Direct access rot rebased (ARMmbed#158)

* Add direct root access functions for getting RoT from kvstore. * Use naming consistent with cloud client configs * Change configs to use kvstore
yossi2le · Jan 18, 2019 · 39c36c7 · 39c36c7
1 parent 7a4078f
commit 39c36c7
Show file tree

Hide file tree

Showing 13 changed files with 111 additions and 134 deletions.
diff --git a/Jenkinsfile b/Jenkinsfile
@@ -179,7 +179,7 @@ def bootloaderBuildStep(stepName,
 def build_test_config = [
  "K64F": [
  "mbed_app.json",
- "configs/internal_flash_nvstore.json",
+ "configs/internal_flash_kvstore.json",
  "configs/internal_flash_fake_rot.json"],
  "NUCLEO_F429ZI": ["mbed_app.json"],
  "UBLOX_EVK_ODIN_W2": ["mbed_app.json"],

diff --git a/configs/block_device_fake_rot.json b/configs/block_device_fake_rot.json
@@ -5,13 +5,12 @@
  ],
  "target_overrides": {
  "*": {
- "target.features_remove" : ["LWIP", "STORAGE"],
  "platform.stdio-baud-rate" : 115200,
  "platform.stdio-flush-at-exit" : false,
  "update-client.firmware-header-version": "2",
  "target.components_add" : ["SD"],
  "sd.CRC_ENABLED" : 0,
- "mbed-bootloader.use-nvstore-rot" : 0,
+ "mbed-bootloader.use-kvstore-rot" : 0,
  "update-client.storage-address" : "(1024*1024*64)",
  "update-client.storage-size" : "(1024*1024*2)",
  "update-client.storage-locations" : 1

diff --git a/configs/internal_flash_fake_rot.json b/configs/internal_flash_fake_rot.json
@@ -7,7 +7,7 @@
  "platform.stdio-baud-rate": 115200,
  "platform.stdio-flush-at-exit": false,
  "update-client.firmware-header-version": "2",
- "mbed-bootloader.use-nvstore-rot": 0
+ "mbed-bootloader.use-kvstore-rot": 0
  },
  "K64F": {
  "update-client.application-details" : "( 40*1024)",

diff --git a/configs/internal_flash_nvstore.json → configs/internal_flash_kvstore.json b/configs/internal_flash_nvstore.json → configs/internal_flash_kvstore.json
@@ -9,10 +9,8 @@
  "update-client.firmware-header-version": "2"
  },
  "K64F": {
- "nvstore.area_1_address" : "( 32*1024)",
- "nvstore.area_1_size" : "( 4*1024)",
- "nvstore.area_2_address" : "( 36*1024)",
- "nvstore.area_2_size" : "( 4*1024)",
+ "storage_filesystem.internal_base_address" : "(FLASH_START_ADDRESS+32*1024)",
+ "storage_filesystem.rbp_internal_size" : "(2*4*1024)",
  "update-client.application-details" : "( 40*1024)",
  "mbed-bootloader.application-start-address": "( 41*1024)",
  "mbed-bootloader.max-application-size" : "(MBED_CONF_UPDATE_CLIENT_STORAGE_ADDRESS-MBED_CONF_MBED_BOOTLOADER_APPLICATION_START_ADDRESS)",

diff --git a/configs/test_configs/header_separate_after_app.json b/configs/test_configs/header_separate_after_app.json
@@ -12,7 +12,7 @@
  "update-client.storage-locations": 1,
  "update-client.firmware-header-version": "2",
  "sd.CRC_ENABLED": 0,
- "mbed-bootloader.use-nvstore-rot": 0
+ "mbed-bootloader.use-kvstore-rot": 0
  },
  "K64F": {
  "update-client.application-details" : "(FLASH_START_ADDRESS+1020*1024)",

diff --git a/configs/test_configs/header_separate_before_app.json b/configs/test_configs/header_separate_before_app.json
@@ -12,7 +12,7 @@
  "update-client.storage-locations": 1,
  "update-client.firmware-header-version": "2",
  "sd.CRC_ENABLED": 0,
- "mbed-bootloader.use-nvstore-rot": 0
+ "mbed-bootloader.use-kvstore-rot": 0
  },
  "K64F": {
  "update-client.application-details" : "(FLASH_START_ADDRESS+32*1024)",

diff --git a/configs/test_configs/power_cut_test.json b/configs/test_configs/power_cut_test.json
@@ -13,7 +13,7 @@
  "update-client.storage-locations": 1,
  "update-client.firmware-header-version": "2",
  "sd.CRC_ENABLED": 0,
- "mbed-bootloader.use-nvstore-rot": 0
+ "mbed-bootloader.use-kvstore-rot": 0
  },
  "K64F": {
  "update-client.application-details" : "128*1024",

