PSA: TFM import from master branch

components/TARGET_PSA/TARGET_TFM/COMPONENT_NSPE/interface/src/tfm_ns_lock_rtx.c

@@ -1,16 +1,14 @@
 /*
- * Copyright (c) 2017-2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2017-2019, Arm Limited. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  *
  */
 #include <stdint.h>
 #include <stdbool.h>
-
 #include "cmsis.h"
 #include "rtx_os.h"
 #include "cmsis_os2.h"
-
 #include "tfm_api.h"
 #include "tfm_ns_lock.h"
 

components/TARGET_PSA/TARGET_TFM/COMPONENT_SPE/bl2/include/tfm_boot_status.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  *
@@ -16,43 +16,165 @@
 extern "C" {
 #endif
 
-/* Major numbers to identify the consumer of shared data in runtime SW */
-#define TLV_MAJOR_CORE 0x0
-#define TLV_MAJOR_IAS 0x1
-
-/* PSA Root of Trust */
-#define TLV_MINOR_IAS_PRoT_SHA256 0x00
-#define TLV_MINOR_IAS_PRoT_SW_VERSION 0x01
-#define TLV_MINOR_IAS_PRoT_EPOCH 0x02
-
-/* Application Root of Trust */
-#define TLV_MINOR_IAS_ARoT_SHA256 0x03
-#define TLV_MINOR_IAS_ARoT_SW_VERSION 0x04
-#define TLV_MINOR_IAS_ARoT_EPOCH 0x05
-
-/* Non-secure processing environment: single non-secure image */
-#define TLV_MINOR_IAS_NSPE_SHA256 0x06
-#define TLV_MINOR_IAS_NSPE_SW_VERSION 0x07
-#define TLV_MINOR_IAS_NSPE_EPOCH 0x08
-
-/* ARoT + PRoT: single secure image */
-#define TLV_MINOR_IAS_S_SHA256 0x09
-#define TLV_MINOR_IAS_S_SW_VERSION 0x0a
-#define TLV_MINOR_IAS_S_EPOCH 0x0b
+/* Major numbers (4 bit) to identify
+ * the consumer of shared data in runtime SW
+ */
+#define TLV_MAJOR_CORE 0x0
+#define TLV_MAJOR_IAS 0x1
 
-/* S + NS: combined secure and non-secure image */
-#define TLV_MINOR_IAS_S_NS_SHA256 0x0c
-#define TLV_MINOR_IAS_S_NS_SW_VERSION 0x0d
-#define TLV_MINOR_IAS_S_NS_EPOCH 0x0e
+/**
+ * The shared data between boot loader and runtime SW is TLV encoded. The
+ * shared data is stored in a well known location in secure memory and this is
+ * a contract between boot loader and runtime SW.
+ *
+ * The structure of shared data must be the following:
+ * - At the beginning there must be a header: struct shared_data_tlv_header
+ * This contains a magic number and a size field which covers the entire
+ * size of the shared data area including this header.
+ * - After the header there come the entries which are composed from an entry
+ * header structure: struct shared_data_tlv_entry and the data. In the entry
+ * header is a type field (tly_type) which identify the consumer of the
+ * entry in the runtime SW and specify the subtype of that data item. There
+ * is a size field (tlv_len) which covers the size of the entry header and
+ * the data. After this structure comes the actual data.
+ * - Arbitrary number and size of data entry can be in the shared memory area.
+ *
+ * This table gives of overview about the tlv_type field in the entry header.
+ * The tlv_type always composed from a major and minor number. Major number
+ * identifies the addressee in runtime SW, who should process the data entry.
+ * Minor number used to encode more info about the data entry. The actual
+ * definition of minor number could change per major number. In case of boot
+ * status data, which is going to be processed by initial attestation service
+ * the minor number is split further to two part: sw_module and claim. The
+ * sw_module identifies the SW component in the system which the data item
+ * belongs to and the claim part identifies the exact type of the data.
+ *
+ * |---------------------------------------|
+ * | tlv_type (16) |
+ * |---------------------------------------|
+ * | tlv_major(4)| tlv_minor(12) |
+ * |---------------------------------------|
+ * | MAJOR_IAS | sw_module(6) | claim(6) |
+ * |---------------------------------------|
+ * | MAJOR_CORE | TBD |
+ * |---------------------------------------|
+ */
 
