diff options
Diffstat (limited to 'meta-arm/meta-arm-bsp')
55 files changed, 762 insertions, 9289 deletions
diff --git a/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc b/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc index 3915d18b56..198c7ec877 100644 --- a/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc +++ b/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc @@ -43,6 +43,7 @@ OPTEE_BINARY = "tee-pager_v2.bin" # Include smm-gateway and se-proxy SPs into optee-os binary MACHINE_FEATURES += "ts-smm-gateway ts-se-proxy" TS_PLATFORM = "arm/corstone1000" +TS_SP_SE_PROXY_CONFIG = "corstone1000" # External System(Cortex-M3) EXTRA_IMAGEDEPENDS += "external-system" diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst index 64e82aac98..32d6529279 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst @@ -1,5 +1,5 @@ .. - # Copyright (c) 2022, Arm Limited. + # Copyright (c) 2022-2023, Arm Limited. # # SPDX-License-Identifier: MIT @@ -10,6 +10,72 @@ Change Log This document contains a summary of the new features, changes and fixes in each release of Corstone-1000 software stack. +*************** +Version 2023.06 +*************** + +Changes +======= + +- GPT support (in TF-M, TF-A, U-boot) +- Use TF-M BL1 code as the ROM code instead of MCUboot (the next stage bootloader BL2 remains to be MCUboot) +- Secure Enclave uses CC312 OTP as the provisioning backend in FVP and FPGA +- NVMXIP block storage support in U-Boot +- Upgrading the SW stack recipes +- Upgrades for the U-Boot FF-A driver and MM communication + +Corstone-1000 components versions +================================= + ++-------------------------------------------+--------------------------------------------+ +| arm-ffa-tee | 1.1.2-r0 | ++-------------------------------------------+--------------------------------------------+ +| arm-ffa-user | 5.0.1-r0 | ++-------------------------------------------+--------------------------------------------+ +| corstone1000-external-sys-tests | 1.0+gitAUTOINC+2945cd92f7-r0 | ++-------------------------------------------+--------------------------------------------+ +| external-system | 0.1.0+gitAUTOINC+8c9dca74b1-r0 | ++-------------------------------------------+--------------------------------------------+ +| linux-yocto | 6.1.25+gitAUTOINC+36901b5b29_581dc1aa2f-r0 | ++-------------------------------------------+--------------------------------------------+ +| u-boot | 2023.01-r0 | ++-------------------------------------------+--------------------------------------------+ +| optee-client | 3.18.0-r0 | ++-------------------------------------------+--------------------------------------------+ +| optee-os | 3.20.0-r0 | ++-------------------------------------------+--------------------------------------------+ +| trusted-firmware-a | 2.8.0-r0 | ++-------------------------------------------+--------------------------------------------+ +| trusted-firmware-m | 1.7.0-r0 | ++-------------------------------------------+--------------------------------------------+ +| ts-newlib | 4.1.0-r0 | ++-------------------------------------------+--------------------------------------------+ +| ts-psa-{crypto, iat, its. ps}-api-test | 38cb53a4d9 | ++-------------------------------------------+--------------------------------------------+ +| ts-sp-{se-proxy, smm-gateway} | 08b3d39471 | ++-------------------------------------------+--------------------------------------------+ + +Yocto distribution components versions +====================================== + ++-------------------------------------------+--------------------------------+ +| meta-arm | mickledore | ++-------------------------------------------+--------------------------------+ +| poky | mickledore | ++-------------------------------------------+--------------------------------+ +| meta-openembedded | mickledore | ++-------------------------------------------+--------------------------------+ +| busybox | 1.36.0-r0 | ++-------------------------------------------+--------------------------------+ +| musl | 1.2.3+gitAUTOINC+7d756e1c04-r0 | ++-------------------------------------------+--------------------------------+ +| gcc-arm-none-eabi-native | 11.2-2022.02 | ++-------------------------------------------+--------------------------------+ +| gcc-cross-aarch64 | 12.2.rel1-r0 | ++-------------------------------------------+--------------------------------+ +| openssl | 3.1.0-r0 | ++-------------------------------------------+--------------------------------+ + ****************** Version 2022.11.23 ****************** @@ -25,7 +91,7 @@ Changes - Upgrades for the U-Boot FF-A driver and MM communication Corstone-1000 components versions -======================================= +================================= +-------------------------------------------+------------+ | arm-ffa-tee | 1.1.1 | @@ -56,7 +122,7 @@ Corstone-1000 components versions +-------------------------------------------+------------+ Yocto distribution components versions -======================================= +====================================== +-------------------------------------------+---------------------+ | meta-arm | langdale | @@ -161,4 +227,4 @@ Changes -------------- -*Copyright (c) 2022, Arm Limited. All rights reserved.* +*Copyright (c) 2022-2023, Arm Limited. All rights reserved.* diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/CorstoneSubsystems.png b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/CorstoneSubsystems.png Binary files differindex a41e721027..4c6a2a8c8c 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/CorstoneSubsystems.png +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/CorstoneSubsystems.png diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png Binary files differindex 38407c08d9..399f87568f 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureBootChain.png b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureBootChain.png Binary files differindex bc5b4ba35e..88bb1259f6 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureBootChain.png +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureBootChain.png diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureServices.png b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureServices.png Binary files differindex b7631b0230..1e37d803b7 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureServices.png +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureServices.png diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/UEFISupport.png b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/UEFISupport.png Binary files differindex f58531719d..a501de556e 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/UEFISupport.png +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/UEFISupport.png diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst index 89a4fa9ab2..62e3f8ff66 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst @@ -1,5 +1,5 @@ .. - # Copyright (c) 2022, Arm Limited. + # Copyright (c) 2022-2023, Arm Limited. # # SPDX-License-Identifier: MIT @@ -19,6 +19,28 @@ intended for safety-critical applications. Should Your Software or Your Hardware prove defective, you assume the entire cost of all necessary servicing, repair or correction. +*********************** +Release notes - 2023.06 +*********************** + +Known Issues or Limitations +--------------------------- + - FPGA supports Linux distro install and boot through installer. However, FVP only supports openSUSE raw image installation and boot. + - Due to the performance uplimit of MPS3 FPGA and FVP, some Linux distros like Fedora Rawhide can not boot on Corstone-1000 (i.e. user may experience timeouts or boot hang). + - PSA Crypto tests (psa-crypto-api-test command) take 30 minutes to complete for FVP and 1 hour for MPS3. + - Corstone-1000 SoC on FVP doesn't have a secure debug peripheral. It does on the MPS3 . + - The following limitations listed in the previous release are still applicable: + + - UEFI Compliant - Boot from network protocols must be implemented -- FAILURE + + - Known limitations regarding ACS tests - see previous release's notes. + +Platform Support +----------------- + - This software release is tested on Corstone-1000 FPGA version AN550_v2 + https://developer.arm.com/downloads/-/download-fpga-images + - This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.19_21 + https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps ************************** Release notes - 2022.11.23 @@ -174,4 +196,4 @@ For all security issues, contact Arm by email at arm-security@arm.com. -------------- -*Copyright (c) 2022, Arm Limited. All rights reserved.* +*Copyright (c) 2022-2023, Arm Limited. All rights reserved.* diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst index a17f1b8a68..bf3535b2ec 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst @@ -1,5 +1,5 @@ .. - # Copyright (c) 2022, Arm Limited. + # Copyright (c) 2022-2023, Arm Limited. # # SPDX-License-Identifier: MIT @@ -9,16 +9,16 @@ Software architecture ***************** -ARM corstone1000 +Arm Corstone-1000 ***************** -ARM corstone1000 is a reference solution for IoT devices. It is part of +Arm Corstone-1000 is a reference solution for IoT devices. It is part of Total Solution for IoT which consists of hardware and software reference implementation. -Corstone1000 software plus hardware reference solution is PSA Level-2 ready +Corstone-1000 software plus hardware reference solution is PSA Level-2 ready certified (`PSA L2 Ready`_) as well as System Ready IR certified(`SRIR cert`_). -More information on the corstone1000 subsystem product and design can be +More information on the Corstone-1000 subsystem product and design can be found at: `Arm corstone1000 Software`_ and `Arm corstone1000 Technical Overview`_. @@ -31,12 +31,12 @@ present in the user-guide document. Design Overview *************** -The software architecture of corstone1000 platform is a reference +The software architecture of Corstone-1000 platform is a reference implementation of Platform Security Architecture (`PSA`_) which provides framework to build secure IoT devices. The base system architecture of the platform is created from three -different tyes of systems: Secure Enclave, Host and External System. +different types of systems: Secure Enclave, Host and External System. Each subsystem provides different functionality to overall SoC. @@ -50,9 +50,9 @@ cryptographic functions. It is based on an Cortex-M0+ processor, CC312 Cryptographic Accelerator and peripherals, such as watchdog and secure flash. Software running on the Secure Enclave is isolated via hardware for enhanced security. Communication with the Secure Encalve -is achieved using Message Hnadling Units (MHUs) and shared memory. -On system power on, the Secure Enclaves boots first. Its software -comprises of two boot loading stages, both based on mcuboot, and +is achieved using Message Handling Units (MHUs) and shared memory. +On system power on, the Secure Enclave boots first. Its software +comprises of a ROM code (TF-M BL1), Mcuboot BL2, and TrustedFirmware-M(`TF-M`_) as runtime software. The software design on Secure Enclave follows Firmware Framework for M class processor (`FF-M`_) specification. @@ -66,7 +66,7 @@ The boot process follows Trusted Boot Base Requirement (`TBBR`_). The Host Subsystem is taken out of reset by the Secure Enclave system during its final stages of the initialization. The Host subsystem runs FF-A Secure Partitions(based on `Trusted Services`_) and OPTEE-OS -(`OPTEE-OS`_) in the secure world, and u-boot(`u-boot repo`_) and +(`OPTEE-OS`_) in the secure world, and U-Boot(`U-Boot repo`_) and linux (`linux repo`_) in the non-secure world. The communication between non-secure and the secure world is performed via FF-A messages. @@ -75,7 +75,7 @@ functionality. The system is based on Cortex-M3 and run RTX RTOS. Communictaion between external system and Host(cortex-A35) is performed using MHU as transport mechanism and rpmsg messaging system. -Overall, the corstone1000 architecture is designed to cover a range +Overall, the Corstone-1000 architecture is designed to cover a range of Power, Performance, and Area (PPA) applications, and enable extension for use-case specific applications, for example, sensors, cloud connectivitiy, and edge computing. @@ -85,13 +85,13 @@ Secure Boot Chain ***************** For the security of a device, it is essential that only authorized -software should run on the device. The corstone1000 boot uses a +software should run on the device. The Corstone-1000 boot uses a Secure Boot Chain process where an already authenticated image verifies and loads the following software in the chain. For the boot chain process to work, the start of the chain should be trusted, forming the Root of Trust (RoT) of the device. The RoT of the device is immutable in nature and encoded into the device by the device owner before it -is deployed into the field. In Corstone1000, the BL1 image of the secure +is deployed into the field. In Corstone-1000, the BL1 image of the secure enclave and content of the CC312 OTP (One Time Programmable) memory forms the RoT. The BL1 image exists in ROM (Read Only Memory). @@ -99,18 +99,20 @@ forms the RoT. The BL1 image exists in ROM (Read Only Memory). :width: 870 :alt: SecureBootChain -It is a lengthy chain to boot the software on corstone1000. On power on, +It is a lengthy chain to boot the software on Corstone-1000. On power on, the secure enclave starts executing BL1 code from the ROM which is the RoT of the device. Authentication of an image involves the steps listed below: - Load image from flash to dynamic RAM. -- The public key present in the image header is validated by comparing with the hash. Depending on the image, the hash of the public key is either stored in the OTP or part of the software which is being already verfied in the previous stages. +- The public key present in the image header is validated by comparing with the hash. + Depending on the image, the hash of the public key is either stored in the OTP or part + of the software which is being already verified in the previous stages. - The image is validated using the public key. In the secure enclave, BL1 authenticates the BL2 and passes the execution -control. BL2 authenticates the initial boot loader of the host (Host BL2) +control. BL2 authenticates the initial boot loader of the host (Host TF-A BL2) and TF-M. The execution control is now passed to TF-M. TF-M being the run -time executable of secure enclaves initializes itself and, in the end, +time executable of secure enclave which initializes itself and, at the end, brings the host CPU out of rest. The host follows the boot standard defined in the `TBBR`_ to authenticate the secure and non-secure software. @@ -118,10 +120,10 @@ in the `TBBR`_ to authenticate the secure and non-secure software. Secure Services *************** -corstone1000 is unique in providing a secure environment to run a secure -workload. The platform has Trustzone technology in the Host subsystem but +Corstone-1000 is unique in providing a secure environment to run a secure +workload. The platform has TrustZone technology in the Host subsystem but it also has hardware isolated secure enclave environment to run such secure -workloads. In corstone1000, known Secure Services such as Crypto, Protected +workloads. In Corstone-1000, known Secure Services such as Crypto, Protected Storage, Internal Trusted Storage and Attestation are available via PSA Functional APIs in TF-M. There is no difference for a user communicating to these services which are running on a secure enclave instead of the @@ -137,7 +139,7 @@ flow path for such calls. The SE Proxy SP (Secure Enclave Proxy Secure Partition) is a proxy partition managed by OPTEE which forwards such calls to the secure enclave. The solution relies on OpenAMP which uses shared memory and MHU interrupts as -a doorbell for communication between two cores. corstone1000 implements +a doorbell for communication between two cores. Corstone-1000 implements isolation level 2. Cortex-M0+ MPU (Memory Protection Unit) is used to implement isolation level 2. @@ -147,7 +149,7 @@ lower latency vs higher security. Services running on a secure enclave are secure by real hardware isolation but have a higher latency path. In the second scenario, the services running on the secure world of the host subsystem have lower latency but virtual hardware isolation created by -Trustzone technology. +TrustZone technology. ********************** @@ -156,14 +158,14 @@ Secure Firmware Update Apart from always booting the authorized images, it is also essential that the device only accepts the authorized images in the firmware update -process. corstone1000 supports OTA (Over the Air) firmware updates and +process. Corstone-1000 supports OTA (Over the Air) firmware updates and follows Platform Security Firmware Update sepcification (`FWU`_). As standardized into `FWU`_, the external flash is divided into two banks of which one bank has currently running images and the other bank is used for staging new images. There are four updatable units, i.e. Secure Enclave's BL2 and TF-M, and Host's FIP (Firmware Image Package) and Kernel -Image. The new images are accepted in the form of a UEFI capsule. +Image (the initramfs bundle). The new images are accepted in the form of a UEFI capsule. .. image:: images/ExternalFlash.png @@ -194,13 +196,13 @@ guarantee the availability of the device. ****************************** -UEFI Runtime Support in u-boot +UEFI Runtime Support in U-Boot ****************************** Implementation of UEFI boottime and runtime APIs require variable storage. -In corstone1000, these UEFI variables are stored in the Protected Storage +In Corstone-1000, these UEFI variables are stored in the Protected Storage service. The below diagram presents the data flow to store UEFI variables. -The u-boot implementation of the UEFI subsystem uses the FF-A driver to +The U-Boot implementation of the UEFI subsystem uses the U-Boot FF-A driver to communicate with the SMM Service in the secure world. The backend of the SMM service uses the proxy PS from the SE Proxy SP. From there on, the PS calls are forwarded to the secure enclave as explained above. @@ -215,11 +217,12 @@ calls are forwarded to the secure enclave as explained above. References *************** `ARM corstone1000 Search`_ + `Arm security features`_ -------------- -*Copyright (c) 2022, Arm Limited. All rights reserved.* +*Copyright (c) 2022-2023, Arm Limited. All rights reserved.* .. _Arm corstone1000 Technical Overview: https://developer.arm.com/documentation/102360/0000 .. _Arm corstone1000 Software: https://developer.arm.com/Tools%20and%20Software/Corstone-1000%20Software @@ -236,4 +239,4 @@ References .. _TBBR: https://developer.arm.com/documentation/den0006/latest .. _TF-M: https://www.trustedfirmware.org/projects/tf-m/ .. _Trusted Services: https://www.trustedfirmware.org/projects/trusted-services/ -.. _u-boot repo: https://github.com/u-boot/u-boot.git +.. _U-Boot repo: https://github.com/u-boot/u-boot.git diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst index e173f244b4..a5ccb31382 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst @@ -1,5 +1,5 @@ .. - # Copyright (c) 2022, Arm Limited. + # Copyright (c) 2022-2023, Arm Limited. # # SPDX-License-Identifier: MIT @@ -15,21 +15,35 @@ The Yocto Project relies on the `Bitbake <https://docs.yoctoproject.org/bitbake. tool as its build tool. Please see `Yocto Project documentation <https://docs.yoctoproject.org/>`__ for more information. - Prerequisites ------------- -These instructions assume your host PC is running Ubuntu Linux 18.04 or 20.04 LTS, with at least 32GB of free disk space and 16GB of RAM as minimum requirement. The following instructions expect that you are using a bash shell. All the paths stated in this document are absolute paths. -The following prerequisites must be available on the host system. To resolve these dependencies, run: +This guide assumes that your host PC is running Ubuntu 20.04 LTS, with at least +32GB of free disk space and 16GB of RAM as minimum requirement. -:: +The following prerequisites must be available on the host system: + +- Git 1.8.3.1 or greater +- tar 1.28 or greater +- Python 3.8.0 or greater. +- gcc 8.0 or greater. +- GNU make 4.0 or greater + +Please follow the steps described in the Yocto mega manual: + +- `Compatible Linux Distribution <https://docs.yoctoproject.org/singleindex.html#compatible-linux-distribution>`__ +- `Build Host Packages <https://docs.yoctoproject.org/singleindex.html#build-host-packages>`__ + +Targets +------- - sudo apt-get update - sudo apt-get install gawk wget git-core diffstat unzip texinfo gcc-multilib \ - build-essential chrpath socat cpio python3 python3-pip python3-pexpect \ - xz-utils debianutils iputils-ping python3-git libegl1-mesa libsdl1.2-dev \ - xterm zstd liblz4-tool picocom - sudo apt-get upgrade libstdc++6 +- `Arm Corstone-1000 Ecosystem FVP (Fixed Virtual Platform) <https://developer.arm.com/downloads/-/arm-ecosystem-fvps>`__ +- `Arm Corstone-1000 for MPS3 <https://developer.arm.com/documentation/dai0550/latest/>`__ + +Yocto stable branch +------------------- + +Corstone-1000 software stack is built on top of Yocto mickledore. Provided components ------------------- @@ -44,6 +58,8 @@ The Yocto machine config files for the Corstone-1000 FVP and FPGA targets are: - ``<_workspace>/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf`` - ``<_workspace>/meta-arm/meta-arm-bsp/conf/machine/corstone1000-mps3.conf`` +**NOTE:** All the paths stated in this document are absolute paths. + ***************** Software for Host ***************** @@ -52,50 +68,52 @@ Trusted Firmware-A ================== Based on `Trusted Firmware-A <https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git>`__ -+----------+---------------------------------------------------------------------------------------------------+ -| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.7.bbappend | -+----------+---------------------------------------------------------------------------------------------------+ -| Recipe | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.7.bb | -+----------+---------------------------------------------------------------------------------------------------+ ++----------+-----------------------------------------------------------------------------------------------------+ +| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.%.bbappend | ++----------+-----------------------------------------------------------------------------------------------------+ +| Recipe | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.0.bb | ++----------+-----------------------------------------------------------------------------------------------------+ OP-TEE ====== Based on `OP-TEE <https://git.trustedfirmware.org/OP-TEE/optee_os.git>`__ +----------+------------------------------------------------------------------------------------+ -| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bbappend | +| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.20.0.bbappend | +----------+------------------------------------------------------------------------------------+ -| Recipe | <_workspace>/meta-arm/meta-arm/recipes-security/optee/optee-os_3.18.0.bb | +| Recipe | <_workspace>/meta-arm/meta-arm/recipes-security/optee/optee-os_3.20.0.bb | +----------+------------------------------------------------------------------------------------+ U-Boot -======= -Based on `U-Boot <https://gitlab.com/u-boot>`__ +====== +Based on `U-Boot repo`_ -+----------+---------------------------------------------------------------------+ -| bbappend | <_workspace>/meta-arm/meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend | -+----------+---------------------------------------------------------------------+ -| Recipe | <_workspace>/poky/meta/recipes-bsp/u-boot/u-boot_2022.07.bb | -+----------+---------------------------------------------------------------------+ ++----------+-------------------------------------------------------------------------+ +| bbappend | <_workspace>/meta-arm/meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend | ++----------+-------------------------------------------------------------------------+ +| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend | ++----------+-------------------------------------------------------------------------+ +| Recipe | <_workspace>/poky/meta/recipes-bsp/u-boot/u-boot_2023.01.bb | ++----------+-------------------------------------------------------------------------+ Linux ===== The distro is based on the `poky-tiny <https://wiki.yoctoproject.org/wiki/Poky-Tiny>`__ distribution which is a Linux distribution stripped down to a minimal configuration. -The provided distribution is based on busybox and built using muslibc. The +The provided distribution is based on busybox and built using musl libc. The recipe responsible for building a tiny version of Linux is listed below. +-----------+----------------------------------------------------------------------------------------------+ | bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_%.bbappend | +-----------+----------------------------------------------------------------------------------------------+ -| Recipe | <_workspace>/poky/meta/recipes-kernel/linux/linux-yocto_5.19.bb | +| Recipe | <_workspace>/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb | +-----------+----------------------------------------------------------------------------------------------+ | defconfig | <_workspace>/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig | +-----------+----------------------------------------------------------------------------------------------+ External System Tests -======================= +===================== Based on `Corstone-1000/applications <https://git.gitlab.arm.com/arm-reference-solutions/corstone1000/applications>`__ +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ @@ -109,15 +127,15 @@ Software for Boot Processor (a.k.a Secure Enclave) ************************************************** Based on `Trusted Firmware-M <https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git>`__ -+----------+-------------------------------------------------------------------------------------------------+ -| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_%.bbappend | -+----------+-------------------------------------------------------------------------------------------------+ -| Recipe | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb | -+----------+-------------------------------------------------------------------------------------------------+ ++----------+-----------------------------------------------------------------------------------------------------+ +| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.%.bbappend | ++----------+-----------------------------------------------------------------------------------------------------+ +| Recipe | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.0.bb | ++----------+-----------------------------------------------------------------------------------------------------+ -************************************************** +******************************** Software for the External System -************************************************** +******************************** RTX ==== @@ -150,7 +168,7 @@ In the top directory of the workspace ``<_workspace>``, run: :: - git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.11.23 + git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2023.06 To build a Corstone-1000 image for MPS3 FPGA, run: @@ -173,46 +191,47 @@ Once the build is successful, all output binaries will be placed in the followin - ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3/`` folder for FPGA build. Everything apart from the Secure Enclave ROM firmware and External System firmware, is bundled into a single binary, the -``corstone1000-image-corstone1000-{mps3,fvp}.wic.nopt`` file. +``corstone1000-image-corstone1000-{mps3,fvp}.wic`` file. The output binaries run in the Corstone-1000 platform are the following: - The Secure Enclave ROM firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/bl1.bin`` - The External System firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/es_flashfw.bin`` - - The flash image: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/corstone1000-image-corstone1000-{mps3,fvp}.wic.nopt`` + - The flash image: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/corstone1000-image-corstone1000-{mps3,fvp}.wic`` Flash the firmware image on FPGA -------------------------------- -The user should download the FPGA bit file image ``AN550: Arm® Corstoneâ„¢-1000 for MPS3 Version 1`` +The user should download the FPGA bit file image ``AN550: Arm® Corstoneâ„¢-1000 for MPS3 Version 2.0`` from `this link <https://developer.arm.com/tools-and-software/development-boards/fpga-prototyping-boards/download-fpga-images>`__ -and under the section ``Arm® Corstoneâ„¢-1000 for MPS3``. +and under the section ``Arm® Corstoneâ„¢-1000 for MPS3``. The download is available after logging in. The directory structure of the FPGA bundle is shown below. :: - Boardfiles - ├── MB - │  ├── BRD_LOG.TXT - │  ├── HBI0309B - │  │  ├── AN550 - │  │  │  ├── AN550_v1.bit - │  │  │  ├── an550_v1.txt - │  │  │  └── images.txt - │  │  ├── board.txt - │  │  └── mbb_v210.ebf - │  └── HBI0309C - │  ├── AN550 - │  │  ├── AN550_v1.bit - │  │  ├── an550_v1.txt - │  │  └── images.txt - │  ├── board.txt - │  └── mbb_v210.ebf - ├── SOFTWARE - │  ├── ES0.bin - │  ├── SE.bin - │  └── an550_st.axf - └── config.txt + Boardfiles + ├── config.txt + ├── MB + │  ├── BRD_LOG.TXT + │  ├── HBI0309B + │  │  ├── AN550 + │  │  │  ├── AN550_v2.bit + │  │  │  ├── an550_v2.txt + │  │  │  └── images.txt + │  │  ├── board.txt + │  │  └── mbb_v210.ebf + │  └── HBI0309C + │  ├── AN550 + │  │  ├── AN550_v2.bit + │  │  ├── an550_v2.txt + │  │  └── images.txt + │  ├── board.txt + │  └── mbb_v210.ebf + └── SOFTWARE + ├── an550_st.axf + ├── bl1.bin + ├── cs1000.bin + └── ES0.bin Depending upon the MPS3 board version (printed on the MPS3 board) you should update the images.txt file (in corresponding HBI0309x folder. Boardfiles/MB/HBI0309<board_revision>/AN550/images.txt) so that the file points to the images under SOFTWARE directory. @@ -242,7 +261,7 @@ stack can be seen below; IMAGE0FILE: \SOFTWARE\bl1.bin IMAGE1PORT: 0 - IMAGE1ADDRESS: 0x00_0010_0000 + IMAGE1ADDRESS: 0x00_0000_0000 IMAGE1UPDATE: AUTOQSPI IMAGE1FILE: \SOFTWARE\cs1000.bin @@ -256,10 +275,9 @@ OUTPUT_DIR = ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3`` 1. Copy ``bl1.bin`` from OUTPUT_DIR directory to SOFTWARE directory of the FPGA bundle. 2. Copy ``es_flashfw.bin`` from OUTPUT_DIR directory to SOFTWARE directory of the FPGA bundle and rename the binary to ``es0.bin``. -3. Copy ``corstone1000-image-corstone1000-mps3.wic.nopt`` from OUTPUT_DIR directory to SOFTWARE - directory of the FPGA bundle and rename the wic.nopt image to ``cs1000.bin``. +3. Copy ``corstone1000-image-corstone1000-mps3.wic`` from OUTPUT_DIR directory to SOFTWARE + directory of the FPGA bundle and rename the wic image to ``cs1000.bin``. - **NOTE:** Renaming of the images are required because MCC firmware has limitation of 8 characters before .(dot) and 3 characters after .(dot). @@ -274,7 +292,7 @@ be ttyUSB0, ttyUSB1, ttyUSB2, ttyUSB3 and it might be different on Windows machi - ttyUSB0 for MCC, OP-TEE and Secure Partition - ttyUSB1 for Boot Processor (Cortex-M0+) - ttyUSB2 for Host Processor (Cortex-A35) - - ttyUSB3 for External System Processor (Cortex-M3) + - ttyUSB3 for External System Processor (Cortex-M3) Run following commands to open serial port terminals on Linux: @@ -285,12 +303,26 @@ Run following commands to open serial port terminals on Linux: sudo picocom -b 115200 /dev/ttyUSB2 # in another terminal. sudo picocom -b 115200 /dev/ttyUSB3 # in another terminal. +**NOTE:** The MPS3 expects an ethernet cable to be plugged in, otherwise it will +wait for the network for a considerable amount of time, printing the following +logs: + +:: + + Generic PHY 40100000.ethernet-ffffffff:01: attached PHY driver (mii_bus:phy_addr=40100000.ethernet-ffffffff:01, irq=POLL) + smsc911x 40100000.ethernet eth0: SMSC911x/921x identified at 0xffffffc008e50000, IRQ: 17 + Waiting up to 100 more seconds for network. + Once the system boot is completed, you should see console logs on the serial port terminals. Once the HOST(Cortex-A35) is booted completely, user can login to the shell using **"root"** login. -If system does not boot and only the ttyUSB1 logs are visible, please follow the steps in `Clean Secure Flash Before Testing (applicable to FPGA only)`_ under `SystemReady-IR tests`_ section. The previous image used in FPGA (MPS3) might have filled the Secure Flash completely. The best practice is to clean the secure flash in this case. +If system does not boot and only the ttyUSB1 logs are visible, please follow the +steps in `Clean Secure Flash Before Testing (applicable to FPGA only)`_ under +`SystemReady-IR tests`_ section. The previous image used in FPGA (MPS3) might +have filled the Secure Flash completely. The best practice is to clean the +secure flash in this case. Running the software on FVP @@ -321,7 +353,7 @@ To run the FVP using the runfvp command, please run the following command: When the script is executed, three terminal instances will be launched, one for the boot processor (aka Secure Enclave) processing element and two for the Host processing element. Once the FVP is -executing, the Boot Processor will start to boot, wherein the relevant memory contents of the .wic.nopt +executing, the Boot Processor will start to boot, wherein the relevant memory contents of the .wic file are copied to their respective memory locations within the model, enforce firewall policies on memories and peripherals and then, bring the host out of reset. @@ -337,11 +369,11 @@ Login using the username root. The External System can be released out of reset on demand using the systems-comms-tests command. SystemReady-IR tests -------------------------- +-------------------- -********************* +************* Testing steps -********************* +************* **NOTE**: Running the SystemReady-IR tests described below requires the user to work with USB sticks. In our testing, not all USB stick models work well with @@ -359,7 +391,7 @@ erase the SecureEnclave flash cleanly and prepare a clean board environment for the testing. Clean Secure Flash Before Testing (applicable to FPGA only) -================================================================== +=========================================================== To prepare a clean board environment with clean secure flash for the testing, the user should prepare an image that erases the secure flash cleanly during @@ -368,17 +400,17 @@ boot. Run following commands to build such image. :: cd <_workspace> - git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.11.23 - git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2022.11.23 - cp -f systemready-patch/embedded-a/corstone1000/erase_flash/0001-arm-bsp-trusted-firmware-m-corstone1000-Clean-Secure.patch meta-arm + git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2023.06 + git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2023.06 + cp -f systemready-patch/embedded-a/corstone1000/erase_flash/0001-embedded-a-corstone1000-clean-secure-flash.patch meta-arm cd meta-arm - git apply 0001-arm-bsp-trusted-firmware-m-corstone1000-Clean-Secure.patch + git apply 0001-embedded-a-corstone1000-clean-secure-flash.patch cd .. kas build meta-arm/kas/corstone1000-mps3.yml Replace the bl1.bin and cs1000.bin files on the SD card with following files: - The ROM firmware: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/bl1.bin - - The flash image: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt + - The flash image: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic Now reboot the board. This step erases the Corstone-1000 SecureEnclave flash completely, the user should expect following message from TF-M log (can be seen @@ -394,10 +426,16 @@ Then the user should follow "Building the software stack" to build a clean software stack and flash the FPGA as normal. And continue the testing. Run SystemReady-IR ACS tests -============================= +============================ + +Architecture Compliance Suite (ACS) is used to ensure architectural compliance +across different implementations of the architecture. Arm Enterprise ACS +includes a set of examples of the invariant behaviors that are provided by a +set of specifications for enterprise systems (For example: SBSA, SBBR, etc.), +so that implementers can verify if these behaviours have been interpreted correctly. ACS image contains two partitions. BOOT partition and RESULT partition. -Following packages are under BOOT partition +Following test suites and bootable applications are under BOOT partition: * SCT * FWTS @@ -406,12 +444,30 @@ Following packages are under BOOT partition * grub * uefi manual capsule application +BOOT partition contains the following: + +:: + + ├── EFI + │  └── BOOT + │  ├── app + │  ├── bbr + │  ├── bootaa64.efi + │  ├── bsa + │  ├── debug + │  ├── Shell.efi + │  └── startup.nsh + ├── grub + ├── grub.cfg + ├── Image + └── ramdisk-busybox.img + RESULT partition is used to store the test results. -PLEASE MAKE SURE THAT THE RESULT PARTITION IS EMPTY BEFORE YOU START THE TESTING. OTHERWISE THE TEST RESULTS +**NOTE**: PLEASE MAKE SURE THAT THE RESULT PARTITION IS EMPTY BEFORE YOU START THE TESTING. OTHERWISE THE TEST RESULTS WILL NOT BE CONSISTENT FPGA instructions for ACS image -================================ +=============================== This section describes how the user can build and run Architecture Compliance Suite (ACS) tests on Corstone-1000. @@ -449,10 +505,11 @@ Once the USB stick with ACS image is prepared, the user should make sure that ensure that only the USB stick with the ACS image is connected to the board, and then boot the board. -The FPGA will reset multiple times during the test, and it might take approx. 24-36 hours to finish the test. At the end of test, the FPGA host terminal will halt showing a shell prompt. Once test is finished the result can be copied following above instructions. +The FPGA will reset multiple times during the test, and it might take approx. 