diff options
Diffstat (limited to 'meta-arm/meta-arm-bsp/recipes-security/trusted-services')
29 files changed, 152 insertions, 9038 deletions
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch deleted file mode 100644 index c44885cf04..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch +++ /dev/null @@ -1,287 +0,0 @@ -From 13de79cd4f0d25b812e5f4ad4a19bc075496be83 Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath <vishnu.banavath@arm.com> -Date: Fri, 3 Dec 2021 16:36:51 +0000 -Subject: [PATCH 01/20] Add openamp to SE proxy deployment - -Openamp is required to communicate between secure partitions(running on -Cortex-A) and trusted-firmware-m(running on Cortex-M). -These changes are to fetch libmetal and openamp from github repo's -and build it. - -Upstream-Status: Pending -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - deployments/se-proxy/opteesp/lse.S | 28 ++++++++ - deployments/se-proxy/se-proxy.cmake | 8 +++ - external/openamp/libmetal-init-cache.cmake.in | 20 ++++++ - external/openamp/libmetal.cmake | 67 +++++++++++++++++++ - external/openamp/openamp-init-cache.cmake.in | 20 ++++++ - external/openamp/openamp.cmake | 66 ++++++++++++++++++ - 6 files changed, 209 insertions(+) - create mode 100644 deployments/se-proxy/opteesp/lse.S - create mode 100644 external/openamp/libmetal-init-cache.cmake.in - create mode 100644 external/openamp/libmetal.cmake - create mode 100644 external/openamp/openamp-init-cache.cmake.in - create mode 100644 external/openamp/openamp.cmake - -diff --git a/deployments/se-proxy/opteesp/lse.S b/deployments/se-proxy/opteesp/lse.S -new file mode 100644 -index 000000000000..8e466d65fc2b ---- /dev/null -+++ b/deployments/se-proxy/opteesp/lse.S -@@ -0,0 +1,28 @@ -+// SPDX-License-Identifier: BSD-3-Clause -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ */ -+ -+.text -+.globl __aarch64_cas4_acq_rel -+.globl __aarch64_cas4_sync -+ -+__aarch64_cas4_acq_rel: -+ mov w16, w0 -+ ldaxr w0, [x2] -+ cmp w0, w16 -+0: bne 1f -+ -+ stlxr w17, w1, [x2] -+ cbnz w17, 0b -+1: ret -+ -+__aarch64_cas4_sync: -+ mov w16, w0 -+ ldxr w0, [x2] -+ cmp w0, w16 -+0: bne 1f -+ -+ stlxr w17, w1, [x2] -+ cbnz w17, 0b -+1: ret -diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake -index 426c66c05350..d39873a0fe81 100644 ---- a/deployments/se-proxy/se-proxy.cmake -+++ b/deployments/se-proxy/se-proxy.cmake -@@ -61,6 +61,7 @@ add_components(TARGET "se-proxy" - target_sources(se-proxy PRIVATE - ${CMAKE_CURRENT_LIST_DIR}/common/se_proxy_sp.c - ${CMAKE_CURRENT_LIST_DIR}/common/service_proxy_factory.c -+ ${CMAKE_CURRENT_LIST_DIR}/opteesp/lse.S - ) - - #------------------------------------------------------------------------------- -@@ -73,6 +74,13 @@ include(../../../external/nanopb/nanopb.cmake) - target_link_libraries(se-proxy PRIVATE nanopb::protobuf-nanopb-static) - protobuf_generate_all(TGT "se-proxy" NAMESPACE "protobuf" BASE_DIR "${TS_ROOT}/protocols") - -+# libmetal -+include(../../../external/openamp/libmetal.cmake) -+ -+# OpenAMP -+include(../../../external/openamp/openamp.cmake) -+target_link_libraries(se-proxy PRIVATE openamp libmetal) -+ - ################################################################# - - target_include_directories(se-proxy PRIVATE -diff --git a/external/openamp/libmetal-init-cache.cmake.in b/external/openamp/libmetal-init-cache.cmake.in -new file mode 100644 -index 000000000000..04c25fbde960 ---- /dev/null -+++ b/external/openamp/libmetal-init-cache.cmake.in -@@ -0,0 +1,20 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. -+# Copyright (c) 2021-2022, Linaro. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+ -+set(CMAKE_INSTALL_PREFIX "@BUILD_INSTALL_DIR@" CACHE STRING "") -+set(CMAKE_TOOLCHAIN_FILE "@TS_EXTERNAL_LIB_TOOLCHAIN_FILE@" CACHE STRING "") -+set(BUILD_SHARED_LIBS Off CACHE BOOL "") -+set(BUILD_STATIC_LIBS On CACHE BOOL "") -+ -+set(WITH_DOC OFF CACHE BOOL "") -+set(WITH_TESTS OFF CACHE BOOL "") -+set(WITH_EXAMPLES OFF CACHE BOOL "") -+set(WITH_DEFAULT_LOGGER OFF CACHE BOOL "") -+set(MACHINE "template" CACHE STRING "") -+ -+@_cmake_fragment@ -diff --git a/external/openamp/libmetal.cmake b/external/openamp/libmetal.cmake -new file mode 100644 -index 000000000000..6e5004ff555c ---- /dev/null -+++ b/external/openamp/libmetal.cmake -@@ -0,0 +1,67 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2022 Linaro Limited -+# Copyright (c) 2022, Arm Limited. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+ -+set (LIBMETAL_URL "https://github.com/OpenAMP/libmetal.git" -+ CACHE STRING "libmetal repository URL") -+set (LIBMETAL_INSTALL_DIR "${CMAKE_CURRENT_BINARY_DIR}/libmetal_install" -+ CACHE DIR "libmetal installation directory") -+set(LIBMETAL_SOURCE_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/libmetal" -+ CACHE DIR "libmetal source-code") -+set (LIBMETAL_PACKAGE_DIR "${LIBMETAL_INSTALL_DIR}/libmetal/cmake" -+ CACHE DIR "libmetal CMake package directory") -+set (LIBMETAL_TARGET_NAME "libmetal") -+set (LIBMETAL_REFSPEC "f252f0e007fbfb8b3a52b1d5901250ddac96baad" -+ CACHE STRING "The version of libmetal to use") -+set(LIBMETAL_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/libmetal-build") -+ -+set(GIT_OPTIONS -+ GIT_REPOSITORY ${LIBMETAL_URL} -+ GIT_TAG ${LIBMETAL_REFSPEC} -+ GIT_SHALLOW FALSE -+) -+ -+if(NOT LIBMETAL_DEBUG) -+ set(LIBMETAL_BUILD_TYPE "Release") -+else() -+ set(LIBMETAL_BUILD_TYPE "Debug") -+endif() -+ -+include(FetchContent) -+ -+# Checking git -+find_program(GIT_COMMAND "git") -+if (NOT GIT_COMMAND) -+ message(FATAL_ERROR "Please install git") -+endif() -+ -+# Only pass libc settings to libmetal if needed. For environments where the -+# standard library is not overridden, this is not needed. -+if(TARGET stdlib::c) -+ include(${TS_ROOT}/tools/cmake/common/PropertyCopy.cmake) -+ -+ # Save libc settings -+ save_interface_target_properties(TGT stdlib::c PREFIX LIBC) -+ # Translate libc settings to cmake code fragment. Will be inserted into -+ # libmetal-init-cache.cmake.in when LazyFetch configures the file. -+ translate_interface_target_properties(PREFIX LIBC RES _cmake_fragment) -+ unset_saved_properties(LIBC) -+endif() -+ -+include(${TS_ROOT}/tools/cmake/common/LazyFetch.cmake REQUIRED) -+LazyFetch_MakeAvailable(DEP_NAME libmetal -+ FETCH_OPTIONS "${GIT_OPTIONS}" -+ INSTALL_DIR "${LIBMETAL_INSTALL_DIR}" -+ CACHE_FILE "${TS_ROOT}/external/openamp/libmetal-init-cache.cmake.in" -+ SOURCE_DIR "${LIBMETAL_SOURCE_DIR}" -+) -+unset(_cmake_fragment) -+ -+#Create an imported target to have clean abstraction in the build-system. -+add_library(libmetal STATIC IMPORTED) -+set_property(TARGET libmetal PROPERTY IMPORTED_LOCATION "${LIBMETAL_INSTALL_DIR}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}metal${CMAKE_STATIC_LIBRARY_SUFFIX}") -+set_property(TARGET libmetal PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${LIBMETAL_INSTALL_DIR}/include") -diff --git a/external/openamp/openamp-init-cache.cmake.in b/external/openamp/openamp-init-cache.cmake.in -new file mode 100644 -index 000000000000..302b80511bce ---- /dev/null -+++ b/external/openamp/openamp-init-cache.cmake.in -@@ -0,0 +1,20 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. -+# Copyright (c) 2021-2022, Linaro. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+ -+set(CMAKE_INSTALL_PREFIX "@BUILD_INSTALL_DIR@" CACHE STRING "") -+set(CMAKE_TOOLCHAIN_FILE "@TS_EXTERNAL_LIB_TOOLCHAIN_FILE@" CACHE STRING "") -+set(BUILD_SHARED_LIBS Off CACHE BOOL "") -+set(BUILD_STATIC_LIBS On CACHE BOOL "") -+ -+set(LIBMETAL_INCLUDE_DIR "@CMAKE_CURRENT_BINARY_DIR@/libmetal_install/include" CACHE -+ STRING "") -+set(LIBMETAL_LIB "@CMAKE_CURRENT_BINARY_DIR@/libmetal_install/lib" CACHE STRING "") -+set(RPMSG_BUFFER_SIZE "512" CACHE STRING "") -+set(MACHINE "template" CACHE STRING "") -+ -+@_cmake_fragment@ -diff --git a/external/openamp/openamp.cmake b/external/openamp/openamp.cmake -new file mode 100644 -index 000000000000..449f35f4fda4 ---- /dev/null -+++ b/external/openamp/openamp.cmake -@@ -0,0 +1,66 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2022 Linaro Limited -+# Copyright (c) 2022, Arm Limited. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+ -+set (OPENAMP_URL "https://github.com/OpenAMP/open-amp.git" -+ CACHE STRING "OpenAMP repository URL") -+set (OPENAMP_INSTALL_DIR "${CMAKE_CURRENT_BINARY_DIR}/openamp_install" -+ CACHE DIR "OpenAMP installation directory") -+set (OPENAMP_SOURCE_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/openamp" -+ CACHE DIR "OpenAMP source code directory") -+set (OPENAMP_PACKAGE_DIR "${OPENAMP_INSTALL_DIR}/openamp/cmake" -+ CACHE DIR "OpenAMP CMake package directory") -+set (OPENAMP_TARGET_NAME "openamp") -+set (OPENAMP_REFSPEC "347397decaa43372fc4d00f965640ebde042966d" -+ CACHE STRING "The version of openamp to use") -+ -+set(GIT_OPTIONS -+ GIT_REPOSITORY ${OPENAMP_URL} -+ GIT_TAG ${OPENAMP_REFSPEC} -+ GIT_SHALLOW FALSE -+) -+ -+if(NOT OPENAMP_DEBUG) -+ set(OPENAMP_BUILD_TYPE "Release") -+else() -+ set(OPENAMP_BUILD_TYPE "Debug") -+endif() -+ -+include(FetchContent) -+ -+# Checking git -+find_program(GIT_COMMAND "git") -+if (NOT GIT_COMMAND) -+ message(FATAL_ERROR "Please install git") -+endif() -+ -+# Only pass libc settings to openamp if needed. For environments where the -+# standard library is not overridden, this is not needed. -+if(TARGET stdlib::c) -+ include(${TS_ROOT}/tools/cmake/common/PropertyCopy.cmake) -+ -+ # Save libc settings -+ save_interface_target_properties(TGT stdlib::c PREFIX LIBC) -+ # Translate libc settings to cmake code fragment. Will be inserted into -+ # libmetal-init-cache.cmake.in when LazyFetch configures the file. -+ translate_interface_target_properties(PREFIX LIBC RES _cmake_fragment) -+ unset_saved_properties(LIBC) -+endif() -+ -+include(${TS_ROOT}/tools/cmake/common/LazyFetch.cmake REQUIRED) -+LazyFetch_MakeAvailable(DEP_NAME openamp -+ FETCH_OPTIONS "${GIT_OPTIONS}" -+ INSTALL_DIR "${OPENAMP_INSTALL_DIR}" -+ CACHE_FILE "${TS_ROOT}/external/openamp/openamp-init-cache.cmake.in" -+ SOURCE_DIR "${OPENAMP_SOURCE_DIR}" -+) -+unset(_cmake_fragment) -+ -+#Create an imported target to have clean abstraction in the build-system. -+add_library(openamp STATIC IMPORTED) -+set_property(TARGET openamp PROPERTY IMPORTED_LOCATION "${OPENAMP_INSTALL_DIR}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}open_amp${CMAKE_STATIC_LIBRARY_SUFFIX}") -+set_property(TARGET openamp PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${OPENAMP_INSTALL_DIR}/include") --- -2.38.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Add-stub-capsule-update-service-components.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-stub-capsule-update-service-components.patch index 0040e12727..c1775b795c 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Add-stub-capsule-update-service-components.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-stub-capsule-update-service-components.patch @@ -1,7 +1,7 @@ -From 050be6fdfee656b0556766cc1db30f4c0ea87c79 Mon Sep 17 00:00:00 2001 +From a965129153a0cca340535fe2cf99dbfef9b557da Mon Sep 17 00:00:00 2001 From: Julian Hall <julian.hall@arm.com> Date: Tue, 12 Oct 2021 15:45:41 +0100 -Subject: [PATCH 13/20] Add stub capsule update service components +Subject: [PATCH 1/6] Add stub capsule update service components To facilitate development of a capsule update service provider, stub components are added to provide a starting point for an @@ -18,15 +18,12 @@ Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> .../provider/capsule_update_provider.c | 133 ++++++++++++++++++ .../provider/capsule_update_provider.h | 51 +++++++ .../capsule_update/provider/component.cmake | 13 ++ - deployments/se-proxy/common/se_proxy_sp.c | 3 + - .../se-proxy/common/service_proxy_factory.c | 16 +++ - .../se-proxy/common/service_proxy_factory.h | 1 + - deployments/se-proxy/se-proxy.cmake | 1 + + .../se-proxy/infra/corstone1000/infra.cmake | 1 + deployments/se-proxy/se_proxy_interfaces.h | 9 +- .../capsule_update/capsule_update_proto.h | 13 ++ protocols/service/capsule_update/opcodes.h | 17 +++ protocols/service/capsule_update/parameters.h | 15 ++ - 12 files changed, 292 insertions(+), 4 deletions(-) + 9 files changed, 272 insertions(+), 4 deletions(-) create mode 100644 components/service/capsule_update/backend/capsule_update_backend.h create mode 100644 components/service/capsule_update/provider/capsule_update_provider.c create mode 100644 components/service/capsule_update/provider/capsule_update_provider.h @@ -280,75 +277,18 @@ index 000000000000..1d412eb234d9 +target_sources(${TGT} PRIVATE + "${CMAKE_CURRENT_LIST_DIR}/capsule_update_provider.c" + ) -diff --git a/deployments/se-proxy/common/se_proxy_sp.c b/deployments/se-proxy/common/se_proxy_sp.c -index a37396f4454b..a38ad6ca3f56 100644 ---- a/deployments/se-proxy/common/se_proxy_sp.c -+++ b/deployments/se-proxy/common/se_proxy_sp.c -@@ -77,6 +77,9 @@ void __noreturn sp_main(struct ffa_init_info *init_info) - } - rpc_demux_attach(&rpc_demux, SE_PROXY_INTERFACE_ID_ATTEST, rpc_iface); - -+ rpc_iface = capsule_update_proxy_create(); -+ rpc_demux_attach(&rpc_demux, SE_PROXY_INTERFACE_ID_CAPSULE_UPDATE, rpc_iface); -+ - /* End of boot phase */ - result = sp_msg_wait(&req_msg); - if (result != SP_RESULT_OK) { -diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c -index 7edeef8b434a..591cc9eeb59e 100644 ---- a/deployments/se-proxy/common/service_proxy_factory.c -+++ b/deployments/se-proxy/common/service_proxy_factory.c -@@ -13,6 +13,7 @@ - #include <service/crypto/factory/crypto_provider_factory.h> - #include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h> - #include <trace.h> -+#include <service/capsule_update/provider/capsule_update_provider.h> - - /* Stub backends */ - #include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -@@ -93,3 +94,18 @@ struct rpc_interface *its_proxy_create(void) - - return secure_storage_provider_init(&its_provider, backend); - } -+ -+struct rpc_interface *capsule_update_proxy_create(void) -+{ -+ static struct capsule_update_provider capsule_update_provider; -+ static struct rpc_caller *capsule_update_caller; -+ -+ capsule_update_caller = openamp_caller_init(&openamp); -+ -+ if (!capsule_update_caller) -+ return NULL; -+ -+ capsule_update_provider.client.caller = capsule_update_caller; -+ -+ return capsule_update_provider_init(&capsule_update_provider); -+} -diff --git a/deployments/se-proxy/common/service_proxy_factory.h b/deployments/se-proxy/common/service_proxy_factory.h -index 298d407a2371..02aa7fe2550d 100644 ---- a/deployments/se-proxy/common/service_proxy_factory.h -+++ b/deployments/se-proxy/common/service_proxy_factory.h -@@ -17,6 +17,7 @@ struct rpc_interface *attest_proxy_create(void); - struct rpc_interface *crypto_proxy_create(void); - struct rpc_interface *ps_proxy_create(void); - struct rpc_interface *its_proxy_create(void); -+struct rpc_interface *capsule_update_proxy_create(void); - - #ifdef __cplusplus - } -diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake -index 3dbbc36c968d..f0db2d43f443 100644 ---- a/deployments/se-proxy/se-proxy.cmake -+++ b/deployments/se-proxy/se-proxy.cmake -@@ -51,6 +51,7 @@ add_components(TARGET "se-proxy" - "components/service/attestation/provider/serializer/packed-c" +diff --git a/deployments/se-proxy/infra/corstone1000/infra.cmake b/deployments/se-proxy/infra/corstone1000/infra.cmake +index 4e7e2bd58028..e60b5400617f 100644 +--- a/deployments/se-proxy/infra/corstone1000/infra.cmake ++++ b/deployments/se-proxy/infra/corstone1000/infra.cmake +@@ -21,6 +21,7 @@ add_components(TARGET "se-proxy" + "components/service/attestation/key_mngr/local" "components/service/attestation/reporter/psa_ipc" - "components/service/attestation/client/psa_ipc" + "components/service/crypto/backend/psa_ipc" + "components/service/capsule_update/provider" - "components/rpc/openamp/caller/sp" + "components/service/secure_storage/backend/secure_storage_ipc" + ) - # Stub service provider backends diff --git a/deployments/se-proxy/se_proxy_interfaces.h b/deployments/se-proxy/se_proxy_interfaces.h index 48908f846990..3d4a7c204785 100644 --- a/deployments/se-proxy/se_proxy_interfaces.h @@ -432,5 +372,5 @@ index 000000000000..285d924186be + +#endif /* CAPSULE_UPDATE_PARAMETERS_H */ -- -2.38.1 +2.40.0 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch index c1598a9e11..3f3800ceb9 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch @@ -1,7 +1,7 @@ -From 1a4d46fdc0b5745b9cfb0789e4b778111bd6dbbb Mon Sep 17 00:00:00 2001 +From 51a7024967187644011c5043ef0f733cf81b26be Mon Sep 17 00:00:00 2001 From: Satish Kumar <satish.kumar01@arm.com> Date: Mon, 14 Feb 2022 08:22:25 +0000 -Subject: [PATCH 18/20] Fixes in AEAD for psa-arch test 54 and 58. +Subject: [PATCH 2/6] Fixes in AEAD for psa-arch test 54 and 58. Upstream-Status: Pending [Not submitted to upstream yet] Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> @@ -29,7 +29,7 @@ index c4ffb20cf7f8..a91f66c14008 100644 /* Mandatory input data parameter */ diff --git a/components/service/crypto/include/psa/crypto_sizes.h b/components/service/crypto/include/psa/crypto_sizes.h -index 4d7bf6e959b0..e3c4df2927b3 100644 +index 30aa102da581..130d27295878 100644 --- a/components/service/crypto/include/psa/crypto_sizes.h +++ b/components/service/crypto/include/psa/crypto_sizes.h @@ -351,7 +351,7 @@ @@ -117,5 +117,5 @@ index 0be266b52403..435fd3b523ce 100644 /* Variable length input parameter tags */ -- -2.38.1 +2.40.0 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch deleted file mode 100644 index 0371a7a418..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch +++ /dev/null @@ -1,1091 +0,0 @@ -From 28aedac78016e5063ebd675a43e6c3655f87b442 Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath <vishnu.banavath@arm.com> -Date: Fri, 3 Dec 2021 18:00:46 +0000 -Subject: [PATCH 02/20] Implement mhu driver and the OpenAmp conversion layer. - -This commit adds an mhu driver (v2.1 and v2) to the secure -partition se_proxy and a conversion layer to communicate with -the secure enclave using OpenAmp. - -Upstream-Status: Pending -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - .../se-proxy/opteesp/default_se-proxy.dts.in | 16 + - .../drivers/arm/mhu_driver/component.cmake | 12 + - platform/drivers/arm/mhu_driver/mhu_v2.h | 391 ++++++++++++ - platform/drivers/arm/mhu_driver/mhu_v2_x.c | 602 ++++++++++++++++++ - .../providers/arm/corstone1000/platform.cmake | 10 + - 5 files changed, 1031 insertions(+) - create mode 100644 platform/drivers/arm/mhu_driver/component.cmake - create mode 100644 platform/drivers/arm/mhu_driver/mhu_v2.h - create mode 100644 platform/drivers/arm/mhu_driver/mhu_v2_x.c - create mode 100644 platform/providers/arm/corstone1000/platform.cmake - -diff --git a/deployments/se-proxy/opteesp/default_se-proxy.dts.in b/deployments/se-proxy/opteesp/default_se-proxy.dts.in -index 5748d2f80f88..267b4f923540 100644 ---- a/deployments/se-proxy/opteesp/default_se-proxy.dts.in -+++ b/deployments/se-proxy/opteesp/default_se-proxy.dts.in -@@ -17,4 +17,20 @@ - xlat-granule = <0>; /* 4KiB */ - messaging-method = <3>; /* Direct messaging only */ - legacy-elf-format = <1>; -+ -+ device-regions { -+ compatible = "arm,ffa-manifest-device-regions"; -+ mhu-sender { -+ /* Armv8 A Foundation Platform values */ -+ base-address = <0x00000000 0x1b820000>; -+ pages-count = <16>; -+ attributes = <0x3>; /* read-write */ -+ }; -+ mhu-receiver { -+ /* Armv8 A Foundation Platform values */ -+ base-address = <0x00000000 0x1b830000>; -+ pages-count = <16>; -+ attributes = <0x3>; /* read-write */ -+ }; -+ }; - }; -diff --git a/platform/drivers/arm/mhu_driver/component.cmake b/platform/drivers/arm/mhu_driver/component.cmake -new file mode 100644 -index 000000000000..77a5a50b67d1 ---- /dev/null -+++ b/platform/drivers/arm/mhu_driver/component.cmake -@@ -0,0 +1,12 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+ -+# Add source files for using mhu driver -+target_sources(${TGT} -+ PRIVATE -+ "${CMAKE_CURRENT_LIST_DIR}/mhu_v2_x.c" -+) -diff --git a/platform/drivers/arm/mhu_driver/mhu_v2.h b/platform/drivers/arm/mhu_driver/mhu_v2.h -new file mode 100644 -index 000000000000..2e4ba80fab95 ---- /dev/null -+++ b/platform/drivers/arm/mhu_driver/mhu_v2.h -@@ -0,0 +1,391 @@ -+/* -+ * Copyright (c) 2021 Arm Limited -+ * -+ * Licensed under the Apache License, Version 2.0 (the "License"); -+ * you may not use this file except in compliance with the License. -+ * You may obtain a copy of the License at -+ * -+ * http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * Unless required by applicable law or agreed to in writing, software -+ * distributed under the License is distributed on an "AS IS" BASIS, -+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+ * See the License for the specific language governing permissions and -+ * limitations under the License. -+ */ -+ -+/** -+ * \file mhu_v2_x.h -+ * \brief Driver for Arm MHU v2.0 and v2.1 -+ */ -+ -+#ifndef __MHU_V2_X_H__ -+#define __MHU_V2_X_H__ -+ -+#include <stdint.h> -+#include <stdbool.h> -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+#define MHU_2_X_INTR_NR2R_OFF (0x0u) -+#define MHU_2_X_INTR_R2NR_OFF (0x1u) -+#define MHU_2_1_INTR_CHCOMB_OFF (0x2u) -+ -+#define MHU_2_X_INTR_NR2R_MASK (0x1u << MHU_2_X_INTR_NR2R_OFF) -+#define MHU_2_X_INTR_R2NR_MASK (0x1u << MHU_2_X_INTR_R2NR_OFF) -+#define MHU_2_1_INTR_CHCOMB_MASK (0x1u << MHU_2_1_INTR_CHCOMB_OFF) -+ -+enum mhu_v2_x_frame_t { -+ MHU_V2_X_SENDER_FRAME = 0x0u, -+ MHU_V2_X_RECEIVER_FRAME = 0x1u, -+}; -+ -+enum mhu_v2_x_supported_revisions { -+ MHU_REV_READ_FROM_HW = 0, -+ MHU_REV_2_0, -+ MHU_REV_2_1, -+}; -+ -+struct mhu_v2_x_dev_t { -+ uint32_t base; -+ enum mhu_v2_x_frame_t frame; -+ uint32_t subversion; /*!< Hardware subversion: v2.X */ -+ bool is_initialized; /*!< Indicates if the MHU driver -+ * is initialized and enabled -+ */ -+}; -+ -+/** -+ * \brief MHU v2 error enumeration types. -+ */ -+enum mhu_v2_x_error_t { -+ MHU_V_2_X_ERR_NONE = 0, -+ MHU_V_2_X_ERR_NOT_INIT = -1, -+ MHU_V_2_X_ERR_ALREADY_INIT = -2, -+ MHU_V_2_X_ERR_UNSUPPORTED_VERSION = -3, -+ MHU_V_2_X_ERR_INVALID_ARG = -4, -+ MHU_V_2_X_ERR_GENERAL = -5 -+}; -+ -+/** -+ * \brief Initializes the driver -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] rev MHU revision (if can't be identified from HW) -+ * -+ * Reads the MHU hardware version -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note MHU revision only has to be specified when versions can't be read -+ * from HW (ARCH_MAJOR_REV reg reads as 0x0). -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_driver_init(struct mhu_v2_x_dev_t *dev, -+ enum mhu_v2_x_supported_revisions rev); -+ -+/** -+ * \brief Returns the number of channels implemented. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * -+ * Returns the number of channels implemented. -+ * -+ * \return Returns the number of channels implemented. -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+uint32_t mhu_v2_x_get_num_channel_implemented( -+ const struct mhu_v2_x_dev_t *dev); -+ -+/** -+ * \brief Sends the value over a channel. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] channel Channel to send the value over. -+ * \param[in] val Value to send. -+ * -+ * Sends the value over a channel. -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ * \note This function doesn't check if channel is implemented. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_channel_send(const struct mhu_v2_x_dev_t *dev, -+ uint32_t channel, uint32_t val); -+ -+/** -+ * \brief Clears the channel after the value is send over it. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] channel Channel to clear. -+ * -+ * Clears the channel after the value is send over it. -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ * \note This function doesn't check if channel is implemented. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_channel_clear(const struct mhu_v2_x_dev_t *dev, -+ uint32_t channel); -+ -+/** -+ * \brief Receives the value over a channel. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] channel Channel to receive the value from. -+ * \param[out] value Pointer to variable that will store the value. -+ * -+ * Receives the value over a channel. -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ * \note This function doesn't check if channel is implemented. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_channel_receive( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t *value); -+ -+/** -+ * \brief Sets bits in the Channel Mask. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] channel Which channel's mask to set. -+ * \param[in] mask Mask to be set over a receiver frame. -+ * -+ * Sets bits in the Channel Mask. -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ * \note This function doesn't check if channel is implemented. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_channel_mask_set( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask); -+ -+/** -+ * \brief Clears bits in the Channel Mask. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] channel Which channel's mask to clear. -+ * \param[in] mask Mask to be clear over a receiver frame. -+ * -+ * Clears bits in the Channel Mask. -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ * \note This function doesn't check if channel is implemented. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_channel_mask_clear( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask); -+ -+/** -+ * \brief Enables the Channel interrupt. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] channel Which channel's interrupt to enable. -+ * -+ * Enables the Channel clear interrupt. -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ * \note This function doesn't check if channel is implemented. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_enable( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel); -+ -+/** -+ * \brief Disables the Channel interrupt. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] channel Which channel's interrupt to disable. -+ * -+ * Disables the Channel interrupt. -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ * \note This function doesn't check if channel is implemented. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_disable( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel); -+ -+/** -+ * \brief Cleares the Channel interrupt. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] channel Which channel's interrupt to clear. -+ * -+ * Cleares the Channel interrupt. -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ * \note This function doesn't check if channel is implemented. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_clear( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel); -+ -+/** -+ * \brief Initiates a MHU transfer with the handshake signals. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * -+ * Initiates a MHU transfer with the handshake signals in a blocking mode. -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_initiate_transfer( -+ const struct mhu_v2_x_dev_t *dev); -+ -+/** -+ * \brief Closes a MHU transfer with the handshake signals. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * -+ * Closes a MHU transfer with the handshake signals in a blocking mode. -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_close_transfer( -+ const struct mhu_v2_x_dev_t *dev); -+ -+/** -+ * \brief Returns the value of access request signal. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[out] val Pointer to variable that will store the value. -+ * -+ * For more information please read the MHU v2 user guide -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_get_access_request( -+ const struct mhu_v2_x_dev_t *dev, uint32_t *val); -+ -+/** -+ * \brief Sets the value of access request signal to high. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * -+ * For more information please read the MHU v2 user guide -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_set_access_request( -+ const struct mhu_v2_x_dev_t *dev); -+ -+/** -+ * \brief Sets the value of access request signal to low. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * -+ * For more information please read the MHU v2 user guide -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_reset_access_request( -+ const struct mhu_v2_x_dev_t *dev); -+ -+/** -+ * \brief Returns the value of access ready signal. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[out] val Pointer to variable that will store the value. -+ * -+ * For more information please read the MHU v2 user guide -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_get_access_ready( -+ const struct mhu_v2_x_dev_t *dev, uint32_t *val); -+ -+/** -+ * \brief Returns the MHU interrupt status. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * -+ * \return Interrupt status register value. Masking is needed for individual -+ * interrupts. -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+uint32_t mhu_v2_x_get_interrupt_status(const struct mhu_v2_x_dev_t *dev); -+ -+/** -+ * \brief Enables MHU interrupts. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] mask Bit mask for enabling/disabling interrupts -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_interrupt_enable( -+ const struct mhu_v2_x_dev_t *dev, uint32_t mask); -+ -+/** -+ * \brief Disables MHU interrupts. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] mask Bit mask for enabling/disabling interrupts -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_interrupt_disable( -+ const struct mhu_v2_x_dev_t *dev, uint32_t mask); -+ -+/** -+ * \brief Clears MHU interrupts. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] mask Bit mask for clearing interrupts -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_interrupt_clear( -+ const struct mhu_v2_x_dev_t *dev, uint32_t mask); -+ -+/** -+ * \brief Returns the first channel number whose interrupt bit is high. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[out] channel Pointer to variable that will have the channel value. -+ * -+ * \return Returns the first channel number whose interrupt bit is high. -+ * \return Returns mhu_v2_x_error_t error code. -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+enum mhu_v2_x_error_t mhu_v2_1_get_ch_interrupt_num( -+ const struct mhu_v2_x_dev_t *dev, uint32_t *channel); -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* __MHU_V2_X_H__ */ -diff --git a/platform/drivers/arm/mhu_driver/mhu_v2_x.c b/platform/drivers/arm/mhu_driver/mhu_v2_x.c -new file mode 100644 -index 000000000000..01d8f659a73a ---- /dev/null -+++ b/platform/drivers/arm/mhu_driver/mhu_v2_x.c -@@ -0,0 +1,602 @@ -+/* -+ * Copyright (c) 2021 Arm Limited -+ * -+ * Licensed under the Apache License, Version 2.0 (the "License"); -+ * you may not use this file except in compliance with the License. -+ * You may obtain a copy of the License at -+ * -+ * http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * Unless required by applicable law or agreed to in writing, software -+ * distributed under the License is distributed on an "AS IS" BASIS, -+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+ * See the License for the specific language governing permissions and -+ * limitations under the License. -+ */ -+#include <stdint.h> -+#include <stdbool.h> -+#include "mhu_v2.h" -+ -+#define _MHU_V2_X_MAX_CHANNELS 124 -+#define _MHU_V2_1_MAX_CHCOMB_INT 4 -+#define ENABLE 0x1 -+#define DISABLE 0x0 -+#define CLEAR_INTR 0x1 -+#define CH_PER_CH_COMB 0x20 -+#define SEND_FRAME(p_mhu) ((struct _mhu_v2_x_send_frame_t *)p_mhu) -+#define RECV_FRAME(p_mhu) ((struct _mhu_v2_x_recv_frame_t *)p_mhu) -+ -+#define MHU_MAJOR_REV_V2 0x1u -+#define MHU_MINOR_REV_2_0 0x0u -+#define MHU_MINOR_REV_2_1 0x1u -+ -+struct _mhu_v2_x_send_ch_window_t { -+ /* Offset: 0x00 (R/ ) Channel Status */ -+ volatile uint32_t ch_st; -+ /* Offset: 0x04 (R/ ) Reserved */ -+ volatile uint32_t reserved_0; -+ /* Offset: 0x08 (R/ ) Reserved */ -+ volatile uint32_t reserved_1; -+ /* Offset: 0x0C ( /W) Channel Set */ -+ volatile uint32_t ch_set; -+ /* Offset: 0x10 (R/ ) Channel Interrupt Status (Reserved in 2.0) */ -+ volatile uint32_t ch_int_st; -+ /* Offset: 0x14 ( /W) Channel Interrupt Clear (Reserved in 2.0) */ -+ volatile uint32_t ch_int_clr; -+ /* Offset: 0x18 (R/W) Channel Interrupt Enable (Reserved in 2.0) */ -+ volatile uint32_t ch_int_en; -+ /* Offset: 0x1C (R/ ) Reserved */ -+ volatile uint32_t reserved_2; -+}; -+ -+struct _mhu_v2_x_send_frame_t { -+ /* Offset: 0x000 ( / ) Sender Channel Window 0 -123 */ -+ struct _mhu_v2_x_send_ch_window_t send_ch_window[_MHU_V2_X_MAX_CHANNELS]; -+ /* Offset: 0xF80 (R/ ) Message Handling Unit Configuration */ -+ volatile uint32_t mhu_cfg; -+ /* Offset: 0xF84 (R/W) Response Configuration */ -+ volatile uint32_t resp_cfg; -+ /* Offset: 0xF88 (R/W) Access Request */ -+ volatile uint32_t access_request; -+ /* Offset: 0xF8C (R/ ) Access Ready */ -+ volatile uint32_t access_ready; -+ /* Offset: 0xF90 (R/ ) Interrupt Status */ -+ volatile uint32_t int_st; -+ /* Offset: 0xF94 ( /W) Interrupt Clear */ -+ volatile uint32_t int_clr; -+ /* Offset: 0xF98 (R/W) Interrupt Enable */ -+ volatile uint32_t int_en; -+ /* Offset: 0xF9C (R/ ) Reserved */ -+ volatile uint32_t reserved_0; -+ /* Offset: 0xFA0 (R/W) Channel Combined Interrupt Stat (Reserved in 2.0) */ -+ volatile uint32_t ch_comb_int_st[_MHU_V2_1_MAX_CHCOMB_INT]; -+ /* Offset: â€0xFC4‬ (R/ ) Reserved */ -+ volatile uint32_t reserved_1[6]; -+ /* Offset: 0xFC8 (R/ ) Implementer Identification Register */ -+ volatile uint32_t iidr; -+ /* Offset: 0xFCC (R/ ) Architecture Identification Register */ -+ volatile uint32_t aidr; -+ /* Offset: 0xFD0 (R/ ) */ -+ volatile uint32_t pid_1[4]; -+ /* Offset: 0xFE0 (R/ ) */ -+ volatile uint32_t pid_0[4]; -+ /* Offset: 0xFF0 (R/ ) */ -+ volatile uint32_t cid[4]; -+}; -+ -+struct _mhu_v2_x_rec_ch_window_t { -+ /* Offset: 0x00 (R/ ) Channel Status */ -+ volatile uint32_t ch_st; -+ /* Offset: 0x04 (R/ ) Channel Status Masked */ -+ volatile uint32_t ch_st_msk; -+ /* Offset: 0x08 ( /W) Channel Clear */ -+ volatile uint32_t ch_clr; -+ /* Offset: 0x0C (R/ ) Reserved */ -+ volatile uint32_t reserved_0; -+ /* Offset: 0x10 (R/ ) Channel Mask Status */ -+ volatile uint32_t ch_msk_st; -+ /* Offset: 0x14 ( /W) Channel Mask Set */ -+ volatile uint32_t ch_msk_set; -+ /* Offset: 0x18 ( /W) Channel Mask Clear */ -+ volatile uint32_t ch_msk_clr; -+ /* Offset: 0x1C (R/ ) Reserved */ -+ volatile uint32_t reserved_1; -+}; -+ -+struct _mhu_v2_x_recv_frame_t { -+ /* Offset: 0x000 ( / ) Receiver Channel Window 0 -123 */ -+ struct _mhu_v2_x_rec_ch_window_t rec_ch_window[_MHU_V2_X_MAX_CHANNELS]; -+ /* Offset: 0xF80 (R/ ) Message Handling Unit Configuration */ -+ volatile uint32_t mhu_cfg; -+ /* Offset: 0xF84 (R/ ) Reserved */ -+ volatile uint32_t reserved_0[3]; -+ /* Offset: 0xF90 (R/ ) Interrupt Status (Reserved in 2.0) */ -+ volatile uint32_t int_st; -+ /* Offset: 0xF94 (R/ ) Interrupt Clear (Reserved in 2.0) */ -+ volatile uint32_t int_clr; -+ /* Offset: 0xF98 (R/W) Interrupt Enable (Reserved in 2.0) */ -+ volatile uint32_t int_en; -+ /* Offset: 0xF9C (R/ ) Reserved */ -+ volatile uint32_t reserved_1; -+ /* Offset: 0xFA0 (R/ ) Channel Combined Interrupt Stat (Reserved in 2.0) */ -+ volatile uint32_t ch_comb_int_st[_MHU_V2_1_MAX_CHCOMB_INT]; -+ /* Offset: 0xFB0 (R/ ) Reserved */ -+ volatile uint32_t reserved_2[6]; -+ /* Offset: 0xFC8 (R/ ) Implementer Identification Register */ -+ volatile uint32_t iidr; -+ /* Offset: 0xFCC (R/ ) Architecture Identification Register */ -+ volatile uint32_t aidr; -+ /* Offset: 0xFD0 (R/ ) */ -+ volatile uint32_t pid_1[4]; -+ /* Offset: 0xFE0 (R/ ) */ -+ volatile uint32_t pid_0[4]; -+ /* Offset: 0xFF0 (R/ ) */ -+ volatile uint32_t cid[4]; -+}; -+ -+union _mhu_v2_x_frame_t { -+ struct _mhu_v2_x_send_frame_t send_frame; -+ struct _mhu_v2_x_recv_frame_t recv_frame; -+}; -+ -+enum mhu_v2_x_error_t mhu_v2_x_driver_init(struct mhu_v2_x_dev_t *dev, -+ enum mhu_v2_x_supported_revisions rev) -+{ -+ uint32_t AIDR = 0; -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if (dev->is_initialized) { -+ return MHU_V_2_X_ERR_ALREADY_INIT; -+ } -+ -+ if (rev == MHU_REV_READ_FROM_HW) { -+ /* Read revision from HW */ -+ if (dev->frame == MHU_V2_X_RECEIVER_FRAME) { -+ AIDR = p_mhu->recv_frame.aidr; -+ } else { -+ AIDR = p_mhu->send_frame.aidr; -+ } -+ -+ /* Get bits 7:4 to read major revision */ -+ if ( ((AIDR >> 4) & 0b1111) != MHU_MAJOR_REV_V2) { -+ /* Unsupported MHU version */ -+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; -+ } /* No need to save major version, driver only supports MHUv2 */ -+ -+ /* Get bits 3:0 to read minor revision */ -+ dev->subversion = AIDR & 0b1111; -+ -+ if (dev->subversion != MHU_MINOR_REV_2_0 && -+ dev->subversion != MHU_MINOR_REV_2_1) { -+ /* Unsupported subversion */ -+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; -+ } -+ } else { -+ /* Revisions were provided by caller */ -+ if (rev == MHU_REV_2_0) { -+ dev->subversion = MHU_MINOR_REV_2_0; -+ } else if (rev == MHU_REV_2_1) { -+ dev->subversion = MHU_MINOR_REV_2_1; -+ } else { -+ /* Unsupported subversion */ -+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; -+ }/* No need to save major version, driver only supports MHUv2 */ -+ } -+ -+ dev->is_initialized = true; -+ -+ return MHU_V_2_X_ERR_NONE; -+} -+ -+uint32_t mhu_v2_x_get_num_channel_implemented(const struct mhu_v2_x_dev_t *dev) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame == MHU_V2_X_SENDER_FRAME) { -+ return (SEND_FRAME(p_mhu))->mhu_cfg; -+ } else { -+ return (RECV_FRAME(p_mhu))->mhu_cfg; -+ } -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_channel_send(const struct mhu_v2_x_dev_t *dev, -+ uint32_t channel, uint32_t val) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame == MHU_V2_X_SENDER_FRAME) { -+ (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_set = val; -+ return MHU_V_2_X_ERR_NONE; -+ } else { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_channel_clear(const struct mhu_v2_x_dev_t *dev, -+ uint32_t channel) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame == MHU_V2_X_RECEIVER_FRAME) { -+ (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_clr = UINT32_MAX; -+ return MHU_V_2_X_ERR_NONE; -+ } else { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_channel_receive( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t *value) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame == MHU_V2_X_RECEIVER_FRAME) { -+ *value = (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_st; -+ return MHU_V_2_X_ERR_NONE; -+ } else { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_channel_mask_set( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame == MHU_V2_X_RECEIVER_FRAME) { -+ (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_msk_set = mask; -+ return MHU_V_2_X_ERR_NONE; -+ } else { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_channel_mask_clear( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame == MHU_V2_X_RECEIVER_FRAME) { -+ (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_msk_clr = mask; -+ return MHU_V_2_X_ERR_NONE; -+ } else { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_enable( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if (dev->subversion == MHU_MINOR_REV_2_1) { -+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; -+ } -+ -+ if(dev->frame == MHU_V2_X_SENDER_FRAME) { -+ (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_int_en = ENABLE; -+ return MHU_V_2_X_ERR_NONE; -+ } else { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_disable( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if (dev->subversion == MHU_MINOR_REV_2_1) { -+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; -+ } -+ -+ if(dev->frame == MHU_V2_X_SENDER_FRAME) { -+ (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_int_en = DISABLE; -+ return MHU_V_2_X_ERR_NONE; -+ } else { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_clear( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if (dev->subversion == MHU_MINOR_REV_2_1) { -+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; -+ } -+ -+ if(dev->frame == MHU_V2_X_SENDER_FRAME) { -+ (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_int_clr = CLEAR_INTR; -+ return MHU_V_2_X_ERR_NONE; -+ } else { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_initiate_transfer( -+ const struct mhu_v2_x_dev_t *dev) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame != MHU_V2_X_SENDER_FRAME) { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+ -+ (SEND_FRAME(p_mhu))->access_request = ENABLE; -+ -+ while ( !((SEND_FRAME(p_mhu))->access_ready) ) { -+ /* Wait in a loop for access ready signal to be high */ -+ ; -+ } -+ -+ return MHU_V_2_X_ERR_NONE; -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_close_transfer(const struct mhu_v2_x_dev_t *dev) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame != MHU_V2_X_SENDER_FRAME) { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+ -+ (SEND_FRAME(p_mhu))->access_request = DISABLE; -+ -+ return MHU_V_2_X_ERR_NONE; -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_get_access_request( -+ const struct mhu_v2_x_dev_t *dev, uint32_t *val) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame != MHU_V2_X_SENDER_FRAME) { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+ -+ *val = (SEND_FRAME(p_mhu))->access_request; -+ -+ return MHU_V_2_X_ERR_NONE; -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_set_access_request( -+ const struct mhu_v2_x_dev_t *dev) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame != MHU_V2_X_SENDER_FRAME) { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+ -+ (SEND_FRAME(p_mhu))->access_request = ENABLE; -+ -+ return MHU_V_2_X_ERR_NONE; -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_reset_access_request( -+ const struct mhu_v2_x_dev_t *dev) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame != MHU_V2_X_SENDER_FRAME) { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+ -+ (SEND_FRAME(p_mhu))->access_request = DISABLE; -+ -+ return MHU_V_2_X_ERR_NONE; -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_get_access_ready( -+ const struct mhu_v2_x_dev_t *dev, uint32_t *val) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame != MHU_V2_X_SENDER_FRAME) { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+ -+ *val = (SEND_FRAME(p_mhu))->access_ready; -+ -+ return MHU_V_2_X_ERR_NONE; -+} -+ -+uint32_t mhu_v2_x_get_interrupt_status(const struct mhu_v2_x_dev_t *dev) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame == MHU_V2_X_SENDER_FRAME) { -+ return (SEND_FRAME(p_mhu))->int_st; -+ } else { -+ return (RECV_FRAME(p_mhu))->int_st; -+ } -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_interrupt_enable( -+ const struct mhu_v2_x_dev_t *dev, uint32_t mask) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if (dev->subversion == MHU_MINOR_REV_2_0) { -+ if (mask & MHU_2_1_INTR_CHCOMB_MASK) { -+ /* Combined channel IRQ is not present in v2.0 */ -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+ -+ if (dev->frame == MHU_V2_X_RECEIVER_FRAME) { -+ /* Only sender frame has these registers */ -+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; -+ } -+ } -+ -+ if(dev->frame == MHU_V2_X_SENDER_FRAME) { -+ (SEND_FRAME(p_mhu))->int_en |= mask; -+ } else { -+ (RECV_FRAME(p_mhu))->int_en |= mask; -+ } -+ -+ return MHU_V_2_X_ERR_NONE; -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_interrupt_disable( -+ const struct mhu_v2_x_dev_t *dev, uint32_t mask) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if (dev->subversion == MHU_MINOR_REV_2_0) { -+ if (mask & MHU_2_1_INTR_CHCOMB_MASK) { -+ /* Combined channel IRQ is not present in v2.0 */ -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+ -+ if (dev->frame == MHU_V2_X_RECEIVER_FRAME) { -+ /* Only sender frame has these registers */ -+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; -+ } -+ } -+ -+ if(dev->frame == MHU_V2_X_SENDER_FRAME) { -+ (SEND_FRAME(p_mhu))->int_en &= ~mask; -+ } else { -+ (RECV_FRAME(p_mhu))->int_en &= ~mask; -+ } -+ -+ return MHU_V_2_X_ERR_NONE; -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_interrupt_clear( -+ const struct mhu_v2_x_dev_t *dev, uint32_t mask) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if (dev->subversion == MHU_MINOR_REV_2_0) { -+ if (mask & MHU_2_1_INTR_CHCOMB_MASK) { -+ /* Combined channel IRQ is not present in v2.0 */ -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+ -+ if (dev->frame == MHU_V2_X_RECEIVER_FRAME) { -+ /* Only sender frame has these registers */ -+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; -+ } -+ } -+ -+ if(dev->frame == MHU_V2_X_SENDER_FRAME) { -+ (SEND_FRAME(p_mhu))->int_clr = mask; -+ } else { -+ (RECV_FRAME(p_mhu))->int_clr = mask; -+ } -+ -+ return MHU_V_2_X_ERR_NONE; -+} -+ -+enum mhu_v2_x_error_t mhu_v2_1_get_ch_interrupt_num( -+ const struct mhu_v2_x_dev_t *dev, uint32_t *channel) -+{ -+ uint32_t i, j, status; -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if (dev->subversion != MHU_MINOR_REV_2_1) { -+ /* Feature is only supported in MHU v2.1 */ -+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; -+ } -+ -+ for(i = 0; i < _MHU_V2_1_MAX_CHCOMB_INT; i++) { -+ if(dev->frame == MHU_V2_X_SENDER_FRAME) { -+ status = (SEND_FRAME(p_mhu))->ch_comb_int_st[i]; -+ } else { -+ status = (RECV_FRAME(p_mhu))->ch_comb_int_st[i]; -+ } -+ -+ for(j = 0; j < CH_PER_CH_COMB; j++) { -+ if ((status >> CH_PER_CH_COMB - j - 1) & (ENABLE)) { -+ *channel = (CH_PER_CH_COMB - j -1 + (i * CH_PER_CH_COMB)); -+ return MHU_V_2_X_ERR_NONE; -+ } -+ } -+ } -+ -+ return MHU_V_2_X_ERR_GENERAL; -+} -diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake -new file mode 100644 -index 000000000000..bb778bb9719b ---- /dev/null -+++ b/platform/providers/arm/corstone1000/platform.cmake -@@ -0,0 +1,10 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+# Platform definition for the 'fvp_base_revc-2xaem8a' virtual platform. -+#------------------------------------------------------------------------------- -+ -+# include MHU driver -+include(${TS_ROOT}/platform/drivers/arm/mhu_driver/component.cmake) --- -2.38.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch deleted file mode 100644 index 5686face15..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch +++ /dev/null @@ -1,1196 +0,0 @@ -From 55394c4c9681af71b1ed7f7ebc7c44b2e1737113 Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath <vishnu.banavath@arm.com> -Date: Fri, 3 Dec 2021 19:00:54 +0000 -Subject: [PATCH 03/20] Add openamp rpc caller - -Upstream-Status: Pending -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - components/rpc/common/caller/rpc_caller.c | 10 + - components/rpc/common/interface/rpc_caller.h | 8 + - .../rpc/openamp/caller/sp/component.cmake | 15 + - .../rpc/openamp/caller/sp/openamp_caller.c | 203 +++++++ - .../rpc/openamp/caller/sp/openamp_caller.h | 43 ++ - .../rpc/openamp/caller/sp/openamp_mhu.c | 191 ++++++ - .../rpc/openamp/caller/sp/openamp_mhu.h | 19 + - .../rpc/openamp/caller/sp/openamp_virtio.c | 555 ++++++++++++++++++ - .../rpc/openamp/caller/sp/openamp_virtio.h | 24 + - .../se-proxy/opteesp/default_se-proxy.dts.in | 6 + - deployments/se-proxy/se-proxy.cmake | 1 + - 11 files changed, 1075 insertions(+) - create mode 100644 components/rpc/openamp/caller/sp/component.cmake - create mode 100644 components/rpc/openamp/caller/sp/openamp_caller.c - create mode 100644 components/rpc/openamp/caller/sp/openamp_caller.h - create mode 100644 components/rpc/openamp/caller/sp/openamp_mhu.c - create mode 100644 components/rpc/openamp/caller/sp/openamp_mhu.h - create mode 100644 components/rpc/openamp/caller/sp/openamp_virtio.c - create mode 100644 components/rpc/openamp/caller/sp/openamp_virtio.h - -diff --git a/components/rpc/common/caller/rpc_caller.c b/components/rpc/common/caller/rpc_caller.c -index 2dceabeb8967..20d889c162b0 100644 ---- a/components/rpc/common/caller/rpc_caller.c -+++ b/components/rpc/common/caller/rpc_caller.c -@@ -37,3 +37,13 @@ void rpc_caller_end(struct rpc_caller *s, rpc_call_handle handle) - { - s->call_end(s->context, handle); - } -+ -+void *rpc_caller_virt_to_phys(struct rpc_caller *s, void *va) -+{ -+ return s->virt_to_phys(s->context, va); -+} -+ -+void *rpc_caller_phys_to_virt(struct rpc_caller *s, void *pa) -+{ -+ return s->phys_to_virt(s->context, pa); -+} -diff --git a/components/rpc/common/interface/rpc_caller.h b/components/rpc/common/interface/rpc_caller.h -index 387489cdb1b2..ef9bb64905ed 100644 ---- a/components/rpc/common/interface/rpc_caller.h -+++ b/components/rpc/common/interface/rpc_caller.h -@@ -45,6 +45,10 @@ struct rpc_caller - rpc_opstatus_t *opstatus, uint8_t **resp_buf, size_t *resp_len); - - void (*call_end)(void *context, rpc_call_handle handle); -+ -+ void *(*virt_to_phys)(void *context, void *va); -+ -+ void *(*phys_to_virt)(void *context, void *pa); - }; - - /* -@@ -87,6 +91,10 @@ RPC_CALLER_EXPORTED rpc_status_t rpc_caller_invoke(struct rpc_caller *s, rpc_cal - */ - RPC_CALLER_EXPORTED void rpc_caller_end(struct rpc_caller *s, rpc_call_handle handle); - -+RPC_CALLER_EXPORTED void *rpc_caller_virt_to_phys(struct rpc_caller *s, void *va); -+ -+RPC_CALLER_EXPORTED void *rpc_caller_phys_to_virt(struct rpc_caller *s, void *pa); -+ - #ifdef __cplusplus - } - #endif -diff --git a/components/rpc/openamp/caller/sp/component.cmake b/components/rpc/openamp/caller/sp/component.cmake -new file mode 100644 -index 000000000000..fc919529d731 ---- /dev/null -+++ b/components/rpc/openamp/caller/sp/component.cmake -@@ -0,0 +1,15 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2020, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+if (NOT DEFINED TGT) -+ message(FATAL_ERROR "mandatory parameter TGT is not defined.") -+endif() -+ -+target_sources(${TGT} PRIVATE -+ "${CMAKE_CURRENT_LIST_DIR}/openamp_caller.c" -+ "${CMAKE_CURRENT_LIST_DIR}/openamp_virtio.c" -+ "${CMAKE_CURRENT_LIST_DIR}/openamp_mhu.c" -+ ) -diff --git a/components/rpc/openamp/caller/sp/openamp_caller.c b/components/rpc/openamp/caller/sp/openamp_caller.c -new file mode 100644 -index 000000000000..6cdfb756568f ---- /dev/null -+++ b/components/rpc/openamp/caller/sp/openamp_caller.c -@@ -0,0 +1,203 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021, Linaro Limited. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#include <stddef.h> -+#include <trace.h> -+#include "openamp_caller.h" -+#include "openamp_mhu.h" -+#include "openamp_virtio.h" -+#include <protocols/rpc/common/packed-c/status.h> -+ -+#define OPENAMP_TRANSACTION_IDLE 0x0 -+#define OPENAMP_TRANSACTION_INPROGRESS 0x1 -+#define OPENAMP_TRANSACTION_INVOKED 0x2 -+ -+static rpc_call_handle openamp_call_begin(void *context, uint8_t **req_buf, -+ size_t req_len) -+{ -+ struct openamp_caller *openamp = context; -+ const struct openamp_platform_ops *ops = openamp->platform_ops; -+ rpc_call_handle handle; -+ int ret; -+ -+ if (!req_buf) { -+ EMSG("openamp: call_begin: not req_buf"); -+ return NULL; -+ } -+ -+ if (req_len > UINT32_MAX || req_len == 0) { -+ EMSG("openamp: call_begin: resp_len invalid: %lu", req_len); -+ return NULL; -+ } -+ -+ if (openamp->status != OPENAMP_TRANSACTION_IDLE) { -+ EMSG("openamp: call_begin: transaction not idle"); -+ return NULL; -+ } -+ -+ ret = ops->platform_call_begin(openamp, req_buf, req_len); -+ if (ret < 0) { -+ EMSG("openamp: call_begin: platform begin failed: %d", ret); -+ return NULL; -+ } -+ -+ openamp->status = OPENAMP_TRANSACTION_INPROGRESS; -+ handle = openamp; -+ -+ return handle; -+} -+ -+static rpc_status_t openamp_call_invoke(void *context, rpc_call_handle handle, -+ uint32_t opcode, int *opstatus, -+ uint8_t **resp_buf, size_t *resp_len) -+{ -+ struct openamp_caller *openamp = context; -+ const struct openamp_platform_ops *ops = openamp->platform_ops; -+ rpc_status_t status; -+ int ret; -+ -+ (void)opcode; -+ -+ if ((handle != openamp) || !opstatus || !resp_buf || !resp_len) { -+ EMSG("openamp: call_invoke: invalid arguments"); -+ return TS_RPC_ERROR_INVALID_PARAMETER; -+ } -+ -+ if (openamp->status != OPENAMP_TRANSACTION_INPROGRESS) { -+ EMSG("openamp: call_invoke: transaction needed to be started"); -+ return TS_RPC_ERROR_NOT_READY; -+ } -+ -+ ret = ops->platform_call_invoke(openamp, opstatus, resp_buf, resp_len); -+ if (ret < 0) -+ return TS_RPC_ERROR_INTERNAL; -+ -+ openamp->status = OPENAMP_TRANSACTION_INVOKED; -+ *opstatus = 0; -+ -+ return TS_RPC_CALL_ACCEPTED; -+} -+ -+static void openamp_call_end(void *context, rpc_call_handle handle) -+{ -+ struct openamp_caller *openamp = context; -+ const struct openamp_platform_ops *ops = openamp->platform_ops; -+ -+ if (handle != openamp) { -+ EMSG("openamp: call_end: invalid arguments"); -+ return; -+ } -+ -+ if (openamp->status == OPENAMP_TRANSACTION_IDLE) { -+ EMSG("openamp: call_end: transaction idle"); -+ return; -+ } -+ -+ ops->platform_call_end(openamp); -+ -+ openamp->status = OPENAMP_TRANSACTION_IDLE; -+} -+ -+static void *openamp_virt_to_phys(void *context, void *va) -+{ -+ struct openamp_caller *openamp = context; -+ const struct openamp_platform_ops *ops = openamp->platform_ops; -+ -+ return ops->platform_virt_to_phys(openamp, va); -+} -+ -+static void *openamp_phys_to_virt(void *context, void *pa) -+{ -+ struct openamp_caller *openamp = context; -+ const struct openamp_platform_ops *ops = openamp->platform_ops; -+ -+ return ops->platform_phys_to_virt(openamp, pa); -+} -+ -+static int openamp_init(struct openamp_caller *openamp) -+{ -+ const struct openamp_platform_ops *ops = openamp->platform_ops; -+ int ret; -+ -+ ret = ops->transport_init(openamp); -+ if (ret < 0) -+ return ret; -+ -+ ret = ops->platform_init(openamp); -+ if (ret < 0) -+ goto denit_transport; -+ -+ return 0; -+ -+denit_transport: -+ ops->transport_deinit(openamp); -+ -+ return ret; -+} -+ -+static const struct openamp_platform_ops openamp_virtio_ops = { -+ .transport_init = openamp_mhu_init, -+ .transport_deinit = openamp_mhu_deinit, -+ .transport_notify = openamp_mhu_notify_peer, -+ .transport_receive = openamp_mhu_receive, -+ .platform_init = openamp_virtio_init, -+ .platform_call_begin = openamp_virtio_call_begin, -+ .platform_call_invoke = openamp_virtio_call_invoke, -+ .platform_call_end = openamp_virtio_call_end, -+ .platform_virt_to_phys = openamp_virtio_virt_to_phys, -+ .platform_phys_to_virt = openamp_virtio_phys_to_virt, -+}; -+ -+struct rpc_caller *openamp_caller_init(struct openamp_caller *openamp) -+{ -+ struct rpc_caller *rpc = &openamp->rpc_caller; -+ int ret; -+ -+ if (openamp->ref_count) -+ return rpc; -+ -+ rpc_caller_init(rpc, openamp); -+ -+ rpc->call_begin = openamp_call_begin; -+ rpc->call_invoke = openamp_call_invoke; -+ rpc->call_end = openamp_call_end; -+ rpc->virt_to_phys = openamp_virt_to_phys; -+ rpc->phys_to_virt = openamp_phys_to_virt; -+ openamp->platform_ops = &openamp_virtio_ops; -+ -+ ret = openamp_init(openamp); -+ if (ret < 0) { -+ EMSG("openamp_init: failed to start: %d", ret); -+ return rpc; -+ } -+ openamp->ref_count++; -+ -+ return rpc; -+} -+ -+void openamp_caller_deinit(struct openamp_caller *openamp) -+{ -+ struct rpc_caller *rpc = &openamp->rpc_caller; -+ -+ if (--openamp->ref_count) -+ return; -+ -+ rpc->context = NULL; -+ rpc->call_begin = NULL; -+ rpc->call_invoke = NULL; -+ rpc->call_end = NULL; -+} -+ -+int openamp_caller_discover(struct openamp_caller *openamp) -+{ -+ return openamp_init(openamp); -+} -+ -+int openamp_caller_open(struct openamp_caller *openamp) -+{ -+ -+} -diff --git a/components/rpc/openamp/caller/sp/openamp_caller.h b/components/rpc/openamp/caller/sp/openamp_caller.h -new file mode 100644 -index 000000000000..3fb67c56cc53 ---- /dev/null -+++ b/components/rpc/openamp/caller/sp/openamp_caller.h -@@ -0,0 +1,43 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021, Linaro Limited. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+#ifndef OPENAMP_CALLER_H -+#define OPENAMP_CALLER_H -+ -+#include <stddef.h> -+#include <rpc_caller.h> -+ -+struct openamp_caller { -+ struct rpc_caller rpc_caller; -+ const struct openamp_platform_ops *platform_ops; -+ uint32_t ref_count; -+ uint8_t status; -+ -+ void *transport; -+ void *platform; -+}; -+ -+struct openamp_platform_ops { -+ int (*transport_init)(struct openamp_caller *openamp); -+ int (*transport_deinit)(struct openamp_caller *openamp); -+ int (*transport_notify)(struct openamp_caller *openamp); -+ int (*transport_receive)(struct openamp_caller *openamp); -+ int (*platform_init)(struct openamp_caller *openamp); -+ int (*platform_deinit)(struct openamp_caller *openamp); -+ int (*platform_call_begin)(struct openamp_caller *openamp, -+ uint8_t **req_buf, size_t req_len); -+ int (*platform_call_invoke)(struct openamp_caller *openamp, -+ int *opstatus, uint8_t **resp_buf, -+ size_t *resp_len); -+ int (*platform_call_end)(struct openamp_caller *openamp); -+ void *(*platform_virt_to_phys)(struct openamp_caller *openamp, void *va); -+ void *(*platform_phys_to_virt)(struct openamp_caller *openamp, void *pa); -+}; -+ -+struct rpc_caller *openamp_caller_init(struct openamp_caller *openamp); -+void openamp_caller_deinit(struct openamp_caller *openamp); -+ -+#endif -diff --git a/components/rpc/openamp/caller/sp/openamp_mhu.c b/components/rpc/openamp/caller/sp/openamp_mhu.c -new file mode 100644 -index 000000000000..ffdadaf870a3 ---- /dev/null -+++ b/components/rpc/openamp/caller/sp/openamp_mhu.c -@@ -0,0 +1,191 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021, Linaro Limited. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#include <config/interface/config_store.h> -+#include <config/interface/config_blob.h> -+#include <platform/interface/device_region.h> -+#include <platform/drivers/arm/mhu_driver/mhu_v2.h> -+#include <trace.h> -+#include <errno.h> -+#include <stdlib.h> -+#include <stdint.h> -+#include <stddef.h> -+#include <limits.h> -+ -+#include "openamp_caller.h" -+ -+#define MHU_V_2_NOTIFY_CHANNEL 0 -+#define MHU_V_2_NOTIFY_VALUE 0xff -+ -+struct openamp_mhu { -+ struct device_region rx_region; -+ struct device_region tx_region; -+ struct mhu_v2_x_dev_t rx_dev; -+ struct mhu_v2_x_dev_t tx_dev; -+}; -+ -+static int openamp_mhu_device_get(const char *dev, -+ struct device_region *dev_region) -+{ -+ bool found; -+ -+ found = config_store_query(CONFIG_CLASSIFIER_DEVICE_REGION, dev, 0, -+ dev_region, sizeof(*dev_region)); -+ if (!found) -+ return -EINVAL; -+ -+ if (!dev_region->base_addr) -+ return -EINVAL; -+ -+ IMSG("mhu: device region found: %s addr: 0x%x size: %d", dev, -+ dev_region->base_addr, dev_region->io_region_size); -+ -+ return 0; -+} -+ -+int openamp_mhu_receive(struct openamp_caller *openamp) -+{ -+ struct mhu_v2_x_dev_t *rx_dev; -+ enum mhu_v2_x_error_t ret; -+ struct openamp_mhu *mhu; -+ uint32_t channel = 0; -+ uint32_t irq_status; -+ -+ if (!openamp->transport) { -+ EMSG("openamp: mhu: receive transport not initialized"); -+ return -EINVAL; -+ } -+ -+ mhu = openamp->transport; -+ rx_dev = &mhu->rx_dev; -+ -+ irq_status = 0; -+ -+ do { -+ irq_status = mhu_v2_x_get_interrupt_status(rx_dev); -+ } while(!irq_status); -+ -+ ret = mhu_v2_1_get_ch_interrupt_num(rx_dev, &channel); -+ -+ ret = mhu_v2_x_channel_clear(rx_dev, channel); -+ if (ret != MHU_V_2_X_ERR_NONE) { -+ EMSG("openamp: mhu: failed to clear channel: %d", channel); -+ return -EPROTO; -+ } -+ -+ return 0; -+} -+ -+int openamp_mhu_notify_peer(struct openamp_caller *openamp) -+{ -+ struct mhu_v2_x_dev_t *tx_dev; -+ enum mhu_v2_x_error_t ret; -+ struct openamp_mhu *mhu; -+ uint32_t access_ready; -+ -+ if (!openamp->transport) { -+ EMSG("openamp: mhu: notify transport not initialized"); -+ return -EINVAL; -+ } -+ -+ mhu = openamp->transport; -+ tx_dev = &mhu->tx_dev; -+ -+ ret = mhu_v2_x_set_access_request(tx_dev); -+ if (ret != MHU_V_2_X_ERR_NONE) { -+ EMSG("openamp: mhu: set access request failed"); -+ return -EPROTO; -+ } -+ -+ do { -+ ret = mhu_v2_x_get_access_ready(tx_dev, &access_ready); -+ if (ret != MHU_V_2_X_ERR_NONE) { -+ EMSG("openamp: mhu: failed to get access_ready"); -+ return -EPROTO; -+ } -+ } while (!access_ready); -+ -+ ret = mhu_v2_x_channel_send(tx_dev, MHU_V_2_NOTIFY_CHANNEL, -+ MHU_V_2_NOTIFY_VALUE); -+ if (ret != MHU_V_2_X_ERR_NONE) { -+ EMSG("openamp: mhu: failed send over channel"); -+ return -EPROTO; -+ } -+ -+ ret = mhu_v2_x_reset_access_request(tx_dev); -+ if (ret != MHU_V_2_X_ERR_NONE) { -+ EMSG("openamp: mhu: failed reset access request"); -+ return -EPROTO; -+ } -+ -+ return 0; -+} -+ -+int openamp_mhu_init(struct openamp_caller *openamp) -+{ -+ struct mhu_v2_x_dev_t *rx_dev; -+ struct mhu_v2_x_dev_t *tx_dev; -+ struct openamp_mhu *mhu; -+ int ret; -+ -+ /* if we already have initialized skip this */ -+ if (openamp->transport) -+ return 0; -+ -+ mhu = malloc(sizeof(*mhu)); -+ if (!mhu) -+ return -1; -+ -+ ret = openamp_mhu_device_get("mhu-sender", &mhu->tx_region); -+ if (ret < 0) -+ goto free_mhu; -+ -+ ret = openamp_mhu_device_get("mhu-receiver", &mhu->rx_region); -+ if (ret < 0) -+ goto free_mhu; -+ -+ rx_dev = &mhu->rx_dev; -+ tx_dev = &mhu->tx_dev; -+ -+ rx_dev->base = (unsigned int)mhu->rx_region.base_addr; -+ rx_dev->frame = MHU_V2_X_RECEIVER_FRAME; -+ -+ tx_dev->base = (unsigned int)mhu->tx_region.base_addr; -+ tx_dev->frame = MHU_V2_X_SENDER_FRAME; -+ -+ ret = mhu_v2_x_driver_init(rx_dev, MHU_REV_READ_FROM_HW); -+ if (ret < 0) -+ goto free_mhu; -+ -+ ret = mhu_v2_x_driver_init(tx_dev, MHU_REV_READ_FROM_HW); -+ if (ret < 0) -+ goto free_mhu; -+ -+ openamp->transport = (void *)mhu; -+ -+ return 0; -+ -+free_mhu: -+ free(mhu); -+ -+ return ret; -+} -+ -+int openamp_mhu_deinit(struct openamp_caller *openamp) -+{ -+ struct openamp_mhu *mhu; -+ -+ if (!openamp->transport) -+ return 0; -+ -+ mhu = openamp->transport; -+ free(mhu); -+ -+ openamp->transport = NULL; -+ -+ return 0; -+} -diff --git a/components/rpc/openamp/caller/sp/openamp_mhu.h b/components/rpc/openamp/caller/sp/openamp_mhu.h -new file mode 100644 -index 000000000000..2ae5cb8ee1c6 ---- /dev/null -+++ b/components/rpc/openamp/caller/sp/openamp_mhu.h -@@ -0,0 +1,19 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021, Linaro Limited. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+#ifndef OPENAMP_MHU_H -+#define OPENAMP_MHU_H -+ -+#include <stddef.h> -+#include "openamp_caller.h" -+ -+int openamp_mhu_init(struct openamp_caller *openamp); -+int openamp_mhu_deinit(struct openamp_caller *openamp); -+ -+int openamp_mhu_notify_peer(struct openamp_caller *openamp); -+int openamp_mhu_receive(struct openamp_caller *openamp); -+ -+#endif -diff --git a/components/rpc/openamp/caller/sp/openamp_virtio.c b/components/rpc/openamp/caller/sp/openamp_virtio.c -new file mode 100644 -index 000000000000..b7c1aa929111 ---- /dev/null -+++ b/components/rpc/openamp/caller/sp/openamp_virtio.c -@@ -0,0 +1,555 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021, Linaro Limited. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#include <metal/device.h> -+#include <metal/spinlock.h> -+#include <openamp/open_amp.h> -+#include <platform/interface/device_region.h> -+#include <config/interface/config_store.h> -+ -+#include <stddef.h> -+#include <trace.h> -+#include "openamp_caller.h" -+ -+#define OPENAMP_SHEM_DEVICE_NAME "openamp-virtio" -+#define OPENAMP_RPMSG_ENDPOINT_NAME OPENAMP_SHEM_DEVICE_NAME -+#define OPENAMP_RPMSG_ENDPOINT_ADDR 1024 -+ -+#define OPENAMP_SHEM_PHYS 0x88000000 -+#define OPENAMP_SHEM_PHYS_PAGES 1 -+#define OPENAMP_SHEM_SE_PHYS 0xa8000000 -+ -+#define OPENAMP_SHEM_VDEV_SIZE (4 * 1024) -+#define OPENAMP_SHEM_VRING_SIZE (4 * 1024) -+ -+#define OPENAMP_BUFFER_NO_WAIT 0 -+#define OPENAMP_BUFFER_WAIT 1 -+ -+#define VIRTQUEUE_NR 2 -+#define VQ_TX 0 -+#define VQ_RX 1 -+ -+#define VRING_DESCRIPTORS 16 -+#define VRING_ALIGN 4 -+ -+#define container_of(ptr, type, member) \ -+ ((type *)((char *)(ptr) - (unsigned long)(&((type *)0)->member))) -+ -+struct openamp_virtio_shm { -+ uintptr_t base_addr; -+ size_t size; -+ uintptr_t vdev_status; -+ size_t vdev_status_size; -+ uintptr_t payload_addr; -+ size_t payload_size; -+ uintptr_t vring_tx; -+ size_t vring_tx_size; -+ uintptr_t vring_rx; -+ size_t vring_rx_size; -+ -+ metal_phys_addr_t shm_physmap[OPENAMP_SHEM_PHYS_PAGES]; -+}; -+ -+struct openamp_virtio_metal { -+ struct metal_spinlock lock; -+ struct metal_device shm_dev; -+ struct metal_device *io_dev; -+ -+ struct metal_io_region *io; -+ struct openamp_virtio_shm shm; -+}; -+ -+struct openamp_virtio_device { -+ struct virtio_device virtio_dev; -+ struct virtqueue *vq[VIRTQUEUE_NR]; -+ struct virtio_vring_info rvrings[VIRTQUEUE_NR]; -+}; -+ -+struct openamp_virtio_rpmsg { -+ struct rpmsg_virtio_device rpmsg_vdev; -+ struct rpmsg_endpoint ep; -+ uint8_t *req_buf; -+ uint32_t req_len; -+ uint8_t *resp_buf; -+ size_t resp_len; -+}; -+ -+struct openamp_virtio { -+ struct openamp_caller *openamp; -+ struct openamp_virtio_rpmsg rpmsg; -+ struct openamp_virtio_device vdev; -+ struct openamp_virtio_metal metal; -+}; -+ -+static struct openamp_virtio *openamp_virtio_from_dev(struct virtio_device *vdev) -+{ -+ struct openamp_virtio_device *openamp_vdev; -+ -+ openamp_vdev = container_of(vdev, struct openamp_virtio_device, -+ virtio_dev); -+ -+ return container_of(openamp_vdev, struct openamp_virtio, vdev); -+} -+ -+static struct openamp_virtio_rpmsg *openamp_virtio_rpmsg_from_dev(struct rpmsg_device *rdev) -+{ -+ struct rpmsg_virtio_device *rvdev; -+ -+ rvdev = container_of(rdev, struct rpmsg_virtio_device, rdev); -+ -+ return container_of(rvdev, struct openamp_virtio_rpmsg, rpmsg_vdev); -+ -+} -+ -+static void openamp_virtio_metal_device_setup(struct metal_device *shm_dev, -+ struct openamp_virtio_shm *shm) -+{ -+ struct metal_io_region *shm_region; -+ -+ shm_region = &shm_dev->regions[0]; -+ -+ shm_dev->name = OPENAMP_SHEM_DEVICE_NAME; -+ shm_dev->num_regions = 1; -+ -+ shm_region->virt = (void *)shm->payload_addr; -+ shm_region->size = shm->payload_size; -+ -+ shm_region->physmap = &shm->shm_physmap; -+ shm_region->page_shift = (metal_phys_addr_t)(-1); -+ shm_region->page_mask = (metal_phys_addr_t)(-1); -+} -+ -+static int openamp_virtio_metal_init(struct openamp_virtio_metal *metal) -+{ -+ struct metal_init_params params = METAL_INIT_DEFAULTS; -+ struct metal_device *shm_dev = &metal->shm_dev; -+ int ret; -+ -+ openamp_virtio_metal_device_setup(shm_dev, &metal->shm); -+ -+ metal_spinlock_init(&metal->lock); -+ -+ ret = metal_init(¶ms); -+ if (ret < 0) -+ return ret; -+ -+ ret = metal_register_generic_device(shm_dev); -+ if (ret < 0) -+ goto metal_finish; -+ -+ ret = metal_device_open("generic", OPENAMP_SHEM_DEVICE_NAME, -+ &metal->io_dev); -+ if (ret < 0) -+ goto metal_finish; -+ -+ metal->io = metal_device_io_region(metal->io_dev, 0); -+ if (!metal->io) { -+ EMSG("openamp: virtio: failed to init metal io"); -+ ret = -EPROTO; -+ goto metal_finish; -+ } -+ -+ return 0; -+ -+metal_finish: -+ metal_finish(); -+ return ret; -+} -+ -+static unsigned char openamp_virtio_status_get(struct virtio_device *vdev) -+{ -+ struct openamp_virtio *virtio = openamp_virtio_from_dev(vdev); -+ struct openamp_virtio_shm *shm = &virtio->metal.shm; -+ -+ uint32_t status = *(volatile uint32_t *)shm->vdev_status; -+ -+ return status; -+} -+ -+static void openamp_virtio_status_set(struct virtio_device *vdev, -+ unsigned char status) -+{ -+ struct openamp_virtio *virtio = openamp_virtio_from_dev(vdev); -+ struct openamp_virtio_shm *shm = &virtio->metal.shm; -+ -+ *(volatile uint32_t *)shm->vdev_status = status; -+} -+ -+static int count; -+ -+static uint32_t openamp_virtio_features_get(struct virtio_device *vdev) -+{ -+ return 1 << VIRTIO_RPMSG_F_NS; -+} -+ -+static void openamp_virtio_notify(struct virtqueue *vq) -+{ -+ struct openamp_virtio_device *openamp_vdev; -+ struct openamp_caller *openamp; -+ struct openamp_virtio *virtio; -+ int ret; -+ -+ openamp_vdev = container_of(vq->vq_dev, struct openamp_virtio_device, virtio_dev); -+ virtio = container_of(openamp_vdev, struct openamp_virtio, vdev); -+ openamp = virtio->openamp; -+ -+ ret = openamp->platform_ops->transport_notify(openamp); -+ if (ret < 0) -+ EMSG("openamp: virtio: erro in transport_notify: %d", ret); -+} -+ -+const static struct virtio_dispatch openamp_virtio_dispatch = { -+ .get_status = openamp_virtio_status_get, -+ .set_status = openamp_virtio_status_set, -+ .get_features = openamp_virtio_features_get, -+ .notify = openamp_virtio_notify, -+}; -+ -+static int openamp_virtio_device_setup(struct openamp_virtio *virtio) -+{ -+ struct openamp_virtio_metal *metal = &virtio->metal; -+ struct openamp_virtio_device *openamp_vdev = &virtio->vdev; -+ struct virtio_device *vdev = &openamp_vdev->virtio_dev; -+ struct openamp_virtio_shm *shm = &metal->shm; -+ struct virtio_vring_info *rvring; -+ -+ rvring = &openamp_vdev->rvrings[0]; -+ -+ vdev->role = RPMSG_REMOTE; -+ vdev->vrings_num = VIRTQUEUE_NR; -+ vdev->func = &openamp_virtio_dispatch; -+ -+ openamp_vdev->vq[VQ_TX] = virtqueue_allocate(VRING_DESCRIPTORS); -+ if (!openamp_vdev->vq[VQ_TX]) { -+ EMSG("openamp: virtio: failed to allocate virtqueue 0"); -+ return -ENOMEM; -+ } -+ rvring->io = metal->io; -+ rvring->info.vaddr = (void *)shm->vring_tx; -+ rvring->info.num_descs = VRING_DESCRIPTORS; -+ rvring->info.align = VRING_ALIGN; -+ rvring->vq = openamp_vdev->vq[VQ_TX]; -+ -+ openamp_vdev->vq[VQ_RX] = virtqueue_allocate(VRING_DESCRIPTORS); -+ if (!openamp_vdev->vq[VQ_RX]) { -+ EMSG("openamp: virtio: failed to allocate virtqueue 1"); -+ goto free_vq; -+ } -+ rvring = &openamp_vdev->rvrings[VQ_RX]; -+ rvring->io = metal->io; -+ rvring->info.vaddr = (void *)shm->vring_rx; -+ rvring->info.num_descs = VRING_DESCRIPTORS; -+ rvring->info.align = VRING_ALIGN; -+ rvring->vq = openamp_vdev->vq[VQ_RX]; -+ -+ vdev->vrings_info = &openamp_vdev->rvrings[0]; -+ -+ return 0; -+ -+free_vq: -+ virtqueue_free(openamp_vdev->vq[VQ_TX]); -+ virtqueue_free(openamp_vdev->vq[VQ_RX]); -+ -+ return -ENOMEM; -+} -+ -+static int openamp_virtio_rpmsg_endpoint_callback(struct rpmsg_endpoint *ep, -+ void *data, size_t len, -+ uint32_t src, void *priv) -+{ -+ struct openamp_virtio_rpmsg *vrpmsg; -+ struct rpmsg_device *rdev; -+ struct openamp_virtio *virtio; -+ -+ rdev = ep->rdev; -+ vrpmsg = openamp_virtio_rpmsg_from_dev(rdev); -+ virtio = container_of(vrpmsg, struct openamp_virtio, rpmsg); -+ -+ rpmsg_hold_rx_buffer(ep, data); -+ vrpmsg->resp_buf = data; -+ vrpmsg->resp_len = len; -+ -+ return 0; -+} -+ -+static void openamp_virtio_rpmsg_service_unbind(struct rpmsg_endpoint *ep) -+{ -+ struct openamp_virtio_rpmsg *vrpmsg; -+ struct rpmsg_device *rdev; -+ -+ rdev = container_of(ep, struct rpmsg_device, ns_ept); -+ vrpmsg = openamp_virtio_rpmsg_from_dev(rdev); -+ -+ rpmsg_destroy_ept(&vrpmsg->ep); -+} -+ -+static void openamp_virtio_rpmsg_endpoint_bind(struct rpmsg_device *rdev, -+ const char *name, -+ unsigned int dest) -+{ -+ struct openamp_virtio_rpmsg *vrpmsg; -+ -+ vrpmsg = openamp_virtio_rpmsg_from_dev(rdev); -+ -+ rpmsg_create_ept(&vrpmsg->ep, rdev, name, RPMSG_ADDR_ANY, dest, -+ openamp_virtio_rpmsg_endpoint_callback, -+ openamp_virtio_rpmsg_service_unbind); -+} -+ -+static int openamp_virtio_rpmsg_device_setup(struct openamp_virtio *virtio, -+ struct device_region *virtio_dev) -+{ -+ struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg; -+ struct rpmsg_virtio_device *rpmsg_vdev = &vrpmsg->rpmsg_vdev; -+ struct openamp_virtio_device *openamp_vdev = &virtio->vdev; -+ struct virtio_device *vdev = &openamp_vdev->virtio_dev; -+ struct openamp_virtio_metal *metal = &virtio->metal; -+ int ret; -+ -+ /* -+ * we assume here that we are the client side and do not need to -+ * initialize the share memory poll (this is done at server side). -+ */ -+ ret = rpmsg_init_vdev(rpmsg_vdev, vdev, -+ openamp_virtio_rpmsg_endpoint_bind, metal->io, -+ NULL); -+ if (ret < 0) { -+ EMSG("openamp: virtio: init vdev failed: %d", ret); -+ return ret; -+ } -+ -+ -+ ret = rpmsg_create_ept(&vrpmsg->ep, &rpmsg_vdev->rdev, -+ OPENAMP_RPMSG_ENDPOINT_NAME, RPMSG_ADDR_ANY, -+ RPMSG_ADDR_ANY, -+ openamp_virtio_rpmsg_endpoint_callback, -+ openamp_virtio_rpmsg_service_unbind); -+ if (ret < 0) { -+ EMSG("openamp: virtio: failed to create endpoint: %d", ret); -+ return ret; -+ } -+ -+ /* set default remote addr */ -+ vrpmsg->ep.dest_addr = OPENAMP_RPMSG_ENDPOINT_ADDR; -+ -+ return 0; -+} -+ -+static void openamp_virtio_shm_set(struct openamp_virtio *virtio, -+ struct device_region *virtio_region) -+{ -+ struct openamp_virtio_shm *shm = &virtio->metal.shm; -+ -+ shm->base_addr = virtio_region->base_addr; -+ shm->size = virtio_region->io_region_size; -+ -+ shm->vdev_status = shm->base_addr; -+ shm->vdev_status_size = OPENAMP_SHEM_VDEV_SIZE; -+ -+ shm->vring_rx = shm->base_addr + shm->size - -+ (2 * OPENAMP_SHEM_VRING_SIZE); -+ shm->vring_rx_size = OPENAMP_SHEM_VRING_SIZE; -+ -+ shm->vring_tx = shm->vring_rx + shm->vring_rx_size; -+ shm->vring_tx_size = OPENAMP_SHEM_VRING_SIZE; -+ -+ shm->payload_addr = shm->vdev_status + shm->vdev_status_size; -+ shm->payload_size = shm->size - shm->vdev_status_size - -+ shm->vring_rx_size - shm->vring_tx_size; -+ -+ shm->shm_physmap[0] = OPENAMP_SHEM_PHYS + shm->vdev_status_size; -+ -+ IMSG("SHEM: base: 0x%0x size: 0x%0x size: %d", -+ shm->base_addr, shm->size, shm->size); -+ IMSG("VDEV: base: 0x%0x size: 0x%0x size: %d", -+ shm->vdev_status, shm->vdev_status_size, shm->vdev_status_size); -+ IMSG("PAYLOAD: base: 0x%0x size: 0x%0x size: %d", -+ shm->payload_addr, shm->payload_size, shm->payload_size); -+ IMSG("VRING_TX: base: 0x%0x size: 0x%0x size: %d", -+ shm->vring_tx, shm->vring_tx_size, shm->vring_tx_size); -+ IMSG("VRING_RX: base: 0x%0x size: 0x%0x size: %d", -+ shm->vring_rx, shm->vring_rx_size, shm->vring_rx_size); -+ IMSG("PHYMAP: base: 0x%0x", shm->shm_physmap[0]); -+} -+ -+static int openamp_virtio_device_get(const char *dev, -+ struct device_region *dev_region) -+{ -+ bool found; -+ -+ found = config_store_query(CONFIG_CLASSIFIER_DEVICE_REGION, dev, 0, -+ dev_region, sizeof(*dev_region)); -+ if (!found) { -+ EMSG("openamp: virtio: device region not found: %s", dev); -+ return -EINVAL; -+ } -+ -+ if (dev_region->base_addr == 0 || dev_region->io_region_size == 0) { -+ EMSG("openamp: virtio: device region not valid"); -+ return -EINVAL; -+ } -+ -+ IMSG("openamp: virtio: device region found: %s addr: 0x%x size: %d", -+ dev, dev_region->base_addr, dev_region->io_region_size); -+ -+ return 0; -+} -+ -+int openamp_virtio_call_begin(struct openamp_caller *openamp, uint8_t **req_buf, -+ size_t req_len) -+{ -+ struct openamp_virtio *virtio = openamp->platform; -+ struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg; -+ struct rpmsg_endpoint *ep = &vrpmsg->ep; -+ -+ -+ *req_buf = rpmsg_get_tx_payload_buffer(ep, &vrpmsg->req_len, -+ OPENAMP_BUFFER_WAIT); -+ if (*req_buf == NULL) -+ return -EINVAL; -+ -+ if (vrpmsg->req_len < req_len) -+ return -E2BIG; -+ -+ vrpmsg->req_buf = *req_buf; -+ -+ return 0; -+} -+ -+int openamp_virtio_call_invoke(struct openamp_caller *openamp, int *opstatus, -+ uint8_t **resp_buf, size_t *resp_len) -+{ -+ const struct openamp_platform_ops *ops = openamp->platform_ops; -+ struct openamp_virtio *virtio = openamp->platform; -+ struct openamp_virtio_device *openamp_vdev = &virtio->vdev; -+ struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg; -+ struct rpmsg_endpoint *ep = &vrpmsg->ep; -+ int ret; -+ -+ ret = rpmsg_send_nocopy(ep, vrpmsg->req_buf, vrpmsg->req_len); -+ if (ret < 0) { -+ EMSG("openamp: virtio: send nocopy failed: %d", ret); -+ return -EIO; -+ } -+ -+ if (ret != vrpmsg->req_len) { -+ EMSG("openamp: virtio: send less bytes %d than requested %d", -+ ret, vrpmsg->req_len); -+ return -EIO; -+ } -+ -+ if (!ops->transport_receive) -+ return 0; -+ -+ ret = ops->transport_receive(openamp); -+ if (ret < 0) { -+ EMSG("openamp: virtio: failed transport_receive"); -+ return -EIO; -+ } -+ -+ virtqueue_notification(openamp_vdev->vq[VQ_RX]); -+ -+ *resp_buf = vrpmsg->resp_buf; -+ *resp_len = vrpmsg->resp_len; -+ -+ return 0; -+} -+ -+void openamp_virtio_call_end(struct openamp_caller *openamp) -+{ -+ struct openamp_virtio *virtio = openamp->platform; -+ struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg; -+ -+ rpmsg_release_rx_buffer(&vrpmsg->ep, vrpmsg->resp_buf); -+ -+ vrpmsg->req_buf = NULL; -+ vrpmsg->req_len = 0; -+ vrpmsg->resp_buf = NULL; -+ vrpmsg->resp_len = 0; -+} -+ -+void *openamp_virtio_virt_to_phys(struct openamp_caller *openamp, void *va) -+{ -+ struct openamp_virtio *virtio = openamp->platform; -+ struct openamp_virtio_metal *metal = &virtio->metal; -+ -+ return metal_io_virt_to_phys(metal->io, va); -+} -+ -+void *openamp_virtio_phys_to_virt(struct openamp_caller *openamp, void *pa) -+{ -+ struct openamp_virtio *virtio = openamp->platform; -+ struct openamp_virtio_metal *metal = &virtio->metal; -+ -+ return metal_io_phys_to_virt(metal->io, pa); -+} -+ -+int openamp_virtio_init(struct openamp_caller *openamp) -+{ -+ struct device_region virtio_dev; -+ struct openamp_virtio *virtio; -+ int ret; -+ -+ if (openamp->platform) -+ return 0; -+ -+ -+ virtio = malloc(sizeof(*virtio)); -+ if (!virtio) -+ return -ENOMEM; -+ -+ virtio->openamp = openamp; -+ -+ ret = openamp_virtio_device_get(OPENAMP_SHEM_DEVICE_NAME, &virtio_dev); -+ if (ret < 0) -+ goto free_virtio; -+ -+ openamp_virtio_shm_set(virtio, &virtio_dev); -+ -+ ret = openamp_virtio_metal_init(&virtio->metal); -+ if (ret < 0) -+ goto free_virtio; -+ -+ ret = openamp_virtio_device_setup(virtio); -+ if (ret < 0) -+ goto finish_metal; -+ -+ ret = openamp_virtio_rpmsg_device_setup(virtio, &virtio_dev); -+ if (ret < 0) { -+ EMSG("openamp: virtio: rpmsg device setup failed: %d", ret); -+ goto finish_metal; -+ } -+ -+ openamp->platform = virtio; -+ -+ return 0; -+ -+finish_metal: -+ metal_finish(); -+ -+free_virtio: -+ free(virtio); -+ -+ return ret; -+} -+ -+int openamp_virtio_deinit(struct openamp_caller *openamp) -+{ -+ struct openamp_virtio *virtio; -+ -+ if (!openamp->platform) -+ return 0; -+ -+ virtio = openamp->platform; -+ -+ metal_finish(); -+ free(virtio); -+ -+ openamp->platform = NULL; -+ -+ return 0; -+} -diff --git a/components/rpc/openamp/caller/sp/openamp_virtio.h b/components/rpc/openamp/caller/sp/openamp_virtio.h -new file mode 100644 -index 000000000000..915128ff65ce ---- /dev/null -+++ b/components/rpc/openamp/caller/sp/openamp_virtio.h -@@ -0,0 +1,24 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021, Linaro Limited. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+#ifndef OPENAMP_VIRTIO_H -+#define OPENAMP_VIRTIO_H -+ -+#include <stddef.h> -+#include "openamp_caller.h" -+ -+int openamp_virtio_call_begin(struct openamp_caller *openamp, uint8_t **req_buf, -+ size_t req_len); -+int openamp_virtio_call_invoke(struct openamp_caller *openamp, int *opstatus, -+ uint8_t **resp_buf, size_t *resp_len); -+int openamp_virtio_call_end(struct openamp_caller *openamp); -+void *openamp_virtio_virt_to_phys(struct openamp_caller *openamp, void *va); -+void *openamp_virtio_phys_to_virt(struct openamp_caller *openamp, void *pa); -+ -+int openamp_virtio_init(struct openamp_caller *openamp); -+int openamp_virtio_deinit(struct openamp_caller *openamp); -+ -+#endif -diff --git a/deployments/se-proxy/opteesp/default_se-proxy.dts.in b/deployments/se-proxy/opteesp/default_se-proxy.dts.in -index 267b4f923540..04c181586b06 100644 ---- a/deployments/se-proxy/opteesp/default_se-proxy.dts.in -+++ b/deployments/se-proxy/opteesp/default_se-proxy.dts.in -@@ -32,5 +32,11 @@ - pages-count = <16>; - attributes = <0x3>; /* read-write */ - }; -+ openamp-virtio { -+ /* Armv8 A Foundation Platform values */ -+ base-address = <0x00000000 0x88000000>; -+ pages-count = <256>; -+ attributes = <0x3>; /* read-write */ -+ }; - }; - }; -diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake -index d39873a0fe81..34fe5ff1b925 100644 ---- a/deployments/se-proxy/se-proxy.cmake -+++ b/deployments/se-proxy/se-proxy.cmake -@@ -47,6 +47,7 @@ add_components(TARGET "se-proxy" - "components/service/attestation/include" - "components/service/attestation/provider" - "components/service/attestation/provider/serializer/packed-c" -+ "components/rpc/openamp/caller/sp" - - # Stub service provider backends - "components/rpc/dummy" --- -2.38.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-FMP-Support-in-Corstone1000.patch index ce40df0fd8..3d743d2827 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-FMP-Support-in-Corstone1000.patch @@ -1,7 +1,7 @@ -From 70cf374fb55f2d62ecbe28049253df33b42b6749 Mon Sep 17 00:00:00 2001 +From 5c8ac10337ac853d8a82992fb6e1d91b122b99d2 Mon Sep 17 00:00:00 2001 From: Satish Kumar <satish.kumar01@arm.com> Date: Fri, 8 Jul 2022 09:48:06 +0100 -Subject: [PATCH 20/20] FMP Support in Corstone1000. +Subject: [PATCH 3/6] FMP Support in Corstone1000. The FMP support is used by u-boot to pupolate ESRT information for the kernel. @@ -414,5 +414,5 @@ index 000000000000..95fba2a04d5c + +#endif /* CORSTONE1000_FMP_SERVICE_H */ -- -2.38.1 +2.40.0 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0022-GetNextVariableName-Fix.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-GetNextVariableName-Fix.patch index ed4e6e27a3..ed4e6e27a3 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0022-GetNextVariableName-Fix.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-GetNextVariableName-Fix.patch diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch deleted file mode 100644 index 84d418c131..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch +++ /dev/null @@ -1,298 +0,0 @@ -From fb6d2f33e26c7b6ef88d552feca1f835da3f0df6 Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath <vishnu.banavath@arm.com> -Date: Fri, 3 Dec 2021 19:05:18 +0000 -Subject: [PATCH 04/20] add psa client definitions for ff-m - -Add PSA client definitions in common include to add future -ff-m support. - -Upstream-Status: Pending -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - .../service/common/include/psa/client.h | 194 ++++++++++++++++++ - components/service/common/include/psa/sid.h | 71 +++++++ - 2 files changed, 265 insertions(+) - create mode 100644 components/service/common/include/psa/client.h - create mode 100644 components/service/common/include/psa/sid.h - -diff --git a/components/service/common/include/psa/client.h b/components/service/common/include/psa/client.h -new file mode 100644 -index 000000000000..69ccf14f40a3 ---- /dev/null -+++ b/components/service/common/include/psa/client.h -@@ -0,0 +1,194 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef SERVICE_PSA_IPC_H -+#define SERVICE_PSA_IPC_H -+ -+#include <stddef.h> -+#include <stdint.h> -+ -+#include <rpc_caller.h> -+#include <psa/error.h> -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+#ifndef IOVEC_LEN -+#define IOVEC_LEN(arr) ((uint32_t)(sizeof(arr)/sizeof(arr[0]))) -+#endif -+ -+/*********************** PSA Client Macros and Types *************************/ -+ -+typedef int32_t psa_handle_t; -+ -+/** -+ * The version of the PSA Framework API that is being used to build the calling -+ * firmware. Only part of features of FF-M v1.1 have been implemented. FF-M v1.1 -+ * is compatible with v1.0. -+ */ -+#define PSA_FRAMEWORK_VERSION (0x0101u) -+ -+/** -+ * Return value from psa_version() if the requested RoT Service is not present -+ * in the system. -+ */ -+#define PSA_VERSION_NONE (0u) -+ -+/** -+ * The zero-value null handle can be assigned to variables used in clients and -+ * RoT Services, indicating that there is no current connection or message. -+ */ -+#define PSA_NULL_HANDLE ((psa_handle_t)0) -+ -+/** -+ * Tests whether a handle value returned by psa_connect() is valid. -+ */ -+#define PSA_HANDLE_IS_VALID(handle) ((psa_handle_t)(handle) > 0) -+ -+/** -+ * Converts the handle value returned from a failed call psa_connect() into -+ * an error code. -+ */ -+#define PSA_HANDLE_TO_ERROR(handle) ((psa_status_t)(handle)) -+ -+/** -+ * Maximum number of input and output vectors for a request to psa_call(). -+ */ -+#define PSA_MAX_IOVEC (4u) -+ -+/** -+ * An IPC message type that indicates a generic client request. -+ */ -+#define PSA_IPC_CALL (0) -+ -+/** -+ * A read-only input memory region provided to an RoT Service. -+ */ -+struct __attribute__ ((__packed__)) psa_invec { -+ uint32_t base; /*!< the start address of the memory buffer */ -+ uint32_t len; /*!< the size in bytes */ -+}; -+ -+/** -+ * A writable output memory region provided to an RoT Service. -+ */ -+struct __attribute__ ((__packed__)) psa_outvec { -+ uint32_t base; /*!< the start address of the memory buffer */ -+ uint32_t len; /*!< the size in bytes */ -+}; -+ -+/*************************** PSA Client API **********************************/ -+ -+/** -+ * \brief Retrieve the version of the PSA Framework API that is implemented. -+ * -+ * \param[in] rpc_caller RPC caller to use -+ * \return version The version of the PSA Framework implementation -+ * that is providing the runtime services to the -+ * caller. The major and minor version are encoded -+ * as follows: -+ * \arg version[15:8] -- major version number. -+ * \arg version[7:0] -- minor version number. -+ */ -+uint32_t psa_framework_version(struct rpc_caller *caller); -+ -+/** -+ * \brief Retrieve the version of an RoT Service or indicate that it is not -+ * present on this system. -+ * -+ * \param[in] rpc_caller RPC caller to use -+ * \param[in] sid ID of the RoT Service to query. -+ * -+ * \retval PSA_VERSION_NONE The RoT Service is not implemented, or the -+ * caller is not permitted to access the service. -+ * \retval > 0 The version of the implemented RoT Service. -+ */ -+uint32_t psa_version(struct rpc_caller *caller, uint32_t sid); -+ -+/** -+ * \brief Connect to an RoT Service by its SID. -+ * -+ * \param[in] rpc_caller RPC caller to use -+ * \param[in] sid ID of the RoT Service to connect to. -+ * \param[in] version Requested version of the RoT Service. -+ * -+ * \retval > 0 A handle for the connection. -+ * \retval PSA_ERROR_CONNECTION_REFUSED The SPM or RoT Service has refused the -+ * connection. -+ * \retval PSA_ERROR_CONNECTION_BUSY The SPM or RoT Service cannot make the -+ * connection at the moment. -+ * \retval "PROGRAMMER ERROR" The call is a PROGRAMMER ERROR if one or more -+ * of the following are true: -+ * \arg The RoT Service ID is not present. -+ * \arg The RoT Service version is not supported. -+ * \arg The caller is not allowed to access the RoT -+ * service. -+ */ -+psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid, -+ uint32_t version); -+ -+/** -+ * \brief Call an RoT Service on an established connection. -+ * -+ * \note FF-M 1.0 proposes 6 parameters for psa_call but the secure gateway ABI -+ * support at most 4 parameters. TF-M chooses to encode 'in_len', -+ * 'out_len', and 'type' into a 32-bit integer to improve efficiency. -+ * Compared with struct-based encoding, this method saves extra memory -+ * check and memory copy operation. The disadvantage is that the 'type' -+ * range has to be reduced into a 16-bit integer. So with this encoding, -+ * the valid range for 'type' is 0-32767. -+ * -+ * \param[in] rpc_caller RPC caller to use -+ * \param[in] handle A handle to an established connection. -+ * \param[in] type The request type. -+ * Must be zero( \ref PSA_IPC_CALL) or positive. -+ * \param[in] in_vec Array of input \ref psa_invec structures. -+ * \param[in] in_len Number of input \ref psa_invec structures. -+ * \param[in,out] out_vec Array of output \ref psa_outvec structures. -+ * \param[in] out_len Number of output \ref psa_outvec structures. -+ * -+ * \retval >=0 RoT Service-specific status value. -+ * \retval <0 RoT Service-specific error code. -+ * \retval PSA_ERROR_PROGRAMMER_ERROR The connection has been terminated by the -+ * RoT Service. The call is a PROGRAMMER ERROR if -+ * one or more of the following are true: -+ * \arg An invalid handle was passed. -+ * \arg The connection is already handling a request. -+ * \arg type < 0. -+ * \arg An invalid memory reference was provided. -+ * \arg in_len + out_len > PSA_MAX_IOVEC. -+ * \arg The message is unrecognized by the RoT -+ * Service or incorrectly formatted. -+ */ -+psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t handle, -+ int32_t type, const struct psa_invec *in_vec, -+ size_t in_len, struct psa_outvec *out_vec, size_t out_len); -+ -+/** -+ * \brief Close a connection to an RoT Service. -+ * -+ * \param[in] rpc_caller RPC caller to use -+ * \param[in] handle A handle to an established connection, or the -+ * null handle. -+ * -+ * \retval void Success. -+ * \retval "PROGRAMMER ERROR" The call is a PROGRAMMER ERROR if one or more -+ * of the following are true: -+ * \arg An invalid handle was provided that is not -+ * the null handle. -+ * \arg The connection is currently handling a -+ * request. -+ */ -+void psa_close(struct rpc_caller *caller, psa_handle_t handle); -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* SERVICE_PSA_IPC_H */ -+ -+ -diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h -new file mode 100644 -index 000000000000..aaa973c6e987 ---- /dev/null -+++ b/components/service/common/include/psa/sid.h -@@ -0,0 +1,71 @@ -+/* -+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ * -+ */ -+ -+#ifndef __PSA_MANIFEST_SID_H__ -+#define __PSA_MANIFEST_SID_H__ -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+/******** TFM_SP_PS ********/ -+#define TFM_PROTECTED_STORAGE_SERVICE_SID (0x00000060U) -+#define TFM_PROTECTED_STORAGE_SERVICE_VERSION (1U) -+#define TFM_PROTECTED_STORAGE_SERVICE_HANDLE (0x40000101U) -+ -+/* Invalid UID */ -+#define TFM_PS_INVALID_UID 0 -+ -+/* PS message types that distinguish PS services. */ -+#define TFM_PS_SET 1001 -+#define TFM_PS_GET 1002 -+#define TFM_PS_GET_INFO 1003 -+#define TFM_PS_REMOVE 1004 -+#define TFM_PS_GET_SUPPORT 1005 -+ -+/******** TFM_SP_ITS ********/ -+#define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_SID (0x00000070U) -+#define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_VERSION (1U) -+#define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE (0x40000102U) -+ -+/******** TFM_SP_CRYPTO ********/ -+#define TFM_CRYPTO_SID (0x00000080U) -+#define TFM_CRYPTO_VERSION (1U) -+#define TFM_CRYPTO_HANDLE (0x40000100U) -+ -+/******** TFM_SP_PLATFORM ********/ -+#define TFM_SP_PLATFORM_SYSTEM_RESET_SID (0x00000040U) -+#define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION (1U) -+#define TFM_SP_PLATFORM_IOCTL_SID (0x00000041U) -+#define TFM_SP_PLATFORM_IOCTL_VERSION (1U) -+#define TFM_SP_PLATFORM_NV_COUNTER_SID (0x00000042U) -+#define TFM_SP_PLATFORM_NV_COUNTER_VERSION (1U) -+ -+/******** TFM_SP_INITIAL_ATTESTATION ********/ -+#define TFM_ATTESTATION_SERVICE_SID (0x00000020U) -+#define TFM_ATTESTATION_SERVICE_VERSION (1U) -+#define TFM_ATTESTATION_SERVICE_HANDLE (0x40000103U) -+ -+/******** TFM_SP_FWU ********/ -+#define TFM_FWU_WRITE_SID (0x000000A0U) -+#define TFM_FWU_WRITE_VERSION (1U) -+#define TFM_FWU_INSTALL_SID (0x000000A1U) -+#define TFM_FWU_INSTALL_VERSION (1U) -+#define TFM_FWU_ABORT_SID (0x000000A2U) -+#define TFM_FWU_ABORT_VERSION (1U) -+#define TFM_FWU_QUERY_SID (0x000000A3U) -+#define TFM_FWU_QUERY_VERSION (1U) -+#define TFM_FWU_REQUEST_REBOOT_SID (0x000000A4U) -+#define TFM_FWU_REQUEST_REBOOT_VERSION (1U) -+#define TFM_FWU_ACCEPT_SID (0x000000A5U) -+#define TFM_FWU_ACCEPT_VERSION (1U) -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* __PSA_MANIFEST_SID_H__ */ --- -2.38.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch deleted file mode 100644 index df3cb2f4c2..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch +++ /dev/null @@ -1,295 +0,0 @@ -From 0311fc8f131fe7a2b0f4dd9988c610fda47394aa Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath <vishnu.banavath@arm.com> -Date: Fri, 3 Dec 2021 19:13:03 +0000 -Subject: [PATCH 05/20] Add common service component to ipc support - -Add support for inter processor communication for PSA -including, the openamp client side structures lib. - -Upstream-Status: Pending -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - .../service/common/psa_ipc/component.cmake | 13 ++ - .../service/common/psa_ipc/service_psa_ipc.c | 97 +++++++++++++ - .../psa_ipc/service_psa_ipc_openamp_lib.h | 131 ++++++++++++++++++ - deployments/se-proxy/se-proxy.cmake | 1 + - 4 files changed, 242 insertions(+) - create mode 100644 components/service/common/psa_ipc/component.cmake - create mode 100644 components/service/common/psa_ipc/service_psa_ipc.c - create mode 100644 components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h - -diff --git a/components/service/common/psa_ipc/component.cmake b/components/service/common/psa_ipc/component.cmake -new file mode 100644 -index 000000000000..5a1c9e62e2f0 ---- /dev/null -+++ b/components/service/common/psa_ipc/component.cmake -@@ -0,0 +1,13 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+if (NOT DEFINED TGT) -+ message(FATAL_ERROR "mandatory parameter TGT is not defined.") -+endif() -+ -+target_sources(${TGT} PRIVATE -+ "${CMAKE_CURRENT_LIST_DIR}/service_psa_ipc.c" -+ ) -diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c -new file mode 100644 -index 000000000000..e8093c20a523 ---- /dev/null -+++ b/components/service/common/psa_ipc/service_psa_ipc.c -@@ -0,0 +1,97 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#include <stddef.h> -+#include <stdint.h> -+#include <string.h> -+#include <trace.h> -+ -+#include <protocols/rpc/common/packed-c/status.h> -+#include <psa/error.h> -+#include <rpc_caller.h> -+ -+#include <psa/client.h> -+#include "service_psa_ipc_openamp_lib.h" -+ -+psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid, -+ uint32_t version) -+{ -+ psa_status_t psa_status = PSA_SUCCESS; -+ struct s_openamp_msg *resp_msg = NULL; -+ struct ns_openamp_msg *req_msg; -+ rpc_call_handle rpc_handle; -+ size_t resp_len; -+ uint8_t *resp; -+ uint8_t *req; -+ int ret; -+ -+ rpc_handle = rpc_caller_begin(caller, &req, -+ sizeof(struct ns_openamp_msg)); -+ if (!rpc_handle) { -+ EMSG("psa_connect: could not get handle"); -+ return PSA_ERROR_GENERIC_ERROR; -+ } -+ -+ req_msg = (struct ns_openamp_msg *)req; -+ -+ req_msg->call_type = OPENAMP_PSA_CONNECT; -+ req_msg->params.psa_connect_params.sid = sid; -+ req_msg->params.psa_connect_params.version = version; -+ -+ ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp, -+ &resp_len); -+ if (ret != TS_RPC_CALL_ACCEPTED) { -+ EMSG("psa_connect: invoke failed: %d", ret); -+ return PSA_ERROR_GENERIC_ERROR; -+ } -+ -+ if (psa_status == PSA_SUCCESS) -+ resp_msg = (struct s_openamp_msg *)resp; -+ -+ rpc_caller_end(caller, rpc_handle); -+ -+ return resp_msg ? (psa_handle_t)resp_msg->reply : PSA_NULL_HANDLE; -+} -+ -+psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t handle, -+ int32_t type, const struct psa_invec *in_vec, -+ size_t in_len, struct psa_outvec *out_vec, size_t out_len) -+{ -+ -+} -+ -+void psa_close(struct rpc_caller *caller, psa_handle_t handle) -+{ -+ psa_status_t psa_status = PSA_SUCCESS; -+ struct s_openamp_msg *resp_msg = NULL; -+ struct ns_openamp_msg *req_msg; -+ rpc_call_handle rpc_handle; -+ size_t resp_len; -+ uint8_t *resp; -+ uint8_t *req; -+ int ret; -+ -+ rpc_handle = rpc_caller_begin(caller, &req, -+ sizeof(struct ns_openamp_msg)); -+ if (!rpc_handle) { -+ EMSG("psa_close: could not get handle"); -+ return; -+ } -+ -+ req_msg = (struct ns_openamp_msg *)req; -+ -+ req_msg->call_type = OPENAMP_PSA_CLOSE; -+ req_msg->params.psa_close_params.handle = handle; -+ -+ ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp, -+ &resp_len); -+ if (ret != TS_RPC_CALL_ACCEPTED) { -+ EMSG("psa_close: invoke failed: %d", ret); -+ return; -+ } -+ -+ rpc_caller_end(caller, rpc_handle); -+} -diff --git a/components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h b/components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h -new file mode 100644 -index 000000000000..33ea96660572 ---- /dev/null -+++ b/components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h -@@ -0,0 +1,131 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef SERVICE_PSA_IPC_OPENAMP_LIB_H -+#define SERVICE_PSA_IPC_OPENAMP_LIB_H -+ -+#include <stddef.h> -+#include <stdint.h> -+ -+#include <compiler.h> -+#include <psa/error.h> -+ -+#include <stdint.h> -+#include <psa/client.h> -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+/* PSA client call type value */ -+#define OPENAMP_PSA_FRAMEWORK_VERSION (0x1) -+#define OPENAMP_PSA_VERSION (0x2) -+#define OPENAMP_PSA_CONNECT (0x3) -+#define OPENAMP_PSA_CALL (0x4) -+#define OPENAMP_PSA_CLOSE (0x5) -+ -+/* Return code of openamp APIs */ -+#define OPENAMP_SUCCESS (0) -+#define OPENAMP_MAP_FULL (INT32_MIN + 1) -+#define OPENAMP_MAP_ERROR (INT32_MIN + 2) -+#define OPENAMP_INVAL_PARAMS (INT32_MIN + 3) -+#define OPENAMP_NO_PERMS (INT32_MIN + 4) -+#define OPENAMP_NO_PEND_EVENT (INT32_MIN + 5) -+#define OPENAMP_CHAN_BUSY (INT32_MIN + 6) -+#define OPENAMP_CALLBACK_REG_ERROR (INT32_MIN + 7) -+#define OPENAMP_INIT_ERROR (INT32_MIN + 8) -+ -+#define HOLD_INPUT_BUFFER (1) /* IF true, TF-M Library will hold the openamp -+ * buffer so that openamp shared memory buffer -+ * does not get freed. -+ */ -+ -+/* -+ * This structure holds the parameters used in a PSA client call. -+ */ -+typedef struct __packed psa_client_in_params { -+ union { -+ struct __packed { -+ uint32_t sid; -+ } psa_version_params; -+ -+ struct __packed { -+ uint32_t sid; -+ uint32_t version; -+ } psa_connect_params; -+ -+ struct __packed { -+ psa_handle_t handle; -+ int32_t type; -+ uint32_t in_vec; -+ uint32_t in_len; -+ uint32_t out_vec; -+ uint32_t out_len; -+ } psa_call_params; -+ -+ struct __packed { -+ psa_handle_t handle; -+ } psa_close_params; -+ }; -+} psa_client_in_params_t; -+ -+/* Openamp message passed from NSPE to SPE to deliver a PSA client call */ -+struct __packed ns_openamp_msg { -+ uint32_t call_type; /* PSA client call type */ -+ struct psa_client_in_params params; /* Contain parameters used in PSA -+ * client call -+ */ -+ -+ int32_t client_id; /* Optional client ID of the -+ * non-secure caller. -+ * It is required to identify the -+ * non-secure task when NSPE OS -+ * enforces non-secure task -+ * isolation -+ */ -+ int32_t request_id; /* This is the unique ID for a -+ * request send to TF-M by the -+ * non-secure core. TF-M forward -+ * the ID back to non-secure on the -+ * reply to a given request. Using -+ * this id, the non-secure library -+ * can identify the request for -+ * which the reply has received. -+ */ -+}; -+ -+/* -+ * This structure holds the location of the out data of the PSA client call. -+ */ -+struct __packed psa_client_out_params { -+ uint32_t out_vec; -+ uint32_t out_len; -+}; -+ -+ -+/* Openamp message from SPE to NSPE delivering the reply back for a PSA client -+ * call. -+ */ -+struct __packed s_openamp_msg { -+ int32_t request_id; /* Using this id, the non-secure -+ * library identifies the request. -+ * TF-M forwards the same -+ * request-id received on the -+ * initial request. -+ */ -+ int32_t reply; /* Reply of the PSA client call */ -+ struct psa_client_out_params params; /* Contain out data result of the -+ * PSA client call. -+ */ -+}; -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* SERVICE_PSA_IPC_OPENAMP_LIB_H */ -+ -+ -diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake -index 34fe5ff1b925..dd0c5d00c21e 100644 ---- a/deployments/se-proxy/se-proxy.cmake -+++ b/deployments/se-proxy/se-proxy.cmake -@@ -24,6 +24,7 @@ add_components(TARGET "se-proxy" - "components/service/common/include" - "components/service/common/serializer/protobuf" - "components/service/common/client" -+ "components/service/common/psa_ipc" - "components/service/common/provider" - "components/service/discovery/provider" - "components/service/discovery/provider/serializer/packed-c" --- -2.38.