+/* Initial attestation: SW components / SW modules
+ * This list is intended to be adjusted per device. It contains more SW
+ * components than currently available in TF-M project. It serves as an example,
+ * what kind of SW components might be available.
+ */
+#define SW_GENERAL 0x00
+#define SW_BL2 0x01
+#define SW_PROT 0x02
+#define SW_AROT 0x03
+#define SW_SPE 0x04
+#define SW_NSPE 0x05
+#define SW_S_NS 0x06
+#define SW_MAX 0x07
+
+/* Initial attestation: Claim per SW components / SW modules */
+/* Bits: 0-2 */
+#define SW_VERSION 0x00
+#define SW_SIGNER_ID 0x01
+#define SW_EPOCH 0x02
+#define SW_TYPE 0x03
+/* Bits: 3-5 */
+#define SW_MEASURE_VALUE 0x08
+#define SW_MEASURE_TYPE 0x09
+
+/* Initial attestation: General claim does not belong any particular SW
+ * component. But they might be part of the boot status.
+ */
+#define BOOT_SEED 0x00
+#define HW_VERSION 0x01
+#define SECURITY_LIFECYCLE 0x02
+
+/* Minor numbers (12 bit) to identify attestation service related data */
+#define TLV_MINOR_IAS_BOOT_SEED ((SW_GENERAL << 6) | BOOT_SEED)
+#define TLV_MINOR_IAS_HW_VERSION ((SW_GENERAL << 6) | HW_VERSION)
+#define TLV_MINOR_IAS_SLC ((SW_GENERAL << 6) | SECURITY_LIFECYCLE)
+
+/* Bootloader - It can be more stage */
+#define TLV_MINOR_IAS_BL2_MEASURE_VALUE ((SW_BL2 << 6) | SW_MEASURE_VALUE)
+#define TLV_MINOR_IAS_BL2_MEASURE_TYPE ((SW_BL2 << 6) | SW_MEASURE_TYPE)
+#define TLV_MINOR_IAS_BL2_VERSION ((SW_BL2 << 6) | SW_VERSION)
+#define TLV_MINOR_IAS_BL2_SIGNER_ID ((SW_BL2 << 6) | SW_SIGNER_ID)
+#define TLV_MINOR_IAS_BL2_EPOCH ((SW_BL2 << 6) | SW_EPOCH)
+#define TLV_MINOR_IAS_BL2_TYPE ((SW_BL2 << 6) | SW_TYPE)
+
+/* PROT: PSA Root of Trust */
+#define TLV_MINOR_IAS_PROT_MEASURE_VALUE ((SW_PROT << 6) | SW_MEASURE_VALUE)
+#define TLV_MINOR_IAS_PROT_MEASURE_TYPE ((SW_PROT << 6) | SW_MEASURE_TYPE)
+#define TLV_MINOR_IAS_PROT_VERSION ((SW_PROT << 6) | SW_VERSION)
+#define TLV_MINOR_IAS_PROT_SIGNER_ID ((SW_PROT << 6) | SW_SIGNER_ID)
+#define TLV_MINOR_IAS_PROT_EPOCH ((SW_PROT << 6) | SW_EPOCH)
+#define TLV_MINOR_IAS_PROT_TYPE ((SW_PROT << 6) | SW_TYPE)
+
+/* AROT: Application Root of Trust */
+#define TLV_MINOR_IAS_AROT_MEASURE_VALUE ((SW_AROT << 6) | SW_MEASURE_VALUE)
+#define TLV_MINOR_IAS_AROT_MEASURE_TYPE ((SW_AROT << 6) | SW_MEASURE_TYPE)
+#define TLV_MINOR_IAS_AROT_VERSION ((SW_AROT << 6) | SW_VERSION)
+#define TLV_MINOR_IAS_AROT_SIGNER_ID ((SW_AROT << 6) | SW_SIGNER_ID)
+#define TLV_MINOR_IAS_AROT_EPOCH ((SW_AROT << 6) | SW_EPOCH)
