #define ARCH_TEST_RSA_PKCS1V15_CRYPT + #define ARCH_TEST_RSA_OAEP ++#endif ++#endif + + /** + * \def ARCH_TEST_CBC_PKCS7 +@@ -190,7 +216,11 @@ + * + * Comment macros to disable the types + */ ++#ifndef TF_M_PROFILE_SMALL ++#ifndef TF_M_PROFILE_MEDIUM + #define ARCH_TEST_CBC_PKCS7 ++#endif ++#endif + + /** + * \def ARCH_TEST_ASYMMETRIC_ENCRYPTION +@@ -227,21 +257,27 @@ + * + * Comment macros to disable the types + */ +-// #define ARCH_TEST_MD2 +-// #define ARCH_TEST_MD4 +-#define ARCH_TEST_MD5 +-#define ARCH_TEST_RIPEMD160 +-#define ARCH_TEST_SHA1 ++//#define ARCH_TEST_MD2 ++//#define ARCH_TEST_MD4 ++//#define ARCH_TEST_MD5 ++//#define ARCH_TEST_RIPEMD160 ++//#define ARCH_TEST_SHA1 ++#ifndef TF_M_PROFILE_SMALL + #define ARCH_TEST_SHA224 ++#endif + #define ARCH_TEST_SHA256 ++#ifndef TF_M_PROFILE_SMALL ++#ifndef TF_M_PROFILE_MEDIUM + #define ARCH_TEST_SHA384 + #define ARCH_TEST_SHA512 +-// #define ARCH_TEST_SHA512_224 +-// #define ARCH_TEST_SHA512_256 +-// #define ARCH_TEST_SHA3_224 +-// #define ARCH_TEST_SHA3_256 +-// #define ARCH_TEST_SHA3_384 +-// #define ARCH_TEST_SHA3_512 ++#endif ++#endif ++//#define ARCH_TEST_SHA512_224 ++//#define ARCH_TEST_SHA512_256 ++//#define ARCH_TEST_SHA3_224 ++//#define ARCH_TEST_SHA3_256 ++//#define ARCH_TEST_SHA3_384 ++//#define ARCH_TEST_SHA3_512 + + /** + * \def ARCH_TEST_HKDF +@@ -270,7 +306,12 @@ + * + * Comment macros to disable the types + */ ++#ifndef TF_M_PROFILE_SMALL ++#ifndef TF_M_PROFILE_MEDIUM + #define ARCH_TEST_CMAC ++#endif ++#endif ++//#define ARCH_TEST_GMAC + #define ARCH_TEST_HMAC + + /** +@@ -290,7 +331,11 @@ + * Requires: ARCH_TEST_AES + * + */ ++#ifndef TF_M_PROFILE_SMALL ++#ifndef TF_M_PROFILE_MEDIUM + #define ARCH_TEST_GCM ++#endif ++#endif + + /** + * \def ARCH_TEST_TRUNCATED_MAC +@@ -309,7 +354,9 @@ + * + * Requires: ARCH_TEST_ECC + */ ++#ifndef TF_M_PROFILE_SMALL + #define ARCH_TEST_ECDH ++#endif + + /** + * \def ARCH_TEST_ECDSA +@@ -317,7 +364,9 @@ + * Enable the elliptic curve DSA library. + * Requires: ARCH_TEST_ECC + */ ++#ifndef TF_M_PROFILE_SMALL + #define ARCH_TEST_ECDSA ++#endif + + /** + * \def ARCH_TEST_DETERMINISTIC_ECDSA +-- +2.38.0 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc index aa8f271df2..03f7dff2ef 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc @@ -20,6 +20,7 @@ SRC_URI:append = " \ file://0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch \ file://0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch \ file://0019-plat-corstone1000-change-default-smm-values.patch \ + file://0020-FMP-Support-in-Corstone1000.patch \ " diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bbappend new file mode 100644 index 0000000000..6595c92a28 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bbappend @@ -0,0 +1,7 @@ +FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000:" +FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000/${PN}:" + +SRC_URI:append:corstone1000 = " \ + file://0001-corstone1000-port-crypto-config.patch;patchdir=../psatest \ + file://0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch;patchdir=../trusted-services \ + " |