diff --git a/mbed-os.lib b/mbed-os.lib
@@ -1 +1 @@
-https://github.com/ARMmbed/mbed-os/#6a0a86538c0b9b2bfcc4583b1e2b7fea8f4e71e9
+https://github.com/ARMmbed/mbed-os/#41ecde9c30842a9f2f93a7b1542ea414709a90cb
diff --git a/mbed_app.json b/mbed_app.json
@@ -13,29 +13,24 @@
  "update-client.storage-locations": 1,
  "update-client.firmware-header-version": "2",
  "target.components_add": ["SD"],
- "sd.CRC_ENABLED": 0
+ "sd.CRC_ENABLED": 0,
+ "storage.storage_type": "FILESYSTEM"
  },
  "K64F": {
- "nvstore.area_1_address" : "(FLASH_START_ADDRESS+32*1024)",
- "nvstore.area_1_size" : "(4*1024)",
- "nvstore.area_2_address" : "(FLASH_START_ADDRESS+36*1024)",
- "nvstore.area_2_size" : "(4*1024)",
+ "storage_filesystem.internal_base_address" : "(FLASH_START_ADDRESS+32*1024)",
+ "storage_filesystem.rbp_internal_size" : "(2*4*1024)",
  "update-client.application-details" : "(FLASH_START_ADDRESS+40*1024)",
  "mbed-bootloader.application-start-address": "(FLASH_START_ADDRESS+41*1024)"
  },
  "K66F": {
- "nvstore.area_1_address" : "(FLASH_START_ADDRESS+32*1024)",
- "nvstore.area_1_size" : "(4*1024)",
- "nvstore.area_2_address" : "(FLASH_START_ADDRESS+36*1024)",
- "nvstore.area_2_size" : "(4*1024)",
+ "storage_filesystem.internal_base_address" : "(FLASH_START_ADDRESS+32*1024)",
+ "storage_filesystem.rbp_internal_size" : "(2*4*1024)",
  "update-client.application-details" : "(FLASH_START_ADDRESS+40*1024)",
  "mbed-bootloader.application-start-address": "(FLASH_START_ADDRESS+41*1024)"
  },
  "KW24D": {
- "nvstore.area_1_address" : "(FLASH_START_ADDRESS+32*1024)",
- "nvstore.area_1_size" : "(2*1024)",
- "nvstore.area_2_address" : "(FLASH_START_ADDRESS+34*1024)",
- "nvstore.area_2_size" : "(2*1024)",
+ "storage_filesystem.internal_base_address" : "(FLASH_START_ADDRESS+32*1024)",
+ "storage_filesystem.rbp_internal_size" : "(2*2*1024)",
  "update-client.application-details" : "(FLASH_START_ADDRESS+36*1024)",
  "mbed-bootloader.application-start-address": "(FLASH_START_ADDRESS+37*1024)",
  "sd.SPI_CS" : "PTC4",
@@ -44,34 +39,26 @@
  "sd.SPI_CLK" : "PTC5"
  },
  "NUCLEO_L476RG": {
- "nvstore.area_1_address" : "(FLASH_START_ADDRESS+32*1024)",
- "nvstore.area_1_size" : "(2*1024)",
- "nvstore.area_2_address" : "(FLASH_START_ADDRESS+34*1024)",
- "nvstore.area_2_size" : "(2*1024)",
+ "storage_filesystem.internal_base_address" : "(FLASH_START_ADDRESS+32*1024)",
+ "storage_filesystem.rbp_internal_size" : "(2*2*1024)",
  "update-client.application-details" : "(FLASH_START_ADDRESS+36*1024)",
  "mbed-bootloader.application-start-address": "(FLASH_START_ADDRESS+38*1024)"
  },
  "DISCO_L476VG": {
- "nvstore.area_1_address" : "(FLASH_START_ADDRESS+32*1024)",
- "nvstore.area_1_size" : "(2*1024)",
- "nvstore.area_2_address" : "(FLASH_START_ADDRESS+34*1024)",
- "nvstore.area_2_size" : "(2*1024)",
+ "storage_filesystem.internal_base_address" : "(FLASH_START_ADDRESS+32*1024)",
+ "storage_filesystem.rbp_internal_size" : "(2*2*1024)",
  "update-client.application-details" : "(FLASH_START_ADDRESS+36*1024)",
  "mbed-bootloader.application-start-address": "(FLASH_START_ADDRESS+38*1024)"
  },
  "DISCO_L475VG_IOT01A": {
- "nvstore.area_1_address" : "(FLASH_START_ADDRESS+32*1024)",
- "nvstore.area_1_size" : "(2*1024)",
- "nvstore.area_2_address" : "(FLASH_START_ADDRESS+34*1024)",
- "nvstore.area_2_size" : "(2*1024)",
+ "storage_filesystem.internal_base_address" : "(FLASH_START_ADDRESS+32*1024)",
+ "storage_filesystem.rbp_internal_size" : "(2*2*1024)",