+#define TLV_MINOR_IAS_AROT_TYPE ((SW_AROT << 6) | SW_TYPE)
+
+/* Non-secure processing environment - single non-secure image */
+#define TLV_MINOR_IAS_NSPE_MEASURE_VALUE ((SW_NSPE << 6) | SW_MEASURE_VALUE)
+#define TLV_MINOR_IAS_NSPE_MEASURE_TYPE ((SW_NSPE << 6) | SW_MEASURE_TYPE)
+#define TLV_MINOR_IAS_NSPE_VERSION ((SW_NSPE << 6) | SW_VERSION)
+#define TLV_MINOR_IAS_NSPE_SIGNER_ID ((SW_NSPE << 6) | SW_SIGNER_ID)
+#define TLV_MINOR_IAS_NSPE_EPOCH ((SW_NSPE << 6) | SW_EPOCH)
+#define TLV_MINOR_IAS_NSPE_TYPE ((SW_NSPE << 6) | SW_TYPE)
+
+/* Secure processing environment (ARoT + PRoT) - single secure image */
+#define TLV_MINOR_IAS_SPE_MEASURE_VALUE ((SW_SPE << 6) | SW_MEASURE_VALUE)
+#define TLV_MINOR_IAS_SPE_MEASURE_TYPE ((SW_SPE << 6) | SW_MEASURE_TYPE)
+#define TLV_MINOR_IAS_SPE_VERSION ((SW_SPE << 6) | SW_VERSION)
+#define TLV_MINOR_IAS_SPE_SIGNER_ID ((SW_SPE << 6) | SW_SIGNER_ID)
+#define TLV_MINOR_IAS_SPE_EPOCH ((SW_SPE << 6) | SW_EPOCH)
+#define TLV_MINOR_IAS_SPE_TYPE ((SW_SPE << 6) | SW_TYPE)
+
+/* SPE + NSPE - combined secure and non-secure image */
+#define TLV_MINOR_IAS_S_NS_MEASURE_VALUE ((SW_S_NS << 6) | SW_MEASURE_VALUE)
+#define TLV_MINOR_IAS_S_NS_MEASURE_TYPE ((SW_S_NS << 6) | SW_MEASURE_TYPE)
+#define TLV_MINOR_IAS_S_NS_VERSION ((SW_S_NS << 6) | SW_VERSION)
+#define TLV_MINOR_IAS_S_NS_SIGNER_ID ((SW_S_NS << 6) | SW_SIGNER_ID)
+#define TLV_MINOR_IAS_S_NS_EPOCH ((SW_S_NS << 6) | SW_EPOCH)
+#define TLV_MINOR_IAS_S_NS_TYPE ((SW_S_NS << 6) | SW_TYPE)
+
+/* General macros to handle TLV type */
+#define MAJOR_MASK 0xF /* 4 bit */
+#define MAJOR_POS 12 /* 12 bit */
+#define MINOR_MASK 0xFFF /* 12 bit */
+
+#define SET_TLV_TYPE(major, minor) \
+ ((((major) & MAJOR_MASK) << MAJOR_POS) | ((minor) & MINOR_MASK))
+#define GET_MAJOR(tlv_type) ((tlv_type) >> MAJOR_POS)
+#define GET_MINOR(tlv_type) ((tlv_type) & MINOR_MASK)
+
+/* Initial attestation specific macros */
+#define MODULE_POS 6 /* 6 bit */
+#define CLAIM_MASK 0x3F /* 6 bit */
+#define MEASUREMENT_CLAIM_POS 3 /* 3 bit */
+
+#define GET_IAS_MODULE(tlv_type) (GET_MINOR(tlv_type) >> MODULE_POS)
+#define GET_IAS_CLAIM(tlv_type) (GET_MINOR(tlv_type) & CLAIM_MASK)
+#define SET_IAS_MINOR(sw_module, claim) (((sw_module) << 6) | (claim))
+
+#define GET_IAS_MEASUREMENT_CLAIM(ias_claim) ((ias_claim) >> \
+ MEASUREMENT_CLAIM_POS)
+
+/* Magic value which marks the beginning of shared data area in memory */
 #define SHARED_DATA_TLV_INFO_MAGIC 0x2016
 