24-36 hours to finish the test. + FVP instructions for ACS image and run -============================================ +====================================== Download ACS image from: - ``https://gitlab.arm.com/systemready/acs/arm-systemready/-/tree/linux-5.17-rc7/IR/prebuilt_images/v22.04_1.0-Linux-v5.17-rc7`` @@ -487,7 +544,7 @@ Once test is finished, the FVP can be stoped, and result can be copied following instructions. Common to FVP and FPGA -=========================== +====================== U-Boot should be able to boot the grub bootloader from the 1st partition and if grub is not interrupted, tests are executed @@ -496,14 +553,13 @@ automatically in the following sequence: - SCT - UEFI BSA - FWTS - - BSA Linux The results can be fetched from the ``acs_results`` folder in the RESULT partition of the USB stick (FPGA) / SD Card (FVP). ##################################################### Manual capsule update and ESRT checks ---------------------------------------------------------------------- +------------------------------------- The following section describes running manual capsule update with the ``direct`` method. @@ -518,63 +574,86 @@ incorrect capsule (corrupted or outdated) which fails to boot to the host softwa Check the "Run SystemReady-IR ACS tests" section above to download and unpack the ACS image file - ``ir_acs_live_image.img.xz`` -Download edk2 under <_workspace> : +Download edk2 under <_workspace>: :: git clone https://github.com/tianocore/edk2.git + cd edk2 + git checkout f2188fe5d1553ad1896e27b2514d2f8d0308da8a -********************* -Generating Capsules -********************* +Download systemready-patch repo under <_workspace>: +:: -The capsule binary size (wic.nopt file) should be less than 15 MB. + git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2023.06 -Based on the user's requirement, the user can change the firmware version -number given to ``--fw-version`` option (the version number needs to be >= 1). +******************* +Generating Capsules +******************* Generating FPGA Capsules ======================== :: - <_workspace>/edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \ - cs1k_cap_mps3_v5 --fw-version 5 --lsv 0 --guid \ - e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \ - 0 --verbose <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt + cd <_workspace>/build/tmp/deploy/images/corstone1000-mps3/ + sh <_workspace>/systemready-patch/embedded-a/corstone1000/capsule_gen/capsule_gen.sh -d mps3 + +This will generate a file called "corstone1000_image.nopt" which will be used to +generate a UEFI capsule. :: - <_workspace>/edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \ - cs1k_cap_mps3_v6 --fw-version 6 --lsv 0 --guid \ - e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \ - 0 --verbose <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt + cd <_workspace> + edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o cs1k_cap_mps3_v6 --fw-version 6 \ + --lsv 0 --guid e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index 0 \ + --verbose build/tmp/deploy/images/corstone1000-mps3/corstone1000_image.nopt + + edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o cs1k_cap_mps3_v5 --fw-version 5 \ + --lsv 0 --guid e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index 0 \ + --verbose build/tmp/deploy/images/corstone1000-mps3/corstone1000_image.nopt Generating FVP Capsules -======================== +======================= :: - <_workspace>/edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \ - cs1k_cap_fvp_v6 --fw-version 6 --lsv 0 --guid \ - e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \ - 0 --verbose <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.wic.nopt + cd <_workspace>/build/tmp/deploy/images/corstone1000-fvp/ + sh <_workspace>/systemready-patch/embedded-a/corstone1000/capsule_gen/capsule_gen.sh -d fvp + +This will generate a file called "corstone1000_image.nopt" which will be used to +generate a UEFI capsule. + :: - <_workspace>/edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \ - cs1k_cap_fvp_v5 --fw-version 5 --lsv 0 --guid \ - e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \ - 0 --verbose <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.wic.nopt + cd <_workspace> + edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o cs1k_cap_fvp_v6 \ + --fw-version 6 --lsv 0 --guid e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \ + 0 --verbose build/tmp/deploy/images/corstone1000-fvp/corstone1000_image.nopt -********************* + edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o cs1k_cap_fvp_v5 --fw-version 5 \ + --lsv 0 --guid e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \ + 0 --verbose build/tmp/deploy/images/corstone1000-fvp/corstone1000_image.nopt + + +Common Notes for FVP and FPGA +============================= + +The capsule binary size (wic file) should be less than 15 MB. + +Based on the user's requirement, the user can change the firmware version +number given to ``--fw-version`` option (the version number needs to be >= 1). + + +**************** Copying Capsules -********************* +**************** Copying the FPGA capsules ========================= -The user should prepare a USB stick as explained in ACS image section (see above). +The user should prepare a USB stick as explained in ACS image section `FPGA instructions for ACS image`_. Place the generated ``cs1k_cap`` files in the root directory of the boot partition in the USB stick. Note: As we are running the direct method, the ``cs1k_cap`` file should not be under the EFI/UpdateCapsule directory as this may or may not trigger @@ -612,7 +691,7 @@ Then, unmount the IR image: **NOTE:** -Size of first partition in the image file is calculated in the following way. The data is +The size of first partition in the image file is calculated in the following way. The data is just an example and might vary with different ir_acs_live_image.img files. :: @@ -632,21 +711,21 @@ During this section we will be using the capsule with the higher version (cs1k_c and the capsule with the lower version (cs1k_cap_<fvp/mps3>_v5) for the negative scenario. Running the FVP with the IR prebuilt image -============================================== +========================================== Run the FVP with the IR prebuilt image: :: - <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C "board.msd_mmc.p_mmc_file ${<path-to-img>/ir_acs_live_image.img}" + <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C "board.msd_mmc.p_mmc_file=${<path-to-img>/ir_acs_live_image.img}" Running the FPGA with the IR prebuilt image -============================================== +=========================================== Insert the prepared USB stick then Power cycle the MPS3 board. Executing capsule update for FVP and FPGA -============================================== +========================================= Reach u-boot then interrupt the boot to reach the EFI shell. @@ -687,14 +766,14 @@ Then, reboot manually: Shell> reset FPGA: Select Corstone-1000 Linux kernel boot -============================================== +============================================ Remove the USB stick before u-boot is reached so the Corstone-1000 kernel will be detected and used for booting. **NOTE:** Otherwise, the execution ends up in the ACS live image. FVP: Select Corstone-1000 Linux kernel boot -============================================== +=========================================== Interrupt the u-boot shell. @@ -708,15 +787,14 @@ Run the following commands in order to run the Corstone-1000 Linux kernel and be :: - $ run retrieve_kernel_load_addr $ unzip $kernel_addr 0x90000000 $ loadm 0x90000000 $kernel_addr_r 0xf00000 $ bootefi $kernel_addr_r $fdtcontroladdr -*********************** +********************* Capsule update status -*********************** +********************* Positive scenario ================= @@ -733,7 +811,8 @@ correctly. SysTick_Handler: counted = 30, expiring on = 360 ... metadata_write: success: active = 1, previous = 0 - accept_full_capsule: exit: fwu state is changed to regular + flash_full_capsule: exit + corstone1000_fwu_flash_image: exit: ret = 0 ... @@ -775,15 +854,19 @@ see appropriate logs in the secure enclave terminal. ... uefi_capsule_retrieve_images: image 0 at 0xa0000070, size=15654928 uefi_capsule_retrieve_images: exit - flash_full_capsule: enter: image = 0x0xa0000070, size = 15654928, version = 10 + flash_full_capsule: enter: image = 0x0xa0000070, size = 7764541, version = 5 ERROR: flash_full_capsule: version error private_metadata_write: enter: boot_index = 1 private_metadata_write: success fmp_set_image_info:133 Enter FMP image update: image id = 0 - FMP image update: status = 1version=11 last_attempt_version=10. + FMP image update: status = 1version=6 last_attempt_version=5. fmp_set_image_info:157 Exit. corstone1000_fwu_flash_image: exit: ret = -1 + fmp_get_image_info:232 Enter + pack_image_info:207 ImageInfo size = 105, ImageName size = 34, ImageVersionName + size = 36 + fmp_get_image_info:236 Exit ... @@ -825,54 +908,96 @@ In the Linux command-line run the following: lowest_supported_fw_ver: 0 Linux distros tests ----------------------------------- +------------------- -*************************************************************************************** -Debian/OpenSUSE install and boot (applicable to FPGA only) -*************************************************************************************** +************************************************************* +Debian install and boot preparation (applicable to FPGA only) +************************************************************* + +There is a known issue in the `Shim 15.7 <https://salsa.debian.org/efi-team/shim/-/tree/upstream/15.7?ref_type=tags>`__ +provided with the Debian installer image (see below). This bug causes a fatal +error when attempting to boot media installer for Debian, and it resets the MPS3 before installation starts. +A patch to be applied to the Corstone-1000 stack (only applicable when +installing Debian) is provided to +`Skip the Shim <https://gitlab.arm.com/arm-reference-solutions/systemready-patch/-/blob/CORSTONE1000-2023.06/embedded-a/corstone1000/shim/0001-arm-bsp-u-boot-corstone1000-Skip-the-shim-by-booting.patch>`__. +This patch makes U-Boot automatically bypass the Shim and run grub and allows +the user to proceed with a normal installation. If at the moment of reading this +document the problem is solved in the Shim, the user is encouraged to try the +corresponding new installer image. Otherwise, please apply the patch as +indicated by the instructions listed below. These instructions assume that the +user has already built the stack by following the build steps of this +documentation. -To test Linux distro install and boot, the user should prepare two empty USB sticks (minimum size should be 4GB and formatted with FAT32). +:: + + cd <_workspace> + git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2023.06 + cp -f systemready-patch/embedded-a/corstone1000/shim/0001-arm-bsp-u-boot-corstone1000-Skip-the-shim-by-booting.patch meta-arm + cd meta-arm + git am 0001-arm-bsp-u-boot-corstone1000-Skip-the-shim-by-booting.patch + cd .. + kas shell meta-arm/kas/corstone1000-mps3.yml -c="bitbake u-boot trusted-firmware-a corstone1000-image -c cleansstate; bitbake corstone1000-image" + +Please update the cs1000.bin on the SD card with the newly generated wic file. + +************************************************* +Debian/openSUSE install (applicable to FPGA only) +************************************************* + +To test Linux distro install and boot, the user should prepare two empty USB +sticks (minimum size should be 4GB and formatted with FAT32). Download one of following Linux distro images: - - Debian installer image: https://cdimage.debian.org/cdimage/weekly-builds/arm64/iso-dvd/ - - OpenSUSE Tumbleweed installer image: http://download.opensuse.org/ports/aarch64/tumbleweed/iso/ - - The user should look for a DVD Snapshot like openSUSE-Tumbleweed-DVD-aarch64-Snapshot<date>-Media.iso + - `Debian 12.0.0 installer image <https://cdimage.debian.org/debian-cd/current/arm64/iso-dvd/debian-12.0.0-arm64-DVD-1.iso>`__ + - `OpenSUSE Tumbleweed installer image <http://download.opensuse.org/ports/aarch64/tumbleweed/iso/>`__ -Once the .iso file is downloaded, the .iso file needs to be flashed to your USB drive. +**NOTE:** For OpenSUSE Tumbleweed, the user should look for a DVD Snapshot like +openSUSE-Tumbleweed-DVD-aarch64-Snapshot<date>-Media.iso -In the given example here, we assume the USB device is ``/dev/sdb`` (the user -should use `lsblk` command to confirm). Be cautious here and don't confuse your -host PC's own hard drive with the USB drive. Then copy the contents of an iso -file into the first USB stick, run: +Once the iso file is downloaded, the iso file needs to be flashed to your USB +drive. This can be done with your development machine. + +In the example given below, we assume the USB device is ``/dev/sdb`` (the user +should use the `lsblk` command to confirm). + +**NOTE:** Please don't confuse your host PC's own hard drive with the USB drive. +Then, copy the contents of the iso file into the first USB stick by running the +following command in the development machine: :: sudo dd if=<path-to-iso_file> of=/dev/sdb iflag=direct oflag=direct status=progress bs=1M; sync; -Boot the MSP3 board with the first USB stick connected. Open following minicom sessions: +Unplug the first USB stick from the development machine and connect it to the +MSP3 board. At this moment, only the first USB stick should be connected. Open +the following picocom sessions in your development machine: :: sudo picocom -b 115200 /dev/ttyUSB0 # in one terminal sudo picocom -b 115200 /dev/ttyUSB2 # in another terminal. -Now plug in the second USB stick (once installation screen is visible), the distro installation process will start. The installation prompt can be seen in ttyUSB2. If installer does not start, please try to reboot the board with both USB sticks connected and repeat the process. +When the installation screen is visible in ttyUSB2, plug in the second USB stick +in the MPS3 and start the distro installation process. If the installer does not +start, please try to reboot the board with both USB sticks connected and repeat +the process. **NOTE:** Due to the performance limitation of Corstone-1000 MPS3 FPGA, the distro installation process can take up to 24 hours to complete. -Once installation is complete, unplug the first USB stick and reboot the board. -After successfully installing and booting the Linux distro, the user should see -a login prompt: - -:: +******************************************************* +Debian install clarifications (applicable to FPGA only) +******************************************************* - debian login: +As the installation process for Debian is different than the one for openSUSE, +Debian may need some extra steps, that are indicated below: -Login with the username root. +During Debian installation, please answer the following question: + - "Force GRUB installation to the EFI removable media path?" Yes + - "Update NVRAM variables to automatically boot into Debian?" No -**NOTE:** The Debian installer has a known issue "Install the GRUB bootloader - unable to install " and these are the steps to -follow on the subsequent popups to solve the issue during the installation: +If the grub installation fails, these are the steps to follow on the subsequent +popups: 1. Select "Continue", then "Continue" again on the next popup 2. Scroll down and select "Execute a shell" @@ -898,19 +1023,59 @@ follow on the subsequent popups to solve the issue during the installation: 7. Select "Continue without boot loader", then select "Continue" on the next popup 8. At this stage, the installation should proceed as normal. -*************************************************************************************** +***************************************************************** +Debian/openSUSE boot after installation (applicable to FPGA only) +***************************************************************** + +Once the installation is complete, unplug the first USB stick and reboot the +board. +The board will then enter recovery mode, from which the user can access a shell +after entering the password for the root user. Proceed to edit the following +files accordingly: + +:: + + vi /etc/systemd/system.conf + DefaultDeviceTimeoutSec=infinity + +The file to be editted next is different depending on the installed distro: + +:: + + vi /etc/login.defs # Only applicable to Debian + vi /usr/etc/login.defs # Only applicable to openSUSE + LOGIN_TIMEOUT 180 + +To make sure the changes are applied, please run: + +:: + + systemctl daemon-reload + +After applying the previous commands, please reboot the board. The user should +see a login prompt after booting, for example, for debian: + +:: + + debian login: + +Login with the username root and its corresponding password (already set at +installation time). + +************************************************************ OpenSUSE Raw image install and boot (applicable to FVP only) -*************************************************************************************** +************************************************************ -Steps to download openSUSE Tumbleweed raw image: - - Go to: http://download.opensuse.org/ports/aarch64/tumbleweed/appliances/ - - The user should look for a Tumbleweed-ARM-JeOS-efi.aarch64-* Snapshot, for example, ``openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-<date>-Snapshot<date>.raw.xz`` +Steps to download OpenSUSE Tumbleweed raw image: + - Under `OpenSUSE Tumbleweed appliances <http://download.opensuse.org/ports/aarch64/tumbleweed/appliances/>`__ + - The user should look for a Tumbleweed-ARM-JeOS-efi.aarch64-* Snapshot, for example, + ``openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-<date>-Snapshot<date>.raw.xz`` Once the .raw.xz file is downloaded, the raw image file needs to be extracted: :: - unxz <file-name.raw.xz> + unxz <file-name.raw.xz> The above command will generate a file ending with extension .raw image. Now, use the following command @@ -918,23 +1083,23 @@ to run FVP with raw image installation process. :: -<_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="${openSUSE raw image file path}" + <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="${openSUSE raw image file path}" After successfully installing and booting the Linux distro, the user should see a openSUSE login prompt. :: - localhost login: + localhost login: Login with the username 'root' and password 'linux'. PSA API tests ----------------------- +------------- -*************************************************************************************** +*********************************************************** Run PSA API test commands (applicable to both FPGA and FVP) -*************************************************************************************** +*********************************************************** When running PSA API test commands (aka PSA Arch Tests) on MPS3 FPGA, the user should make sure there is no USB stick connected to the board. Power on the board and boot the board to @@ -948,7 +1113,7 @@ First, load FF-A TEE kernel module: :: - insmod /lib/modules/5.19.14-yocto-standard/extra/arm-ffa-tee.ko + insmod /lib/modules/6.1.32-yocto-standard/extra/arm-ffa-tee.ko Then, check whether the FF-A TEE driver is loaded correctly by using the following command: @@ -960,7 +1125,7 @@ The output should be: :: - arm_ffa_tee 16384 - - Live 0xffffffc0004f0000 (O) + arm_ffa_tee 16384 - - Live 0xffffffc000510000 (O) Now, run the PSA API tests in the following order: @@ -971,15 +1136,17 @@ Now, run the PSA API tests in the following order: psa-its-api-test psa-ps-api-test +**NOTE:** The psa-crypto-api-test takes between 30 minutes to 1 hour to run. + External System tests ------------------------------------ +--------------------- -*************************************************************************************** +************************************************************** Running the External System test command (systems-comms-tests) -*************************************************************************************** +************************************************************** Test 1: Releasing the External System out of reset -=================================================== +================================================== Run this command in the Linux command-line: @@ -1004,7 +1171,7 @@ The output on the External System terminal should be: MHUv2 module 'MHU1_SE' started Test 2: Communication -============================================= +===================== Test 2 releases the External System out of reset if not already done. Then, it performs communication between host and External System. @@ -1014,7 +1181,7 @@ After running Test 1, run this command in the Linux command-line: systems-comms-tests 2 -Additional output on the External System terminal will be printed: +Additional output on the External System terminal will be printed: :: @@ -1058,13 +1225,13 @@ The output on the Host terminal should be: Tests results ------------------------------------ +------------- -As a reference for the end user, reports for various tests for `Corstone-1000 software (CORSTONE1000-2022.11.23) <https://git.yoctoproject.org/meta-arm/tag/?h=CORSTONE1000-2022.11.23>`__ -can be found in `here <https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-test-report/-/tree/master/embedded-a/corstone1000>`__. +As a reference for the end user, reports for various tests for `Corstone-1000 software (CORSTONE1000-2023.06) <https://git.yoctoproject.org/meta-arm/tag/?h=CORSTONE1000-2023.06>`__ +can be found `here <https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-test-report/-/tree/master/embedded-a/corstone1000>`__. Running the software on FVP on Windows ---------------------------------------------------------------- +-------------------------------------- If the user needs to run the Corstone-1000 software on FVP on Windows. The user should follow the build instructions in this document to build on Linux host @@ -1073,6 +1240,7 @@ and launch the FVP binary. -------------- -*Copyright (c) 2022, Arm Limited. All rights reserved.* +*Copyright (c) 2022-2023, Arm Limited. All rights reserved.* .. _Arm Ecosystem FVPs: https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps +.. _U-Boot repo: https://github.com/u-boot/u-boot.git diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0001-Reserve-OP-TEE-memory-from-nwd.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0001-Reserve-OP-TEE-memory-from-nwd.patch new file mode 100644 index 0000000000..2c634e350f --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0001-Reserve-OP-TEE-memory-from-nwd.patch @@ -0,0 +1,41 @@ +From 2d305094f8f500362079e9e7637d46129bf980e4 Mon Sep 17 00:00:00 2001 +From: Adam Johnston <adam.johnston@arm.com> +Date: Tue, 25 Jul 2023 16:05:51 +0000 +Subject: [PATCH] n1sdp: Reserve OP-TEE memory from NWd + +The physical memory which is used to run OP-TEE on the N1SDP is known +to the secure world via TOS_FW_CONFIG, but it may not be known to the +normal world. + +As a precaution, explicitly reserve this memory via NT_FW_CONFIG to +prevent the normal world from using it. This is not required on most +platforms as the Trusted OS is run from secure RAM. + +Upstream-Status: Pending (not yet submited to upstream) +Signed-off-by: Adam Johnston <adam.johnston@arm.com> +--- + plat/arm/board/n1sdp/fdts/n1sdp_nt_fw_config.dts | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/plat/arm/board/n1sdp/fdts/n1sdp_nt_fw_config.dts b/plat/arm/board/n1sdp/fdts/n1sdp_nt_fw_config.dts +index da5e04ddb6..b7e2d4e86f 100644 +--- a/plat/arm/board/n1sdp/fdts/n1sdp_nt_fw_config.dts ++++ b/plat/arm/board/n1sdp/fdts/n1sdp_nt_fw_config.dts +@@ -20,4 +20,16 @@ + local-ddr-size = <0x0>; + remote-ddr-size = <0x0>; + }; ++ ++ reserved-memory { ++ #address-cells = <2>; ++ #size-cells = <2>; ++ ranges; ++ ++ optee@0x08000000 { ++ compatible = "removed-dma-pool"; ++ reg = <0x0 0x08000000 0x0 0x02000000>; ++ no-map; ++ }; ++ }; + }; +\ No newline at end of file diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc index 008103469e..2b85b9dbd1 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc @@ -37,6 +37,7 @@ EXTRA_OEMAKE:append = " \ NR_OF_IMAGES_IN_FW_BANK=4 \ COT=tbbr \ ARM_ROTPK_LOCATION=devel_rsa \ + ERRATA_A35_855472=1 \ ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem \ BL32=${RECIPE_SYSROOT}/lib/firmware/tee-pager_v2.bin \ LOG_LEVEL=50 \ diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc index f4ebcc1c5f..654e43270f 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc @@ -9,6 +9,12 @@ TFA_MBEDTLS = "1" TFA_UBOOT = "0" TFA_UEFI = "1" +FILESEXTRAPATHS:prepend := "${THISDIR}/files/n1sdp:" + +SRC_URI:append = " \ + file://0001-Reserve-OP-TEE-memory-from-nwd.patch \ + " + TFA_ROT_KEY= "plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem" # Enabling Secure-EL1 Payload Dispatcher (SPD) diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0034-efi_boottime-allow-to-reset-a-path-after-boot.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0034-efi_boottime-allow-to-reset-a-path-after-boot.patch deleted file mode 100644 index 5c053974d1..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0034-efi_boottime-allow-to-reset-a-path-after-boot.patch +++ /dev/null @@ -1,31 +0,0 @@ -From eb8e224290149fd39ca4b3a774abef2e31237943 Mon Sep 17 00:00:00 2001 -From: Rui Miguel Silva <rui.silva@linaro.org> -Date: Wed, 1 Feb 2023 16:11:25 +0000 -Subject: [PATCH 34/42] efi_boottime: allow to reset a path after boot - -Allow to install multiple protocol interfaces in an -already installed root interface. -This may need to be fix in other way, but for now -looks like the get away fix. - -Upstream-Status: Pending -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - lib/efi_loader/efi_boottime.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c -index fea4eb7a34..90f43ff9a6 100644 ---- a/lib/efi_loader/efi_boottime.c -+++ b/lib/efi_loader/efi_boottime.c -@@ -2669,7 +2669,6 @@ efi_install_multiple_protocol_interfaces_int(efi_handle_t *handle, - EFI_PRINT("Path %pD already installed\n", - protocol_interface); - ret = EFI_ALREADY_STARTED; -- break; - } - } - ret = EFI_CALL(efi_install_protocol_interface(handle, protocol, --- -2.25.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0035-fwu_metadata-make-sure-structures-are-packed.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0034-fwu_metadata-make-sure-structures-are-packed.patch index fedc1f2e1b..fedc1f2e1b 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0035-fwu_metadata-make-sure-structures-are-packed.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0034-fwu_metadata-make-sure-structures-are-packed.patch diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0036-corstone1000-add-boot-index.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0035-corstone1000-add-boot-index.patch index d9568563e6..d9568563e6 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0036-corstone1000-add-boot-index.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0035-corstone1000-add-boot-index.patch diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0037-corstone1000-adjust-boot-bank-and-kernel-location.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0036-corstone1000-adjust-boot-bank-and-kernel-location.patch index 277e988b3f..277e988b3f 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0037-corstone1000-adjust-boot-bank-and-kernel-location.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0036-corstone1000-adjust-boot-bank-and-kernel-location.patch diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0038-corstone1000-add-nvmxip-fwu-mdata-and-gpt-options.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0037-corstone1000-add-nvmxip-fwu-mdata-and-gpt-options.patch index a0f2bb16f5..a0f2bb16f5 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0038-corstone1000-add-nvmxip-fwu-mdata-and-gpt-options.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0037-corstone1000-add-nvmxip-fwu-mdata-and-gpt-options.patch diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0039-nvmxip-move-header-to-include.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0038-nvmxip-move-header-to-include.patch index b745fe9b6b..b745fe9b6b 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0039-nvmxip-move-header-to-include.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0038-nvmxip-move-header-to-include.patch diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0040-corstone1000-set-kernel_addr-based-on-boot_idx.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0039-corstone1000-set-kernel_addr-based-on-boot_idx.patch index ba2e5e17fe..ba2e5e17fe 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0040-corstone1000-set-kernel_addr-based-on-boot_idx.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0039-corstone1000-set-kernel_addr-based-on-boot_idx.patch diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0041-corstone1000-boot-index-from-active.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0040-corstone1000-boot-index-from-active.patch index f0e14942ad..f0e14942ad 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0041-corstone1000-boot-index-from-active.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0040-corstone1000-boot-index-from-active.patch diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0042-corstone1000-enable-PSCI-reset.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0041-corstone1000-enable-PSCI-reset.patch index cad830f4c8..cad830f4c8 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0042-corstone1000-enable-PSCI-reset.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0041-corstone1000-enable-PSCI-reset.patch diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0042-Enable-EFI-set-get-time-services.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0042-Enable-EFI-set-get-time-services.patch new file mode 100644 index 0000000000..8911abfe20 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0042-Enable-EFI-set-get-time-services.patch @@ -0,0 +1,32 @@ +From 9f326f0db8aa13fde93e2ed79055b920c8598a28 Mon Sep 17 00:00:00 2001 +From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> +Date: Mon, 12 Jun 2023 15:14:52 +0000 +Subject: [PATCH] Enable EFI set/get time services + +SetTime_Conf and SetTime_Func tests in UEFI SCT test suite of ACS +fails with unsupported return value. CONFIG_EFI_SET_TIME and +CONFIG_EFI_GET_TIME config values are added to enable these EFI +services. + +Upstream-Status: Pending [Not submitted to upstream yet] +Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> +--- + configs/corstone1000_defconfig | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig +index c692cc91bd..f1901dfe8b 100644 +--- a/configs/corstone1000_defconfig ++++ b/configs/corstone1000_defconfig +@@ -7,6 +7,8 @@ CONFIG_NR_DRAM_BANKS=1 + CONFIG_HAS_CUSTOM_SYS_INIT_SP_ADDR=y + CONFIG_CUSTOM_SYS_INIT_SP_ADDR=0x83f00000 + CONFIG_DM_GPIO=y ++CONFIG_EFI_SET_TIME=y ++CONFIG_EFI_GET_TIME=y + CONFIG_DEFAULT_DEVICE_TREE="corstone1000-mps3" + CONFIG_SYS_PROMPT="corstone1000# " + CONFIG_IDENT_STRING=" corstone1000 aarch64 " +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0043-corstone1000-fix-compilation-warnings-in-fwu_plat_get_bootidx.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0043-corstone1000-fix-compilation-warnings-in-fwu_plat_get_bootidx.patch new file mode 100644 index 0000000000..e574103ec9 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0043-corstone1000-fix-compilation-warnings-in-fwu_plat_get_bootidx.patch @@ -0,0 +1,47 @@ +From dfebda98ce08d0cab411521ab3d9e832ed1b4608 Mon Sep 17 00:00:00 2001 +From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> +Date: Thu, 15 Jun 2023 16:51:49 +0100 +Subject: [PATCH] corstone1000: fix compilation warnings in + fwu_plat_get_bootidx() + +Upstream-Status: Pending [Not submitted to upstream yet] +Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> +--- + board/armltd/corstone1000/corstone1000.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/board/armltd/corstone1000/corstone1000.c b/board/armltd/corstone1000/corstone1000.c +index db508ac3cb..2e1ace5d04 100644 +--- a/board/armltd/corstone1000/corstone1000.c ++++ b/board/armltd/corstone1000/corstone1000.c +@@ -9,6 +9,7 @@ + #include <common.h> + #include <dm.h> + #include <env.h> ++#include <fwu.h> + #include <netdev.h> + #include <nvmxip.h> + #include <part.h> +@@ -116,7 +117,7 @@ int dram_init_banksize(void) + return 0; + } + +-void fwu_plat_get_bootidx(int *boot_idx) ++void fwu_plat_get_bootidx(uint *boot_idx) + { + int ret; + +@@ -127,9 +128,7 @@ void fwu_plat_get_bootidx(int *boot_idx) + */ + ret = fwu_get_active_index(boot_idx); + if (ret < 0) +- log_err("corstone1000: failed to read active index\n"); +- +- return ret; ++ log_err("corstone1000: failed to read active index err %d\n", ret); + } + + int board_late_init(void) +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend index d16aca1430..e752112665 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend @@ -51,15 +51,16 @@ SRC_URI:append:corstone1000 = " \ file://0031-corstone1000-add-NVM-XIP-QSPI-device-tree-node.patch \ file://0032-sandbox64-add-a-test-case-for-UCLASS_NVMXIP.patch \ file://0033-corstone1000-add-fwu-metadata-store-info.patch \ - file://0034-efi_boottime-allow-to-reset-a-path-after-boot.patch \ - file://0035-fwu_metadata-make-sure-structures-are-packed.patch \ - file://0036-corstone1000-add-boot-index.patch \ - file://0037-corstone1000-adjust-boot-bank-and-kernel-location.patch \ - file://0038-corstone1000-add-nvmxip-fwu-mdata-and-gpt-options.patch \ - file://0039-nvmxip-move-header-to-include.patch \ - file://0040-corstone1000-set-kernel_addr-based-on-boot_idx.patch \ - file://0041-corstone1000-boot-index-from-active.patch \ - file://0042-corstone1000-enable-PSCI-reset.patch \ + file://0034-fwu_metadata-make-sure-structures-are-packed.patch \ + file://0035-corstone1000-add-boot-index.patch \ + file://0036-corstone1000-adjust-boot-bank-and-kernel-location.patch \ + file://0037-corstone1000-add-nvmxip-fwu-mdata-and-gpt-options.patch \ + file://0038-nvmxip-move-header-to-include.patch \ + file://0039-corstone1000-set-kernel_addr-based-on-boot_idx.patch \ + file://0040-corstone1000-boot-index-from-active.patch \ + file://0041-corstone1000-enable-PSCI-reset.patch \ + file://0042-Enable-EFI-set-get-time-services.patch \ + file://0043-corstone1000-fix-compilation-warnings-in-fwu_plat_get_bootidx.patch \ " # diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc index 30f9966662..1f028ffa37 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc @@ -1,5 +1,7 @@ SRC_URI:remove = " \ file://0003-core-link-add-no-warn-rwx-segments.patch \ + file://0007-core-spmc-handle-non-secure-interrupts.patch \ + file://0008-core-spmc-configure-SP-s-NS-interrupt-action-based-o.patch \ " COMPATIBLE_MACHINE = "corstone1000" diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch deleted file mode 100644 index c44885cf04..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch +++ /dev/null @@ -1,287 +0,0 @@ -From 13de79cd4f0d25b812e5f4ad4a19bc075496be83 Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath <vishnu.banavath@arm.com> -Date: Fri, 3 Dec 2021 16:36:51 +0000 -Subject: [PATCH 01/20] Add openamp to SE proxy deployment - -Openamp is required to communicate between secure partitions(running on -Cortex-A) and trusted-firmware-m(running on Cortex-M). -These changes are to fetch libmetal and openamp from github repo's -and build it. - -Upstream-Status: Pending -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - deployments/se-proxy/opteesp/lse.S | 28 ++++++++ - deployments/se-proxy/se-proxy.cmake | 8 +++ - external/openamp/libmetal-init-cache.cmake.in | 20 ++++++ - external/openamp/libmetal.cmake | 67 +++++++++++++++++++ - external/openamp/openamp-init-cache.cmake.in | 20 ++++++ - external/openamp/openamp.cmake | 66 ++++++++++++++++++ - 6 files changed, 209 insertions(+) - create mode 100644 deployments/se-proxy/opteesp/lse.S - create mode 100644 external/openamp/libmetal-init-cache.cmake.in - create mode 100644 external/openamp/libmetal.cmake - create mode 100644 external/openamp/openamp-init-cache.cmake.in - create mode 100644 external/openamp/openamp.cmake - -diff --git a/deployments/se-proxy/opteesp/lse.S b/deployments/se-proxy/opteesp/lse.S -new file mode 100644 -index 000000000000..8e466d65fc2b ---- /dev/null -+++ b/deployments/se-proxy/opteesp/lse.S -@@ -0,0 +1,28 @@ -+// SPDX-License-Identifier: BSD-3-Clause -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ */ -+ -+.text -+.globl __aarch64_cas4_acq_rel -+.globl __aarch64_cas4_sync -+ -+__aarch64_cas4_acq_rel: -+ mov w16, w0 -+ ldaxr w0, [x2] -+ cmp w0, w16 -+0: bne 1f -+ -+ stlxr w17, w1, [x2] -+ cbnz w17, 0b -+1: ret -+ -+__aarch64_cas4_sync: -+ mov w16, w0 -+ ldxr w0, [x2] -+ cmp w0, w16 -+0: bne 1f -+ -+ stlxr w17, w1, [x2] -+ cbnz w17, 0b -+1: ret -diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake -index 426c66c05350..d39873a0fe81 100644 ---- a/deployments/se-proxy/se-proxy.cmake -+++ b/deployments/se-proxy/se-proxy.cmake -@@ -61,6 +61,7 @@ add_components(TARGET "se-proxy" - target_sources(se-proxy PRIVATE - ${CMAKE_CURRENT_LIST_DIR}/common/se_proxy_sp.c - ${CMAKE_CURRENT_LIST_DIR}/common/service_proxy_factory.c -+ ${CMAKE_CURRENT_LIST_DIR}/opteesp/lse.S - ) - - #------------------------------------------------------------------------------- -@@ -73,6 +74,13 @@ include(../../../external/nanopb/nanopb.cmake) - target_link_libraries(se-proxy PRIVATE nanopb::protobuf-nanopb-static) - protobuf_generate_all(TGT "se-proxy" NAMESPACE "protobuf" BASE_DIR "${TS_ROOT}/protocols") - -+# libmetal -+include(../../../external/openamp/libmetal.cmake) -+ -+# OpenAMP -+include(../../../external/openamp/openamp.cmake) -+target_link_libraries(se-proxy PRIVATE openamp libmetal) -+ - ################################################################# - - target_include_directories(se-proxy PRIVATE -diff --git a/external/openamp/libmetal-init-cache.cmake.in b/external/openamp/libmetal-init-cache.cmake.in -new file mode 100644 -index 000000000000..04c25fbde960 ---- /dev/null -+++ b/external/openamp/libmetal-init-cache.cmake.in -@@ -0,0 +1,20 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. -+# Copyright (c) 2021-2022, Linaro. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+ -+set(CMAKE_INSTALL_PREFIX "@BUILD_INSTALL_DIR@" CACHE STRING "") -+set(CMAKE_TOOLCHAIN_FILE "@TS_EXTERNAL_LIB_TOOLCHAIN_FILE@" CACHE STRING "") -+set(BUILD_SHARED_LIBS Off CACHE BOOL "") -+set(BUILD_STATIC_LIBS On CACHE BOOL "") -+ -+set(WITH_DOC OFF CACHE BOOL "") -+set(WITH_TESTS OFF CACHE BOOL "") -+set(WITH_EXAMPLES OFF CACHE BOOL "") -+set(WITH_DEFAULT_LOGGER OFF CACHE BOOL "") -+set(MACHINE "template" CACHE STRING "") -+ -+@_cmake_fragment@ -diff --git a/external/openamp/libmetal.cmake b/external/openamp/libmetal.cmake -new file mode 100644 -index 000000000000..6e5004ff555c ---- /dev/null -+++ b/external/openamp/libmetal.cmake -@@ -0,0 +1,67 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2022 Linaro Limited -+# Copyright (c) 2022, Arm Limited. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+ -+set (LIBMETAL_URL "https://github.com/OpenAMP/libmetal.git" -+ CACHE STRING "libmetal repository URL") -+set (LIBMETAL_INSTALL_DIR "${CMAKE_CURRENT_BINARY_DIR}/libmetal_install" -+ CACHE DIR "libmetal installation directory") -+set(LIBMETAL_SOURCE_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/libmetal" -+ CACHE DIR "libmetal source-code") -+set (LIBMETAL_PACKAGE_DIR "${LIBMETAL_INSTALL_DIR}/libmetal/cmake" -+ CACHE DIR "libmetal CMake package directory") -+set (LIBMETAL_TARGET_NAME "libmetal") -+set (LIBMETAL_REFSPEC "f252f0e007fbfb8b3a52b1d5901250ddac96baad" -+ CACHE STRING "The version of libmetal to use") -+set(LIBMETAL_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/libmetal-build") -+ -+set(GIT_OPTIONS -+ GIT_REPOSITORY ${LIBMETAL_URL} -+ GIT_TAG ${LIBMETAL_REFSPEC} -+ GIT_SHALLOW FALSE -+) -+ -+if(NOT LIBMETAL_DEBUG) -+ set(LIBMETAL_BUILD_TYPE "Release") -+else() -+ set(LIBMETAL_BUILD_TYPE "Debug") -+endif() -+ -+include(FetchContent) -+ -+# Checking git -+find_program(GIT_COMMAND "git") -+if (NOT GIT_COMMAND) -+ message(FATAL_ERROR "Please install git") -+endif() -+ -+# Only pass libc settings to libmetal if needed. For environments where the -+# standard library is not overridden, this is not needed. -+if(TARGET stdlib::c) -+ include(${TS_ROOT}/tools/cmake/common/PropertyCopy.cmake) -+ -+ # Save libc settings -+ save_interface_target_properties(TGT stdlib::c PREFIX LIBC) -+ # Translate libc settings to cmake code fragment. Will be inserted into -+ # libmetal-init-cache.cmake.in when LazyFetch configures the file. -+ translate_interface_target_properties(PREFIX LIBC RES _cmake_fragment) -+ unset_saved_properties(LIBC) -+endif() -+ -+include(${TS_ROOT}/tools/cmake/common/LazyFetch.cmake REQUIRED) -+LazyFetch_MakeAvailable(DEP_NAME libmetal -+ FETCH_OPTIONS "${GIT_OPTIONS}" -+ INSTALL_DIR "${LIBMETAL_INSTALL_DIR}" -+ CACHE_FILE "${TS_ROOT}/external/openamp/libmetal-init-cache.cmake.in" -+ SOURCE_DIR "${LIBMETAL_SOURCE_DIR}" -+) -+unset(_cmake_fragment) -+ -+#Create an imported target to have clean abstraction in the build-system. -+add_library(libmetal STATIC IMPORTED) -+set_property(TARGET libmetal PROPERTY IMPORTED_LOCATION "${LIBMETAL_INSTALL_DIR}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}metal${CMAKE_STATIC_LIBRARY_SUFFIX}") -+set_property(TARGET libmetal PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${LIBMETAL_INSTALL_DIR}/include") -diff --git a/external/openamp/openamp-init-cache.cmake.in b/external/openamp/openamp-init-cache.cmake.in -new file mode 100644 -index 000000000000..302b80511bce ---- /dev/null -+++ b/external/openamp/openamp-init-cache.cmake.in -@@ -0,0 +1,20 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. -+# Copyright (c) 2021-2022, Linaro. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+ -+set(CMAKE_INSTALL_PREFIX "@BUILD_INSTALL_DIR@" CACHE STRING "") -+set(CMAKE_TOOLCHAIN_FILE "@TS_EXTERNAL_LIB_TOOLCHAIN_FILE@" CACHE STRING "") -+set(BUILD_SHARED_LIBS Off CACHE BOOL "") -+set(BUILD_STATIC_LIBS On CACHE BOOL "") -+ -+set(LIBMETAL_INCLUDE_DIR "@CMAKE_CURRENT_BINARY_DIR@/libmetal_install/include" CACHE -+ STRING "") -+set(LIBMETAL_LIB "@CMAKE_CURRENT_BINARY_DIR@/libmetal_install/lib" CACHE STRING "") -+set(RPMSG_BUFFER_SIZE "512" CACHE STRING "") -+set(MACHINE "template" CACHE STRING "") -+ -+@_cmake_fragment@ -diff --git a/external/openamp/openamp.cmake b/external/openamp/openamp.cmake -new file mode 100644 -index 000000000000..449f35f4fda4 ---- /dev/null -+++ b/external/openamp/openamp.cmake -@@ -0,0 +1,66 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2022 Linaro Limited -+# Copyright (c) 2022, Arm Limited. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+ -+set (OPENAMP_URL "https://github.com/OpenAMP/open-amp.git" -+ CACHE STRING "OpenAMP repository URL") -+set (OPENAMP_INSTALL_DIR "${CMAKE_CURRENT_BINARY_DIR}/openamp_install" -+ CACHE DIR "OpenAMP installation directory") -+set (OPENAMP_SOURCE_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/openamp" -+ CACHE DIR "OpenAMP source code directory") -+set (OPENAMP_PACKAGE_DIR "${OPENAMP_INSTALL_DIR}/openamp/cmake" -+ CACHE DIR "OpenAMP CMake package directory") -+set (OPENAMP_TARGET_NAME "openamp") -+set (OPENAMP_REFSPEC "347397decaa43372fc4d00f965640ebde042966d" -+ CACHE STRING "The version of openamp to use") -+ -+set(GIT_OPTIONS -+ GIT_REPOSITORY ${OPENAMP_URL} -+ GIT_TAG ${OPENAMP_REFSPEC} -+ GIT_SHALLOW FALSE -+) -+ -+if(NOT OPENAMP_DEBUG) -+ set(OPENAMP_BUILD_TYPE "Release") -+else() -+ set(OPENAMP_BUILD_TYPE "Debug") -+endif() -+ -+include(FetchContent) -+ -+# Checking git -+find_program(GIT_COMMAND "git") -+if (NOT GIT_COMMAND) -+ message(FATAL_ERROR "Please install git") -+endif() -+ -+# Only pass libc settings to openamp if needed. For environments where the -+# standard library is not overridden, this is not needed. -+if(TARGET stdlib::c) -+ include(${TS_ROOT}/tools/cmake/common/PropertyCopy.cmake) -+ -+ # Save libc settings -+ save_interface_target_properties(TGT stdlib::c PREFIX LIBC) -+ # Translate libc settings to cmake code fragment. Will be inserted into -+ # libmetal-init-cache.cmake.in when LazyFetch configures the file. -+ translate_interface_target_properties(PREFIX LIBC RES _cmake_fragment) -+ unset_saved_properties(LIBC) -+endif() -+ -+include(${TS_ROOT}/tools/cmake/common/LazyFetch.cmake REQUIRED) -+LazyFetch_MakeAvailable(DEP_NAME openamp -+ FETCH_OPTIONS "${GIT_OPTIONS}" -+ INSTALL_DIR "${OPENAMP_INSTALL_DIR}" -+ CACHE_FILE "${TS_ROOT}/external/openamp/openamp-init-cache.cmake.in" -+ SOURCE_DIR "${OPENAMP_SOURCE_DIR}" -+) -+unset(_cmake_fragment) -+ -+#Create an imported target to have clean abstraction in the build-system. -+add_library(openamp STATIC IMPORTED) -+set_property(TARGET openamp PROPERTY IMPORTED_LOCATION "${OPENAMP_INSTALL_DIR}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}open_amp${CMAKE_STATIC_LIBRARY_SUFFIX}") -+set_property(TARGET openamp PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${OPENAMP_INSTALL_DIR}/include") --- -2.38.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Add-stub-capsule-update-service-components.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-stub-capsule-update-service-components.patch index 0040e12727..c1775b795c 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Add-stub-capsule-update-service-components.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-stub-capsule-update-service-components.patch @@ -1,7 +1,7 @@ -From 050be6fdfee656b0556766cc1db30f4c0ea87c79 Mon Sep 17 00:00:00 2001 +From a965129153a0cca340535fe2cf99dbfef9b557da Mon Sep 17 00:00:00 2001 From: Julian Hall <julian.hall@arm.com> Date: Tue, 12 Oct 2021 15:45:41 +0100 -Subject: [PATCH 13/20] Add stub capsule update service components +Subject: [PATCH 1/6] Add stub capsule update service components To facilitate development of a capsule update service provider, stub components are added to provide a starting point for an @@ -18,15 +18,12 @@ Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> .../provider/capsule_update_provider.c | 133 ++++++++++++++++++ .../provider/capsule_update_provider.h | 51 +++++++ .../capsule_update/provider/component.cmake | 13 ++ - deployments/se-proxy/common/se_proxy_sp.c | 3 + - .../se-proxy/common/service_proxy_factory.c | 16 +++ - .../se-proxy/common/service_proxy_factory.h | 1 + - deployments/se-proxy/se-proxy.cmake | 1 + + .../se-proxy/infra/corstone1000/infra.cmake | 1 + deployments/se-proxy/se_proxy_interfaces.h | 9 +- .../capsule_update/capsule_update_proto.h | 13 ++ protocols/service/capsule_update/opcodes.h | 17 +++ protocols/service/capsule_update/parameters.h | 15 ++ - 12 files changed, 292 insertions(+), 4 deletions(-) + 9 files changed, 272 insertions(+), 4 deletions(-) create mode 100644 components/service/capsule_update/backend/capsule_update_backend.h create mode 100644 components/service/capsule_update/provider/capsule_update_provider.c create mode 100644 components/service/capsule_update/provider/capsule_update_provider.h @@ -280,75 +277,18 @@ index 000000000000..1d412eb234d9 +target_sources(${TGT} PRIVATE + "${CMAKE_CURRENT_LIST_DIR}/capsule_update_provider.c" + ) -diff --git a/deployments/se-proxy/common/se_proxy_sp.c b/deployments/se-proxy/common/se_proxy_sp.c -index a37396f4454b..a38ad6ca3f56 100644 ---- a/deployments/se-proxy/common/se_proxy_sp.c -+++ b/deployments/se-proxy/common/se_proxy_sp.c -@@ -77,6 +77,9 @@ void __noreturn sp_main(struct ffa_init_info *init_info) - } - rpc_demux_attach(&rpc_demux, SE_PROXY_INTERFACE_ID_ATTEST, rpc_iface); - -+ rpc_iface = capsule_update_proxy_create(); -+ rpc_demux_attach(&rpc_demux, SE_PROXY_INTERFACE_ID_CAPSULE_UPDATE, rpc_iface); -+ - /* End of boot phase */ - result = sp_msg_wait(&req_msg); - if (result != SP_RESULT_OK) { -diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c -index 7edeef8b434a..591cc9eeb59e 100644 ---- a/deployments/se-proxy/common/service_proxy_factory.c -+++ b/deployments/se-proxy/common/service_proxy_factory.c -@@ -13,6 +13,7 @@ - #include <service/crypto/factory/crypto_provider_factory.h> - #include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h> - #include <trace.h> -+#include <service/capsule_update/provider/capsule_update_provider.h> - - /* Stub backends */ - #include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -@@ -93,3 +94,18 @@ struct rpc_interface *its_proxy_create(void) - - return secure_storage_provider_init(&its_provider, backend); - } -+ -+struct rpc_interface *capsule_update_proxy_create(void) -+{ -+ static struct capsule_update_provider capsule_update_provider; -+ static struct rpc_caller *capsule_update_caller; -+ -+ capsule_update_caller = openamp_caller_init(&openamp); -+ -+ if (!capsule_update_caller) -+ return NULL; -+ -+ capsule_update_provider.client.caller = capsule_update_caller; -+ -+ return capsule_update_provider_init(&capsule_update_provider); -+} -diff --git a/deployments/se-proxy/common/service_proxy_factory.h b/deployments/se-proxy/common/service_proxy_factory.h -index 298d407a2371..02aa7fe2550d 100644 ---- a/deployments/se-proxy/common/service_proxy_factory.h -+++ b/deployments/se-proxy/common/service_proxy_factory.h -@@ -17,6 +17,7 @@ struct rpc_interface *attest_proxy_create(void); - struct rpc_interface *crypto_proxy_create(void); - struct rpc_interface *ps_proxy_create(void); - struct rpc_interface *its_proxy_create(void); -+struct rpc_interface *capsule_update_proxy_create(void); - - #ifdef __cplusplus - } -diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake -index 3dbbc36c968d..f0db2d43f443 100644 ---- a/deployments/se-proxy/se-proxy.cmake -+++ b/deployments/se-proxy/se-proxy.cmake -@@ -51,6 +51,7 @@ add_components(TARGET "se-proxy" - "components/service/attestation/provider/serializer/packed-c" +diff --git a/deployments/se-proxy/infra/corstone1000/infra.cmake b/deployments/se-proxy/infra/corstone1000/infra.cmake +index 4e7e2bd58028..e60b5400617f 100644 +--- a/deployments/se-proxy/infra/corstone1000/infra.cmake ++++ b/deployments/se-proxy/infra/corstone1000/infra.cmake +@@ -21,6 +21,7 @@ add_components(TARGET "se-proxy" + "components/service/attestation/key_mngr/local" "components/service/attestation/reporter/psa_ipc" - "components/service/attestation/client/psa_ipc" + "components/service/crypto/backend/psa_ipc" + "components/service/capsule_update/provider" - "components/rpc/openamp/caller/sp" + "components/service/secure_storage/backend/secure_storage_ipc" + ) - # Stub service provider backends diff --git a/deployments/se-proxy/se_proxy_interfaces.h b/deployments/se-proxy/se_proxy_interfaces.h index 48908f846990..3d4a7c204785 100644 --- a/deployments/se-proxy/se_proxy_interfaces.h @@ -432,5 +372,5 @@ index 000000000000..285d924186be + +#endif /* CAPSULE_UPDATE_PARAMETERS_H */ -- -2.38.1 +2.40.0 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch index c1598a9e11..3f3800ceb9 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch @@ -1,7 +1,7 @@ -From 1a4d46fdc0b5745b9cfb0789e4b778111bd6dbbb Mon Sep 17 00:00:00 2001 +From 51a7024967187644011c5043ef0f733cf81b26be Mon Sep 17 00:00:00 2001 From: Satish Kumar <satish.kumar01@arm.com> Date: Mon, 14 Feb 2022 08:22:25 +0000 -Subject: [PATCH 18/20] Fixes in AEAD for psa-arch test 54 and 58. +Subject: [PATCH 2/6] Fixes in AEAD for psa-arch test 54 and 58. Upstream-Status: Pending [Not submitted to upstream yet] Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> @@ -29,7 +29,7 @@ index c4ffb20cf7f8..a91f66c14008 100644 /* Mandatory input data parameter */ diff --git a/components/service/crypto/include/psa/crypto_sizes.h b/components/service/crypto/include/psa/crypto_sizes.h -index 4d7bf6e959b0..e3c4df2927b3 100644 +index 30aa102da581..130d27295878 100644 --- a/components/service/crypto/include/psa/crypto_sizes.h +++ b/components/service/crypto/include/psa/crypto_sizes.h @@ -351,7 +351,7 @@ @@ -117,5 +117,5 @@ index 0be266b52403..435fd3b523ce 100644 /* Variable length input parameter tags */ -- -2.38.1 +2.40.0 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch deleted file mode 100644 index 0371a7a418..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch +++ /dev/null @@ -1,1091 +0,0 @@ -From 28aedac78016e5063ebd675a43e6c3655f87b442 Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath <vishnu.banavath@arm.com> -Date: Fri, 3 Dec 2021 18:00:46 +0000 -Subject: [PATCH 02/20] Implement mhu driver and the OpenAmp conversion layer. - -This commit adds an mhu driver (v2.1 and v2) to the secure -partition se_proxy and a conversion layer to communicate with -the secure enclave using OpenAmp. - -Upstream-Status: Pending -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - .../se-proxy/opteesp/default_se-proxy.dts.in | 16 + - .../drivers/arm/mhu_driver/component.cmake | 12 + - platform/drivers/arm/mhu_driver/mhu_v2.h | 391 ++++++++++++ - platform/drivers/arm/mhu_driver/mhu_v2_x.c | 602 ++++++++++++++++++ - .../providers/arm/corstone1000/platform.cmake | 10 + - 5 files changed, 1031 insertions(+) - create mode 100644 platform/drivers/arm/mhu_driver/component.cmake - create mode 100644 platform/drivers/arm/mhu_driver/mhu_v2.h - create mode 100644 platform/drivers/arm/mhu_driver/mhu_v2_x.c - create mode 100644 platform/providers/arm/corstone1000/platform.cmake - -diff --git a/deployments/se-proxy/opteesp/default_se-proxy.dts.in b/deployments/se-proxy/opteesp/default_se-proxy.dts.in -index 5748d2f80f88..267b4f923540 100644 ---- a/deployments/se-proxy/opteesp/default_se-proxy.dts.in -+++ b/deployments/se-proxy/opteesp/default_se-proxy.dts.in -@@ -17,4 +17,20 @@ - xlat-granule = <0>; /* 4KiB */ - messaging-method = <3>; /* Direct messaging only */ - legacy-elf-format = <1>; -+ -+ device-regions { -+ compatible = "arm,ffa-manifest-device-regions"; -+ mhu-sender { -+ /* Armv8 A Foundation Platform values */ -+ base-address = <0x00000000 0x1b820000>; -+ pages-count = <16>; -+ attributes = <0x3>; /* read-write */ -+ }; -+ mhu-receiver { -+ /* Armv8 A Foundation Platform values */ -+ base-address = <0x00000000 0x1b830000>; -+ pages-count = <16>; -+ attributes = <0x3>; /* read-write */ -+ }; -+ }; - }; -diff --git a/platform/drivers/arm/mhu_driver/component.cmake b/platform/drivers/arm/mhu_driver/component.cmake -new file mode 100644 -index 000000000000..77a5a50b67d1 ---- /dev/null -+++ b/platform/drivers/arm/mhu_driver/component.cmake -@@ -0,0 +1,12 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+ -+# Add source files for using mhu driver -+target_sources(${TGT} -+ PRIVATE -+ "${CMAKE_CURRENT_LIST_DIR}/mhu_v2_x.c" -+) -diff --git a/platform/drivers/arm/mhu_driver/mhu_v2.h b/platform/drivers/arm/mhu_driver/mhu_v2.h -new file mode 100644 -index 000000000000..2e4ba80fab95 ---- /dev/null -+++ b/platform/drivers/arm/mhu_driver/mhu_v2.h -@@ -0,0 +1,391 @@ -+/* -+ * Copyright (c) 2021 Arm Limited -+ * -+ * Licensed under the Apache License, Version 2.0 (the "License"); -+ * you may not use this file except in compliance with the License. -+ * You may obtain a copy of the License at -+ * -+ * http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * Unless required by applicable law or agreed to in writing, software -+ * distributed under the License is distributed on an "AS IS" BASIS, -+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+ * See the License for the specific language governing permissions and -+ * limitations under the License. -+ */ -+ -+/** -+ * \file mhu_v2_x.h -+ * \brief Driver for Arm MHU v2.0 and v2.1 -+ */ -+ -+#ifndef __MHU_V2_X_H__ -+#define __MHU_V2_X_H__ -+ -+#include <stdint.h> -+#include <stdbool.h> -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+#define MHU_2_X_INTR_NR2R_OFF (0x0u) -+#define MHU_2_X_INTR_R2NR_OFF (0x1u) -+#define MHU_2_1_INTR_CHCOMB_OFF (0x2u) -+ -+#define MHU_2_X_INTR_NR2R_MASK (0x1u << MHU_2_X_INTR_NR2R_OFF) -+#define MHU_2_X_INTR_R2NR_MASK (0x1u << MHU_2_X_INTR_R2NR_OFF) -+#define MHU_2_1_INTR_CHCOMB_MASK (0x1u << MHU_2_1_INTR_CHCOMB_OFF) -+ -+enum mhu_v2_x_frame_t { -+ MHU_V2_X_SENDER_FRAME = 0x0u, -+ MHU_V2_X_RECEIVER_FRAME = 0x1u, -+}; -+ -+enum mhu_v2_x_supported_revisions { -+ MHU_REV_READ_FROM_HW = 0, -+ MHU_REV_2_0, -+ MHU_REV_2_1, -+}; -+ -+struct mhu_v2_x_dev_t { -+ uint32_t base; -+ enum mhu_v2_x_frame_t frame; -+ uint32_t subversion; /*!< Hardware subversion: v2.X */ -+ bool is_initialized; /*!< Indicates if the MHU driver -+ * is initialized and enabled -+ */ -+}; -+ -+/** -+ * \brief MHU v2 error enumeration types. -+ */ -+enum mhu_v2_x_error_t { -+ MHU_V_2_X_ERR_NONE = 0, -+ MHU_V_2_X_ERR_NOT_INIT = -1, -+ MHU_V_2_X_ERR_ALREADY_INIT = -2, -+ MHU_V_2_X_ERR_UNSUPPORTED_VERSION = -3, -+ MHU_V_2_X_ERR_INVALID_ARG = -4, -+ MHU_V_2_X_ERR_GENERAL = -5 -+}; -+ -+/** -+ * \brief Initializes the driver -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] rev MHU revision (if can't be identified from HW) -+ * -+ * Reads the MHU hardware version -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note MHU revision only has to be specified when versions can't be read -+ * from HW (ARCH_MAJOR_REV reg reads as 0x0). -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_driver_init(struct mhu_v2_x_dev_t *dev, -+ enum mhu_v2_x_supported_revisions rev); -+ -+/** -+ * \brief Returns the number of channels implemented. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * -+ * Returns the number of channels implemented. -+ * -+ * \return Returns the number of channels implemented. -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+uint32_t mhu_v2_x_get_num_channel_implemented( -+ const struct mhu_v2_x_dev_t *dev); -+ -+/** -+ * \brief Sends the value over a channel. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] channel Channel to send the value over. -+ * \param[in] val Value to send. -+ * -+ * Sends the value over a channel. -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ * \note This function doesn't check if channel is implemented. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_channel_send(const struct mhu_v2_x_dev_t *dev, -+ uint32_t channel, uint32_t val); -+ -+/** -+ * \brief Clears the channel after the value is send over it. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] channel Channel to clear. -+ * -+ * Clears the channel after the value is send over it. -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ * \note This function doesn't check if channel is implemented. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_channel_clear(const struct mhu_v2_x_dev_t *dev, -+ uint32_t channel); -+ -+/** -+ * \brief Receives the value over a channel. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] channel Channel to receive the value from. -+ * \param[out] value Pointer to variable that will store the value. -+ * -+ * Receives the value over a channel. -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ * \note This function doesn't check if channel is implemented. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_channel_receive( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t *value); -+ -+/** -+ * \brief Sets bits in the Channel Mask. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] channel Which channel's mask to set. -+ * \param[in] mask Mask to be set over a receiver frame. -+ * -+ * Sets bits in the Channel Mask. -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ * \note This function doesn't check if channel is implemented. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_channel_mask_set( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask); -+ -+/** -+ * \brief Clears bits in the Channel Mask. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] channel Which channel's mask to clear. -+ * \param[in] mask Mask to be clear over a receiver frame. -+ * -+ * Clears bits in the Channel Mask. -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ * \note This function doesn't check if channel is implemented. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_channel_mask_clear( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask); -+ -+/** -+ * \brief Enables the Channel interrupt. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] channel Which channel's interrupt to enable. -+ * -+ * Enables the Channel clear interrupt. -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ * \note This function doesn't check if channel is implemented. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_enable( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel); -+ -+/** -+ * \brief Disables the Channel interrupt. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] channel Which channel's interrupt to disable. -+ * -+ * Disables the Channel interrupt. -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ * \note This function doesn't check if channel is implemented. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_disable( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel); -+ -+/** -+ * \brief Cleares the Channel interrupt. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] channel Which channel's interrupt to clear. -+ * -+ * Cleares the Channel interrupt. -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ * \note This function doesn't check if channel is implemented. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_clear( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel); -+ -+/** -+ * \brief Initiates a MHU transfer with the handshake signals. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * -+ * Initiates a MHU transfer with the handshake signals in a blocking mode. -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_initiate_transfer( -+ const struct mhu_v2_x_dev_t *dev); -+ -+/** -+ * \brief Closes a MHU transfer with the handshake signals. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * -+ * Closes a MHU transfer with the handshake signals in a blocking mode. -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_close_transfer( -+ const struct mhu_v2_x_dev_t *dev); -+ -+/** -+ * \brief Returns the value of access request signal. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[out] val Pointer to variable that will store the value. -+ * -+ * For more information please read the MHU v2 user guide -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_get_access_request( -+ const struct mhu_v2_x_dev_t *dev, uint32_t *val); -+ -+/** -+ * \brief Sets the value of access request signal to high. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * -+ * For more information please read the MHU v2 user guide -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_set_access_request( -+ const struct mhu_v2_x_dev_t *dev); -+ -+/** -+ * \brief Sets the value of access request signal to low. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * -+ * For more information please read the MHU v2 user guide -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_reset_access_request( -+ const struct mhu_v2_x_dev_t *dev); -+ -+/** -+ * \brief Returns the value of access ready signal. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[out] val Pointer to variable that will store the value. -+ * -+ * For more information please read the MHU v2 user guide -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_get_access_ready( -+ const struct mhu_v2_x_dev_t *dev, uint32_t *val); -+ -+/** -+ * \brief Returns the MHU interrupt status. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * -+ * \return Interrupt status register value. Masking is needed for individual -+ * interrupts. -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+uint32_t mhu_v2_x_get_interrupt_status(const struct mhu_v2_x_dev_t *dev); -+ -+/** -+ * \brief Enables MHU interrupts. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] mask Bit mask for enabling/disabling interrupts -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_interrupt_enable( -+ const struct mhu_v2_x_dev_t *dev, uint32_t mask); -+ -+/** -+ * \brief Disables MHU interrupts. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] mask Bit mask for enabling/disabling interrupts -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_interrupt_disable( -+ const struct mhu_v2_x_dev_t *dev, uint32_t mask); -+ -+/** -+ * \brief Clears MHU interrupts. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] mask Bit mask for clearing interrupts -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_interrupt_clear( -+ const struct mhu_v2_x_dev_t *dev, uint32_t mask); -+ -+/** -+ * \brief Returns the first channel number whose interrupt bit is high. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[out] channel Pointer to variable that will have the channel value. -+ * -+ * \return Returns the first channel number whose interrupt bit is high. -+ * \return Returns mhu_v2_x_error_t error code. -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+enum mhu_v2_x_error_t mhu_v2_1_get_ch_interrupt_num( -+ const struct mhu_v2_x_dev_t *dev, uint32_t *channel); -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* __MHU_V2_X_H__ */ -diff --git a/platform/drivers/arm/mhu_driver/mhu_v2_x.c b/platform/drivers/arm/mhu_driver/mhu_v2_x.c -new file mode 100644 -index 000000000000..01d8f659a73a ---- /dev/null -+++ b/platform/drivers/arm/mhu_driver/mhu_v2_x.c -@@ -0,0 +1,602 @@ -+/* -+ * Copyright (c) 2021 Arm Limited -+ * -+ * Licensed under the Apache License, Version 2.0 (the "License"); -+ * you may not use this file except in compliance with the License. -+ * You may obtain a copy of the License at -+ * -+ * http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * Unless required by applicable law or agreed to in writing, software -+ * distributed under the License is distributed on an "AS IS" BASIS, -+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+ * See the License for the specific language governing permissions and -+ * limitations under the License. -+ */ -+#include <stdint.h> -+#include <stdbool.h> -+#include "mhu_v2.h" -+ -+#define _MHU_V2_X_MAX_CHANNELS 124 -+#define _MHU_V2_1_MAX_CHCOMB_INT 4 -+#define ENABLE 0x1 -+#define DISABLE 0x0 -+#define CLEAR_INTR 0x1 -+#define CH_PER_CH_COMB 0x20 -+#define SEND_FRAME(p_mhu) ((struct _mhu_v2_x_send_frame_t *)p_mhu) -+#define RECV_FRAME(p_mhu) ((struct _mhu_v2_x_recv_frame_t *)p_mhu) -+ -+#define MHU_MAJOR_REV_V2 0x1u -+#define MHU_MINOR_REV_2_0 0x0u -+#define MHU_MINOR_REV_2_1 0x1u -+ -+struct _mhu_v2_x_send_ch_window_t { -+ /* Offset: 0x00 (R/ ) Channel Status */ -+ volatile uint32_t ch_st; -+ /* Offset: 0x04 (R/ ) Reserved */ -+ volatile uint32_t reserved_0; -+ /* Offset: 0x08 (R/ ) Reserved */ -+ volatile uint32_t reserved_1; -+ /* Offset: 0x0C ( /W) Channel Set */ -+ volatile uint32_t ch_set; -+ /* Offset: 0x10 (R/ ) Channel Interrupt Status (Reserved in 2.0) */ -+ volatile uint32_t ch_int_st; -+ /* Offset: 0x14 ( /W) Channel Interrupt Clear (Reserved in 2.0) */ -+ volatile uint32_t ch_int_clr; -+ /* Offset: 0x18 (R/W) Channel Interrupt Enable (Reserved in 2.0) */ -+ volatile uint32_t ch_int_en; -+ /* Offset: 0x1C (R/ ) Reserved */ -+ volatile uint32_t reserved_2; -+}; -+ -+struct _mhu_v2_x_send_frame_t { -+ /* Offset: 0x000 ( / ) Sender Channel Window 0 -123 */ -+ struct _mhu_v2_x_send_ch_window_t send_ch_window[_MHU_V2_X_MAX_CHANNELS]; -+ /* Offset: 0xF80 (R/ ) Message Handling Unit Configuration */ -+ volatile uint32_t mhu_cfg; -+ /* Offset: 0xF84 (R/W) Response Configuration */ -+ volatile uint32_t resp_cfg; -+ /* Offset: 0xF88 (R/W) Access Request */ -+ volatile uint32_t access_request; -+ /* Offset: 0xF8C (R/ ) Access Ready */ -+ volatile uint32_t access_ready; -+ /* Offset: 0xF90 (R/ ) Interrupt Status */ -+ volatile uint32_t int_st; -+ /* Offset: 0xF94 ( /W) Interrupt Clear */ -+ volatile uint32_t int_clr; -+ /* Offset: 0xF98 (R/W) Interrupt Enable */ -+ volatile uint32_t int_en; -+ /* Offset: 0xF9C (R/ ) Reserved */ -+ volatile uint32_t reserved_0; -+ /* Offset: 0xFA0 (R/W) Channel Combined Interrupt Stat (Reserved in 2.0) */ -+ volatile uint32_t ch_comb_int_st[_MHU_V2_1_MAX_CHCOMB_INT]; -+ /* Offset: â€0xFC4‬ (R/ ) Reserved */ -+ volatile uint32_t reserved_1[6]; -+ /* Offset: 0xFC8 (R/ ) Implementer Identification Register */ -+ volatile uint32_t iidr; -+ /* Offset: 0xFCC (R/ ) Architecture Identification Register */ -+ volatile uint32_t aidr; -+ /* Offset: 0xFD0 (R/ ) */ -+ volatile uint32_t pid_1[4]; -+ /* Offset: 0xFE0 (R/ ) */ -+ volatile uint32_t pid_0[4]; -+ /* Offset: 0xFF0 (R/ ) */ -+ volatile uint32_t cid[4]; -+}; -+ -+struct _mhu_v2_x_rec_ch_window_t { -+ /* Offset: 0x00 (R/ ) Channel Status */ -+ volatile uint32_t ch_st; -+ /* Offset: 0x04 (R/ ) Channel Status Masked */ -+ volatile uint32_t ch_st_msk; -+ /* Offset: 0x08 ( /W) Channel Clear */ -+ volatile uint32_t ch_clr; -+ /* Offset: 0x0C (R/ ) Reserved */ -+ volatile uint32_t reserved_0; -+ /* Offset: 0x10 (R/ ) Channel Mask Status */ -+ volatile uint32_t ch_msk_st; -+ /* Offset: 0x14 ( /W) Channel Mask Set */ -+ volatile uint32_t ch_msk_set; -+ /* Offset: 0x18 ( /W) Channel Mask Clear */ -+ volatile uint32_t ch_msk_clr; -+ /* Offset: 0x1C (R/ ) Reserved */ -+ volatile uint32_t reserved_1; -+}; -+ -+struct _mhu_v2_x_recv_frame_t { -+ /* Offset: 0x000 ( / ) Receiver Channel Window 0 -123 */ -+ struct _mhu_v2_x_rec_ch_window_t rec_ch_window[_MHU_V2_X_MAX_CHANNELS]; -+ /* Offset: 0xF80 (R/ ) Message Handling Unit Configuration */ -+ volatile uint32_t mhu_cfg; -+ /* Offset: 0xF84 (R/ ) Reserved */ -+ volatile uint32_t reserved_0[3]; -+ /* Offset: 0xF90 (R/ ) Interrupt Status (Reserved in 2.0) */ -+ volatile uint32_t int_st; -+ /* Offset: 0xF94 (R/ ) Interrupt Clear (Reserved in 2.0) */ -+ volatile uint32_t int_clr; -+ /* Offset: 0xF98 (R/W) Interrupt Enable (Reserved in 2.0) */ -+ volatile uint32_t int_en; -+ /* Offset: 0xF9C (R/ ) Reserved */ -+ volatile uint32_t reserved_1; -+ /* Offset: 0xFA0 (R/ ) Channel Combined Interrupt Stat (Reserved in 2.0) */ -+ volatile uint32_t ch_comb_int_st[_MHU_V2_1_MAX_CHCOMB_INT]; -+ /* Offset: 0xFB0 (R/ ) Reserved */ -+ volatile uint32_t reserved_2[6]; -+ /* Offset: 0xFC8 (R/ ) Implementer Identification Register */ -+ volatile uint32_t iidr; -+ /* Offset: 0xFCC (R/ ) Architecture Identification Register */ -+ volatile uint32_t aidr; -+ /* Offset: 0xFD0 (R/ ) */ -+ volatile uint32_t pid_1[4]; -+ /* Offset: 0xFE0 (R/ ) */ -+ volatile uint32_t pid_0[4]; -+ /* Offset: 0xFF0 (R/ ) */ -+ volatile uint32_t cid[4]; -+}; -+ -+union _mhu_v2_x_frame_t { -+ struct _mhu_v2_x_send_frame_t send_frame; -+ struct _mhu_v2_x_recv_frame_t recv_frame; -+}; -+ -+enum mhu_v2_x_error_t mhu_v2_x_driver_init(struct mhu_v2_x_dev_t *dev, -+ enum mhu_v2_x_supported_revisions rev) -+{ -+ uint32_t AIDR = 0; -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if (dev->is_initialized) { -+ return MHU_V_2_X_ERR_ALREADY_INIT; -+ } -+ -+ if (rev == MHU_REV_READ_FROM_HW) { -+ /* Read revision from HW */ -+ if (dev->frame == MHU_V2_X_RECEIVER_FRAME) { -+ AIDR = p_mhu->recv_frame.aidr; -+ } else { -+ AIDR = p_mhu->send_frame.aidr; -+ } -+ -+ /* Get bits 7:4 to read major revision */ -+ if ( ((AIDR >> 4) & 0b1111) != MHU_MAJOR_REV_V2) { -+ /* Unsupported MHU version */ -+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; -+ } /* No need to save major version, driver only supports MHUv2 */ -+ -+ /* Get bits 3:0 to read minor revision */ -+ dev->subversion = AIDR & 0b1111; -+ -+ if (dev->subversion != MHU_MINOR_REV_2_0 && -+ dev->subversion != MHU_MINOR_REV_2_1) { -+ /* Unsupported subversion */ -+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; -+ } -+ } else { -+ /* Revisions were provided by caller */ -+ if (rev == MHU_REV_2_0) { -+ dev->subversion = MHU_MINOR_REV_2_0; -+ } else if (rev == MHU_REV_2_1) { -+ dev->subversion = MHU_MINOR_REV_2_1; -+ } else { -+ /* Unsupported subversion */ -+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; -+ }/* No need to save major version, driver only supports MHUv2 */ -+ } -+ -+ dev->is_initialized = true; -+ -+ return MHU_V_2_X_ERR_NONE; -+} -+ -+uint32_t mhu_v2_x_get_num_channel_implemented(const struct mhu_v2_x_dev_t *dev) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame == MHU_V2_X_SENDER_FRAME) { -+ return (SEND_FRAME(p_mhu))->mhu_cfg; -+ } else { -+ return (RECV_FRAME(p_mhu))->mhu_cfg; -+ } -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_channel_send(const struct mhu_v2_x_dev_t *dev, -+ uint32_t channel, uint32_t val) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame == MHU_V2_X_SENDER_FRAME) { -+ (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_set = val; -+ return MHU_V_2_X_ERR_NONE; -+ } else { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_channel_clear(const struct mhu_v2_x_dev_t *dev, -+ uint32_t channel) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame == MHU_V2_X_RECEIVER_FRAME) { -+ (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_clr = UINT32_MAX; -+ return MHU_V_2_X_ERR_NONE; -+ } else { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_channel_receive( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t *value) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame == MHU_V2_X_RECEIVER_FRAME) { -+ *value = (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_st; -+ return MHU_V_2_X_ERR_NONE; -+ } else { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_channel_mask_set( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame == MHU_V2_X_RECEIVER_FRAME) { -+ (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_msk_set = mask; -+ return MHU_V_2_X_ERR_NONE; -+ } else { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_channel_mask_clear( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame == MHU_V2_X_RECEIVER_FRAME) { -+ (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_msk_clr = mask; -+ return MHU_V_2_X_ERR_NONE; -+ } else { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_enable( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if (dev->subversion == MHU_MINOR_REV_2_1) { -+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; -+ } -+ -+ if(dev->frame == MHU_V2_X_SENDER_FRAME) { -+ (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_int_en = ENABLE; -+ return MHU_V_2_X_ERR_NONE; -+ } else { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_disable( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if (dev->subversion == MHU_MINOR_REV_2_1) { -+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; -+ } -+ -+ if(dev->frame == MHU_V2_X_SENDER_FRAME) { -+ (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_int_en = DISABLE; -+ return MHU_V_2_X_ERR_NONE; -+ } else { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_clear( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if (dev->subversion == MHU_MINOR_REV_2_1) { -+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; -+ } -+ -+ if(dev->frame == MHU_V2_X_SENDER_FRAME) { -+ (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_int_clr = CLEAR_INTR; -+ return MHU_V_2_X_ERR_NONE; -+ } else { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_initiate_transfer( -+ const struct mhu_v2_x_dev_t *dev) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame != MHU_V2_X_SENDER_FRAME) { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+ -+ (SEND_FRAME(p_mhu))->access_request = ENABLE; -+ -+ while ( !((SEND_FRAME(p_mhu))->access_ready) ) { -+ /* Wait in a loop for access ready signal to be high */ -+ ; -+ } -+ -+ return MHU_V_2_X_ERR_NONE; -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_close_transfer(const struct mhu_v2_x_dev_t *dev) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame != MHU_V2_X_SENDER_FRAME) { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+ -+ (SEND_FRAME(p_mhu))->access_request = DISABLE; -+ -+ return MHU_V_2_X_ERR_NONE; -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_get_access_request( -+ const struct mhu_v2_x_dev_t *dev, uint32_t *val) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame != MHU_V2_X_SENDER_FRAME) { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+ -+ *val = (SEND_FRAME(p_mhu))->access_request; -+ -+ return MHU_V_2_X_ERR_NONE; -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_set_access_request( -+ const struct mhu_v2_x_dev_t *dev) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame != MHU_V2_X_SENDER_FRAME) { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+ -+ (SEND_FRAME(p_mhu))->access_request = ENABLE; -+ -+ return MHU_V_2_X_ERR_NONE; -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_reset_access_request( -+ const struct mhu_v2_x_dev_t *dev) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame != MHU_V2_X_SENDER_FRAME) { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+ -+ (SEND_FRAME(p_mhu))->access_request = DISABLE; -+ -+ return MHU_V_2_X_ERR_NONE; -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_get_access_ready( -+ const struct mhu_v2_x_dev_t *dev, uint32_t *val) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame != MHU_V2_X_SENDER_FRAME) { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+ -+ *val = (SEND_FRAME(p_mhu))->access_ready; -+ -+ return MHU_V_2_X_ERR_NONE; -+} -+ -+uint32_t mhu_v2_x_get_interrupt_status(const struct mhu_v2_x_dev_t *dev) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame == MHU_V2_X_SENDER_FRAME) { -+ return (SEND_FRAME(p_mhu))->int_st; -+ } else { -+ return (RECV_FRAME(p_mhu))->int_st; -+ } -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_interrupt_enable( -+ const struct mhu_v2_x_dev_t *dev, uint32_t mask) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if (dev->subversion == MHU_MINOR_REV_2_0) { -+ if (mask & MHU_2_1_INTR_CHCOMB_MASK) { -+ /* Combined channel IRQ is not present in v2.0 */ -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+ -+ if (dev->frame == MHU_V2_X_RECEIVER_FRAME) { -+ /* Only sender frame has these registers */ -+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; -+ } -+ } -+ -+ if(dev->frame == MHU_V2_X_SENDER_FRAME) { -+ (SEND_FRAME(p_mhu))->int_en |= mask; -+ } else { -+ (RECV_FRAME(p_mhu))->int_en |= mask; -+ } -+ -+ return MHU_V_2_X_ERR_NONE; -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_interrupt_disable( -+ const struct mhu_v2_x_dev_t *dev, uint32_t mask) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if (dev->subversion == MHU_MINOR_REV_2_0) { -+ if (mask & MHU_2_1_INTR_CHCOMB_MASK) { -+ /* Combined channel IRQ is not present in v2.0 */ -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+ -+ if (dev->frame == MHU_V2_X_RECEIVER_FRAME) { -+ /* Only sender frame has these registers */ -+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; -+ } -+ } -+ -+ if(dev->frame == MHU_V2_X_SENDER_FRAME) { -+ (SEND_FRAME(p_mhu))->int_en &= ~mask; -+ } else { -+ (RECV_FRAME(p_mhu))->int_en &= ~mask; -+ } -+ -+ return MHU_V_2_X_ERR_NONE; -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_interrupt_clear( -+ const struct mhu_v2_x_dev_t *dev, uint32_t mask) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if (dev->subversion == MHU_MINOR_REV_2_0) { -+ if (mask & MHU_2_1_INTR_CHCOMB_MASK) { -+ /* Combined channel IRQ is not present in v2.0 */ -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+ -+ if (dev->frame == MHU_V2_X_RECEIVER_FRAME) { -+ /* Only sender frame has these registers */ -+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; -+ } -+ } -+ -+ if(dev->frame == MHU_V2_X_SENDER_FRAME) { -+ (SEND_FRAME(p_mhu))->int_clr = mask; -+ } else { -+ (RECV_FRAME(p_mhu))->int_clr = mask; -+ } -+ -+ return MHU_V_2_X_ERR_NONE; -+} -+ -+enum mhu_v2_x_error_t mhu_v2_1_get_ch_interrupt_num( -+ const struct mhu_v2_x_dev_t *dev, uint32_t *channel) -+{ -+ uint32_t i, j, status; -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if (dev->subversion != MHU_MINOR_REV_2_1) { -+ /* Feature is only supported in MHU v2.1 */ -+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; -+ } -+ -+ for(i = 0; i < _MHU_V2_1_MAX_CHCOMB_INT; i++) { -+ if(dev->frame == MHU_V2_X_SENDER_FRAME) { -+ status = (SEND_FRAME(p_mhu))->ch_comb_int_st[i]; -+ } else { -+ status = (RECV_FRAME(p_mhu))->ch_comb_int_st[i]; -+ } -+ -+ for(j = 0; j < CH_PER_CH_COMB; j++) { -+ if ((status >> CH_PER_CH_COMB - j - 1) & (ENABLE)) { -+ *channel = (CH_PER_CH_COMB - j -1 + (i * CH_PER_CH_COMB)); -+ return MHU_V_2_X_ERR_NONE; -+ } -+ } -+ } -+ -+ return MHU_V_2_X_ERR_GENERAL; -+} -diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake -new file mode 100644 -index 000000000000..bb778bb9719b ---- /dev/null -+++ b/platform/providers/arm/corstone1000/platform.cmake -@@ -0,0 +1,10 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+# Platform definition for the 'fvp_base_revc-2xaem8a' virtual platform. -+#------------------------------------------------------------------------------- -+ -+# include MHU driver -+include(${TS_ROOT}/platform/drivers/arm/mhu_driver/component.cmake) --- -2.38.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch deleted file mode 100644 index 5686face15..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch +++ /dev/null @@ -1,1196 +0,0 @@ -From 55394c4c9681af71b1ed7f7ebc7c44b2e1737113 Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath <vishnu.banavath@arm.com> -Date: Fri, 3 Dec 2021 19:00:54 +0000 -Subject: [PATCH 03/20] Add openamp rpc caller - -Upstream-Status: Pending -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - components/rpc/common/caller/rpc_caller.c | 10 + - components/rpc/common/interface/rpc_caller.h | 8 + - .../rpc/openamp/caller/sp/component.cmake | 15 + - .../rpc/openamp/caller/sp/openamp_caller.c | 203 +++++++ - .../rpc/openamp/caller/sp/openamp_caller.h | 43 ++ - .../rpc/openamp/caller/sp/openamp_mhu.c | 191 ++++++ - .../rpc/openamp/caller/sp/openamp_mhu.h | 19 + - .../rpc/openamp/caller/sp/openamp_virtio.c | 555 ++++++++++++++++++ - .../rpc/openamp/caller/sp/openamp_virtio.h | 24 + - .../se-proxy/opteesp/default_se-proxy.dts.in | 6 + - deployments/se-proxy/se-proxy.cmake | 1 + - 11 files changed, 1075 insertions(+) - create mode 100644 components/rpc/openamp/caller/sp/component.cmake - create mode 100644 components/rpc/openamp/caller/sp/openamp_caller.c - create mode 100644 components/rpc/openamp/caller/sp/openamp_caller.h - create mode 100644 components/rpc/openamp/caller/sp/openamp_mhu.c - create mode 100644 components/rpc/openamp/caller/sp/openamp_mhu.h - create mode 100644 components/rpc/openamp/caller/sp/openamp_virtio.c - create mode 100644 components/rpc/openamp/caller/sp/openamp_virtio.h - -diff --git a/components/rpc/common/caller/rpc_caller.c b/components/rpc/common/caller/rpc_caller.c -index 2dceabeb8967..20d889c162b0 100644 ---- a/components/rpc/common/caller/rpc_caller.c -+++ b/components/rpc/common/caller/rpc_caller.c -@@ -37,3 +37,13 @@ void rpc_caller_end(struct rpc_caller *s, rpc_call_handle handle) - { - s->call_end(s->context, handle); - } -+ -+void *rpc_caller_virt_to_phys(struct rpc_caller *s, void *va) -+{ -+ return s->virt_to_phys(s->context, va); -+} -+ -+void *rpc_caller_phys_to_virt(struct rpc_caller *s, void *pa) -+{ -+ return s->phys_to_virt(s->context, pa); -+} -diff --git a/components/rpc/common/interface/rpc_caller.h b/components/rpc/common/interface/rpc_caller.h -index 387489cdb1b2..ef9bb64905ed 100644 ---- a/components/rpc/common/interface/rpc_caller.h -+++ b/components/rpc/common/interface/rpc_caller.h -@@ -45,6 +45,10 @@ struct rpc_caller - rpc_opstatus_t *opstatus, uint8_t **resp_buf, size_t *resp_len); - - void (*call_end)(void *context, rpc_call_handle handle); -+ -+ void *(*virt_to_phys)(void *context, void *va); -+ -+ void *(*phys_to_virt)(void *context, void *pa); - }; - - /* -@@ -87,6 +91,10 @@ RPC_CALLER_EXPORTED rpc_status_t rpc_caller_invoke(struct rpc_caller *s, rpc_cal - */ - RPC_CALLER_EXPORTED void rpc_caller_end(struct rpc_caller *s, rpc_call_handle handle); - -+RPC_CALLER_EXPORTED void *rpc_caller_virt_to_phys(struct rpc_caller *s, void *va); -+ -+RPC_CALLER_EXPORTED void *rpc_caller_phys_to_virt(struct rpc_caller *s, void *pa); -+ - #ifdef __cplusplus - } - #endif -diff --git a/components/rpc/openamp/caller/sp/component.cmake b/components/rpc/openamp/caller/sp/component.cmake -new file mode 100644 -index 000000000000..fc919529d731 ---- /dev/null -+++ b/components/rpc/openamp/caller/sp/component.cmake -@@ -0,0 +1,15 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2020, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+if (NOT DEFINED TGT) -+ message(FATAL_ERROR "mandatory parameter TGT is not defined.") -+endif() -+ -+target_sources(${TGT} PRIVATE -+ "${CMAKE_CURRENT_LIST_DIR}/openamp_caller.c" -+ "${CMAKE_CURRENT_LIST_DIR}/openamp_virtio.c" -+ "${CMAKE_CURRENT_LIST_DIR}/openamp_mhu.c" -+ ) -diff --git a/components/rpc/openamp/caller/sp/openamp_caller.c b/components/rpc/openamp/caller/sp/openamp_caller.c -new file mode 100644 -index 000000000000..6cdfb756568f ---- /dev/null -+++ b/components/rpc/openamp/caller/sp/openamp_caller.c -@@ -0,0 +1,203 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021, Linaro Limited. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#include <stddef.h> -+#include <trace.h> -+#include "openamp_caller.h" -+#include "openamp_mhu.h" -+#include "openamp_virtio.h" -+#include <protocols/rpc/common/packed-c/status.h> -+ -+#define OPENAMP_TRANSACTION_IDLE 0x0 -+#define OPENAMP_TRANSACTION_INPROGRESS 0x1 -+#define OPENAMP_TRANSACTION_INVOKED 0x2 -+ -+static rpc_call_handle openamp_call_begin(void *context, uint8_t **req_buf, -+ size_t req_len) -+{ -+ struct openamp_caller *openamp = context; -+ const struct openamp_platform_ops *ops = openamp->platform_ops; -+ rpc_call_handle handle; -+ int ret; -+ -+ if (!req_buf) { -+ EMSG("openamp: call_begin: not req_buf"); -+ return NULL; -+ } -+ -+ if (req_len > UINT32_MAX || req_len == 0) { -+ EMSG("openamp: call_begin: resp_len invalid: %lu", req_len); -+ return NULL; -+ } -+ -+ if (openamp->status != OPENAMP_TRANSACTION_IDLE) { -+ EMSG("openamp: call_begin: transaction not idle"); -+ return NULL; -+ } -+ -+ ret = ops->platform_call_begin(openamp, req_buf, req_len); -+ if (ret < 0) { -+ EMSG("openamp: call_begin: platform begin failed: %d", ret); -+ return NULL; -+ } -+ -+ openamp->status = OPENAMP_TRANSACTION_INPROGRESS; -+ handle = openamp; -+ -+ return handle; -+} -+ -+static rpc_status_t openamp_call_invoke(void *context, rpc_call_handle handle, -+ uint32_t opcode, int *opstatus, -+ uint8_t **resp_buf, size_t *resp_len) -+{ -+ struct openamp_caller *openamp = context; -+ const struct openamp_platform_ops *ops = openamp->platform_ops; -+ rpc_status_t status; -+ int ret; -+ -+ (void)opcode; -+ -+ if ((handle != openamp) || !opstatus || !resp_buf || !resp_len) { -+ EMSG("openamp: call_invoke: invalid arguments"); -+ return TS_RPC_ERROR_INVALID_PARAMETER; -+ } -+ -+ if (openamp->status != OPENAMP_TRANSACTION_INPROGRESS) { -+ EMSG("openamp: call_invoke: transaction needed to be started"); -+ return TS_RPC_ERROR_NOT_READY; -+ } -+ -+ ret = ops->platform_call_invoke(openamp, opstatus, resp_buf, resp_len); -+ if (ret < 0) -+ return TS_RPC_ERROR_INTERNAL; -+ -+ openamp->status = OPENAMP_TRANSACTION_INVOKED; -+ *opstatus = 0; -+ -+ return TS_RPC_CALL_ACCEPTED; -+} -+ -+static void openamp_call_end(void *context, rpc_call_handle handle) -+{ -+ struct openamp_caller *openamp = context; -+ const struct openamp_platform_ops *ops = openamp->platform_ops; -+ -+ if (handle != openamp) { -+ EMSG("openamp: call_end: invalid arguments"); -+ return; -+ } -+ -+ if (openamp->status == OPENAMP_TRANSACTION_IDLE) { -+ EMSG("openamp: call_end: transaction idle"); -+ return; -+ } -+ -+ ops->platform_call_end(openamp); -+ -+ openamp->status = OPENAMP_TRANSACTION_IDLE; -+} -+ -+static void *openamp_virt_to_phys(void *context, void *va) -+{ -+ struct openamp_caller *openamp = context; -+ const struct openamp_platform_ops *ops = openamp->platform_ops; -+ -+ return ops->platform_virt_to_phys(openamp, va); -+} -+ -+static void *openamp_phys_to_virt(void *context, void *pa) -+{ -+ struct openamp_caller *openamp = context; -+ const struct openamp_platform_ops *ops = openamp->platform_ops; -+ -+ return ops->platform_phys_to_virt(openamp, pa); -+} -+ -+static int openamp_init(struct openamp_caller *openamp) -+{ -+ const struct openamp_platform_ops *ops = openamp->platform_ops; -+ int ret; -+ -+ ret = ops->transport_init(openamp); -+ if (ret < 0) -+ return ret; -+ -+ ret = ops->platform_init(openamp); -+ if (ret < 0) -+ goto denit_transport; -+ -+ return 0; -+ -+denit_transport: -+ ops->transport_deinit(openamp); -+ -+ return ret; -+} -+ -+static const struct openamp_platform_ops openamp_virtio_ops = { -+ .transport_init = openamp_mhu_init, -+ .transport_deinit = openamp_mhu_deinit, -+ .transport_notify = openamp_mhu_notify_peer, -+ .transport_receive = openamp_mhu_receive, -+ .platform_init = openamp_virtio_init, -+ .platform_call_begin = openamp_virtio_call_begin, -+ .platform_call_invoke = openamp_virtio_call_invoke, -+ .platform_call_end = openamp_virtio_call_end, -+ .platform_virt_to_phys = openamp_virtio_virt_to_phys, -+ .platform_phys_to_virt = openamp_virtio_phys_to_virt, -+}; -+ -+struct rpc_caller *openamp_caller_init(struct openamp_caller *openamp) -+{ -+ struct rpc_caller *rpc = &openamp->rpc_caller; -+ int ret; -+ -+ if (openamp->ref_count) -+ return rpc; -+ -+ rpc_caller_init(rpc, openamp); -+ -+ rpc->call_begin = openamp_call_begin; -+ rpc->call_invoke = openamp_call_invoke; -+ rpc->call_end = openamp_call_end; -+ rpc->virt_to_phys = openamp_virt_to_phys; -+ rpc->phys_to_virt = openamp_phys_to_virt; -+ openamp->platform_ops = &openamp_virtio_ops; -+ -+ ret = openamp_init(openamp); -+ if (ret < 0) { -+ EMSG("openamp_init: failed to start: %d", ret); -+ return rpc; -+ } -+ openamp->ref_count++; -+ -+ return rpc; -+} -+ -+void openamp_caller_deinit(struct openamp_caller *openamp) -+{ -+ struct rpc_caller *rpc = &openamp->rpc_caller; -+ -+ if (--openamp->ref_count) -+ return; -+ -+ rpc->context = NULL; -+ rpc->call_begin = NULL; -+ rpc->call_invoke = NULL; -+ rpc->call_end = NULL; -+} -+ -+int openamp_caller_discover(struct openamp_caller *openamp) -+{ -+ return openamp_init(openamp); -+} -+ -+int openamp_caller_open(struct openamp_caller *openamp) -+{ -+ -+} -diff --git a/components/rpc/openamp/caller/sp/openamp_caller.h b/components/rpc/openamp/caller/sp/openamp_caller.h -new file mode 100644 -index 000000000000..3fb67c56cc53 ---- /dev/null -+++ b/components/rpc/openamp/caller/sp/openamp_caller.h -@@ -0,0 +1,43 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021, Linaro Limited. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+#ifndef OPENAMP_CALLER_H -+#define OPENAMP_CALLER_H -+ -+#include <stddef.h> -+#include <rpc_caller.h> -+ -+struct openamp_caller { -+ struct rpc_caller rpc_caller; -+ const struct openamp_platform_ops *platform_ops; -+ uint32_t ref_count; -+ uint8_t status; -+ -+ void *transport; -+ void *platform; -+}; -+ -+struct openamp_platform_ops { -+ int (*transport_init)(struct openamp_caller *openamp); -+ int (*transport_deinit)(struct openamp_caller *openamp); -+ int (*transport_notify)(struct openamp_caller *openamp); -+ int (*transport_receive)(struct openamp_caller *openamp); -+ int (*platform_init)(struct openamp_caller *openamp); -+ int (*platform_deinit)(struct openamp_caller *openamp); -+ int (*platform_call_begin)(struct openamp_caller *openamp, -+ uint8_t **req_buf, size_t req_len); -+ int (*platform_call_invoke)(struct openamp_caller *openamp, -+ int *opstatus, uint8_t **resp_buf, -+ size_t *resp_len); -+ int (*platform_call_end)(struct openamp_caller *openamp); -+ void *(*platform_virt_to_phys)(struct openamp_caller *openamp, void *va); -+ void *(*platform_phys_to_virt)(struct openamp_caller *openamp, void *pa); -+}; -+ -+struct rpc_caller *openamp_caller_init(struct openamp_caller *openamp); -+void openamp_caller_deinit(struct openamp_caller *openamp); -+ -+#endif -diff --git a/components/rpc/openamp/caller/sp/openamp_mhu.c b/components/rpc/openamp/caller/sp/openamp_mhu.c -new file mode 100644 -index 000000000000..ffdadaf870a3 ---- /dev/null -+++ b/components/rpc/openamp/caller/sp/openamp_mhu.c -@@ -0,0 +1,191 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021, Linaro Limited. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#include <config/interface/config_store.h> -+#include <config/interface/config_blob.h> -+#include <platform/interface/device_region.h> -+#include <platform/drivers/arm/mhu_driver/mhu_v2.h> -+#include <trace.h> -+#include <errno.h> -+#include <stdlib.h> -+#include <stdint.h> -+#include <stddef.h> -+#include <limits.h> -+ -+#include "openamp_caller.h" -+ -+#define MHU_V_2_NOTIFY_CHANNEL 0 -+#define MHU_V_2_NOTIFY_VALUE 0xff -+ -+struct openamp_mhu { -+ struct device_region rx_region; -+ struct device_region tx_region; -+ struct mhu_v2_x_dev_t rx_dev; -+ struct mhu_v2_x_dev_t tx_dev; -+}; -+ -+static int openamp_mhu_device_get(const char *dev, -+ struct device_region *dev_region) -+{ -+ bool found; -+ -+ found = config_store_query(CONFIG_CLASSIFIER_DEVICE_REGION, dev, 0, -+ dev_region, sizeof(*dev_region)); -+ if (!found) -+ return -EINVAL; -+ -+ if (!dev_region->base_addr) -+ return -EINVAL; -+ -+ IMSG("mhu: device region found: %s addr: 0x%x size: %d", dev, -+ dev_region->base_addr, dev_region->io_region_size); -+ -+ return 0; -+} -+ -+int openamp_mhu_receive(struct openamp_caller *openamp) -+{ -+ struct mhu_v2_x_dev_t *rx_dev; -+ enum mhu_v2_x_error_t ret; -+ struct openamp_mhu *mhu; -+ uint32_t channel = 0; -+ uint32_t irq_status; -+ -+ if (!openamp->transport) { -+ EMSG("openamp: mhu: receive transport not initialized"); -+ return -EINVAL; -+ } -+ -+ mhu = openamp->transport; -+ rx_dev = &mhu->rx_dev; -+ -+ irq_status = 0; -+ -+ do { -+ irq_status = mhu_v2_x_get_interrupt_status(rx_dev); -+ } while(!irq_status); -+ -+ ret = mhu_v2_1_get_ch_interrupt_num(rx_dev, &channel); -+ -+ ret = mhu_v2_x_channel_clear(rx_dev, channel); -+ if (ret != MHU_V_2_X_ERR_NONE) { -+ EMSG("openamp: mhu: failed to clear channel: %d", channel); -+ return -EPROTO; -+ } -+ -+ return 0; -+} -+ -+int openamp_mhu_notify_peer(struct openamp_caller *openamp) -+{ -+ struct mhu_v2_x_dev_t *tx_dev; -+ enum mhu_v2_x_error_t ret; -+ struct openamp_mhu *mhu; -+ uint32_t access_ready; -+ -+ if (!openamp->transport) { -+ EMSG("openamp: mhu: notify transport not initialized"); -+ return -EINVAL; -+ } -+ -+ mhu = openamp->transport; -+ tx_dev = &mhu->tx_dev; -+ -+ ret = mhu_v2_x_set_access_request(tx_dev); -+ if (ret != MHU_V_2_X_ERR_NONE) { -+ EMSG("openamp: mhu: set access request failed"); -+ return -EPROTO; -+ } -+ -+ do { -+ ret = mhu_v2_x_get_access_ready(tx_dev, &access_ready); -+ if (ret != MHU_V_2_X_ERR_NONE) { -+ EMSG("openamp: mhu: failed to get access_ready"); -+ return -EPROTO; -+ } -+ } while (!access_ready); -+ -+ ret = mhu_v2_x_channel_send(tx_dev, MHU_V_2_NOTIFY_CHANNEL, -+ MHU_V_2_NOTIFY_VALUE); -+ if (ret != MHU_V_2_X_ERR_NONE) { -+ EMSG("openamp: mhu: failed send over channel"); -+ return -EPROTO; -+ } -+ -+ ret = mhu_v2_x_reset_access_request(tx_dev); -+ if (ret != MHU_V_2_X_ERR_NONE) { -+ EMSG("openamp: mhu: failed reset access request"); -+ return -EPROTO; -+ } -+ -+ return 0; -+} -+ -+int openamp_mhu_init(struct openamp_caller *openamp) -+{ -+ struct mhu_v2_x_dev_t *rx_dev; -+ struct mhu_v2_x_dev_t *tx_dev; -+ struct openamp_mhu *mhu; -+ int ret; -+ -+ /* if we already have initialized skip this */ -+ if (openamp->transport) -+ return 0; -+ -+ mhu = malloc(sizeof(*mhu)); -+ if (!mhu) -+ return -1; -+ -+ ret = openamp_mhu_device_get("mhu-sender", &mhu->tx_region); -+ if (ret < 0) -+ goto free_mhu; -+ -+ ret = openamp_mhu_device_get("mhu-receiver", &mhu->rx_region); -+ if (ret < 0) -+ goto free_mhu; -+ -+ rx_dev = &mhu->rx_dev; -+ tx_dev = &mhu->tx_dev; -+ -+ rx_dev->base = (unsigned int)mhu->rx_region.base_addr; -+ rx_dev->frame = MHU_V2_X_RECEIVER_FRAME; -+ -+ tx_dev->base = (unsigned int)mhu->tx_region.base_addr; -+ tx_dev->frame = MHU_V2_X_SENDER_FRAME; -+ -+ ret = mhu_v2_x_driver_init(rx_dev, MHU_REV_READ_FROM_HW); -+ if (ret < 0) -+ goto free_mhu; -+ -+ ret = mhu_v2_x_driver_init(tx_dev, MHU_REV_READ_FROM_HW); -+ if (ret < 0) -+ goto free_mhu; -+ -+ openamp->transport = (void *)mhu; -+ -+ return 0; -+ -+free_mhu: -+ free(mhu); -+ -+ return ret; -+} -+ -+int openamp_mhu_deinit(struct openamp_caller *openamp) -+{ -+ struct openamp_mhu *mhu; -+ -+ if (!openamp->transport) -+ return 0; -+ -+ mhu = openamp->transport; -+ free(mhu); -+ -+ openamp->transport = NULL; -+ -+ return 0; -+} -diff --git a/components/rpc/openamp/caller/sp/openamp_mhu.h b/components/rpc/openamp/caller/sp/openamp_mhu.h -new file mode 100644 -index 000000000000..2ae5cb8ee1c6 ---- /dev/null -+++ b/components/rpc/openamp/caller/sp/openamp_mhu.h -@@ -0,0 +1,19 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021, Linaro Limited. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+#ifndef OPENAMP_MHU_H -+#define OPENAMP_MHU_H -+ -+#include <stddef.h> -+#include "openamp_caller.h" -+ -+int openamp_mhu_init(struct openamp_caller *openamp); -+int openamp_mhu_deinit(struct openamp_caller *openamp); -+ -+int openamp_mhu_notify_peer(struct openamp_caller *openamp); -+int openamp_mhu_receive(struct openamp_caller *openamp); -+ -+#endif -diff --git a/components/rpc/openamp/caller/sp/openamp_virtio.c b/components/rpc/openamp/caller/sp/openamp_virtio.c -new file mode 100644 -index 000000000000..b7c1aa929111 ---- /dev/null -+++ b/components/rpc/openamp/caller/sp/openamp_virtio.c -@@ -0,0 +1,555 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021, Linaro Limited. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#include <metal/device.h> -+#include <metal/spinlock.h> -+#include <openamp/open_amp.h> -+#include <platform/interface/device_region.h> -+#include <config/interface/config_store.h> -+ -+#include <stddef.h> -+#include <trace.h> -+#include "openamp_caller.h" -+ -+#define OPENAMP_SHEM_DEVICE_NAME "openamp-virtio" -+#define OPENAMP_RPMSG_ENDPOINT_NAME OPENAMP_SHEM_DEVICE_NAME -+#define OPENAMP_RPMSG_ENDPOINT_ADDR 1024 -+ -+#define OPENAMP_SHEM_PHYS 0x88000000 -+#define OPENAMP_SHEM_PHYS_PAGES 1 -+#define OPENAMP_SHEM_SE_PHYS 0xa8000000 -+ -+#define OPENAMP_SHEM_VDEV_SIZE (4 * 1024) -+#define OPENAMP_SHEM_VRING_SIZE (4 * 1024) -+ -+#define OPENAMP_BUFFER_NO_WAIT 0 -+#define OPENAMP_BUFFER_WAIT 1 -+ -+#define VIRTQUEUE_NR 2 -+#define VQ_TX 0 -+#define VQ_RX 1 -+ -+#define VRING_DESCRIPTORS 16 -+#define VRING_ALIGN 4 -+ -+#define container_of(ptr, type, member) \ -+ ((type *)((char *)(ptr) - (unsigned long)(&((type *)0)->member))) -+ -+struct openamp_virtio_shm { -+ uintptr_t base_addr; -+ size_t size; -+ uintptr_t vdev_status; -+ size_t vdev_status_size; -+ uintptr_t payload_addr; -+ size_t payload_size; -+ uintptr_t vring_tx; -+ size_t vring_tx_size; -+ uintptr_t vring_rx; -+ size_t vring_rx_size; -+ -+ metal_phys_addr_t shm_physmap[OPENAMP_SHEM_PHYS_PAGES]; -+}; -+ -+struct openamp_virtio_metal { -+ struct metal_spinlock lock; -+ struct metal_device shm_dev; -+ struct metal_device *io_dev; -+ -+ struct metal_io_region *io; -+ struct openamp_virtio_shm shm; -+}; -+ -+struct openamp_virtio_device { -+ struct virtio_device virtio_dev; -+ struct virtqueue *vq[VIRTQUEUE_NR]; -+ struct virtio_vring_info rvrings[VIRTQUEUE_NR]; -+}; -+ -+struct openamp_virtio_rpmsg { -+ struct rpmsg_virtio_device rpmsg_vdev; -+ struct rpmsg_endpoint ep; -+ uint8_t *req_buf; -+ uint32_t req_len; -+ uint8_t *resp_buf; -+ size_t resp_len; -+}; -+ -+struct openamp_virtio { -+ struct openamp_caller *openamp; -+ struct openamp_virtio_rpmsg rpmsg; -+ struct openamp_virtio_device vdev; -+ struct openamp_virtio_metal metal; -+}; -+ -+static struct openamp_virtio *openamp_virtio_from_dev(struct virtio_device *vdev) -+{ -+ struct openamp_virtio_device *openamp_vdev; -+ -+ openamp_vdev = container_of(vdev, struct openamp_virtio_device, -+ virtio_dev); -+ -+ return container_of(openamp_vdev, struct openamp_virtio, vdev); -+} -+ -+static struct openamp_virtio_rpmsg *openamp_virtio_rpmsg_from_dev(struct rpmsg_device *rdev) -+{ -+ struct rpmsg_virtio_device *rvdev; -+ -+ rvdev = container_of(rdev, struct rpmsg_virtio_device, rdev); -+ -+ return container_of(rvdev, struct openamp_virtio_rpmsg, rpmsg_vdev); -+ -+} -+ -+static void openamp_virtio_metal_device_setup(struct metal_device *shm_dev, -+ struct openamp_virtio_shm *shm) -+{ -+ struct metal_io_region *shm_region; -+ -+ shm_region = &shm_dev->regions[0]; -+ -+ shm_dev->name = OPENAMP_SHEM_DEVICE_NAME; -+ shm_dev->num_regions = 1; -+ -+ shm_region->virt = (void *)shm->payload_addr; -+ shm_region->size = shm->payload_size; -+ -+ shm_region->physmap = &shm->shm_physmap; -+ shm_region->page_shift = (metal_phys_addr_t)(-1); -+ shm_region->page_mask = (metal_phys_addr_t)(-1); -+} -+ -+static int openamp_virtio_metal_init(struct openamp_virtio_metal *metal) -+{ -+ struct metal_init_params params = METAL_INIT_DEFAULTS; -+ struct metal_device *shm_dev = &metal->shm_dev; -+ int ret; -+ -+ openamp_virtio_metal_device_setup(shm_dev, &metal->shm); -+ -+ metal_spinlock_init(&metal->lock); -+ -+ ret = metal_init(¶ms); -+ if (ret < 0) -+ return ret; -+ -+ ret = metal_register_generic_device(shm_dev); -+ if (ret < 0) -+ goto metal_finish; -+ -+ ret = metal_device_open("generic", OPENAMP_SHEM_DEVICE_NAME, -+ &metal->io_dev); -+ if (ret < 0) -+ goto metal_finish; -+ -+ metal->io = metal_device_io_region(metal->io_dev, 0); -+ if (!metal->io) { -+ EMSG("openamp: virtio: failed to init metal io"); -+ ret = -EPROTO; -+ goto metal_finish; -+ } -+ -+ return 0; -+ -+metal_finish: -+ metal_finish(); -+ return ret; -+} -+ -+static unsigned char openamp_virtio_status_get(struct virtio_device *vdev) -+{ -+ struct openamp_virtio *virtio = openamp_virtio_from_dev(vdev); -+ struct openamp_virtio_shm *shm = &virtio->metal.shm; -+ -+ uint32_t status = *(volatile uint32_t *)shm->vdev_status; -+ -+ return status; -+} -+ -+static void openamp_virtio_status_set(struct virtio_device *vdev, -+ unsigned char status) -+{ -+ struct openamp_virtio *virtio = openamp_virtio_from_dev(vdev); -+ struct openamp_virtio_shm *shm = &virtio->metal.shm; -+ -+ *(volatile uint32_t *)shm->vdev_status = status; -+} -+ -+static int count; -+ -+static uint32_t openamp_virtio_features_get(struct virtio_device *vdev) -+{ -+ return 1 << VIRTIO_RPMSG_F_NS; -+} -+ -+static void openamp_virtio_notify(struct virtqueue *vq) -+{ -+ struct openamp_virtio_device *openamp_vdev; -+ struct openamp_caller *openamp; -+ struct openamp_virtio *virtio; -+ int ret; -+ -+ openamp_vdev = container_of(vq->vq_dev, struct openamp_virtio_device, virtio_dev); -+ virtio = container_of(openamp_vdev, struct openamp_virtio, vdev); -+ openamp = virtio->openamp; -+ -+ ret = openamp->platform_ops->transport_notify(openamp); -+ if (ret < 0) -+ EMSG("openamp: virtio: erro in transport_notify: %d", ret); -+} -+ -+const static struct virtio_dispatch openamp_virtio_dispatch = { -+ .get_status = openamp_virtio_status_get, -+ .set_status = openamp_virtio_status_set, -+ .get_features = openamp_virtio_features_get, -+ .notify = openamp_virtio_notify, -+}; -+ -+static int openamp_virtio_device_setup(struct openamp_virtio *virtio) -+{ -+ struct openamp_virtio_metal *metal = &virtio->metal; -+ struct openamp_virtio_device *openamp_vdev = &virtio->vdev; -+ struct virtio_device *vdev = &openamp_vdev->virtio_dev; -+ struct openamp_virtio_shm *shm = &metal->shm; -+ struct virtio_vring_info *rvring; -+ -+ rvring = &openamp_vdev->rvrings[0]; -+ -+ vdev->role = RPMSG_REMOTE; -+ vdev->vrings_num = VIRTQUEUE_NR; -+ vdev->func = &openamp_virtio_dispatch; -+ -+ openamp_vdev->vq[VQ_TX] = virtqueue_allocate(VRING_DESCRIPTORS); -+ if (!openamp_vdev->vq[VQ_TX]) { -+ EMSG("openamp: virtio: failed to allocate virtqueue 0"); -+ return -ENOMEM; -+ } -+ rvring->io = metal->io; -+ rvring->info.vaddr = (void *)shm->vring_tx; -+ rvring->info.num_descs = VRING_DESCRIPTORS; -+ rvring->info.align = VRING_ALIGN; -+ rvring->vq = openamp_vdev->vq[VQ_TX]; -+ -+ openamp_vdev->vq[VQ_RX] = virtqueue_allocate(VRING_DESCRIPTORS); -+ if (!openamp_vdev->vq[VQ_RX]) { -+ EMSG("openamp: virtio: failed to allocate virtqueue 1"); -+ goto free_vq; -+ } -+ rvring = &openamp_vdev->rvrings[VQ_RX]; -+ rvring->io = metal->io; -+ rvring->info.vaddr = (void *)shm->vring_rx; -+ rvring->info.num_descs = VRING_DESCRIPTORS; -+ rvring->info.align = VRING_ALIGN; -+ rvring->vq = openamp_vdev->vq[VQ_RX]; -+ -+ vdev->vrings_info = &openamp_vdev->rvrings[0]; -+ -+ return 0; -+ -+free_vq: -+ virtqueue_free(openamp_vdev->vq[VQ_TX]); -+ virtqueue_free(openamp_vdev->vq[VQ_RX]); -+ -+ return -ENOMEM; -+} -+ -+static int openamp_virtio_rpmsg_endpoint_callback(struct rpmsg_endpoint *ep, -+ void *data, size_t len, -+ uint32_t src, void *priv) -+{ -+ struct openamp_virtio_rpmsg *vrpmsg; -+ struct rpmsg_device *rdev; -+ struct openamp_virtio *virtio; -+ -+ rdev = ep->rdev; -+ vrpmsg = openamp_virtio_rpmsg_from_dev(rdev); -+ virtio = container_of(vrpmsg, struct openamp_virtio, rpmsg); -+ -+ rpmsg_hold_rx_buffer(ep, data); -+ vrpmsg->resp_buf = data; -+ vrpmsg->resp_len = len; -+ -+ return 0; -+} -+ -+static void openamp_virtio_rpmsg_service_unbind(struct rpmsg_endpoint *ep) -+{ -+ struct openamp_virtio_rpmsg *vrpmsg; -+ struct rpmsg_device *rdev; -+ -+ rdev = container_of(ep, struct rpmsg_device, ns_ept); -+ vrpmsg = openamp_virtio_rpmsg_from_dev(rdev); -+ -+ rpmsg_destroy_ept(&vrpmsg->ep); -+} -+ -+static void openamp_virtio_rpmsg_endpoint_bind(struct rpmsg_device *rdev, -+ const char *name, -+ unsigned int dest) -+{ -+ struct openamp_virtio_rpmsg *vrpmsg; -+ -+ vrpmsg = openamp_virtio_rpmsg_from_dev(rdev); -+ -+ rpmsg_create_ept(&vrpmsg->ep, rdev, name, RPMSG_ADDR_ANY, dest, -+ openamp_virtio_rpmsg_endpoint_callback, -+ openamp_virtio_rpmsg_service_unbind); -+} -+ -+static int openamp_virtio_rpmsg_device_setup(struct openamp_virtio *virtio, -+ struct device_region *virtio_dev) -+{ -+ struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg; -+ struct rpmsg_virtio_device *rpmsg_vdev = &vrpmsg->rpmsg_vdev; -+ struct openamp_virtio_device *openamp_vdev = &virtio->vdev; -+ struct virtio_device *vdev = &openamp_vdev->virtio_dev; -+ struct openamp_virtio_metal *metal = &virtio->metal; -+ int ret; -+ -+ /* -+ * we assume here that we are the client side and do not need to -+ * initialize the share memory poll (this is done at server side). -+ */ -+ ret = rpmsg_init_vdev(rpmsg_vdev, vdev, -+ openamp_virtio_rpmsg_endpoint_bind, metal->io, -+ NULL); -+ if (ret < 0) { -+ EMSG("openamp: virtio: init vdev failed: %d", ret); -+ return ret; -+ } -+ -+ -+ ret = rpmsg_create_ept(&vrpmsg->ep, &rpmsg_vdev->rdev, -+ OPENAMP_RPMSG_ENDPOINT_NAME, RPMSG_ADDR_ANY, -+ RPMSG_ADDR_ANY, -+ openamp_virtio_rpmsg_endpoint_callback, -+ openamp_virtio_rpmsg_service_unbind); -+ if (ret < 0) { -+ EMSG("openamp: virtio: failed to create endpoint: %d", ret); -+ return ret; -+ } -+ -+ /* set default remote addr */ -+ vrpmsg->ep.dest_addr = OPENAMP_RPMSG_ENDPOINT_ADDR; -+ -+ return 0; -+} -+ -+static void openamp_virtio_shm_set(struct openamp_virtio *virtio, -+ struct device_region *virtio_region) -+{ -+ struct openamp_virtio_shm *shm = &virtio->metal.shm; -+ -+ shm->base_addr = virtio_region->base_addr; -+ shm->size = virtio_region->io_region_size; -+ -+ shm->vdev_status = shm->base_addr; -+ shm->vdev_status_size = OPENAMP_SHEM_VDEV_SIZE; -+ -+ shm->vring_rx = shm->base_addr + shm->size - -+ (2 * OPENAMP_SHEM_VRING_SIZE); -+ shm->vring_rx_size = OPENAMP_SHEM_VRING_SIZE; -+ -+ shm->vring_tx = shm->vring_rx + shm->vring_rx_size; -+ shm->vring_tx_size = OPENAMP_SHEM_VRING_SIZE; -+ -+ shm->payload_addr = shm->vdev_status + shm->vdev_status_size; -+ shm->payload_size = shm->size - shm->vdev_status_size - -+ shm->vring_rx_size - shm->vring_tx_size; -+ -+ shm->shm_physmap[0] = OPENAMP_SHEM_PHYS + shm->vdev_status_size; -+ -+ IMSG("SHEM: base: 0x%0x size: 0x%0x size: %d", -+ shm->base_addr, shm->size, shm->size); -+ IMSG("VDEV: base: 0x%0x size: 0x%0x size: %d", -+ shm->vdev_status, shm->vdev_status_size, shm->vdev_status_size); -+ IMSG("PAYLOAD: base: 0x%0x size: 0x%0x size: %d", -+ shm->payload_addr, shm->payload_size, shm->payload_size); -+ IMSG("VRING_TX: base: 0x%0x size: 0x%0x size: %d", -+ shm->vring_tx, shm->vring_tx_size, shm->vring_tx_size); -+ IMSG("VRING_RX: base: 0x%0x size: 0x%0x size: %d", -+ shm->vring_rx, shm->vring_rx_size, shm->vring_rx_size); -+ IMSG("PHYMAP: base: 0x%0x", shm->shm_physmap[0]); -+} -+ -+static int openamp_virtio_device_get(const char *dev, -+ struct device_region *dev_region) -+{ -+ bool found; -+ -+ found = config_store_query(CONFIG_CLASSIFIER_DEVICE_REGION, dev, 0, -+ dev_region, sizeof(*dev_region)); -+ if (!found) { -+ EMSG("openamp: virtio: device region not found: %s", dev); -+ return -EINVAL; -+ } -+ -+ if (dev_region->base_addr == 0 || dev_region->io_region_size == 0) { -+ EMSG("openamp: virtio: device region not valid"); -+ return -EINVAL; -+ } -+ -+ IMSG("openamp: virtio: device region found: %s addr: 0x%x size: %d", -+ dev, dev_region->base_addr, dev_region->io_region_size); -+ -+ return 0; -+} -+ -+int openamp_virtio_call_begin(struct openamp_caller *openamp, uint8_t **req_buf, -+ size_t req_len) -+{ -+ struct openamp_virtio *virtio = openamp->platform; -+ struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg; -+ struct rpmsg_endpoint *ep = &vrpmsg->ep; -+ -+ -+ *req_buf = rpmsg_get_tx_payload_buffer(ep, &vrpmsg->req_len, -+ OPENAMP_BUFFER_WAIT); -+ if (*req_buf == NULL) -+ return -EINVAL; -+ -+ if (vrpmsg->req_len < req_len) -+ return -E2BIG; -+ -+ vrpmsg->req_buf = *req_buf; -+ -+ return 0; -+} -+ -+int openamp_virtio_call_invoke(struct openamp_caller *openamp, int *opstatus, -+ uint8_t **resp_buf, size_t *resp_len) -+{ -+ const struct openamp_platform_ops *ops = openamp->platform_ops; -+ struct openamp_virtio *virtio = openamp->platform; -+ struct openamp_virtio_device *openamp_vdev = &virtio->vdev; -+ struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg; -+ struct rpmsg_endpoint *ep = &vrpmsg->ep; -+ int ret; -+ -+ ret = rpmsg_send_nocopy(ep, vrpmsg->req_buf, vrpmsg->req_len); -+ if (ret < 0) { -+ EMSG("openamp: virtio: send nocopy failed: %d", ret); -+ return -EIO; -+ } -+ -+ if (ret != vrpmsg->req_len) { -+ EMSG("openamp: virtio: send less bytes %d than requested %d", -+ ret, vrpmsg->req_len); -+ return -EIO; -+ } -+ -+ if (!ops->transport_receive) -+ return 0; -+ -+ ret = ops->transport_receive(openamp); -+ if (ret < 0) { -+ EMSG("openamp: virtio: failed transport_receive"); -+ return -EIO; -+ } -+ -+ virtqueue_notification(openamp_vdev->vq[VQ_RX]); -+ -+ *resp_buf = vrpmsg->resp_buf; -+ *resp_len = vrpmsg->resp_len; -+ -+ return 0; -+} -+ -+void openamp_virtio_call_end(struct openamp_caller *openamp) -+{ -+ struct openamp_virtio *virtio = openamp->platform; -+ struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg; -+ -+ rpmsg_release_rx_buffer(&vrpmsg->ep, vrpmsg->resp_buf); -+ -+ vrpmsg->req_buf = NULL; -+ vrpmsg->req_len = 0; -+ vrpmsg->resp_buf = NULL; -+ vrpmsg->resp_len = 0; -+} -+ -+void *openamp_virtio_virt_to_phys(struct openamp_caller *openamp, void *va) -+{ -+ struct openamp_virtio *virtio = openamp->platform; -+ struct openamp_virtio_metal *metal = &virtio->metal; -+ -+ return metal_io_virt_to_phys(metal->io, va); -+} -+ -+void *openamp_virtio_phys_to_virt(struct openamp_caller *openamp, void *pa) -+{ -+ struct openamp_virtio *virtio = openamp->platform; -+ struct openamp_virtio_metal *metal = &virtio->metal; -+ -+ return metal_io_phys_to_virt(metal->io, pa); -+} -+ -+int openamp_virtio_init(struct openamp_caller *openamp) -+{ -+ struct device_region virtio_dev; -+ struct openamp_virtio *virtio; -+ int ret; -+ -+ if (openamp->platform) -+ return 0; -+ -+ -+ virtio = malloc(sizeof(*virtio)); -+ if (!virtio) -+ return -ENOMEM; -+ -+ virtio->openamp = openamp; -+ -+ ret = openamp_virtio_device_get(OPENAMP_SHEM_DEVICE_NAME, &virtio_dev); -+ if (ret < 0) -+ goto free_virtio; -+ -+ openamp_virtio_shm_set(virtio, &virtio_dev); -+ -+ ret = openamp_virtio_metal_init(&virtio->metal); -+ if (ret < 0) -+ goto free_virtio; -+ -+ ret = openamp_virtio_device_setup(virtio); -+ if (ret < 0) -+ goto finish_metal; -+ -+ ret = openamp_virtio_rpmsg_device_setup(virtio, &virtio_dev); -+ if (ret < 0) { -+ EMSG("openamp: virtio: rpmsg device setup failed: %d", ret); -+ goto finish_metal; -+ } -+ -+ openamp->platform = virtio; -+ -+ return 0; -+ -+finish_metal: -+ metal_finish(); -+ -+free_virtio: -+ free(virtio); -+ -+ return ret; -+} -+ -+int openamp_virtio_deinit(struct openamp_caller *openamp) -+{ -+ struct openamp_virtio *virtio; -+ -+ if (!openamp->platform) -+ return 0; -+ -+ virtio = openamp->platform; -+ -+ metal_finish(); -+ free(virtio); -+ -+ openamp->platform = NULL; -+ -+ return 0; -+} -diff --git a/components/rpc/openamp/caller/sp/openamp_virtio.h b/components/rpc/openamp/caller/sp/openamp_virtio.h -new file mode 100644 -index 000000000000..915128ff65ce ---- /dev/null -+++ b/components/rpc/openamp/caller/sp/openamp_virtio.h -@@ -0,0 +1,24 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021, Linaro Limited. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+#ifndef OPENAMP_VIRTIO_H -+#define OPENAMP_VIRTIO_H -+ -+#include <stddef.h> -+#include "openamp_caller.h" -+ -+int openamp_virtio_call_begin(struct openamp_caller *openamp, uint8_t **req_buf, -+ size_t req_len); -+int openamp_virtio_call_invoke(struct openamp_caller *openamp, int *opstatus, -+ uint8_t **resp_buf, size_t *resp_len); -+int openamp_virtio_call_end(struct openamp_caller *openamp); -+void *openamp_virtio_virt_to_phys(struct openamp_caller *openamp, void *va); -+void *openamp_virtio_phys_to_virt(struct openamp_caller *openamp, void *pa); -+ -+int openamp_virtio_init(struct openamp_caller *openamp); -+int openamp_virtio_deinit(struct openamp_caller *openamp); -+ -+#endif -diff --git a/deployments/se-proxy/opteesp/default_se-proxy.dts.in b/deployments/se-proxy/opteesp/default_se-proxy.dts.in -index 267b4f923540..04c181586b06 100644 ---- a/deployments/se-proxy/opteesp/default_se-proxy.dts.in -+++ b/deployments/se-proxy/opteesp/default_se-proxy.dts.in -@@ -32,5 +32,11 @@ - pages-count = <16>; - attributes = <0x3>; /* read-write */ - }; -+ openamp-virtio { -+ /* Armv8 A Foundation Platform values */ -+ base-address = <0x00000000 0x88000000>; -+ pages-count = <256>; -+ attributes = <0x3>; /* read-write */ -+ }; - }; - }; -diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake -index d39873a0fe81..34fe5ff1b925 100644 ---- a/deployments/se-proxy/se-proxy.cmake -+++ b/deployments/se-proxy/se-proxy.cmake -@@ -47,6 +47,7 @@ add_components(TARGET "se-proxy" - "components/service/attestation/include" - "components/service/attestation/provider" - "components/service/attestation/provider/serializer/packed-c" -+ "components/rpc/openamp/caller/sp" - - # Stub service provider backends - "components/rpc/dummy" --- -2.38.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-FMP-Support-in-Corstone1000.patch index ce40df0fd8..3d743d2827 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-FMP-Support-in-Corstone1000.patch @@ -1,7 +1,7 @@ -From 70cf374fb55f2d62ecbe28049253df33b42b6749 Mon Sep 17 00:00:00 2001 +From 5c8ac10337ac853d8a82992fb6e1d91b122b99d2 Mon Sep 17 00:00:00 2001 From: Satish Kumar <satish.kumar01@arm.com> Date: Fri, 8 Jul 2022 09:48:06 +0100 -Subject: [PATCH 20/20] FMP Support in Corstone1000. +Subject: [PATCH 3/6] FMP Support in Corstone1000. The FMP support is used by u-boot to pupolate ESRT information for the kernel. @@ -414,5 +414,5 @@ index 000000000000..95fba2a04d5c + +#endif /* CORSTONE1000_FMP_SERVICE_H */ -- -2.38.1 +2.40.0 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0022-GetNextVariableName-Fix.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-GetNextVariableName-Fix.patch index ed4e6e27a3..ed4e6e27a3 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0022-GetNextVariableName-Fix.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-GetNextVariableName-Fix.patch diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch deleted file mode 100644 index 84d418c131..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch +++ /dev/null @@ -1,298 +0,0 @@ -From fb6d2f33e26c7b6ef88d552feca1f835da3f0df6 Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath <vishnu.banavath@arm.com> -Date: Fri, 3 Dec 2021 19:05:18 +0000 -Subject: [PATCH 04/20] add psa client definitions for ff-m - -Add PSA client definitions in common include to add future -ff-m support. - -Upstream-Status: Pending -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - .../service/common/include/psa/client.h | 194 ++++++++++++++++++ - components/service/common/include/psa/sid.h | 71 +++++++ - 2 files changed, 265 insertions(+) - create mode 100644 components/service/common/include/psa/client.h - create mode 100644 components/service/common/include/psa/sid.h - -diff --git a/components/service/common/include/psa/client.h b/components/service/common/include/psa/client.h -new file mode 100644 -index 000000000000..69ccf14f40a3 ---- /dev/null -+++ b/components/service/common/include/psa/client.h -@@ -0,0 +1,194 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef SERVICE_PSA_IPC_H -+#define SERVICE_PSA_IPC_H -+ -+#include <stddef.h> -+#include <stdint.h> -+ -+#include <rpc_caller.h> -+#include <psa/error.h> -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+#ifndef IOVEC_LEN -+#define IOVEC_LEN(arr) ((uint32_t)(sizeof(arr)/sizeof(arr[0]))) -+#endif -+ -+/*********************** PSA Client Macros and Types *************************/ -+ -+typedef int32_t psa_handle_t; -+ -+/** -+ * The version of the PSA Framework API that is being used to build the calling -+ * firmware. Only part of features of FF-M v1.1 have been implemented. FF-M v1.1 -+ * is compatible with v1.0. -+ */ -+#define PSA_FRAMEWORK_VERSION (0x0101u) -+ -+/** -+ * Return value from psa_version() if the requested RoT Service is not present -+ * in the system. -+ */ -+#define PSA_VERSION_NONE (0u) -+ -+/** -+ * The zero-value null handle can be assigned to variables used in clients and -+ * RoT Services, indicating that there is no current connection or message. -+ */ -+#define PSA_NULL_HANDLE ((psa_handle_t)0) -+ -+/** -+ * Tests whether a handle value returned by psa_connect() is valid. -+ */ -+#define PSA_HANDLE_IS_VALID(handle) ((psa_handle_t)(handle) > 0) -+ -+/** -+ * Converts the handle value returned from a failed call psa_connect() into -+ * an error code. -+ */ -+#define PSA_HANDLE_TO_ERROR(handle) ((psa_status_t)(handle)) -+ -+/** -+ * Maximum number of input and output vectors for a request to psa_call(). -+ */ -+#define PSA_MAX_IOVEC (4u) -+ -+/** -+ * An IPC message type that indicates a generic client request. -+ */ -+#define PSA_IPC_CALL (0) -+ -+/** -+ * A read-only input memory region provided to an RoT Service. -+ */ -+struct __attribute__ ((__packed__)) psa_invec { -+ uint32_t base; /*!< the start address of the memory buffer */ -+ uint32_t len; /*!< the size in bytes */ -+}; -+ -+/** -+ * A writable output memory region provided to an RoT Service. -+ */ -+struct __attribute__ ((__packed__)) psa_outvec { -+ uint32_t base; /*!< the start address of the memory buffer */ -+ uint32_t len; /*!< the size in bytes */ -+}; -+ -+/*************************** PSA Client API **********************************/ -+ -+/** -+ * \brief Retrieve the version of the PSA Framework API that is implemented. -+ * -+ * \param[in] rpc_caller RPC caller to use -+ * \return version The version of the PSA Framework implementation -+ * that is providing the runtime services to the -+ * caller. The major and minor version are encoded -+ * as follows: -+ * \arg version[15:8] -- major version number. -+ * \arg version[7:0] -- minor version number. -+ */ -+uint32_t psa_framework_version(struct rpc_caller *caller); -+ -+/** -+ * \brief Retrieve the version of an RoT Service or indicate that it is not -+ * present on this system. -+ * -+ * \param[in] rpc_caller RPC caller to use -+ * \param[in] sid ID of the RoT Service to query. -+ * -+ * \retval PSA_VERSION_NONE The RoT Service is not implemented, or the -+ * caller is not permitted to access the service. -+ * \retval > 0 The version of the implemented RoT Service. -+ */ -+uint32_t psa_version(struct rpc_caller *caller, uint32_t sid); -+ -+/** -+ * \brief Connect to an RoT Service by its SID. -+ * -+ * \param[in] rpc_caller RPC caller to use -+ * \param[in] sid ID of the RoT Service to connect to. -+ * \param[in] version Requested version of the RoT Service. -+ * -+ * \retval > 0 A handle for the connection. -+ * \retval PSA_ERROR_CONNECTION_REFUSED The SPM or RoT Service has refused the -+ * connection. -+ * \retval PSA_ERROR_CONNECTION_BUSY The SPM or RoT Service cannot make the -+ * connection at the moment. -+ * \retval "PROGRAMMER ERROR" The call is a PROGRAMMER ERROR if one or more -+ * of the following are true: -+ * \arg The RoT Service ID is not present. -+ * \arg The RoT Service version is not supported. -+ * \arg The caller is not allowed to access the RoT -+ * service. -+ */ -+psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid, -+ uint32_t version); -+ -+/** -+ * \brief Call an RoT Service on an established connection. -+ * -+ * \note FF-M 1.0 proposes 6 parameters for psa_call but the secure gateway ABI -+ * support at most 4 parameters. TF-M chooses to encode 'in_len', -+ * 'out_len', and 'type' into a 32-bit integer to improve efficiency. -+ * Compared with struct-based encoding, this method saves extra memory -+ * check and memory copy operation. The disadvantage is that the 'type' -+ * range has to be reduced into a 16-bit integer. So with this encoding, -+ * the valid range for 'type' is 0-32767. -+ * -+ * \param[in] rpc_caller RPC caller to use -+ * \param[in] handle A handle to an established connection. -+ * \param[in] type The request type. -+ * Must be zero( \ref PSA_IPC_CALL) or positive. -+ * \param[in] in_vec Array of input \ref psa_invec structures. -+ * \param[in] in_len Number of input \ref psa_invec structures. -+ * \param[in,out] out_vec Array of output \ref psa_outvec structures. -+ * \param[in] out_len Number of output \ref psa_outvec structures. -+ * -+ * \retval >=0 RoT Service-specific status value. -+ * \retval <0 RoT Service-specific error code. -+ * \retval PSA_ERROR_PROGRAMMER_ERROR The connection has been terminated by the -+ * RoT Service. The call is a PROGRAMMER ERROR if -+ * one or more of the following are true: -+ * \arg An invalid handle was passed. -+ * \arg The connection is already handling a request. -+ * \arg type < 0. -+ * \arg An invalid memory reference was provided. -+ * \arg in_len + out_len > PSA_MAX_IOVEC. -+ * \arg The message is unrecognized by the RoT -+ * Service or incorrectly formatted. -+ */ -+psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t handle, -+ int32_t type, const struct psa_invec *in_vec, -+ size_t in_len, struct psa_outvec *out_vec, size_t out_len); -+ -+/** -+ * \brief Close a connection to an RoT Service. -+ * -+ * \param[in] rpc_caller RPC caller to use -+ * \param[in] handle A handle to an established connection, or the -+ * null handle. -+ * -+ * \retval void Success. -+ * \retval "PROGRAMMER ERROR" The call is a PROGRAMMER ERROR if one or more -+ * of the following are true: -+ * \arg An invalid handle was provided that is not -+ * the null handle. -+ * \arg The connection is currently handling a -+ * request. -+ */ -+void psa_close(struct rpc_caller *caller, psa_handle_t handle); -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* SERVICE_PSA_IPC_H */ -+ -+ -diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h -new file mode 100644 -index 000000000000..aaa973c6e987 ---- /dev/null -+++ b/components/service/common/include/psa/sid.h -@@ -0,0 +1,71 @@ -+/* -+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ * -+ */ -+ -+#ifndef __PSA_MANIFEST_SID_H__ -+#define __PSA_MANIFEST_SID_H__ -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+/******** TFM_SP_PS ********/ -+#define TFM_PROTECTED_STORAGE_SERVICE_SID (0x00000060U) -+#define TFM_PROTECTED_STORAGE_SERVICE_VERSION (1U) -+#define TFM_PROTECTED_STORAGE_SERVICE_HANDLE (0x40000101U) -+ -+/* Invalid UID */ -+#define TFM_PS_INVALID_UID 0 -+ -+/* PS message types that distinguish PS services. */ -+#define TFM_PS_SET 1001 -+#define TFM_PS_GET 1002 -+#define TFM_PS_GET_INFO 1003 -+#define TFM_PS_REMOVE 1004 -+#define TFM_PS_GET_SUPPORT 1005 -+ -+/******** TFM_SP_ITS ********/ -+#define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_SID (0x00000070U) -+#define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_VERSION (1U) -+#define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE (0x40000102U) -+ -+/******** TFM_SP_CRYPTO ********/ -+#define TFM_CRYPTO_SID (0x00000080U) -+#define TFM_CRYPTO_VERSION (1U) -+#define TFM_CRYPTO_HANDLE (0x40000100U) -+ -+/******** TFM_SP_PLATFORM ********/ -+#define TFM_SP_PLATFORM_SYSTEM_RESET_SID (0x00000040U) -+#define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION (1U) -+#define TFM_SP_PLATFORM_IOCTL_SID (0x00000041U) -+#define TFM_SP_PLATFORM_IOCTL_VERSION (1U) -+#define TFM_SP_PLATFORM_NV_COUNTER_SID (0x00000042U) -+#define TFM_SP_PLATFORM_NV_COUNTER_VERSION (1U) -+ -+/******** TFM_SP_INITIAL_ATTESTATION ********/ -+#define TFM_ATTESTATION_SERVICE_SID (0x00000020U) -+#define TFM_ATTESTATION_SERVICE_VERSION (1U) -+#define TFM_ATTESTATION_SERVICE_HANDLE (0x40000103U) -+ -+/******** TFM_SP_FWU ********/ -+#define TFM_FWU_WRITE_SID (0x000000A0U) -+#define TFM_FWU_WRITE_VERSION (1U) -+#define TFM_FWU_INSTALL_SID (0x000000A1U) -+#define TFM_FWU_INSTALL_VERSION (1U) -+#define TFM_FWU_ABORT_SID (0x000000A2U) -+#define TFM_FWU_ABORT_VERSION (1U) -+#define TFM_FWU_QUERY_SID (0x000000A3U) -+#define TFM_FWU_QUERY_VERSION (1U) -+#define TFM_FWU_REQUEST_REBOOT_SID (0x000000A4U) -+#define TFM_FWU_REQUEST_REBOOT_VERSION (1U) -+#define TFM_FWU_ACCEPT_SID (0x000000A5U) -+#define TFM_FWU_ACCEPT_VERSION (1U) -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* __PSA_MANIFEST_SID_H__ */ --- -2.38.