tf-m: Add Attestation support for nRF54L15

Add support for PSA Attestation to the nRF54L15. Ref: NCSDK-22598 Signed-off-by: Sigurd Hellesvik <sigurd.hellesvik@nordicsemi.no>
nrfconnect · Dec 18, 2024 · b23171c · b23171c
1 parent 16aff7b
commit b23171c
Show file tree

Hide file tree

Showing 9 changed files with 78 additions and 5 deletions.
diff --git a/lib/identity_key/Kconfig b/lib/identity_key/Kconfig
@@ -36,3 +36,14 @@ config IDENTITY_KEY_DUMMY
 	  testing purposes.
 
 endif # IDENTITY_KEY
+
+config IDENTITY_KEY_TFM
+	bool "Identity key support in TF-M"
+	depends on HAS_HW_NRF_CC3XX
+	depends on TRUSTED_EXECUTION_NONSECURE
+	default y if SOC_NRF5340_CPUAPP || SOC_SERIES_NRF91X
+	help
+	  This option adds support for an identity key stored in the KMU to TF-M.
+	  The key is stored in an encrypted form and is decrypted
+	  by the identity key library.
+	  The identity key is an ECC secp256r1 key pair.
diff --git a/modules/trusted-firmware-m/CMakeLists.txt b/modules/trusted-firmware-m/CMakeLists.txt
@@ -294,6 +294,13 @@ if(CONFIG_NRF_SECURE_APPROTECT_USER_HANDLING)
   )
 endif()
 
+if(CONFIG_IDENTITY_KEY_TFM)
+  set_property(TARGET zephyr_property_target
+    APPEND PROPERTY TFM_CMAKE_OPTIONS
+    -DCONFIG_IDENTITY_KEY_TFM=ON
+  )
+endif()
+
 zephyr_include_directories(${ZEPHYR_NRF_MODULE_DIR}/include/tfm)
 
 # Default values from config_base.h in TF-M.

diff --git a/modules/trusted-firmware-m/Kconfig.tfm.defconfig b/modules/trusted-firmware-m/Kconfig.tfm.defconfig
@@ -66,7 +66,7 @@ config TFM_PARTITION_INITIAL_ATTESTATION
 	select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT
 	select PSA_WANT_ALG_ECDSA
 	select PSA_WANT_ECC_SECP_R1_256
-	select SECURE_BOOT_STORAGE
+	select SECURE_BOOT_STORAGE if TRUSTED_EXECUTION_SECURE
 
 config TFM_PARTITION_PROTECTED_STORAGE
 	bool

diff --git a/modules/trusted-firmware-m/tfm_boards/CMakeLists.txt b/modules/trusted-firmware-m/tfm_boards/CMakeLists.txt
@@ -115,7 +115,7 @@ if (${TFM_PARTITION_CRYPTO})
     tfm_sprt
   )
 
-  if (${TFM_PARTITION_INITIAL_ATTESTATION})
+  if ((${TFM_PARTITION_INITIAL_ATTESTATION}) AND CONFIG_IDENTITY_KEY_TFM)
     target_sources(platform_s
       PRIVATE
       ${ZEPHYR_NRF_MODULE_DIR}/lib/identity_key/identity_key.c

diff --git a/modules/trusted-firmware-m/tfm_boards/common/attest_hal.c b/modules/trusted-firmware-m/tfm_boards/common/attest_hal.c
@@ -8,16 +8,29 @@
 
 #include <stddef.h>
 #include <stdint.h>
+#include <psa/error.h>
+#include <psa/crypto.h>
 #include "tfm_attest_hal.h"
 #include "tfm_plat_boot_seed.h"
 #include "tfm_plat_device_id.h"
 #include "tfm_plat_otp.h"
-#include <nrf_cc3xx_platform.h>
 #include "tfm_strnlen.h"
 #include "nrf_provisioning.h"
-#include <nrfx_nvmc.h>
 #include <bl_storage.h>
 
+#ifdef CONFIG_NRFX_NVMC
+#include <nrfx_nvmc.h>
+#endif
+#ifdef CONFIG_HAS_HW_NRF_CC3XX
+#include <nrf_cc3xx_platform.h>
+#endif
+
+#if defined(CONFIG_CRACEN_HW_PRESENT)
+static bool boot_seed_not_set = true;
+static uint8_t boot_seed[BOOT_SEED_SIZE];
+#endif
+
+
 static enum tfm_security_lifecycle_t map_bl_storage_lcs_to_tfm_slc(enum lcs lcs)
 {
 	switch (lcs) {
@@ -122,8 +135,11 @@ enum tfm_plat_err_t tfm_attest_hal_get_profile_definition(uint32_t *size, uint8_
 
 enum tfm_plat_err_t tfm_plat_get_boot_seed(uint32_t size, uint8_t *buf)
 {
+#if defined(CONFIG_HAS_HW_NRF_CC3XX)
 	int nrf_err;
 
