From 0fbe4541dcef127e95c68c617ee20735e87e67e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20B=C3=B8e?= Date: Tue, 14 May 2024 16:30:17 +0200 Subject: [PATCH 01/73] [nrf fromtree] Platform: Nordic: refactor spu_peripheral_config to use base addr MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Refactor spu_peripheral_config to use base addresses instead of IDs as future platforms will need the base address to identify which spu instance to use. (Cherry picked from commit b60bdb62023bc0075a95efc1181bf140b3e1671b) Signed-off-by: Sebastian Bøe Signed-off-by: Frank Audun Kvamtrø --- .../common/core/native_drivers/spu.c | 8 +- .../common/core/native_drivers/spu.h | 8 +- .../nordic_nrf/common/core/target_cfg.c | 94 +++++++++---------- .../common/core/tfm_hal_isolation.c | 2 +- 4 files changed, 58 insertions(+), 54 deletions(-) diff --git a/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.c b/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.c index 63b89f6c5..54b933c89 100644 --- a/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.c +++ b/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.c @@ -283,8 +283,10 @@ uint32_t spu_regions_sram_get_region_size(void) { return SRAM_SECURE_ATTRIBUTION_REGION_SIZE; } -void spu_peripheral_config_secure(const uint8_t periph_id, bool periph_lock) +void spu_peripheral_config_secure(const uint32_t periph_base_address, bool periph_lock) { + uint8_t periph_id = NRFX_PERIPHERAL_ID_GET(periph_base_address); + /* ASSERT checking that this is not an explicit Non-Secure peripheral */ NRFX_ASSERT((NRF_SPU->PERIPHID[periph_id].PERM & SPU_PERIPHID_PERM_SECUREMAPPING_Msk) != @@ -297,8 +299,10 @@ void spu_peripheral_config_secure(const uint8_t periph_id, bool periph_lock) periph_lock); } -void spu_peripheral_config_non_secure(const uint8_t periph_id, bool periph_lock) +void spu_peripheral_config_non_secure(const uint32_t periph_base_address, bool periph_lock) { + uint8_t periph_id = NRFX_PERIPHERAL_ID_GET(periph_base_address); + /* ASSERT checking that this is not an explicit Secure peripheral */ NRFX_ASSERT((NRF_SPU->PERIPHID[periph_id].PERM & SPU_PERIPHID_PERM_SECUREMAPPING_Msk) != diff --git a/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.h b/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.h index 6561a894c..96578c6c9 100644 --- a/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.h +++ b/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.h @@ -100,26 +100,26 @@ void spu_regions_flash_config_non_secure_callable(uint32_t start_addr, uint32_t * * Configure a device peripheral to be accessible from Secure domain only. * - * \param periph_id ID number of a particular peripheral. + * \param periph_base_address Base address of a particular peripheral. * \param periph_lock Variable indicating whether to lock peripheral security * * \note * - peripheral shall not be a Non-Secure only peripheral * - DMA transactions are configured as Secure */ -void spu_peripheral_config_secure(const uint8_t periph_id, bool periph_lock); +void spu_peripheral_config_secure(const uint32_t periph_base_address, bool periph_lock); /** * Configure a device peripheral to be accessible from Non-Secure domain. * - * \param periph_id ID number of a particular peripheral. + * \param periph_base_address Base address of a particular peripheral. * \param periph_lock Variable indicating whether to lock peripheral security * * \note * - peripheral shall not be a Secure-only peripheral * - DMA transactions are configured as Non-Secure */ -void spu_peripheral_config_non_secure(const uint8_t periph_id, bool periph_lock); +void spu_peripheral_config_non_secure(const uint32_t periph_base_address, bool periph_lock); /** * Configure DPPI channels to be accessible from Non-Secure domain. diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.c b/platform/ext/target/nordic_nrf/common/core/target_cfg.c index d5f52b277..5d29dcd32 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.c +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.c @@ -766,25 +766,25 @@ enum tfm_plat_err_t spu_init_cfg(void) enum tfm_plat_err_t spu_periph_init_cfg(void) { /* Peripheral configuration */ -static const uint8_t target_peripherals[] = { +static const uint32_t target_peripherals[] = { /* The following peripherals share ID: * - FPU (FPU cannot be configured in NRF91 series, it's always NS) * - DCNF (On 53, but not 91) */ #ifndef NRF91_SERIES - NRFX_PERIPHERAL_ID_GET(NRF_FPU), + NRF_FPU_S_BASE, #endif /* The following peripherals share ID: * - REGULATORS * - OSCILLATORS */ - NRFX_PERIPHERAL_ID_GET(NRF_REGULATORS), + NRF_REGULATORS_S_BASE, /* The following peripherals share ID: * - CLOCK * - POWER * - RESET (On 53, but not 91) */ - NRFX_PERIPHERAL_ID_GET(NRF_CLOCK), + NRF_CLOCK_S_BASE, /* The following peripherals share ID: (referred to as Serial-Box) * - SPIMx * - SPISx @@ -792,97 +792,97 @@ static const uint8_t target_peripherals[] = { * - TWISx * - UARTEx */ - NRFX_PERIPHERAL_ID_GET(NRF_SPIM0), + NRF_SPIM0_S_BASE, #ifndef SECURE_UART1 /* UART1 is a secure peripheral, so we need to leave Serial-Box 1 as Secure */ - NRFX_PERIPHERAL_ID_GET(NRF_SPIM1), + NRF_SPIM1_S_BASE, #endif - NRFX_PERIPHERAL_ID_GET(NRF_SPIM2), - NRFX_PERIPHERAL_ID_GET(NRF_SPIM3), + NRF_SPIM2_S_BASE, + NRF_SPIM3_S_BASE, #ifdef NRF_SPIM4 - NRFX_PERIPHERAL_ID_GET(NRF_SPIM4), -#endif - NRFX_PERIPHERAL_ID_GET(NRF_SAADC), - NRFX_PERIPHERAL_ID_GET(NRF_TIMER0), - NRFX_PERIPHERAL_ID_GET(NRF_TIMER1), - NRFX_PERIPHERAL_ID_GET(NRF_TIMER2), - NRFX_PERIPHERAL_ID_GET(NRF_RTC0), - NRFX_PERIPHERAL_ID_GET(NRF_RTC1), - NRFX_PERIPHERAL_ID_GET(NRF_DPPIC), + NRF_SPIM4_S_BASE, +#endif + NRF_SAADC_S_BASE, + NRF_TIMER0_S_BASE, + NRF_TIMER1_S_BASE, + NRF_TIMER2_S_BASE, + NRF_RTC0_S_BASE, + NRF_RTC1_S_BASE, + NRF_DPPIC_S_BASE, #ifndef PSA_API_TEST_IPC #ifdef NRF_WDT0 /* WDT0 is used as a secure peripheral in PSA FF tests */ - NRFX_PERIPHERAL_ID_GET(NRF_WDT0), + NRF_WDT0_S_BASE, #endif #ifdef NRF_WDT - NRFX_PERIPHERAL_ID_GET(NRF_WDT), + NRF_WDT_S_BASE, #endif #endif /* PSA_API_TEST_IPC */ #ifdef NRF_WDT1 - NRFX_PERIPHERAL_ID_GET(NRF_WDT1), + NRF_WDT1_S_BASE, #endif /* The following peripherals share ID: * - COMP * - LPCOMP */ #ifdef NRF_COMP - NRFX_PERIPHERAL_ID_GET(NRF_COMP), + NRF_COMP_S_BASE, #endif - NRFX_PERIPHERAL_ID_GET(NRF_EGU0), - NRFX_PERIPHERAL_ID_GET(NRF_EGU1), - NRFX_PERIPHERAL_ID_GET(NRF_EGU2), - NRFX_PERIPHERAL_ID_GET(NRF_EGU3), - NRFX_PERIPHERAL_ID_GET(NRF_EGU4), + NRF_EGU0_S_BASE, + NRF_EGU1_S_BASE, + NRF_EGU2_S_BASE, + NRF_EGU3_S_BASE, + NRF_EGU4_S_BASE, #ifndef PSA_API_TEST_IPC /* EGU5 is used as a secure peripheral in PSA FF tests */ - NRFX_PERIPHERAL_ID_GET(NRF_EGU5), + NRF_EGU5_S_BASE, #endif - NRFX_PERIPHERAL_ID_GET(NRF_PWM0), - NRFX_PERIPHERAL_ID_GET(NRF_PWM1), - NRFX_PERIPHERAL_ID_GET(NRF_PWM2), - NRFX_PERIPHERAL_ID_GET(NRF_PWM3), + NRF_PWM0_S_BASE, + NRF_PWM1_S_BASE, + NRF_PWM2_S_BASE, + NRF_PWM3_S_BASE, #ifdef NRF_PDM - NRFX_PERIPHERAL_ID_GET(NRF_PDM), + NRF_PDM_S_BASE, #endif #ifdef NRF_PDM0 - NRFX_PERIPHERAL_ID_GET(NRF_PDM0), + NRF_PDM0_S_BASE, #endif #ifdef NRF_I2S - NRFX_PERIPHERAL_ID_GET(NRF_I2S), + NRF_I2S_S_BASE, #endif #ifdef NRF_I2S0 - NRFX_PERIPHERAL_ID_GET(NRF_I2S0), + NRF_I2S0_S_BASE, #endif - NRFX_PERIPHERAL_ID_GET(NRF_IPC), + NRF_IPC_S_BASE, #ifndef SECURE_QSPI #ifdef NRF_QSPI - NRFX_PERIPHERAL_ID_GET(NRF_QSPI), + NRF_QSPI_S_BASE, #endif #endif #ifdef NRF_NFCT - NRFX_PERIPHERAL_ID_GET(NRF_NFCT), + NRF_NFCT_S_BASE, #endif #ifdef NRF_MUTEX - NRFX_PERIPHERAL_ID_GET(NRF_MUTEX), + NRF_MUTEX_S_BASE, #endif #ifdef NRF_QDEC0 - NRFX_PERIPHERAL_ID_GET(NRF_QDEC0), + NRF_QDEC0_S_BASE, #endif #ifdef NRF_QDEC1 - NRFX_PERIPHERAL_ID_GET(NRF_QDEC1), + NRF_QDEC1_S_BASE, #endif #ifdef NRF_USBD - NRFX_PERIPHERAL_ID_GET(NRF_USBD), + NRF_USBD_S_BASE, #endif #ifdef NRF_USBREGULATOR - NRFX_PERIPHERAL_ID_GET(NRF_USBREGULATOR), + NRF_USBREGULATOR_S_BASE, #endif - NRFX_PERIPHERAL_ID_GET(NRF_NVMC), - NRFX_PERIPHERAL_ID_GET(NRF_P0), + NRF_NVMC_S_BASE, + NRF_P0_S_BASE, #ifdef NRF_P1 - NRFX_PERIPHERAL_ID_GET(NRF_P1), + NRF_P1_S_BASE, #endif - NRFX_PERIPHERAL_ID_GET(NRF_VMC), + NRF_VMC_S_BASE, }; for (int i = 0; i < ARRAY_SIZE(target_peripherals); i++) { diff --git a/platform/ext/target/nordic_nrf/common/core/tfm_hal_isolation.c b/platform/ext/target/nordic_nrf/common/core/tfm_hal_isolation.c index 69411eaed..e9a01daf5 100644 --- a/platform/ext/target/nordic_nrf/common/core/tfm_hal_isolation.c +++ b/platform/ext/target/nordic_nrf/common/core/tfm_hal_isolation.c @@ -124,7 +124,7 @@ tfm_hal_bind_boundary(const struct partition_load_info_t *p_ldinf, continue; } - spu_peripheral_config_secure(NRFX_PERIPHERAL_ID_GET(plat_data_ptr->periph_start), + spu_peripheral_config_secure(plat_data_ptr->periph_start, SPU_LOCK_CONF_LOCKED); /* From bdde9a9548fa9fa05b97d0b10326d63f2e55a687 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20B=C3=B8e?= Date: Thu, 16 May 2024 14:50:15 +0200 Subject: [PATCH 02/73] [nrf fromtree] Platform: Nordic: Add function for calculating spu instances MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add a function to return the SPU instance that can be used to configure the peripheral at a given base address. Signed-off-by: Sebastian Bøe Change-Id: Ib1e442a54d599c4e42e74903d49920f24e9d8ec9 (Cherry picked from commit 5d8b8249aeea340c593da86c5715d03019c962db) Signed-off-by: Frank Audun Kvamtrø --- .../nordic_nrf/common/core/native_drivers/spu.h | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.h b/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.h index 96578c6c9..2cb75739f 100644 --- a/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.h +++ b/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.h @@ -149,6 +149,19 @@ static inline void spu_gpio_config_non_secure(uint8_t port_number, uint32_t gpio nrf_spu_gpio_config_set(NRF_SPU, port_number, gpio_mask, lock_conf); } +/** + * Return the SPU instance that can be used to configure the + * peripheral at the given base address. + */ +static inline NRF_SPU_Type * spu_instance_from_peripheral_addr(uint32_t peripheral_addr) +{ + /* See the SPU chapter in the IPS for how this is calculated */ + + uint32_t apb_bus_number = peripheral_addr & 0x00FC0000; + + return (NRF_SPU_Type *)(0x50000000 | apb_bus_number); +} + /** * \brief Return base address of a Flash SPU regions * From 1f7aa037b7dae2ba5d8f8b8955897df5601e2867 Mon Sep 17 00:00:00 2001 From: Markus Rekdal Date: Thu, 23 May 2024 09:16:56 +0200 Subject: [PATCH 03/73] [nrf fromtree] Platform: nordic_nrf: Don't configure NRF_VMC as non-secure Dont configure the volatile memory controller as a non-secure peripheral (cherry picked from commit c670a6af1f0a3d7d6389e8879e8de17c1bd442fe) Change-Id: I2489defaf6deb89beba7447ba079ea3e5afebca5 Signed-off-by: Markus Rekdal --- platform/ext/target/nordic_nrf/common/core/target_cfg.c | 1 - 1 file changed, 1 deletion(-) diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.c b/platform/ext/target/nordic_nrf/common/core/target_cfg.c index 5d29dcd32..cd8b65bc6 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.c +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.c @@ -882,7 +882,6 @@ static const uint32_t target_peripherals[] = { #ifdef NRF_P1 NRF_P1_S_BASE, #endif - NRF_VMC_S_BASE, }; for (int i = 0; i < ARRAY_SIZE(target_peripherals); i++) { From 200053993dcd61d1a31e357acf9ba067d505e159 Mon Sep 17 00:00:00 2001 From: Georgios Vasilakis Date: Tue, 28 May 2024 14:09:54 +0200 Subject: [PATCH 04/73] [nrf fromtree] platform: nordic: Add platform memory write service There are some hardware registers in Nordic platforms which are mapped as secure only. In order to allow the non-secure application to control these registers I added here a secure service which allows 32-bit writes to secure mapped memory. The writes are only allowed on addresses and masks defined in a header list. It is also possible to provide an allowed_values list in order to further limit the accepted values. Renamed: tfm_read_ranges.h -> tfm_platform_user_memory_ranges.h since now it can be used for both reads and writes. The list in the current platforms is empty and might be populated later. Signed-off-by: Georgios Vasilakis Change-Id: Ifa31ba73ec07b216a7e987653255fcc6e9d3989c (cherry picked from commit 57b33427d15fbbb966ee3991c1ae4471364259b4) --- ...es.h => tfm_platform_user_memory_ranges.h} | 11 ++- .../services/include/tfm_ioctl_core_api.h | 45 ++++++++++- .../services/include/tfm_platform_hal_ioctl.h | 5 ++ .../core/services/src/tfm_ioctl_core_ns_api.c | 28 +++++++ .../services/src/tfm_platform_hal_ioctl.c | 75 ++++++++++++++++++- ...es.h => tfm_platform_user_memory_ranges.h} | 11 ++- ...es.h => tfm_platform_user_memory_ranges.h} | 11 ++- ...es.h => tfm_platform_user_memory_ranges.h} | 11 ++- 8 files changed, 183 insertions(+), 14 deletions(-) rename platform/ext/target/lairdconnectivity/bl5340_dvk_cpuapp/services/include/{tfm_read_ranges.h => tfm_platform_user_memory_ranges.h} (72%) rename platform/ext/target/nordic_nrf/nrf5340dk_nrf5340_cpuapp/services/include/{tfm_read_ranges.h => tfm_platform_user_memory_ranges.h} (72%) rename platform/ext/target/nordic_nrf/nrf9160dk_nrf9160/services/include/{tfm_read_ranges.h => tfm_platform_user_memory_ranges.h} (62%) rename platform/ext/target/nordic_nrf/nrf9161dk_nrf9161/services/include/{tfm_read_ranges.h => tfm_platform_user_memory_ranges.h} (62%) diff --git