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-plat-corstone1000-add-compile-definitions-for-ECP_DP.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-plat-corstone1000-add-compile-definitions-for-ECP_DP.patch new file mode 100644 index 0000000000..2fdd19e79f --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-plat-corstone1000-add-compile-definitions-for-ECP_DP.patch @@ -0,0 +1,27 @@ +From 041d30bb9cc6857f5ef26ded154ff7126dafaa20 Mon Sep 17 00:00:00 2001 +From: Emekcan Aras <emekcan.aras@arm.com> +Date: Fri, 16 Jun 2023 10:47:48 +0100 +Subject: [PATCH] plat: corstone1000: add compile definitions for + ECP_DP_SECP512R1 + +Corstone1000 runs PSA-API tests which requires this ECC algorithm. +Without setting this, corstone1000 fails psa-api-crypto-test no 243. + +Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> +--- + platform/providers/arm/corstone1000/platform.cmake | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake +index dbdf1097..e7a295dd 100644 +--- a/platform/providers/arm/corstone1000/platform.cmake ++++ b/platform/providers/arm/corstone1000/platform.cmake +@@ -14,3 +14,5 @@ target_compile_definitions(${TGT} PRIVATE + SMM_VARIABLE_INDEX_STORAGE_UID=0x787 + SMM_GATEWAY_MAX_UEFI_VARIABLES=100 + ) ++ ++add_compile_definitions(MBEDTLS_ECP_DP_SECP521R1_ENABLED) +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch deleted file mode 100644 index 74a83777df..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch +++ /dev/null @@ -1,523 +0,0 @@ -From ed4371d63cb52c121be9678bc225055944286c30 Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath <vishnu.banavath@arm.com> -Date: Fri, 3 Dec 2021 19:19:24 +0000 -Subject: [PATCH 06/20] Add secure storage ipc backend - -Add secure storage ipc ff-m implementation which may use -openamp as rpc to communicate with other processor. - -Upstream-Status: Pending -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - .../service/common/psa_ipc/service_psa_ipc.c | 143 +++++++++++- - .../secure_storage_ipc/component.cmake | 14 ++ - .../secure_storage_ipc/secure_storage_ipc.c | 214 ++++++++++++++++++ - .../secure_storage_ipc/secure_storage_ipc.h | 52 +++++ - deployments/se-proxy/se-proxy.cmake | 1 + - 5 files changed, 420 insertions(+), 4 deletions(-) - create mode 100644 components/service/secure_storage/backend/secure_storage_ipc/component.cmake - create mode 100644 components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c - create mode 100644 components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h - -diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c -index e8093c20a523..95a07c135f31 100644 ---- a/components/service/common/psa_ipc/service_psa_ipc.c -+++ b/components/service/common/psa_ipc/service_psa_ipc.c -@@ -16,6 +16,52 @@ - #include <psa/client.h> - #include "service_psa_ipc_openamp_lib.h" - -+static struct psa_invec *psa_call_in_vec_param(uint8_t *req) -+{ -+ return (struct psa_invec *)(req + sizeof(struct ns_openamp_msg)); -+} -+ -+static struct psa_outvec *psa_call_out_vec_param(uint8_t *req, size_t in_len) -+{ -+ return (struct psa_outvec *)(req + sizeof(struct ns_openamp_msg) + -+ (in_len * sizeof(struct psa_invec))); -+} -+ -+static size_t psa_call_header_len(const struct psa_invec *in_vec, size_t in_len, -+ struct psa_outvec *out_vec, size_t out_len) -+{ -+ return sizeof(struct ns_openamp_msg) + (in_len * sizeof(*in_vec)) + -+ (out_len * sizeof(*out_vec)); -+} -+ -+static size_t psa_call_in_vec_len(const struct psa_invec *in_vec, size_t in_len) -+{ -+ size_t req_len = 0; -+ int i; -+ -+ if (!in_vec || !in_len) -+ return 0; -+ -+ for (i = 0; i < in_len; i++) -+ req_len += in_vec[i].len; -+ -+ return req_len; -+} -+ -+static size_t psa_call_out_vec_len(const struct psa_outvec *out_vec, size_t out_len) -+{ -+ size_t resp_len = 0; -+ int i; -+ -+ if (!out_vec || !out_len) -+ return 0; -+ -+ for (i = 0; i < out_len; i++) -+ resp_len += out_vec[i].len; -+ -+ return resp_len; -+} -+ - psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid, - uint32_t version) - { -@@ -31,7 +77,7 @@ psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid, - rpc_handle = rpc_caller_begin(caller, &req, - sizeof(struct ns_openamp_msg)); - if (!rpc_handle) { -- EMSG("psa_connect: could not get handle"); -+ EMSG("psa_connect: could not get rpc handle"); - return PSA_ERROR_GENERIC_ERROR; - } - -@@ -56,14 +102,100 @@ psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid, - return resp_msg ? (psa_handle_t)resp_msg->reply : PSA_NULL_HANDLE; - } - --psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t handle, -+psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle, - int32_t type, const struct psa_invec *in_vec, - size_t in_len, struct psa_outvec *out_vec, size_t out_len) - { -+ psa_status_t psa_status = PSA_SUCCESS; -+ struct s_openamp_msg *resp_msg = NULL; -+ struct psa_outvec *out_vec_param; -+ struct psa_invec *in_vec_param; -+ struct ns_openamp_msg *req_msg; -+ rpc_call_handle rpc_handle; -+ size_t out_vec_len; -+ size_t in_vec_len; -+ size_t header_len; -+ uint8_t *payload; -+ size_t resp_len; -+ uint8_t *resp; -+ uint8_t *req; -+ int ret; -+ int i; -+ -+ if ((psa_handle == PSA_NULL_HANDLE) || !caller) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ header_len = psa_call_header_len(in_vec, in_len, out_vec, out_len); -+ in_vec_len = psa_call_in_vec_len(in_vec, in_len); -+ out_vec_len = psa_call_out_vec_len(out_vec, out_len); - -+ rpc_handle = rpc_caller_begin(caller, &req, header_len + in_vec_len); -+ if (!rpc_handle) { -+ EMSG("psa_call: could not get handle"); -+ return PSA_ERROR_GENERIC_ERROR; -+ } -+ -+ payload = req + header_len; -+ -+ out_vec_param = psa_call_out_vec_param(req, in_len); -+ in_vec_param = psa_call_in_vec_param(req); -+ -+ req_msg = (struct ns_openamp_msg *)req; -+ -+ req_msg->call_type = OPENAMP_PSA_CALL; -+ req_msg->request_id = 1234; -+ req_msg->params.psa_call_params.handle = psa_handle; -+ req_msg->params.psa_call_params.type = type; -+ req_msg->params.psa_call_params.in_len = in_len; -+ req_msg->params.psa_call_params.in_vec = rpc_caller_virt_to_phys(caller, in_vec_param); -+ req_msg->params.psa_call_params.out_len = out_len; -+ req_msg->params.psa_call_params.out_vec = rpc_caller_virt_to_phys(caller, out_vec_param); -+ -+ for (i = 0; i < in_len; i++) { -+ in_vec_param[i].base = rpc_caller_virt_to_phys(caller, payload); -+ in_vec_param[i].len = in_vec[i].len; -+ -+ memcpy(payload, in_vec[i].base, in_vec[i].len); -+ payload += in_vec[i].len; -+ } -+ -+ for (i = 0; i < out_len; i++) { -+ out_vec_param[i].base = NULL; -+ out_vec_param[i].len = out_vec[i].len; -+ } -+ -+ ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp, -+ &resp_len); -+ if (ret != TS_RPC_CALL_ACCEPTED) { -+ EMSG("psa_call: invoke failed: %d", ret); -+ return PSA_ERROR_GENERIC_ERROR; -+ } -+ -+ if (psa_status != PSA_SUCCESS) { -+ EMSG("psa_call: psa_status invoke failed: %d", psa_status); -+ return PSA_ERROR_GENERIC_ERROR; -+ } -+ -+ resp_msg = (struct s_openamp_msg *)resp; -+ -+ if (!resp_msg || !out_len || resp_msg->reply != PSA_SUCCESS) -+ goto caller_end; -+ -+ out_vec_param = (struct psa_outvec *)rpc_caller_phys_to_virt(caller, -+ resp_msg->params.out_vec); -+ -+ for (i = 0; i < resp_msg->params.out_len; i++) { -+ memcpy(out_vec[i].base, rpc_caller_phys_to_virt(caller, out_vec_param[i].base), -+ out_vec[i].len); -+ } -+ -+caller_end: -+ rpc_caller_end(caller, rpc_handle); -+ -+ return resp_msg ? resp_msg->reply : PSA_ERROR_COMMUNICATION_FAILURE; - } - --void psa_close(struct rpc_caller *caller, psa_handle_t handle) -+void psa_close(struct rpc_caller *caller, psa_handle_t psa_handle) - { - psa_status_t psa_status = PSA_SUCCESS; - struct s_openamp_msg *resp_msg = NULL; -@@ -74,6 +206,9 @@ void psa_close(struct rpc_caller *caller, psa_handle_t handle) - uint8_t *req; - int ret; - -+ if ((psa_handle == PSA_NULL_HANDLE) || !caller) -+ return; -+ - rpc_handle = rpc_caller_begin(caller, &req, - sizeof(struct ns_openamp_msg)); - if (!rpc_handle) { -@@ -84,7 +219,7 @@ void psa_close(struct rpc_caller *caller, psa_handle_t handle) - req_msg = (struct ns_openamp_msg *)req; - - req_msg->call_type = OPENAMP_PSA_CLOSE; -- req_msg->params.psa_close_params.handle = handle; -+ req_msg->params.psa_close_params.handle = psa_handle; - - ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp, - &resp_len); -diff --git a/components/service/secure_storage/backend/secure_storage_ipc/component.cmake b/components/service/secure_storage/backend/secure_storage_ipc/component.cmake -new file mode 100644 -index 000000000000..5d8f6714e0bd ---- /dev/null -+++ b/components/service/secure_storage/backend/secure_storage_ipc/component.cmake -@@ -0,0 +1,14 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+if (NOT DEFINED TGT) -+ message(FATAL_ERROR "mandatory parameter TGT is not defined.") -+endif() -+ -+target_sources(${TGT} PRIVATE -+ "${CMAKE_CURRENT_LIST_DIR}/secure_storage_ipc.c" -+ ) -+ -diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -new file mode 100644 -index 000000000000..9b55f77dd395 ---- /dev/null -+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -@@ -0,0 +1,214 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#include <protocols/rpc/common/packed-c/status.h> -+#include "secure_storage_ipc.h" -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <rpc_caller.h> -+#include <string.h> -+#include <trace.h> -+ -+ -+static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id, -+ psa_storage_uid_t uid, size_t data_length, -+ const void *p_data, psa_storage_create_flags_t create_flags) -+{ -+ struct secure_storage_ipc *ipc = context; -+ struct rpc_caller *caller = ipc->client.caller; -+ psa_handle_t psa_handle; -+ psa_status_t psa_status; -+ struct psa_invec in_vec[] = { -+ { .base = &uid, .len = sizeof(uid) }, -+ { .base = p_data, .len = data_length }, -+ { .base = &create_flags, .len = sizeof(create_flags) }, -+ }; -+ -+ (void)client_id; -+ -+ ipc->client.rpc_status = TS_RPC_CALL_ACCEPTED; -+ -+ /* Validating input parameters */ -+ if (p_data == NULL) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -+ TFM_PS_SET, in_vec, IOVEC_LEN(in_vec), NULL, 0); -+ if (psa_status < 0) -+ EMSG("ipc_set: psa_call failed: %d", psa_status); -+ -+ return psa_status; -+} -+ -+static psa_status_t secure_storage_ipc_get(void *context, -+ uint32_t client_id, -+ psa_storage_uid_t uid, -+ size_t data_offset, -+ size_t data_size, -+ void *p_data, -+ size_t *p_data_length) -+{ -+ struct secure_storage_ipc *ipc = context; -+ struct rpc_caller *caller = ipc->client.caller; -+ psa_handle_t psa_handle; -+ psa_status_t psa_status; -+ uint32_t offset = (uint32_t)data_offset; -+ struct psa_invec in_vec[] = { -+ { .base = &uid, .len = sizeof(uid) }, -+ { .base = &offset, .len = sizeof(offset) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = p_data, .len = data_size }, -+ }; -+ -+ if (!p_data_length) { -+ EMSG("ipc_get: p_data_length not defined"); -+ return PSA_ERROR_INVALID_ARGUMENT; -+ } -+ -+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -+ TFM_PS_GET, in_vec, IOVEC_LEN(in_vec), -+ out_vec, IOVEC_LEN(out_vec)); -+ if (psa_status == PSA_SUCCESS) -+ *p_data_length = out_vec[0].len; -+ -+ return psa_status; -+} -+ -+static psa_status_t secure_storage_ipc_get_info(void *context, -+ uint32_t client_id, -+ psa_storage_uid_t uid, -+ struct psa_storage_info_t *p_info) -+{ -+ struct secure_storage_ipc *ipc = context; -+ struct rpc_caller *caller = ipc->client.caller; -+ psa_handle_t psa_handle; -+ psa_status_t psa_status; -+ struct psa_invec in_vec[] = { -+ { .base = &uid, .len = sizeof(uid) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = p_info, .len = sizeof(*p_info) }, -+ }; -+ -+ (void)client_id; -+ -+ /* Validating input parameters */ -+ if (!p_info) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -+ TFM_PS_GET_INFO, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ if (psa_status != PSA_SUCCESS) -+ EMSG("ipc_get_info: failed to psa_call: %d", psa_status); -+ -+ return psa_status; -+} -+ -+static psa_status_t secure_storage_ipc_remove(void *context, -+ uint32_t client_id, -+ psa_storage_uid_t uid) -+{ -+ struct secure_storage_ipc *ipc = context; -+ struct rpc_caller *caller = ipc->client.caller; -+ psa_handle_t psa_handle; -+ psa_status_t psa_status; -+ struct psa_invec in_vec[] = { -+ { .base = &uid, .len = sizeof(uid) }, -+ }; -+ -+ (void)client_id; -+ -+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -+ TFM_PS_REMOVE, in_vec, -+ IOVEC_LEN(in_vec), NULL, 0); -+ if (psa_status != PSA_SUCCESS) -+ EMSG("ipc_remove: failed to psa_call: %d", psa_status); -+ -+ return psa_status; -+} -+ -+static psa_status_t secure_storage_ipc_create(void *context, -+ uint32_t client_id, -+ uint64_t uid, -+ size_t capacity, -+ uint32_t create_flags) -+{ -+ (void)context; -+ (void)uid; -+ (void)client_id; -+ (void)capacity; -+ (void)create_flags; -+ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static psa_status_t secure_storage_set_extended(void *context, -+ uint32_t client_id, -+ uint64_t uid, -+ size_t data_offset, -+ size_t data_length, -+ const void *p_data) -+{ -+ (void)context; -+ (void)uid; -+ (void)client_id; -+ (void)data_offset; -+ (void)data_length; -+ (void)p_data; -+ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static uint32_t secure_storage_get_support(void *context, uint32_t client_id) -+{ -+ struct secure_storage_ipc *ipc = context; -+ struct rpc_caller *caller = ipc->client.caller; -+ psa_handle_t psa_handle; -+ psa_status_t psa_status; -+ uint32_t support_flags; -+ struct psa_outvec out_vec[] = { -+ { .base = &support_flags, .len = sizeof(support_flags) }, -+ }; -+ -+ (void)client_id; -+ -+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -+ TFM_PS_GET_SUPPORT, NULL, 0, -+ out_vec, IOVEC_LEN(out_vec)); -+ if (psa_status != PSA_SUCCESS) -+ EMSG("ipc_get_support: failed to psa_call: %d", psa_status); -+ -+ return psa_status; -+} -+ -+struct storage_backend *secure_storage_ipc_init(struct secure_storage_ipc *context, -+ struct rpc_caller *caller) -+{ -+ service_client_init(&context->client, caller); -+ -+ static const struct storage_backend_interface interface = -+ { -+ .set = secure_storage_ipc_set, -+ .get = secure_storage_ipc_get, -+ .get_info = secure_storage_ipc_get_info, -+ .remove = secure_storage_ipc_remove, -+ .create = secure_storage_ipc_create, -+ .set_extended = secure_storage_set_extended, -+ .get_support = secure_storage_get_support, -+ }; -+ -+ context->backend.context = context; -+ context->backend.interface = &interface; -+ -+ return &context->backend; -+} -+ -+void secure_storage_ipc_deinit(struct secure_storage_ipc *context) -+{ -+ service_client_deinit(&context->client); -+} -diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h -new file mode 100644 -index 000000000000..e8c1e8fd2f92 ---- /dev/null -+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h -@@ -0,0 +1,52 @@ -+/* -+ * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef SECURE_STORAGE_IPC_H -+#define SECURE_STORAGE_IPC_H -+ -+#include <service/secure_storage/backend/storage_backend.h> -+#include <service/common/client/service_client.h> -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+/** -+ * @brief Secure storage ipc instance -+ */ -+struct secure_storage_ipc -+{ -+ struct storage_backend backend; -+ struct service_client client; -+}; -+ -+/** -+ * @brief Initialize a secure storage ipc client -+ * -+ * A secure storage client is a storage backend that makes RPC calls -+ * to a remote secure storage provider. -+ * -+ * @param[in] context Instance data -+ * @param[in] rpc_caller RPC caller instance -+ * -+ * -+ * @return Pointer to inialized storage backend or NULL on failure -+ */ -+struct storage_backend *secure_storage_ipc_init(struct secure_storage_ipc *context, -+ struct rpc_caller *caller); -+ -+/** -+ * @brief Deinitialize a secure storage ipc client -+ * -+ * @param[in] context Instance data -+ */ -+void secure_storage_ipc_deinit(struct secure_storage_ipc *context); -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* SECURE_STORAGE_IPC_H */ -diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake -index dd0c5d00c21e..cd51460406ca 100644 ---- a/deployments/se-proxy/se-proxy.cmake -+++ b/deployments/se-proxy/se-proxy.cmake -@@ -45,6 +45,7 @@ add_components(TARGET "se-proxy" - "components/service/crypto/factory/full" - "components/service/secure_storage/include" - "components/service/secure_storage/frontend/secure_storage_provider" -+ "components/service/secure_storage/backend/secure_storage_ipc" - "components/service/attestation/include" - "components/service/attestation/provider" - "components/service/attestation/provider/serializer/packed-c" --- -2.38.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0023-Use-the-stateless-platform-service.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-plat-corstone1000-Use-the-stateless-platform-service.patch index 824196c11a..4e9d5c2e13 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0023-Use-the-stateless-platform-service.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-plat-corstone1000-Use-the-stateless-platform-service.patch @@ -1,21 +1,21 @@ -From 956b8a8e1dd5702b9c1657f4ec27a7aeddb0758e Mon Sep 17 00:00:00 2001 -From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> -Date: Mon, 21 Nov 2022 00:08:20 +0000 -Subject: [PATCH] Use the stateless platform service calls - -Calls to psa_connect is not needed and psa_call can be called -directly with a pre defined handle. +From a71e99045996c57a4f80509ae8b770aa4f73f6c0 Mon Sep 17 00:00:00 2001 +From: Emekcan Aras <emekcan.aras@arm.com> +Date: Sun, 18 Jun 2023 14:38:42 +0100 +Subject: [PATCH] plat: corstone1000: Use the stateless platform service calls + Calls to psa_connect is not needed and psa_call can be called directly with a + pre defined handle. Signed-off-by: Satish Kumar <satish.kumar01@arm.com> Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> -Upstream-Status: Inappropriate [Design is to revisted] +Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> +Upstream-Status: Inappropriate [Design is to revisted] --- .../provider/capsule_update_provider.c | 24 ++++--------------- .../provider/corstone1000_fmp_service.c | 10 ++++---- .../provider/corstone1000_fmp_service.h | 3 +-- - components/service/common/include/psa/sid.h | 6 +++++ - 4 files changed, 16 insertions(+), 27 deletions(-) + components/service/common/include/psa/sid.h | 7 ++++++ + 4 files changed, 17 insertions(+), 27 deletions(-) diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c index 991a2235..6809249f 100644 @@ -119,22 +119,23 @@ index 95fba2a0..963223e8 100644 #ifdef __cplusplus } /* extern "C" */ diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h -index 7a29cc25..8103a9af 100644 +index 5aaa659d..fc3a4fb0 100644 --- a/components/service/common/include/psa/sid.h +++ b/components/service/common/include/psa/sid.h -@@ -37,6 +37,12 @@ extern "C" { +@@ -40,6 +40,13 @@ extern "C" { #define TFM_CRYPTO_VERSION (1U) #define TFM_CRYPTO_HANDLE (0x40000100U) -+ +/******** TFM_PLATFORM_SERVICE *******/ +#define TFM_PLATFORM_API_ID_IOCTL (1013) +#define TFM_PLATFORM_SERVICE_HANDLE (0x40000105U) + -+ - /** - * \brief Define a progressive numerical value for each SID which can be used - * when dispatching the requests to the service ++/** ++ * \brief Define a progressive numerical value for each SID which can be used ++ * when dispatching the requests to the service + /******** TFM_SP_PLATFORM ********/ + #define TFM_SP_PLATFORM_SYSTEM_RESET_SID (0x00000040U) + #define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION (1U) -- -2.25.1 +2.17.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch deleted file mode 100644 index ad33295d41..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch +++ /dev/null @@ -1,63 +0,0 @@ -From d1377a5ed909e3a1d9caca56aeda262a80322a4b Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath <vishnu.banavath@arm.com> -Date: Fri, 3 Dec 2021 19:25:34 +0000 -Subject: [PATCH 07/20] Use secure storage ipc and openamp for se_proxy - -Remove mock up backend for secure storage in se proxy -deployment and use instead the secure storage ipc backend with -openamp as rpc to secure enclave side. - -Upstream-Status: Pending -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - .../se-proxy/common/service_proxy_factory.c | 16 +++++++++++++--- - 1 file changed, 13 insertions(+), 3 deletions(-) - -diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c -index acfb6e8873fa..57290056d614 100644 ---- a/deployments/se-proxy/common/service_proxy_factory.c -+++ b/deployments/se-proxy/common/service_proxy_factory.c -@@ -6,15 +6,20 @@ - - #include <stddef.h> - #include <rpc/common/endpoint/rpc_interface.h> -+#include <rpc/openamp/caller/sp/openamp_caller.h> - #include <service/attestation/provider/attest_provider.h> - #include <service/attestation/provider/serializer/packed-c/packedc_attest_provider_serializer.h> - #include <service/crypto/factory/crypto_provider_factory.h> - #include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h> -+#include <trace.h> - - /* Stub backends */ - #include <service/crypto/backend/stub/stub_crypto_backend.h> -+#include <service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h> - #include <service/secure_storage/backend/mock_store/mock_store.h> - -+struct openamp_caller openamp; -+ - struct rpc_interface *attest_proxy_create(void) - { - struct rpc_interface *attest_iface; -@@ -47,10 +52,15 @@ struct rpc_interface *crypto_proxy_create(void) - - struct rpc_interface *ps_proxy_create(void) - { -- static struct mock_store ps_backend; - static struct secure_storage_provider ps_provider; -- -- struct storage_backend *backend = mock_store_init(&ps_backend); -+ static struct secure_storage_ipc ps_backend; -+ static struct rpc_caller *storage_caller; -+ struct storage_backend *backend; -+ -+ storage_caller = openamp_caller_init(&openamp); -+ if (!storage_caller) -+ return NULL; -+ backend = secure_storage_ipc_init(&ps_backend, &openamp.rpc_caller); - - return secure_storage_provider_init(&ps_provider, backend); - } --- -2.38.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-plat-corstone1000-Initialize-capsule-update-provider.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-plat-corstone1000-Initialize-capsule-update-provider.patch new file mode 100644 index 0000000000..3e6f606c5d --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-plat-corstone1000-Initialize-capsule-update-provider.patch @@ -0,0 +1,78 @@ +From b5b31064959665f4cc616733be3d989ae4356636 Mon Sep 17 00:00:00 2001 +From: Emekcan Aras <emekcan.aras@arm.com> +Date: Sun, 18 Jun 2023 16:05:27 +0100 +Subject: [PATCH] plat: corstone1000: Initialize capsule update provider + +Initializes the capsule update service provider in se-proxy-sp.c deployment +for corstone1000. + +Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> +Upstream-Status: Inappropriate [Design is to revisted] + +--- + deployments/se-proxy/env/commonsp/se_proxy_sp.c | 3 +++ + .../infra/corstone1000/service_proxy_factory.c | 17 +++++++++++++++++ + .../se-proxy/infra/service_proxy_factory.h | 1 + + 3 files changed, 21 insertions(+) + +diff --git a/deployments/se-proxy/env/commonsp/se_proxy_sp.c b/deployments/se-proxy/env/commonsp/se_proxy_sp.c +index 45fcb385..dc2a9d49 100644 +--- a/deployments/se-proxy/env/commonsp/se_proxy_sp.c ++++ b/deployments/se-proxy/env/commonsp/se_proxy_sp.c +@@ -77,6 +77,9 @@ void __noreturn sp_main(struct ffa_init_info *init_info) + } + rpc_demux_attach(&rpc_demux, SE_PROXY_INTERFACE_ID_ATTEST, rpc_iface); + ++ rpc_iface = capsule_update_proxy_create(); ++ rpc_demux_attach(&rpc_demux, SE_PROXY_INTERFACE_ID_CAPSULE_UPDATE, rpc_iface); ++ + /* End of boot phase */ + result = sp_msg_wait(&req_msg); + if (result != SP_RESULT_OK) { +diff --git a/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c b/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c +index bacab1de..32d88c97 100644 +--- a/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c ++++ b/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c +@@ -14,6 +14,7 @@ + #include <service/crypto/factory/crypto_provider_factory.h> + #include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h> + #include <trace.h> ++#include <service/capsule_update/provider/capsule_update_provider.h> + + /* backends */ + #include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> +@@ -94,3 +95,19 @@ struct rpc_interface *its_proxy_create(void) + + return secure_storage_provider_init(&its_provider, backend); + } ++ ++struct rpc_interface *capsule_update_proxy_create(void) ++{ ++ static struct capsule_update_provider capsule_update_provider; ++ static struct rpc_caller *capsule_update_caller; ++ ++ capsule_update_caller = psa_ipc_caller_init(&psa_ipc); ++ ++ if (!capsule_update_caller) ++ return NULL; ++ ++ capsule_update_provider.client.caller = capsule_update_caller; ++ ++ return capsule_update_provider_init(&capsule_update_provider); ++} ++ +diff --git a/deployments/se-proxy/infra/service_proxy_factory.h b/deployments/se-proxy/infra/service_proxy_factory.h +index 298d407a..02aa7fe2 100644 +--- a/deployments/se-proxy/infra/service_proxy_factory.h ++++ b/deployments/se-proxy/infra/service_proxy_factory.h +@@ -17,6 +17,7 @@ struct rpc_interface *attest_proxy_create(void); + struct rpc_interface *crypto_proxy_create(void); + struct rpc_interface *ps_proxy_create(void); + struct rpc_interface *its_proxy_create(void); ++struct rpc_interface *capsule_update_proxy_create(void); + + #ifdef __cplusplus + } +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch deleted file mode 100644 index ab57688276..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 1b50ab6b6ff1c6f27ab320e18fb0d4aeb1122f0d Mon Sep 17 00:00:00 2001 -From: Satish Kumar <satish.kumar01@arm.com> -Date: Sun, 12 Dec 2021 10:43:48 +0000 -Subject: [PATCH 08/20] Run psa-arch-test - -Fixes needed to run psa-arch-test - -Upstream-Status: Pending -Signed-off-by: Satish Kumar <satish.kumar01@arm.com> -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - components/service/common/psa_ipc/service_psa_ipc.c | 1 + - .../backend/secure_storage_ipc/secure_storage_ipc.c | 8 -------- - .../service/secure_storage/include/psa/storage_common.h | 4 ++-- - 3 files changed, 3 insertions(+), 10 deletions(-) - -diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c -index 95a07c135f31..5e5815dbc9cf 100644 ---- a/components/service/common/psa_ipc/service_psa_ipc.c -+++ b/components/service/common/psa_ipc/service_psa_ipc.c -@@ -185,6 +185,7 @@ psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle, - resp_msg->params.out_vec); - - for (i = 0; i < resp_msg->params.out_len; i++) { -+ out_vec[i].len = out_vec_param[i].len; - memcpy(out_vec[i].base, rpc_caller_phys_to_virt(caller, out_vec_param[i].base), - out_vec[i].len); - } -diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -index 9b55f77dd395..a1f369db253e 100644 ---- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -@@ -31,10 +31,6 @@ static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id, - - ipc->client.rpc_status = TS_RPC_CALL_ACCEPTED; - -- /* Validating input parameters */ -- if (p_data == NULL) -- return PSA_ERROR_INVALID_ARGUMENT; -- - psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, - TFM_PS_SET, in_vec, IOVEC_LEN(in_vec), NULL, 0); - if (psa_status < 0) -@@ -96,10 +92,6 @@ static psa_status_t secure_storage_ipc_get_info(void *context, - - (void)client_id; - -- /* Validating input parameters */ -- if (!p_info) -- return PSA_ERROR_INVALID_ARGUMENT; -- - psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, - TFM_PS_GET_INFO, in_vec, - IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -diff --git a/components/service/secure_storage/include/psa/storage_common.h b/components/service/secure_storage/include/psa/storage_common.h -index 4f6ba2a7d822..1fd6b40dc803 100644 ---- a/components/service/secure_storage/include/psa/storage_common.h -+++ b/components/service/secure_storage/include/psa/storage_common.h -@@ -20,8 +20,8 @@ typedef uint64_t psa_storage_uid_t; - typedef uint32_t psa_storage_create_flags_t; - - struct psa_storage_info_t { -- size_t capacity; -- size_t size; -+ uint32_t capacity; -+ uint32_t size; - psa_storage_create_flags_t flags; - }; - --- -2.38.