+	_Static_assert(NRF_CC3XX_PLATFORM_TFM_BOOT_SEED_SIZE == BOOT_SEED_SIZE,
+		"NRF_CC3XX_PLATFORM_TFM_BOOT_SEED_SIZE must match BOOT_SEED_SIZE");
 	if (size != NRF_CC3XX_PLATFORM_TFM_BOOT_SEED_SIZE) {
 		return TFM_PLAT_ERR_INVALID_INPUT;
 	}
@@ -132,7 +148,24 @@ enum tfm_plat_err_t tfm_plat_get_boot_seed(uint32_t size, uint8_t *buf)
 	if (nrf_err != NRF_CC3XX_PLATFORM_SUCCESS) {
 		return TFM_PLAT_ERR_SYSTEM_ERR;
 	}
+#elif defined(CONFIG_CRACEN_HW_PRESENT)
+	if (boot_seed_not_set) {
+		psa_status_t  psa_err = psa_generate_random(boot_seed, sizeof(boot_seed));
+
+		if (psa_err != PSA_SUCCESS) {
+			return TFM_PLAT_ERR_SYSTEM_ERR;
+		}
+
+		boot_seed_not_set = false;
+	}
 
+	if (size != BOOT_SEED_SIZE) {
+		return TFM_PLAT_ERR_INVALID_INPUT;
+	}
+	memcpy(buf, boot_seed, size);
+#else
+#error "No crypto hardware to generate boot seed available."
+#endif
 	return TFM_PLAT_ERR_SUCCESS;
 }
 

diff --git a/modules/trusted-firmware-m/tfm_boards/nrf54l15_cpuapp/config.cmake b/modules/trusted-firmware-m/tfm_boards/nrf54l15_cpuapp/config.cmake
@@ -13,3 +13,11 @@ include(${PLATFORM_PATH}/common/${NRF_SOC_VARIANT}/config.cmake)
 
 # Override PS_CRYPTO_KDF_ALG
 set(PS_CRYPTO_KDF_ALG                  PSA_ALG_SP800_108_COUNTER_CMAC CACHE STRING    "KDF Algorithm to use")
+
+
+# attest_hal.c includes bl_storage.h, which needs CONFIG_NRFX_RRAMC to be defined.
+# This is because bl_stoarge is a lib intended to be run from either the bootloader (Zephyr) or from
+# TF-M. CONFIG_NRFX_RRAMC can also not be set for NSPE, so we can not inherit this from app Kconfig.
+if (TFM_PARTITION_INITIAL_ATTESTATION)
+  add_compile_definitions(CONFIG_NRFX_RRAMC)
+endif()
diff --git a/samples/tfm/tfm_psa_template/boards/nrf54l15dk_nrf54l15_cpuapp_ns.conf b/samples/tfm/tfm_psa_template/boards/nrf54l15dk_nrf54l15_cpuapp_ns.conf
@@ -0,0 +1,8 @@
+CONFIG_SPI_NOR=n
+CONFIG_PM_PARTITION_SIZE_TFM=0x50800
+
+# Since provisioning is not done for the nRF54L15 yet,
+# we will use dummy provisioning for now.
+CONFIG_TFM_NRF_PROVISIONING=n
+CONFIG_TFM_DUMMY_PROVISIONING=y
+
diff --git a/samples/tfm/tfm_psa_template/sysbuild/mcuboot/boards/nrf54l15dk_nrf54l15_cpuapp.conf b/samples/tfm/tfm_psa_template/sysbuild/mcuboot/boards/nrf54l15dk_nrf54l15_cpuapp.conf
@@ -0,0 +1,6 @@
+CONFIG_PM_PARTITION_SIZE_MCUBOOT=0xb800
+CONFIG_SPI_NOR=n
+CONFIG_BOOT_MAX_IMG_SECTORS=256
+
+# FPROTECT is set in NSIB instead
+CONFIG_FPROTECT=n
diff --git a/subsys/bootloader/bl_storage/Kconfig b/subsys/bootloader/bl_storage/Kconfig
@@ -6,4 +6,4 @@
 
 config SECURE_BOOT_STORAGE
 	bool "Library for accessing the bootloader storage"
-	select NRFX_RRAMC if SOC_SERIES_NRF54LX
+	select NRFX_RRAMC if SOC_SERIES_NRF54LX && !TRUSTED_EXECUTION_NONSECURE