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch deleted file mode 100644 index df3cb2f4c2..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch +++ /dev/null @@ -1,295 +0,0 @@ -From 0311fc8f131fe7a2b0f4dd9988c610fda47394aa Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath <vishnu.banavath@arm.com> -Date: Fri, 3 Dec 2021 19:13:03 +0000 -Subject: [PATCH 05/20] Add common service component to ipc support - -Add support for inter processor communication for PSA -including, the openamp client side structures lib. - -Upstream-Status: Pending -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - .../service/common/psa_ipc/component.cmake | 13 ++ - .../service/common/psa_ipc/service_psa_ipc.c | 97 +++++++++++++ - .../psa_ipc/service_psa_ipc_openamp_lib.h | 131 ++++++++++++++++++ - deployments/se-proxy/se-proxy.cmake | 1 + - 4 files changed, 242 insertions(+) - create mode 100644 components/service/common/psa_ipc/component.cmake - create mode 100644 components/service/common/psa_ipc/service_psa_ipc.c - create mode 100644 components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h - -diff --git a/components/service/common/psa_ipc/component.cmake b/components/service/common/psa_ipc/component.cmake -new file mode 100644 -index 000000000000..5a1c9e62e2f0 ---- /dev/null -+++ b/components/service/common/psa_ipc/component.cmake -@@ -0,0 +1,13 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+if (NOT DEFINED TGT) -+ message(FATAL_ERROR "mandatory parameter TGT is not defined.") -+endif() -+ -+target_sources(${TGT} PRIVATE -+ "${CMAKE_CURRENT_LIST_DIR}/service_psa_ipc.c" -+ ) -diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c -new file mode 100644 -index 000000000000..e8093c20a523 ---- /dev/null -+++ b/components/service/common/psa_ipc/service_psa_ipc.c -@@ -0,0 +1,97 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#include <stddef.h> -+#include <stdint.h> -+#include <string.h> -+#include <trace.h> -+ -+#include <protocols/rpc/common/packed-c/status.h> -+#include <psa/error.h> -+#include <rpc_caller.h> -+ -+#include <psa/client.h> -+#include "service_psa_ipc_openamp_lib.h" -+ -+psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid, -+ uint32_t version) -+{ -+ psa_status_t psa_status = PSA_SUCCESS; -+ struct s_openamp_msg *resp_msg = NULL; -+ struct ns_openamp_msg *req_msg; -+ rpc_call_handle rpc_handle; -+ size_t resp_len; -+ uint8_t *resp; -+ uint8_t *req; -+ int ret; -+ -+ rpc_handle = rpc_caller_begin(caller, &req, -+ sizeof(struct ns_openamp_msg)); -+ if (!rpc_handle) { -+ EMSG("psa_connect: could not get handle"); -+ return PSA_ERROR_GENERIC_ERROR; -+ } -+ -+ req_msg = (struct ns_openamp_msg *)req; -+ -+ req_msg->call_type = OPENAMP_PSA_CONNECT; -+ req_msg->params.psa_connect_params.sid = sid; -+ req_msg->params.psa_connect_params.version = version; -+ -+ ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp, -+ &resp_len); -+ if (ret != TS_RPC_CALL_ACCEPTED) { -+ EMSG("psa_connect: invoke failed: %d", ret); -+ return PSA_ERROR_GENERIC_ERROR; -+ } -+ -+ if (psa_status == PSA_SUCCESS) -+ resp_msg = (struct s_openamp_msg *)resp; -+ -+ rpc_caller_end(caller, rpc_handle); -+ -+ return resp_msg ? (psa_handle_t)resp_msg->reply : PSA_NULL_HANDLE; -+} -+ -+psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t handle, -+ int32_t type, const struct psa_invec *in_vec, -+ size_t in_len, struct psa_outvec *out_vec, size_t out_len) -+{ -+ -+} -+ -+void psa_close(struct rpc_caller *caller, psa_handle_t handle) -+{ -+ psa_status_t psa_status = PSA_SUCCESS; -+ struct s_openamp_msg *resp_msg = NULL; -+ struct ns_openamp_msg *req_msg; -+ rpc_call_handle rpc_handle; -+ size_t resp_len; -+ uint8_t *resp; -+ uint8_t *req; -+ int ret; -+ -+ rpc_handle = rpc_caller_begin(caller, &req, -+ sizeof(struct ns_openamp_msg)); -+ if (!rpc_handle) { -+ EMSG("psa_close: could not get handle"); -+ return; -+ } -+ -+ req_msg = (struct ns_openamp_msg *)req; -+ -+ req_msg->call_type = OPENAMP_PSA_CLOSE; -+ req_msg->params.psa_close_params.handle = handle; -+ -+ ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp, -+ &resp_len); -+ if (ret != TS_RPC_CALL_ACCEPTED) { -+ EMSG("psa_close: invoke failed: %d", ret); -+ return; -+ } -+ -+ rpc_caller_end(caller, rpc_handle); -+} -diff --git a/components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h b/components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h -new file mode 100644 -index 000000000000..33ea96660572 ---- /dev/null -+++ b/components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h -@@ -0,0 +1,131 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef SERVICE_PSA_IPC_OPENAMP_LIB_H -+#define SERVICE_PSA_IPC_OPENAMP_LIB_H -+ -+#include <stddef.h> -+#include <stdint.h> -+ -+#include <compiler.h> -+#include <psa/error.h> -+ -+#include <stdint.h> -+#include <psa/client.h> -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+/* PSA client call type value */ -+#define OPENAMP_PSA_FRAMEWORK_VERSION (0x1) -+#define OPENAMP_PSA_VERSION (0x2) -+#define OPENAMP_PSA_CONNECT (0x3) -+#define OPENAMP_PSA_CALL (0x4) -+#define OPENAMP_PSA_CLOSE (0x5) -+ -+/* Return code of openamp APIs */ -+#define OPENAMP_SUCCESS (0) -+#define OPENAMP_MAP_FULL (INT32_MIN + 1) -+#define OPENAMP_MAP_ERROR (INT32_MIN + 2) -+#define OPENAMP_INVAL_PARAMS (INT32_MIN + 3) -+#define OPENAMP_NO_PERMS (INT32_MIN + 4) -+#define OPENAMP_NO_PEND_EVENT (INT32_MIN + 5) -+#define OPENAMP_CHAN_BUSY (INT32_MIN + 6) -+#define OPENAMP_CALLBACK_REG_ERROR (INT32_MIN + 7) -+#define OPENAMP_INIT_ERROR (INT32_MIN + 8) -+ -+#define HOLD_INPUT_BUFFER (1) /* IF true, TF-M Library will hold the openamp -+ * buffer so that openamp shared memory buffer -+ * does not get freed. -+ */ -+ -+/* -+ * This structure holds the parameters used in a PSA client call. -+ */ -+typedef struct __packed psa_client_in_params { -+ union { -+ struct __packed { -+ uint32_t sid; -+ } psa_version_params; -+ -+ struct __packed { -+ uint32_t sid; -+ uint32_t version; -+ } psa_connect_params; -+ -+ struct __packed { -+ psa_handle_t handle; -+ int32_t type; -+ uint32_t in_vec; -+ uint32_t in_len; -+ uint32_t out_vec; -+ uint32_t out_len; -+ } psa_call_params; -+ -+ struct __packed { -+ psa_handle_t handle; -+ } psa_close_params; -+ }; -+} psa_client_in_params_t; -+ -+/* Openamp message passed from NSPE to SPE to deliver a PSA client call */ -+struct __packed ns_openamp_msg { -+ uint32_t call_type; /* PSA client call type */ -+ struct psa_client_in_params params; /* Contain parameters used in PSA -+ * client call -+ */ -+ -+ int32_t client_id; /* Optional client ID of the -+ * non-secure caller. -+ * It is required to identify the -+ * non-secure task when NSPE OS -+ * enforces non-secure task -+ * isolation -+ */ -+ int32_t request_id; /* This is the unique ID for a -+ * request send to TF-M by the -+ * non-secure core. TF-M forward -+ * the ID back to non-secure on the -+ * reply to a given request. Using -+ * this id, the non-secure library -+ * can identify the request for -+ * which the reply has received. -+ */ -+}; -+ -+/* -+ * This structure holds the location of the out data of the PSA client call. -+ */ -+struct __packed psa_client_out_params { -+ uint32_t out_vec; -+ uint32_t out_len; -+}; -+ -+ -+/* Openamp message from SPE to NSPE delivering the reply back for a PSA client -+ * call. -+ */ -+struct __packed s_openamp_msg { -+ int32_t request_id; /* Using this id, the non-secure -+ * library identifies the request. -+ * TF-M forwards the same -+ * request-id received on the -+ * initial request. -+ */ -+ int32_t reply; /* Reply of the PSA client call */ -+ struct psa_client_out_params params; /* Contain out data result of the -+ * PSA client call. -+ */ -+}; -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* SERVICE_PSA_IPC_OPENAMP_LIB_H */ -+ -+ -diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake -index 34fe5ff1b925..dd0c5d00c21e 100644 ---- a/deployments/se-proxy/se-proxy.cmake -+++ b/deployments/se-proxy/se-proxy.cmake -@@ -24,6 +24,7 @@ add_components(TARGET "se-proxy" - "components/service/common/include" - "components/service/common/serializer/protobuf" - "components/service/common/client" -+ "components/service/common/psa_ipc" - "components/service/common/provider" - "components/service/discovery/provider" - "components/service/discovery/provider/serializer/packed-c" --- -2.38.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-plat-corstone1000-add-compile-definitions-for-ECP_DP.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-plat-corstone1000-add-compile-definitions-for-ECP_DP.patch new file mode 100644 index 0000000000..2fdd19e79f --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-plat-corstone1000-add-compile-definitions-for-ECP_DP.patch @@ -0,0 +1,27 @@ +From 041d30bb9cc6857f5ef26ded154ff7126dafaa20 Mon Sep 17 00:00:00 2001 +From: Emekcan Aras <emekcan.aras@arm.com> +Date: Fri, 16 Jun 2023 10:47:48 +0100 +Subject: [PATCH] plat: corstone1000: add compile definitions for + ECP_DP_SECP512R1 + +Corstone1000 runs PSA-API tests which requires this ECC algorithm. +Without setting this, corstone1000 fails psa-api-crypto-test no 243. + +Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> +--- + platform/providers/arm/corstone1000/platform.cmake | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake +index dbdf1097..e7a295dd 100644 +--- a/platform/providers/arm/corstone1000/platform.cmake ++++ b/platform/providers/arm/corstone1000/platform.cmake +@@ -14,3 +14,5 @@ target_compile_definitions(${TGT} PRIVATE + SMM_VARIABLE_INDEX_STORAGE_UID=0x787 + SMM_GATEWAY_MAX_UEFI_VARIABLES=100 + ) ++ ++add_compile_definitions(MBEDTLS_ECP_DP_SECP521R1_ENABLED) +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch deleted file mode 100644 index 74a83777df..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch +++ /dev/null @@ -1,523 +0,0 @@ -From ed4371d63cb52c121be9678bc225055944286c30 Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath <vishnu.banavath@arm.com> -Date: Fri, 3 Dec 2021 19:19:24 +0000 -Subject: [PATCH 06/20] Add secure storage ipc backend - -Add secure storage ipc ff-m implementation which may use -openamp as rpc to communicate with other processor. - -Upstream-Status: Pending -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - .../service/common/psa_ipc/service_psa_ipc.c | 143 +++++++++++- - .../secure_storage_ipc/component.cmake | 14 ++ - .../secure_storage_ipc/secure_storage_ipc.c | 214 ++++++++++++++++++ - .../secure_storage_ipc/secure_storage_ipc.h | 52 +++++ - deployments/se-proxy/se-proxy.cmake | 1 + - 5 files changed, 420 insertions(+), 4 deletions(-) - create mode 100644 components/service/secure_storage/backend/secure_storage_ipc/component.cmake - create mode 100644 components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c - create mode 100644 components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h - -diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c -index e8093c20a523..95a07c135f31 100644 ---- a/components/service/common/psa_ipc/service_psa_ipc.c -+++ b/components/service/common/psa_ipc/service_psa_ipc.c -@@ -16,6 +16,52 @@ - #include <psa/client.h> - #include "service_psa_ipc_openamp_lib.h" - -+static struct psa_invec *psa_call_in_vec_param(uint8_t *req) -+{ -+ return (struct psa_invec *)(req + sizeof(struct ns_openamp_msg)); -+} -+ -+static struct psa_outvec *psa_call_out_vec_param(uint8_t *req, size_t in_len) -+{ -+ return (struct psa_outvec *)(req + sizeof(struct ns_openamp_msg) + -+ (in_len * sizeof(struct psa_invec))); -+} -+ -+static size_t psa_call_header_len(const struct psa_invec *in_vec, size_t in_len, -+ struct psa_outvec *out_vec, size_t out_len) -+{ -+ return sizeof(struct ns_openamp_msg) + (in_len * sizeof(*in_vec)) + -+ (out_len * sizeof(*out_vec)); -+} -+ -+static size_t psa_call_in_vec_len(const struct psa_invec *in_vec, size_t in_len) -+{ -+ size_t req_len = 0; -+ int i; -+ -+ if (!in_vec || !in_len) -+ return 0; -+ -+ for (i = 0; i < in_len; i++) -+ req_len += in_vec[i].len; -+ -+ return req_len; -+} -+ -+static size_t psa_call_out_vec_len(const struct psa_outvec *out_vec, size_t out_len) -+{ -+ size_t resp_len = 0; -+ int i; -+ -+ if (!out_vec || !out_len) -+ return 0; -+ -+ for (i = 0; i < out_len; i++) -+ resp_len += out_vec[i].len; -+ -+ return resp_len; -+} -+ - psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid, - uint32_t version) - { -@@ -31,7 +77,7 @@ psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid, - rpc_handle = rpc_caller_begin(caller, &req, - sizeof(struct ns_openamp_msg)); - if (!rpc_handle) { -- EMSG("psa_connect: could not get handle"); -+ EMSG("psa_connect: could not get rpc handle"); - return PSA_ERROR_GENERIC_ERROR; - } - -@@ -56,14 +102,100 @@ psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid, - return resp_msg ? (psa_handle_t)resp_msg->reply : PSA_NULL_HANDLE; - } - --psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t handle, -+psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle, - int32_t type, const struct psa_invec *in_vec, - size_t in_len, struct psa_outvec *out_vec, size_t out_len) - { -+ psa_status_t psa_status = PSA_SUCCESS; -+ struct s_openamp_msg *resp_msg = NULL; -+ struct psa_outvec *out_vec_param; -+ struct psa_invec *in_vec_param; -+ struct ns_openamp_msg *req_msg; -+ rpc_call_handle rpc_handle; -+ size_t out_vec_len; -+ size_t in_vec_len; -+ size_t header_len; -+ uint8_t *payload; -+ size_t resp_len; -+ uint8_t *resp; -+ uint8_t *req; -+ int ret; -+ int i; -+ -+ if ((psa_handle == PSA_NULL_HANDLE) || !caller) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ header_len = psa_call_header_len(in_vec, in_len, out_vec, out_len); -+ in_vec_len = psa_call_in_vec_len(in_vec, in_len); -+ out_vec_len = psa_call_out_vec_len(out_vec, out_len); - -+ rpc_handle = rpc_caller_begin(caller, &req, header_len + in_vec_len); -+ if (!rpc_handle) { -+ EMSG("psa_call: could not get handle"); -+ return PSA_ERROR_GENERIC_ERROR; -+ } -+ -+ payload = req + header_len; -+ -+ out_vec_param = psa_call_out_vec_param(req, in_len); -+ in_vec_param = psa_call_in_vec_param(req); -+ -+ req_msg = (struct ns_openamp_msg *)req; -+ -+ req_msg->call_type = OPENAMP_PSA_CALL; -+ req_msg->request_id = 1234; -+ req_msg->params.psa_call_params.handle = psa_handle; -+ req_msg->params.psa_call_params.type = type; -+ req_msg->params.psa_call_params.in_len = in_len; -+ req_msg->params.psa_call_params.in_vec = rpc_caller_virt_to_phys(caller, in_vec_param); -+ req_msg->params.psa_call_params.out_len = out_len; -+ req_msg->params.psa_call_params.out_vec = rpc_caller_virt_to_phys(caller, out_vec_param); -+ -+ for (i = 0; i < in_len; i++) { -+ in_vec_param[i].base = rpc_caller_virt_to_phys(caller, payload); -+ in_vec_param[i].len = in_vec[i].len; -+ -+ memcpy(payload, in_vec[i].base, in_vec[i].len); -+ payload += in_vec[i].len; -+ } -+ -+ for (i = 0; i < out_len; i++) { -+ out_vec_param[i].base = NULL; -+ out_vec_param[i].len = out_vec[i].len; -+ } -+ -+ ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp, -+ &resp_len); -+ if (ret != TS_RPC_CALL_ACCEPTED) { -+ EMSG("psa_call: invoke failed: %d", ret); -+ return PSA_ERROR_GENERIC_ERROR; -+ } -+ -+ if (psa_status != PSA_SUCCESS) { -+ EMSG("psa_call: psa_status invoke failed: %d", psa_status); -+ return PSA_ERROR_GENERIC_ERROR; -+ } -+ -+ resp_msg = (struct s_openamp_msg *)resp; -+ -+ if (!resp_msg || !out_len || resp_msg->reply != PSA_SUCCESS) -+ goto caller_end; -+ -+ out_vec_param = (struct psa_outvec *)rpc_caller_phys_to_virt(caller, -+ resp_msg->params.out_vec); -+ -+ for (i = 0; i < resp_msg->params.out_len; i++) { -+ memcpy(out_vec[i].base, rpc_caller_phys_to_virt(caller, out_vec_param[i].base), -+ out_vec[i].len); -+ } -+ -+caller_end: -+ rpc_caller_end(caller, rpc_handle); -+ -+ return resp_msg ? resp_msg->reply : PSA_ERROR_COMMUNICATION_FAILURE; - } - --void psa_close(struct rpc_caller *caller, psa_handle_t handle) -+void psa_close(struct rpc_caller *caller, psa_handle_t psa_handle) - { - psa_status_t psa_status = PSA_SUCCESS; - struct s_openamp_msg *resp_msg = NULL; -@@ -74,6 +206,9 @@ void psa_close(struct rpc_caller *caller, psa_handle_t handle) - uint8_t *req; - int ret; - -+ if ((psa_handle == PSA_NULL_HANDLE) || !caller) -+ return; -+ - rpc_handle = rpc_caller_begin(caller, &req, - sizeof(struct ns_openamp_msg)); - if (!rpc_handle) { -@@ -84,7 +219,7 @@ void psa_close(struct rpc_caller *caller, psa_handle_t handle) - req_msg = (struct ns_openamp_msg *)req; - - req_msg->call_type = OPENAMP_PSA_CLOSE; -- req_msg->params.psa_close_params.handle = handle; -+ req_msg->params.psa_close_params.handle = psa_handle; - - ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp, - &resp_len); -diff --git a/components/service/secure_storage/backend/secure_storage_ipc/component.cmake b/components/service/secure_storage/backend/secure_storage_ipc/component.cmake -new file mode 100644 -index 000000000000..5d8f6714e0bd ---- /dev/null -+++ b/components/service/secure_storage/backend/secure_storage_ipc/component.cmake -@@ -0,0 +1,14 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+if (NOT DEFINED TGT) -+ message(FATAL_ERROR "mandatory parameter TGT is not defined.") -+endif() -+ -+target_sources(${TGT} PRIVATE -+ "${CMAKE_CURRENT_LIST_DIR}/secure_storage_ipc.c" -+ ) -+ -diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -new file mode 100644 -index 000000000000..9b55f77dd395 ---- /dev/null -+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -@@ -0,0 +1,214 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#include <protocols/rpc/common/packed-c/status.h> -+#include "secure_storage_ipc.h" -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <rpc_caller.h> -+#include <string.h> -+#include <trace.h> -+ -+ -+static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id, -+ psa_storage_uid_t uid, size_t data_length, -+ const void *p_data, psa_storage_create_flags_t create_flags) -+{ -+ struct secure_storage_ipc *ipc = context; -+ struct rpc_caller *caller = ipc->client.caller; -+ psa_handle_t psa_handle; -+ psa_status_t psa_status; -+ struct psa_invec in_vec[] = { -+ { .base = &uid, .len = sizeof(uid) }, -+ { .base = p_data, .len = data_length }, -+ { .base = &create_flags, .len = sizeof(create_flags) }, -+ }; -+ -+ (void)client_id; -+ -+ ipc->client.rpc_status = TS_RPC_CALL_ACCEPTED; -+ -+ /* Validating input parameters */ -+ if (p_data == NULL) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -+ TFM_PS_SET, in_vec, IOVEC_LEN(in_vec), NULL, 0); -+ if (psa_status < 0) -+ EMSG("ipc_set: psa_call failed: %d", psa_status); -+ -+ return psa_status; -+} -+ -+static psa_status_t secure_storage_ipc_get(void *context, -+ uint32_t client_id, -+ psa_storage_uid_t uid, -+ size_t data_offset, -+ size_t data_size, -+ void *p_data, -+ size_t *p_data_length) -+{ -+ struct secure_storage_ipc *ipc = context; -+ struct rpc_caller *caller = ipc->client.caller; -+ psa_handle_t psa_handle; -+ psa_status_t psa_status; -+ uint32_t offset = (uint32_t)data_offset; -+ struct psa_invec in_vec[] = { -+ { .base = &uid, .len = sizeof(uid) }, -+ { .base = &offset, .len = sizeof(offset) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = p_data, .len = data_size }, -+ }; -+ -+ if (!p_data_length) { -+ EMSG("ipc_get: p_data_length not defined"); -+ return PSA_ERROR_INVALID_ARGUMENT; -+ } -+ -+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -+ TFM_PS_GET, in_vec, IOVEC_LEN(in_vec), -+ out_vec, IOVEC_LEN(out_vec)); -+ if (psa_status == PSA_SUCCESS) -+ *p_data_length = out_vec[0].len; -+ -+ return psa_status; -+} -+ -+static psa_status_t secure_storage_ipc_get_info(void *context, -+ uint32_t client_id, -+ psa_storage_uid_t uid, -+ struct psa_storage_info_t *p_info) -+{ -+ struct secure_storage_ipc *ipc = context; -+ struct rpc_caller *caller = ipc->client.caller; -+ psa_handle_t psa_handle; -+ psa_status_t psa_status; -+ struct psa_invec in_vec[] = { -+ { .base = &uid, .len = sizeof(uid) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = p_info, .len = sizeof(*p_info) }, -+ }; -+ -+ (void)client_id; -+ -+ /* Validating input parameters */ -+ if (!p_info) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -+ TFM_PS_GET_INFO, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ if (psa_status != PSA_SUCCESS) -+ EMSG("ipc_get_info: failed to psa_call: %d", psa_status); -+ -+ return psa_status; -+} -+ -+static psa_status_t secure_storage_ipc_remove(void *context, -+ uint32_t client_id, -+ psa_storage_uid_t uid) -+{ -+ struct secure_storage_ipc *ipc = context; -+ struct rpc_caller *caller = ipc->client.caller; -+ psa_handle_t psa_handle; -+ psa_status_t psa_status; -+ struct psa_invec in_vec[] = { -+ { .base = &uid, .len = sizeof(uid) }, -+ }; -+ -+ (void)client_id; -+ -+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -+ TFM_PS_REMOVE, in_vec, -+ IOVEC_LEN(in_vec), NULL, 0); -+ if (psa_status != PSA_SUCCESS) -+ EMSG("ipc_remove: failed to psa_call: %d", psa_status); -+ -+ return psa_status; -+} -+ -+static psa_status_t secure_storage_ipc_create(void *context, -+ uint32_t client_id, -+ uint64_t uid, -+ size_t capacity, -+ uint32_t create_flags) -+{ -+ (void)context; -+ (void)uid; -+ (void)client_id; -+ (void)capacity; -+ (void)create_flags; -+ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static psa_status_t secure_storage_set_extended(void *context, -+ uint32_t client_id, -+ uint64_t uid, -+ size_t data_offset, -+ size_t data_length, -+ const void *p_data) -+{ -+ (void)context; -+ (void)uid; -+ (void)client_id; -+ (void)data_offset; -+ (void)data_length; -+ (void)p_data; -+ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static uint32_t secure_storage_get_support(void *context, uint32_t client_id) -+{ -+ struct secure_storage_ipc *ipc = context; -+ struct rpc_caller *caller = ipc->client.caller; -+ psa_handle_t psa_handle; -+ psa_status_t psa_status; -+ uint32_t support_flags; -+ struct psa_outvec out_vec[] = { -+ { .base = &support_flags, .len = sizeof(support_flags) }, -+ }; -+ -+ (void)client_id; -+ -+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -+ TFM_PS_GET_SUPPORT, NULL, 0, -+ out_vec, IOVEC_LEN(out_vec)); -+ if (psa_status != PSA_SUCCESS) -+ EMSG("ipc_get_support: failed to psa_call: %d", psa_status); -+ -+ return psa_status; -+} -+ -+struct storage_backend *secure_storage_ipc_init(struct secure_storage_ipc *context, -+ struct rpc_caller *caller) -+{ -+ service_client_init(&context->client, caller); -+ -+ static const struct storage_backend_interface interface = -+ { -+ .set = secure_storage_ipc_set, -+ .get = secure_storage_ipc_get, -+ .get_info = secure_storage_ipc_get_info, -+ .remove = secure_storage_ipc_remove, -+ .create = secure_storage_ipc_create, -+ .set_extended = secure_storage_set_extended, -+ .get_support = secure_storage_get_support, -+ }; -+ -+ context->backend.context = context; -+ context->backend.interface = &interface; -+ -+ return &context->backend; -+} -+ -+void secure_storage_ipc_deinit(struct secure_storage_ipc *context) -+{ -+ service_client_deinit(&context->client); -+} -diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h -new file mode 100644 -index 000000000000..e8c1e8fd2f92 ---- /dev/null -+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h -@@ -0,0 +1,52 @@ -+/* -+ * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef SECURE_STORAGE_IPC_H -+#define SECURE_STORAGE_IPC_H -+ -+#include <service/secure_storage/backend/storage_backend.h> -+#include <service/common/client/service_client.h> -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+/** -+ * @brief Secure storage ipc instance -+ */ -+struct secure_storage_ipc -+{ -+ struct storage_backend backend; -+ struct service_client client; -+}; -+ -+/** -+ * @brief Initialize a secure storage ipc client -+ * -+ * A secure storage client is a storage backend that makes RPC calls -+ * to a remote secure storage provider. -+ * -+ * @param[in] context Instance data -+ * @param[in] rpc_caller RPC caller instance -+ * -+ * -+ * @return Pointer to inialized storage backend or NULL on failure -+ */ -+struct storage_backend *secure_storage_ipc_init(struct secure_storage_ipc *context, -+ struct rpc_caller *caller); -+ -+/** -+ * @brief Deinitialize a secure storage ipc client -+ * -+ * @param[in] context Instance data -+ */ -+void secure_storage_ipc_deinit(struct secure_storage_ipc *context); -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* SECURE_STORAGE_IPC_H */ -diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake -index dd0c5d00c21e..cd51460406ca 100644 ---- a/deployments/se-proxy/se-proxy.cmake -+++ b/deployments/se-proxy/se-proxy.cmake -@@ -45,6 +45,7 @@ add_components(TARGET "se-proxy" - "components/service/crypto/factory/full" - "components/service/secure_storage/include" - "components/service/secure_storage/frontend/secure_storage_provider" -+ "components/service/secure_storage/backend/secure_storage_ipc" - "components/service/attestation/include" - "components/service/attestation/provider" - "components/service/attestation/provider/serializer/packed-c" --- -2.38.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0023-Use-the-stateless-platform-service.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-plat-corstone1000-Use-the-stateless-platform-service.patch index 824196c11a..4e9d5c2e13 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0023-Use-the-stateless-platform-service.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-plat-corstone1000-Use-the-stateless-platform-service.patch @@ -1,21 +1,21 @@ -From 956b8a8e1dd5702b9c1657f4ec27a7aeddb0758e Mon Sep 17 00:00:00 2001 -From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> -Date: Mon, 21 Nov 2022 00:08:20 +0000 -Subject: [PATCH] Use the stateless platform service calls - -Calls to psa_connect is not needed and psa_call can be called -directly with a pre defined handle. +From a71e99045996c57a4f80509ae8b770aa4f73f6c0 Mon Sep 17 00:00:00 2001 +From: Emekcan Aras <emekcan.aras@arm.com> +Date: Sun, 18 Jun 2023 14:38:42 +0100 +Subject: [PATCH] plat: corstone1000: Use the stateless platform service calls + Calls to psa_connect is not needed and psa_call can be called directly with a + pre defined handle. Signed-off-by: Satish Kumar <satish.kumar01@arm.com> Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> -Upstream-Status: Inappropriate [Design is to revisted] +Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> +Upstream-Status: Inappropriate [Design is to revisted] --- .../provider/capsule_update_provider.c | 24 ++++--------------- .../provider/corstone1000_fmp_service.c | 10 ++++---- .../provider/corstone1000_fmp_service.h | 3 +-- - components/service/common/include/psa/sid.h | 6 +++++ - 4 files changed, 16 insertions(+), 27 deletions(-) + components/service/common/include/psa/sid.h | 7 ++++++ + 4 files changed, 17 insertions(+), 27 deletions(-) diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c index 991a2235..6809249f 100644 @@ -119,22 +119,23 @@ index 95fba2a0..963223e8 100644 #ifdef __cplusplus } /* extern "C" */ diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h -index 7a29cc25..8103a9af 100644 +index 5aaa659d..fc3a4fb0 100644 --- a/components/service/common/include/psa/sid.h +++ b/components/service/common/include/psa/sid.h -@@ -37,6 +37,12 @@ extern "C" { +@@ -40,6 +40,13 @@ extern "C" { #define TFM_CRYPTO_VERSION (1U) #define TFM_CRYPTO_HANDLE (0x40000100U) -+ +/******** TFM_PLATFORM_SERVICE *******/ +#define TFM_PLATFORM_API_ID_IOCTL (1013) +#define TFM_PLATFORM_SERVICE_HANDLE (0x40000105U) + -+ - /** - * \brief Define a progressive numerical value for each SID which can be used - * when dispatching the requests to the service ++/** ++ * \brief Define a progressive numerical value for each SID which can be used ++ * when dispatching the requests to the service + /******** TFM_SP_PLATFORM ********/ + #define TFM_SP_PLATFORM_SYSTEM_RESET_SID (0x00000040U) + #define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION (1U) -- -2.25.1 +2.17.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch deleted file mode 100644 index ad33295d41..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch +++ /dev/null @@ -1,63 +0,0 @@ -From d1377a5ed909e3a1d9caca56aeda262a80322a4b Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath <vishnu.banavath@arm.com> -Date: Fri, 3 Dec 2021 19:25:34 +0000 -Subject: [PATCH 07/20] Use secure storage ipc and openamp for se_proxy - -Remove mock up backend for secure storage in se proxy -deployment and use instead the secure storage ipc backend with -openamp as rpc to secure enclave side. - -Upstream-Status: Pending -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - .../se-proxy/common/service_proxy_factory.c | 16 +++++++++++++--- - 1 file changed, 13 insertions(+), 3 deletions(-) - -diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c -index acfb6e8873fa..57290056d614 100644 ---- a/deployments/se-proxy/common/service_proxy_factory.c -+++ b/deployments/se-proxy/common/service_proxy_factory.c -@@ -6,15 +6,20 @@ - - #include <stddef.h> - #include <rpc/common/endpoint/rpc_interface.h> -+#include <rpc/openamp/caller/sp/openamp_caller.h> - #include <service/attestation/provider/attest_provider.h> - #include <service/attestation/provider/serializer/packed-c/packedc_attest_provider_serializer.h> - #include <service/crypto/factory/crypto_provider_factory.h> - #include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h> -+#include <trace.h> - - /* Stub backends */ - #include <service/crypto/backend/stub/stub_crypto_backend.h> -+#include <service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h> - #include <service/secure_storage/backend/mock_store/mock_store.h> - -+struct openamp_caller openamp; -+ - struct rpc_interface *attest_proxy_create(void) - { - struct rpc_interface *attest_iface; -@@ -47,10 +52,15 @@ struct rpc_interface *crypto_proxy_create(void) - - struct rpc_interface *ps_proxy_create(void) - { -- static struct mock_store ps_backend; - static struct secure_storage_provider ps_provider; -- -- struct storage_backend *backend = mock_store_init(&ps_backend); -+ static struct secure_storage_ipc ps_backend; -+ static struct rpc_caller *storage_caller; -+ struct storage_backend *backend; -+ -+ storage_caller = openamp_caller_init(&openamp); -+ if (!storage_caller) -+ return NULL; -+ backend = secure_storage_ipc_init(&ps_backend, &openamp.rpc_caller); - - return secure_storage_provider_init(&ps_provider, backend); - } --- -2.38.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-plat-corstone1000-Initialize-capsule-update-provider.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-plat-corstone1000-Initialize-capsule-update-provider.patch new file mode 100644 index 0000000000..3e6f606c5d --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-plat-corstone1000-Initialize-capsule-update-provider.patch @@ -0,0 +1,78 @@ +From b5b31064959665f4cc616733be3d989ae4356636 Mon Sep 17 00:00:00 2001 +From: Emekcan Aras <emekcan.aras@arm.com> +Date: Sun, 18 Jun 2023 16:05:27 +0100 +Subject: [PATCH] plat: corstone1000: Initialize capsule update provider + +Initializes the capsule update service provider in se-proxy-sp.c deployment +for corstone1000. + +Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> +Upstream-Status: Inappropriate [Design is to revisted] + +--- + deployments/se-proxy/env/commonsp/se_proxy_sp.c | 3 +++ + .../infra/corstone1000/service_proxy_factory.c | 17 +++++++++++++++++ + .../se-proxy/infra/service_proxy_factory.h | 1 + + 3 files changed, 21 insertions(+) + +diff --git a/deployments/se-proxy/env/commonsp/se_proxy_sp.c b/deployments/se-proxy/env/commonsp/se_proxy_sp.c +index 45fcb385..dc2a9d49 100644 +--- a/deployments/se-proxy/env/commonsp/se_proxy_sp.c ++++ b/deployments/se-proxy/env/commonsp/se_proxy_sp.c +@@ -77,6 +77,9 @@ void __noreturn sp_main(struct ffa_init_info *init_info) + } + rpc_demux_attach(&rpc_demux, SE_PROXY_INTERFACE_ID_ATTEST, rpc_iface); + ++ rpc_iface = capsule_update_proxy_create(); ++ rpc_demux_attach(&rpc_demux, SE_PROXY_INTERFACE_ID_CAPSULE_UPDATE, rpc_iface); ++ + /* End of boot phase */ + result = sp_msg_wait(&req_msg); + if (result != SP_RESULT_OK) { +diff --git a/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c b/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c +index bacab1de..32d88c97 100644 +--- a/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c ++++ b/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c +@@ -14,6 +14,7 @@ + #include <service/crypto/factory/crypto_provider_factory.h> + #include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h> + #include <trace.h> ++#include <service/capsule_update/provider/capsule_update_provider.h> + + /* backends */ + #include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> +@@ -94,3 +95,19 @@ struct rpc_interface *its_proxy_create(void) + + return secure_storage_provider_init(&its_provider, backend); + } ++ ++struct rpc_interface *capsule_update_proxy_create(void) ++{ ++ static struct capsule_update_provider capsule_update_provider; ++ static struct rpc_caller *capsule_update_caller; ++ ++ capsule_update_caller = psa_ipc_caller_init(&psa_ipc); ++ ++ if (!capsule_update_caller) ++ return NULL; ++ ++ capsule_update_provider.client.caller = capsule_update_caller; ++ ++ return capsule_update_provider_init(&capsule_update_provider); ++} ++ +diff --git a/deployments/se-proxy/infra/service_proxy_factory.h b/deployments/se-proxy/infra/service_proxy_factory.h +index 298d407a..02aa7fe2 100644 +--- a/deployments/se-proxy/infra/service_proxy_factory.h ++++ b/deployments/se-proxy/infra/service_proxy_factory.h +@@ -17,6 +17,7 @@ struct rpc_interface *attest_proxy_create(void); + struct rpc_interface *crypto_proxy_create(void); + struct rpc_interface *ps_proxy_create(void); + struct rpc_interface *its_proxy_create(void); ++struct rpc_interface *capsule_update_proxy_create(void); + + #ifdef __cplusplus + } +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch deleted file mode 100644 index ab57688276..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 1b50ab6b6ff1c6f27ab320e18fb0d4aeb1122f0d Mon Sep 17 00:00:00 2001 -From: Satish Kumar <satish.kumar01@arm.com> -Date: Sun, 12 Dec 2021 10:43:48 +0000 -Subject: [PATCH 08/20] Run psa-arch-test - -Fixes needed to run psa-arch-test - -Upstream-Status: Pending -Signed-off-by: Satish Kumar <satish.kumar01@arm.com> -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - components/service/common/psa_ipc/service_psa_ipc.c | 1 + - .../backend/secure_storage_ipc/secure_storage_ipc.c | 8 -------- - .../service/secure_storage/include/psa/storage_common.h | 4 ++-- - 3 files changed, 3 insertions(+), 10 deletions(-) - -diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c -index 95a07c135f31..5e5815dbc9cf 100644 ---- a/components/service/common/psa_ipc/service_psa_ipc.c -+++ b/components/service/common/psa_ipc/service_psa_ipc.c -@@ -185,6 +185,7 @@ psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle, - resp_msg->params.out_vec); - - for (i = 0; i < resp_msg->params.out_len; i++) { -+ out_vec[i].len = out_vec_param[i].len; - memcpy(out_vec[i].base, rpc_caller_phys_to_virt(caller, out_vec_param[i].base), - out_vec[i].len); - } -diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -index 9b55f77dd395..a1f369db253e 100644 ---- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -@@ -31,10 +31,6 @@ static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id, - - ipc->client.rpc_status = TS_RPC_CALL_ACCEPTED; - -- /* Validating input parameters */ -- if (p_data == NULL) -- return PSA_ERROR_INVALID_ARGUMENT; -- - psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, - TFM_PS_SET, in_vec, IOVEC_LEN(in_vec), NULL, 0); - if (psa_status < 0) -@@ -96,10 +92,6 @@ static psa_status_t secure_storage_ipc_get_info(void *context, - - (void)client_id; - -- /* Validating input parameters */ -- if (!p_info) -- return PSA_ERROR_INVALID_ARGUMENT; -- - psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, - TFM_PS_GET_INFO, in_vec, - IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -diff --git a/components/service/secure_storage/include/psa/storage_common.h b/components/service/secure_storage/include/psa/storage_common.h -index 4f6ba2a7d822..1fd6b40dc803 100644 ---- a/components/service/secure_storage/include/psa/storage_common.h -+++ b/components/service/secure_storage/include/psa/storage_common.h -@@ -20,8 +20,8 @@ typedef uint64_t psa_storage_uid_t; - typedef uint32_t psa_storage_create_flags_t; - - struct psa_storage_info_t { -- size_t capacity; -- size_t size; -+ uint32_t capacity; -+ uint32_t size; - psa_storage_create_flags_t flags; - }; - --- -2.38.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch deleted file mode 100644 index 3295fa9bd9..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch +++ /dev/null @@ -1,168 +0,0 @@ -From a6fba503ffddae004e23b32559212e749e8586f6 Mon Sep 17 00:00:00 2001 -From: Satish Kumar <satish.kumar01@arm.com> -Date: Sun, 12 Dec 2021 10:57:17 +0000 -Subject: [PATCH 09/20] Use address instead of pointers - -Since secure enclave is 32bit and we 64bit there is an issue -in the protocol communication design that force us to handle -on our side the manipulation of address and pointers to make -this work. - -Upstream-Status: Pending -Signed-off-by: Satish Kumar <satish.kumar01@arm.com> -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - .../service/common/include/psa/client.h | 15 ++++++++++++++ - .../service/common/psa_ipc/service_psa_ipc.c | 20 ++++++++++++------- - .../secure_storage_ipc/secure_storage_ipc.c | 20 +++++++++---------- - 3 files changed, 38 insertions(+), 17 deletions(-) - -diff --git a/components/service/common/include/psa/client.h b/components/service/common/include/psa/client.h -index 69ccf14f40a3..12dcd68f8a76 100644 ---- a/components/service/common/include/psa/client.h -+++ b/components/service/common/include/psa/client.h -@@ -81,6 +81,21 @@ struct __attribute__ ((__packed__)) psa_outvec { - uint32_t len; /*!< the size in bytes */ - }; - -+static void *psa_u32_to_ptr(uint32_t addr) -+{ -+ return (void *)(uintptr_t)addr; -+} -+ -+static uint32_t psa_ptr_to_u32(void *ptr) -+{ -+ return (uintptr_t)ptr; -+} -+ -+static uint32_t psa_ptr_const_to_u32(const void *ptr) -+{ -+ return (uintptr_t)ptr; -+} -+ - /*************************** PSA Client API **********************************/ - - /** -diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c -index 5e5815dbc9cf..435c6c0a2eba 100644 ---- a/components/service/common/psa_ipc/service_psa_ipc.c -+++ b/components/service/common/psa_ipc/service_psa_ipc.c -@@ -62,6 +62,11 @@ static size_t psa_call_out_vec_len(const struct psa_outvec *out_vec, size_t out_ - return resp_len; - } - -+static uint32_t psa_virt_to_phys_u32(struct rpc_caller *caller, void *va) -+{ -+ return (uintptr_t)rpc_caller_virt_to_phys(caller, va); -+} -+ - psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid, - uint32_t version) - { -@@ -147,20 +152,20 @@ psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle, - req_msg->params.psa_call_params.handle = psa_handle; - req_msg->params.psa_call_params.type = type; - req_msg->params.psa_call_params.in_len = in_len; -- req_msg->params.psa_call_params.in_vec = rpc_caller_virt_to_phys(caller, in_vec_param); -+ req_msg->params.psa_call_params.in_vec = psa_virt_to_phys_u32(caller, in_vec_param); - req_msg->params.psa_call_params.out_len = out_len; -- req_msg->params.psa_call_params.out_vec = rpc_caller_virt_to_phys(caller, out_vec_param); -+ req_msg->params.psa_call_params.out_vec = psa_virt_to_phys_u32(caller, out_vec_param); - - for (i = 0; i < in_len; i++) { -- in_vec_param[i].base = rpc_caller_virt_to_phys(caller, payload); -+ in_vec_param[i].base = psa_virt_to_phys_u32(caller, payload); - in_vec_param[i].len = in_vec[i].len; - -- memcpy(payload, in_vec[i].base, in_vec[i].len); -+ memcpy(payload, psa_u32_to_ptr(in_vec[i].base), in_vec[i].len); - payload += in_vec[i].len; - } - - for (i = 0; i < out_len; i++) { -- out_vec_param[i].base = NULL; -+ out_vec_param[i].base = 0; - out_vec_param[i].len = out_vec[i].len; - } - -@@ -182,11 +187,12 @@ psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle, - goto caller_end; - - out_vec_param = (struct psa_outvec *)rpc_caller_phys_to_virt(caller, -- resp_msg->params.out_vec); -+ psa_u32_to_ptr(resp_msg->params.out_vec)); - - for (i = 0; i < resp_msg->params.out_len; i++) { - out_vec[i].len = out_vec_param[i].len; -- memcpy(out_vec[i].base, rpc_caller_phys_to_virt(caller, out_vec_param[i].base), -+ memcpy(psa_u32_to_ptr(out_vec[i].base), -+ rpc_caller_phys_to_virt(caller, psa_u32_to_ptr(out_vec_param[i].base)), - out_vec[i].len); - } - -diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -index a1f369db253e..bda442a61d5c 100644 ---- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -@@ -22,9 +22,9 @@ static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id, - psa_handle_t psa_handle; - psa_status_t psa_status; - struct psa_invec in_vec[] = { -- { .base = &uid, .len = sizeof(uid) }, -- { .base = p_data, .len = data_length }, -- { .base = &create_flags, .len = sizeof(create_flags) }, -+ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) }, -+ { .base = psa_ptr_const_to_u32(p_data), .len = data_length }, -+ { .base = psa_ptr_to_u32(&create_flags), .len = sizeof(create_flags) }, - }; - - (void)client_id; -@@ -53,11 +53,11 @@ static psa_status_t secure_storage_ipc_get(void *context, - psa_status_t psa_status; - uint32_t offset = (uint32_t)data_offset; - struct psa_invec in_vec[] = { -- { .base = &uid, .len = sizeof(uid) }, -- { .base = &offset, .len = sizeof(offset) }, -+ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) }, -+ { .base = psa_ptr_to_u32(&offset), .len = sizeof(offset) }, - }; - struct psa_outvec out_vec[] = { -- { .base = p_data, .len = data_size }, -+ { .base = psa_ptr_to_u32(p_data), .len = data_size }, - }; - - if (!p_data_length) { -@@ -84,10 +84,10 @@ static psa_status_t secure_storage_ipc_get_info(void *context, - psa_handle_t psa_handle; - psa_status_t psa_status; - struct psa_invec in_vec[] = { -- { .base = &uid, .len = sizeof(uid) }, -+ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) }, - }; - struct psa_outvec out_vec[] = { -- { .base = p_info, .len = sizeof(*p_info) }, -+ { .base = psa_ptr_to_u32(p_info), .len = sizeof(*p_info) }, - }; - - (void)client_id; -@@ -110,7 +110,7 @@ static psa_status_t secure_storage_ipc_remove(void *context, - psa_handle_t psa_handle; - psa_status_t psa_status; - struct psa_invec in_vec[] = { -- { .base = &uid, .len = sizeof(uid) }, -+ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) }, - }; - - (void)client_id; -@@ -164,7 +164,7 @@ static uint32_t secure_storage_get_support(void *context, uint32_t client_id) - psa_status_t psa_status; - uint32_t support_flags; - struct psa_outvec out_vec[] = { -- { .base = &support_flags, .len = sizeof(support_flags) }, -+ { .base = psa_ptr_to_u32(&support_flags), .len = sizeof(support_flags) }, - }; - - (void)client_id; --- -2.38.