a/platform/ext/target/lairdconnectivity/bl5340_dvk_cpuapp/services/include/tfm_read_ranges.h b/platform/ext/target/lairdconnectivity/bl5340_dvk_cpuapp/services/include/tfm_platform_user_memory_ranges.h similarity index 72% rename from platform/ext/target/lairdconnectivity/bl5340_dvk_cpuapp/services/include/tfm_read_ranges.h rename to platform/ext/target/lairdconnectivity/bl5340_dvk_cpuapp/services/include/tfm_platform_user_memory_ranges.h index 83cb01431..be9c72f3b 100644 --- a/platform/ext/target/lairdconnectivity/bl5340_dvk_cpuapp/services/include/tfm_read_ranges.h +++ b/platform/ext/target/lairdconnectivity/bl5340_dvk_cpuapp/services/include/tfm_platform_user_memory_ranges.h @@ -4,8 +4,8 @@ * SPDX-License-Identifier: BSD-3-Clause */ -#ifndef TFM_READ_RANGES_H__ -#define TFM_READ_RANGES_H__ +#ifndef TFM_PLATFORM_USER_MEMORY_RANGES_H__ +#define TFM_PLATFORM_USER_MEMORY_RANGES_H__ #include @@ -33,4 +33,9 @@ static const struct tfm_read_service_range ranges[] = { { .start = FICR_XOSC32MTRIM_ADDR, .size = FICR_XOSC32MTRIM_SIZE }, }; -#endif /* TFM_READ_RANGES_H__ */ +static const struct tfm_write32_service_address tfm_write32_service_addresses[] = { + /* This is a dummy value because this table cannot be empty */ + {.addr = 0xFFFFFFFF, .mask = 0x0, .allowed_values = NULL, .allowed_values_array_size = 0}, +}; + +#endif /* TFM_PLATFORM_USER_MEMORY_RANGES_H__ */ diff --git a/platform/ext/target/nordic_nrf/common/core/services/include/tfm_ioctl_core_api.h b/platform/ext/target/nordic_nrf/common/core/services/include/tfm_ioctl_core_api.h index df3c8d618..4c604642b 100644 --- a/platform/ext/target/nordic_nrf/common/core/services/include/tfm_ioctl_core_api.h +++ b/platform/ext/target/nordic_nrf/common/core/services/include/tfm_ioctl_core_api.h @@ -29,8 +29,8 @@ extern "C" { */ enum tfm_platform_ioctl_core_reqest_types_t { TFM_PLATFORM_IOCTL_READ_SERVICE, + TFM_PLATFORM_IOCTL_WRITE32_SERVICE, TFM_PLATFORM_IOCTL_GPIO_SERVICE, - /* Last core service, start platform specific from this value. */ TFM_PLATFORM_IOCTL_CORE_LAST }; @@ -50,6 +50,20 @@ struct tfm_read_service_out_t { uint32_t result; }; +/** @brief Argument list for each platform write32 service. + */ +struct tfm_write32_service_args_t { + uint32_t addr; + uint32_t value; + uint32_t mask; +}; +/** @brief Output list for each write32 platform service + */ + +struct tfm_write32_service_out_t { + uint32_t result; +}; + enum tfm_gpio_service_type { /** Select which MCU / Subsystem controls the pin */ TFM_GPIO_SERVICE_TYPE_PIN_MCU_SELECT = 0, @@ -88,6 +102,19 @@ struct tfm_gpio_service_out { enum tfm_platform_err_t tfm_platform_mem_read(void *destination, uint32_t addr, size_t len, uint32_t *result); +/** + * @brief Perform a write32 operation. + * + * @param[in] addr Address to write to + * @param[in] value 32 bit value to write + * @param[in] mask Mask applied to the write value + * @param[out] result An enum tfm_write32_service_result value + * + * @return Returns values as specified by the tfm_platform_err_t + */ +enum tfm_platform_err_t tfm_platform_mem_write32(uint32_t addr, uint32_t value, + uint32_t mask, uint32_t *result); + /** @brief Represents an accepted read range. */ struct tfm_read_service_range { @@ -95,6 +122,22 @@ struct tfm_read_service_range { size_t size; }; +/** @brief Represents the accepted addresses and masks for write32 service. + */ +struct tfm_write32_service_address { + uint32_t addr; + uint32_t mask; + const uint32_t *allowed_values; + const uint32_t allowed_values_array_size; +}; + +enum tfm_write32_service_result { + TFM_WRITE32_SERVICE_SUCCESS, + TFM_WRITE32_SERVICE_ERROR_INVALID_ADDRESS, + TFM_WRITE32_SERVICE_ERROR_INVALID_MASK, + TFM_WRITE32_SERVICE_ERROR_INVALID_VALUE, +}; + /** * @brief Perform a GPIO MCU select operation. * diff --git a/platform/ext/target/nordic_nrf/common/core/services/include/tfm_platform_hal_ioctl.h b/platform/ext/target/nordic_nrf/common/core/services/include/tfm_platform_hal_ioctl.h index abe940b66..ca540b552 100644 --- a/platform/ext/target/nordic_nrf/common/core/services/include/tfm_platform_hal_ioctl.h +++ b/platform/ext/target/nordic_nrf/common/core/services/include/tfm_platform_hal_ioctl.h @@ -26,6 +26,11 @@ tfm_platform_hal_read_service(const psa_invec *in_vec, enum tfm_platform_err_t tfm_platform_hal_gpio_service(const psa_invec *in_vec, const psa_outvec *out_vec); + +enum tfm_platform_err_t +tfm_platform_hal_write32_service(const psa_invec *in_vec, + const psa_outvec *out_vec); + #ifdef __cplusplus } #endif diff --git a/platform/ext/target/nordic_nrf/common/core/services/src/tfm_ioctl_core_ns_api.c b/platform/ext/target/nordic_nrf/common/core/services/src/tfm_ioctl_core_ns_api.c index 2370988e2..32f653a90 100644 --- a/platform/ext/target/nordic_nrf/common/core/services/src/tfm_ioctl_core_ns_api.c +++ b/platform/ext/target/nordic_nrf/common/core/services/src/tfm_ioctl_core_ns_api.c @@ -66,3 +66,31 @@ enum tfm_platform_err_t tfm_platform_gpio_pin_mcu_select(uint32_t pin_number, ui return TFM_PLATFORM_ERR_NOT_SUPPORTED; #endif } + +enum tfm_platform_err_t tfm_platform_mem_write32(uint32_t addr, uint32_t value, + uint32_t mask, uint32_t *result) +{ + enum tfm_platform_err_t ret; + psa_invec in_vec; + psa_outvec out_vec; + struct tfm_write32_service_args_t args; + struct tfm_write32_service_out_t out; + + in_vec.base = (const void *)&args; + in_vec.len = sizeof(args); + + out_vec.base = (void *)&out; + out_vec.len = sizeof(out); + + args.addr = addr; + args.value = value; + args.mask = mask; + /* Allowed values cannot be specified by the user */ + + ret = tfm_platform_ioctl(TFM_PLATFORM_IOCTL_WRITE32_SERVICE, &in_vec, + &out_vec); + + *result = out.result; + + return ret; +} diff --git a/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c b/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c index 1fc258743..faab8cf42 100644 --- a/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c +++ b/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c @@ -15,7 +15,7 @@ #include /* This contains the user provided allowed ranges */ -#include +#include #include @@ -127,3 +127,76 @@ tfm_platform_hal_gpio_service(const psa_invec *in_vec, const psa_outvec *out_ve } #endif /* NRF_GPIO_HAS_SEL */ +enum tfm_platform_err_t tfm_platform_hal_write32_service(const psa_invec *in_vec, + const psa_outvec *out_vec) +{ + uint32_t addr; + uint32_t mask; + uint32_t allowed_values_array_size; + + struct tfm_write32_service_args_t *args; + struct tfm_write32_service_out_t *out; + + enum tfm_platform_err_t err; + + if (in_vec->len != sizeof(struct tfm_write32_service_args_t) || + out_vec->len != sizeof(struct tfm_write32_service_out_t)) { + return TFM_PLATFORM_ERR_INVALID_PARAM; + } + + args = (struct tfm_write32_service_args_t *)in_vec->base; + out = (struct tfm_write32_service_out_t *)out_vec->base; + + /* Assume failure, in case we don't find a match */ + out->result = TFM_WRITE32_SERVICE_ERROR_INVALID_ADDRESS; + err = TFM_PLATFORM_ERR_INVALID_PARAM; + + for (size_t i = 0; i < ARRAY_SIZE(tfm_write32_service_addresses); i++) { + addr = tfm_write32_service_addresses[i].addr; + mask = tfm_write32_service_addresses[i].mask; + allowed_values_array_size = + tfm_write32_service_addresses[i].allowed_values_array_size; + + if (args->addr == addr) { + out->result = TFM_WRITE32_SERVICE_ERROR_INVALID_MASK; + + if (args->mask == mask) { + /* Check for allowed values if provided */ + if (allowed_values_array_size > 0 && + tfm_write32_service_addresses[i].allowed_values != NULL) { + bool is_value_allowed = false; + + for (int j = 0; j < allowed_values_array_size; j++) { + + const uint32_t allowed_value = + tfm_write32_service_addresses[i] + .allowed_values[j]; + + if (allowed_value == (args->value & args->mask)) { + is_value_allowed = true; + break; + } + } + + if (!is_value_allowed) { + out->result = + TFM_WRITE32_SERVICE_ERROR_INVALID_VALUE; + break; + } + } + + uint32_t new_value = *(uint32_t *)addr; + /* Invert the mask to convert the masked bits to 0 first */ + new_value &= ~args->mask; + new_value |= (args->value & args->mask); + *(uint32_t *)addr = new_value; + + out->result = TFM_WRITE32_SERVICE_SUCCESS; + err = TFM_PLATFORM_ERR_SUCCESS; + break; + } + } + } + + return err; +} diff --git a/platform/ext/target/nordic_nrf/nrf5340dk_nrf5340_cpuapp/services/include/tfm_read_ranges.h b/platform/ext/target/nordic_nrf/nrf5340dk_nrf5340_cpuapp/services/include/tfm_platform_user_memory_ranges.h similarity index 72% rename from platform/ext/target/nordic_nrf/nrf5340dk_nrf5340_cpuapp/services/include/tfm_read_ranges.h rename to platform/ext/target/nordic_nrf/nrf5340dk_nrf5340_cpuapp/services/include/tfm_platform_user_memory_ranges.h index 83cb01431..be9c72f3b 100644 --- a/platform/ext/target/nordic_nrf/nrf5340dk_nrf5340_cpuapp/services/include/tfm_read_ranges.h +++ b/platform/ext/target/nordic_nrf/nrf5340dk_nrf5340_cpuapp/services/include/tfm_platform_user_memory_ranges.h @@ -4,8 +4,8 @@ * SPDX-License-Identifier: BSD-3-Clause */ -#ifndef TFM_READ_RANGES_H__ -#define TFM_READ_RANGES_H__ +#ifndef TFM_PLATFORM_USER_MEMORY_RANGES_H__ +#define TFM_PLATFORM_USER_MEMORY_RANGES_H__ #include @@ -33,4 +33,9 @@ static const struct tfm_read_service_range ranges[] = { { .start = FICR_XOSC32MTRIM_ADDR, .size = FICR_XOSC32MTRIM_SIZE }, }; -#endif /* TFM_READ_RANGES_H__ */ +static const struct tfm_write32_service_address tfm_write32_service_addresses[] = { + /* This is a dummy value because this table cannot be empty */ + {.addr = 0xFFFFFFFF, .mask = 0x0, .allowed_values = NULL, .allowed_values_array_size = 0}, +}; + +#endif /* TFM_PLATFORM_USER_MEMORY_RANGES_H__ */ diff --git a/platform/ext/target/nordic_nrf/nrf9160dk_nrf9160/services/include/tfm_read_ranges.h b/platform/ext/target/nordic_nrf/nrf9160dk_nrf9160/services/include/tfm_platform_user_memory_ranges.h similarity index 62% rename from platform/ext/target/nordic_nrf/nrf9160dk_nrf9160/services/include/tfm_read_ranges.h rename to platform/ext/target/nordic_nrf/nrf9160dk_nrf9160/services/include/tfm_platform_user_memory_ranges.h index c5e1b09e6..f1419bd6a 100644 --- a/platform/ext/target/nordic_nrf/nrf9160dk_nrf9160/services/include/tfm_read_ranges.h +++ b/platform/ext/target/nordic_nrf/nrf9160dk_nrf9160/services/include/tfm_platform_user_memory_ranges.h @@ -4,8 +4,8 @@ * SPDX-License-Identifier: BSD-3-Clause */ -#ifndef TFM_READ_RANGES_H__ -#define TFM_READ_RANGES_H__ +#ifndef TFM_PLATFORM_USER_MEMORY_RANGES_H__ +#define TFM_PLATFORM_USER_MEMORY_RANGES_H__ #include @@ -25,4 +25,9 @@ static const struct tfm_read_service_range ranges[] = { { .start = FICR_RESTRICTED_ADDR, .size = FICR_RESTRICTED_SIZE }, }; -#endif /* TFM_READ_RANGES_H__ */ +static const struct tfm_write32_service_address tfm_write32_service_addresses[] = { + /* This is a dummy value because this table cannot be empty */ + {.addr = 0xFFFFFFFF, .mask = 0x0, .allowed_values = NULL, .allowed_values_array_size = 0}, +}; + +#endif /* TFM_PLATFORM_USER_MEMORY_RANGES_H__ */ diff --git a/platform/ext/target/nordic_nrf/nrf9161dk_nrf9161/services/include/tfm_read_ranges.h b/platform/ext/target/nordic_nrf/nrf9161dk_nrf9161/services/include/tfm_platform_user_memory_ranges.h similarity index 62% rename from platform/ext/target/nordic_nrf/nrf9161dk_nrf9161/services/include/tfm_read_ranges.h rename to platform/ext/target/nordic_nrf/nrf9161dk_nrf9161/services/include/tfm_platform_user_memory_ranges.h index 2b159f721..61c8fd0e2 100644 --- a/platform/ext/target/nordic_nrf/nrf9161dk_nrf9161/services/include/tfm_read_ranges.h +++ b/platform/ext/target/nordic_nrf/nrf9161dk_nrf9161/services/include/tfm_platform_user_memory_ranges.h @@ -4,8 +4,8 @@ * SPDX-License-Identifier: BSD-3-Clause */ -#ifndef TFM_READ_RANGES_H__ -#define TFM_READ_RANGES_H__ +#ifndef TFM_PLATFORM_USER_MEMORY_RANGES_H__ +#define TFM_PLATFORM_USER_MEMORY_RANGES_H__ #include @@ -25,4 +25,9 @@ static const struct tfm_read_service_range ranges[] = { { .start = FICR_RESTRICTED_ADDR, .size = FICR_RESTRICTED_SIZE }, }; -#endif /* TFM_READ_RANGES_H__ */ +static const struct tfm_write32_service_address tfm_write32_service_addresses[] = { + /* This is a dummy value because this table cannot be empty */ + {.addr = 0xFFFFFFFF, .mask = 0x0, .allowed_values = NULL, .allowed_values_array_size = 0}, +}; + +#endif /* TFM_PLATFORM_USER_MEMORY_RANGES_H__ */ From 90ff6d829d30f45d830a431b0a1879c3bbeab83b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vidar=20Lilleb=C3=B8?= Date: Fri, 19 Jul 2024 13:34:36 +0200 Subject: [PATCH 05/73] [nrf fromtree] ITS: Fix checks for PS usage MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The check for whether file should be encrypted, and be fully written missed some PS usage. Signed-off-by: Vidar Lillebø Change-Id: Ifa7fe00e511a6071b2b5c455df84b8e4f0535c84 (Cherry picked from commit dc7790585c549d9ace3d9bdd9f89da8c2bf64fa0) Signed-off-by: Frank Audun Kvamtrø --- .../tfm_internal_trusted_storage.