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch deleted file mode 100644 index 3295fa9bd9..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch +++ /dev/null @@ -1,168 +0,0 @@ -From a6fba503ffddae004e23b32559212e749e8586f6 Mon Sep 17 00:00:00 2001 -From: Satish Kumar <satish.kumar01@arm.com> -Date: Sun, 12 Dec 2021 10:57:17 +0000 -Subject: [PATCH 09/20] Use address instead of pointers - -Since secure enclave is 32bit and we 64bit there is an issue -in the protocol communication design that force us to handle -on our side the manipulation of address and pointers to make -this work. - -Upstream-Status: Pending -Signed-off-by: Satish Kumar <satish.kumar01@arm.com> -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - .../service/common/include/psa/client.h | 15 ++++++++++++++ - .../service/common/psa_ipc/service_psa_ipc.c | 20 ++++++++++++------- - .../secure_storage_ipc/secure_storage_ipc.c | 20 +++++++++---------- - 3 files changed, 38 insertions(+), 17 deletions(-) - -diff --git a/components/service/common/include/psa/client.h b/components/service/common/include/psa/client.h -index 69ccf14f40a3..12dcd68f8a76 100644 ---- a/components/service/common/include/psa/client.h -+++ b/components/service/common/include/psa/client.h -@@ -81,6 +81,21 @@ struct __attribute__ ((__packed__)) psa_outvec { - uint32_t len; /*!< the size in bytes */ - }; - -+static void *psa_u32_to_ptr(uint32_t addr) -+{ -+ return (void *)(uintptr_t)addr; -+} -+ -+static uint32_t psa_ptr_to_u32(void *ptr) -+{ -+ return (uintptr_t)ptr; -+} -+ -+static uint32_t psa_ptr_const_to_u32(const void *ptr) -+{ -+ return (uintptr_t)ptr; -+} -+ - /*************************** PSA Client API **********************************/ - - /** -diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c -index 5e5815dbc9cf..435c6c0a2eba 100644 ---- a/components/service/common/psa_ipc/service_psa_ipc.c -+++ b/components/service/common/psa_ipc/service_psa_ipc.c -@@ -62,6 +62,11 @@ static size_t psa_call_out_vec_len(const struct psa_outvec *out_vec, size_t out_ - return resp_len; - } - -+static uint32_t psa_virt_to_phys_u32(struct rpc_caller *caller, void *va) -+{ -+ return (uintptr_t)rpc_caller_virt_to_phys(caller, va); -+} -+ - psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid, - uint32_t version) - { -@@ -147,20 +152,20 @@ psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle, - req_msg->params.psa_call_params.handle = psa_handle; - req_msg->params.psa_call_params.type = type; - req_msg->params.psa_call_params.in_len = in_len; -- req_msg->params.psa_call_params.in_vec = rpc_caller_virt_to_phys(caller, in_vec_param); -+ req_msg->params.psa_call_params.in_vec = psa_virt_to_phys_u32(caller, in_vec_param); - req_msg->params.psa_call_params.out_len = out_len; -- req_msg->params.psa_call_params.out_vec = rpc_caller_virt_to_phys(caller, out_vec_param); -+ req_msg->params.psa_call_params.out_vec = psa_virt_to_phys_u32(caller, out_vec_param); - - for (i = 0; i < in_len; i++) { -- in_vec_param[i].base = rpc_caller_virt_to_phys(caller, payload); -+ in_vec_param[i].base = psa_virt_to_phys_u32(caller, payload); - in_vec_param[i].len = in_vec[i].len; - -- memcpy(payload, in_vec[i].base, in_vec[i].len); -+ memcpy(payload, psa_u32_to_ptr(in_vec[i].base), in_vec[i].len); - payload += in_vec[i].len; - } - - for (i = 0; i < out_len; i++) { -- out_vec_param[i].base = NULL; -+ out_vec_param[i].base = 0; - out_vec_param[i].len = out_vec[i].len; - } - -@@ -182,11 +187,12 @@ psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle, - goto caller_end; - - out_vec_param = (struct psa_outvec *)rpc_caller_phys_to_virt(caller, -- resp_msg->params.out_vec); -+ psa_u32_to_ptr(resp_msg->params.out_vec)); - - for (i = 0; i < resp_msg->params.out_len; i++) { - out_vec[i].len = out_vec_param[i].len; -- memcpy(out_vec[i].base, rpc_caller_phys_to_virt(caller, out_vec_param[i].base), -+ memcpy(psa_u32_to_ptr(out_vec[i].base), -+ rpc_caller_phys_to_virt(caller, psa_u32_to_ptr(out_vec_param[i].base)), - out_vec[i].len); - } - -diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -index a1f369db253e..bda442a61d5c 100644 ---- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -@@ -22,9 +22,9 @@ static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id, - psa_handle_t psa_handle; - psa_status_t psa_status; - struct psa_invec in_vec[] = { -- { .base = &uid, .len = sizeof(uid) }, -- { .base = p_data, .len = data_length }, -- { .base = &create_flags, .len = sizeof(create_flags) }, -+ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) }, -+ { .base = psa_ptr_const_to_u32(p_data), .len = data_length }, -+ { .base = psa_ptr_to_u32(&create_flags), .len = sizeof(create_flags) }, - }; - - (void)client_id; -@@ -53,11 +53,11 @@ static psa_status_t secure_storage_ipc_get(void *context, - psa_status_t psa_status; - uint32_t offset = (uint32_t)data_offset; - struct psa_invec in_vec[] = { -- { .base = &uid, .len = sizeof(uid) }, -- { .base = &offset, .len = sizeof(offset) }, -+ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) }, -+ { .base = psa_ptr_to_u32(&offset), .len = sizeof(offset) }, - }; - struct psa_outvec out_vec[] = { -- { .base = p_data, .len = data_size }, -+ { .base = psa_ptr_to_u32(p_data), .len = data_size }, - }; - - if (!p_data_length) { -@@ -84,10 +84,10 @@ static psa_status_t secure_storage_ipc_get_info(void *context, - psa_handle_t psa_handle; - psa_status_t psa_status; - struct psa_invec in_vec[] = { -- { .base = &uid, .len = sizeof(uid) }, -+ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) }, - }; - struct psa_outvec out_vec[] = { -- { .base = p_info, .len = sizeof(*p_info) }, -+ { .base = psa_ptr_to_u32(p_info), .len = sizeof(*p_info) }, - }; - - (void)client_id; -@@ -110,7 +110,7 @@ static psa_status_t secure_storage_ipc_remove(void *context, - psa_handle_t psa_handle; - psa_status_t psa_status; - struct psa_invec in_vec[] = { -- { .base = &uid, .len = sizeof(uid) }, -+ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) }, - }; - - (void)client_id; -@@ -164,7 +164,7 @@ static uint32_t secure_storage_get_support(void *context, uint32_t client_id) - psa_status_t psa_status; - uint32_t support_flags; - struct psa_outvec out_vec[] = { -- { .base = &support_flags, .len = sizeof(support_flags) }, -+ { .base = psa_ptr_to_u32(&support_flags), .len = sizeof(support_flags) }, - }; - - (void)client_id; --- -2.38.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch deleted file mode 100644 index 2d0725cb24..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch +++ /dev/null @@ -1,323 +0,0 @@ -From b142f3c162fb1c28982d26b5ac2181ba79197a28 Mon Sep 17 00:00:00 2001 -From: Rui Miguel Silva <rui.silva@linaro.org> -Date: Tue, 7 Dec 2021 11:50:00 +0000 -Subject: [PATCH 10/20] Add psa ipc attestation to se proxy - -Implement attestation client API as psa ipc and include it to -se proxy deployment. - -Upstream-Status: Pending -Signed-off-by: Satish Kumar <satish.kumar01@arm.com> -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - .../client/psa_ipc/component.cmake | 13 +++ - .../client/psa_ipc/iat_ipc_client.c | 86 +++++++++++++++++++ - .../reporter/psa_ipc/component.cmake | 13 +++ - .../reporter/psa_ipc/psa_ipc_attest_report.c | 45 ++++++++++ - components/service/common/include/psa/sid.h | 4 + - .../se-proxy/common/service_proxy_factory.c | 6 ++ - deployments/se-proxy/se-proxy.cmake | 7 +- - ...ble-using-hard-coded-attestation-key.patch | 29 ------- - external/psa_arch_tests/psa_arch_tests.cmake | 4 - - 9 files changed, 171 insertions(+), 36 deletions(-) - create mode 100644 components/service/attestation/client/psa_ipc/component.cmake - create mode 100644 components/service/attestation/client/psa_ipc/iat_ipc_client.c - create mode 100644 components/service/attestation/reporter/psa_ipc/component.cmake - create mode 100644 components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c - delete mode 100644 external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch - -diff --git a/components/service/attestation/client/psa_ipc/component.cmake b/components/service/attestation/client/psa_ipc/component.cmake -new file mode 100644 -index 000000000000..a5bc6b4a387e ---- /dev/null -+++ b/components/service/attestation/client/psa_ipc/component.cmake -@@ -0,0 +1,13 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+if (NOT DEFINED TGT) -+ message(FATAL_ERROR "mandatory parameter TGT is not defined.") -+endif() -+ -+target_sources(${TGT} PRIVATE -+ "${CMAKE_CURRENT_LIST_DIR}/iat_ipc_client.c" -+ ) -diff --git a/components/service/attestation/client/psa_ipc/iat_ipc_client.c b/components/service/attestation/client/psa_ipc/iat_ipc_client.c -new file mode 100644 -index 000000000000..30bd0a13a385 ---- /dev/null -+++ b/components/service/attestation/client/psa_ipc/iat_ipc_client.c -@@ -0,0 +1,86 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#include <stddef.h> -+#include <string.h> -+ -+#include "../psa/iat_client.h" -+#include <protocols/rpc/common/packed-c/status.h> -+#include <psa/initial_attestation.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+ -+/** -+ * @brief The singleton psa_iat_client instance -+ * -+ * The psa attestation C API assumes a single backend service provider. -+ */ -+static struct service_client instance; -+ -+ -+psa_status_t psa_iat_client_init(struct rpc_caller *caller) -+{ -+ return service_client_init(&instance, caller); -+} -+ -+void psa_iat_client_deinit(void) -+{ -+ service_client_deinit(&instance); -+} -+ -+int psa_iat_client_rpc_status(void) -+{ -+ return instance.rpc_status; -+} -+ -+psa_status_t psa_initial_attest_get_token(const uint8_t *auth_challenge, -+ size_t challenge_size, -+ uint8_t *token_buf, -+ size_t token_buf_size, -+ size_t *token_size) -+{ -+ psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; -+ struct rpc_caller *caller = instance.caller; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_const_to_u32(auth_challenge), .len = challenge_size}, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(token_buf), .len = token_buf_size}, -+ }; -+ -+ if (!token_buf || !token_buf_size) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ status = psa_call(caller, TFM_ATTESTATION_SERVICE_HANDLE, -+ TFM_ATTEST_GET_TOKEN, in_vec, IOVEC_LEN(in_vec), -+ out_vec, IOVEC_LEN(out_vec)); -+ if (status == PSA_SUCCESS) { -+ *token_size = out_vec[0].len; -+ } -+ -+ return status; -+} -+ -+psa_status_t psa_initial_attest_get_token_size(size_t challenge_size, -+ size_t *token_size) -+{ -+ struct rpc_caller *caller = instance.caller; -+ psa_status_t status; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&challenge_size), .len = sizeof(uint32_t)} -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(token_size), .len = sizeof(uint32_t)} -+ }; -+ -+ status = psa_call(caller, TFM_ATTESTATION_SERVICE_HANDLE, -+ TFM_ATTEST_GET_TOKEN_SIZE, -+ in_vec, IOVEC_LEN(in_vec), -+ out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -diff --git a/components/service/attestation/reporter/psa_ipc/component.cmake b/components/service/attestation/reporter/psa_ipc/component.cmake -new file mode 100644 -index 000000000000..b37830c618fe ---- /dev/null -+++ b/components/service/attestation/reporter/psa_ipc/component.cmake -@@ -0,0 +1,13 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+if (NOT DEFINED TGT) -+ message(FATAL_ERROR "mandatory parameter TGT is not defined.") -+endif() -+ -+target_sources(${TGT} PRIVATE -+ "${CMAKE_CURRENT_LIST_DIR}/psa_ipc_attest_report.c" -+ ) -diff --git a/components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c b/components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c -new file mode 100644 -index 000000000000..15805e8ed4b1 ---- /dev/null -+++ b/components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c -@@ -0,0 +1,45 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+/** -+ * A attestation reporter for psa ipc -+ */ -+ -+#include <stddef.h> -+#include <psa/error.h> -+#include <service/attestation/reporter/attest_report.h> -+#include <psa/initial_attestation.h> -+ -+#define TOKEN_BUF_SIZE 1024 -+ -+static uint8_t token_buf[TOKEN_BUF_SIZE]; -+ -+int attest_report_create(int32_t client_id, const uint8_t *auth_challenge_data, -+ size_t auth_challenge_len, const uint8_t **report, -+ size_t *report_len) -+{ -+ *report = token_buf; -+ psa_status_t ret; -+ size_t token_size = 0; -+ -+ ret = psa_initial_attest_get_token(auth_challenge_data, -+ auth_challenge_len, token_buf, -+ TOKEN_BUF_SIZE, &token_size); -+ if (ret != PSA_SUCCESS) { -+ *report = NULL; -+ *report_len = 0; -+ return ret; -+ } -+ -+ *report_len = token_size; -+ -+ return PSA_SUCCESS; -+} -+ -+void attest_report_destroy(const uint8_t *report) -+{ -+ (void)report; -+} -diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h -index aaa973c6e987..833f5039425f 100644 ---- a/components/service/common/include/psa/sid.h -+++ b/components/service/common/include/psa/sid.h -@@ -50,6 +50,10 @@ extern "C" { - #define TFM_ATTESTATION_SERVICE_VERSION (1U) - #define TFM_ATTESTATION_SERVICE_HANDLE (0x40000103U) - -+/* Initial Attestation message types that distinguish Attest services. */ -+#define TFM_ATTEST_GET_TOKEN 1001 -+#define TFM_ATTEST_GET_TOKEN_SIZE 1002 -+ - /******** TFM_SP_FWU ********/ - #define TFM_FWU_WRITE_SID (0x000000A0U) - #define TFM_FWU_WRITE_VERSION (1U) -diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c -index 57290056d614..4b8cceccbe4d 100644 ---- a/deployments/se-proxy/common/service_proxy_factory.c -+++ b/deployments/se-proxy/common/service_proxy_factory.c -@@ -23,12 +23,18 @@ struct openamp_caller openamp; - struct rpc_interface *attest_proxy_create(void) - { - struct rpc_interface *attest_iface; -+ struct rpc_caller *attest_caller; - - /* Static objects for proxy instance */ - static struct attest_provider attest_provider; - -+ attest_caller = openamp_caller_init(&openamp); -+ if (!attest_caller) -+ return NULL; -+ - /* Initialize the service provider */ - attest_iface = attest_provider_init(&attest_provider); -+ psa_iat_client_init(&openamp.rpc_caller); - - attest_provider_register_serializer(&attest_provider, - TS_RPC_ENCODING_PACKED_C, packedc_attest_provider_serializer_instance()); -diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake -index cd51460406ca..3dbbc36c968d 100644 ---- a/deployments/se-proxy/se-proxy.cmake -+++ b/deployments/se-proxy/se-proxy.cmake -@@ -49,14 +49,15 @@ add_components(TARGET "se-proxy" - "components/service/attestation/include" - "components/service/attestation/provider" - "components/service/attestation/provider/serializer/packed-c" -+ "components/service/attestation/reporter/psa_ipc" -+ "components/service/attestation/client/psa_ipc" - "components/rpc/openamp/caller/sp" - - # Stub service provider backends - "components/rpc/dummy" - "components/rpc/common/caller" -- "components/service/attestation/reporter/stub" -- "components/service/attestation/key_mngr/stub" -- "components/service/crypto/backend/stub" -+ "components/service/attestation/key_mngr/local" -+ "components/service/crypto/backend/psa_ipc" - "components/service/crypto/client/psa" - "components/service/secure_storage/backend/mock_store" - ) -diff --git a/external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch b/external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch -deleted file mode 100644 -index 6664961ab662..000000000000 ---- a/external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch -+++ /dev/null -@@ -1,29 +0,0 @@ --From dbd25f94eb62a9855bf342dd97503a49ea50f83e Mon Sep 17 00:00:00 2001 --From: Gyorgy Szing <Gyorgy.Szing@arm.com> --Date: Tue, 8 Feb 2022 17:06:37 +0000 --Subject: [PATCH 1/1] Disable using hard-coded attestation key -- --Modify platform config to disable using a hard-coded attestation --key. -- --Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com> ----- -- api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h | 2 +- -- 1 file changed, 1 insertion(+), 1 deletion(-) -- --diff --git a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h --index 6112ba7..1cdf581 100755 ----- a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h --+++ b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h --@@ -60,7 +60,7 @@ typedef uint32_t cfg_id_t; -- #define CRYPTO_VERSION_BETA3 -- -- /* Use hardcoded public key */ ---#define PLATFORM_OVERRIDE_ATTEST_PK --+//#define PLATFORM_OVERRIDE_ATTEST_PK -- -- /* -- * Include of PSA defined Header files ---- --2.17.1 -- -diff --git a/external/psa_arch_tests/psa_arch_tests.cmake b/external/psa_arch_tests/psa_arch_tests.cmake -index a8b77a1fc05e..1995df3e0b49 100644 ---- a/external/psa_arch_tests/psa_arch_tests.cmake -+++ b/external/psa_arch_tests/psa_arch_tests.cmake -@@ -15,10 +15,6 @@ set(GIT_OPTIONS - GIT_REPOSITORY ${PSA_ARCH_TESTS_URL} - GIT_TAG ${PSA_ARCH_TESTS_REFSPEC} - GIT_SHALLOW FALSE -- PATCH_COMMAND git stash -- COMMAND git tag -f ts-before-am -- COMMAND git am ${CMAKE_CURRENT_LIST_DIR}/0001-Disable-using-hard-coded-attestation-key.patch -- COMMAND git reset ts-before-am - ) - - # Ensure list of defines is separated correctly --- -2.38.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch deleted file mode 100644 index 5803cc17dc..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch +++ /dev/null @@ -1,163 +0,0 @@ -From 4240977f7c38950f5edb316bb08ae05cb7b99875 Mon Sep 17 00:00:00 2001 -From: Satish Kumar <satish.kumar01@arm.com> -Date: Thu, 9 Dec 2021 14:11:06 +0000 -Subject: [PATCH 11/20] Setup its backend as openamp rpc using secure storage - ipc implementation. - -Upstream-Status: Pending -Signed-off-by: Satish Kumar <satish.kumar01@arm.com> -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - components/service/common/include/psa/sid.h | 12 +++++----- - .../secure_storage_ipc/secure_storage_ipc.c | 20 ++++++++--------- - .../secure_storage_ipc/secure_storage_ipc.h | 1 + - .../se-proxy/common/service_proxy_factory.c | 22 +++++++++++++------ - 4 files changed, 32 insertions(+), 23 deletions(-) - -diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h -index 833f5039425f..4a951d4a3502 100644 ---- a/components/service/common/include/psa/sid.h -+++ b/components/service/common/include/psa/sid.h -@@ -20,12 +20,12 @@ extern "C" { - /* Invalid UID */ - #define TFM_PS_INVALID_UID 0 - --/* PS message types that distinguish PS services. */ --#define TFM_PS_SET 1001 --#define TFM_PS_GET 1002 --#define TFM_PS_GET_INFO 1003 --#define TFM_PS_REMOVE 1004 --#define TFM_PS_GET_SUPPORT 1005 -+/* PS / ITS message types that distinguish PS services. */ -+#define TFM_PS_ITS_SET 1001 -+#define TFM_PS_ITS_GET 1002 -+#define TFM_PS_ITS_GET_INFO 1003 -+#define TFM_PS_ITS_REMOVE 1004 -+#define TFM_PS_ITS_GET_SUPPORT 1005 - - /******** TFM_SP_ITS ********/ - #define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_SID (0x00000070U) -diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -index bda442a61d5c..0e1b48c0d2e2 100644 ---- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -@@ -31,8 +31,8 @@ static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id, - - ipc->client.rpc_status = TS_RPC_CALL_ACCEPTED; - -- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -- TFM_PS_SET, in_vec, IOVEC_LEN(in_vec), NULL, 0); -+ psa_status = psa_call(caller, ipc->service_handle, TFM_PS_ITS_SET, -+ in_vec, IOVEC_LEN(in_vec), NULL, 0); - if (psa_status < 0) - EMSG("ipc_set: psa_call failed: %d", psa_status); - -@@ -65,8 +65,8 @@ static psa_status_t secure_storage_ipc_get(void *context, - return PSA_ERROR_INVALID_ARGUMENT; - } - -- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -- TFM_PS_GET, in_vec, IOVEC_LEN(in_vec), -+ psa_status = psa_call(caller, ipc->service_handle, -+ TFM_PS_ITS_GET, in_vec, IOVEC_LEN(in_vec), - out_vec, IOVEC_LEN(out_vec)); - if (psa_status == PSA_SUCCESS) - *p_data_length = out_vec[0].len; -@@ -92,8 +92,8 @@ static psa_status_t secure_storage_ipc_get_info(void *context, - - (void)client_id; - -- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -- TFM_PS_GET_INFO, in_vec, -+ psa_status = psa_call(caller, ipc->service_handle, -+ TFM_PS_ITS_GET_INFO, in_vec, - IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); - if (psa_status != PSA_SUCCESS) - EMSG("ipc_get_info: failed to psa_call: %d", psa_status); -@@ -115,8 +115,8 @@ static psa_status_t secure_storage_ipc_remove(void *context, - - (void)client_id; - -- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -- TFM_PS_REMOVE, in_vec, -+ psa_status = psa_call(caller, ipc->service_handle, -+ TFM_PS_ITS_REMOVE, in_vec, - IOVEC_LEN(in_vec), NULL, 0); - if (psa_status != PSA_SUCCESS) - EMSG("ipc_remove: failed to psa_call: %d", psa_status); -@@ -169,8 +169,8 @@ static uint32_t secure_storage_get_support(void *context, uint32_t client_id) - - (void)client_id; - -- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -- TFM_PS_GET_SUPPORT, NULL, 0, -+ psa_status = psa_call(caller, ipc->service_handle, -+ TFM_PS_ITS_GET_SUPPORT, NULL, 0, - out_vec, IOVEC_LEN(out_vec)); - if (psa_status != PSA_SUCCESS) - EMSG("ipc_get_support: failed to psa_call: %d", psa_status); -diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h -index e8c1e8fd2f92..d9949f6a9305 100644 ---- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h -+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h -@@ -21,6 +21,7 @@ struct secure_storage_ipc - { - struct storage_backend backend; - struct service_client client; -+ int32_t service_handle; - }; - - /** -diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c -index 4b8cceccbe4d..1110ac46bf8b 100644 ---- a/deployments/se-proxy/common/service_proxy_factory.c -+++ b/deployments/se-proxy/common/service_proxy_factory.c -@@ -5,6 +5,7 @@ - */ - - #include <stddef.h> -+#include <psa/sid.h> - #include <rpc/common/endpoint/rpc_interface.h> - #include <rpc/openamp/caller/sp/openamp_caller.h> - #include <service/attestation/provider/attest_provider.h> -@@ -60,23 +61,30 @@ struct rpc_interface *ps_proxy_create(void) - { - static struct secure_storage_provider ps_provider; - static struct secure_storage_ipc ps_backend; -- static struct rpc_caller *storage_caller; -+ struct rpc_caller *storage_caller; - struct storage_backend *backend; - - storage_caller = openamp_caller_init(&openamp); - if (!storage_caller) - return NULL; - backend = secure_storage_ipc_init(&ps_backend, &openamp.rpc_caller); -+ ps_backend.service_handle = TFM_PROTECTED_STORAGE_SERVICE_HANDLE; - - return secure_storage_provider_init(&ps_provider, backend); - } - - struct rpc_interface *its_proxy_create(void) - { -- static struct mock_store its_backend; -- static struct secure_storage_provider its_provider; -- -- struct storage_backend *backend = mock_store_init(&its_backend); -- -- return secure_storage_provider_init(&its_provider, backend); -+ static struct secure_storage_provider its_provider; -+ static struct secure_storage_ipc its_backend; -+ struct rpc_caller *storage_caller; -+ struct storage_backend *backend; -+ -+ storage_caller = openamp_caller_init(&openamp); -+ if (!storage_caller) -+ return NULL; -+ backend = secure_storage_ipc_init(&its_backend, &openamp.rpc_caller); -+ its_backend.service_handle = TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE; -+ -+ return secure_storage_provider_init(&its_provider, backend); - } --- -2.38.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch deleted file mode 100644 index 67ea7b8c56..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch +++ /dev/null @@ -1,2570 +0,0 @@ -From 0b5d96b1a9f927dc141047600edf2249af7022c5 Mon Sep 17 00:00:00 2001 -From: Rui Miguel Silva <rui.silva@linaro.org> -Date: Thu, 9 Dec 2021 14:17:39 +0000 -Subject: [PATCH 12/20] add psa ipc crypto backend - -Add psa ipc crypto backend and attach it to se proxy -deployment. - -Upstream-Status: Pending -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - components/service/common/include/psa/sid.h | 73 +++++ - .../crypto/backend/psa_ipc/component.cmake | 21 ++ - .../backend/psa_ipc/crypto_ipc_backend.c | 26 ++ - .../backend/psa_ipc/crypto_ipc_backend.h | 70 ++++ - .../client/caller/psa_ipc/crypto_caller.h | 34 ++ - .../caller/psa_ipc/crypto_caller_aead.h | 252 +++++++++++++++ - .../crypto_caller_asymmetric_decrypt.h | 76 +++++ - .../crypto_caller_asymmetric_encrypt.h | 76 +++++ - .../caller/psa_ipc/crypto_caller_cipher.h | 246 +++++++++++++++ - .../caller/psa_ipc/crypto_caller_copy_key.h | 57 ++++ - .../psa_ipc/crypto_caller_destroy_key.h | 51 +++ - .../caller/psa_ipc/crypto_caller_export_key.h | 59 ++++ - .../psa_ipc/crypto_caller_export_public_key.h | 59 ++++ - .../psa_ipc/crypto_caller_generate_key.h | 55 ++++ - .../psa_ipc/crypto_caller_generate_random.h | 57 ++++ - .../crypto_caller_get_key_attributes.h | 56 ++++ - .../caller/psa_ipc/crypto_caller_hash.h | 220 +++++++++++++ - .../caller/psa_ipc/crypto_caller_import_key.h | 57 ++++ - .../psa_ipc/crypto_caller_key_attributes.h | 51 +++ - .../psa_ipc/crypto_caller_key_derivation.h | 298 ++++++++++++++++++ - .../client/caller/psa_ipc/crypto_caller_mac.h | 207 ++++++++++++ - .../caller/psa_ipc/crypto_caller_purge_key.h | 51 +++ - .../caller/psa_ipc/crypto_caller_sign_hash.h | 64 ++++ - .../psa_ipc/crypto_caller_verify_hash.h | 59 ++++ - .../crypto/include/psa/crypto_client_struct.h | 8 +- - .../service/crypto/include/psa/crypto_sizes.h | 2 +- - .../se-proxy/common/service_proxy_factory.c | 15 +- - .../providers/arm/corstone1000/platform.cmake | 2 + - 28 files changed, 2292 insertions(+), 10 deletions(-) - create mode 100644 components/service/crypto/backend/psa_ipc/component.cmake - create mode 100644 components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c - create mode 100644 components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h - -diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h -index 4a951d4a3502..7a29cc253bad 100644 ---- a/components/service/common/include/psa/sid.h -+++ b/components/service/common/include/psa/sid.h -@@ -37,6 +37,79 @@ extern "C" { - #define TFM_CRYPTO_VERSION (1U) - #define TFM_CRYPTO_HANDLE (0x40000100U) - -+/** -+ * \brief Define a progressive numerical value for each SID which can be used -+ * when dispatching the requests to the service -+ */ -+enum { -+ TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID = (0u), -+ TFM_CRYPTO_RESET_KEY_ATTRIBUTES_SID, -+ TFM_CRYPTO_OPEN_KEY_SID, -+ TFM_CRYPTO_CLOSE_KEY_SID, -+ TFM_CRYPTO_IMPORT_KEY_SID, -+ TFM_CRYPTO_DESTROY_KEY_SID, -+ TFM_CRYPTO_EXPORT_KEY_SID, -+ TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID, -+ TFM_CRYPTO_PURGE_KEY_SID, -+ TFM_CRYPTO_COPY_KEY_SID, -+ TFM_CRYPTO_HASH_COMPUTE_SID, -+ TFM_CRYPTO_HASH_COMPARE_SID, -+ TFM_CRYPTO_HASH_SETUP_SID, -+ TFM_CRYPTO_HASH_UPDATE_SID, -+ TFM_CRYPTO_HASH_FINISH_SID, -+ TFM_CRYPTO_HASH_VERIFY_SID, -+ TFM_CRYPTO_HASH_ABORT_SID, -+ TFM_CRYPTO_HASH_CLONE_SID, -+ TFM_CRYPTO_MAC_COMPUTE_SID, -+ TFM_CRYPTO_MAC_VERIFY_SID, -+ TFM_CRYPTO_MAC_SIGN_SETUP_SID, -+ TFM_CRYPTO_MAC_VERIFY_SETUP_SID, -+ TFM_CRYPTO_MAC_UPDATE_SID, -+ TFM_CRYPTO_MAC_SIGN_FINISH_SID, -+ TFM_CRYPTO_MAC_VERIFY_FINISH_SID, -+ TFM_CRYPTO_MAC_ABORT_SID, -+ TFM_CRYPTO_CIPHER_ENCRYPT_SID, -+ TFM_CRYPTO_CIPHER_DECRYPT_SID, -+ TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID, -+ TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID, -+ TFM_CRYPTO_CIPHER_GENERATE_IV_SID, -+ TFM_CRYPTO_CIPHER_SET_IV_SID, -+ TFM_CRYPTO_CIPHER_UPDATE_SID, -+ TFM_CRYPTO_CIPHER_FINISH_SID, -+ TFM_CRYPTO_CIPHER_ABORT_SID, -+ TFM_CRYPTO_AEAD_ENCRYPT_SID, -+ TFM_CRYPTO_AEAD_DECRYPT_SID, -+ TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID, -+ TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID, -+ TFM_CRYPTO_AEAD_GENERATE_NONCE_SID, -+ TFM_CRYPTO_AEAD_SET_NONCE_SID, -+ TFM_CRYPTO_AEAD_SET_LENGTHS_SID, -+ TFM_CRYPTO_AEAD_UPDATE_AD_SID, -+ TFM_CRYPTO_AEAD_UPDATE_SID, -+ TFM_CRYPTO_AEAD_FINISH_SID, -+ TFM_CRYPTO_AEAD_VERIFY_SID, -+ TFM_CRYPTO_AEAD_ABORT_SID, -+ TFM_CRYPTO_SIGN_MESSAGE_SID, -+ TFM_CRYPTO_VERIFY_MESSAGE_SID, -+ TFM_CRYPTO_SIGN_HASH_SID, -+ TFM_CRYPTO_VERIFY_HASH_SID, -+ TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID, -+ TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID, -+ TFM_CRYPTO_KEY_DERIVATION_SETUP_SID, -+ TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID, -+ TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID, -+ TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID, -+ TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID, -+ TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID, -+ TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID, -+ TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID, -+ TFM_CRYPTO_KEY_DERIVATION_ABORT_SID, -+ TFM_CRYPTO_RAW_KEY_AGREEMENT_SID, -+ TFM_CRYPTO_GENERATE_RANDOM_SID, -+ TFM_CRYPTO_GENERATE_KEY_SID, -+ TFM_CRYPTO_SID_MAX, -+}; -+ - /******** TFM_SP_PLATFORM ********/ - #define TFM_SP_PLATFORM_SYSTEM_RESET_SID (0x00000040U) - #define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION (1U) -diff --git a/components/service/crypto/backend/psa_ipc/component.cmake b/components/service/crypto/backend/psa_ipc/component.cmake -new file mode 100644 -index 000000000000..93c297a83ac6 ---- /dev/null -+++ b/components/service/crypto/backend/psa_ipc/component.cmake -@@ -0,0 +1,21 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+if (NOT DEFINED TGT) -+ message(FATAL_ERROR "mandatory parameter TGT is not defined.") -+endif() -+ -+target_sources(${TGT} PRIVATE -+ "${CMAKE_CURRENT_LIST_DIR}/crypto_ipc_backend.c" -+ ) -+ -+# The ipc crypto backend uses the psa crypto client to realize the -+# psa crypto API that the crypto provider depends on. This define -+# configures the psa crypto client to be built with the ipc crypto -+# caller. -+target_compile_definitions(${TGT} PRIVATE -+ PSA_CRYPTO_CLIENT_CALLER_SELECTION_H="service/crypto/client/caller/psa_ipc/crypto_caller.h" -+) -diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c -new file mode 100644 -index 000000000000..e47cd4ffb4ce ---- /dev/null -+++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c -@@ -0,0 +1,26 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#include <stddef.h> -+#include <psa/crypto.h> -+#include <service/crypto/client/psa/psa_crypto_client.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include "crypto_ipc_backend.h" -+ -+psa_status_t crypto_ipc_backend_init(struct rpc_caller *caller) -+{ -+ psa_status_t status = psa_crypto_client_init(caller); -+ -+ if (status == PSA_SUCCESS) -+ status = psa_crypto_init(); -+ -+ return status; -+} -+ -+void crypto_ipc_backend_deinit(void) -+{ -+ psa_crypto_client_deinit(); -+} -diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h -new file mode 100644 -index 000000000000..c13c20e84131 ---- /dev/null -+++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h -@@ -0,0 +1,70 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef CRYPTO_IPC_BACKEND_H -+#define CRYPTO_IPC_BACKEND_H -+ -+#include <service/crypto/client/psa/psa_crypto_client.h> -+#include <psa/error.h> -+#include <rpc_caller.h> -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+/** -+ * \brief This type is used to overcome a limitation in the number of maximum -+ * IOVECs that can be used especially in psa_aead_encrypt and -+ * psa_aead_decrypt. To be removed in case the AEAD APIs number of -+ * parameters passed gets restructured -+ */ -+#define TFM_CRYPTO_MAX_NONCE_LENGTH (16u) -+struct psa_ipc_crypto_aead_pack_input { -+ uint8_t nonce[TFM_CRYPTO_MAX_NONCE_LENGTH]; -+ uint32_t nonce_length; -+}; -+ -+struct psa_ipc_crypto_pack_iovec { -+ uint32_t sfn_id; /*!< Secure function ID used to dispatch the -+ * request -+ */ -+ uint16_t step; /*!< Key derivation step */ -+ psa_key_id_t key_id; /*!< Key id */ -+ psa_algorithm_t alg; /*!< Algorithm */ -+ uint32_t op_handle; /*!< Frontend context handle associated to a -+ * multipart operation -+ */ -+ uint32_t capacity; /*!< Key derivation capacity */ -+ -+ struct psa_ipc_crypto_aead_pack_input aead_in; /*!