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch deleted file mode 100644 index 2d0725cb24..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch +++ /dev/null @@ -1,323 +0,0 @@ -From b142f3c162fb1c28982d26b5ac2181ba79197a28 Mon Sep 17 00:00:00 2001 -From: Rui Miguel Silva <rui.silva@linaro.org> -Date: Tue, 7 Dec 2021 11:50:00 +0000 -Subject: [PATCH 10/20] Add psa ipc attestation to se proxy - -Implement attestation client API as psa ipc and include it to -se proxy deployment. - -Upstream-Status: Pending -Signed-off-by: Satish Kumar <satish.kumar01@arm.com> -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - .../client/psa_ipc/component.cmake | 13 +++ - .../client/psa_ipc/iat_ipc_client.c | 86 +++++++++++++++++++ - .../reporter/psa_ipc/component.cmake | 13 +++ - .../reporter/psa_ipc/psa_ipc_attest_report.c | 45 ++++++++++ - components/service/common/include/psa/sid.h | 4 + - .../se-proxy/common/service_proxy_factory.c | 6 ++ - deployments/se-proxy/se-proxy.cmake | 7 +- - ...ble-using-hard-coded-attestation-key.patch | 29 ------- - external/psa_arch_tests/psa_arch_tests.cmake | 4 - - 9 files changed, 171 insertions(+), 36 deletions(-) - create mode 100644 components/service/attestation/client/psa_ipc/component.cmake - create mode 100644 components/service/attestation/client/psa_ipc/iat_ipc_client.c - create mode 100644 components/service/attestation/reporter/psa_ipc/component.cmake - create mode 100644 components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c - delete mode 100644 external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch - -diff --git a/components/service/attestation/client/psa_ipc/component.cmake b/components/service/attestation/client/psa_ipc/component.cmake -new file mode 100644 -index 000000000000..a5bc6b4a387e ---- /dev/null -+++ b/components/service/attestation/client/psa_ipc/component.cmake -@@ -0,0 +1,13 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+if (NOT DEFINED TGT) -+ message(FATAL_ERROR "mandatory parameter TGT is not defined.") -+endif() -+ -+target_sources(${TGT} PRIVATE -+ "${CMAKE_CURRENT_LIST_DIR}/iat_ipc_client.c" -+ ) -diff --git a/components/service/attestation/client/psa_ipc/iat_ipc_client.c b/components/service/attestation/client/psa_ipc/iat_ipc_client.c -new file mode 100644 -index 000000000000..30bd0a13a385 ---- /dev/null -+++ b/components/service/attestation/client/psa_ipc/iat_ipc_client.c -@@ -0,0 +1,86 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#include <stddef.h> -+#include <string.h> -+ -+#include "../psa/iat_client.h" -+#include <protocols/rpc/common/packed-c/status.h> -+#include <psa/initial_attestation.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+ -+/** -+ * @brief The singleton psa_iat_client instance -+ * -+ * The psa attestation C API assumes a single backend service provider. -+ */ -+static struct service_client instance; -+ -+ -+psa_status_t psa_iat_client_init(struct rpc_caller *caller) -+{ -+ return service_client_init(&instance, caller); -+} -+ -+void psa_iat_client_deinit(void) -+{ -+ service_client_deinit(&instance); -+} -+ -+int psa_iat_client_rpc_status(void) -+{ -+ return instance.rpc_status; -+} -+ -+psa_status_t psa_initial_attest_get_token(const uint8_t *auth_challenge, -+ size_t challenge_size, -+ uint8_t *token_buf, -+ size_t token_buf_size, -+ size_t *token_size) -+{ -+ psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; -+ struct rpc_caller *caller = instance.caller; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_const_to_u32(auth_challenge), .len = challenge_size}, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(token_buf), .len = token_buf_size}, -+ }; -+ -+ if (!token_buf || !token_buf_size) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ status = psa_call(caller, TFM_ATTESTATION_SERVICE_HANDLE, -+ TFM_ATTEST_GET_TOKEN, in_vec, IOVEC_LEN(in_vec), -+ out_vec, IOVEC_LEN(out_vec)); -+ if (status == PSA_SUCCESS) { -+ *token_size = out_vec[0].len; -+ } -+ -+ return status; -+} -+ -+psa_status_t psa_initial_attest_get_token_size(size_t challenge_size, -+ size_t *token_size) -+{ -+ struct rpc_caller *caller = instance.caller; -+ psa_status_t status; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&challenge_size), .len = sizeof(uint32_t)} -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(token_size), .len = sizeof(uint32_t)} -+ }; -+ -+ status = psa_call(caller, TFM_ATTESTATION_SERVICE_HANDLE, -+ TFM_ATTEST_GET_TOKEN_SIZE, -+ in_vec, IOVEC_LEN(in_vec), -+ out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -diff --git a/components/service/attestation/reporter/psa_ipc/component.cmake b/components/service/attestation/reporter/psa_ipc/component.cmake -new file mode 100644 -index 000000000000..b37830c618fe ---- /dev/null -+++ b/components/service/attestation/reporter/psa_ipc/component.cmake -@@ -0,0 +1,13 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+if (NOT DEFINED TGT) -+ message(FATAL_ERROR "mandatory parameter TGT is not defined.") -+endif() -+ -+target_sources(${TGT} PRIVATE -+ "${CMAKE_CURRENT_LIST_DIR}/psa_ipc_attest_report.c" -+ ) -diff --git a/components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c b/components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c -new file mode 100644 -index 000000000000..15805e8ed4b1 ---- /dev/null -+++ b/components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c -@@ -0,0 +1,45 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+/** -+ * A attestation reporter for psa ipc -+ */ -+ -+#include <stddef.h> -+#include <psa/error.h> -+#include <service/attestation/reporter/attest_report.h> -+#include <psa/initial_attestation.h> -+ -+#define TOKEN_BUF_SIZE 1024 -+ -+static uint8_t token_buf[TOKEN_BUF_SIZE]; -+ -+int attest_report_create(int32_t client_id, const uint8_t *auth_challenge_data, -+ size_t auth_challenge_len, const uint8_t **report, -+ size_t *report_len) -+{ -+ *report = token_buf; -+ psa_status_t ret; -+ size_t token_size = 0; -+ -+ ret = psa_initial_attest_get_token(auth_challenge_data, -+ auth_challenge_len, token_buf, -+ TOKEN_BUF_SIZE, &token_size); -+ if (ret != PSA_SUCCESS) { -+ *report = NULL; -+ *report_len = 0; -+ return ret; -+ } -+ -+ *report_len = token_size; -+ -+ return PSA_SUCCESS; -+} -+ -+void attest_report_destroy(const uint8_t *report) -+{ -+ (void)report; -+} -diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h -index aaa973c6e987..833f5039425f 100644 ---- a/components/service/common/include/psa/sid.h -+++ b/components/service/common/include/psa/sid.h -@@ -50,6 +50,10 @@ extern "C" { - #define TFM_ATTESTATION_SERVICE_VERSION (1U) - #define TFM_ATTESTATION_SERVICE_HANDLE (0x40000103U) - -+/* Initial Attestation message types that distinguish Attest services. */ -+#define TFM_ATTEST_GET_TOKEN 1001 -+#define TFM_ATTEST_GET_TOKEN_SIZE 1002 -+ - /******** TFM_SP_FWU ********/ - #define TFM_FWU_WRITE_SID (0x000000A0U) - #define TFM_FWU_WRITE_VERSION (1U) -diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c -index 57290056d614..4b8cceccbe4d 100644 ---- a/deployments/se-proxy/common/service_proxy_factory.c -+++ b/deployments/se-proxy/common/service_proxy_factory.c -@@ -23,12 +23,18 @@ struct openamp_caller openamp; - struct rpc_interface *attest_proxy_create(void) - { - struct rpc_interface *attest_iface; -+ struct rpc_caller *attest_caller; - - /* Static objects for proxy instance */ - static struct attest_provider attest_provider; - -+ attest_caller = openamp_caller_init(&openamp); -+ if (!attest_caller) -+ return NULL; -+ - /* Initialize the service provider */ - attest_iface = attest_provider_init(&attest_provider); -+ psa_iat_client_init(&openamp.rpc_caller); - - attest_provider_register_serializer(&attest_provider, - TS_RPC_ENCODING_PACKED_C, packedc_attest_provider_serializer_instance()); -diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake -index cd51460406ca..3dbbc36c968d 100644 ---- a/deployments/se-proxy/se-proxy.cmake -+++ b/deployments/se-proxy/se-proxy.cmake -@@ -49,14 +49,15 @@ add_components(TARGET "se-proxy" - "components/service/attestation/include" - "components/service/attestation/provider" - "components/service/attestation/provider/serializer/packed-c" -+ "components/service/attestation/reporter/psa_ipc" -+ "components/service/attestation/client/psa_ipc" - "components/rpc/openamp/caller/sp" - - # Stub service provider backends - "components/rpc/dummy" - "components/rpc/common/caller" -- "components/service/attestation/reporter/stub" -- "components/service/attestation/key_mngr/stub" -- "components/service/crypto/backend/stub" -+ "components/service/attestation/key_mngr/local" -+ "components/service/crypto/backend/psa_ipc" - "components/service/crypto/client/psa" - "components/service/secure_storage/backend/mock_store" - ) -diff --git a/external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch b/external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch -deleted file mode 100644 -index 6664961ab662..000000000000 ---- a/external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch -+++ /dev/null -@@ -1,29 +0,0 @@ --From dbd25f94eb62a9855bf342dd97503a49ea50f83e Mon Sep 17 00:00:00 2001 --From: Gyorgy Szing <Gyorgy.Szing@arm.com> --Date: Tue, 8 Feb 2022 17:06:37 +0000 --Subject: [PATCH 1/1] Disable using hard-coded attestation key -- --Modify platform config to disable using a hard-coded attestation --key. -- --Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com> ----- -- api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h | 2 +- -- 1 file changed, 1 insertion(+), 1 deletion(-) -- --diff --git a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h --index 6112ba7..1cdf581 100755 ----- a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h --+++ b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h --@@ -60,7 +60,7 @@ typedef uint32_t cfg_id_t; -- #define CRYPTO_VERSION_BETA3 -- -- /* Use hardcoded public key */ ---#define PLATFORM_OVERRIDE_ATTEST_PK --+//#define PLATFORM_OVERRIDE_ATTEST_PK -- -- /* -- * Include of PSA defined Header files ---- --2.17.1 -- -diff --git a/external/psa_arch_tests/psa_arch_tests.cmake b/external/psa_arch_tests/psa_arch_tests.cmake -index a8b77a1fc05e..1995df3e0b49 100644 ---- a/external/psa_arch_tests/psa_arch_tests.cmake -+++ b/external/psa_arch_tests/psa_arch_tests.cmake -@@ -15,10 +15,6 @@ set(GIT_OPTIONS - GIT_REPOSITORY ${PSA_ARCH_TESTS_URL} - GIT_TAG ${PSA_ARCH_TESTS_REFSPEC} - GIT_SHALLOW FALSE -- PATCH_COMMAND git stash -- COMMAND git tag -f ts-before-am -- COMMAND git am ${CMAKE_CURRENT_LIST_DIR}/0001-Disable-using-hard-coded-attestation-key.patch -- COMMAND git reset ts-before-am - ) - - # Ensure list of defines is separated correctly --- -2.38.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch deleted file mode 100644 index 5803cc17dc..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch +++ /dev/null @@ -1,163 +0,0 @@ -From 4240977f7c38950f5edb316bb08ae05cb7b99875 Mon Sep 17 00:00:00 2001 -From: Satish Kumar <satish.kumar01@arm.com> -Date: Thu, 9 Dec 2021 14:11:06 +0000 -Subject: [PATCH 11/20] Setup its backend as openamp rpc using secure storage - ipc implementation. - -Upstream-Status: Pending -Signed-off-by: Satish Kumar <satish.kumar01@arm.com> -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - components/service/common/include/psa/sid.h | 12 +++++----- - .../secure_storage_ipc/secure_storage_ipc.c | 20 ++++++++--------- - .../secure_storage_ipc/secure_storage_ipc.h | 1 + - .../se-proxy/common/service_proxy_factory.c | 22 +++++++++++++------ - 4 files changed, 32 insertions(+), 23 deletions(-) - -diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h -index 833f5039425f..4a951d4a3502 100644 ---- a/components/service/common/include/psa/sid.h -+++ b/components/service/common/include/psa/sid.h -@@ -20,12 +20,12 @@ extern "C" { - /* Invalid UID */ - #define TFM_PS_INVALID_UID 0 - --/* PS message types that distinguish PS services. */ --#define TFM_PS_SET 1001 --#define TFM_PS_GET 1002 --#define TFM_PS_GET_INFO 1003 --#define TFM_PS_REMOVE 1004 --#define TFM_PS_GET_SUPPORT 1005 -+/* PS / ITS message types that distinguish PS services. */ -+#define TFM_PS_ITS_SET 1001 -+#define TFM_PS_ITS_GET 1002 -+#define TFM_PS_ITS_GET_INFO 1003 -+#define TFM_PS_ITS_REMOVE 1004 -+#define TFM_PS_ITS_GET_SUPPORT 1005 - - /******** TFM_SP_ITS ********/ - #define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_SID (0x00000070U) -diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -index bda442a61d5c..0e1b48c0d2e2 100644 ---- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -@@ -31,8 +31,8 @@ static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id, - - ipc->client.rpc_status = TS_RPC_CALL_ACCEPTED; - -- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -- TFM_PS_SET, in_vec, IOVEC_LEN(in_vec), NULL, 0); -+ psa_status = psa_call(caller, ipc->service_handle, TFM_PS_ITS_SET, -+ in_vec, IOVEC_LEN(in_vec), NULL, 0); - if (psa_status < 0) - EMSG("ipc_set: psa_call failed: %d", psa_status); - -@@ -65,8 +65,8 @@ static psa_status_t secure_storage_ipc_get(void *context, - return PSA_ERROR_INVALID_ARGUMENT; - } - -- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -- TFM_PS_GET, in_vec, IOVEC_LEN(in_vec), -+ psa_status = psa_call(caller, ipc->service_handle, -+ TFM_PS_ITS_GET, in_vec, IOVEC_LEN(in_vec), - out_vec, IOVEC_LEN(out_vec)); - if (psa_status == PSA_SUCCESS) - *p_data_length = out_vec[0].len; -@@ -92,8 +92,8 @@ static psa_status_t secure_storage_ipc_get_info(void *context, - - (void)client_id; - -- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -- TFM_PS_GET_INFO, in_vec, -+ psa_status = psa_call(caller, ipc->service_handle, -+ TFM_PS_ITS_GET_INFO, in_vec, - IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); - if (psa_status != PSA_SUCCESS) - EMSG("ipc_get_info: failed to psa_call: %d", psa_status); -@@ -115,8 +115,8 @@ static psa_status_t secure_storage_ipc_remove(void *context, - - (void)client_id; - -- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -- TFM_PS_REMOVE, in_vec, -+ psa_status = psa_call(caller, ipc->service_handle, -+ TFM_PS_ITS_REMOVE, in_vec, - IOVEC_LEN(in_vec), NULL, 0); - if (psa_status != PSA_SUCCESS) - EMSG("ipc_remove: failed to psa_call: %d", psa_status); -@@ -169,8 +169,8 @@ static uint32_t secure_storage_get_support(void *context, uint32_t client_id) - - (void)client_id; - -- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -- TFM_PS_GET_SUPPORT, NULL, 0, -+ psa_status = psa_call(caller, ipc->service_handle, -+ TFM_PS_ITS_GET_SUPPORT, NULL, 0, - out_vec, IOVEC_LEN(out_vec)); - if (psa_status != PSA_SUCCESS) - EMSG("ipc_get_support: failed to psa_call: %d", psa_status); -diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h -index e8c1e8fd2f92..d9949f6a9305 100644 ---- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h -+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h -@@ -21,6 +21,7 @@ struct secure_storage_ipc - { - struct storage_backend backend; - struct service_client client; -+ int32_t service_handle; - }; - - /** -diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c -index 4b8cceccbe4d..1110ac46bf8b 100644 ---- a/deployments/se-proxy/common/service_proxy_factory.c -+++ b/deployments/se-proxy/common/service_proxy_factory.c -@@ -5,6 +5,7 @@ - */ - - #include <stddef.h> -+#include <psa/sid.h> - #include <rpc/common/endpoint/rpc_interface.h> - #include <rpc/openamp/caller/sp/openamp_caller.h> - #include <service/attestation/provider/attest_provider.h> -@@ -60,23 +61,30 @@ struct rpc_interface *ps_proxy_create(void) - { - static struct secure_storage_provider ps_provider; - static struct secure_storage_ipc ps_backend; -- static struct rpc_caller *storage_caller; -+ struct rpc_caller *storage_caller; - struct storage_backend *backend; - - storage_caller = openamp_caller_init(&openamp); - if (!storage_caller) - return NULL; - backend = secure_storage_ipc_init(&ps_backend, &openamp.rpc_caller); -+ ps_backend.service_handle = TFM_PROTECTED_STORAGE_SERVICE_HANDLE; - - return secure_storage_provider_init(&ps_provider, backend); - } - - struct rpc_interface *its_proxy_create(void) - { -- static struct mock_store its_backend; -- static struct secure_storage_provider its_provider; -- -- struct storage_backend *backend = mock_store_init(&its_backend); -- -- return secure_storage_provider_init(&its_provider, backend); -+ static struct secure_storage_provider its_provider; -+ static struct secure_storage_ipc its_backend; -+ struct rpc_caller *storage_caller; -+ struct storage_backend *backend; -+ -+ storage_caller = openamp_caller_init(&openamp); -+ if (!storage_caller) -+ return NULL; -+ backend = secure_storage_ipc_init(&its_backend, &openamp.rpc_caller); -+ its_backend.service_handle = TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE; -+ -+ return secure_storage_provider_init(&its_provider, backend); - } --- -2.38.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch deleted file mode 100644 index 67ea7b8c56..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch +++ /dev/null @@ -1,2570 +0,0 @@ -From 0b5d96b1a9f927dc141047600edf2249af7022c5 Mon Sep 17 00:00:00 2001 -From: Rui Miguel Silva <rui.silva@linaro.org> -Date: Thu, 9 Dec 2021 14:17:39 +0000 -Subject: [PATCH 12/20] add psa ipc crypto backend - -Add psa ipc crypto backend and attach it to se proxy -deployment. - -Upstream-Status: Pending -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - components/service/common/include/psa/sid.h | 73 +++++ - .../crypto/backend/psa_ipc/component.cmake | 21 ++ - .../backend/psa_ipc/crypto_ipc_backend.c | 26 ++ - .../backend/psa_ipc/crypto_ipc_backend.h | 70 ++++ - .../client/caller/psa_ipc/crypto_caller.h | 34 ++ - .../caller/psa_ipc/crypto_caller_aead.h | 252 +++++++++++++++ - .../crypto_caller_asymmetric_decrypt.h | 76 +++++ - .../crypto_caller_asymmetric_encrypt.h | 76 +++++ - .../caller/psa_ipc/crypto_caller_cipher.h | 246 +++++++++++++++ - .../caller/psa_ipc/crypto_caller_copy_key.h | 57 ++++ - .../psa_ipc/crypto_caller_destroy_key.h | 51 +++ - .../caller/psa_ipc/crypto_caller_export_key.h | 59 ++++ - .../psa_ipc/crypto_caller_export_public_key.h | 59 ++++ - .../psa_ipc/crypto_caller_generate_key.h | 55 ++++ - .../psa_ipc/crypto_caller_generate_random.h | 57 ++++ - .../crypto_caller_get_key_attributes.h | 56 ++++ - .../caller/psa_ipc/crypto_caller_hash.h | 220 +++++++++++++ - .../caller/psa_ipc/crypto_caller_import_key.h | 57 ++++ - .../psa_ipc/crypto_caller_key_attributes.h | 51 +++ - .../psa_ipc/crypto_caller_key_derivation.h | 298 ++++++++++++++++++ - .../client/caller/psa_ipc/crypto_caller_mac.h | 207 ++++++++++++ - .../caller/psa_ipc/crypto_caller_purge_key.h | 51 +++ - .../caller/psa_ipc/crypto_caller_sign_hash.h | 64 ++++ - .../psa_ipc/crypto_caller_verify_hash.h | 59 ++++ - .../crypto/include/psa/crypto_client_struct.h | 8 +- - .../service/crypto/include/psa/crypto_sizes.h | 2 +- - .../se-proxy/common/service_proxy_factory.c | 15 +- - .../providers/arm/corstone1000/platform.cmake | 2 + - 28 files changed, 2292 insertions(+), 10 deletions(-) - create mode 100644 components/service/crypto/backend/psa_ipc/component.cmake - create mode 100644 components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c - create mode 100644 components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h - -diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h -index 4a951d4a3502..7a29cc253bad 100644 ---- a/components/service/common/include/psa/sid.h -+++ b/components/service/common/include/psa/sid.h -@@ -37,6 +37,79 @@ extern "C" { - #define TFM_CRYPTO_VERSION (1U) - #define TFM_CRYPTO_HANDLE (0x40000100U) - -+/** -+ * \brief Define a progressive numerical value for each SID which can be used -+ * when dispatching the requests to the service -+ */ -+enum { -+ TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID = (0u), -+ TFM_CRYPTO_RESET_KEY_ATTRIBUTES_SID, -+ TFM_CRYPTO_OPEN_KEY_SID, -+ TFM_CRYPTO_CLOSE_KEY_SID, -+ TFM_CRYPTO_IMPORT_KEY_SID, -+ TFM_CRYPTO_DESTROY_KEY_SID, -+ TFM_CRYPTO_EXPORT_KEY_SID, -+ TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID, -+ TFM_CRYPTO_PURGE_KEY_SID, -+ TFM_CRYPTO_COPY_KEY_SID, -+ TFM_CRYPTO_HASH_COMPUTE_SID, -+ TFM_CRYPTO_HASH_COMPARE_SID, -+ TFM_CRYPTO_HASH_SETUP_SID, -+ TFM_CRYPTO_HASH_UPDATE_SID, -+ TFM_CRYPTO_HASH_FINISH_SID, -+ TFM_CRYPTO_HASH_VERIFY_SID, -+ TFM_CRYPTO_HASH_ABORT_SID, -+ TFM_CRYPTO_HASH_CLONE_SID, -+ TFM_CRYPTO_MAC_COMPUTE_SID, -+ TFM_CRYPTO_MAC_VERIFY_SID, -+ TFM_CRYPTO_MAC_SIGN_SETUP_SID, -+ TFM_CRYPTO_MAC_VERIFY_SETUP_SID, -+ TFM_CRYPTO_MAC_UPDATE_SID, -+ TFM_CRYPTO_MAC_SIGN_FINISH_SID, -+ TFM_CRYPTO_MAC_VERIFY_FINISH_SID, -+ TFM_CRYPTO_MAC_ABORT_SID, -+ TFM_CRYPTO_CIPHER_ENCRYPT_SID, -+ TFM_CRYPTO_CIPHER_DECRYPT_SID, -+ TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID, -+ TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID, -+ TFM_CRYPTO_CIPHER_GENERATE_IV_SID, -+ TFM_CRYPTO_CIPHER_SET_IV_SID, -+ TFM_CRYPTO_CIPHER_UPDATE_SID, -+ TFM_CRYPTO_CIPHER_FINISH_SID, -+ TFM_CRYPTO_CIPHER_ABORT_SID, -+ TFM_CRYPTO_AEAD_ENCRYPT_SID, -+ TFM_CRYPTO_AEAD_DECRYPT_SID, -+ TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID, -+ TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID, -+ TFM_CRYPTO_AEAD_GENERATE_NONCE_SID, -+ TFM_CRYPTO_AEAD_SET_NONCE_SID, -+ TFM_CRYPTO_AEAD_SET_LENGTHS_SID, -+ TFM_CRYPTO_AEAD_UPDATE_AD_SID, -+ TFM_CRYPTO_AEAD_UPDATE_SID, -+ TFM_CRYPTO_AEAD_FINISH_SID, -+ TFM_CRYPTO_AEAD_VERIFY_SID, -+ TFM_CRYPTO_AEAD_ABORT_SID, -+ TFM_CRYPTO_SIGN_MESSAGE_SID, -+ TFM_CRYPTO_VERIFY_MESSAGE_SID, -+ TFM_CRYPTO_SIGN_HASH_SID, -+ TFM_CRYPTO_VERIFY_HASH_SID, -+ TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID, -+ TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID, -+ TFM_CRYPTO_KEY_DERIVATION_SETUP_SID, -+ TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID, -+ TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID, -+ TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID, -+ TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID, -+ TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID, -+ TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID, -+ TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID, -+ TFM_CRYPTO_KEY_DERIVATION_ABORT_SID, -+ TFM_CRYPTO_RAW_KEY_AGREEMENT_SID, -+ TFM_CRYPTO_GENERATE_RANDOM_SID, -+ TFM_CRYPTO_GENERATE_KEY_SID, -+ TFM_CRYPTO_SID_MAX, -+}; -+ - /******** TFM_SP_PLATFORM ********/ - #define TFM_SP_PLATFORM_SYSTEM_RESET_SID (0x00000040U) - #define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION (1U) -diff --git a/components/service/crypto/backend/psa_ipc/component.cmake b/components/service/crypto/backend/psa_ipc/component.cmake -new file mode 100644 -index 000000000000..93c297a83ac6 ---- /dev/null -+++ b/components/service/crypto/backend/psa_ipc/component.cmake -@@ -0,0 +1,21 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+if (NOT DEFINED TGT) -+ message(FATAL_ERROR "mandatory parameter TGT is not defined.") -+endif() -+ -+target_sources(${TGT} PRIVATE -+ "${CMAKE_CURRENT_LIST_DIR}/crypto_ipc_backend.c" -+ ) -+ -+# The ipc crypto backend uses the psa crypto client to realize the -+# psa crypto API that the crypto provider depends on. This define -+# configures the psa crypto client to be built with the ipc crypto -+# caller. -+target_compile_definitions(${TGT} PRIVATE -+ PSA_CRYPTO_CLIENT_CALLER_SELECTION_H="service/crypto/client/caller/psa_ipc/crypto_caller.h" -+) -diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c -new file mode 100644 -index 000000000000..e47cd4ffb4ce ---- /dev/null -+++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c -@@ -0,0 +1,26 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#include <stddef.h> -+#include <psa/crypto.h> -+#include <service/crypto/client/psa/psa_crypto_client.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include "crypto_ipc_backend.h" -+ -+psa_status_t crypto_ipc_backend_init(struct rpc_caller *caller) -+{ -+ psa_status_t status = psa_crypto_client_init(caller); -+ -+ if (status == PSA_SUCCESS) -+ status = psa_crypto_init(); -+ -+ return status; -+} -+ -+void crypto_ipc_backend_deinit(void) -+{ -+ psa_crypto_client_deinit(); -+} -diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h -new file mode 100644 -index 000000000000..c13c20e84131 ---- /dev/null -+++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h -@@ -0,0 +1,70 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef CRYPTO_IPC_BACKEND_H -+#define CRYPTO_IPC_BACKEND_H -+ -+#include <service/crypto/client/psa/psa_crypto_client.h> -+#include <psa/error.h> -+#include <rpc_caller.h> -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+/** -+ * \brief This type is used to overcome a limitation in the number of maximum -+ * IOVECs that can be used especially in psa_aead_encrypt and -+ * psa_aead_decrypt. To be removed in case the AEAD APIs number of -+ * parameters passed gets restructured -+ */ -+#define TFM_CRYPTO_MAX_NONCE_LENGTH (16u) -+struct psa_ipc_crypto_aead_pack_input { -+ uint8_t nonce[TFM_CRYPTO_MAX_NONCE_LENGTH]; -+ uint32_t nonce_length; -+}; -+ -+struct psa_ipc_crypto_pack_iovec { -+ uint32_t sfn_id; /*!< Secure function ID used to dispatch the -+ * request -+ */ -+ uint16_t step; /*!< Key derivation step */ -+ psa_key_id_t key_id; /*!< Key id */ -+ psa_algorithm_t alg; /*!< Algorithm */ -+ uint32_t op_handle; /*!< Frontend context handle associated to a -+ * multipart operation -+ */ -+ uint32_t capacity; /*!< Key derivation capacity */ -+ -+ struct psa_ipc_crypto_aead_pack_input aead_in; /*!< FixMe: Temporarily used for -+ * AEAD until the API is -+ * restructured -+ */ -+}; -+ -+#define iov_size sizeof(struct psa_ipc_crypto_pack_iovec) -+ -+/** -+ * \brief Initialize the psa ipc crypto backend -+ * -+ * Initializes a crypto backend that uses the psa API client with a -+ * psa_ipc_backend caller to realize the PSA crypto API used by the crypto -+ * service proviser. -+ * -+ * \return PSA_SUCCESS if backend initialized successfully -+ */ -+psa_status_t crypto_ipc_backend_init(struct rpc_caller *caller); -+ -+/** -+ * \brief Clean-up to free any resource used by the crypto backend -+ */ -+void crypto_ipc_backend_deinit(void); -+ -+#ifdef __cplusplus -+} /* extern "C" */ -+#endif -+ -+#endif /* CRYPTO_IPC_BACKEND_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller.h -new file mode 100644 -index 000000000000..0a972187062f ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller.h -@@ -0,0 +1,34 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_H -+#define PSA_IPC_CRYPTO_CALLER_H -+ -+/** -+ * Includes all header files that form the psa ipc crypto caller -+ * interface. May be used by a client that needs to call operations -+ * provided by a crypto service instance using the psa ipc interface. -+ */ -+#include "crypto_caller_aead.h" -+#include "crypto_caller_asymmetric_decrypt.h" -+#include "crypto_caller_asymmetric_encrypt.h" -+#include "crypto_caller_cipher.h" -+#include "crypto_caller_copy_key.h" -+#include "crypto_caller_destroy_key.h" -+#include "crypto_caller_export_key.h" -+#include "crypto_caller_export_public_key.h" -+#include "crypto_caller_generate_key.h" -+#include "crypto_caller_generate_random.h" -+#include "crypto_caller_get_key_attributes.h" -+#include "crypto_caller_hash.h" -+#include "crypto_caller_import_key.h" -+#include "crypto_caller_key_derivation.h" -+#include "crypto_caller_mac.h" -+#include "crypto_caller_purge_key.h" -+#include "crypto_caller_sign_hash.h" -+#include "crypto_caller_verify_hash.h" -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h -new file mode 100644 -index 000000000000..78517fe32ca9 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h -@@ -0,0 +1,252 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_AEAD_H -+#define PSA_IPC_CRYPTO_CALLER_AEAD_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_aead_encrypt( -+ struct service_client *context, -+ psa_key_id_t key, -+ psa_algorithm_t alg, -+ const uint8_t *nonce, -+ size_t nonce_length, -+ const uint8_t *additional_data, -+ size_t additional_data_length, -+ const uint8_t *plaintext, -+ size_t plaintext_length, -+ uint8_t *aeadtext, -+ size_t aeadtext_size, -+ size_t *aeadtext_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ size_t in_len; -+ int i; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SID, -+ .key_id = key, -+ .alg = alg, -+ .aead_in = { .nonce = {0}, .nonce_length = nonce_length }, -+ }; -+ -+ if (!additional_data && additional_data_length) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(plaintext), -+ .len = plaintext_length }, -+ { .base = psa_ptr_const_to_u32(additional_data), -+ .len = additional_data_length}, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(aeadtext), .len = aeadtext_size }, -+ }; -+ -+ if (nonce_length > TFM_CRYPTO_MAX_NONCE_LENGTH) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ if (nonce) { -+ for (i = 0; i < nonce_length; i++) -+ iov.aead_in.nonce[i] = nonce[i]; -+ } -+ -+ in_len = IOVEC_LEN(in_vec); -+ -+ if (!additional_data) -+ in_len--; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ in_len, out_vec, IOVEC_LEN(out_vec)); -+ -+ *aeadtext_length = out_vec[0].len; -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_aead_decrypt( -+ struct service_client *context, -+ psa_key_id_t key, -+ psa_algorithm_t alg, -+ const uint8_t *nonce, -+ size_t nonce_length, -+ const uint8_t *additional_data, -+ size_t additional_data_length, -+ const uint8_t *aeadtext, -+ size_t aeadtext_length, -+ uint8_t *plaintext, -+ size_t plaintext_size, -+ size_t *plaintext_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ size_t in_len; -+ int i; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SID, -+ .key_id = key, -+ .alg = alg, -+ .aead_in = { .nonce = {0}, .nonce_length = nonce_length }, -+ }; -+ -+ if (!additional_data && additional_data_length) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(aeadtext), -+ .len = aeadtext_length }, -+ { .base = psa_ptr_const_to_u32(additional_data), -+ .len = additional_data_length}, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(plaintext), .len = plaintext_size }, -+ }; -+ -+ if (nonce_length > TFM_CRYPTO_MAX_NONCE_LENGTH) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ if (nonce) { -+ for (i = 0; i < nonce_length; i++) -+ iov.aead_in.nonce[i] = nonce[i]; -+ } -+ -+ in_len = IOVEC_LEN(in_vec); -+ -+ if (!additional_data) -+ in_len--; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ in_len, out_vec, IOVEC_LEN(out_vec)); -+ -+ *plaintext_length = out_vec[0].len; -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_aead_encrypt_setup( -+ struct service_client *context, -+ uint32_t *op_handle, -+ psa_key_id_t key, -+ psa_algorithm_t alg) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_decrypt_setup( -+ struct service_client *context, -+ uint32_t *op_handle, -+ psa_key_id_t key, -+ psa_algorithm_t alg) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_generate_nonce( -+ struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *nonce, -+ size_t nonce_size, -+ size_t *nonce_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_set_nonce( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *nonce, -+ size_t nonce_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_set_lengths( -+ struct service_client *context, -+ uint32_t op_handle, -+ size_t ad_length, -+ size_t plaintext_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_update_ad( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *input, -+ size_t input_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_update( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *input, -+ size_t input_length, -+ uint8_t *output, -+ size_t output_size, -+ size_t *output_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_finish( -+ struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *aeadtext, -+ size_t aeadtext_size, -+ size_t *aeadtext_length, -+ uint8_t *tag, -+ size_t tag_size, -+ size_t *tag_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_verify( -+ struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *plaintext, -+ size_t plaintext_size, -+ size_t *plaintext_length, -+ const uint8_t *tag, -+ size_t tag_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_abort( -+ struct service_client *context, -+ uint32_t op_handle) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_AEAD_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h -new file mode 100644 -index 000000000000..ff01815c09e9 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h -@@ -0,0 +1,76 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_DECRYPT_H -+#define PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_DECRYPT_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_asymmetric_decrypt( -+ struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *input, size_t input_length, -+ const uint8_t *salt, size_t salt_length, -+ uint8_t *output, size_t output_size, -+ size_t *output_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ size_t in_len; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID, -+ .key_id = id, -+ .alg = alg, -+ }; -+ -+ /* Sanitize optional input */ -+ if (!salt && salt_length) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(input), .len = input_length }, -+ { .base = psa_ptr_const_to_u32(salt), .len = salt_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(output), .len = output_size }, -+ }; -+ -+ -+ in_len = IOVEC_LEN(in_vec); -+ if (!salt) -+ in_len--; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ in_len, out_vec, IOVEC_LEN(out_vec)); -+ -+ *output_length = out_vec[0].len; -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_DECRYPT_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h -new file mode 100644 -index 000000000000..1daf1689c076 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h -@@ -0,0 +1,76 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_ENCRYPT_H -+#define PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_ENCRYPT_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_asymmetric_encrypt( -+ struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *input, size_t input_length, -+ const uint8_t *salt, size_t salt_length, -+ uint8_t *output, size_t output_size, -+ size_t *output_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ size_t in_len; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID, -+ .key_id = id, -+ .alg = alg, -+ }; -+ -+ /* Sanitize optional input */ -+ if (!salt && salt_length) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(input), .len = input_length }, -+ { .base = psa_ptr_const_to_u32(salt), .len = salt_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(output), .len = output_size }, -+ }; -+ -+ -+ in_len = IOVEC_LEN(in_vec); -+ if (!salt) -+ in_len--; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ in_len, out_vec, IOVEC_LEN(out_vec)); -+ -+ *output_length = out_vec[0].len; -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_ENCRYPT_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h -new file mode 100644 -index 000000000000..fbefb28d813a ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h -@@ -0,0 +1,246 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_CIPHER_H -+#define PSA_IPC_CRYPTO_CALLER_CIPHER_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_cipher_encrypt_setup( -+ struct service_client *context, -+ uint32_t *op_handle, -+ psa_key_id_t key, -+ psa_algorithm_t alg) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID, -+ .key_id = key, -+ .alg = alg, -+ .op_handle = *op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_cipher_decrypt_setup( -+ struct service_client *context, -+ uint32_t *op_handle, -+ psa_key_id_t key, -+ psa_algorithm_t alg) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID, -+ .key_id = key, -+ .alg = alg, -+ .op_handle = *op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_cipher_generate_iv( -+ struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *iv, -+ size_t iv_size, -+ size_t *iv_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_CIPHER_GENERATE_IV_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ { .base = psa_ptr_to_u32(iv), .len = iv_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *iv_length = out_vec[1].len; -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_cipher_set_iv( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *iv, -+ size_t iv_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_CIPHER_SET_IV_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(iv), .len = iv_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_cipher_update( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *input, -+ size_t input_length, -+ uint8_t *output, -+ size_t output_size, -+ size_t *output_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_CIPHER_UPDATE_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(input), .len = input_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ { .base = psa_ptr_to_u32(output), .len = output_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *output_length = out_vec[1].len; -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_cipher_finish( -+ struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *output, -+ size_t output_size, -+ size_t *output_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_CIPHER_FINISH_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ { .base = psa_ptr_to_u32(output), .len = output_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *output_length = out_vec[1].len; -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_cipher_abort( -+ struct service_client *context, -+ uint32_t op_handle) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_CIPHER_ABORT_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline size_t crypto_caller_cipher_max_update_size(const struct service_client *context) -+{ -+ /* Returns the maximum number of bytes that may be -+ * carried as a parameter of the cipher_update operation -+ * using the ipc encoding. -+ */ -+ size_t payload_space = context->service_info.max_payload; -+ size_t overhead = iov_size; -+ -+ /* Allow for output to be a whole number of blocks */ -+ overhead += PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE; -+ -+ return (payload_space > overhead) ? payload_space - overhead : 0; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_CIPHER_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h -new file mode 100644 -index 000000000000..9a988171b098 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h -@@ -0,0 +1,57 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_COPY_KEY_H -+#define PSA_IPC_CRYPTO_CALLER_COPY_KEY_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_copy_key(struct service_client *context, -+ psa_key_id_t source_key, -+ const psa_key_attributes_t *attributes, -+ psa_key_id_t *target_key) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_COPY_KEY_SID, -+ .key_id = source_key, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ { .base = psa_ptr_const_to_u32(attributes), .len = sizeof(psa_key_attributes_t) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(target_key), .len = sizeof(psa_key_id_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_COPY_KEY_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h -new file mode 100644 -index 000000000000..d00f4faa7a52 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h -@@ -0,0 +1,51 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_DESTROY_KEY_H -+#define PSA_IPC_CRYPTO_CALLER_DESTROY_KEY_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_destroy_key(struct service_client *context, -+ psa_key_id_t id) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_DESTROY_KEY_SID, -+ .key_id = id, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), NULL, 0); -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_DESTROY_KEY_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h -new file mode 100644 -index 000000000000..8ac5477f7b9a ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h -@@ -0,0 +1,59 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_EXPORT_KEY_H -+#define PSA_IPC_CRYPTO_CALLER_EXPORT_KEY_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_export_key(struct service_client *context, -+ psa_key_id_t id, -+ uint8_t *data, -+ size_t data_size, -+ size_t *data_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_EXPORT_KEY_SID, -+ .key_id = id, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(data), .len = data_size } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *data_length = out_vec[0].len; -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_EXPORT_KEY_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h -new file mode 100644 -index 000000000000..b24c47f1257e ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h -@@ -0,0 +1,59 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_EXPORT_PUBLIC_KEY_H -+#define PSA_IPC_CRYPTO_CALLER_EXPORT_PUBLIC_KEY_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_export_public_key(struct service_client *context, -+ psa_key_id_t id, -+ uint8_t *data, -+ size_t data_size, -+ size_t *data_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID, -+ .key_id = id, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(data), .len = data_size } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *data_length = out_vec[0].len; -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_EXPORT_PUBLIC_KEY_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h -new file mode 100644 -index 000000000000..1b66ed4020de ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h -@@ -0,0 +1,55 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_GENERATE_KEY_H -+#define PSA_IPC_CRYPTO_CALLER_GENERATE_KEY_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_generate_key(struct service_client *context, -+ const psa_key_attributes_t *attributes, -+ psa_key_id_t *id) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_GENERATE_KEY_SID, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ { .base = psa_ptr_const_to_u32(attributes), .len = sizeof(psa_key_attributes_t) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(id), .len = sizeof(psa_key_id_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_GENERATE_KEY_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h -new file mode 100644 -index 000000000000..7c538237805a ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h -@@ -0,0 +1,57 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_GENERATE_RANDOM_H -+#define PSA_IPC_CRYPTO_CALLER_GENERATE_RANDOM_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_generate_random(struct service_client *context, -+ uint8_t *output, -+ size_t output_size) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_GENERATE_RANDOM_SID, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(output), .len = output_size } -+ }; -+ -+ if (!output_size) -+ return PSA_SUCCESS; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_GENERATE_RANDOM_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h -new file mode 100644 -index 000000000000..22f1d18f1476 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h -@@ -0,0 +1,56 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_GET_KEY_ATTRIBUTES_H -+#define PSA_IPC_CRYPTO_CALLER_GET_KEY_ATTRIBUTES_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_get_key_attributes( -+ struct service_client *context, -+ psa_key_id_t key, -+ psa_key_attributes_t *attributes) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID, -+ .key_id = key, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(attributes), .len = sizeof(psa_key_attributes_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_GET_KEY_ATTRIBUTES_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h -new file mode 100644 -index 000000000000..9f37908a2f25 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h -@@ -0,0 +1,220 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_HASH_H -+#define PSA_IPC_CRYPTO_CALLER_HASH_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_hash_setup( -+ struct service_client *context, -+ uint32_t *op_handle, -+ psa_algorithm_t alg) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_HASH_SETUP_SID, -+ .alg = alg, -+ .op_handle = *op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_hash_update( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *input, -+ size_t input_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_HASH_UPDATE_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(input), .len = input_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_hash_finish( -+ struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *hash, -+ size_t hash_size, -+ size_t *hash_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_HASH_FINISH_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ { .base = psa_ptr_to_u32(hash), .len = hash_size}, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *hash_length = out_vec[1].len; -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_hash_abort( -+ struct service_client *context, -+ uint32_t op_handle) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_HASH_ABORT_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_hash_verify( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *hash, -+ size_t hash_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_HASH_VERIFY_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(hash), .len = hash_length}, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_hash_clone( -+ struct service_client *context, -+ uint32_t source_op_handle, -+ uint32_t *target_op_handle) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_HASH_CLONE_SID, -+ .op_handle = source_op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(target_op_handle), -+ .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_hash_suspend(struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *hash_state, -+ size_t hash_state_size, -+ size_t *hash_state_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_hash_resume(struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *hash_state, -+ size_t hash_state_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline size_t crypto_caller_hash_max_update_size(const struct service_client *context) -+{ -+ /* Returns the maximum number of bytes that may be -+ * carried as a parameter of the hash_update operation -+ * using the packed-c encoding. -+ */ -+ size_t payload_space = context->service_info.max_payload; -+ size_t overhead = iov_size; -+ -+ return (payload_space > overhead) ? payload_space - overhead : 0; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_HASH_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h -new file mode 100644 -index 000000000000..d47033662790 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h -@@ -0,0 +1,57 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_IMPORT_KEY_H -+#define PSA_IPC_CRYPTO_CALLER_IMPORT_KEY_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_import_key(struct service_client *context, -+ const psa_key_attributes_t *attributes, -+ const uint8_t *data, size_t data_length, -+ psa_key_id_t *id) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_IMPORT_KEY_SID, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ { .base = psa_ptr_const_to_u32(attributes), .len = sizeof(psa_key_attributes_t) }, -+ { .base = psa_ptr_const_to_u32(data), .len = data_length } -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(id), .len = sizeof(psa_key_id_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PACKEDC_CRYPTO_CALLER_IMPORT_KEY_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h -new file mode 100644 -index 000000000000..2fad2f0a64e6 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h -@@ -0,0 +1,51 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PACKEDC_CRYPTO_CALLER_KEY_ATTRIBUTES_H -+#define PACKEDC_CRYPTO_CALLER_KEY_ATTRIBUTES_H -+ -+#include <psa/crypto.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline void packedc_crypto_caller_translate_key_attributes_to_proto( -+ struct ts_crypto_key_attributes *proto_attributes, -+ const psa_key_attributes_t *psa_attributes) -+{ -+ proto_attributes->type = psa_get_key_type(psa_attributes); -+ proto_attributes->key_bits = psa_get_key_bits(psa_attributes); -+ proto_attributes->lifetime = psa_get_key_lifetime(psa_attributes); -+ proto_attributes->id = psa_get_key_id(psa_attributes); -+ -+ proto_attributes->policy.usage = psa_get_key_usage_flags(psa_attributes); -+ proto_attributes->policy.alg = psa_get_key_algorithm(psa_attributes); -+ } -+ -+static inline void packedc_crypto_caller_translate_key_attributes_from_proto( -+ psa_key_attributes_t *psa_attributes, -+ const struct ts_crypto_key_attributes *proto_attributes) -+{ -+ psa_set_key_type(psa_attributes, proto_attributes->type); -+ psa_set_key_bits(psa_attributes, proto_attributes->key_bits); -+ psa_set_key_lifetime(psa_attributes, proto_attributes->lifetime); -+ -+ if (proto_attributes->lifetime == PSA_KEY_LIFETIME_PERSISTENT) { -+ -+ psa_set_key_id(psa_attributes, proto_attributes->id); -+ } -+ -+ psa_set_key_usage_flags(psa_attributes, proto_attributes->policy.usage); -+ psa_set_key_algorithm(psa_attributes, proto_attributes->policy.alg); -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PACKEDC_CRYPTO_CALLER_KEY_ATTRIBUTES_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h -new file mode 100644 -index 000000000000..5ce4fb6cca82 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h -@@ -0,0 +1,298 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_KEY_DERIVATION_H -+#define PSA_IPC_CRYPTO_CALLER_KEY_DERIVATION_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_key_derivation_setup( -+ struct service_client *context, -+ uint32_t *op_handle, -+ psa_algorithm_t alg) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_SETUP_SID, -+ .alg = alg, -+ .op_handle = *op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_key_derivation_get_capacity( -+ struct service_client *context, -+ const uint32_t op_handle, -+ size_t *capacity) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(capacity), .len = sizeof(uint32_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_key_derivation_set_capacity( -+ struct service_client *context, -+ uint32_t op_handle, -+ size_t capacity) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID, -+ .capacity = capacity, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), NULL, 0); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_key_derivation_input_bytes( -+ struct service_client *context, -+ uint32_t op_handle, -+ psa_key_derivation_step_t step, -+ const uint8_t *data, -+ size_t data_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID, -+ .step = step, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(data), .len = data_length }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), NULL, 0); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_key_derivation_input_key( -+ struct service_client *context, -+ uint32_t op_handle, -+ psa_key_derivation_step_t step, -+ psa_key_id_t key) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID, -+ .key_id = key, -+ .step = step, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), NULL, 0); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_key_derivation_output_bytes( -+ struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *output, -+ size_t output_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(output), .len = output_length }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_key_derivation_output_key( -+ struct service_client *context, -+ const psa_key_attributes_t *attributes, -+ uint32_t op_handle, -+ psa_key_id_t *key) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(attributes), -+ .len = sizeof(psa_key_attributes_t) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(key), .len = sizeof(psa_key_id_t)}, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_key_derivation_abort( -+ struct service_client *context, -+ uint32_t op_handle) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_ABORT_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_key_derivation_key_agreement( -+ struct service_client *context, -+ uint32_t op_handle, -+ psa_key_derivation_step_t step, -+ psa_key_id_t private_key, -+ const uint8_t *peer_key, -+ size_t peer_key_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID, -+ .key_id = private_key, -+ .step = step, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(peer_key), -+ .len = peer_key_length}, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), NULL, 0); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_raw_key_agreement( -+ struct service_client *context, -+ psa_algorithm_t alg, -+ psa_key_id_t private_key, -+ const uint8_t *peer_key, -+ size_t peer_key_length, -+ uint8_t *output, -+ size_t output_size, -+ size_t *output_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_RAW_KEY_AGREEMENT_SID, -+ .alg = alg, -+ .key_id = private_key, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(peer_key), -+ .len = peer_key_length}, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(output), .len = output_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *output_length = out_vec[0].len; -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_KEY_DERIVATION_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h -new file mode 100644 -index 000000000000..3a820192495a ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h -@@ -0,0 +1,207 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_MAC_H -+#define PSA_IPC_CRYPTO_CALLER_MAC_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_mac_sign_setup( -+ struct service_client *context, -+ uint32_t *op_handle, -+ psa_key_id_t key, -+ psa_algorithm_t alg) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_MAC_SIGN_SETUP_SID, -+ .key_id = key, -+ .alg = alg, -+ .op_handle = *op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_mac_verify_setup( -+ struct service_client *context, -+ uint32_t *op_handle, -+ psa_key_id_t key, -+ psa_algorithm_t alg) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_MAC_VERIFY_SETUP_SID, -+ .key_id = key, -+ .alg = alg, -+ .op_handle = *op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_mac_update( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *input, -+ size_t input_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_MAC_UPDATE_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(input), .len = input_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_mac_sign_finish( -+ struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *mac, -+ size_t mac_size, -+ size_t *mac_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_MAC_SIGN_FINISH_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ { .base = psa_ptr_to_u32(mac), .len = mac_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *mac_length = out_vec[1].len; -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_mac_verify_finish( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *mac, -+ size_t mac_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_MAC_VERIFY_FINISH_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(mac), .len = mac_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_mac_abort( -+ struct service_client *context, -+ uint32_t op_handle) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_MAC_ABORT_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline size_t crypto_caller_mac_max_update_size(const struct service_client *context) -+{ -+ /* Returns the maximum number of bytes that may be -+ * carried as a parameter of the mac_update operation -+ * using the packed-c encoding. -+ */ -+ size_t payload_space = context->service_info.max_payload; -+ size_t overhead = iov_size; -+ -+ return (payload_space > overhead) ? payload_space - overhead : 0; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_MAC_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h -new file mode 100644 -index 000000000000..a3a796e2166c ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h -@@ -0,0 +1,51 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PACKEDC_CRYPTO_CALLER_PURGE_KEY_H -+#define PACKEDC_CRYPTO_CALLER_PURGE_KEY_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_purge_key(struct service_client *context, -+ psa_key_id_t id) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_PURGE_KEY_SID, -+ .key_id = id, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), NULL, 0); -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PACKEDC_CRYPTO_CALLER_PURGE_KEY_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h -new file mode 100644 -index 000000000000..71d88cededf5 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h -@@ -0,0 +1,64 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_SIGN_HASH_H -+#define PSA_IPC_CRYPTO_CALLER_SIGN_HASH_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_sign_hash(struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *hash, -+ size_t hash_length, -+ uint8_t *signature, -+ size_t signature_size, -+ size_t *signature_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_SIGN_HASH_SID, -+ .key_id = id, -+ .alg = alg, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(hash), .len = hash_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(signature), .len = signature_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *signature_length = out_vec[0].len; -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_SIGN_HASH_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h -new file mode 100644 -index 000000000000..e16f6e5450af ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h -@@ -0,0 +1,59 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_VERIFY_HASH_H -+#define PSA_IPC_CRYPTO_CALLER_VERIFY_HASH_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_verify_hash(struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *hash, -+ size_t hash_length, -+ const uint8_t *signature, -+ size_t signature_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_VERIFY_HASH_SID, -+ .key_id = id, -+ .alg = alg, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ { .base = psa_ptr_const_to_u32(hash), .len = hash_length }, -+ { .base = psa_ptr_const_to_u32(signature), .len = signature_length}, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), NULL, 0); -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_VERIFY_HASH_H */ -diff --git a/components/service/crypto/include/psa/crypto_client_struct.h b/components/service/crypto/include/psa/crypto_client_struct.h -index abd420c82607..bf95c9821e55 100644 ---- a/components/service/crypto/include/psa/crypto_client_struct.h -+++ b/components/service/crypto/include/psa/crypto_client_struct.h -@@ -31,12 +31,12 @@ extern "C" { - * data structure internally. */ - struct psa_client_key_attributes_s - { -+ uint16_t type; -+ uint16_t bits; - uint32_t lifetime; -- uint32_t id; -- uint32_t alg; -+ psa_key_id_t id; - uint32_t usage; -- size_t bits; -- uint16_t type; -+ uint32_t alg; - }; - - #define PSA_CLIENT_KEY_ATTRIBUTES_INIT {0, 0, 0, 0, 0, 0} -diff --git a/components/service/crypto/include/psa/crypto_sizes.h b/components/service/crypto/include/psa/crypto_sizes.h -index 7a0149bbca62..4d7bf6e959b0 100644 ---- a/components/service/crypto/include/psa/crypto_sizes.h -+++ b/components/service/crypto/include/psa/crypto_sizes.h -@@ -81,7 +81,7 @@ - #define PSA_HASH_MAX_SIZE 64 - #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128 - #else --#define PSA_HASH_MAX_SIZE 32 -+#define PSA_HASH_MAX_SIZE 64 - #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64 - #endif - -diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c -index 1110ac46bf8b..7edeef8b434a 100644 ---- a/deployments/se-proxy/common/service_proxy_factory.c -+++ b/deployments/se-proxy/common/service_proxy_factory.c -@@ -15,7 +15,7 @@ - #include <trace.h> - - /* Stub backends */ --#include <service/crypto/backend/stub/stub_crypto_backend.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> - #include <service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h> - #include <service/secure_storage/backend/mock_store/mock_store.h> - -@@ -47,12 +47,17 @@ struct rpc_interface *crypto_proxy_create(void) - { - struct rpc_interface *crypto_iface = NULL; - struct crypto_provider *crypto_provider; -+ struct rpc_caller *crypto_caller; - -- if (stub_crypto_backend_init() == PSA_SUCCESS) { -+ crypto_caller = openamp_caller_init(&openamp); -+ if (!crypto_caller) -+ return NULL; -+ -+ if (crypto_ipc_backend_init(&openamp.rpc_caller) != PSA_SUCCESS) -+ return NULL; - -- crypto_provider = crypto_provider_factory_create(); -- crypto_iface = service_provider_get_rpc_interface(&crypto_provider->base_provider); -- } -+ crypto_provider = crypto_provider_factory_create(); -+ crypto_iface = service_provider_get_rpc_interface(&crypto_provider->base_provider); - - return crypto_iface; - } -diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake -index bb778bb9719b..51e5faa3e4d8 100644 ---- a/platform/providers/arm/corstone1000/platform.cmake -+++ b/platform/providers/arm/corstone1000/platform.cmake -@@ -8,3 +8,5 @@ - - # include MHU driver - include(${TS_ROOT}/platform/drivers/arm/mhu_driver/component.cmake) -+ -+add_compile_definitions(MBEDTLS_ECP_DP_SECP521R1_ENABLED) --- -2.38.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch deleted file mode 100644 index 22b1da6906..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 229ec29154a4404426ad3083af68ca111a214e13 Mon Sep 17 00:00:00 2001 -From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> -Date: Thu, 16 Dec 2021 21:31:40 +0000 -Subject: [PATCH 14/20] Configure storage size - -Upstream-Status: Pending -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - .../service/smm_variable/backend/uefi_variable_store.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c -index 611e2e225c6b..6c3b9ed81c25 100644 ---- a/components/service/smm_variable/backend/uefi_variable_store.c -+++ b/components/service/smm_variable/backend/uefi_variable_store.c -@@ -88,6 +88,7 @@ static efi_status_t check_name_terminator( - * may be overridden using uefi_variable_store_set_storage_limits() - */ - #define DEFAULT_MAX_VARIABLE_SIZE (2048) -+#define CONFIGURE_STORAGE_SIZE (50) - - efi_status_t uefi_variable_store_init( - struct uefi_variable_store *context, -@@ -101,13 +102,13 @@ efi_status_t uefi_variable_store_init( - /* Initialise persistent store defaults */ - context->persistent_store.is_nv = true; - context->persistent_store.max_variable_size = DEFAULT_MAX_VARIABLE_SIZE; -- context->persistent_store.total_capacity = DEFAULT_MAX_VARIABLE_SIZE * max_variables; -+ context->persistent_store.total_capacity = CONFIGURE_STORAGE_SIZE * max_variables; - context->persistent_store.storage_backend = persistent_store; - - /* Initialise volatile store defaults */ - context->volatile_store.is_nv = false; - context->volatile_store.max_variable_size = DEFAULT_MAX_VARIABLE_SIZE; -- context->volatile_store.total_capacity = DEFAULT_MAX_VARIABLE_SIZE * max_variables; -+ context->volatile_store.total_capacity = CONFIGURE_STORAGE_SIZE * max_variables; - context->volatile_store.storage_backend = volatile_store; - - context->owner_id = owner_id; --- -2.38.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch deleted file mode 100644 index 426f2ca5c4..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch +++ /dev/null @@ -1,31 +0,0 @@ -From cf83184500703f9b4f2ac04be59cc7d624d8fd66 Mon Sep 17 00:00:00 2001 -From: Satish Kumar <satish.kumar01@arm.com> -Date: Sun, 13 Feb 2022 09:01:10 +0000 -Subject: [PATCH 15/20] Fix: Crypto interface structure aligned with tf-m - change. - -NO NEED TO RAISE PR: The PR for this FIX is raied by Emek. - -Upstream-Status: Pending -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h -index c13c20e84131..ec25eaf868c7 100644 ---- a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h -+++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h -@@ -38,7 +38,8 @@ struct psa_ipc_crypto_pack_iovec { - * multipart operation - */ - uint32_t capacity; /*!< Key derivation capacity */ -- -+ uint32_t ad_length; /*!< Additional Data length for multipart AEAD */ -+ uint32_t plaintext_length; /*!< Plaintext length for multipart AEAD */ - struct psa_ipc_crypto_aead_pack_input aead_in; /*!< FixMe: Temporarily used for - * AEAD until the API is - * restructured --- -2.38.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch deleted file mode 100644 index a59d140023..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch +++ /dev/null @@ -1,494 +0,0 @@ -From 551d8722769fa2f2d2ac74adcb289333a9b03598 Mon Sep 17 00:00:00 2001 -From: Satish Kumar <satish.kumar01@arm.com> -Date: Sun, 13 Feb 2022 09:49:51 +0000 -Subject: [PATCH 16/20] Integrate remaining psa-ipc client APIs. - -Upstream-Status: Pending -Signed-off-by: Satish Kumar <satish.kumar01@arm.com> -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - .../caller/psa_ipc/crypto_caller_aead.h | 297 +++++++++++++++++- - .../caller/psa_ipc/crypto_caller_sign_hash.h | 35 +++ - .../psa_ipc/crypto_caller_verify_hash.h | 33 +- - 3 files changed, 352 insertions(+), 13 deletions(-) - -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h -index 78517fe32ca9..f6aadd8b9098 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h -@@ -152,7 +152,27 @@ static inline psa_status_t crypto_caller_aead_encrypt_setup( - psa_key_id_t key, - psa_algorithm_t alg) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID, -+ .key_id = key, -+ .alg = alg, -+ .op_handle = (*op_handle), -+ }; -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)} -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t)} -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; - } - - static inline psa_status_t crypto_caller_aead_decrypt_setup( -@@ -161,7 +181,26 @@ static inline psa_status_t crypto_caller_aead_decrypt_setup( - psa_key_id_t key, - psa_algorithm_t alg) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID, -+ .key_id = key, -+ .alg = alg, -+ .op_handle = (*op_handle), -+ }; -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)} -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t)} -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ return status; - } - - static inline psa_status_t crypto_caller_aead_generate_nonce( -@@ -171,7 +210,27 @@ static inline psa_status_t crypto_caller_aead_generate_nonce( - size_t nonce_size, - size_t *nonce_length) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID, -+ .op_handle = op_handle, -+ }; -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}, -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}, -+ {.base = psa_ptr_to_u32(nonce), .len = nonce_size} -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *nonce_length = out_vec[1].len; -+ return status; - } - - static inline psa_status_t crypto_caller_aead_set_nonce( -@@ -180,7 +239,25 @@ static inline psa_status_t crypto_caller_aead_set_nonce( - const uint8_t *nonce, - size_t nonce_length) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_SET_NONCE_SID, -+ .op_handle = op_handle, -+ }; -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}, -+ {.base = psa_ptr_to_u32(nonce), .len = nonce_length} -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)} -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ return status; - } - - static inline psa_status_t crypto_caller_aead_set_lengths( -@@ -189,7 +266,27 @@ static inline psa_status_t crypto_caller_aead_set_lengths( - size_t ad_length, - size_t plaintext_length) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID, -+ .ad_length = ad_length, -+ .plaintext_length = plaintext_length, -+ .op_handle = op_handle, -+ }; -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}, -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)} -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; - } - - static inline psa_status_t crypto_caller_aead_update_ad( -@@ -198,7 +295,35 @@ static inline psa_status_t crypto_caller_aead_update_ad( - const uint8_t *input, - size_t input_length) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID, -+ .op_handle = op_handle, -+ }; -+ -+ /* Sanitize the optional input */ -+ if ((input == NULL) && (input_length != 0)) { -+ return PSA_ERROR_INVALID_ARGUMENT; -+ } -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}, -+ {.base = psa_ptr_const_to_u32(input), .len = input_length} -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)} -+ }; -+ -+ size_t in_len = IOVEC_LEN(in_vec); -+ -+ if (input == NULL) { -+ in_len--; -+ } -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ in_len, out_vec, IOVEC_LEN(out_vec)); -+ return status; - } - - static inline psa_status_t crypto_caller_aead_update( -@@ -210,7 +335,38 @@ static inline psa_status_t crypto_caller_aead_update( - size_t output_size, - size_t *output_length) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_UPDATE_SID, -+ .op_handle = op_handle, -+ }; -+ -+ /* Sanitize the optional input */ -+ if ((input == NULL) && (input_length != 0)) { -+ return PSA_ERROR_INVALID_ARGUMENT; -+ } -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}, -+ {.base = psa_ptr_const_to_u32(input), .len = input_length} -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}, -+ {.base = psa_ptr_const_to_u32(output), .len = output_size}, -+ }; -+ -+ size_t in_len = IOVEC_LEN(in_vec); -+ -+ if (input == NULL) { -+ in_len--; -+ } -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ in_len, out_vec, IOVEC_LEN(out_vec)); -+ -+ *output_length = out_vec[1].len; -+ return status; - } - - static inline psa_status_t crypto_caller_aead_finish( -@@ -223,7 +379,48 @@ static inline psa_status_t crypto_caller_aead_finish( - size_t tag_size, - size_t *tag_length) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_FINISH_SID, -+ .op_handle = op_handle, -+ }; -+ -+ /* Sanitize the optional output */ -+ if ((aeadtext == NULL) && (aeadtext_size != 0)) { -+ return PSA_ERROR_INVALID_ARGUMENT; -+ } -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}, -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}, -+ {.base = psa_ptr_const_to_u32(tag), .len = tag_size}, -+ {.base = psa_ptr_const_to_u32(aeadtext), .len = aeadtext_size} -+ }; -+ -+ size_t out_len = IOVEC_LEN(out_vec); -+ -+ if (aeadtext == NULL || aeadtext_size == 0) { -+ out_len--; -+ } -+ if ((out_len == 3) && (aeadtext_length == NULL)) { -+ return PSA_ERROR_INVALID_ARGUMENT; -+ } -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, out_len); -+ -+ *tag_length = out_vec[1].len; -+ -+ if (out_len == 3) { -+ *aeadtext_length = out_vec[2].len; -+ } else { -+ *aeadtext_length = 0; -+ } -+ return status; - } - - static inline psa_status_t crypto_caller_aead_verify( -@@ -235,14 +432,94 @@ static inline psa_status_t crypto_caller_aead_verify( - const uint8_t *tag, - size_t tag_length) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_VERIFY_SID, -+ .op_handle = op_handle, -+ }; -+ -+ /* Sanitize the optional output */ -+ if ((plaintext == NULL) && (plaintext_size != 0)) { -+ return PSA_ERROR_INVALID_ARGUMENT; -+ } -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}, -+ {.base = psa_ptr_const_to_u32(tag), .len = tag_length} -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}, -+ {.base = psa_ptr_const_to_u32(plaintext), .len = plaintext_size}, -+ }; -+ -+ size_t out_len = IOVEC_LEN(out_vec); -+ -+ if (plaintext == NULL || plaintext_size == 0) { -+ out_len--; -+ } -+ if ((out_len == 2) && (plaintext_length == NULL)) { -+ return PSA_ERROR_INVALID_ARGUMENT; -+ } -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, out_len); -+ -+ if (out_len == 2) { -+ *plaintext_length = out_vec[1].len; -+ } else { -+ *plaintext_length = 0; -+ } -+ return status; - } - - static inline psa_status_t crypto_caller_aead_abort( - struct service_client *context, - uint32_t op_handle) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_ABORT_SID, -+ .op_handle = op_handle, -+ }; -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}, -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ return status; -+} -+ -+static inline size_t crypto_caller_aead_max_update_size(const struct service_client *context) -+{ -+ /* Returns the maximum number of bytes that may be -+ * carried as a parameter of the mac_update operation -+ * using the packed-c encoding. -+ */ -+ size_t payload_space = context->service_info.max_payload; -+ size_t overhead = iov_size; -+ -+ return (payload_space > overhead) ? payload_space - overhead : 0; -+} -+ -+static inline size_t crypto_caller_aead_max_update_ad_size(const struct service_client *context) -+{ -+ /* Returns the maximum number of bytes that may be -+ * carried as a parameter of the mac_update operation -+ * using the packed-c encoding. -+ */ -+ size_t payload_space = context->service_info.max_payload; -+ size_t overhead = iov_size; -+ -+ return (payload_space > overhead) ? payload_space - overhead : 0; - } - - #ifdef __cplusplus -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h -index 71d88cededf5..e4a2b167defb 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h -@@ -57,6 +57,41 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex - return status; - } - -+static inline psa_status_t crypto_caller_sign_message(struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *hash, -+ size_t hash_length, -+ uint8_t *signature, -+ size_t signature_size, -+ size_t *signature_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_SIGN_MESSAGE_SID, -+ .key_id = id, -+ .alg = alg, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(hash), .len = hash_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(signature), .len = signature_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *signature_length = out_vec[0].len; -+ -+ return status; -+} -+ -+ -+ - #ifdef __cplusplus - } - #endif -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h -index e16f6e5450af..cc9279ee79f2 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h -@@ -24,19 +24,20 @@ - extern "C" { - #endif - --static inline psa_status_t crypto_caller_verify_hash(struct service_client *context, -+static inline psa_status_t crypto_caller_common(struct service_client *context, - psa_key_id_t id, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - const uint8_t *signature, -- size_t signature_length) -+ size_t signature_length, -+ uint32_t sfn_id) - { - struct service_client *ipc = context; - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_VERIFY_HASH_SID, -+ .sfn_id = sfn_id, - .key_id = id, - .alg = alg, - }; -@@ -52,6 +53,32 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont - return status; - } - -+static inline psa_status_t crypto_caller_verify_hash(struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *hash, -+ size_t hash_length, -+ const uint8_t *signature, -+ size_t signature_length) -+{ -+ -+ return crypto_caller_common(context,id,alg,hash,hash_length, -+ signature,signature_length, TFM_CRYPTO_VERIFY_HASH_SID); -+} -+ -+static inline psa_status_t crypto_caller_verify_message(struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *hash, -+ size_t hash_length, -+ const uint8_t *signature, -+ size_t signature_length) -+{ -+ -+ return crypto_caller_common(context,id,alg,hash,hash_length, -+ signature,signature_length, TFM_CRYPTO_VERIFY_MESSAGE_SID); -+} -+ - #ifdef __cplusplus - } - #endif --- -2.38.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch deleted file mode 100644 index 4adcd90a5f..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 5a5e162e17c9decb04b3b2905a0fb604e8f06e91 Mon Sep 17 00:00:00 2001 -From: Satish Kumar <satish.kumar01@arm.com> -Date: Mon, 14 Feb 2022 17:52:00 +0000 -Subject: [PATCH 17/20] Fix : update psa_set_key_usage_flags definition to the - latest from the tf-m - -Upstream-Status: Pending -Signed-off-by: Satish Kumar <satish.kumar01@arm.com> -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - components/service/crypto/include/psa/crypto_struct.h | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/components/service/crypto/include/psa/crypto_struct.h b/components/service/crypto/include/psa/crypto_struct.h -index 1bc55e375eea..b4a7ed4b39d3 100644 ---- a/components/service/crypto/include/psa/crypto_struct.h -+++ b/components/service/crypto/include/psa/crypto_struct.h -@@ -155,9 +155,19 @@ static inline psa_key_lifetime_t psa_get_key_lifetime( - return( attributes->lifetime ); - } - -+static inline void psa_extend_key_usage_flags( psa_key_usage_t *usage_flags ) -+{ -+ if( *usage_flags & PSA_KEY_USAGE_SIGN_HASH ) -+ *usage_flags |= PSA_KEY_USAGE_SIGN_MESSAGE; -+ -+ if( *usage_flags & PSA_KEY_USAGE_VERIFY_HASH ) -+ *usage_flags |= PSA_KEY_USAGE_VERIFY_MESSAGE; -+} -+ - static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes, - psa_key_usage_t usage_flags) - { -+ psa_extend_key_usage_flags( &usage_flags ); - attributes->usage = usage_flags; - } - --- -2.38.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch deleted file mode 100644 index 02c89d895e..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch +++ /dev/null @@ -1,37 +0,0 @@ -From c519bae79629bfe551d79cfeb4e7d8a059545145 Mon Sep 17 00:00:00 2001 -From: Rui Miguel Silva <rui.silva@linaro.org> -Date: Tue, 11 Oct 2022 10:46:10 +0100 -Subject: [PATCH 19/20] plat: corstone1000: change default smm values - -Smm gateway uses SE proxy to route the calls for any NV -storage so set the NV_STORE_SN. -Change the storage index uid because TF-M in the secure -enclave reserves the default value (0x1) to some internal -operation. -Increase the maximum number of uefi variables to cope with all -the needs for testing and certification - -Upstream-Status: Pending -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - platform/providers/arm/corstone1000/platform.cmake | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake -index 51e5faa3e4d8..04b629a81906 100644 ---- a/platform/providers/arm/corstone1000/platform.cmake -+++ b/platform/providers/arm/corstone1000/platform.cmake -@@ -10,3 +10,9 @@ - include(${TS_ROOT}/platform/drivers/arm/mhu_driver/component.cmake) - - add_compile_definitions(MBEDTLS_ECP_DP_SECP521R1_ENABLED) -+ -+target_compile_definitions(${TGT} PRIVATE -+ SMM_GATEWAY_NV_STORE_SN="sn:ffa:46bb39d1-b4d9-45b5-88ff-040027dab249:1" -+ SMM_VARIABLE_INDEX_STORAGE_UID=0x787 -+ SMM_GATEWAY_MAX_UEFI_VARIABLES=100 -+) --- -2.38.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0021-smm_gateway-add-checks-for-null-attributes.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0021-smm_gateway-add-checks-for-null-attributes.patch deleted file mode 100644 index 87c053fcc6..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0021-smm_gateway-add-checks-for-null-attributes.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 6d3cac6f3a6e977e9330c9c06514a372ade170a2 Mon Sep 17 00:00:00 2001 -From: Emekcan <emekcan.aras@arm.com> -Date: Wed, 2 Nov 2022 09:58:27 +0000 -Subject: [PATCH] smm_gateway: add checks for null attributes - -As par EDK-2 and EDK-2 test code, setVariable() with 0 -attributes means a delete variable request. Currently, -smm gatway doesn't handle this scenario. This commit adds -that support. - -Upstream-Status: Pending -Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> ---- - components/service/smm_variable/backend/uefi_variable_store.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c -index 6c3b9ed8..a691dc5d 100644 ---- a/components/service/smm_variable/backend/uefi_variable_store.c -+++ b/components/service/smm_variable/backend/uefi_variable_store.c -@@ -202,9 +202,9 @@ efi_status_t uefi_variable_store_set_variable( - if (info->is_variable_set) { - - /* It's a request to update to an existing variable */ -- if (!(var->Attributes & -+ if (!(var->Attributes) || (!(var->Attributes & - (EFI_VARIABLE_APPEND_WRITE | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS_MASK)) && -- !var->DataSize) { -+ !var->DataSize)) { - - /* It's a remove operation - for a remove, the variable - * data must be removed from the storage backend before --- -2.17.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch deleted file mode 100644 index 7e65de8698..