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/secure_fw/partitions/internal_trusted_storage/tfm_internal_trusted_storage.c b/secure_fw/partitions/internal_trusted_storage/tfm_internal_trusted_storage.c index 691db5305..b98574365 100644 --- a/secure_fw/partitions/internal_trusted_storage/tfm_internal_trusted_storage.c +++ b/secure_fw/partitions/internal_trusted_storage/tfm_internal_trusted_storage.c @@ -111,7 +111,8 @@ static psa_status_t buffer_size_check(int32_t client_id, size_t buffer_size) static psa_status_t tfm_its_crypt_data(int32_t client_id, uint8_t **input, - size_t input_size) + size_t input_size, + size_t offset) { psa_status_t status; #ifdef TFM_PARTITION_PROTECTED_STORAGE @@ -119,6 +120,11 @@ static psa_status_t tfm_its_crypt_data(int32_t client_id, #else { #endif /* TFM_PARTITION_PROTECTED_STORAGE */ + if (offset != 0) { + /* If the data will be encrypted the whole file needs to be written */ + return PSA_ERROR_INVALID_ARGUMENT; + } + status = tfm_its_crypt_file(&g_file_info, g_fid, sizeof(g_fid), @@ -392,11 +398,7 @@ static psa_status_t tfm_its_write_data_to_fs(const int32_t client_id, psa_status_t status; uint8_t *buffer_ptr = data; #ifdef ITS_ENCRYPTION /* ITS_ENCRYPTION */ - /* If the data will be encrypted the whole file needs to be written */ - if (offset != 0) { - return PSA_ERROR_INVALID_ARGUMENT; - } - status = tfm_its_crypt_data(client_id, &buffer_ptr, data_size); + status = tfm_its_crypt_data(client_id, &buffer_ptr, data_size, offset); if (status != PSA_SUCCESS) { return status; } From 7c5a5413d96d7440fd8694348fa9b576b78d1196 Mon Sep 17 00:00:00 2001 From: Markus Lassila Date: Thu, 20 Jun 2024 10:17:24 +0300 Subject: [PATCH 06/73] [nrf fromtree] platform: nordic_nrf: APPROTECT to lock debugging MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit NRF_APPROTECT and NRF_SECURE_APPROTECT to take precedence over other mechanisms when configuring debugging for TF-M. For nRF53 and nRF91x1 the actual locking of firmware is done elsewhere. This further locks the UICR. nRF9160 supports only hardware APPROTECT. This will lock the APPROTECT / SECUREAPPROTECT in the next boot, when the above settings are configured. Change-Id: I5e304be0f8a34c0016488d9ec09929bbcb38481f Signed-off-by: Markus Lassila Signed-off-by: Frank Audun Kvamtrø (Cherry picked from commit 734a51d3b18422ad516e08e7ddc107e921d64180) --- .../nordic_nrf/common/core/CMakeLists.txt | 14 ++++++++++ .../nordic_nrf/common/core/config.cmake | 2 ++ .../nordic_nrf/common/core/target_cfg.c | 28 ++++++++++++++++++- 3 files changed, 43 insertions(+), 1 deletion(-) diff --git a/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt b/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt index 6547d01bd..a42b21cf3 100644 --- a/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt +++ b/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt @@ -208,6 +208,20 @@ if(BL2) ) endif() +if(NRF_APPROTECT) + target_compile_definitions(tfm_spm + PRIVATE + NRF_APPROTECT + ) +endif() + +if(NRF_SECURE_APPROTECT) + target_compile_definitions(tfm_spm + PRIVATE + NRF_SECURE_APPROTECT + ) +endif() + #========================= Files for building NS side platform ================# configure_file(config_nordic_nrf_spe.cmake.in diff --git a/platform/ext/target/nordic_nrf/common/core/config.cmake b/platform/ext/target/nordic_nrf/common/core/config.cmake index 675c541ad..0becc02a0 100644 --- a/platform/ext/target/nordic_nrf/common/core/config.cmake +++ b/platform/ext/target/nordic_nrf/common/core/config.cmake @@ -37,6 +37,8 @@ set(SECURE_UART1 ON CACHE BOOL "Enable secur set(NRF_NS_STORAGE OFF CACHE BOOL "Enable non-secure storage partition") set(BL2 ON CACHE BOOL "Whether to build BL2") set(NRF_NS_SECONDARY ${BL2} CACHE BOOL "Enable non-secure secondary partition") +set(NRF_APPROTECT OFF CACHE BOOL "Enable approtect") +set(NRF_SECURE_APPROTECT OFF CACHE BOOL "Enable secure approtect") # Platform-specific configurations set(CONFIG_TFM_USE_TRUSTZONE ON) diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.c b/platform/ext/target/nordic_nrf/common/core/target_cfg.c index cd8b65bc6..7b6cf571a 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.c +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.c @@ -606,7 +606,33 @@ enum tfm_plat_err_t system_reset_cfg(void) enum tfm_plat_err_t init_debug(void) { -#if defined(NRF91_SERIES) +#if defined(NRF_APPROTECT) || defined(NRF_SECURE_APPROTECT) + +#if !defined(DAUTH_CHIP_DEFAULT) +#error "Debug access controlled by NRF_APPROTECT and NRF_SECURE_APPROTECT." +#endif + +#if defined(NRF_APPROTECT) + /* For nRF53 and nRF91x1 already active. For nRF9160, active in the next boot.*/ + if (nrfx_nvmc_word_writable_check((uint32_t)&NRF_UICR_S->APPROTECT, + UICR_APPROTECT_PALL_Protected)) { + nrfx_nvmc_word_write((uint32_t)&NRF_UICR_S->APPROTECT, UICR_APPROTECT_PALL_Protected); + } else { + return TFM_PLAT_ERR_SYSTEM_ERR; + } +#endif +#if defined(NRF_SECURE_APPROTECT) + /* For nRF53 and nRF91x1 already active. For nRF9160, active in the next boot. */ + if (nrfx_nvmc_word_writable_check((uint32_t)&NRF_UICR_S->SECUREAPPROTECT, + UICR_SECUREAPPROTECT_PALL_Protected)) { + nrfx_nvmc_word_write((uint32_t)&NRF_UICR_S->SECUREAPPROTECT, + UICR_SECUREAPPROTECT_PALL_Protected); + } else { + return TFM_PLAT_ERR_SYSTEM_ERR; + } +#endif + +#elif defined(NRF91_SERIES) #if !defined(DAUTH_CHIP_DEFAULT) #error "Debug access on this platform can only be configured by programming the corresponding registers in UICR." From b61cc79afef425e491ca998f6fa60c857d710438 Mon Sep 17 00:00:00 2001 From: Seppo Takalo Date: Thu, 15 Aug 2024 15:09:45 +0300 Subject: [PATCH 07/73] [nrf fromtree] platform: nordic: Allow reading UICR registers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On certain nRF plaforms, like nRF9160, reading UICR registers might need special handling, which is already implemented in nrfx_nvmc_uicr_word_read() so use that, instead on memcpy(). For more information, see nRF9160 Errata 7. Change-Id: Iea9d0bf4184decd5650b4d4b620fbef0c64a55f6 Signed-off-by: Seppo Takalo (cherry picked from commit ca03e40149cc7a376c7d8f5511df60431b832929) Signed-off-by: Frank Audun Kvamtrø --- .../services/src/tfm_platform_hal_ioctl.c | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c b/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c index faab8cf42..4ca9cad81 100644 --- a/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c +++ b/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c @@ -18,6 +18,7 @@ #include #include +#include #include "handle_attr.h" @@ -61,6 +62,29 @@ tfm_platform_hal_read_service(const psa_invec *in_vec, if (args->addr >= start && args->addr + args->len <= start + size) { +#ifdef NRF_UICR_S_BASE + if (start >= NRF_UICR_S_BASE && + start < (NRF_UICR_S_BASE + sizeof(NRF_UICR_Type))) { + /* Range is inside UICR. Some nRF platforms need special handling */ + uint32_t *src = (uint32_t *)args->addr; + uint32_t *dst = (uint32_t *)args->destination; + uint32_t uicr_end = NRF_UICR_S_BASE + sizeof(NRF_UICR_Type); + + if (!IS_ALIGNED(src, sizeof(uint32_t)) || + (args->len % sizeof(uint32_t)) != 0 || + (args->addr + args->len) > uicr_end) { + return TFM_PLATFORM_ERR_NOT_SUPPORTED; + } + + while (args->len) { + *dst++ = nrfx_nvmc_uicr_word_read(src++); + args->len -= sizeof(uint32_t); + } + out->result = 0; + err = TFM_PLATFORM_ERR_SUCCESS; + break; + } +#endif memcpy(args->destination, (const void *)args->addr, args->len); From 487231c2b8b5831a37f15f82ee16bf0bb6571d88 Mon Sep 17 00:00:00 2001 From: Seppo Takalo Date: Wed, 21 Aug 2024 11:36:04 +0300 Subject: [PATCH 08/73] [nrf fromtree] platform: nordic: Guard nvmc header with soc series MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The anomaly only appears on nRF91 platforms and some platforms do not have NVMC so the header cannot be included. Change-Id: I02c73c9a752599ca9be9320dc19f390aea0f767a Signed-off-by: Seppo Takalo (cherry picked from commit 539dd8949b2f7a9785f447907dfc1e242eeb0965) Signed-off-by: Frank Audun Kvamtrø --- .../common/core/services/src/tfm_platform_hal_ioctl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c b/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c index 4ca9cad81..9b0a4b4a4 100644 --- a/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c +++ b/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c @@ -18,7 +18,9 @@ #include #include +#ifdef NRF91_SERIES #include +#endif #include "handle_attr.h" @@ -62,7 +64,7 @@ tfm_platform_hal_read_service(const psa_invec *in_vec, if (args->addr >= start && args->addr + args->len <= start + size) { -#ifdef NRF_UICR_S_BASE +#ifdef NRF91_SERIES if (start >= NRF_UICR_S_BASE && start < (NRF_UICR_S_BASE + sizeof(NRF_UICR_Type))) { /* Range is inside UICR. Some nRF platforms need special handling */ From 6755e5d01f5276140bf103bf88e48c05bc11a37f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20B=C3=B8e?= Date: Thu, 16 May 2024 14:58:39 +0200 Subject: [PATCH 09/73] [nrf noup] Platform: Nordic: Port spu_peripheral_config MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Port spu_peripheral_config to also support the new API. Signed-off-by: Sebastian Bøe Change-Id: I1763874ce74ad39cbf0ef256ef8edc669038d226 (Cherry-picked from the commit 3f49abfa1c1fe5c316c9c679136aeb98629a70b5) Signed-off-by: Frank Audun Kvamtrø --- .../common/core/native_drivers/spu.c | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.c b/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.c index 54b933c89..5bf8e97f8 100644 --- a/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.c +++ b/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.c @@ -283,10 +283,13 @@ uint32_t spu_regions_sram_get_region_size(void) { return SRAM_SECURE_ATTRIBUTION_REGION_SIZE; } +#endif /* NRF_SPU_HAS_MEMORY */ + void spu_peripheral_config_secure(const uint32_t periph_base_address, bool periph_lock) { uint8_t periph_id = NRFX_PERIPHERAL_ID_GET(periph_base_address); +#if NRF_SPU_HAS_MEMORY /* ASSERT checking that this is not an explicit Non-Secure peripheral */ NRFX_ASSERT((NRF_SPU->PERIPHID[periph_id].PERM & SPU_PERIPHID_PERM_SECUREMAPPING_Msk) != @@ -297,12 +300,26 @@ void spu_peripheral_config_secure(const uint32_t periph_base_address, bool perip 1 /* Secure */, 1 /* Secure DMA */, periph_lock); + +#else + + NRF_SPU_Type * nrf_spu = spu_instance_from_peripheral_addr(periph_base_address); + + uint8_t spu_id = NRFX_PERIPHERAL_ID_GET(nrf_spu); + + uint8_t index = periph_id - spu_id; + + nrf_spu_periph_perm_secattr_set(nrf_spu, index, true /* Secure */); + nrf_spu_periph_perm_dmasec_set(nrf_spu, index, true /* Secure */); + nrf_spu_periph_perm_lock_enable(nrf_spu, index); +#endif } void spu_peripheral_config_non_secure(const uint32_t periph_base_address, bool periph_lock) { uint8_t periph_id = NRFX_PERIPHERAL_ID_GET(periph_base_address); +#if NRF_SPU_HAS_MEMORY /* ASSERT checking that this is not an explicit Secure peripheral */ NRFX_ASSERT((NRF_SPU->PERIPHID[periph_id].PERM & SPU_PERIPHID_PERM_SECUREMAPPING_Msk) != @@ -313,4 +330,15 @@ void spu_peripheral_config_non_secure(const uint32_t periph_base_address, bool p 0 /* Non-Secure */, 0 /* Non-Secure DMA */, periph_lock); +#else + NRF_SPU_Type * nrf_spu = spu_instance_from_peripheral_addr(periph_base_address); + + uint8_t spu_id = NRFX_PERIPHERAL_ID_GET(nrf_spu); + + uint8_t index = periph_id - spu_id; + + nrf_spu_periph_perm_secattr_set(nrf_spu, index, false /* Non-Secure */); + nrf_spu_periph_perm_dmasec_set(nrf_spu, index, false /* Non-Secure */); + nrf_spu_periph_perm_lock_enable(nrf_spu, index); +#endif } From eec5298a5650950f95abe507473029c2145580eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20B=C3=B8e?= Date: Fri, 1 Mar 2024 16:40:14 +0100 Subject: [PATCH 10/73] [nrf noup] crypto: Have CRYPTO_HW_ACCELERATOR support nrf_security MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adjust CRYPTO_HW_ACCELERATOR build scripts to also support nrf_security. Signed-off-by: Sebastian Bøe Signed-off-by: Joakim Andersson (cherry picked from commit c136210082623a0643700832292356fa5a2bb2ae) (cherry picked from commit 38341177b624dd6655e73aa3991085b9825292ed) Signed-off-by: Joakim Andersson (cherry picked from commit 2bdad64794b9c61fe85c7b5ad11c017a02ba9056) Signed-off-by: Markus Swarowsky Change-Id: Ied8e378ef55fe398ea4e45f65b3c270e9e9cd030 Signed-off-by: Markus Swarowsky (cherry picked from commit 5903966d16a4f1d5eb338cf9f03e278d43481124) Signed-off-by: Markus Swarowsky (cherry picked from commit a3a03e56f9a9816d93a6810d6f049b4f0759e45a) Signed-off-by: Frank Audun Kvamtrø --- platform/ext/accelerator/CMakeLists.txt | 11 +++++++++++ secure_fw/partitions/crypto/config_crypto_check.h | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/platform/ext/accelerator/CMakeLists.txt b/platform/ext/accelerator/CMakeLists.txt index f300f7d47..2cab23084 100644 --- a/platform/ext/accelerator/CMakeLists.txt +++ b/platform/ext/accelerator/CMakeLists.txt @@ -5,6 +5,17 @@ # #------------------------------------------------------------------------------- +cmake_policy(SET CMP0079 NEW) + +# TODO: Verify that this works for both minimal and normal configuration +target_compile_definitions(tfm_config + INTERFACE + CRYPTO_HW_ACCELERATOR +) + +# When using nrf_security we don't need these build scripts +return() + if(BL2) add_library(bl2_crypto_hw STATIC) endif() diff --git a/secure_fw/partitions/crypto/config_crypto_check.h b/secure_fw/partitions/crypto/config_crypto_check.h index 9dbcd3458..f1cfbc155 100644 --- a/secure_fw/partitions/crypto/config_crypto_check.h +++ b/secure_fw/partitions/crypto/config_crypto_check.h @@ -12,7 +12,7 @@ /* Check invalid configs. */ #if CRYPTO_NV_SEED && defined(CRYPTO_HW_ACCELERATOR) -#error "Invalid config: CRYPTO_NV_SEED AND CRYPTO_HW_ACCELERATOR!" +// #error "Invalid config: CRYPTO_NV_SEED AND CRYPTO_HW_ACCELERATOR!" #endif #if (!CRYPTO_NV_SEED) && (!defined(CRYPTO_HW_ACCELERATOR)) From 7ff00fae5125885ea7e201ef5fd4ad887f678bfd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20B=C3=B8e?