  "update-client.application-details" : "(FLASH_START_ADDRESS+36*1024)",
  "mbed-bootloader.application-start-address": "(FLASH_START_ADDRESS+38*1024)"
  },
  "NUCLEO_F411RE": {
- "nvstore.area_1_address" : "(FLASH_START_ADDRESS+32*1024)",
- "nvstore.area_1_size" : "(16*1024)",
- "nvstore.area_2_address" : "(FLASH_START_ADDRESS+48*1024)",
- "nvstore.area_2_size" : "(16*1024)",
+ "storage_filesystem.internal_base_address" : "(FLASH_START_ADDRESS+32*1024)",
+ "storage_filesystem.rbp_internal_size" : "(2*16*1024)",
  "update-client.application-details" : "(FLASH_START_ADDRESS+64*1024)",
  "mbed-bootloader.application-start-address": "(FLASH_START_ADDRESS+65*1024)",
  "sd.SPI_CS" : "PB_9",
@@ -80,18 +67,14 @@
  "sd.SPI_CLK" : "PC_7"
  },
  "NUCLEO_F429ZI": {
- "nvstore.area_1_address" : "(FLASH_START_ADDRESS+32*1024)",
- "nvstore.area_1_size" : "(16*1024)",
- "nvstore.area_2_address" : "(FLASH_START_ADDRESS+48*1024)",
- "nvstore.area_2_size" : "(16*1024)",
+ "storage_filesystem.internal_base_address" : "(FLASH_START_ADDRESS+32*1024)",
+ "storage_filesystem.rbp_internal_size" : "(2*16*1024)",
  "update-client.application-details" : "(FLASH_START_ADDRESS+64*1024)",
  "mbed-bootloader.application-start-address": "(FLASH_START_ADDRESS+65*1024)"
  },
  "NUCLEO_F207ZG": {
- "nvstore.area_1_address" : "(FLASH_START_ADDRESS+32*1024)",
- "nvstore.area_1_size" : "(16*1024)",
- "nvstore.area_2_address" : "(FLASH_START_ADDRESS+48*1024)",
- "nvstore.area_2_size" : "(16*1024)",
+ "storage_filesystem.internal_base_address" : "(FLASH_START_ADDRESS+32*1024)",
+ "storage_filesystem.rbp_internal_size" : "(2*16*1024)",
  "update-client.application-details" : "(FLASH_START_ADDRESS+64*1024)",
  "mbed-bootloader.application-start-address": "(FLASH_START_ADDRESS+65*1024)",
  "sd.SPI_MOSI" : "PC_12",
@@ -101,26 +84,20 @@
  },
  "UBLOX_EVK_ODIN_W2": {
  "target.device_has_remove": ["EMAC"],
- "nvstore.area_1_address" : "(FLASH_START_ADDRESS+32*1024)",
- "nvstore.area_1_size" : "(16*1024)",
- "nvstore.area_2_address" : "(FLASH_START_ADDRESS+48*1024)",
- "nvstore.area_2_size" : "(16*1024)",
+ "storage_filesystem.internal_base_address" : "(FLASH_START_ADDRESS+32*1024)",
+ "storage_filesystem.rbp_internal_size" : "(2*16*1024)",
  "update-client.application-details" : "(FLASH_START_ADDRESS+64*1024)",
  "mbed-bootloader.application-start-address": "(FLASH_START_ADDRESS+65*1024)"
  },
  "UBLOX_C030_U201": {
- "nvstore.area_1_address" : "(FLASH_START_ADDRESS+32*1024)",
- "nvstore.area_1_size" : "(16*1024)",
- "nvstore.area_2_address" : "(FLASH_START_ADDRESS+48*1024)",
- "nvstore.area_2_size" : "(16*1024)",
+ "storage_filesystem.internal_base_address" : "(FLASH_START_ADDRESS+32*1024)",
+ "storage_filesystem.rbp_internal_size" : "(2*16*1024)",
  "update-client.application-details" : "(FLASH_START_ADDRESS+64*1024)",
  "mbed-bootloader.application-start-address": "(FLASH_START_ADDRESS+65*1024)"
  },
  "NRF52840_DK": {
- "nvstore.area_1_address" : "(FLASH_START_ADDRESS+1024*1016)",
- "nvstore.area_1_size" : "(4*1024)",
- "nvstore.area_2_address" : "(FLASH_START_ADDRESS+1024*1020)",
- "nvstore.area_2_size" : "(4*1024)",
+ "storage_filesystem.internal_base_address" : "(FLASH_START_ADDRESS+1024*1016)",
+ "storage_filesystem.rbp_internal_size" : "(2*4*1024)",
  "update-client.application-details" : "(FLASH_START_ADDRESS+236*1024)",
  "mbed-bootloader.application-start-address": "(FLASH_START_ADDRESS+237*1024)",
  "target.OUTPUT_EXT" : "hex",