< FixMe: Temporarily used for -+ * AEAD until the API is -+ * restructured -+ */ -+}; -+ -+#define iov_size sizeof(struct psa_ipc_crypto_pack_iovec) -+ -+/** -+ * \brief Initialize the psa ipc crypto backend -+ * -+ * Initializes a crypto backend that uses the psa API client with a -+ * psa_ipc_backend caller to realize the PSA crypto API used by the crypto -+ * service proviser. -+ * -+ * \return PSA_SUCCESS if backend initialized successfully -+ */ -+psa_status_t crypto_ipc_backend_init(struct rpc_caller *caller); -+ -+/** -+ * \brief Clean-up to free any resource used by the crypto backend -+ */ -+void crypto_ipc_backend_deinit(void); -+ -+#ifdef __cplusplus -+} /* extern "C" */ -+#endif -+ -+#endif /* CRYPTO_IPC_BACKEND_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller.h -new file mode 100644 -index 000000000000..0a972187062f ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller.h -@@ -0,0 +1,34 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_H -+#define PSA_IPC_CRYPTO_CALLER_H -+ -+/** -+ * Includes all header files that form the psa ipc crypto caller -+ * interface. May be used by a client that needs to call operations -+ * provided by a crypto service instance using the psa ipc interface. -+ */ -+#include "crypto_caller_aead.h" -+#include "crypto_caller_asymmetric_decrypt.h" -+#include "crypto_caller_asymmetric_encrypt.h" -+#include "crypto_caller_cipher.h" -+#include "crypto_caller_copy_key.h" -+#include "crypto_caller_destroy_key.h" -+#include "crypto_caller_export_key.h" -+#include "crypto_caller_export_public_key.h" -+#include "crypto_caller_generate_key.h" -+#include "crypto_caller_generate_random.h" -+#include "crypto_caller_get_key_attributes.h" -+#include "crypto_caller_hash.h" -+#include "crypto_caller_import_key.h" -+#include "crypto_caller_key_derivation.h" -+#include "crypto_caller_mac.h" -+#include "crypto_caller_purge_key.h" -+#include "crypto_caller_sign_hash.h" -+#include "crypto_caller_verify_hash.h" -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h -new file mode 100644 -index 000000000000..78517fe32ca9 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h -@@ -0,0 +1,252 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_AEAD_H -+#define PSA_IPC_CRYPTO_CALLER_AEAD_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_aead_encrypt( -+ struct service_client *context, -+ psa_key_id_t key, -+ psa_algorithm_t alg, -+ const uint8_t *nonce, -+ size_t nonce_length, -+ const uint8_t *additional_data, -+ size_t additional_data_length, -+ const uint8_t *plaintext, -+ size_t plaintext_length, -+ uint8_t *aeadtext, -+ size_t aeadtext_size, -+ size_t *aeadtext_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ size_t in_len; -+ int i; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SID, -+ .key_id = key, -+ .alg = alg, -+ .aead_in = { .nonce = {0}, .nonce_length = nonce_length }, -+ }; -+ -+ if (!additional_data && additional_data_length) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(plaintext), -+ .len = plaintext_length }, -+ { .base = psa_ptr_const_to_u32(additional_data), -+ .len = additional_data_length}, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(aeadtext), .len = aeadtext_size }, -+ }; -+ -+ if (nonce_length > TFM_CRYPTO_MAX_NONCE_LENGTH) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ if (nonce) { -+ for (i = 0; i < nonce_length; i++) -+ iov.aead_in.nonce[i] = nonce[i]; -+ } -+ -+ in_len = IOVEC_LEN(in_vec); -+ -+ if (!additional_data) -+ in_len--; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ in_len, out_vec, IOVEC_LEN(out_vec)); -+ -+ *aeadtext_length = out_vec[0].len; -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_aead_decrypt( -+ struct service_client *context, -+ psa_key_id_t key, -+ psa_algorithm_t alg, -+ const uint8_t *nonce, -+ size_t nonce_length, -+ const uint8_t *additional_data, -+ size_t additional_data_length, -+ const uint8_t *aeadtext, -+ size_t aeadtext_length, -+ uint8_t *plaintext, -+ size_t plaintext_size, -+ size_t *plaintext_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ size_t in_len; -+ int i; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SID, -+ .key_id = key, -+ .alg = alg, -+ .aead_in = { .nonce = {0}, .nonce_length = nonce_length }, -+ }; -+ -+ if (!additional_data && additional_data_length) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(aeadtext), -+ .len = aeadtext_length }, -+ { .base = psa_ptr_const_to_u32(additional_data), -+ .len = additional_data_length}, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(plaintext), .len = plaintext_size }, -+ }; -+ -+ if (nonce_length > TFM_CRYPTO_MAX_NONCE_LENGTH) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ if (nonce) { -+ for (i = 0; i < nonce_length; i++) -+ iov.aead_in.nonce[i] = nonce[i]; -+ } -+ -+ in_len = IOVEC_LEN(in_vec); -+ -+ if (!additional_data) -+ in_len--; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ in_len, out_vec, IOVEC_LEN(out_vec)); -+ -+ *plaintext_length = out_vec[0].len; -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_aead_encrypt_setup( -+ struct service_client *context, -+ uint32_t *op_handle, -+ psa_key_id_t key, -+ psa_algorithm_t alg) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_decrypt_setup( -+ struct service_client *context, -+ uint32_t *op_handle, -+ psa_key_id_t key, -+ psa_algorithm_t alg) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_generate_nonce( -+ struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *nonce, -+ size_t nonce_size, -+ size_t *nonce_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_set_nonce( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *nonce, -+ size_t nonce_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_set_lengths( -+ struct service_client *context, -+ uint32_t op_handle, -+ size_t ad_length, -+ size_t plaintext_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_update_ad( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *input, -+ size_t input_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_update( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *input, -+ size_t input_length, -+ uint8_t *output, -+ size_t output_size, -+ size_t *output_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_finish( -+ struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *aeadtext, -+ size_t aeadtext_size, -+ size_t *aeadtext_length, -+ uint8_t *tag, -+ size_t tag_size, -+ size_t *tag_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_verify( -+ struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *plaintext, -+ size_t plaintext_size, -+ size_t *plaintext_length, -+ const uint8_t *tag, -+ size_t tag_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_abort( -+ struct service_client *context, -+ uint32_t op_handle) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_AEAD_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h -new file mode 100644 -index 000000000000..ff01815c09e9 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h -@@ -0,0 +1,76 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_DECRYPT_H -+#define PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_DECRYPT_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_asymmetric_decrypt( -+ struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *input, size_t input_length, -+ const uint8_t *salt, size_t salt_length, -+ uint8_t *output, size_t output_size, -+ size_t *output_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ size_t in_len; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID, -+ .key_id = id, -+ .alg = alg, -+ }; -+ -+ /* Sanitize optional input */ -+ if (!salt && salt_length) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(input), .len = input_length }, -+ { .base = psa_ptr_const_to_u32(salt), .len = salt_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(output), .len = output_size }, -+ }; -+ -+ -+ in_len = IOVEC_LEN(in_vec); -+ if (!salt) -+ in_len--; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ in_len, out_vec, IOVEC_LEN(out_vec)); -+ -+ *output_length = out_vec[0].len; -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_DECRYPT_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h -new file mode 100644 -index 000000000000..1daf1689c076 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h -@@ -0,0 +1,76 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_ENCRYPT_H -+#define PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_ENCRYPT_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_asymmetric_encrypt( -+ struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *input, size_t input_length, -+ const uint8_t *salt, size_t salt_length, -+ uint8_t *output, size_t output_size, -+ size_t *output_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ size_t in_len; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID, -+ .key_id = id, -+ .alg = alg, -+ }; -+ -+ /* Sanitize optional input */ -+ if (!salt && salt_length) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(input), .len = input_length }, -+ { .base = psa_ptr_const_to_u32(salt), .len = salt_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(output), .len = output_size }, -+ }; -+ -+ -+ in_len = IOVEC_LEN(in_vec); -+ if (!salt) -+ in_len--; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ in_len, out_vec, IOVEC_LEN(out_vec)); -+ -+ *output_length = out_vec[0].len; -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_ENCRYPT_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h -new file mode 100644 -index 000000000000..fbefb28d813a ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h -@@ -0,0 +1,246 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_CIPHER_H -+#define PSA_IPC_CRYPTO_CALLER_CIPHER_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_cipher_encrypt_setup( -+ struct service_client *context, -+ uint32_t *op_handle, -+ psa_key_id_t key, -+ psa_algorithm_t alg) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID, -+ .key_id = key, -+ .alg = alg, -+ .op_handle = *op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_cipher_decrypt_setup( -+ struct service_client *context, -+ uint32_t *op_handle, -+ psa_key_id_t key, -+ psa_algorithm_t alg) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID, -+ .key_id = key, -+ .alg = alg, -+ .op_handle = *op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_cipher_generate_iv( -+ struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *iv, -+ size_t iv_size, -+ size_t *iv_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_CIPHER_GENERATE_IV_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ { .base = psa_ptr_to_u32(iv), .len = iv_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *iv_length = out_vec[1].len; -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_cipher_set_iv( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *iv, -+ size_t iv_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_CIPHER_SET_IV_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(iv), .len = iv_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_cipher_update( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *input, -+ size_t input_length, -+ uint8_t *output, -+ size_t output_size, -+ size_t *output_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_CIPHER_UPDATE_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(input), .len = input_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ { .base = psa_ptr_to_u32(output), .len = output_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *output_length = out_vec[1].len; -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_cipher_finish( -+ struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *output, -+ size_t output_size, -+ size_t *output_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_CIPHER_FINISH_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ { .base = psa_ptr_to_u32(output), .len = output_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *output_length = out_vec[1].len; -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_cipher_abort( -+ struct service_client *context, -+ uint32_t op_handle) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_CIPHER_ABORT_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline size_t crypto_caller_cipher_max_update_size(const struct service_client *context) -+{ -+ /* Returns the maximum number of bytes that may be -+ * carried as a parameter of the cipher_update operation -+ * using the ipc encoding. -+ */ -+ size_t payload_space = context->service_info.max_payload; -+ size_t overhead = iov_size; -+ -+ /* Allow for output to be a whole number of blocks */ -+ overhead += PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE; -+ -+ return (payload_space > overhead) ? payload_space - overhead : 0; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_CIPHER_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h -new file mode 100644 -index 000000000000..9a988171b098 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h -@@ -0,0 +1,57 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_COPY_KEY_H -+#define PSA_IPC_CRYPTO_CALLER_COPY_KEY_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_copy_key(struct service_client *context, -+ psa_key_id_t source_key, -+ const psa_key_attributes_t *attributes, -+ psa_key_id_t *target_key) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_COPY_KEY_SID, -+ .key_id = source_key, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ { .base = psa_ptr_const_to_u32(attributes), .len = sizeof(psa_key_attributes_t) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(target_key), .len = sizeof(psa_key_id_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_COPY_KEY_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h -new file mode 100644 -index 000000000000..d00f4faa7a52 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h -@@ -0,0 +1,51 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_DESTROY_KEY_H -+#define PSA_IPC_CRYPTO_CALLER_DESTROY_KEY_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_destroy_key(struct service_client *context, -+ psa_key_id_t id) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_DESTROY_KEY_SID, -+ .key_id = id, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), NULL, 0); -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_DESTROY_KEY_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h -new file mode 100644 -index 000000000000..8ac5477f7b9a ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h -@@ -0,0 +1,59 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_EXPORT_KEY_H -+#define PSA_IPC_CRYPTO_CALLER_EXPORT_KEY_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_export_key(struct service_client *context, -+ psa_key_id_t id, -+ uint8_t *data, -+ size_t data_size, -+ size_t *data_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_EXPORT_KEY_SID, -+ .key_id = id, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(data), .len = data_size } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *data_length = out_vec[0].len; -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_EXPORT_KEY_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h -new file mode 100644 -index 000000000000..b24c47f1257e ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h -@@ -0,0 +1,59 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_EXPORT_PUBLIC_KEY_H -+#define PSA_IPC_CRYPTO_CALLER_EXPORT_PUBLIC_KEY_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_export_public_key(struct service_client *context, -+ psa_key_id_t id, -+ uint8_t *data, -+ size_t data_size, -+ size_t *data_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID, -+ .key_id = id, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(data), .len = data_size } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *data_length = out_vec[0].len; -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_EXPORT_PUBLIC_KEY_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h -new file mode 100644 -index 000000000000..1b66ed4020de ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h -@@ -0,0 +1,55 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_GENERATE_KEY_H -+#define PSA_IPC_CRYPTO_CALLER_GENERATE_KEY_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_generate_key(struct service_client *context, -+ const psa_key_attributes_t *attributes, -+ psa_key_id_t *id) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_GENERATE_KEY_SID, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ { .base = psa_ptr_const_to_u32(attributes), .len = sizeof(psa_key_attributes_t) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(id), .len = sizeof(psa_key_id_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_GENERATE_KEY_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h -new file mode 100644 -index 000000000000..7c538237805a ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h -@@ -0,0 +1,57 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_GENERATE_RANDOM_H -+#define PSA_IPC_CRYPTO_CALLER_GENERATE_RANDOM_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_generate_random(struct service_client *context, -+ uint8_t *output, -+ size_t output_size) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_GENERATE_RANDOM_SID, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(output), .len = output_size } -+ }; -+ -+ if (!output_size) -+ return PSA_SUCCESS; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_GENERATE_RANDOM_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h -new file mode 100644 -index 000000000000..22f1d18f1476 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h -@@ -0,0 +1,56 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_GET_KEY_ATTRIBUTES_H -+#define PSA_IPC_CRYPTO_CALLER_GET_KEY_ATTRIBUTES_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_get_key_attributes( -+ struct service_client *context, -+ psa_key_id_t key, -+ psa_key_attributes_t *attributes) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID, -+ .key_id = key, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(attributes), .len = sizeof(psa_key_attributes_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_GET_KEY_ATTRIBUTES_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h -new file mode 100644 -index 000000000000..9f37908a2f25 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h -@@ -0,0 +1,220 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_HASH_H -+#define PSA_IPC_CRYPTO_CALLER_HASH_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_hash_setup( -+ struct service_client *context, -+ uint32_t *op_handle, -+ psa_algorithm_t alg) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_HASH_SETUP_SID, -+ .alg = alg, -+ .op_handle = *op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_hash_update( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *input, -+ size_t input_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_HASH_UPDATE_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(input), .len = input_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_hash_finish( -+ struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *hash, -+ size_t hash_size, -+ size_t *hash_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_HASH_FINISH_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ { .base = psa_ptr_to_u32(hash), .len = hash_size}, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *hash_length = out_vec[1].len; -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_hash_abort( -+ struct service_client *context, -+ uint32_t op_handle) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_HASH_ABORT_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_hash_verify( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *hash, -+ size_t hash_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_HASH_VERIFY_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(hash), .len = hash_length}, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_hash_clone( -+ struct service_client *context, -+ uint32_t source_op_handle, -+ uint32_t *target_op_handle) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_HASH_CLONE_SID, -+ .op_handle = source_op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(target_op_handle), -+ .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_hash_suspend(struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *hash_state, -+ size_t hash_state_size, -+ size_t *hash_state_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_hash_resume(struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *hash_state, -+ size_t hash_state_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline size_t crypto_caller_hash_max_update_size(const struct service_client *context) -+{ -+ /* Returns the maximum number of bytes that may be -+ * carried as a parameter of the hash_update operation -+ * using the packed-c encoding. -+ */ -+ size_t payload_space = context->service_info.max_payload; -+ size_t overhead = iov_size; -+ -+ return (payload_space > overhead) ? payload_space - overhead : 0; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_HASH_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h -new file mode 100644 -index 000000000000..d47033662790 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h -@@ -0,0 +1,57 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_IMPORT_KEY_H -+#define PSA_IPC_CRYPTO_CALLER_IMPORT_KEY_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_import_key(struct service_client *context, -+ const psa_key_attributes_t *attributes, -+ const uint8_t *data, size_t data_length, -+ psa_key_id_t *id) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_IMPORT_KEY_SID, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ { .base = psa_ptr_const_to_u32(attributes), .len = sizeof(psa_key_attributes_t) }, -+ { .base = psa_ptr_const_to_u32(data), .len = data_length } -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(id), .len = sizeof(psa_key_id_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PACKEDC_CRYPTO_CALLER_IMPORT_KEY_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h -new file mode 100644 -index 000000000000..2fad2f0a64e6 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h -@@ -0,0 +1,51 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PACKEDC_CRYPTO_CALLER_KEY_ATTRIBUTES_H -+#define PACKEDC_CRYPTO_CALLER_KEY_ATTRIBUTES_H -+ -+#include <psa/crypto.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline void packedc_crypto_caller_translate_key_attributes_to_proto( -+ struct ts_crypto_key_attributes *proto_attributes, -+ const psa_key_attributes_t *psa_attributes) -+{ -+ proto_attributes->type = psa_get_key_type(psa_attributes); -+ proto_attributes->key_bits = psa_get_key_bits(psa_attributes); -+ proto_attributes->lifetime = psa_get_key_lifetime(psa_attributes); -+ proto_attributes->id = psa_get_key_id(psa_attributes); -+ -+ proto_attributes->policy.usage = psa_get_key_usage_flags(psa_attributes); -+ proto_attributes->policy.alg = psa_get_key_algorithm(psa_attributes); -+ } -+ -+static inline void packedc_crypto_caller_translate_key_attributes_from_proto( -+ psa_key_attributes_t *psa_attributes, -+ const struct ts_crypto_key_attributes *proto_attributes) -+{ -+ psa_set_key_type(psa_attributes, proto_attributes->type); -+ psa_set_key_bits(psa_attributes, proto_attributes->key_bits); -+ psa_set_key_lifetime(psa_attributes, proto_attributes->lifetime); -+ -+ if (proto_attributes->lifetime == PSA_KEY_LIFETIME_PERSISTENT) { -+ -+ psa_set_key_id(psa_attributes, proto_attributes->id); -+ } -+ -+ psa_set_key_usage_flags(psa_attributes, proto_attributes->policy.usage); -+ psa_set_key_algorithm(psa_attributes, proto_attributes->policy.alg); -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PACKEDC_CRYPTO_CALLER_KEY_ATTRIBUTES_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h -new file mode 100644 -index 000000000000..5ce4fb6cca82 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h -@@ -0,0 +1,298 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_KEY_DERIVATION_H -+#define PSA_IPC_CRYPTO_CALLER_KEY_DERIVATION_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_key_derivation_setup( -+ struct service_client *context, -+ uint32_t *op_handle, -+ psa_algorithm_t alg) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_SETUP_SID, -+ .alg = alg, -+ .op_handle = *op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_key_derivation_get_capacity( -+ struct service_client *context, -+ const uint32_t op_handle, -+ size_t *capacity) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(capacity), .len = sizeof(uint32_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_key_derivation_set_capacity( -+ struct service_client *context, -+ uint32_t op_handle, -+ size_t capacity) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID, -+ .capacity = capacity, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), NULL, 0); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_key_derivation_input_bytes( -+ struct service_client *context, -+ uint32_t op_handle, -+ psa_key_derivation_step_t step, -+ const uint8_t *data, -+ size_t data_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID, -+ .step = step, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(data), .len = data_length }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), NULL, 0); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_key_derivation_input_key( -+ struct service_client *context, -+ uint32_t op_handle, -+ psa_key_derivation_step_t step, -+ psa_key_id_t key) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID, -+ .key_id = key, -+ .step = step, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), NULL, 0); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_key_derivation_output_bytes( -+ struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *output, -+ size_t output_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(output), .len = output_length }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_key_derivation_output_key( -+ struct service_client *context, -+ const psa_key_attributes_t *attributes, -+ uint32_t op_handle, -+ psa_key_id_t *key) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(attributes), -+ .len = sizeof(psa_key_attributes_t) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(key), .len = sizeof(psa_key_id_t)}, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_key_derivation_abort( -+ struct service_client *context, -+ uint32_t op_handle) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_ABORT_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_key_derivation_key_agreement( -+ struct service_client *context, -+ uint32_t op_handle, -+ psa_key_derivation_step_t step, -+ psa_key_id_t private_key, -+ const uint8_t *peer_key, -+ size_t peer_key_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID, -+ .key_id = private_key, -+ .step = step, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(peer_key), -+ .len = peer_key_length}, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), NULL, 0); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_raw_key_agreement( -+ struct service_client *context, -+ psa_algorithm_t alg, -+ psa_key_id_t private_key, -+ const uint8_t *peer_key, -+ size_t peer_key_length, -+ uint8_t *output, -+ size_t output_size, -+ size_t *output_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_RAW_KEY_AGREEMENT_SID, -+ .alg = alg, -+ .key_id = private_key, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(peer_key), -+ .len = peer_key_length}, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(output), .len = output_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *output_length = out_vec[0].len; -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_KEY_DERIVATION_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h -new file mode 100644 -index 000000000000..3a820192495a ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h -@@ -0,0 +1,207 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_MAC_H -+#define PSA_IPC_CRYPTO_CALLER_MAC_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_mac_sign_setup( -+ struct service_client *context, -+ uint32_t *op_handle, -+ psa_key_id_t key, -+ psa_algorithm_t alg) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_MAC_SIGN_SETUP_SID, -+ .key_id = key, -+ .alg = alg, -+ .op_handle = *op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_mac_verify_setup( -+ struct service_client *context, -+ uint32_t *op_handle, -+ psa_key_id_t key, -+ psa_algorithm_t alg) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_MAC_VERIFY_SETUP_SID, -+ .key_id = key, -+ .alg = alg, -+ .op_handle = *op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_mac_update( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *input, -+ size_t input_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_MAC_UPDATE_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(input), .len = input_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_mac_sign_finish( -+ struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *mac, -+ size_t mac_size, -+ size_t *mac_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_MAC_SIGN_FINISH_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ { .base = psa_ptr_to_u32(mac), .len = mac_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *mac_length = out_vec[1].len; -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_mac_verify_finish( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *mac, -+ size_t mac_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_MAC_VERIFY_FINISH_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(mac), .len = mac_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_mac_abort( -+ struct service_client *context, -+ uint32_t op_handle) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_MAC_ABORT_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline size_t crypto_caller_mac_max_update_size(const struct service_client *context) -+{ -+ /* Returns the maximum number of bytes that may be -+ * carried as a parameter of the mac_update operation -+ * using the packed-c encoding. -+ */ -+ size_t payload_space = context->service_info.max_payload; -+ size_t overhead = iov_size; -+ -+ return (payload_space > overhead) ? payload_space - overhead : 0; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_MAC_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h -new file mode 100644 -index 000000000000..a3a796e2166c ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h -@@ -0,0 +1,51 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PACKEDC_CRYPTO_CALLER_PURGE_KEY_H -+#define PACKEDC_CRYPTO_CALLER_PURGE_KEY_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_purge_key(struct service_client *context, -+ psa_key_id_t id) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_PURGE_KEY_SID, -+ .key_id = id, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), NULL, 0); -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PACKEDC_CRYPTO_CALLER_PURGE_KEY_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h -new file mode 100644 -index 000000000000..71d88cededf5 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h -@@ -0,0 +1,64 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_SIGN_HASH_H -+#define PSA_IPC_CRYPTO_CALLER_SIGN_HASH_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_sign_hash(struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *hash, -+ size_t hash_length, -+ uint8_t *signature, -+ size_t signature_size, -+ size_t *signature_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_SIGN_HASH_SID, -+ .key_id = id, -+ .alg = alg, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(hash), .len = hash_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(signature), .len = signature_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *signature_length = out_vec[0].len; -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_SIGN_HASH_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h -new file mode 100644 -index 000000000000..e16f6e5450af ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h -@@ -0,0 +1,59 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_VERIFY_HASH_H -+#define PSA_IPC_CRYPTO_CALLER_VERIFY_HASH_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_verify_hash(struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *hash, -+ size_t hash_length, -+ const uint8_t *signature, -+ size_t signature_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_VERIFY_HASH_SID, -+ .key_id = id, -+ .alg = alg, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ { .base = psa_ptr_const_to_u32(hash), .len = hash_length }, -+ { .base = psa_ptr_const_to_u32(signature), .len = signature_length}, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), NULL, 0); -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_VERIFY_HASH_H */ -diff --git a/components/service/crypto/include/psa/crypto_client_struct.h b/components/service/crypto/include/psa/crypto_client_struct.h -index abd420c82607..bf95c9821e55 100644 ---- a/components/service/crypto/include/psa/crypto_client_struct.h -+++ b/components/service/crypto/include/psa/crypto_client_struct.h -@@ -31,12 +31,12 @@ extern "C" { - * data structure internally. */ - struct psa_client_key_attributes_s - { -+ uint16_t type; -+ uint16_t bits; - uint32_t lifetime; -- uint32_t id; -- uint32_t alg; -+ psa_key_id_t id; - uint32_t usage; -- size_t bits; -- uint16_t type; -+ uint32_t alg; - }; - - #define PSA_CLIENT_KEY_ATTRIBUTES_INIT {0, 0, 0, 0, 0, 0} -diff --git a/components/service/crypto/include/psa/crypto_sizes.h b/components/service/crypto/include/psa/crypto_sizes.h -index 7a0149bbca62..4d7bf6e959b0 100644 ---- a/components/service/crypto/include/psa/crypto_sizes.h -+++ b/components/service/crypto/include/psa/crypto_sizes.h -@@ -81,7 +81,7 @@ - #define PSA_HASH_MAX_SIZE 64 - #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128 - #else --#define PSA_HASH_MAX_SIZE 32 -+#define PSA_HASH_MAX_SIZE 64 - #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64 - #endif - -diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c -index 1110ac46bf8b..7edeef8b434a 100644 ---- a/deployments/se-proxy/common/service_proxy_factory.c -+++ b/deployments/se-proxy/common/service_proxy_factory.c -@@ -15,7 +15,7 @@ - #include <trace.h> - - /* Stub backends */ --#include <service/crypto/backend/stub/stub_crypto_backend.