= Date: Fri, 1 Mar 2024 16:41:03 +0100 Subject: [PATCH 11/73] [nrf noup] platform: nrf_nordic: Add temp fix for for secure FPU on 9161 The MDK for nRF9120 used in the nRF9161 target doesn't define the Secure FPU as it doesn't exist, but for other platforms like the 9160 it has a dummy define, with an UNUSED field in the type. The long plan is to get this fixed in the MDK but until then, to make the nrfxlib 3.1.0 update possible this tempfix is applied. Ref: NCSDK-23046 Signed-off-by: Markus Swarowsky Change-Id: I44042ee9aada99c59a5930440306bb6c40ae4880 (cherry picked from commit 6ad9c58f9bd55f386970533d0c9942dabe122945) Signed-off-by: Markus Swarowsky (cherry picked from commit a489e9fe1e8233c84f852db17484b52ebe4720ba) Signed-off-by: Markus Swarowsky --- .../nordic_nrf/common/nrf91/nrfx_config_nrf91.h | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/platform/ext/target/nordic_nrf/common/nrf91/nrfx_config_nrf91.h b/platform/ext/target/nordic_nrf/common/nrf91/nrfx_config_nrf91.h index 8519278be..e95f3920a 100644 --- a/platform/ext/target/nordic_nrf/common/nrf91/nrfx_config_nrf91.h +++ b/platform/ext/target/nordic_nrf/common/nrf91/nrfx_config_nrf91.h @@ -36,6 +36,17 @@ #error "This file should not be included directly. Include nrfx_config.h instead." #endif +/* + * The MDK for nRF9120 used in the nRF9161 target doesn't define the Secure FPU + * as it doesn't exist, but for other platforms like the 9160 it has a dummy + * define. + * Therefore we define it here manually until it is fixed in the MDK. + * See: NCSDK-23046 + */ +#ifdef NRF9120_XXAA +#define NRF_FPU_S 1 +#endif + #define NRF_CLOCK NRF_PERIPH(NRF_CLOCK) #define NRF_DPPIC NRF_PERIPH(NRF_DPPIC) #define NRF_EGU0 NRF_PERIPH(NRF_EGU0) From 813a9816222998e9458f840d459c91965571b54e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Thu, 15 Aug 2024 12:44:17 +0200 Subject: [PATCH 12/73] [nrf noup] secure_fw: Add option to log output on a shared UART instance. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add an option to send the log output from the secure firmware on a UART instance that would be shared with the non-secure application. This option is added where the number of UART instances is limited and the application only cares about the receiving the TF-M log on fatal errors. To allow this option to be enabled the log is disabled in the boot process before the non-secure application is started. It is enabled again when an unrecoverable exception has occurred in the secure firmware. Here is an abandoned upstream PR (with some of the fixes): https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/25905 Note: This has removed any information about cherry-picked items as this is not valid since it is combining efforts form multiple commits Ref: NCSDK-18595 Ref: NCSDK-28740 Signed-off-by: Joakim Andersson Signed-off-by: Markus Swarowsky Signed-off-by: Sebastian Bøe Signed-off-by: Frank Audun Kvamtrø --- config/check_config.cmake | 2 ++ config/config_base.cmake | 3 +++ platform/CMakeLists.txt | 1 + platform/ext/common/exception_info.c | 5 +++++ secure_fw/spm/core/tfm_svcalls.c | 5 +++++ 5 files changed, 16 insertions(+) diff --git a/config/check_config.cmake b/config/check_config.cmake index 1039b22f9..d274ed8a7 100644 --- a/config/check_config.cmake +++ b/config/check_config.cmake @@ -17,6 +17,8 @@ tfm_invalid_config(TFM_MULTI_CORE_TOPOLOGY AND TFM_NS_MANAGE_NSID) tfm_invalid_config(TFM_PLAT_SPECIFIC_MULTI_CORE_COMM AND NOT TFM_MULTI_CORE_TOPOLOGY) tfm_invalid_config(TFM_ISOLATION_LEVEL EQUAL 3 AND CONFIG_TFM_STACK_WATERMARKS) +tfm_invalid_config(CONFIG_TFM_LOG_SHARE_UART AND NOT SECURE_UART1) + ########################## BL1 ################################################# tfm_invalid_config(TFM_BL1_2_IN_OTP AND TFM_BL1_2_IN_FLASH) diff --git a/config/config_base.cmake b/config/config_base.cmake index 6b2540ee6..52aef1ddd 100644 --- a/config/config_base.cmake +++ b/config/config_base.cmake @@ -90,6 +90,9 @@ set(CONFIG_TFM_HALT_ON_CORE_PANIC OFF CACHE BOOL "On fatal e set(CONFIG_TFM_STACK_WATERMARKS OFF CACHE BOOL "Whether to pre-fill partition stacks with a set value to help determine stack usage") +set(PROJECT_CONFIG_HEADER_FILE "${CMAKE_SOURCE_DIR}/config/config_base.h" CACHE FILEPATH "User defined header file for TF-M config") + +set(CONFIG_TFM_LOG_SHARE_UART OFF CACHE BOOL "Allow TF-M and the non-secure application to share the UART instance. TF-M will use it while it is booting, after which the non-secure application will use it until an eventual fatal error is handled and logged by TF-M. Logging from TF-M will therefore otherwise be suppressed") ############################ Platform ########################################## set(NUM_MAILBOX_QUEUE_SLOT 1 CACHE BOOL "Number of mailbox queue slots") diff --git a/platform/CMakeLists.txt b/platform/CMakeLists.txt index 271ac4daf..83feda2f5 100644 --- a/platform/CMakeLists.txt +++ b/platform/CMakeLists.txt @@ -386,6 +386,7 @@ target_compile_definitions(platform_region_defs BL1_TRAILER_SIZE=${BL1_TRAILER_SIZE} $<$:PLATFORM_DEFAULT_BL1> $<$:SECURE_UART1> + $<$:CONFIG_TFM_LOG_SHARE_UART> DAUTH_${DEBUG_AUTHENTICATION} $<$:MCUBOOT_IMAGE_NUMBER=${MCUBOOT_IMAGE_NUMBER}> $<$:MCUBOOT_BUILTIN_KEY> diff --git a/platform/ext/common/exception_info.c b/platform/ext/common/exception_info.c index 03264ba32..5a765f565 100644 --- a/platform/ext/common/exception_info.c +++ b/platform/ext/common/exception_info.c @@ -9,6 +9,7 @@ #include "tfm_spm_log.h" /* "exception_info.h" must be the last include because of the IAR pragma */ #include "exception_info.h" +#include "uart_stdout.h" static struct exception_info_t exception_info; @@ -168,6 +169,10 @@ static void dump_error(const struct exception_info_t *ctx) { bool stack_error = false; +#if defined(CONFIG_TFM_LOG_SHARE_UART) + stdio_init(); +#endif + SPMLOG_ERRMSG("FATAL ERROR: "); switch (ctx->VECTACTIVE) { case EXCEPTION_TYPE_HARDFAULT: diff --git a/secure_fw/spm/core/tfm_svcalls.c b/secure_fw/spm/core/tfm_svcalls.c index c43b98e60..5ed6634a9 100644 --- a/secure_fw/spm/core/tfm_svcalls.c +++ b/secure_fw/spm/core/tfm_svcalls.c @@ -27,6 +27,7 @@ #include "load/spm_load_api.h" #include "load/partition_defs.h" #include "psa/client.h" +#include "uart_stdout.h" #define INVALID_PSP_VALUE 0xFFFFFFFFU @@ -204,6 +205,10 @@ static uint32_t handle_spm_svc_requests(uint32_t svc_number, uint32_t exc_return case TFM_SVC_SPM_INIT: exc_return = tfm_spm_init(); tfm_arch_check_msp_sealing(); + +#if defined(CONFIG_TFM_LOG_SHARE_UART) + stdio_uninit(); +#endif /* The following call does not return */ tfm_arch_free_msp_and_exc_ret(SPM_BOOT_STACK_BOTTOM, exc_return); break; From b6ddb1c1af012d96fd0bf5564b2c8e5ad6342052 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Thu, 15 Aug 2024 13:07:02 +0200 Subject: [PATCH 13/73] [nrf noup] Do not pass PSA_CONFIG again to crypto library MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The MBEDTLS_PSA_CRYPTO_CONFIG_FILE gets already defined in the mbedtls_common target and is included in the nrf-config.h file. TF-M adds the compile definition again, causing a redefined warning when building We may want to refactor this to align better with upstream project Ref: NCSDK-28740 Signed-off-by: Markus Swarowsky Signed-off-by: Frank Audun Kvamtrø --- secure_fw/partitions/crypto/CMakeLists.txt | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/secure_fw/partitions/crypto/CMakeLists.txt b/secure_fw/partitions/crypto/CMakeLists.txt index 1ee4d1e08..24f3764da 100644 --- a/secure_fw/partitions/crypto/CMakeLists.txt +++ b/secure_fw/partitions/crypto/CMakeLists.txt @@ -107,6 +107,18 @@ target_compile_definitions(tfm_config TFM_PARTITION_CRYPTO ) +target_link_libraries(tfm_config + INTERFACE + psa_crypto_config +) + +############################### PSA CRYPTO CONFIG ############################## +add_library(psa_crypto_config INTERFACE) +# target_compile_definitions(psa_crypto_config +# INTERFACE +# MBEDTLS_PSA_CRYPTO_CONFIG_FILE="${TFM_MBEDCRYPTO_PSA_CRYPTO_CONFIG_PATH}" +# ) + ############################### MBEDCRYPTO ##################################### add_library(crypto_service_mbedcrypto_config INTERFACE) From a195051224189edc9952d48aef20ac888f0ba022 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20B=C3=B8e?= Date: Fri, 1 Mar 2024 16:43:35 +0100 Subject: [PATCH 14/73] [nrf noup] Remove check for p256-m MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit TF-M checks if p256-m is available during build time using MBEDCRYPTO_PATH which is set to the TF-M repo to use custom Mbed TLS cmake configurations, but this means the script can not be found. But as Mbed TLS software crypto is not used anyway we can hardcode p256-m to be disabled. Ref: NCSDK-28740 Signed-off-by: Sebastian Bøe Signed-off-by: Markus Swarowsky Signed-off-by: Frank Audun Kvamtrø --- secure_fw/partitions/crypto/CMakeLists.txt | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/secure_fw/partitions/crypto/CMakeLists.txt b/secure_fw/partitions/crypto/CMakeLists.txt index 24f3764da..90ada7036 100644 --- a/secure_fw/partitions/crypto/CMakeLists.txt +++ b/secure_fw/partitions/crypto/CMakeLists.txt @@ -151,20 +151,8 @@ set(GEN_FILES OFF) # Set the prefix to be used by mbedTLS targets set(MBEDTLS_TARGET_PREFIX crypto_service_) -# Check if the p256m driver is enabled in the config file, as that will require a -# dedicated target to be linked in. Note that 0 means SUCCESS here, 1 means FAILURE -set(MBEDTLS_P256M_NOT_FOUND 1) -execute_process(COMMAND - ${Python3_EXECUTABLE} - ${MBEDCRYPTO_PATH}/scripts/config.py -f "${TFM_MBEDCRYPTO_CONFIG_PATH}" get MBEDTLS_PSA_P256M_DRIVER_ENABLED - RESULT_VARIABLE MBEDTLS_P256M_NOT_FOUND) - -if (${MBEDTLS_P256M_NOT_FOUND} EQUAL 0) - message(STATUS "[Crypto service] Using P256M software driver in PSA Crypto backend") - set(MBEDTLS_P256M_ENABLED true) -else() - set(MBEDTLS_P256M_ENABLED false) -endif() +# We use hardware acceleration or ocrypto so disable the P256M module by default +set(MBEDTLS_P256M_ENABLED false) # If the project is configured with CMAKE_BUILD_TYPE="Debug", the value of # MBEDCRYPTO_BUILD_TYPE will be set "RelWithDebInfo" to optimize the space From 566102c1ab08105db643dae75c78c7234100c60c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20B=C3=B8e?= Date: Thu, 7 Mar 2024 11:53:05 +0100 Subject: [PATCH 15/73] [nrf noup] cmake: tools: Dont add a custom command for running the manifest MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit is [nrf noup] because I would like to user-test this for a few months in case of unintended side-effects before upstreaming. In the TF-M build scripts we run the manifest tool twice, first from CMake and then from ninja. It is bad practice to configure CMake projects like this. Instead, if configuration from CMake is necessary, one should configure from CMake only, and then re-run CMake when necessary, not just the command. This organization has been causing problems for our users as they have been required to rebuild TF-M twice. This is due to this scenario playing out: CMake generates config_impl.cmake by invoking the manifest tool at Configure time. CMake generates build.ninja. Ninja generates config_impl.cmake by invoking the manifest tool at build time. When the user then invokes ninja a second time config_impl.cmake will be newer than build.ninja. But CMake is supposed to be includ'ing config_impl.cmake, so build.ninja is now considered out-of-date wrt. config_impl.cmake. ninja therefore invokes CMake again, and then ninja afterwards. Ref: NCSDK-28740 Signed-off-by: Sebastian Bøe Signed-off-by: Frank Audun Kvamtrø --- tools/CMakeLists.txt | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tools/CMakeLists.txt b/tools/CMakeLists.txt index bf37274e8..8467ede01 100644 --- a/tools/CMakeLists.txt +++ b/tools/CMakeLists.txt @@ -159,12 +159,17 @@ set(MANIFEST_COMMAND -o ${CMAKE_BINARY_DIR}/generated ${PARSE_MANIFEST_QUIET_FLAG}) +set(NO_BUILD_CMD_FOR_MANIFEST 1) + +if(NO_BUILD_CMD_FOR_MANIFEST) +else() add_custom_command( OUTPUT ${CMAKE_BINARY_DIR}/generated COMMAND ${MANIFEST_COMMAND} DEPENDS ${MANIFEST_LISTS} ${GENERATED_FILE_LISTS} ${MANIFEST_FILES} ${TEMPLATE_FILES} ) +endif() add_custom_target( manifest_tool From 34785d913921d0732f7caaf7f7a21e44240d45f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Thu, 15 Aug 2024 15:04:10 +0200 Subject: [PATCH 16/73] [nrf noup] crypto: Add PAKE support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is noup commit as upstream TF-M relies on the mbed TLS PSA Core hat does not support the PAKE API's according to 1.2 at the moment. Once this exists then this can be up streamed, or removed if TF-M adds it themself. Added PAKE API support accoding the PSA crypto spec 1.2 Ref: NCSDK-22416 Ref: NCSDK-28740 Signed-off-by: Markus Swarowsky Signed-off-by: Frank Audun Kvamtrø --- interface/include/psa/crypto_extra.h | 1359 +++++++++++++++++ interface/include/psa/crypto_sizes.h | 62 + interface/include/psa/crypto_struct.h | 24 + interface/include/psa/crypto_types.h | 47 + interface/include/psa/crypto_values.h | 37 + interface/include/tfm_crypto_defs.h | 17 +- interface/src/tfm_crypto_api.c | 155 ++ secure_fw/partitions/crypto/CMakeLists.txt | 1 + secure_fw/partitions/crypto/Kconfig.comp | 4 + .../partitions/crypto/crypto_check_config.h | 10 + secure_fw/partitions/crypto/crypto_init.c | 2 + secure_fw/partitions/crypto/crypto_pake.c | 167 ++ secure_fw/partitions/crypto/crypto_spe.h | 18 + secure_fw/partitions/crypto/tfm_crypto_api.h | 14 + 14 files changed, 1916 insertions(+), 1 deletion(-) create mode 100644 secure_fw/partitions/crypto/crypto_pake.c diff --git a/interface/include/psa/crypto_extra.h b/interface/include/psa/crypto_extra.h index 6ed1f6c43..b7b4fccfb 100644 --- a/interface/include/psa/crypto_extra.h +++ b/interface/include/psa/crypto_extra.h @@ -413,6 +413,1365 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, #define PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS 1 #define PSA_PAKE_OPERATION_STAGE_COMPUTATION 2 + +#define PSA_KEY_TYPE_SPAKE2P_KEY_PAIR_BASE ((psa_key_type_t) 0x7400) +#define PSA_KEY_TYPE_SPAKE2P_PUBLIC_KEY_BASE ((psa_key_type_t) 0x4400) +#define PSA_KEY_TYPE_SPAKE2P_CURVE_MASK ((psa_key_type_t) 0x00ff) + + /** SPAKE2+ key pair. Both the prover and verifier key. + * + * The size of a SPAKE2+ key is the size associated with the elliptic curve + * group. See the documentation of each elliptic curve family for details. + * To construct a SPAKE2+ key pair, it must be output from a key derivation + * operation. + * The corresponding public key can be exported using psa_export_public_key(). + * See also #PSA_KEY_TYPE_SPAKE2P_PUBLIC_KEY(). + * + * \param curve A value of type psa_ecc_family_t that identifies the elliptic + * curve family to be used. + */ +#define PSA_KEY_TYPE_SPAKE2P_KEY_PAIR(curve) \ + ((psa_key_type_t) (PSA_KEY_TYPE_SPAKE2P_KEY_PAIR_BASE | (curve))) + + /** SPAKE2+ public key. The verifier key. + * + * The size of an SPAKE2+ public key is the same as the corresponding private + * key. See #PSA_KEY_TYPE_SPAKE2P_KEY_PAIR() and the documentation of each + * elliptic curve family for details. + * To construct a SPAKE2+ public key, it must be imported. + * + * \param curve A value of type psa_ecc_family_t that identifies the elliptic + * curve family to be used. + */ +#define PSA_KEY_TYPE_SPAKE2P_PUBLIC_KEY(curve) \ + ((psa_key_type_t) (PSA_KEY_TYPE_SPAKE2P_PUBLIC_KEY_BASE | (curve))) + + /** Whether a key type is a SPAKE2+ key (pair or public-only). */ +#define PSA_KEY_TYPE_IS_SPAKE2P(type) \ + ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & \ + ~PSA_KEY_TYPE_SPAKE2P_CURVE_MASK) == \ + PSA_KEY_TYPE_SPAKE2P_PUBLIC_KEY_BASE) + /** Whether a key type is a SPAKE2+ key pair. */ +#define PSA_KEY_TYPE_IS_SPAKE2P_KEY_PAIR(type) \ + (((type) & ~PSA_KEY_TYPE_SPAKE2P_CURVE_MASK) == \ + PSA_KEY_TYPE_SPAKE2P_KEY_PAIR_BASE) + /** Whether a key type is a SPAKE2+ public key. */ +#define PSA_KEY_TYPE_IS_SPAKE2P_PUBLIC_KEY(type) \ + (((type) & ~PSA_KEY_TYPE_SPAKE2P_CURVE_MASK) == \ + PSA_KEY_TYPE_SPAKE2P_PUBLIC_KEY_BASE) + /** Extract the curve from a SPAKE2+ key type. */ +#define PSA_KEY_TYPE_SPAKE2P_GET_FAMILY(type) \ + ((psa_ecc_family_t) (PSA_KEY_TYPE_IS_SPAKE2P(type) ? \ + ((type) & PSA_KEY_TYPE_SPAKE2P_CURVE_MASK) : \ + 0)) + +#define PSA_KEY_TYPE_SRP_KEY_PAIR_BASE ((psa_key_type_t) 0x7700) +#define PSA_KEY_TYPE_SRP_PUBLIC_KEY_BASE ((psa_key_type_t) 0x4700) +#define PSA_KEY_TYPE_SRP_GROUP_MASK ((psa_key_type_t) 0x00ff) + + /** SRP key pair. Both the client and server key. + * + * The size of a SRP key is the size associated with the Diffie-Hellman + * group. See the documentation of each Diffie-Hellman group for details. + * To construct a SRP key pair, the password hash must be imported. + * The corresponding public key (password verifier) can be exported using + * psa_export_public_key(). See also #PSA_KEY_TYPE_SRP_PUBLIC_KEY(). + * + * \param group A value of type ::psa_dh_family_t that identifies the + * Diffie-Hellman group to be used. + */ +#define PSA_KEY_TYPE_SRP_KEY_PAIR(group) \ + ((psa_key_type_t) (PSA_KEY_TYPE_SRP_KEY_PAIR_BASE | (group))) + + /** SRP public key. The server key (password verifier). + * + * The size of an SRP public key is the same as the corresponding private + * key. See #PSA_KEY_TYPE_SRP_KEY_PAIR() and the documentation of each + * Diffie-Hellman group for details. + * To construct a SRP public key, it must be imported. The key size + * in attributes must not be zero. + * + * \param group A value of type ::psa_dh_family_t that identifies the + * Diffie-Hellman group to be used. + */ +#define PSA_KEY_TYPE_SRP_PUBLIC_KEY(group) \ + ((psa_key_type_t) (PSA_KEY_TYPE_SRP_PUBLIC_KEY_BASE | (group))) + + /** Whether a key type is a SRP key (pair or public-only). */ +#define PSA_KEY_TYPE_IS_SRP(type) \ + ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & \ + ~PSA_KEY_TYPE_SRP_GROUP_MASK) == \ + PSA_KEY_TYPE_SRP_PUBLIC_KEY_BASE) + /** Whether a key type is a SRP key pair. */ +#define PSA_KEY_TYPE_IS_SRP_KEY_PAIR(type) \ + (((type) & ~PSA_KEY_TYPE_SRP_GROUP_MASK) == \ + PSA_KEY_TYPE_SRP_KEY_PAIR_BASE) + /** Whether a key type is a SRP public key. */ +#define PSA_KEY_TYPE_IS_SRP_PUBLIC_KEY(type) \ + (((type) & ~PSA_KEY_TYPE_SRP_GROUP_MASK) == \ + PSA_KEY_TYPE_SRP_PUBLIC_KEY_BASE) + /** Extract the curve from a SRP key type. */ +#define PSA_KEY_TYPE_SRP_GET_FAMILY(type) \ + ((psa_ecc_family_t) (PSA_KEY_TYPE_IS_SRP(type) ? \ + ((type) & PSA_KEY_TYPE_SRP_GROUP_MASK) : \ + 0)) + +#define PSA_ALG_CATEGORY_PAKE ((psa_algorithm_t) 0x0a000000) + +/** Whether the specified algorithm is a password-authenticated key exchange. + * + * \param alg An algorithm identifier (value of type #psa_algorithm_t). + * + * \return 1 if \p alg is a password-authenticated key exchange (PAKE) + * algorithm, 0 otherwise. + * This macro may return either 0 or 1 if \p alg is not a supported + * algorithm identifier. + */ +#define PSA_ALG_IS_PAKE(alg) \ + (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_PAKE) + +/** The Password-authenticated key exchange by juggling (J-PAKE) algorithm. + * + * This is J-PAKE as defined by RFC 8236, instantiated with the following + * parameters: + * + * - The group can be either an elliptic curve or defined over a finite field. + * - Schnorr NIZK proof as defined by RFC 8235 and using the same group as the + * J-PAKE algorithm. + * - A cryptographic hash function. + * + * To select these parameters and set up the cipher suite, call these functions + * in any order: + * + * \code + * psa_pake_cs_set_algorithm(cipher_suite, PSA_ALG_JPAKE(hash)); + * psa_pake_cs_set_primitive(cipher_suite, + * PSA_PAKE_PRIMITIVE(type, family, bits)); + * \endcode + * + * For more information on how to set a specific curve or field, refer to the + * documentation of the individual \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants. + * + * After initializing a J-PAKE operation, call + * + * \code + * psa_pake_setup(operation, key, cipher_suite); + * psa_pake_set_user(operation, ...); + * psa_pake_set_peer(operation, ...); + * \endcode + * + * The password is provided as a key. This can be the password text itself, + * in an agreed character encoding, or some value derived from the password + * as required by a higher level protocol. + * + * (The implementation converts the key material to a number as described in + * Section 2.3.8 of _SEC 1: Elliptic Curve Cryptography_ + * (https://www.secg.org/sec1-v2.pdf), before reducing it modulo \c q. Here + * \c q is order of the group defined by the primitive set in the cipher suite. + * The \c psa_pake_setup() function returns an error if the result of the + * reduction is 0.) + * + * The key exchange flow for J-PAKE is as follows: + * -# To get the first round data that needs to be sent to the peer, call + * \code + * // Get g1 + * psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); + * // Get the ZKP public key for x1 + * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); + * // Get the ZKP proof for x1 + * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); + * // Get g2 + * psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); + * // Get the ZKP public key for x2 + * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); + * // Get the ZKP proof for x2 + * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); + * \endcode + * -# To provide the first round data received from the peer to the operation, + * call + * \code + * // Set g3 + * psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); + * // Set the ZKP public key for x3 + * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); + * // Set the ZKP proof for x3 + * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); + * // Set g4 + * psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); + * // Set the ZKP public key for x4 + * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); + * // Set the ZKP proof for x4 + * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); + * \endcode + * -# To get the second round data that needs to be sent to the peer, call + * \code + * // Get A + * psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); + * // Get ZKP public key for x2*s + * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); + * // Get ZKP proof for x2*s + * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); + * \endcode + * -# To provide the second round data received from the peer to the operation, + * call + * \code + * // Set B + * psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); + * // Set ZKP public key for x4*s + * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); + * // Set ZKP proof for x4*s + * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); + * \endcode + * -# To access the shared secret call + * \code + * // Get Ka=Kb=K + * psa_pake_get_shared_key() + * \endcode + * + * For more information consult the documentation of the individual + * \c PSA_PAKE_STEP_XXX constants. + * + * At this point there is a cryptographic guarantee that only the authenticated + * party who used the same password is able to compute the key. But there is no + * guarantee that the peer is the party it claims to be and was able to do so. + * + * That is, the authentication is only implicit (the peer is not authenticated + * at this point, and no action should be taken that assume that they are - like + * for example accessing restricted files). + * + * To make the authentication explicit there are various methods, see Section 5 + * of RFC 8236 for two examples. + * + */ +#define PSA_ALG_JPAKE_BASE ((psa_algorithm_t) 0x0a000100) +#define PSA_ALG_JPAKE(hash_alg) (PSA_ALG_JPAKE_BASE | ((hash_alg) & PSA_ALG_HASH_MASK)) +#define PSA_ALG_IS_JPAKE(alg) (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_JPAKE_BASE) + + /** The SPAKE2+ algorithm. + * + * SPAKE2+ is the augmented password-authenticated key exchange protocol, + * defined by RFC9383. SPAKE2+ includes confirmation of the shared secret + * key that results from the key exchange. + * SPAKE2+ is required by Matter Specification, Version 1.2, as MATTER_PAKE. + * Matter uses an earlier draft of the SPAKE2+ protocol: "SPAKE2+, an + * Augmented PAKE (Draft 02)". + * Although the operation of the PAKE is similar for both of these variants, + * they have different key schedules for the derivation of the shared secret. + * + * When setting up a PAKE cipher suite to use the SPAKE2+ protocol defined + * in RFC9383: + * - For cipher-suites that use HMAC for key confirmation, use the + * PSA_ALG_SPAKE2P_HMAC() algorithm, parameterized by the required hash + * algorithm. + * - For cipher-suites that use CMAC-AES-128 for key confirmation, use the + * PSA_ALG_SPAKE2P_CMAC() algorithm, parameterized by the required hash + * algorithm. + * - Use a PAKE primitive for the required elliptic curve. + * + * For example, the following code creates a cipher suite to select SPAKE2+ + * using edwards25519 with the SHA-256 hash function: + * + * \code + * psa_pake_cipher_suite_t cipher_suite = PSA_PAKE_CIPHER_SUITE_INIT; + * psa_pake_cs_set_algorithm(cipher_suite, PSA_ALG_SPAKE2P_HMAC(PSA_ALG_SHA_256)); + * psa_pake_cs_set_primitive(&cipher_suite, + * PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, + * PSA_ECC_FAMILY_TWISTED_EDWARDS, 255)); + * \endcode + * + * When setting up a PAKE cipher suite to use the SPAKE2+ protocol used by + * Matter: + * - Use the PSA_ALG_SPAKE2P_MATTER algorithm. + * - Use the PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, + * PSA_ECC_FAMILY_SECP_R1, 256) + * PAKE primitive. + * + * The following code creates a cipher suite to select the Matter variant of + * SPAKE2+: + * + * \code + * psa_pake_cipher_suite_t cipher_suite = PSA_PAKE_CIPHER_SUITE_INIT; + * psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_SPAKE2P_MATTER); + * psa_pake_cs_set_primitive(&cipher_suite, + * PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, + * PSA_ECC_FAMILY_SECP_R1, 256)); + * \endcode + * + * After initializing a SPAKE2+ operation, call + * + * \code + * psa_pake_setup(operation, password, cipher_suite); + * psa_pake_set_role(operation, ...); + * \endcode + * + * The password provided to the client side must be of type + * #PSA_KEY_TYPE_SPAKE2P_KEY_PAIR. + * The password provided to the server side must be of type + * #PSA_KEY_TYPE_SPAKE2P_PUBLIC_KEY. + * + * The role set by \c psa_pake_set_role() must be either + * \c PSA_PAKE_ROLE_CLIENT or \c PSA_PAKE_ROLE_SERVER. + * + * Then provide any additional, optional parameters: + * + * \code + * psa_pake_set_user(operation, ...); + * psa_pake_set_peer(operation, ...); + * psa_pake_set_context(operation, ...); + * \endcode + * + * + * The key exchange