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch +++ /dev/null @@ -1,413 +0,0 @@ -From ca7d37502f9453125aead14c7ee5181336cbe8f4 Mon Sep 17 00:00:00 2001 -From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> -Date: Thu, 9 Feb 2023 00:22:40 +0000 -Subject: [PATCH 1/3] TF-Mv1.7 alignment: Align PSA Crypto SIDs - -This patch is to change the PSA Crypto SIDs to match the values of the -PSA Crypto SID definitions in TF-M v1.7 running on the secure enclave - -Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> -Upstream-Status: Pending [Not submitted yet] ---- - .../service/common/include/psa/crypto_sid.h | 241 ++++++++++++++++++ - components/service/common/include/psa/sid.h | 78 +----- - .../caller/psa_ipc/crypto_caller_sign_hash.h | 4 +- - .../psa_ipc/crypto_caller_verify_hash.h | 4 +- - 4 files changed, 249 insertions(+), 78 deletions(-) - create mode 100644 components/service/common/include/psa/crypto_sid.h - -diff --git a/components/service/common/include/psa/crypto_sid.h b/components/service/common/include/psa/crypto_sid.h -new file mode 100644 -index 00000000..5b05f46d ---- /dev/null -+++ b/components/service/common/include/psa/crypto_sid.h -@@ -0,0 +1,241 @@ -+/* -+ * Copyright (c) 2023, Arm Limited. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ * -+ */ -+ -+#ifndef __PSA_CRYPTO_SID_H__ -+#define __PSA_CRYPTO_SID_H__ -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+#include <stdint.h> -+ -+/** -+ * \brief Type associated to the group of a function encoding. There can be -+ * nine groups (Random, Key management, Hash, MAC, Cipher, AEAD, -+ * Asym sign, Asym encrypt, Key derivation). -+ */ -+enum tfm_crypto_group_id { -+ TFM_CRYPTO_GROUP_ID_RANDOM = 0x0, -+ TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT, -+ TFM_CRYPTO_GROUP_ID_HASH, -+ TFM_CRYPTO_GROUP_ID_MAC, -+ TFM_CRYPTO_GROUP_ID_CIPHER, -+ TFM_CRYPTO_GROUP_ID_AEAD, -+ TFM_CRYPTO_GROUP_ID_ASYM_SIGN, -+ TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT, -+ TFM_CRYPTO_GROUP_ID_KEY_DERIVATION, -+}; -+ -+/* X macro describing each of the available PSA Crypto APIs */ -+#define KEY_MANAGEMENT_FUNCS \ -+ X(TFM_CRYPTO_GET_KEY_ATTRIBUTES) \ -+ X(TFM_CRYPTO_RESET_KEY_ATTRIBUTES) \ -+ X(TFM_CRYPTO_OPEN_KEY) \ -+ X(TFM_CRYPTO_CLOSE_KEY) \ -+ X(TFM_CRYPTO_IMPORT_KEY) \ -+ X(TFM_CRYPTO_DESTROY_KEY) \ -+ X(TFM_CRYPTO_EXPORT_KEY) \ -+ X(TFM_CRYPTO_EXPORT_PUBLIC_KEY) \ -+ X(TFM_CRYPTO_PURGE_KEY) \ -+ X(TFM_CRYPTO_COPY_KEY) \ -+ X(TFM_CRYPTO_GENERATE_KEY) -+ -+#define HASH_FUNCS \ -+ X(TFM_CRYPTO_HASH_COMPUTE) \ -+ X(TFM_CRYPTO_HASH_COMPARE) \ -+ X(TFM_CRYPTO_HASH_SETUP) \ -+ X(TFM_CRYPTO_HASH_UPDATE) \ -+ X(TFM_CRYPTO_HASH_CLONE) \ -+ X(TFM_CRYPTO_HASH_FINISH) \ -+ X(TFM_CRYPTO_HASH_VERIFY) \ -+ X(TFM_CRYPTO_HASH_ABORT) -+ -+#define MAC_FUNCS \ -+ X(TFM_CRYPTO_MAC_COMPUTE) \ -+ X(TFM_CRYPTO_MAC_VERIFY) \ -+ X(TFM_CRYPTO_MAC_SIGN_SETUP) \ -+ X(TFM_CRYPTO_MAC_VERIFY_SETUP) \ -+ X(TFM_CRYPTO_MAC_UPDATE) \ -+ X(TFM_CRYPTO_MAC_SIGN_FINISH) \ -+ X(TFM_CRYPTO_MAC_VERIFY_FINISH) \ -+ X(TFM_CRYPTO_MAC_ABORT) -+ -+#define CIPHER_FUNCS \ -+ X(TFM_CRYPTO_CIPHER_ENCRYPT) \ -+ X(TFM_CRYPTO_CIPHER_DECRYPT) \ -+ X(TFM_CRYPTO_CIPHER_ENCRYPT_SETUP) \ -+ X(TFM_CRYPTO_CIPHER_DECRYPT_SETUP) \ -+ X(TFM_CRYPTO_CIPHER_GENERATE_IV) \ -+ X(TFM_CRYPTO_CIPHER_SET_IV) \ -+ X(TFM_CRYPTO_CIPHER_UPDATE) \ -+ X(TFM_CRYPTO_CIPHER_FINISH) \ -+ X(TFM_CRYPTO_CIPHER_ABORT) -+ -+#define AEAD_FUNCS \ -+ X(TFM_CRYPTO_AEAD_ENCRYPT) \ -+ X(TFM_CRYPTO_AEAD_DECRYPT) \ -+ X(TFM_CRYPTO_AEAD_ENCRYPT_SETUP) \ -+ X(TFM_CRYPTO_AEAD_DECRYPT_SETUP) \ -+ X(TFM_CRYPTO_AEAD_GENERATE_NONCE) \ -+ X(TFM_CRYPTO_AEAD_SET_NONCE) \ -+ X(TFM_CRYPTO_AEAD_SET_LENGTHS) \ -+ X(TFM_CRYPTO_AEAD_UPDATE_AD) \ -+ X(TFM_CRYPTO_AEAD_UPDATE) \ -+ X(TFM_CRYPTO_AEAD_FINISH) \ -+ X(TFM_CRYPTO_AEAD_VERIFY) \ -+ X(TFM_CRYPTO_AEAD_ABORT) -+ -+#define ASYMMETRIC_SIGN_FUNCS \ -+ X(TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE) \ -+ X(TFM_CRYPTO_ASYMMETRIC_VERIFY_MESSAGE) \ -+ X(TFM_CRYPTO_ASYMMETRIC_SIGN_HASH) \ -+ X(TFM_CRYPTO_ASYMMETRIC_VERIFY_HASH) -+ -+#define AYSMMETRIC_ENCRYPT_FUNCS \ -+ X(TFM_CRYPTO_ASYMMETRIC_ENCRYPT) \ -+ X(TFM_CRYPTO_ASYMMETRIC_DECRYPT) -+ -+#define KEY_DERIVATION_FUNCS \ -+ X(TFM_CRYPTO_RAW_KEY_AGREEMENT) \ -+ X(TFM_CRYPTO_KEY_DERIVATION_SETUP) \ -+ X(TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY) \ -+ X(TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY) \ -+ X(TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES) \ -+ X(TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY) \ -+ X(TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT) \ -+ X(TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES) \ -+ X(TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY) \ -+ X(TFM_CRYPTO_KEY_DERIVATION_ABORT) -+ -+#define RANDOM_FUNCS \ -+ X(TFM_CRYPTO_GENERATE_RANDOM) -+ -+/* -+ * Define function IDs in each group. The function ID will be encoded into -+ * tfm_crypto_func_sid below. -+ * Each group is defined as a dedicated enum in case the total number of -+ * PSA Crypto APIs exceeds 256. -+ */ -+#define X(func_id) func_id, -+enum tfm_crypto_key_management_func_id { -+ KEY_MANAGEMENT_FUNCS -+}; -+enum tfm_crypto_hash_func_id { -+ HASH_FUNCS -+}; -+enum tfm_crypto_mac_func_id { -+ MAC_FUNCS -+}; -+enum tfm_crypto_cipher_func_id { -+ CIPHER_FUNCS -+}; -+enum tfm_crypto_aead_func_id { -+ AEAD_FUNCS -+}; -+enum tfm_crypto_asym_sign_func_id { -+ ASYMMETRIC_SIGN_FUNCS -+}; -+enum tfm_crypto_asym_encrypt_func_id { -+ AYSMMETRIC_ENCRYPT_FUNCS -+}; -+enum tfm_crypto_key_derivation_func_id { -+ KEY_DERIVATION_FUNCS -+}; -+enum tfm_crypto_random_func_id { -+ RANDOM_FUNCS -+}; -+#undef X -+ -+#define FUNC_ID(func_id) (((func_id) & 0xFF) << 8) -+ -+/* -+ * Numerical progressive value identifying a function API exposed through -+ * the interfaces (S or NS). It's used to dispatch the requests from S/NS -+ * to the corresponding API implementation in the Crypto service backend. -+ * -+ * Each function SID is encoded as uint16_t. -+ * | Func ID | Group ID | -+ * 15 8 7 0 -+ * Func ID is defined in each group func_id enum above -+ * Group ID is defined in tfm_crypto_group_id. -+ */ -+enum tfm_crypto_func_sid { -+ -+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ -+ (TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT & 0xFF)), -+ -+ KEY_MANAGEMENT_FUNCS -+ -+#undef X -+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ -+ (TFM_CRYPTO_GROUP_ID_HASH & 0xFF)), -+ HASH_FUNCS -+ -+#undef X -+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ -+ (TFM_CRYPTO_GROUP_ID_MAC & 0xFF)), -+ MAC_FUNCS -+ -+#undef X -+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ -+ (TFM_CRYPTO_GROUP_ID_CIPHER & 0xFF)), -+ CIPHER_FUNCS -+ -+#undef X -+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ -+ (TFM_CRYPTO_GROUP_ID_AEAD & 0xFF)), -+ AEAD_FUNCS -+ -+#undef X -+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ -+ (TFM_CRYPTO_GROUP_ID_ASYM_SIGN & 0xFF)), -+ ASYMMETRIC_SIGN_FUNCS -+ -+#undef X -+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ -+ (TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT & 0xFF)), -+ AYSMMETRIC_ENCRYPT_FUNCS -+ -+#undef X -+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ -+ (TFM_CRYPTO_GROUP_ID_KEY_DERIVATION & 0xFF)), -+ KEY_DERIVATION_FUNCS -+ -+#undef X -+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ -+ (TFM_CRYPTO_GROUP_ID_RANDOM & 0xFF)), -+ RANDOM_FUNCS -+ -+}; -+#undef X -+ -+/** -+ * \brief Define an invalid value for an SID -+ * -+ */ -+#define TFM_CRYPTO_SID_INVALID (~0x0u) -+ -+/** -+ * \brief This value is used to mark an handle as invalid. -+ * -+ */ -+#define TFM_CRYPTO_INVALID_HANDLE (0x0u) -+ -+/** -+ * \brief Define miscellaneous literal constants that are used in the service -+ * -+ */ -+enum { -+ TFM_CRYPTO_NOT_IN_USE = 0, -+ TFM_CRYPTO_IN_USE = 1 -+}; -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* __PSA_CRYPTO_SID_H__ */ -diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h -index 8103a9af..50ad070e 100644 ---- a/components/service/common/include/psa/sid.h -+++ b/components/service/common/include/psa/sid.h -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2019-2021, Arm Limited. All rights reserved. -+ * Copyright (c) 2019-2023, Arm Limited. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - * -@@ -12,6 +12,9 @@ - extern "C" { - #endif - -+/******** PSA Crypto SIDs ********/ -+#include "crypto_sid.h" -+ - /******** TFM_SP_PS ********/ - #define TFM_PROTECTED_STORAGE_SERVICE_SID (0x00000060U) - #define TFM_PROTECTED_STORAGE_SERVICE_VERSION (1U) -@@ -43,79 +46,6 @@ extern "C" { - #define TFM_PLATFORM_SERVICE_HANDLE (0x40000105U) - - --/** -- * \brief Define a progressive numerical value for each SID which can be used -- * when dispatching the requests to the service -- */ --enum { -- TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID = (0u), -- TFM_CRYPTO_RESET_KEY_ATTRIBUTES_SID, -- TFM_CRYPTO_OPEN_KEY_SID, -- TFM_CRYPTO_CLOSE_KEY_SID, -- TFM_CRYPTO_IMPORT_KEY_SID, -- TFM_CRYPTO_DESTROY_KEY_SID, -- TFM_CRYPTO_EXPORT_KEY_SID, -- TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID, -- TFM_CRYPTO_PURGE_KEY_SID, -- TFM_CRYPTO_COPY_KEY_SID, -- TFM_CRYPTO_HASH_COMPUTE_SID, -- TFM_CRYPTO_HASH_COMPARE_SID, -- TFM_CRYPTO_HASH_SETUP_SID, -- TFM_CRYPTO_HASH_UPDATE_SID, -- TFM_CRYPTO_HASH_FINISH_SID, -- TFM_CRYPTO_HASH_VERIFY_SID, -- TFM_CRYPTO_HASH_ABORT_SID, -- TFM_CRYPTO_HASH_CLONE_SID, -- TFM_CRYPTO_MAC_COMPUTE_SID, -- TFM_CRYPTO_MAC_VERIFY_SID, -- TFM_CRYPTO_MAC_SIGN_SETUP_SID, -- TFM_CRYPTO_MAC_VERIFY_SETUP_SID, -- TFM_CRYPTO_MAC_UPDATE_SID, -- TFM_CRYPTO_MAC_SIGN_FINISH_SID, -- TFM_CRYPTO_MAC_VERIFY_FINISH_SID, -- TFM_CRYPTO_MAC_ABORT_SID, -- TFM_CRYPTO_CIPHER_ENCRYPT_SID, -- TFM_CRYPTO_CIPHER_DECRYPT_SID, -- TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID, -- TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID, -- TFM_CRYPTO_CIPHER_GENERATE_IV_SID, -- TFM_CRYPTO_CIPHER_SET_IV_SID, -- TFM_CRYPTO_CIPHER_UPDATE_SID, -- TFM_CRYPTO_CIPHER_FINISH_SID, -- TFM_CRYPTO_CIPHER_ABORT_SID, -- TFM_CRYPTO_AEAD_ENCRYPT_SID, -- TFM_CRYPTO_AEAD_DECRYPT_SID, -- TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID, -- TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID, -- TFM_CRYPTO_AEAD_GENERATE_NONCE_SID, -- TFM_CRYPTO_AEAD_SET_NONCE_SID, -- TFM_CRYPTO_AEAD_SET_LENGTHS_SID, -- TFM_CRYPTO_AEAD_UPDATE_AD_SID, -- TFM_CRYPTO_AEAD_UPDATE_SID, -- TFM_CRYPTO_AEAD_FINISH_SID, -- TFM_CRYPTO_AEAD_VERIFY_SID, -- TFM_CRYPTO_AEAD_ABORT_SID, -- TFM_CRYPTO_SIGN_MESSAGE_SID, -- TFM_CRYPTO_VERIFY_MESSAGE_SID, -- TFM_CRYPTO_SIGN_HASH_SID, -- TFM_CRYPTO_VERIFY_HASH_SID, -- TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID, -- TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID, -- TFM_CRYPTO_KEY_DERIVATION_SETUP_SID, -- TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID, -- TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID, -- TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID, -- TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID, -- TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID, -- TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID, -- TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID, -- TFM_CRYPTO_KEY_DERIVATION_ABORT_SID, -- TFM_CRYPTO_RAW_KEY_AGREEMENT_SID, -- TFM_CRYPTO_GENERATE_RANDOM_SID, -- TFM_CRYPTO_GENERATE_KEY_SID, -- TFM_CRYPTO_SID_MAX, --}; -- - /******** TFM_SP_PLATFORM ********/ - #define TFM_SP_PLATFORM_SYSTEM_RESET_SID (0x00000040U) - #define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION (1U) -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h -index e4a2b167..9276748d 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h -@@ -37,7 +37,7 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_SIGN_HASH_SID, -+ .sfn_id = TFM_CRYPTO_ASYMMETRIC_SIGN_HASH_SID, - .key_id = id, - .alg = alg, - }; -@@ -70,7 +70,7 @@ static inline psa_status_t crypto_caller_sign_message(struct service_client *con - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_SIGN_MESSAGE_SID, -+ .sfn_id = TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE_SID, - .key_id = id, - .alg = alg, - }; -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h -index cc9279ee..bcd8e0e4 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h -@@ -63,7 +63,7 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont - { - - return crypto_caller_common(context,id,alg,hash,hash_length, -- signature,signature_length, TFM_CRYPTO_VERIFY_HASH_SID); -+ signature,signature_length, TFM_CRYPTO_ASYMMETRIC_VERIFY_HASH_SID); - } - - static inline psa_status_t crypto_caller_verify_message(struct service_client *context, -@@ -76,7 +76,7 @@ static inline psa_status_t crypto_caller_verify_message(struct service_client *c - { - - return crypto_caller_common(context,id,alg,hash,hash_length, -- signature,signature_length, TFM_CRYPTO_VERIFY_MESSAGE_SID); -+ signature,signature_length, TFM_CRYPTO_ASYMMETRIC_VERIFY_MESSAGE_SID); - } - - #ifdef __cplusplus --- -2.25.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0025-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0025-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch deleted file mode 100644 index ecea236403..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0025-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch +++ /dev/null @@ -1,655 +0,0 @@ -From a3e203136e7c552069ae582273e0540a219c105f Mon Sep 17 00:00:00 2001 -From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> -Date: Thu, 9 Feb 2023 00:01:06 +0000 -Subject: [PATCH 2/3] TF-Mv1.7 alignment: Align crypto iovec definition - -This patch is to align psa_ipc_crypto_pack_iovec with TF-M v1.7 -And propagate changes accross psa_ipc functions -More accuratly change sfn_id to function_id - -Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> -Upstream-Status: Pending [Not submitted yet] ---- - .../backend/psa_ipc/crypto_ipc_backend.h | 34 +++++++++---------- - .../caller/psa_ipc/crypto_caller_aead.h | 24 ++++++------- - .../crypto_caller_asymmetric_decrypt.h | 2 +- - .../crypto_caller_asymmetric_encrypt.h | 2 +- - .../caller/psa_ipc/crypto_caller_cipher.h | 14 ++++---- - .../caller/psa_ipc/crypto_caller_copy_key.h | 2 +- - .../psa_ipc/crypto_caller_destroy_key.h | 2 +- - .../caller/psa_ipc/crypto_caller_export_key.h | 2 +- - .../psa_ipc/crypto_caller_export_public_key.h | 2 +- - .../psa_ipc/crypto_caller_generate_key.h | 2 +- - .../psa_ipc/crypto_caller_generate_random.h | 2 +- - .../crypto_caller_get_key_attributes.h | 2 +- - .../caller/psa_ipc/crypto_caller_hash.h | 12 +++---- - .../caller/psa_ipc/crypto_caller_import_key.h | 2 +- - .../psa_ipc/crypto_caller_key_derivation.h | 20 +++++------ - .../client/caller/psa_ipc/crypto_caller_mac.h | 12 +++---- - .../caller/psa_ipc/crypto_caller_purge_key.h | 2 +- - .../caller/psa_ipc/crypto_caller_sign_hash.h | 4 +-- - .../psa_ipc/crypto_caller_verify_hash.h | 4 +-- - 19 files changed, 73 insertions(+), 73 deletions(-) - -diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h -index ec25eaf8..aacd3fcc 100644 ---- a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h -+++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h -@@ -28,23 +28,23 @@ struct psa_ipc_crypto_aead_pack_input { - }; - - struct psa_ipc_crypto_pack_iovec { -- uint32_t sfn_id; /*!< Secure function ID used to dispatch the -- * request -- */ -- uint16_t step; /*!< Key derivation step */ -- psa_key_id_t key_id; /*!< Key id */ -- psa_algorithm_t alg; /*!< Algorithm */ -- uint32_t op_handle; /*!< Frontend context handle associated to a -- * multipart operation -- */ -- uint32_t capacity; /*!< Key derivation capacity */ -- uint32_t ad_length; /*!< Additional Data length for multipart AEAD */ -- uint32_t plaintext_length; /*!< Plaintext length for multipart AEAD */ -- struct psa_ipc_crypto_aead_pack_input aead_in; /*!< FixMe: Temporarily used for -- * AEAD until the API is -- * restructured -- */ --}; -+ psa_key_id_t key_id; /*!< Key id */ -+ psa_algorithm_t alg; /*!< Algorithm */ -+ uint32_t op_handle; /*!< Frontend context handle associated to a -+ * multipart operation -+ */ -+ uint32_t capacity; /*!< Key derivation capacity */ -+ uint32_t ad_length; /*!< Additional Data length for multipart AEAD */ -+ uint32_t plaintext_length; /*!< Plaintext length for multipart AEAD */ -+ -+ struct psa_ipc_crypto_aead_pack_input aead_in; /*!< Packs AEAD-related inputs */ -+ -+ uint16_t function_id; /*!< Used to identify the function in the -+ * API dispatcher to the service backend -+ * See tfm_crypto_func_sid for detail -+ */ -+ uint16_t step; /*!< Key derivation step */ -+}__packed; - - #define iov_size sizeof(struct psa_ipc_crypto_pack_iovec) - -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h -index f6aadd8b..efdffdf7 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h -@@ -44,7 +44,7 @@ static inline psa_status_t crypto_caller_aead_encrypt( - size_t in_len; - int i; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SID, -+ .function_id = TFM_CRYPTO_AEAD_ENCRYPT_SID, - .key_id = key, - .alg = alg, - .aead_in = { .nonce = {0}, .nonce_length = nonce_length }, -@@ -105,7 +105,7 @@ static inline psa_status_t crypto_caller_aead_decrypt( - size_t in_len; - int i; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SID, -+ .function_id = TFM_CRYPTO_AEAD_DECRYPT_SID, - .key_id = key, - .alg = alg, - .aead_in = { .nonce = {0}, .nonce_length = nonce_length }, -@@ -156,7 +156,7 @@ static inline psa_status_t crypto_caller_aead_encrypt_setup( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID, -+ .function_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID, - .key_id = key, - .alg = alg, - .op_handle = (*op_handle), -@@ -185,7 +185,7 @@ static inline psa_status_t crypto_caller_aead_decrypt_setup( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID, -+ .function_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID, - .key_id = key, - .alg = alg, - .op_handle = (*op_handle), -@@ -214,7 +214,7 @@ static inline psa_status_t crypto_caller_aead_generate_nonce( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID, -+ .function_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID, - .op_handle = op_handle, - }; - -@@ -243,7 +243,7 @@ static inline psa_status_t crypto_caller_aead_set_nonce( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_AEAD_SET_NONCE_SID, -+ .function_id = TFM_CRYPTO_AEAD_SET_NONCE_SID, - .op_handle = op_handle, - }; - -@@ -270,7 +270,7 @@ static inline psa_status_t crypto_caller_aead_set_lengths( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID, -+ .function_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID, - .ad_length = ad_length, - .plaintext_length = plaintext_length, - .op_handle = op_handle, -@@ -299,7 +299,7 @@ static inline psa_status_t crypto_caller_aead_update_ad( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID, -+ .function_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID, - .op_handle = op_handle, - }; - -@@ -339,7 +339,7 @@ static inline psa_status_t crypto_caller_aead_update( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_AEAD_UPDATE_SID, -+ .function_id = TFM_CRYPTO_AEAD_UPDATE_SID, - .op_handle = op_handle, - }; - -@@ -383,7 +383,7 @@ static inline psa_status_t crypto_caller_aead_finish( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_AEAD_FINISH_SID, -+ .function_id = TFM_CRYPTO_AEAD_FINISH_SID, - .op_handle = op_handle, - }; - -@@ -436,7 +436,7 @@ static inline psa_status_t crypto_caller_aead_verify( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_AEAD_VERIFY_SID, -+ .function_id = TFM_CRYPTO_AEAD_VERIFY_SID, - .op_handle = op_handle, - }; - -@@ -482,7 +482,7 @@ static inline psa_status_t crypto_caller_aead_abort( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_AEAD_ABORT_SID, -+ .function_id = TFM_CRYPTO_AEAD_ABORT_SID, - .op_handle = op_handle, - }; - -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h -index ff01815c..c387eb55 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h -@@ -38,7 +38,7 @@ static inline psa_status_t crypto_caller_asymmetric_decrypt( - psa_status_t status; - size_t in_len; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID, -+ .function_id = TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID, - .key_id = id, - .alg = alg, - }; -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h -index 1daf1689..8eb3de45 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h -@@ -38,7 +38,7 @@ static inline psa_status_t crypto_caller_asymmetric_encrypt( - psa_status_t status; - size_t in_len; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID, -+ .function_id = TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID, - .key_id = id, - .alg = alg, - }; -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h -index fbefb28d..20aa46a5 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h -@@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_cipher_encrypt_setup( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID, -+ .function_id = TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID, - .key_id = key, - .alg = alg, - .op_handle = *op_handle, -@@ -62,7 +62,7 @@ static inline psa_status_t crypto_caller_cipher_decrypt_setup( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID, -+ .function_id = TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID, - .key_id = key, - .alg = alg, - .op_handle = *op_handle, -@@ -91,7 +91,7 @@ static inline psa_status_t crypto_caller_cipher_generate_iv( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_CIPHER_GENERATE_IV_SID, -+ .function_id = TFM_CRYPTO_CIPHER_GENERATE_IV_SID, - .op_handle = op_handle, - }; - struct psa_invec in_vec[] = { -@@ -120,7 +120,7 @@ static inline psa_status_t crypto_caller_cipher_set_iv( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_CIPHER_SET_IV_SID, -+ .function_id = TFM_CRYPTO_CIPHER_SET_IV_SID, - .op_handle = op_handle, - }; - struct psa_invec in_vec[] = { -@@ -150,7 +150,7 @@ static inline psa_status_t crypto_caller_cipher_update( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_CIPHER_UPDATE_SID, -+ .function_id = TFM_CRYPTO_CIPHER_UPDATE_SID, - .op_handle = op_handle, - }; - struct psa_invec in_vec[] = { -@@ -181,7 +181,7 @@ static inline psa_status_t crypto_caller_cipher_finish( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_CIPHER_FINISH_SID, -+ .function_id = TFM_CRYPTO_CIPHER_FINISH_SID, - .op_handle = op_handle, - }; - struct psa_invec in_vec[] = { -@@ -208,7 +208,7 @@ static inline psa_status_t crypto_caller_cipher_abort( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_CIPHER_ABORT_SID, -+ .function_id = TFM_CRYPTO_CIPHER_ABORT_SID, - .op_handle = op_handle, - }; - struct psa_invec in_vec[] = { -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h -index 9a988171..48157d7e 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h -@@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_copy_key(struct service_client *context - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_COPY_KEY_SID, -+ .function_id = TFM_CRYPTO_COPY_KEY_SID, - .key_id = source_key, - }; - struct psa_invec in_vec[] = { -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h -index d00f4faa..6d0a05e6 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h -@@ -31,7 +31,7 @@ static inline psa_status_t crypto_caller_destroy_key(struct service_client *cont - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_DESTROY_KEY_SID, -+ .function_id = TFM_CRYPTO_DESTROY_KEY_SID, - .key_id = id, - }; - struct psa_invec in_vec[] = { -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h -index 8ac5477f..9a6b7013 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h -@@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_export_key(struct service_client *conte - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_EXPORT_KEY_SID, -+ .function_id = TFM_CRYPTO_EXPORT_KEY_SID, - .key_id = id, - }; - struct psa_invec in_vec[] = { -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h -index b24c47f1..52bdd757 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h -@@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_export_public_key(struct service_client - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID, -+ .function_id = TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID, - .key_id = id, - }; - struct psa_invec in_vec[] = { -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h -index 1b66ed40..7ed1673b 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h -@@ -32,7 +32,7 @@ static inline psa_status_t crypto_caller_generate_key(struct service_client *con - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_GENERATE_KEY_SID, -+ .function_id = TFM_CRYPTO_GENERATE_KEY_SID, - }; - struct psa_invec in_vec[] = { - { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h -index 7c538237..4fb87aa8 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h -@@ -32,7 +32,7 @@ static inline psa_status_t crypto_caller_generate_random(struct service_client * - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_GENERATE_RANDOM_SID, -+ .function_id = TFM_CRYPTO_GENERATE_RANDOM_SID, - }; - struct psa_invec in_vec[] = { - { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h -index 22f1d18f..2caa3bd3 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h -@@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_get_key_attributes( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID, -+ .function_id = TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID, - .key_id = key, - }; - struct psa_invec in_vec[] = { -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h -index 9f37908a..4fb60d44 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h -@@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_hash_setup( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_HASH_SETUP_SID, -+ .function_id = TFM_CRYPTO_HASH_SETUP_SID, - .alg = alg, - .op_handle = *op_handle, - }; -@@ -60,7 +60,7 @@ static inline psa_status_t crypto_caller_hash_update( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_HASH_UPDATE_SID, -+ .function_id = TFM_CRYPTO_HASH_UPDATE_SID, - .op_handle = op_handle, - }; - struct psa_invec in_vec[] = { -@@ -88,7 +88,7 @@ static inline psa_status_t crypto_caller_hash_finish( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_HASH_FINISH_SID, -+ .function_id = TFM_CRYPTO_HASH_FINISH_SID, - .op_handle = op_handle, - }; - struct psa_invec in_vec[] = { -@@ -115,7 +115,7 @@ static inline psa_status_t crypto_caller_hash_abort( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_HASH_ABORT_SID, -+ .function_id = TFM_CRYPTO_HASH_ABORT_SID, - .op_handle = op_handle, - }; - struct psa_invec in_vec[] = { -@@ -141,7 +141,7 @@ static inline psa_status_t crypto_caller_hash_verify( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_HASH_VERIFY_SID, -+ .function_id = TFM_CRYPTO_HASH_VERIFY_SID, - .op_handle = op_handle, - }; - struct psa_invec in_vec[] = { -@@ -167,7 +167,7 @@ static inline psa_status_t crypto_caller_hash_clone( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_HASH_CLONE_SID, -+ .function_id = TFM_CRYPTO_HASH_CLONE_SID, - .op_handle = source_op_handle, - }; - struct psa_invec in_vec[] = { -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h -index d4703366..1458163c 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h -@@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_import_key(struct service_client *conte - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_IMPORT_KEY_SID, -+ .function_id = TFM_CRYPTO_IMPORT_KEY_SID, - }; - struct psa_invec in_vec[] = { - { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h -index 5ce4fb6c..16be9916 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h -@@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_key_derivation_setup( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_SETUP_SID, -+ .function_id = TFM_CRYPTO_KEY_DERIVATION_SETUP_SID, - .alg = alg, - .op_handle = *op_handle, - }; -@@ -59,7 +59,7 @@ static inline psa_status_t crypto_caller_key_derivation_get_capacity( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID, -+ .function_id = TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID, - .op_handle = op_handle, - }; - struct psa_invec in_vec[] = { -@@ -84,7 +84,7 @@ static inline psa_status_t crypto_caller_key_derivation_set_capacity( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID, -+ .function_id = TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID, - .capacity = capacity, - .op_handle = op_handle, - }; -@@ -109,7 +109,7 @@ static inline psa_status_t crypto_caller_key_derivation_input_bytes( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID, -+ .function_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID, - .step = step, - .op_handle = op_handle, - }; -@@ -134,7 +134,7 @@ static inline psa_status_t crypto_caller_key_derivation_input_key( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID, -+ .function_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID, - .key_id = key, - .step = step, - .op_handle = op_handle, -@@ -159,7 +159,7 @@ static inline psa_status_t crypto_caller_key_derivation_output_bytes( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID, -+ .function_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID, - .op_handle = op_handle, - }; - struct psa_invec in_vec[] = { -@@ -185,7 +185,7 @@ static inline psa_status_t crypto_caller_key_derivation_output_key( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID, -+ .function_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID, - .op_handle = op_handle, - }; - struct psa_invec in_vec[] = { -@@ -211,7 +211,7 @@ static inline psa_status_t crypto_caller_key_derivation_abort( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_ABORT_SID, -+ .function_id = TFM_CRYPTO_KEY_DERIVATION_ABORT_SID, - .op_handle = op_handle, - }; - struct psa_invec in_vec[] = { -@@ -239,7 +239,7 @@ static inline psa_status_t crypto_caller_key_derivation_key_agreement( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID, -+ .function_id = TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID, - .key_id = private_key, - .step = step, - .op_handle = op_handle, -@@ -270,7 +270,7 @@ static inline psa_status_t crypto_caller_raw_key_agreement( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_RAW_KEY_AGREEMENT_SID, -+ .function_id = TFM_CRYPTO_RAW_KEY_AGREEMENT_SID, - .alg = alg, - .key_id = private_key, - }; -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h -index 3a820192..30222800 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h -@@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_mac_sign_setup( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_MAC_SIGN_SETUP_SID, -+ .function_id = TFM_CRYPTO_MAC_SIGN_SETUP_SID, - .key_id = key, - .alg = alg, - .op_handle = *op_handle, -@@ -62,7 +62,7 @@ static inline psa_status_t crypto_caller_mac_verify_setup( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_MAC_VERIFY_SETUP_SID, -+ .function_id = TFM_CRYPTO_MAC_VERIFY_SETUP_SID, - .key_id = key, - .alg = alg, - .op_handle = *op_handle, -@@ -90,7 +90,7 @@ static inline psa_status_t crypto_caller_mac_update( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_MAC_UPDATE_SID, -+ .function_id = TFM_CRYPTO_MAC_UPDATE_SID, - .op_handle = op_handle, - }; - struct psa_invec in_vec[] = { -@@ -118,7 +118,7 @@ static inline psa_status_t crypto_caller_mac_sign_finish( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_MAC_SIGN_FINISH_SID, -+ .function_id = TFM_CRYPTO_MAC_SIGN_FINISH_SID, - .op_handle = op_handle, - }; - struct psa_invec in_vec[] = { -@@ -147,7 +147,7 @@ static inline psa_status_t crypto_caller_mac_verify_finish( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_MAC_VERIFY_FINISH_SID, -+ .function_id = TFM_CRYPTO_MAC_VERIFY_FINISH_SID, - .op_handle = op_handle, - }; - struct psa_invec in_vec[] = { -@@ -172,7 +172,7 @@ static inline psa_status_t crypto_caller_mac_abort( - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_MAC_ABORT_SID, -+ .function_id = TFM_CRYPTO_MAC_ABORT_SID, - .op_handle = op_handle, - }; - struct psa_invec in_vec[] = { -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h -index a3a796e2..f6ab0978 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h -@@ -31,7 +31,7 @@ static inline psa_status_t crypto_caller_purge_key(struct service_client *contex - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_PURGE_KEY_SID, -+ .function_id = TFM_CRYPTO_PURGE_KEY_SID, - .key_id = id, - }; - struct psa_invec in_vec[] = { -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h -index 9276748d..8b53e3dc 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h -@@ -37,7 +37,7 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_ASYMMETRIC_SIGN_HASH_SID, -+ .function_id = TFM_CRYPTO_ASYMMETRIC_SIGN_HASH_SID, - .key_id = id, - .alg = alg, - }; -@@ -70,7 +70,7 @@ static inline psa_status_t crypto_caller_sign_message(struct service_client *con - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE_SID, -+ .function_id = TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE_SID, - .key_id = id, - .alg = alg, - }; -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h -index bcd8e0e4..c9ed865b 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h -@@ -31,13 +31,13 @@ static inline psa_status_t crypto_caller_common(struct service_client *context, - size_t hash_length, - const uint8_t *signature, - size_t signature_length, -- uint32_t sfn_id) -+ uint32_t function_id) - { - struct service_client *ipc = context; - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = sfn_id, -+ .function_id = function_id, - .key_id = id, - .alg = alg, - }; --- -2.25.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0026-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0026-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch deleted file mode 100644 index 0dcdd5da2c..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0026-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch +++ /dev/null @@ -1,117 +0,0 @@ -From ee7e13dcc14110aa16f7c6453cfe72f088857ed2 Mon Sep 17 00:00:00 2001 -From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> -Date: Thu, 9 Feb 2023 00:34:23 +0000 -Subject: [PATCH 3/3] TF-Mv1.7 alignment: PSA crypto client in/out_vec - -Few psa crypto operations have different in/out_vec expectations -This patch is fixing the differences between psa crypto client in TS -and psa crypto service in TF-M running on the secure enclave - -operations: -- aead_generate_nonce: TFM service doesn't expect op_handle in in_vec -- aead_update: TFM service doesn't expect op_handle in in_vec -- cipher_generate_iv: TFM service doesn't expect op_handle in in_vec -- cipher_update: TFM service doesn't expect op_handle in in_vec -- hash_clone: TFM service expects target_op_handle in the in_vec - rationale is target_op_handle according to the spec - must be initialized and not active. and since hash_clone - manipulates it. hence, target_op_handle should be passed - as input and output. - -Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> -Upstream-Status: Pending [Not submitted yet] ---- - .../crypto/client/caller/psa_ipc/crypto_caller_aead.h | 6 ++---- - .../crypto/client/caller/psa_ipc/crypto_caller_cipher.h | 6 ++---- - .../crypto/client/caller/psa_ipc/crypto_caller_hash.h | 2 ++ - 3 files changed, 6 insertions(+), 8 deletions(-) - -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h -index efdffdf7..e862c2de 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h -@@ -222,14 +222,13 @@ static inline psa_status_t crypto_caller_aead_generate_nonce( - {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}, - }; - struct psa_outvec out_vec[] = { -- {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}, - {.base = psa_ptr_to_u32(nonce), .len = nonce_size} - }; - - status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, - IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); - -- *nonce_length = out_vec[1].len; -+ *nonce_length = out_vec[0].len; - return status; - } - -@@ -353,7 +352,6 @@ static inline psa_status_t crypto_caller_aead_update( - {.base = psa_ptr_const_to_u32(input), .len = input_length} - }; - struct psa_outvec out_vec[] = { -- {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}, - {.base = psa_ptr_const_to_u32(output), .len = output_size}, - }; - -@@ -365,7 +363,7 @@ static inline psa_status_t crypto_caller_aead_update( - status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, - in_len, out_vec, IOVEC_LEN(out_vec)); - -- *output_length = out_vec[1].len; -+ *output_length = out_vec[0].len; - return status; - } - -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h -index 20aa46a5..948865e4 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h -@@ -98,14 +98,13 @@ static inline psa_status_t crypto_caller_cipher_generate_iv( - { .base = psa_ptr_to_u32(&iov), .len = iov_size }, - }; - struct psa_outvec out_vec[] = { -- { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, - { .base = psa_ptr_to_u32(iv), .len = iv_size }, - }; - - status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, - IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); - -- *iv_length = out_vec[1].len; -+ *iv_length = out_vec[0].len; - - return status; - } -@@ -158,14 +157,13 @@ static inline psa_status_t crypto_caller_cipher_update( - { .base = psa_ptr_const_to_u32(input), .len = input_length }, - }; - struct psa_outvec out_vec[] = { -- { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, - { .base = psa_ptr_to_u32(output), .len = output_size }, - }; - - status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, - IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); - -- *output_length = out_vec[1].len; -+ *output_length = out_vec[0].len; - - return status; - } -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h -index 4fb60d44..1e422130 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h -@@ -172,6 +172,8 @@ static inline psa_status_t crypto_caller_hash_clone( - }; - struct psa_invec in_vec[] = { - { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_to_u32(target_op_handle), -+ .len = sizeof(uint32_t) }, - }; - struct psa_outvec out_vec[] = { - { .base = psa_ptr_to_u32(target_op_handle), --- -2.25.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc index 867bd66e4d..3535ddb60e 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc @@ -2,32 +2,13 @@ FILESEXTRAPATHS:prepend:corstone1000 := "${THISDIR}/corstone1000:" COMPATIBLE_MACHINE:corstone1000 = "corstone1000" SRC_URI:append:corstone1000 = " \ - file://0001-Add-openamp-to-SE-proxy-deployment.patch;patchdir=../trusted-services \ - file://0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch;patchdir=../trusted-services \ - file://0003-Add-openamp-rpc-caller.patch;patchdir=../trusted-services \ - file://0004-add-psa-client-definitions-for-ff-m.patch;patchdir=../trusted-services \ - file://0005-Add-common-service-component-to-ipc-support.patch;patchdir=../trusted-services \ - file://0006-Add-secure-storage-ipc-backend.patch;patchdir=../trusted-services \ - file://0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch;patchdir=../trusted-services \ - file://0008-Run-psa-arch-test.patch;patchdir=../trusted-services \ - file://0009-Use-address-instead-of-pointers.patch;patchdir=../trusted-services \ - file://0010-Add-psa-ipc-attestation-to-se-proxy.patch;patchdir=../trusted-services \ - file://0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch;patchdir=../trusted-services;patchdir=../trusted-services \ - file://0012-add-psa-ipc-crypto-backend.patch;patchdir=../trusted-services \ - file://0013-Add-stub-capsule-update-service-components.patch;patchdir=../trusted-services \ - file://0014-Configure-storage-size.patch;patchdir=../trusted-services \ - file://0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch;patchdir=../trusted-services;patchdir=../trusted-services \ - file://0016-Integrate-remaining-psa-ipc-client-APIs.patch;patchdir=../trusted-services \ - file://0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch;patchdir=../trusted-services;patchdir=../trusted-services \ - file://0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch;patchdir=../trusted-services \ - file://0019-plat-corstone1000-change-default-smm-values.patch;patchdir=../trusted-services \ - file://0020-FMP-Support-in-Corstone1000.patch;patchdir=../trusted-services \ - file://0021-smm_gateway-add-checks-for-null-attributes.patch;patchdir=../trusted-services \ - file://0022-GetNextVariableName-Fix.patch;patchdir=../trusted-services \ - file://0023-Use-the-stateless-platform-service.patch;patchdir=../trusted-services \ - file://0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch;patchdir=../trusted-services \ - file://0025-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch;patchdir=../trusted-services \ - file://0026-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch;patchdir=../trusted-services \ + file://0001-Add-stub-capsule-update-service-components.patch;patchdir=../trusted-services \ + file://0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch;patchdir=../trusted-services \ + file://0003-FMP-Support-in-Corstone1000.patch;patchdir=../trusted-services \ + file://0004-GetNextVariableName-Fix.patch;patchdir=../trusted-services \ + file://0005-plat-corstone1000-add-compile-definitions-for-ECP_DP.patch;patchdir=../trusted-services \ + file://0006-plat-corstone1000-Use-the-stateless-platform-service.patch;patchdir=../trusted-services \ + file://0007-plat-corstone1000-Initialize-capsule-update-provider.patch;patchdir=../trusted-services \ " |