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> - #include <service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h> - #include <service/secure_storage/backend/mock_store/mock_store.h> - -@@ -47,12 +47,17 @@ struct rpc_interface *crypto_proxy_create(void) - { - struct rpc_interface *crypto_iface = NULL; - struct crypto_provider *crypto_provider; -+ struct rpc_caller *crypto_caller; - -- if (stub_crypto_backend_init() == PSA_SUCCESS) { -+ crypto_caller = openamp_caller_init(&openamp); -+ if (!crypto_caller) -+ return NULL; -+ -+ if (crypto_ipc_backend_init(&openamp.rpc_caller) != PSA_SUCCESS) -+ return NULL; - -- crypto_provider = crypto_provider_factory_create(); -- crypto_iface = service_provider_get_rpc_interface(&crypto_provider->base_provider); -- } -+ crypto_provider = crypto_provider_factory_create(); -+ crypto_iface = service_provider_get_rpc_interface(&crypto_provider->base_provider); - - return crypto_iface; - } -diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake -index bb778bb9719b..51e5faa3e4d8 100644 ---- a/platform/providers/arm/corstone1000/platform.cmake -+++ b/platform/providers/arm/corstone1000/platform.cmake -@@ -8,3 +8,5 @@ - - # include MHU driver - include(${TS_ROOT}/platform/drivers/arm/mhu_driver/component.cmake) -+ -+add_compile_definitions(MBEDTLS_ECP_DP_SECP521R1_ENABLED) --- -2.38.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch deleted file mode 100644 index 22b1da6906..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 229ec29154a4404426ad3083af68ca111a214e13 Mon Sep 17 00:00:00 2001 -From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> -Date: Thu, 16 Dec 2021 21:31:40 +0000 -Subject: [PATCH 14/20] Configure storage size - -Upstream-Status: Pending -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - .../service/smm_variable/backend/uefi_variable_store.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c -index 611e2e225c6b..6c3b9ed81c25 100644 ---- a/components/service/smm_variable/backend/uefi_variable_store.c -+++ b/components/service/smm_variable/backend/uefi_variable_store.c -@@ -88,6 +88,7 @@ static efi_status_t check_name_terminator( - * may be overridden using uefi_variable_store_set_storage_limits() - */ - #define DEFAULT_MAX_VARIABLE_SIZE (2048) -+#define CONFIGURE_STORAGE_SIZE (50) - - efi_status_t uefi_variable_store_init( - struct uefi_variable_store *context, -@@ -101,13 +102,13 @@ efi_status_t uefi_variable_store_init( - /* Initialise persistent store defaults */ - context->persistent_store.is_nv = true; - context->persistent_store.max_variable_size = DEFAULT_MAX_VARIABLE_SIZE; -- context->persistent_store.total_capacity = DEFAULT_MAX_VARIABLE_SIZE * max_variables; -+ context->persistent_store.total_capacity = CONFIGURE_STORAGE_SIZE * max_variables; - context->persistent_store.storage_backend = persistent_store; - - /* Initialise volatile store defaults */ - context->volatile_store.is_nv = false; - context->volatile_store.max_variable_size = DEFAULT_MAX_VARIABLE_SIZE; -- context->volatile_store.total_capacity = DEFAULT_MAX_VARIABLE_SIZE * max_variables; -+ context->volatile_store.total_capacity = CONFIGURE_STORAGE_SIZE * max_variables; - context->volatile_store.storage_backend = volatile_store; - - context->owner_id = owner_id; --- -2.38.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch deleted file mode 100644 index 426f2ca5c4..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch +++ /dev/null @@ -1,31 +0,0 @@ -From cf83184500703f9b4f2ac04be59cc7d624d8fd66 Mon Sep 17 00:00:00 2001 -From: Satish Kumar <satish.kumar01@arm.com> -Date: Sun, 13 Feb 2022 09:01:10 +0000 -Subject: [PATCH 15/20] Fix: Crypto interface structure aligned with tf-m - change. - -NO NEED TO RAISE PR: The PR for this FIX is raied by Emek. - -Upstream-Status: Pending -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h -index c13c20e84131..ec25eaf868c7 100644 ---- a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h -+++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h -@@ -38,7 +38,8 @@ struct psa_ipc_crypto_pack_iovec { - * multipart operation - */ - uint32_t capacity; /*!< Key derivation capacity */ -- -+ uint32_t ad_length; /*!< Additional Data length for multipart AEAD */ -+ uint32_t plaintext_length; /*!< Plaintext length for multipart AEAD */ - struct psa_ipc_crypto_aead_pack_input aead_in; /*!< FixMe: Temporarily used for - * AEAD until the API is - * restructured --- -2.38.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch deleted file mode 100644 index a59d140023..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch +++ /dev/null @@ -1,494 +0,0 @@ -From 551d8722769fa2f2d2ac74adcb289333a9b03598 Mon Sep 17 00:00:00 2001 -From: Satish Kumar <satish.kumar01@arm.com> -Date: Sun, 13 Feb 2022 09:49:51 +0000 -Subject: [PATCH 16/20] Integrate remaining psa-ipc client APIs. - -Upstream-Status: Pending -Signed-off-by: Satish Kumar <satish.kumar01@arm.com> -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - .../caller/psa_ipc/crypto_caller_aead.h | 297 +++++++++++++++++- - .../caller/psa_ipc/crypto_caller_sign_hash.h | 35 +++ - .../psa_ipc/crypto_caller_verify_hash.h | 33 +- - 3 files changed, 352 insertions(+), 13 deletions(-) - -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h -index 78517fe32ca9..f6aadd8b9098 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h -@@ -152,7 +152,27 @@ static inline psa_status_t crypto_caller_aead_encrypt_setup( - psa_key_id_t key, - psa_algorithm_t alg) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID, -+ .key_id = key, -+ .alg = alg, -+ .op_handle = (*op_handle), -+ }; -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)} -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t)} -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; - } - - static inline psa_status_t crypto_caller_aead_decrypt_setup( -@@ -161,7 +181,26 @@ static inline psa_status_t crypto_caller_aead_decrypt_setup( - psa_key_id_t key, - psa_algorithm_t alg) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID, -+ .key_id = key, -+ .alg = alg, -+ .op_handle = (*op_handle), -+ }; -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)} -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t)} -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ return status; - } - - static inline psa_status_t crypto_caller_aead_generate_nonce( -@@ -171,7 +210,27 @@ static inline psa_status_t crypto_caller_aead_generate_nonce( - size_t nonce_size, - size_t *nonce_length) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID, -+ .op_handle = op_handle, -+ }; -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}, -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}, -+ {.base = psa_ptr_to_u32(nonce), .len = nonce_size} -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *nonce_length = out_vec[1].len; -+ return status; - } - - static inline psa_status_t crypto_caller_aead_set_nonce( -@@ -180,7 +239,25 @@ static inline psa_status_t crypto_caller_aead_set_nonce( - const uint8_t *nonce, - size_t nonce_length) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_SET_NONCE_SID, -+ .op_handle = op_handle, -+ }; -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}, -+ {.base = psa_ptr_to_u32(nonce), .len = nonce_length} -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)} -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ return status; - } - - static inline psa_status_t crypto_caller_aead_set_lengths( -@@ -189,7 +266,27 @@ static inline psa_status_t crypto_caller_aead_set_lengths( - size_t ad_length, - size_t plaintext_length) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID, -+ .ad_length = ad_length, -+ .plaintext_length = plaintext_length, -+ .op_handle = op_handle, -+ }; -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}, -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)} -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; - } - - static inline psa_status_t crypto_caller_aead_update_ad( -@@ -198,7 +295,35 @@ static inline psa_status_t crypto_caller_aead_update_ad( - const uint8_t *input, - size_t input_length) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID, -+ .op_handle = op_handle, -+ }; -+ -+ /* Sanitize the optional input */ -+ if ((input == NULL) && (input_length != 0)) { -+ return PSA_ERROR_INVALID_ARGUMENT; -+ } -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}, -+ {.base = psa_ptr_const_to_u32(input), .len = input_length} -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)} -+ }; -+ -+ size_t in_len = IOVEC_LEN(in_vec); -+ -+ if (input == NULL) { -+ in_len--; -+ } -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ in_len, out_vec, IOVEC_LEN(out_vec)); -+ return status; - } - - static inline psa_status_t crypto_caller_aead_update( -@@ -210,7 +335,38 @@ static inline psa_status_t crypto_caller_aead_update( - size_t output_size, - size_t *output_length) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_UPDATE_SID, -+ .op_handle = op_handle, -+ }; -+ -+ /* Sanitize the optional input */ -+ if ((input == NULL) && (input_length != 0)) { -+ return PSA_ERROR_INVALID_ARGUMENT; -+ } -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}, -+ {.base = psa_ptr_const_to_u32(input), .len = input_length} -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}, -+ {.base = psa_ptr_const_to_u32(output), .len = output_size}, -+ }; -+ -+ size_t in_len = IOVEC_LEN(in_vec); -+ -+ if (input == NULL) { -+ in_len--; -+ } -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ in_len, out_vec, IOVEC_LEN(out_vec)); -+ -+ *output_length = out_vec[1].len; -+ return status; - } - - static inline psa_status_t crypto_caller_aead_finish( -@@ -223,7 +379,48 @@ static inline psa_status_t crypto_caller_aead_finish( - size_t tag_size, - size_t *tag_length) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_FINISH_SID, -+ .op_handle = op_handle, -+ }; -+ -+ /* Sanitize the optional output */ -+ if ((aeadtext == NULL) && (aeadtext_size != 0)) { -+ return PSA_ERROR_INVALID_ARGUMENT; -+ } -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}, -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}, -+ {.base = psa_ptr_const_to_u32(tag), .len = tag_size}, -+ {.base = psa_ptr_const_to_u32(aeadtext), .len = aeadtext_size} -+ }; -+ -+ size_t out_len = IOVEC_LEN(out_vec); -+ -+ if (aeadtext == NULL || aeadtext_size == 0) { -+ out_len--; -+ } -+ if ((out_len == 3) && (aeadtext_length == NULL)) { -+ return PSA_ERROR_INVALID_ARGUMENT; -+ } -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, out_len); -+ -+ *tag_length = out_vec[1].len; -+ -+ if (out_len == 3) { -+ *aeadtext_length = out_vec[2].len; -+ } else { -+ *aeadtext_length = 0; -+ } -+ return status; - } - - static inline psa_status_t crypto_caller_aead_verify( -@@ -235,14 +432,94 @@ static inline psa_status_t crypto_caller_aead_verify( - const uint8_t *tag, - size_t tag_length) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_VERIFY_SID, -+ .op_handle = op_handle, -+ }; -+ -+ /* Sanitize the optional output */ -+ if ((plaintext == NULL) && (plaintext_size != 0)) { -+ return PSA_ERROR_INVALID_ARGUMENT; -+ } -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}, -+ {.base = psa_ptr_const_to_u32(tag), .len = tag_length} -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}, -+ {.base = psa_ptr_const_to_u32(plaintext), .len = plaintext_size}, -+ }; -+ -+ size_t out_len = IOVEC_LEN(out_vec); -+ -+ if (plaintext == NULL || plaintext_size == 0) { -+ out_len--; -+ } -+ if ((out_len == 2) && (plaintext_length == NULL)) { -+ return PSA_ERROR_INVALID_ARGUMENT; -+ } -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, out_len); -+ -+ if (out_len == 2) { -+ *plaintext_length = out_vec[1].len; -+ } else { -+ *plaintext_length = 0; -+ } -+ return status; - } - - static inline psa_status_t crypto_caller_aead_abort( - struct service_client *context, - uint32_t op_handle) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_ABORT_SID, -+ .op_handle = op_handle, -+ }; -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}, -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ return status; -+} -+ -+static inline size_t crypto_caller_aead_max_update_size(const struct service_client *context) -+{ -+ /* Returns the maximum number of bytes that may be -+ * carried as a parameter of the mac_update operation -+ * using the packed-c encoding. -+ */ -+ size_t payload_space = context->service_info.max_payload; -+ size_t overhead = iov_size; -+ -+ return (payload_space > overhead) ? payload_space - overhead : 0; -+} -+ -+static inline size_t crypto_caller_aead_max_update_ad_size(const struct service_client *context) -+{ -+ /* Returns the maximum number of bytes that may be -+ * carried as a parameter of the mac_update operation -+ * using the packed-c encoding. -+ */ -+ size_t payload_space = context->service_info.max_payload; -+ size_t overhead = iov_size; -+ -+ return (payload_space > overhead) ? payload_space - overhead : 0; - } - - #ifdef __cplusplus -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h -index 71d88cededf5..e4a2b167defb 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h -@@ -57,6 +57,41 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex - return status; - } - -+static inline psa_status_t crypto_caller_sign_message(struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *hash, -+ size_t hash_length, -+ uint8_t *signature, -+ size_t signature_size, -+ size_t *signature_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_SIGN_MESSAGE_SID, -+ .key_id = id, -+ .alg = alg, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(hash), .len = hash_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(signature), .len = signature_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *signature_length = out_vec[0].len; -+ -+ return status; -+} -+ -+ -+ - #ifdef __cplusplus - } - #endif -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h -index e16f6e5450af..cc9279ee79f2 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h -@@ -24,19 +24,20 @@ - extern "C" { - #endif - --static inline psa_status_t crypto_caller_verify_hash(struct service_client *context, -+static inline psa_status_t crypto_caller_common(struct service_client *context, - psa_key_id_t id, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - const uint8_t *signature, -- size_t signature_length) -+ size_t signature_length, -+ uint32_t sfn_id) - { - struct service_client *ipc = context; - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_VERIFY_HASH_SID, -+ .sfn_id = sfn_id, - .key_id = id, - .alg = alg, - }; -@@ -52,6 +53,32 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont - return status; - } - -+static inline psa_status_t crypto_caller_verify_hash(struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *hash, -+ size_t hash_length, -+ const uint8_t *signature, -+ size_t signature_length) -+{ -+ -+ return crypto_caller_common(context,id,alg,hash,hash_length, -+ signature,signature_length, TFM_CRYPTO_VERIFY_HASH_SID); -+} -+ -+static inline psa_status_t crypto_caller_verify_message(struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *hash, -+ size_t hash_length, -+ const uint8_t *signature, -+ size_t signature_length) -+{ -+ -+ return crypto_caller_common(context,id,alg,hash,hash_length, -+ signature,signature_length, TFM_CRYPTO_VERIFY_MESSAGE_SID); -+} -+ - #ifdef __cplusplus - } - #endif --- -2.38.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch deleted file mode 100644 index 4adcd90a5f..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 5a5e162e17c9decb04b3b2905a0fb604e8f06e91 Mon Sep 17 00:00:00 2001 -From: Satish Kumar <satish.kumar01@arm.com> -Date: Mon, 14 Feb 2022 17:52:00 +0000 -Subject: [PATCH 17/20] Fix : update psa_set_key_usage_flags definition to the - latest from the tf-m - -Upstream-Status: Pending -Signed-off-by: Satish Kumar <satish.kumar01@arm.com> -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - components/service/crypto/include/psa/crypto_struct.h | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/components/service/crypto/include/psa/crypto_struct.h b/components/service/crypto/include/psa/crypto_struct.h -index 1bc55e375eea..b4a7ed4b39d3 100644 ---- a/components/service/crypto/include/psa/crypto_struct.h -+++ b/components/service/crypto/include/psa/crypto_struct.h -@@ -155,9 +155,19 @@ static inline psa_key_lifetime_t psa_get_key_lifetime( - return( attributes->lifetime ); - } - -+static inline void psa_extend_key_usage_flags( psa_key_usage_t *usage_flags ) -+{ -+ if( *usage_flags & PSA_KEY_USAGE_SIGN_HASH ) -+ *usage_flags |= PSA_KEY_USAGE_SIGN_MESSAGE; -+ -+ if( *usage_flags & PSA_KEY_USAGE_VERIFY_HASH ) -+ *usage_flags |= PSA_KEY_USAGE_VERIFY_MESSAGE; -+} -+ - static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes, - psa_key_usage_t usage_flags) - { -+ psa_extend_key_usage_flags( &usage_flags ); - attributes->usage = usage_flags; - } - --- -2.38.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch deleted file mode 100644 index 02c89d895e..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch +++ /dev/null @@ -1,37 +0,0 @@ -From c519bae79629bfe551d79cfeb4e7d8a059545145 Mon Sep 17 00:00:00 2001 -From: Rui Miguel Silva <rui.silva@linaro.org> -Date: Tue, 11 Oct 2022 10:46:10 +0100 -Subject: [PATCH 19/20] plat: corstone1000: change default smm values - -Smm gateway uses SE proxy to route the calls for any NV -storage so set the NV_STORE_SN. -Change the storage index uid because TF-M in the secure -enclave reserves the default value (0x1) to some internal -operation. -Increase the maximum number of uefi variables to cope with all -the needs for testing and certification - -Upstream-Status: Pending -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - platform/providers/arm/corstone1000/platform.cmake | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake -index 51e5faa3e4d8..04b629a81906 100644 ---- a/platform/providers/arm/corstone1000/platform.cmake -+++ b/platform/providers/arm/corstone1000/platform.cmake -@@ -10,3 +10,9 @@ - include(${TS_ROOT}/platform/drivers/arm/mhu_driver/component.cmake) - - add_compile_definitions(MBEDTLS_ECP_DP_SECP521R1_ENABLED) -+ -+target_compile_definitions(${TGT} PRIVATE -+ SMM_GATEWAY_NV_STORE_SN="sn:ffa:46bb39d1-b4d9-45b5-88ff-040027dab249:1" -+ SMM_VARIABLE_INDEX_STORAGE_UID=0x787 -+ SMM_GATEWAY_MAX_UEFI_VARIABLES=100 -+) --- -2.38.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0021-smm_gateway-add-checks-for-null-attributes.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0021-smm_gateway-add-checks-for-null-attributes.patch deleted file mode 100644 index 87c053fcc6..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0021-smm_gateway-add-checks-for-null-attributes.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 6d3cac6f3a6e977e9330c9c06514a372ade170a2 Mon Sep 17 00:00:00 2001 -From: Emekcan <emekcan.aras@arm.com> -Date: Wed, 2 Nov 2022 09:58:27 +0000 -Subject: [PATCH] smm_gateway: add checks for null attributes - -As par EDK-2 and EDK-2 test code, setVariable() with 0 -attributes means a delete variable request. Currently, -smm gatway doesn't handle this scenario. This commit adds -that support. - -Upstream-Status: Pending -Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> ---- - components/service/smm_variable/backend/uefi_variable_store.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c -index 6c3b9ed8..a691dc5d 100644 ---- a/components/service/smm_variable/backend/uefi_variable_store.c -+++ b/components/service/smm_variable/backend/uefi_variable_store.c -@@ -202,9 +202,9 @@ efi_status_t uefi_variable_store_set_variable( - if (info->is_variable_set) { - - /* It's a request to update to an existing variable */ -- if (!(var->Attributes & -+ if (!(var->Attributes) || (!(var->Attributes & - (EFI_VARIABLE_APPEND_WRITE | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS_MASK)) && -- !var->DataSize) { -+ !var->DataSize)) { - - /* It's a remove operation - for a remove, the variable - * data must be removed from the storage backend before --- -2.17.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch deleted file mode 100644 index 7e65de8698..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch +++ /dev/null @@ -1,413 +0,0 @@ -From ca7d37502f9453125aead14c7ee5181336cbe8f4 Mon Sep 17 00:00:00 2001 -From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> -Date: Thu, 9 Feb 2023 00:22:40 +0000 -Subject: [PATCH 1/3] TF-Mv1.7 alignment: Align PSA Crypto SIDs - -This patch is to change the PSA Crypto SIDs to match the values of the -PSA Crypto SID definitions in TF-M v1.7 running on the secure enclave - -Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> -Upstream-Status: Pending [Not submitted yet] ---- - .../service/common/include/psa/crypto_sid.h | 241 ++++++++++++++++++ - components/service/common/include/psa/sid.h | 78 +----- - .../caller/psa_ipc/crypto_caller_sign_hash.h | 4 +- - .../psa_ipc/crypto_caller_verify_hash.h | 4 +- - 4 files changed, 249 insertions(+), 78 deletions(-) - create mode 100644 components/service/common/include/psa/crypto_sid.h - -diff --git a/components/service/common/include/psa/crypto_sid.h b/components/service/common/include/psa/crypto_sid.h -new file mode 100644 -index 00000000..5b05f46d ---- /dev/null -+++ b/components/service/common/include/psa/crypto_sid.h -@@ -0,0 +1,241 @@ -+/* -+ * Copyright (c) 2023, Arm Limited. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ * -+ */ -+ -+#ifndef __PSA_CRYPTO_SID_H__ -+#define __PSA_CRYPTO_SID_H__ -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+#include <stdint.h> -+ -+/** -+ * \brief Type associated to the group of a function encoding. There can be -+ * nine groups (Random, Key management, Hash, MAC, Cipher, AEAD, -+ * Asym sign, Asym encrypt, Key derivation). -+ */ -+enum tfm_crypto_group_id { -+ TFM_CRYPTO_GROUP_ID_RANDOM = 0x0, -+ TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT, -+ TFM_CRYPTO_GROUP_ID_HASH, -+ TFM_CRYPTO_GROUP_ID_MAC, -+ TFM_CRYPTO_GROUP_ID_CIPHER, -+ TFM_CRYPTO_GROUP_ID_AEAD, -+ TFM_CRYPTO_GROUP_ID_ASYM_SIGN, -+ TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT, -+ TFM_CRYPTO_GROUP_ID_KEY_DERIVATION, -+}; -+ -+/* X macro describing each of the available PSA Crypto APIs */ -+#define KEY_MANAGEMENT_FUNCS \ -+ X(TFM_CRYPTO_GET_KEY_ATTRIBUTES) \ -+ X(TFM_CRYPTO_RESET_KEY_ATTRIBUTES) \ -+ X(TFM_CRYPTO_OPEN_KEY) \ -+ X(TFM_CRYPTO_CLOSE_KEY) \ -+ X(TFM_CRYPTO_IMPORT_KEY) \ -+ X(TFM_CRYPTO_DESTROY_KEY) \ -+ X(TFM_CRYPTO_EXPORT_KEY) \ -+ X(TFM_CRYPTO_EXPORT_PUBLIC_KEY) \ -+ X(TFM_CRYPTO_PURGE_KEY) \ -+ X(TFM_CRYPTO_COPY_KEY) \ -+ X(TFM_CRYPTO_GENERATE_KEY) -+ -+#define HASH_FUNCS \ -+ X(TFM_CRYPTO_HASH_COMPUTE) \ -+ X(TFM_CRYPTO_HASH_COMPARE) \ -+ X(TFM_CRYPTO_HASH_SETUP) \ -+ X(TFM_CRYPTO_HASH_UPDATE) \ -+ X(TFM_CRYPTO_HASH_CLONE) \ -+ X(TFM_CRYPTO_HASH_FINISH) \ -+ X(TFM_CRYPTO_HASH_VERIFY) \ -+ X(TFM_CRYPTO_HASH_ABORT) -+ -+#define MAC_FUNCS \ -+ X(TFM_CRYPTO_MAC_COMPUTE) \ -+ X(TFM_CRYPTO_MAC_VERIFY) \ -+ X(TFM_CRYPTO_MAC_SIGN_SETUP) \ -+ X(TFM_CRYPTO_MAC_VERIFY_SETUP) \ -+ X(TFM_CRYPTO_MAC_UPDATE) \ -+ X(TFM_CRYPTO_MAC_SIGN_FINISH) \ -+ X(TFM_CRYPTO_MAC_VERIFY_FINISH) \ -+ X(TFM_CRYPTO_MAC_ABORT) -+ -+#define CIPHER_FUNCS \ -+ X(TFM_CRYPTO_CIPHER_ENCRYPT) \ -+ X(TFM_CRYPTO_CIPHER_DECRYPT) \ -+ X(TFM_CRYPTO_CIPHER_ENCRYPT_SETUP) \ -+ X(TFM_CRYPTO_CIPHER_DECRYPT_SETUP) \ -+ X(TFM_CRYPTO_CIPHER_GENERATE_IV) \ -+ X(TFM_CRYPTO_CIPHER_SET_IV) \ -+ X(TFM_CRYPTO_CIPHER_UPDATE) \ -+ X(TFM_CRYPTO_CIPHER_FINISH) \ -+ X(TFM_CRYPTO_CIPHER_ABORT) -+ -+#define AEAD_FUNCS \ -+ X(TFM_CRYPTO_AEAD_ENCRYPT) \ -+ X(TFM_CRYPTO_AEAD_DECRYPT) \ -+ X(TFM_CRYPTO_AEAD_ENCRYPT_SETUP) \ -+ X(TFM_CRYPTO_AEAD_DECRYPT_SETUP) \ -+ X(TFM_CRYPTO_AEAD_GENERATE_NONCE) \ -+ X(TFM_CRYPTO_AEAD_SET_NONCE) \ -+ X(TFM_CRYPTO_AEAD_SET_LENGTHS) \ -+ X(TFM_CRYPTO_AEAD_UPDATE_AD) \ -+ X(TFM_CRYPTO_AEAD_UPDATE) \ -+ X(TFM_CRYPTO_AEAD_FINISH) \ -+ X(TFM_CRYPTO_AEAD_VERIFY) \ -+ X(TFM_CRYPTO_AEAD_ABORT) -+ -+#define ASYMMETRIC_SIGN_FUNCS \ -+ X(TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE) \ -+ X(TFM_CRYPTO_ASYMMETRIC_VERIFY_MESSAGE) \ -+ X(TFM_CRYPTO_ASYMMETRIC_SIGN_HASH) \ -+ X(TFM_CRYPTO_ASYMMETRIC_VERIFY_HASH) -+ -+#define AYSMMETRIC_ENCRYPT_FUNCS \ -+ X(TFM_CRYPTO_ASYMMETRIC_ENCRYPT) \ -+ X(TFM_CRYPTO_ASYMMETRIC_DECRYPT) -+ -+#define KEY_DERIVATION_FUNCS \ -+ X(TFM_CRYPTO_RAW_KEY_AGREEMENT) \ -+ X(TFM_CRYPTO_KEY_DERIVATION_SETUP) \ -+ X(TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY) \ -+ X(TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY) \ -+ X(TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES) \ -+ X(TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY) \ -+ X(TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT) \ -+ X(TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES) \ -+ X(TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY) \ -+ X(TFM_CRYPTO_KEY_DERIVATION_ABORT) -+ -+#define RANDOM_FUNCS \ -+ X(TFM_CRYPTO_GENERATE_RANDOM) -+ -+/* -+ * Define function IDs in each group. The function ID will be encoded into -+ * tfm_crypto_func_sid below. -+ * Each group is defined as a dedicated enum in case the total number of -+ * PSA Crypto APIs exceeds 256. -+ */ -+#define X(func_id) func_id, -+enum tfm_crypto_key_management_func_id { -+ KEY_MANAGEMENT_FUNCS -+}; -+enum tfm_crypto_hash_func_id { -+ HASH_FUNCS -+}; -+enum tfm_crypto_mac_func_id { -+ MAC_FUNCS -+}; -+enum tfm_crypto_cipher_func_id { -+ CIPHER_FUNCS -+}; -+enum tfm_crypto_aead_func_id { -+ AEAD_FUNCS -+}; -+enum tfm_crypto_asym_sign_func_id { -+ ASYMMETRIC_SIGN_FUNCS -+}; -+enum tfm_crypto_asym_encrypt_func_id { -+ AYSMMETRIC_ENCRYPT_FUNCS -+}; -+enum tfm_crypto_key_derivation_func_id { -+ KEY_DERIVATION_FUNCS -+}; -+enum tfm_crypto_random_func_id { -+ RANDOM_FUNCS -+}; -+#undef X -+ -+#define FUNC_ID(func_id) (((func_id) & 0xFF) << 8) -+ -+/* -+ * Numerical progressive value identifying a function API exposed through -+ * the interfaces (S or NS). It's used to dispatch the requests from S/NS -+ * to the corresponding API implementation in the Crypto service backend. -+ * -+ * Each function SID is encoded as uint16_t. -+ * | Func ID | Group ID | -+ * 15 8 7 0 -+ * Func ID is defined in each group func_id enum above -+ * Group ID is defined in tfm_crypto_group_id. -+ */ -+enum tfm_crypto_func_sid { -+ -+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ -+ (TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT & 0xFF)), -+ -+ KEY_MANAGEMENT_FUNCS -+ -+#undef X -+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ -+ (TFM_CRYPTO_GROUP_ID_HASH & 0xFF)), -+ HASH_FUNCS -+ -+#undef X -+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ -+ (TFM_CRYPTO_GROUP_ID_MAC & 0xFF)), -+ MAC_FUNCS -+ -+#undef X -+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ -+ (TFM_CRYPTO_GROUP_ID_CIPHER & 0xFF)), -+ CIPHER_FUNCS -+ -+#undef X -+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ -+ (TFM_CRYPTO_GROUP_ID_AEAD & 0xFF)), -+ AEAD_FUNCS -+ -+#undef X -+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ -+ (TFM_CRYPTO_GROUP_ID_ASYM_SIGN & 0xFF)), -+ ASYMMETRIC_SIGN_FUNCS -+ -+#undef X -+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ -+ (TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT & 0xFF)), -+ AYSMMETRIC_ENCRYPT_FUNCS -+ -+#undef X -+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ -+ (TFM_CRYPTO_GROUP_ID_KEY_DERIVATION & 0xFF)), -+ KEY_DERIVATION_FUNCS -+ -+#undef X -+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ -+ (TFM_CRYPTO_GROUP_ID_RANDOM & 0xFF)), -+ RANDOM_FUNCS -+ -+}; -+#undef X -+ -+/** -+ * \brief Define an invalid value for an SID -+ * -+ */ -+#define TFM_CRYPTO_SID_INVALID (~0x0u) -+ -+/** -+ * \brief This value is used to mark an handle as invalid. -+ * -+ */ -+#define TFM_CRYPTO_INVALID_HANDLE (0x0u) -+ -+/** -+ * \brief Define miscellaneous literal constants that are used in the service -+ * -+ */ -+enum { -+ TFM_CRYPTO_NOT_IN_USE = 0, -+ TFM_CRYPTO_IN_USE = 1 -+}; -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* __PSA_CRYPTO_SID_H__ */ -diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h -index 8103a9af..50ad070e 100644 ---- a/components/service/common/include/psa/sid.h -+++ b/components/service/common/include/psa/sid.h -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2019-2021, Arm Limited. All rights reserved. -+ * Copyright (c) 2019-2023, Arm Limited. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - * -@@ -12,6 +12,9 @@ - extern "C" { - #endif - -+/******** PSA Crypto SIDs ********/ -+#include "crypto_sid.h" -+ - /******** TFM_SP_PS ********/ - #define TFM_PROTECTED_STORAGE_SERVICE_SID (0x00000060U) - #define TFM_PROTECTED_STORAGE_SERVICE_VERSION (1U) -@@ -43,79 +46,6 @@ extern "C" { - #define TFM_PLATFORM_SERVICE_HANDLE (0x40000105U) - - --/** -- * \brief Define a progressive numerical value for each SID which can be used -- * when dispatching the requests to the service -- */ --enum { -- TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID = (0u), -- TFM_CRYPTO_RESET_KEY_ATTRIBUTES_SID, -- TFM_CRYPTO_OPEN_KEY_SID, -- TFM_CRYPTO_CLOSE_KEY_SID, -- TFM_CRYPTO_IMPORT_KEY_SID, -- TFM_CRYPTO_DESTROY_KEY_SID, -- TFM_CRYPTO_EXPORT_KEY_SID, -- TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID, -- TFM_CRYPTO_PURGE_KEY_SID, -- TFM_CRYPTO_COPY_KEY_SID, -- TFM_CRYPTO_HASH_COMPUTE_SID, -- TFM_CRYPTO_HASH_COMPARE_SID, -- TFM_CRYPTO_HASH_SETUP_SID, -- TFM_CRYPTO_HASH_UPDATE_SID, -- TFM_CRYPTO_HASH_FINISH_SID, -- TFM_CRYPTO_HASH_VERIFY_SID, -- TFM_CRYPTO_HASH_ABORT_SID, -- TFM_CRYPTO_HASH_CLONE_SID, -- TFM_CRYPTO_MAC_COMPUTE_SID, -- TFM_CRYPTO_MAC_VERIFY_SID, -- TFM_CRYPTO_MAC_SIGN_SETUP_SID, -- TFM_CRYPTO_MAC_VERIFY_SETUP_SID, -- TFM_CRYPTO_MAC_UPDATE_SID, -- TFM_CRYPTO_MAC_SIGN_FINISH_SID, -- TFM_CRYPTO_MAC_VERIFY_FINISH_SID, -- TFM_CRYPTO_MAC_ABORT_SID, -- TFM_CRYPTO_CIPHER_ENCRYPT_SID, -- TFM_CRYPTO_CIPHER_DECRYPT_SID, -- TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID, -- TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID, -- TFM_CRYPTO_CIPHER_GENERATE_IV_SID, -- TFM_CRYPTO_CIPHER_SET_IV_SID, -- TFM_CRYPTO_CIPHER_UPDATE_SID, -- TFM_CRYPTO_CIPHER_FINISH_SID, -- TFM_CRYPTO_CIPHER_ABORT_SID, -- TFM_CRYPTO_AEAD_ENCRYPT_SID, -- TFM_CRYPTO_AEAD_DECRYPT_SID, -- TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID, -- TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID, -- TFM_CRYPTO_AEAD_GENERATE_NONCE_SID, -- TFM_CRYPTO_AEAD_SET_NONCE_SID, -- TFM_CRYPTO_AEAD_SET_LENGTHS_SID, -- TFM_CRYPTO_AEAD_UPDATE_AD_SID, -- TFM_CRYPTO_AEAD_UPDATE_SID, -- TFM_CRYPTO_AEAD_FINISH_SID, -- TFM_CRYPTO_AEAD_VERIFY_SID, -- TFM_CRYPTO_AEAD_ABORT_SID, -- TFM_CRYPTO_SIGN_MESSAGE_SID, -- TFM_CRYPTO_VERIFY_MESSAGE_SID, -- TFM_CRYPTO_SIGN_HASH_SID, -- TFM_CRYPTO_VERIFY_HASH_SID, -- TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID, -- TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID, -- TFM_CRYPTO_KEY_DERIVATION_SETUP_SID, -- TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID, -- TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID, -- TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID, -- TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID, -- TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID, -- TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID, -- TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID, -- TFM_CRYPTO_KEY_DERIVATION_ABORT_SID, -- TFM_CRYPTO_RAW_KEY_AGREEMENT_SID, -- TFM_CRYPTO_GENERATE_RANDOM_SID, -- TFM_CRYPTO_GENERATE_KEY_SID, -- TFM_CRYPTO_SID_MAX, --}; -- - /******** TFM_SP_PLATFORM ********/ - #define TFM_SP_PLATFORM_SYSTEM_RESET_SID (0x00000040U) - #define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION (1U) -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h -index e4a2b167..9276748d 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h -@@ -37,7 +37,7 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_SIGN_HASH_SID, -+ .sfn_id = TFM_CRYPTO_ASYMMETRIC_SIGN_HASH_SID, - .key_id = id, - .alg = alg, - }; -@@ -70,7 +70,7 @@ static inline psa_status_t crypto_caller_sign_message(struct service_client *con - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_SIGN_MESSAGE_SID, -+ .sfn_id = TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE_SID, - .key_id = id, - .alg = alg, - }; -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h -index cc9279ee..bcd8e0e4 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h -@@ -63,7 +63,7 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont - { - - return crypto_caller_common(context,id,alg,hash,hash_length, -- signature,signature_length, TFM_CRYPTO_VERIFY_HASH_SID); -+ signature,signature_length, TFM_CRYPTO_ASYMMETRIC_VERIFY_HASH_SID); - } - - static inline psa_status_t crypto_caller_verify_message(struct service_client *context, -@@ -76,7 +76,7 @@ static inline psa_status_t crypto_caller_verify_message(struct service_client *c - { - - return crypto_caller_common(context,id,alg,hash,hash_length, -- signature,signature_length, TFM_CRYPTO_VERIFY_MESSAGE_SID); -+ signature,signature_length, TFM_CRYPTO_ASYMMETRIC_VERIFY_MESSAGE_SID); - } - - #ifdef __cplusplus --- -2.25.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0025-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0025-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch deleted file mode 100644 index ecea236403..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0025-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch +++ /dev/null @@ -1,655 +0,0 @@ -From a3e203136e7c552069ae582273e0540a219c105f Mon Sep 17 00:00:00 2001 -From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> -Date: Thu, 9 Feb 2023 00:01:06 +0000 -Subject: [PATCH 2/3] TF-Mv1.7 alignment: Align crypto iovec definition - -This patch is to align psa_ipc_crypto_pack_iovec with TF-M v1.7 -And propagate changes accross psa_ipc functions -More accuratly change sfn_id to function_id - -Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> -Upstream-Status: Pending [Not submitted yet] ---- - .../backend/psa_ipc/crypto_ipc_backend.h | 34 +++++++++---------- - .../caller/psa_ipc/crypto_caller_aead.h | 24 ++++++------- - .../crypto_caller_asymmetric_decrypt.h | 2 +- - .../crypto_caller_asymmetric_encrypt.h | 2 +- - .../caller/psa_ipc/crypto_caller_cipher.h | 14 ++++---- - .../caller/psa_ipc/crypto_caller_copy_key.h | 2 +- - .../psa_ipc/crypto_caller_destroy_key.h | 2 +- - .../caller/psa_ipc/crypto_caller_export_key.h | 2 +- - .../psa_ipc/crypto_caller_export_public_key.h | 2 +- - .../psa_ipc/crypto_caller_generate_key.h | 2 +- - .../psa_ipc/crypto_caller_generate_random.h | 2 +- - .../crypto_caller_get_key_attributes.h | 2 +- - .../caller/psa_ipc/crypto_caller_hash.h | 12 +++---- - .../caller/psa_ipc/crypto_caller_import_key.h | 2 +- - .../psa_ipc/crypto_caller_key_derivation.h | 20 +++++------ - .../client/caller/psa_ipc/crypto_caller_mac.h | 12 +++---- - .../caller/psa_ipc/crypto_caller_purge_key.h | 2 +- - .../caller/psa_ipc/crypto_caller_sign_hash.h | 4 +-- - .../psa_ipc/crypto_caller_verify_hash.h | 4 +-- - 19 files changed, 73 insertions(+), 73 deletions(-) - -diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h -index ec25eaf8..aacd3fcc 100644 ---- a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h -+++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h -@@ -28,23 +28,23 @@ struct psa_ipc_crypto_aead_pack_input { - }; - - struct psa_ipc_crypto_pack_iovec { -- uint32_t sfn_id; /*!< Secure function ID used to dispatch the -- * request -- */ -- uint16_t step; /*!< Key derivation step */ -- psa_key_id_t key_id; /*!< Key id */ -- psa_algorithm_t alg; /*!< Algorithm */ -- uint32_t op_handle; /*!< Frontend context handle associated to a -- * multipart operation -- */ -- uint32_t capacity; /*!< Key derivation capacity */ -- uint32_t ad_length; /*!< Additional Data length for multipart AEAD */ -- uint32_t plaintext_length; /*!< Plaintext length for multipart AEAD */ -- struct psa_ipc_crypto_aead_pack_input aead_in; /*!< FixMe: Temporarily used for -- * AEAD until the API is -- * restructured -- */ --}; -+ psa_key_id_t key_id; /*!< Key id */ -+ psa_algorithm_t alg; /*!< Algorithm */ -+ uint32_t op_handle; /*!< Frontend context handle associated to a -+ * multipart operation -+ */ -+ uint32_t capacity; /*!< Key derivation capacity */ -+ uint32_t ad_length; /*!< Additional Data length for multipart AEAD */ -+ uint32_t plaintext_length; /*!< Plaintext length for multipart AEAD */ -+ -+ struct psa_ipc_crypto_aead_pack_input aead_in; /*!< Packs AEAD-related inputs */ -+ -+ uint16_t function_id; /*!< Used to identify the function in the -+ * API dispatcher to the service backend -+ * See tfm_crypto_func_sid for detail -+ */ -+ uint16_t step; /*!< Key derivation step */ -+}__packed; - - #define iov_size sizeof(struct psa_ipc_crypto_pack_iovec) - -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h -index f6aadd8b..efdffdf7 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h -@@ -44,7 +44,7 @@ static inline psa_status_t crypto_caller_aead_encrypt( - size_t in_len; - int i; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SID, -+ .function_id = TFM_CRYPTO_AEAD_ENCRYPT_SID, - .key_id = key, - .alg = alg, - .aead_in = { .nonce = {0}, .nonce_length = nonce_length }, -@@ -105,7 +105,7 @@ static inline psa_status_t crypto_caller_aead_decrypt( - size_t in_len; - int i; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SID, -+ .function_id = TFM_CRYPTO_AEAD_DECRYPT_SID, - .key_id = key, - .alg = alg, - .aead_in = { .nonce = {0}, .nonce_length = nonce_length }, -@@ -156,7 +156,7 @@ static inline psa_status_t crypto_caller_aead_encrypt_setup( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID, -+ .function_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID, - .key_id = key, - .alg = alg, - .op_handle = (*op_handle), -@@ -185,7 +185,7 @@ static inline psa_status_t crypto_caller_aead_decrypt_setup( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID, -+ .function_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID, - .key_id = key, - .alg = alg, - .op_handle = (*op_handle), -@@ -214,7 +214,7 @@ static inline psa_status_t crypto_caller_aead_generate_nonce( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID, -+ .function_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID, - .op_handle = op_handle, - }; - -@@ -243,7 +243,7 @@ static inline psa_status_t crypto_caller_aead_set_nonce( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_AEAD_SET_NONCE_SID, -+ .function_id = TFM_CRYPTO_AEAD_SET_NONCE_SID, - .op_handle = op_handle, - }; - -@@ -270,7 +270,7 @@ static inline psa_status_t crypto_caller_aead_set_lengths( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID, -+ .function_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID, - .ad_length = ad_length, - .plaintext_length = plaintext_length, - .op_handle = op_handle, -@@ -299,7 +299,7 @@ static inline psa_status_t crypto_caller_aead_update_ad( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID, -+ .function_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID, - .op_handle = op_handle, - }; - -@@ -339,7 +339,7 @@ static inline psa_status_t crypto_caller_aead_update( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_AEAD_UPDATE_SID, -+ .function_id = TFM_CRYPTO_AEAD_UPDATE_SID, - .op_handle = op_handle, - }; - -@@ -383,7 +383,7 @@ static inline psa_status_t crypto_caller_aead_finish( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_AEAD_FINISH_SID, -+ .function_id = TFM_CRYPTO_AEAD_FINISH_SID, - .op_handle = op_handle, - }; - -@@ -436,7 +436,7 @@ static inline psa_status_t crypto_caller_aead_verify( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_AEAD_VERIFY_SID, -+ .function_id = TFM_CRYPTO_AEAD_VERIFY_SID, - .op_handle = op_handle, - }; - -@@ -482,7 +482,7 @@ static inline psa_status_t crypto_caller_aead_abort( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_AEAD_ABORT_SID, -+ .function_id = TFM_CRYPTO_AEAD_ABORT_SID, - .op_handle = op_handle, - }; - -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h -index ff01815c..c387eb55 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h -@@ -38,7 +38,7 @@ static inline psa_status_t crypto_caller_asymmetric_decrypt( - psa_status_t status; - size_t in_len; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID, -+ .function_id = TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID, - .key_id = id, - .alg = alg, - }; -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h -index 1daf1689..8eb3de45 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h -@@ -38,7 +38,7 @@ static inline psa_status_t crypto_caller_asymmetric_encrypt( - psa_status_t status; - size_t in_len; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID, -+ .function_id = TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID, - .key_id = id, - .alg = alg, - }; -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h -index fbefb28d..20aa46a5 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h -@@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_cipher_encrypt_setup( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID, -+ .function_id = TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID, - .key_id = key, - .alg = alg, - .op_handle = *op_handle, -@@ -62,7 +62,7 @@ static inline psa_status_t crypto_caller_cipher_decrypt_setup( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID, -+ .function_id = TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID, - .key_id = key, - .alg = alg, - .op_handle = *op_handle, -@@ -91,7 +91,7 @@ static inline psa_status_t crypto_caller_cipher_generate_iv( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_CIPHER_GENERATE_IV_SID, -+ .function_id = TFM_CRYPTO_CIPHER_GENERATE_IV_SID, - .op_handle = op_handle, - }; - struct psa_invec in_vec[] = { -@@ -120,7 +120,7 @@ static inline psa_status_t crypto_caller_cipher_set_iv( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_CIPHER_SET_IV_SID, -+ .function_id = TFM_CRYPTO_CIPHER_SET_IV_SID, - .op_handle = op_handle, - }; - struct psa_invec in_vec[] = { -@@ -150,7 +150,7 @@ static inline psa_status_t crypto_caller_cipher_update( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_CIPHER_UPDATE_SID, -+ .function_id = TFM_CRYPTO_CIPHER_UPDATE_SID, - .op_handle = op_handle, - }; - struct psa_invec in_vec[] = { -@@ -181,7 +181,7 @@ static inline psa_status_t crypto_caller_cipher_finish( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_CIPHER_FINISH_SID, -+ .function_id = TFM_CRYPTO_CIPHER_FINISH_SID, - .op_handle = op_handle, - }; - struct psa_invec in_vec[] = { -@@ -208,7 +208,7 @@ static inline psa_status_t crypto_caller_cipher_abort( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_CIPHER_ABORT_SID, -+ .function_id = TFM_CRYPTO_CIPHER_ABORT_SID, - .op_handle = op_handle, - }; - struct psa_invec in_vec[] = { -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h -index 9a988171..48157d7e 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h -@@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_copy_key(struct service_client *context - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_COPY_KEY_SID, -+ .function_id = TFM_CRYPTO_COPY_KEY_SID, - .key_id = source_key, - }; - struct psa_invec in_vec[] = { -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h -index d00f4faa..6d0a05e6 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h -@@ -31,7 +31,7 @@ static inline psa_status_t crypto_caller_destroy_key(struct service_client *cont - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_DESTROY_KEY_SID, -+ .function_id = TFM_CRYPTO_DESTROY_KEY_SID, - .key_id = id, - }; - struct psa_invec in_vec[] = { -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h -index 8ac5477f..9a6b7013 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h -@@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_export_key(struct service_client *conte - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_EXPORT_KEY_SID, -+ .function_id = TFM_CRYPTO_EXPORT_KEY_SID, - .key_id = id, - }; - struct psa_invec in_vec[] = { -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h -index b24c47f1..52bdd757 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h -@@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_export_public_key(struct service_client - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID, -+ .function_id = TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID, - .key_id = id, - }; - struct psa_invec in_vec[] = { -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h -index 1b66ed40..7ed1673b 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h -@@ -32,7 +32,7 @@ static inline psa_status_t crypto_caller_generate_key(struct service_client *con - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_GENERATE_KEY_SID, -+ .function_id = TFM_CRYPTO_GENERATE_KEY_SID, - }; - struct psa_invec in_vec[] = { - { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h -index 7c538237..4fb87aa8 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h -@@ -32,7 +32,7 @@ static inline psa_status_t crypto_caller_generate_random(struct service_client * - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_GENERATE_RANDOM_SID, -+ .function_id = TFM_CRYPTO_GENERATE_RANDOM_SID, - }; - struct psa_invec in_vec[] = { - { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h -index 22f1d18f..2caa3bd3 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h -@@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_get_key_attributes( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID, -+ .function_id = TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID, - .key_id = key, - }; - struct psa_invec in_vec[] = { -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h -index 9f37908a..4fb60d44 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h -@@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_hash_setup( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_HASH_SETUP_SID, -+ .function_id = TFM_CRYPTO_HASH_SETUP_SID, - .alg = alg, - .op_handle = *op_handle, - }; -@@ -60,7 +60,7 @@ static inline psa_status_t crypto_caller_hash_update( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_HASH_UPDATE_SID, -+ .function_id = TFM_CRYPTO_HASH_UPDATE_SID, - .op_handle = op_handle, - }; - struct psa_invec in_vec[] = { -@@ -88,7 +88,7 @@ static inline psa_status_t crypto_caller_hash_finish( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_HASH_FINISH_SID, -+ .function_id = TFM_CRYPTO_HASH_FINISH_SID, - .op_handle = op_handle, - }; - struct psa_invec in_vec[] = { -@@ -115,7 +115,7 @@ static inline psa_status_t crypto_caller_hash_abort( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_HASH_ABORT_SID, -+ .function_id = TFM_CRYPTO_HASH_ABORT_SID, - .op_handle = op_handle, - }; - struct psa_invec in_vec[] = { -@@ -141,7 +141,7 @@ static inline psa_status_t crypto_caller_hash_verify( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_HASH_VERIFY_SID, -+ .function_id = TFM_CRYPTO_HASH_VERIFY_SID, - .op_handle = op_handle, - }; - struct psa_invec in_vec[] = { -@@ -167,7 +167,7 @@ static inline psa_status_t crypto_caller_hash_clone( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_HASH_CLONE_SID, -+ .function_id = TFM_CRYPTO_HASH_CLONE_SID, - .op_handle = source_op_handle, - }; - struct psa_invec in_vec[] = { -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h -index d4703366..1458163c 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h -@@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_import_key(struct service_client *conte - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_IMPORT_KEY_SID, -+ .function_id = TFM_CRYPTO_IMPORT_KEY_SID, - }; - struct psa_invec in_vec[] = { - { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h -index 5ce4fb6c..16be9916 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h -@@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_key_derivation_setup( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_SETUP_SID, -+ .function_id = TFM_CRYPTO_KEY_DERIVATION_SETUP_SID, - .alg = alg, - .op_handle = *op_handle, - }; -@@ -59,7 +59,7 @@ static inline psa_status_t crypto_caller_key_derivation_get_capacity( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID, -+ .function_id = TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID, - .op_handle = op_handle, - }; - struct psa_invec in_vec[] = { -@@ -84,7 +84,7 @@ static inline psa_status_t crypto_caller_key_derivation_set_capacity( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID, -+ .function_id = TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID, - .capacity = capacity, - .op_handle = op_handle, - }; -@@ -109,7 +109,7 @@ static inline psa_status_t crypto_caller_key_derivation_input_bytes( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID, -+ .function_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID, - .step = step, - .op_handle = op_handle, - }; -@@ -134,7 +134,7 @@ static inline psa_status_t crypto_caller_key_derivation_input_key( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID, -+ .function_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID, - .key_id = key, - .step = step, - .op_handle = op_handle, -@@ -159,7 +159,7 @@ static inline psa_status_t crypto_caller_key_derivation_output_bytes( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID, -+ .function_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID, - .op_handle = op_handle, - }; - struct psa_invec in_vec[] = { -@@ -185,7 +185,7 @@ static inline psa_status_t crypto_caller_key_derivation_output_key( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID, -+ .function_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID, - .op_handle = op_handle, - }; - struct psa_invec in_vec[] = { -@@ -211,7 +211,7 @@ static inline psa_status_t crypto_caller_key_derivation_abort( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_ABORT_SID, -+ .function_id = TFM_CRYPTO_KEY_DERIVATION_ABORT_SID, - .op_handle = op_handle, - }; - struct psa_invec in_vec[] = { -@@ -239,7 +239,7 @@ static inline psa_status_t crypto_caller_key_derivation_key_agreement( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID, -+ .function_id = TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID, - .key_id = private_key, - .step = step, - .op_handle = op_handle, -@@ -270,7 +270,7 @@ static inline psa_status_t crypto_caller_raw_key_agreement( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_RAW_KEY_AGREEMENT_SID, -+ .function_id = TFM_CRYPTO_RAW_KEY_AGREEMENT_SID, - .alg = alg, - .key_id = private_key, - }; -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h -index 3a820192..30222800 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h -@@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_mac_sign_setup( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_MAC_SIGN_SETUP_SID, -+ .function_id = TFM_CRYPTO_MAC_SIGN_SETUP_SID, - .key_id = key, - .alg = alg, - .op_handle = *op_handle, -@@ -62,7 +62,7 @@ static inline psa_status_t crypto_caller_mac_verify_setup( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_MAC_VERIFY_SETUP_SID, -+ .function_id = TFM_CRYPTO_MAC_VERIFY_SETUP_SID, - .key_id = key, - .alg = alg, - .op_handle = *op_handle, -@@ -90,7 +90,7 @@ static inline psa_status_t crypto_caller_mac_update( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_MAC_UPDATE_SID, -+ .function_id = TFM_CRYPTO_MAC_UPDATE_SID, - .op_handle = op_handle, - }; - struct psa_invec in_vec[] = { -@@ -118,7 +118,7 @@ static inline psa_status_t crypto_caller_mac_sign_finish( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_MAC_SIGN_FINISH_SID, -+ .function_id = TFM_CRYPTO_MAC_SIGN_FINISH_SID, - .op_handle = op_handle, - }; - struct psa_invec in_vec[] = { -@@ -147,7 +147,7 @@ static inline psa_status_t crypto_caller_mac_verify_finish( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_MAC_VERIFY_FINISH_SID, -+ .function_id = TFM_CRYPTO_MAC_VERIFY_FINISH_SID, - .op_handle = op_handle, - }; - struct psa_invec in_vec[] = { -@@ -172,7 +172,7 @@ static inline psa_status_t crypto_caller_mac_abort( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_MAC_ABORT_SID, -+ .function_id = TFM_CRYPTO_MAC_ABORT_SID, - .op_handle = op_handle, - }; - struct psa_invec in_vec[] = { -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h -index a3a796e2..f6ab0978 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h -@@ -31,7 +31,7 @@ static inline psa_status_t crypto_caller_purge_key(struct service_client *contex - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_PURGE_KEY_SID, -+ .function_id = TFM_CRYPTO_PURGE_KEY_SID, - .key_id = id, - }; - struct psa_invec in_vec[] = { -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h -index 9276748d..8b53e3dc 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h -@@ -37,7 +37,7 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_ASYMMETRIC_SIGN_HASH_SID, -+ .function_id = TFM_CRYPTO_ASYMMETRIC_SIGN_HASH_SID, - .key_id = id, - .alg = alg, - }; -@@ -70,7 +70,7 @@ static inline psa_status_t crypto_caller_sign_message(struct service_client *con - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE_SID, -+ .function_id = TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE_SID, - .key_id = id, - .alg = alg, - }; -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h -index bcd8e0e4..c9ed865b 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h -@@ -31,13 +31,13 @@ static inline psa_status_t crypto_caller_common(struct service_client *context, - size_t hash_length, - const uint8_t *signature, - size_t signature_length, -- uint32_t sfn_id) -+ uint32_t function_id) - { - struct service_client *ipc = context; - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = sfn_id, -+ .function_id = function_id, - .key_id = id, - .alg = alg, - }; --- -2.25.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0026-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0026-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch deleted file mode 100644 index 0dcdd5da2c..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0026-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch +++ /dev/null @@ -1,117 +0,0 @@ -From ee7e13dcc14110aa16f7c6453cfe72f088857ed2 Mon Sep 17 00:00:00 2001 -From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> -Date: Thu, 9 Feb 2023 00:34:23 +0000 -Subject: [PATCH 3/3] TF-Mv1.7 alignment: PSA crypto client in/out_vec - -Few psa crypto operations have different in/out_vec expectations -This patch is fixing the differences between psa crypto client in TS -and psa crypto service in TF-M running on the secure enclave - -operations: -- aead_generate_nonce: TFM service doesn't expect op_handle in in_vec -- aead_update: TFM service doesn't expect op_handle in in_vec -- cipher_generate_iv: TFM service doesn't expect op_handle in in_vec -- cipher_update: TFM service doesn't expect op_handle in in_vec -- hash_clone: TFM service expects target_op_handle in the in_vec - rationale is target_op_handle according to the spec - must be initialized and not active. and since hash_clone - manipulates it. hence, target_op_handle should be passed - as input and output. - -Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> -Upstream-Status: Pending [Not submitted yet] ---- - .../crypto/client/caller/psa_ipc/crypto_caller_aead.h | 6 ++---- - .../crypto/client/caller/psa_ipc/crypto_caller_cipher.h | 6 ++---- - .../crypto/client/caller/psa_ipc/crypto_caller_hash.h | 2 ++ - 3 files changed, 6 insertions(+), 8 deletions(-) - -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h -index efdffdf7..e862c2de 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h -@@ -222,14 +222,13 @@ static inline psa_status_t crypto_caller_aead_generate_nonce( - {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}, - }; - struct psa_outvec out_vec[] = { -- {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}, - {.base = psa_ptr_to_u32(nonce), .len = nonce_size} - }; - - status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, - IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); - -- *nonce_length = out_vec[1].len; -+ *nonce_length = out_vec[0].len; - return status; - } - -@@ -353,7 +352,6 @@ static inline psa_status_t crypto_caller_aead_update( - {.base = psa_ptr_const_to_u32(input), .len = input_length} - }; - struct psa_outvec out_vec[] = { -- {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}, - {.base = psa_ptr_const_to_u32(output), .len = output_size}, - }; - -@@ -365,7 +363,7 @@ static inline psa_status_t crypto_caller_aead_update( - status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, - in_len, out_vec, IOVEC_LEN(out_vec)); - -- *output_length = out_vec[1].len; -+ *output_length = out_vec[0].len; - return status; - } - -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h -index 20aa46a5..948865e4 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h -@@ -98,14 +98,13 @@ static inline psa_status_t crypto_caller_cipher_generate_iv( - { .base = psa_ptr_to_u32(&iov), .len = iov_size }, - }; - struct psa_outvec out_vec[] = { -- { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, - { .base = psa_ptr_to_u32(iv), .len = iv_size }, - }; - - status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, - IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); - -- *iv_length = out_vec[1].len; -+ *iv_length = out_vec[0].len; - - return status; - } -@@ -158,14 +157,13 @@ static inline psa_status_t crypto_caller_cipher_update( - { .base = psa_ptr_const_to_u32(input), .len = input_length }, - }; - struct psa_outvec out_vec[] = { -- { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, - { .base = psa_ptr_to_u32(output), .len = output_size }, - }; - - status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, - IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); - -- *output_length = out_vec[1].len; -+ *output_length = out_vec[0].len; - - return status; - } -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h -index 4fb60d44..1e422130 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h -@@ -172,6 +172,8 @@ static inline psa_status_t crypto_caller_hash_clone( - }; - struct psa_invec in_vec[] = { - { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_to_u32(target_op_handle), -+ .len = sizeof(uint32_t) }, - }; - struct psa_outvec out_vec[] = { - { .base = psa_ptr_to_u32(target_op_handle), --- -2.25.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc index 867bd66e4d..3535ddb60e 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc @@ -2,32 +2,13 @@ FILESEXTRAPATHS:prepend:corstone1000 := "${THISDIR}/corstone1000:" COMPATIBLE_MACHINE:corstone1000 = "corstone1000" SRC_URI:append:corstone1000 = " \ - file://0001-Add-openamp-to-SE-proxy-deployment.patch;patchdir=../trusted-services \ - file://0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch;patchdir=../trusted-services \ - file://0003-Add-openamp-rpc-caller.patch;patchdir=../trusted-services \ - file://0004-add-psa-client-definitions-for-ff-m.patch;patchdir=../trusted-services \ - file://0005-Add-common-service-component-to-ipc-support.patch;patchdir=../trusted-services \ - file://0006-Add-secure-storage-ipc-backend.patch;patchdir=../trusted-services \ - file://0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch;patchdir=../trusted-services \ - file://0008-Run-psa-arch-test.patch;patchdir=../trusted-services \ - file://0009-Use-address-instead-of-pointers.patch;patchdir=../trusted-services \ - file://0010-Add-psa-ipc-attestation-to-se-proxy.patch;patchdir=../trusted-services \ - file://0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch;patchdir=../trusted-services;patchdir=../trusted-services \ - file://0012-add-psa-ipc-crypto-backend.patch;patchdir=../trusted-services \ - file://0013-Add-stub-capsule-update-service-components.patch;patchdir=../trusted-services \ - file://0014-Configure-storage-size.patch;patchdir=../trusted-services \ - file://0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch;patchdir=../trusted-services;patchdir=../trusted-services \ - file://0016-Integrate-remaining-psa-ipc-client-APIs.patch;patchdir=../trusted-services \ - file://0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch;patchdir=../trusted-services;patchdir=../trusted-services \ - file://0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch;patchdir=../trusted-services \ - file://0019-plat-corstone1000-change-default-smm-values.patch;patchdir=../trusted-services \ - file://0020-FMP-Support-in-Corstone1000.patch;patchdir=../trusted-services \ - file://0021-smm_gateway-add-checks-for-null-attributes.patch;patchdir=../trusted-services \ - file://0022-GetNextVariableName-Fix.patch;patchdir=../trusted-services \ - file://0023-Use-the-stateless-platform-service.patch;patchdir=../trusted-services \ - file://0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch;patchdir=../trusted-services \ - file://0025-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch;patchdir=../trusted-services \ - file://0026-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch;patchdir=../trusted-services \ + file://0001-Add-stub-capsule-update-service-components.patch;patchdir=../trusted-services \ + file://0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch;patchdir=../trusted-services \ + file://0003-FMP-Support-in-Corstone1000.patch;patchdir=../trusted-services \ + file://0004-GetNextVariableName-Fix.patch;patchdir=../trusted-services \ + file://0005-plat-corstone1000-add-compile-definitions-for-ECP_DP.patch;patchdir=../trusted-services \ + file://0006-plat-corstone1000-Use-the-stateless-platform-service.patch;patchdir=../trusted-services \ + file://0007-plat-corstone1000-Initialize-capsule-update-provider.patch;patchdir=../trusted-services \ " |