flow for a SPAKE2+ client is as follows: + * \code + * // send shareP + * psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); + * // receive shareV + * psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); + * // receive confirmV + * psa_pake_input(operation, #PSA_PAKE_STEP_CONFIRM, ...); + * // send confirmP + * psa_pake_output(operation, #PSA_PAKE_STEP_CONFIRM, ...); + * // get K_shared + * psa_pake_get_shared_key(operation, ...); + * \endcode + * + * The key exchange flow for a SPAKE2+ server is as follows: + * \code + * // receive shareP + * psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); + * // send shareV + * psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); + * // send confirmV + * psa_pake_output(operation, #PSA_PAKE_STEP_CONFIRM, ...); + * // receive confirmP + * psa_pake_input(operation, #PSA_PAKE_STEP_CONFIRM, ...); + * // get K_shared + * psa_pake_get_shared_key(operation, ...); + * \endcode + * + * The shared secret that is produced by SPAKE2+ is pseudorandom. Although + * it can be used directly as an encryption key, it is recommended to use + * the shared secret as an input to a key derivation operation to produce + * additional cryptographic keys. + */ +#define PSA_ALG_IS_SPAKE2P_HMAC_BASE ((psa_algorithm_t) 0x0a000400) +#define PSA_ALG_SPAKE2P_HMAC(hash_alg) (PSA_ALG_IS_SPAKE2P_HMAC_BASE | ((hash_alg) & PSA_ALG_HASH_MASK)) +#define PSA_ALG_IS_SPAKE2P_CMAC_BASE ((psa_algorithm_t) 0x0a000500) +#define PSA_ALG_SPAKE2P_CMAC(hash_alg) (PSA_ALG_IS_SPAKE2P_CMAC_BASE | ((hash_alg) & PSA_ALG_HASH_MASK)) +#define PSA_ALG_SPAKE2P_MATTER ((psa_algorithm_t) 0x0A000609) +#define PSA_ALG_IS_SPAKE2P(alg) (((alg) & ~0x000003ff) == PSA_ALG_IS_SPAKE2P_HMAC_BASE) +#define PSA_ALG_IS_SPAKE2P_HMAC(alg) (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_IS_SPAKE2P_HMAC_BASE) +#define PSA_ALG_IS_SPAKE2P_CMAC(alg) (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_IS_SPAKE2P_CMAC_BASE) + + /** The Secure Remote Passwort key exchange (SRP) algorithm. + * + * This is SRP-6 as defined by RFC 2945 and RFC 5054, instantiated with the + * following parameters: + * + * - The group is defined over a finite field using a secure prime. + * - A cryptographic hash function. + * + * To select these parameters and set up the cipher suite, call these functions: + * + * \code + * psa_pake_cipher_suite_t cipher_suite = PSA_PAKE_CIPHER_SUITE_INIT; + * psa_pake_cs_set_algorithm(cipher_suite, PSA_ALG_SRP_6(hash)); + * psa_pake_cs_set_primitive(&cipher_suite, + * PSA_PAKE_PRIMITIVE(type, family, bits)); + * \endcode + * + * After initializing a SRP operation, call: + * + * \code + * psa_pake_setup(operation, password, cipher_suite); + * psa_pake_set_role(operation, ...); + * psa_pake_set_user(operation, ...); + * \endcode + * + * The password provided to the client side must be of type + * #PSA_KEY_TYPE_SRP_KEY_PAIR. + * The password provided to the server side must be of type + * #PSA_KEY_TYPE_SRP_PUBLIC_KEY. + * + * The role set by \c psa_pake_set_role() must be either + * \c PSA_PAKE_ROLE_CLIENT or \c PSA_PAKE_ROLE_SERVER. + * + * For the SRP client key exchange call the following functions in any order: + * \code + * // get salt + * psa_pake_input(operation, #PSA_PAKE_STEP_SALT, ...); + * // get server key + * psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); + * // write client key + * psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); + * \endcode + * + * For the SRP server key exchange call the following functions in any order: + * \code + * // get salt + * psa_pake_input(operation, #PSA_PAKE_STEP_SALT, ...); + * // get client key + * psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); + * // write server key + * psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); + * \endcode + * + * For the client proof phase call the following functions in this order: + * \code + * // send M1 + * psa_pake_input(operation, #PSA_PAKE_STEP_CONFIRM, ...); + * // receive M2 + * psa_pake_output(operation, #PSA_PAKE_STEP_CONFIRM, ...); + * // Get secret + * psa_pake_get_shared_key() + * \endcode + * + * For the server proof phase call the following functions in this order: + * \code + * // receive M1 + * psa_pake_output(operation, #PSA_PAKE_STEP_CONFIRM, ...); + * // send M2 + * psa_pake_input(operation, #PSA_PAKE_STEP_CONFIRM, ...); + * // Get secret + * psa_pake_get_shared_key() + * \endcode + * + * The shared secret that is produced by SRP is pseudorandom. Although + * it can be used directly as an encryption key, it is recommended to use + * the shared secret as an input to a key derivation operation to produce + * additional cryptographic keys. + */ +#define PSA_ALG_SRP_6_BASE ((psa_algorithm_t) 0x0a000300) +#define PSA_ALG_SRP_6(hash_alg) (PSA_ALG_SRP_6_BASE | ((hash_alg) & PSA_ALG_HASH_MASK)) +#define PSA_ALG_IS_SRP_6(alg) (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_SRP_6_BASE) + +/** @} */ + +/** \defgroup pake Password-authenticated key exchange (PAKE) + * + * This is a proposed PAKE interface for the PSA Crypto API. It is not part of + * the official PSA Crypto API yet. + * + * \note The content of this section is not part of the stable API and ABI + * of Mbed TLS and may change arbitrarily from version to version. + * Same holds for the corresponding macros #PSA_ALG_CATEGORY_PAKE and + * #PSA_ALG_JPAKE. + * @{ + */ + +/** A value to indicate no role in a PAKE algorithm. + * This value can be used in a call to psa_pake_set_role() for symmetric PAKE + * algorithms which do not assign roles. + */ +#define PSA_PAKE_ROLE_NONE ((psa_pake_role_t) 0x00) + +/** The first peer in a balanced PAKE. + * + * Although balanced PAKE algorithms are symmetric, some of them need an + * ordering of peers for the transcript calculations. If the algorithm does not + * need this, both #PSA_PAKE_ROLE_FIRST and #PSA_PAKE_ROLE_SECOND are + * accepted. + */ +#define PSA_PAKE_ROLE_FIRST ((psa_pake_role_t) 0x01) + +/** The second peer in a balanced PAKE. + * + * Although balanced PAKE algorithms are symmetric, some of them need an + * ordering of peers for the transcript calculations. If the algorithm does not + * need this, either #PSA_PAKE_ROLE_FIRST or #PSA_PAKE_ROLE_SECOND are + * accepted. + */ +#define PSA_PAKE_ROLE_SECOND ((psa_pake_role_t) 0x02) + +/** The client in an augmented PAKE. + * + * Augmented PAKE algorithms need to differentiate between client and server. + */ +#define PSA_PAKE_ROLE_CLIENT ((psa_pake_role_t) 0x11) + +/** The server in an augmented PAKE. + * + * Augmented PAKE algorithms need to differentiate between client and server. + */ +#define PSA_PAKE_ROLE_SERVER ((psa_pake_role_t) 0x12) + +/** The PAKE primitive type indicating the use of elliptic curves. + * + * The values of the \c family and \c bits fields of the cipher suite identify a + * specific elliptic curve, using the same mapping that is used for ECC + * (::psa_ecc_family_t) keys. + * + * (Here \c family means the value returned by PSA_PAKE_PRIMITIVE_GET_FAMILY() and + * \c bits means the value returned by PSA_PAKE_PRIMITIVE_GET_BITS().) + * + * Input and output during the operation can involve group elements and scalar + * values: + * -# The format for group elements is the same as for public keys on the + * specific curve would be. For more information, consult the documentation of + * psa_export_public_key(). + * -# The format for scalars is the same as for private keys on the specific + * curve would be. For more information, consult the documentation of + * psa_export_key(). + */ +#define PSA_PAKE_PRIMITIVE_TYPE_ECC ((psa_pake_primitive_type_t) 0x01) + +/** The PAKE primitive type indicating the use of Diffie-Hellman groups. + * + * The values of the \c family and \c bits fields of the cipher suite identify + * a specific Diffie-Hellman group, using the same mapping that is used for + * Diffie-Hellman (::psa_dh_family_t) keys. + * + * (Here \c family means the value returned by PSA_PAKE_PRIMITIVE_GET_FAMILY() and + * \c bits means the value returned by PSA_PAKE_PRIMITIVE_GET_BITS().) + * + * Input and output during the operation can involve group elements and scalar + * values: + * -# The format for group elements is the same as for public keys on the + * specific group would be. For more information, consult the documentation of + * psa_export_public_key(). + * -# The format for scalars is the same as for private keys on the specific + * group would be. For more information, consult the documentation of + * psa_export_key(). + */ +#define PSA_PAKE_PRIMITIVE_TYPE_DH ((psa_pake_primitive_type_t) 0x02) + +/** Construct a PAKE primitive from type, family and bit-size. + * + * \param pake_type The type of the primitive + * (value of type ::psa_pake_primitive_type_t). + * \param pake_family The family of the primitive + * (the type and interpretation of this parameter depends + * on \p pake_type, for more information consult the + * documentation of individual ::psa_pake_primitive_type_t + * constants). + * \param pake_bits The bit-size of the primitive + * (Value of type \c size_t. The interpretation + * of this parameter depends on \p pake_family, for more + * information consult the documentation of individual + * ::psa_pake_primitive_type_t constants). + * + * \return The constructed primitive value of type ::psa_pake_primitive_t. + * Return 0 if the requested primitive can't be encoded as + * ::psa_pake_primitive_t. + */ +#define PSA_PAKE_PRIMITIVE(pake_type, pake_family, pake_bits) \ + (((pake_bits & 0xFFFF) != pake_bits) ? 0 : \ + ((psa_pake_primitive_t) (((pake_type) << 24 | \ + (pake_family) << 16) | (pake_bits)))) + +#define PSA_PAKE_PRIMITIVE_GET_BITS(pake_primitive) \ + ((size_t)(pake_primitive & 0xFFFF)) + +#define PSA_PAKE_PRIMITIVE_GET_FAMILY(pake_primitive) \ + ((psa_pake_family_t)((pake_primitive >> 16) & 0xFF)) + +#define PSA_PAKE_PRIMITIVE_GET_TYPE(pake_primitive) \ + ((psa_pake_primitive_type_t)((pake_primitive >> 24) & 0xFF)) + +/** A key confirmation value that indicates a confirmed key in a PAKE cipher + * suite. + * + * This key confirmation value will result in the PAKE algorithm exchanging + * data to verify that the shared key is identical for both parties. This is + * the default key confirmation value in an initialized PAKE cipher suite + * object. + * Some algorithms do not include confirmation of the shared key. + */ +#define PSA_PAKE_CONFIRMED_KEY 0 + +/** A key confirmation value that indicates an unconfirmed key in a PAKE cipher + * suite. + * + * This key confirmation value will result in the PAKE algorithm terminating + * prior to confirming that the resulting shared key is identical for both + * parties. + * Some algorithms do not support returning an unconfirmed shared key. + */ +#define PSA_PAKE_UNCONFIRMED_KEY 1 + + /** The key share being sent to or received from the peer. + * + * The format for both input and output at this step is the same as for public + * keys on the group determined by the primitive (::psa_pake_primitive_t) would + * be. + * + * For more information on the format, consult the documentation of + * psa_export_public_key(). + * + * For information regarding how the group is determined, consult the + * documentation #PSA_PAKE_PRIMITIVE. + */ +#define PSA_PAKE_STEP_KEY_SHARE ((psa_pake_step_t) 0x01) + +/** A Schnorr NIZKP public key. + * + * This is the ephemeral public key in the Schnorr Non-Interactive + * Zero-Knowledge Proof (the value denoted by the letter 'V' in RFC 8235). + * + * The format for both input and output at this step is the same as for public + * keys on the group determined by the primitive (::psa_pake_primitive_t) would + * be. + * + * For more information on the format, consult the documentation of + * psa_export_public_key(). + * + * For information regarding how the group is determined, consult the + * documentation #PSA_PAKE_PRIMITIVE. + */ +#define PSA_PAKE_STEP_ZK_PUBLIC ((psa_pake_step_t) 0x02) + +/** A Schnorr NIZKP proof. + * + * This is the proof in the Schnorr Non-Interactive Zero-Knowledge Proof (the + * value denoted by the letter 'r' in RFC 8235). + * + * Both for input and output, the value at this step is an integer less than + * the order of the group selected in the cipher suite. The format depends on + * the group as well: + * + * - For Montgomery curves, the encoding is little endian. + * - For everything else the encoding is big endian (see Section 2.3.8 of + * _SEC 1: Elliptic Curve Cryptography_ at https://www.secg.org/sec1-v2.pdf). + * + * In both cases leading zeroes are allowed as long as the length in bytes does + * not exceed the byte length of the group order. + * + * For information regarding how the group is determined, consult the + * documentation #PSA_PAKE_PRIMITIVE. + */ +#define PSA_PAKE_STEP_ZK_PROOF ((psa_pake_step_t) 0x03) + +/** The key confirmation value. + * + * This value is used during the key confirmation phase of a PAKE protocol. + * The format of the value depends on the algorithm and cipher suite: + * + * For SPAKE2+ algorithms, the format for both input and output at this step is + * the same as the output of the MAC algorithm specified in the cipher suite. + * + * For PSA_ALG_SRP_6, the format for both input and output at this step is + * the same as the output of the Hash algorithm specified. + */ +#define PSA_PAKE_STEP_CONFIRM ((psa_pake_step_t)0x04) + +/** The salt. + * + * The format for