 /**
  * Shared data TLV header. All fields in little endian.
  *
- * ---------------------------
- * | tlv_magic | tlv_tot_len |
- * ---------------------------
+ * -----------------------------------
+ * | tlv_magic(16) | tlv_tot_len(16) |
+ * -----------------------------------
  */
 struct shared_data_tlv_header {
  uint16_t tlv_magic;
@@ -64,15 +186,14 @@ struct shared_data_tlv_header {
 /**
  * Shared data TLV entry header format. All fields in little endian.
  *
- * ---------------------------------------------
- * | tlv_major_type | tlv_minor_type | tlv_len |
- * ---------------------------------------------
- * |  Raw data  |
- * ---------------------------------------------
+ * -------------------------------
+ * | tlv_type(16) |  tlv_len(16) |
+ * -------------------------------
+ * | Raw data |
+ * -------------------------------
  */
 struct shared_data_tlv_entry {
- uint8_t tlv_major_type;
- uint8_t tlv_minor_type;
+ uint16_t tlv_type;
  uint16_t tlv_len; /* size of single TLV entry (including this header). */
 };
 

components/TARGET_PSA/TARGET_TFM/COMPONENT_SPE/secure_fw/core/dir_core.dox

@@ -0,0 +1,16 @@
+/*
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+//This file holds description for the current directory. This documentation
+//will be included in the Doxygen output.
+
+/*!
+\dir
+\brief Source code for the TF-M core.
+\details This directory holds the source code of the "TF-M core" module.
+
+*/

components/TARGET_PSA/TARGET_TFM/COMPONENT_SPE/secure_fw/core/ipc/include/tfm_message_queue.h

@@ -16,7 +16,7 @@ struct tfm_msg_body_t {
  int32_t magic;
  struct tfm_spm_service_t *service; /* RoT service pointer */
  psa_handle_t handle; /* Connected Service handle */
- struct tfm_event_ctx ack_mtx; /* Event for ack reponse */
+ struct tfm_event_t ack_evnt;  /* Event for ack reponse */
  psa_msg_t msg; /* PSA message body */
  psa_invec invec[PSA_MAX_IOVEC]; /* Put in/out vectors in msg body */
  psa_outvec outvec[PSA_MAX_IOVEC];

components/TARGET_PSA/TARGET_TFM/COMPONENT_SPE/secure_fw/core/ipc/include/tfm_spm.h

@@ -59,7 +59,7 @@ struct tfm_spm_service_t {
 struct tfm_spm_ipc_partition_t {
  int32_t index; /* Partition index */
  int32_t id; /* Secure partition ID */
- struct tfm_event_ctx signal_event; /* Event signal */
+ struct tfm_event_t signal_evnt;  /* Event signal */
  uint32_t signals; /* Service signals had been triggered*/
  uint32_t signal_mask; /* Service signal mask passed by psa_wait() */
  struct tfm_list_node_t service_list;/* Service list */

components/TARGET_PSA/TARGET_TFM/COMPONENT_SPE/secure_fw/core/ipc/include/tfm_svcalls.h

@@ -58,7 +58,7 @@ psa_handle_t tfm_svcall_psa_connect(uint32_t *args, int32_t ns_caller);
  * handle, in_vec, in_len, out_vec, out_len.
  * \param[in] ns_caller If 'non-zero', call from non-secure client.
  * Or from secure client.
- * \param[in] lr Link register to be stored
+ * \param[in] lr EXC_RETURN value of the SVC.
  *
  * \retval >=0 RoT Service-specific status value.
  * \retval <0 RoT Service-specific error code.
@@ -74,7 +74,8 @@ psa_handle_t tfm_svcall_psa_connect(uint32_t *args, int32_t ns_caller);
  * \arg The message is unrecognized by the RoT
  * Service or incorrectly formatted.
  */
-psa_status_t tfm_svcall_psa_call(uint32_t *args, int32_t ns_caller, uint32_t lr);
+psa_status_t tfm_svcall_psa_call(uint32_t *args, int32_t ns_caller,
+ uint32_t lr);
 
 /**
  * \brief SVC handler for \ref psa_close.
@@ -97,7 +98,7 @@ void tfm_svcall_psa_close(uint32_t *args, int32_t ns_caller);
  *
  * \param[in] svc_num SVC number
  * \param[in] ctx Argument context
- * \param[in] lr Link register to be stored
+ * \param[in] lr EXC_RETURN value of the SVC.
  *
  * \returns Return values from those who has,
  * or PSA_SUCCESS.