diff --git a/mbed_lib.json b/mbed_lib.json
@@ -38,10 +38,10 @@
  "value": 1,
  "macro_name": "SHOW_PROGRESS_BAR"
  },
- "use-nvstore-rot": {
+ "use-kvstore-rot": {
  "help": "use nvstore implementation of the ROT to authenticate firmware headers",
  "value": 1,
- "macro_name": "ARM_BOOTLOADER_USE_NVSTORE_ROT"
+ "macro_name": "ARM_BOOTLOADER_USE_KVSTORE_ROT"
  }
  },
  "macros": [

diff --git a/source/example_insecure_rot.c b/source/example_insecure_rot.c
@@ -16,7 +16,7 @@
 // limitations under the License.
 // ----------------------------------------------------------------------------
 
-#if !defined(ARM_BOOTLOADER_USE_NVSTORE_ROT) || ARM_BOOTLOADER_USE_NVSTORE_ROT == 0
+#if !defined(ARM_BOOTLOADER_USE_KVSTORE_ROT) || ARM_BOOTLOADER_USE_KVSTORE_ROT == 0
 
 #include <inttypes.h>
 #include <stddef.h>
@@ -52,4 +52,4 @@ int8_t mbed_cloud_client_get_rot_128bit(uint8_t *key_buf, uint32_t length)
  return 0;
 }
 
-#endif // #if !defined(ARM_BOOTLOADER_USE_NVSTORE_ROT) || ARM_BOOTLOADER_USE_NVSTORE_ROT == 0
+#endif // #if !defined(ARM_BOOTLOADER_USE_KVSTORE_ROT) || ARM_BOOTLOADER_USE_KVSTORE_ROT == 0
diff --git a/source/kvstore_rot.cpp b/source/kvstore_rot.cpp
@@ -0,0 +1,72 @@
+// ----------------------------------------------------------------------------
+// Copyright 2019 ARM Ltd.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------
+
+#if defined(ARM_BOOTLOADER_USE_KVSTORE_ROT) && ARM_BOOTLOADER_USE_KVSTORE_ROT == 1
+
+#include <inttypes.h>
+#include <stddef.h>
+#include "DirectAccessDevicekey.h"
+
+#define DEVICE_KEY_SIZE_IN_BYTES (128/8)
+
+/**
+* @brief Function to get the device root of trust
+* @details The device root of trust should be a 128 bit value. It should never leave the device.
+* It should be unique to the device. It should have enough entropy to avoid conventional
+* entropy attacks. The porter should implement the following device signature to provide
+* device root of trust on different platforms.
+*
+* @param key_buf buffer to be filled with the device root of trust.
+* @param length length of the buffer provided to make sure no overflow occurs.
+*
+* @return 0 on success, non-zero on failure.
+*/
+extern "C" int8_t mbed_cloud_client_get_rot_128bit(uint8_t *key_buf, uint32_t length)
+{
+ int8_t error = 0;
+ uint32_t tdb_start_offset = 0;
+ uint32_t tdb_end_offset = 0;
+ size_t actual_len_bytes = 0;
+
+ // Check params
+ if (length < DEVICE_KEY_SIZE_IN_BYTES || key_buf == NULL) {
+ error = -1;
+ }
+
+ // Get TDB parameters
+ if (error == 0) {
+ error = get_expected_internal_TDBStore_position(&tdb_start_offset,
+ &tdb_end_offset);
+ }
+
+ // Read ROT
+ if (error == 0) {
+ error = direct_access_to_devicekey(tdb_start_offset,
+ tdb_end_offset,
+ key_buf,
+ DEVICE_KEY_SIZE_IN_BYTES,
+ &actual_len_bytes);
+ if (actual_len_bytes != DEVICE_KEY_SIZE_IN_BYTES) {
+ error = -1;
+ }
+ }
+
+ return error;
+}
+
+#endif // #if defined(ARM_BOOTLOADER_USE_KVSTORE_ROT) && ARM_BOOTLOADER_USE_KVSTORE_ROT == 1
diff --git a/source/nvstore_rot.cpp b/source/nvstore_rot.cpp