both input and output at this step is plain binary data. + */ +#define PSA_PAKE_STEP_SALT ((psa_pake_step_t)0x05) + +/** Retrieve the PAKE algorithm from a PAKE cipher suite. + * + * \param[in] cipher_suite The cipher suite structure to query. + * + * \return The PAKE algorithm stored in the cipher suite structure. + */ +static psa_algorithm_t psa_pake_cs_get_algorithm( + const psa_pake_cipher_suite_t *cipher_suite); + +/** Declare the PAKE algorithm for the cipher suite. + * + * This function overwrites any PAKE algorithm + * previously set in \p cipher_suite. + * + * \param[out] cipher_suite The cipher suite structure to write to. + * \param algorithm The PAKE algorithm to write. + * (`PSA_ALG_XXX` values of type ::psa_algorithm_t + * such that #PSA_ALG_IS_PAKE(\c alg) is true.) + * If this is 0, the PAKE algorithm in + * \p cipher_suite becomes unspecified. + */ +static void psa_pake_cs_set_algorithm(psa_pake_cipher_suite_t *cipher_suite, + psa_algorithm_t algorithm); + +/** Retrieve the primitive from a PAKE cipher suite. + * + * \param[in] cipher_suite The cipher suite structure to query. + * + * \return The primitive stored in the cipher suite structure. + */ +static psa_pake_primitive_t psa_pake_cs_get_primitive( + const psa_pake_cipher_suite_t *cipher_suite); + +/** Declare the primitive for a PAKE cipher suite. + * + * This function overwrites any primitive previously set in \p cipher_suite. + * + * \param[out] cipher_suite The cipher suite structure to write to. + * \param primitive The primitive to write. If this is 0, the + * primitive type in \p cipher_suite becomes + * unspecified. + */ +static void psa_pake_cs_set_primitive(psa_pake_cipher_suite_t *cipher_suite, + psa_pake_primitive_t primitive); + +/** The type of the state data structure for PAKE operations. + * + * Before calling any function on a PAKE operation object, the application + * must initialize it by any of the following means: + * - Set the structure to all-bits-zero, for example: + * \code + * psa_pake_operation_t operation; + * memset(&operation, 0, sizeof(operation)); + * \endcode + * - Initialize the structure to logical zero values, for example: + * \code + * psa_pake_operation_t operation = {0}; + * \endcode + * - Initialize the structure to the initializer #PSA_PAKE_OPERATION_INIT, + * for example: + * \code + * psa_pake_operation_t operation = PSA_PAKE_OPERATION_INIT; + * \endcode + * - Assign the result of the function psa_pake_operation_init() + * to the structure, for example: + * \code + * psa_pake_operation_t operation; + * operation = psa_pake_operation_init(); + * \endcode + * + * This is an implementation-defined \c struct. Applications should not + * make any assumptions about the content of this structure. + * Implementation details can change in future versions without notice. */ +typedef struct psa_pake_operation_s psa_pake_operation_t; + +/** Return an initial value for a PAKE operation object. + */ +static psa_pake_operation_t psa_pake_operation_init(void); + +/** Set the session information for a password-authenticated key exchange. + * + * The sequence of operations to set up a password-authenticated key exchange + * is as follows: + * -# Allocate an operation object which will be passed to all the functions + * listed here. + * -# Initialize the operation object with one of the methods described in the + * documentation for #psa_pake_operation_t, e.g. + * #PSA_PAKE_OPERATION_INIT. + * -# Call psa_pake_setup() to specify the password key and the cipher suite. + * -# Call \c psa_pake_set_xxx() functions on the operation to complete the + * setup. The exact sequence of \c psa_pake_set_xxx() functions that needs + * to be called depends on the algorithm in use. + * + * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` + * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) + * for more information. + * + * A typical sequence of calls to perform a password-authenticated key + * exchange: + * -# Call psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...) to get the + * key share that needs to be sent to the peer. + * -# Call psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...) to provide + * the key share that was received from the peer. + * -# Depending on the algorithm additional calls to psa_pake_output() and + * psa_pake_input() might be necessary. + * -# Call psa_pake_get_shared_key() for accessing the shared secret. + * + * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` + * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) + * for more information. + * + * If an error occurs at any step after a call to psa_pake_setup(), + * the operation will need to be reset by a call to psa_pake_abort(). The + * application may call psa_pake_abort() at any time after the operation + * has been initialized. + * + * After a successful call to psa_pake_setup(), the application must + * eventually terminate the operation. The following events terminate an + * operation: + * - A call to psa_pake_abort(). + * - A successful call to psa_pake_get_shared_key(). + * + * \param[in,out] operation The operation object to set up. It must have + * been initialized but not set up yet. + * \param[in] password_key Identifier of the key holding the password or + * a value derived from the password. It must + * remain valid until the operation terminates. + * The valid key types depend on the PAKE algorithm, + * and participant role. + * \param[in] cipher_suite The cipher suite to use. (A cipher suite fully + * characterizes a PAKE algorithm and determines + * the algorithm as well.) + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_HANDLE + * \p password_key is not a valid key identifier. + * \retval #PSA_ERROR_NOT_PERMITTED + * The key does not have the #PSA_KEY_USAGE_DERIVE flag, or it does not + * permit the \p operation's algorithm. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The algorithm in \p cipher_suite is not a PAKE algorithm or encodes + * an invalid hash algorithm, or the PAKE primitive in \p cipher_suite + * is not compatible with the PAKE algorithm, or the key confirmation + * value in \p cipher_suite is not compatible with the PAKE algorithm + * and primitive, or the \p password_key is not compatible with + * \p cipher_suite. + * \retval #PSA_ERROR_NOT_SUPPORTED + * The algorithm in \p cipher_suite is not a supported PAKE algorithm, + * or the PAKE primitive in \p cipher_suite is not supported or not + * compatible with the PAKE algorithm, or the key confirmation value + * in \p cipher_suite is not supported or not compatible with the PAKE + * algorithm and primitive, or the key type or key size of + * \p password_key is not supported with \p cipher_suite. + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid, or + * the library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_pake_setup(psa_pake_operation_t *operation, + mbedtls_svc_key_id_t password_key, + const psa_pake_cipher_suite_t *cipher_suite); + +/** Set the application role for a password-authenticated key exchange. +* +* Not all PAKE algorithms need to differentiate the communicating entities. +* It is optional to call this function for PAKEs that don't require a role +* to be specified. For such PAKEs the application role parameter is ignored, +* or #PSA_PAKE_ROLE_NONE can be passed as \c role. +* +* Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` +* values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) +* for more information. +* +* \param[in,out] operation The operation object to specify the +* application's role for. It must have been set up +* by psa_pake_setup() and not yet in use (neither +* psa_pake_output() nor psa_pake_input() has been +* called yet). It must be an operation for which +* the application's role hasn't been specified +* (psa_pake_set_role() hasn't been called yet). +* \param role A value of type ::psa_pake_role_t indicating the +* application's role in the PAKE algorithm +* that is being set up. For more information see +* the documentation of \c PSA_PAKE_ROLE_XXX +* constants. +* +* \retval #PSA_SUCCESS +* Success. +* \retval #PSA_ERROR_INVALID_ARGUMENT +* The \p role is not a valid PAKE role in the \p operation’s algorithm. +* \retval #PSA_ERROR_NOT_SUPPORTED +* The \p role for this algorithm is not supported or is not valid. +* \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription +* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription +* \retval #PSA_ERROR_BAD_STATE +* The operation state is not valid, or +* the library has not been previously initialized by psa_crypto_init(). +* It is implementation-dependent whether a failure to initialize +* results in this error code. +*/ +psa_status_t psa_pake_set_role(psa_pake_operation_t *operation, + psa_pake_role_t role); + +/** Set the user ID for a password-authenticated key exchange. + * + * Call this function to set the user ID. For PAKE algorithms that associate a + * user identifier with each side of the session you need to call + * psa_pake_set_peer() as well. For PAKE algorithms that associate a single + * user identifier with the session, call psa_pake_set_user() only. + * + * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` + * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) + * for more information. + * + * \param[in,out] operation The operation object to set the user ID for. It + * must have been set up by psa_pake_setup() and + * not yet in use (neither psa_pake_output() nor + * psa_pake_input() has been called yet). It must + * be on operation for which the user ID hasn't + * been set (psa_pake_set_user() hasn't been + * called yet). + * \param[in] user_id The user ID to authenticate with. + * \param user_id_len Size of the \p user_id buffer in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p user_id is not valid for the \p operation's algorithm and cipher + * suite. + * \retval #PSA_ERROR_NOT_SUPPORTED + * The value of \p user_id is not supported by the implementation. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid, or + * the library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_pake_set_user(psa_pake_operation_t *operation, + const uint8_t *user_id, + size_t user_id_len); + +/** Set the peer ID for a password-authenticated key exchange. + * + * Call this function in addition to psa_pake_set_user() for PAKE algorithms + * that associate a user identifier with each side of the session. For PAKE + * algorithms that associate a single user identifier with the session, call + * psa_pake_set_user() only. + * + * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` + * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) + * for more information. + * + * \param[in,out] operation The operation object to set the peer ID for. It + * must have been set up by psa_pake_setup() and + * not yet in use (neither psa_pake_output() nor + * psa_pake_input() has been called yet). It must + * be on operation for which the peer ID hasn't + * been set (psa_pake_set_peer() hasn't been + * called yet). + * \param[in] peer_id The peer's ID to authenticate. + * \param peer_id_len Size of the \p peer_id buffer in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p peer_id is not valid for the \p operation's algorithm and cipher + * suite. + * \retval #PSA_ERROR_NOT_SUPPORTED + * The algorithm doesn't associate a second identity with the session. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * Calling psa_pake_set_peer() is invalid with the \p operation's + * algorithm, the operation state is not valid, or the library has not + * been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_pake_set_peer(psa_pake_operation_t *operation, + const uint8_t *peer_id, + size_t peer_id_len); + +/** Set the context data for a password-authenticated key exchange. + * + * Call this function for PAKE algorithms that accept additional context data + * as part of the protocol setup. + * + * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` + * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) + * for more information. + * + * \param[in,out] operation The operation object to set the context for. It + * must have been set up by psa_pake_setup() and + * not yet in use (neither psa_pake_output() nor + * psa_pake_input() has been called yet). It must + * be on operation for which the context hasn't + * been set (psa_pake_set_context() hasn't been + * called yet). + * \param[in] context The context. + * \param context_len Size of the \p context buffer in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The \p context is not valid for the operation’s algorithm and cipher suite. + * \retval #PSA_ERROR_NOT_SUPPORTED + * The \p context is not supported by the implementation. + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * Calling psa_pake_set_context() is invalid with the \p operation's + * algorithm, the operation state is not valid, or the library has not + * been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_pake_set_context(psa_pake_operation_t *operation, + const uint8_t *context, + size_t context_len); + +/** Get output for a step of a password-authenticated key exchange. + * + * Depending on the algorithm being executed, you might need to call this + * function several times or you might not need to call this at all. + * + * The exact sequence of calls to perform a password-authenticated key + * exchange depends on the algorithm in use. Refer to the documentation of + * individual PAKE algorithm types (`PSA_ALG_XXX` values of type + * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more + * information. + * + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling psa_pake_abort(). + * + * \param[in,out] operation Active PAKE operation. + * \param step The step of the algorithm for which the output + * is requested. + * \param[out] output Buffer where the output is to be written in the + * format appropriate for this \p step. Refer to + * the documentation of the individual + * \c PSA_PAKE_STEP_XXX constants for more + * information. + * \param output_size Size of the \p output buffer in bytes. This must + * be at least #PSA_PAKE_OUTPUT_SIZE(\c alg, \c + * primitive, \p output_step) where \c alg and + * \p primitive are the PAKE algorithm and primitive + * in the operation's cipher suite, and \p step is + * the output step. + * + * \param[out] output_length On success, the number of bytes of the returned + * output. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p output buffer is too small. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p step is not compatible with the operation's algorithm. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \p step is not supported with the operation's algorithm. + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active, and fully set + * up, and this call must conform to the algorithm's requirements + * for ordering of input and output steps), or the library has not + * been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_pake_output(psa_pake_operation_t *operation, + psa_pake_step_t step, + uint8_t *output, + size_t output_size, + size_t *output_length); + +/** Provide input for a step of a password-authenticated key exchange. + * + * Depending on the algorithm being executed, you might need to call this + * function several times or you might not need to call this at all. + * + * The exact sequence of calls to perform a password-authenticated key + * exchange depends on the algorithm in use. Refer to the documentation of + * individual PAKE algorithm types (`PSA_ALG_XXX` values of type + * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more + * information. + * + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling psa_pake_abort(). + * + * \param[in,out] operation Active PAKE operation. + * \param step The step for which the input is provided. + * \param[in] input Buffer containing the input in the format + * appropriate for this \p step. Refer to the + * documentation of the individual + * \c PSA_PAKE_STEP_XXX constants for more + * information. + * \param input_length Size of the \p input buffer in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_SIGNATURE + * The verification fails for a #PSA_PAKE_STEP_ZK_PROOF input step. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p step is not compatible with the operation's algorithm, or + * \p input_length is not compatible with the \p operation’s algorithm, + * or the \p input is not valid for the \p operation's algorithm, + * cipher suite or \p step. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \p step is not supported with the operation's algorithm, or + * \p step p is not supported with the \p operation's algorithm, or the + * \p input is not supported for the \p operation's algorithm, cipher + * suite or \p step. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active, and fully set + * up, and this call must conform to the algorithm's requirements + * for ordering of input and output steps), or the library has not + * been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_pake_input(psa_pake_operation_t *operation, + psa_pake_step_t step, + const uint8_t *input, + size_t input_length); + +/** Get shared secret from a PAKE. + * + * This is the final call in a PAKE operation, which retrieves the shared + * secret as a key. It is recommended that this key is used as an input to a + * key derivation operation to produce additional cryptographic keys. For + * some PAKE algorithms, the shared secret is also suitable for use as a key + * in cryptographic operations such as encryption. Refer to the documentation + * of individual PAKE algorithm types (`PSA_ALG_XXX` values of type + * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more + * information. + * + * Depending on the key confirmation requested in the cipher suite, + * psa_pake_get_shared_key() must be called either before or after the + * key-confirmation output and input steps for the PAKE algorithm. The key + * confirmation affects the guarantees that can be made about the shared key: + * + * Unconfirmed key + * If the cipher suite used to set up the operation requested an unconfirmed + * key, the application must call psa_pake_get_shared_key() after the + * key-exchange output and input steps are completed. The PAKE algorithm + * provides a cryptographic guarantee that only a peer who used the same + * password, and identity inputs, is able to compute the same key. However, + * there is no guarantee that the peer is the participant it claims to be, + * and was able to compute the same key. + * Since the peer is not authenticated, no action should be taken that assumes + * that the peer is who it claims to be. For example, do not access restricted + * files on the peer’s behalf until an explicit authentication has succeeded. + * Note: + * Some PAKE algorithms do not enable the output of the shared secret until it + * has been confirmed. + * + * Confirmed key + * If the cipher suite used to set up the operation requested a confirmed key, + * the application must call psa_pake_get_shared_key() after the key-exchange + * and key-confirmation output and input steps are completed. + * Following key confirmation, the PAKE algorithm provides a cryptographic + * guarantee that the peer used the same password and identity inputs, and has + * computed the identical shared secret key. + * Since the peer is not authenticated, no action should be taken that assumes + * that the peer is who it claims to be. For example, do not access restricted + * files on the peer’s behalf until an explicit authentication has succeeded. + * Note: + * Some PAKE algorithms do not include any key-confirmation steps. + * + * The exact sequence of calls to perform a password-authenticated key + * exchange depends on the algorithm in use. + * + * When this function returns successfully, \p operation becomes inactive. + * If this function returns an error status, both \p operation + * and \c key_derivation operations enter an error state and must be aborted + * by calling psa_pake_abort(). + * + * \param[in,out] operation Active PAKE operation. + * \param[in] attributes The attributes for the new key. + * \param[out] key On success, an identifier for the newly created + * key. #PSA_KEY_ID_NULL on failure. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_NOT_PERMITTED + * The implementation does not permit creating a key with the + * specified attributes due to some implementation-specific policy. + * \retval #PSA_ERROR_ALREADY_EXISTS + * This is an attempt to create a persistent key, and there is + * already a persistent key with the given identifier. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The key type is not valid for output from this operation’s + * algorithm, or the key size is nonzero, or the key lifetime is + * invalid, the key identifier is not valid for the key lifetime, + * or the key usage flags include invalid values, or the key’s + * permitted-usage algorithm is invalid, or the key attributes, + * as a whole, are invalid. + * \retval #PSA_ERROR_NOT_SUPPORTED + * The key attributes, as a whole, are not supported for creation + * from a PAKE secret, either by the implementation in general or + * in the specified storage location. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The PAKE operation state is not valid (it must be ready to return + * the shared secret), or the library has not been previously + * initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_pake_get_shared_key(psa_pake_operation_t *operation, + const psa_key_attributes_t *attributes, + mbedtls_svc_key_id_t *key); + +/** Abort a PAKE operation. + * + * Aborting an operation frees all associated resources except for the \c + * operation structure itself. Once aborted, the operation object can be reused + * for another operation by calling psa_pake_setup() again. + * + * This function may be called at any time after the operation + * object has been initialized as described in #psa_pake_operation_t. + * + * In particular, calling psa_pake_abort() after the operation has been + * terminated by a call to psa_pake_abort() or psa_pake_get_shared_key() + * is safe and has no effect. + * + * \param[in,out] operation The operation to abort. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_pake_abort(psa_pake_operation_t *operation); + +/**@}*/ + +/** A sufficient output buffer size for psa_pake_output(). + * + * If the size of the output buffer is at least this large, it is guaranteed + * that psa_pake_output() will not fail due to an insufficient output buffer + * size. The actual size of the output might be smaller in any given call. + * + * See also #PSA_PAKE_OUTPUT_MAX_SIZE + * + * \param alg A PAKE algorithm (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_PAKE(\p alg) is true). + * \param primitive A primitive of type ::psa_pake_primitive_t that is + * compatible with algorithm \p alg. + * \param output_step A value of type ::psa_pake_step_t that is valid for the + * algorithm \p alg. + * \return A sufficient output buffer size for the specified + * PAKE algorithm, primitive, and output step. If the + * PAKE algorithm, primitive, or output step is not + * recognized, or the parameters are incompatible, + * return 0. + */ +#define PSA_PAKE_OUTPUT_SIZE(alg, primitive, output_step) \ + (output_step == PSA_PAKE_STEP_KEY_SHARE ? \ + PSA_PAKE_PRIMITIVE_GET_TYPE(primitive) == PSA_PAKE_PRIMITIVE_TYPE_DH ? \ + PSA_BITS_TO_BYTES(PSA_PAKE_PRIMITIVE_GET_BITS(primitive)) : \ + PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_PAKE_PRIMITIVE_GET_BITS(primitive)) : \ + output_step == PSA_PAKE_STEP_ZK_PUBLIC ? \ + PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_PAKE_PRIMITIVE_GET_BITS(primitive)) : \ + output_step == PSA_PAKE_STEP_ZK_PROOF ? \ + PSA_BITS_TO_BYTES(PSA_PAKE_PRIMITIVE_GET_BITS(primitive)) : \ + output_step == PSA_PAKE_STEP_CONFIRM ? \ + PSA_ALG_IS_SPAKE2P_CMAC(alg) ? \ + PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, 128, PSA_ALG_CMAC) : \ + PSA_HASH_LENGTH(alg) : \ + 0u) + +/** A sufficient input buffer size for psa_pake_input(). + * + * The value returned by this macro is guaranteed to be large enough for any + * valid input to psa_pake_input() in an operation with the specified + * parameters. + * + * See also #PSA_PAKE_INPUT_MAX_SIZE + * + * \param alg A PAKE algorithm (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_PAKE(\p alg) is true). + * \param primitive A primitive of type ::psa_pake_primitive_t that is + * compatible with algorithm \p alg. + * \param input_step A value of type ::psa_pake_step_t that is valid for the + * algorithm \p alg. + * \return A sufficient input buffer size for the specified + * input, cipher suite and algorithm. If the cipher suite, + * the input type or PAKE algorithm is not recognized, or + * the parameters are incompatible, return 0. + */ +#define PSA_PAKE_INPUT_SIZE(alg, primitive, input_step) \ + (input_step == PSA_PAKE_STEP_KEY_SHARE ? \ + PSA_PAKE_PRIMITIVE_GET_TYPE(primitive) == PSA_PAKE_PRIMITIVE_TYPE_DH ? \ + PSA_BITS_TO_BYTES(PSA_PAKE_PRIMITIVE_GET_BITS(primitive)) : \ + PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_PAKE_PRIMITIVE_GET_BITS(primitive)) : \ + input_step == PSA_PAKE_STEP_ZK_PUBLIC ? \ + PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_PAKE_PRIMITIVE_GET_BITS(primitive)) : \ + input_step == PSA_PAKE_STEP_ZK_PROOF ? \ + PSA_BITS_TO_BYTES(PSA_PAKE_PRIMITIVE_GET_BITS(primitive)) : \ + input_step == PSA_PAKE_STEP_CONFIRM ? \ + PSA_ALG_IS_SPAKE2P_CMAC(alg) ? \ + PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, 128, PSA_ALG_CMAC) : \ + PSA_HASH_LENGTH(alg) : \ + input_step == PSA_PAKE_STEP_SALT ? \ + 64u : \ + 0u) + +/** Output buffer size for psa_pake_output() for any of the supported PAKE + * algorithm and primitive suites and output step. + * + * This macro must expand to a compile-time constant integer. + * + * The value of this macro must be at least as large as the largest value + * returned by PSA_PAKE_OUTPUT_SIZE() + * + * See also #PSA_PAKE_OUTPUT_SIZE(\p alg, \p primitive, \p output_step). + */ +#ifdef PSA_WANT_ALG_SRP_6 +#define PSA_PAKE_OUTPUT_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS) +#else +#define PSA_PAKE_OUTPUT_MAX_SIZE PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) +#endif + +/** Input buffer size for psa_pake_input() for any of the supported PAKE + * algorithm and primitive suites and input step. + * + * This macro must expand to a compile-time constant integer. + * + * The value of this macro must be at least as large as the largest value + * returned by PSA_PAKE_INPUT_SIZE() + * + * See also #PSA_PAKE_INPUT_SIZE(\p alg, \p primitive, \p output_step). + */ +#ifdef PSA_WANT_ALG_SRP_6 +#define PSA_PAKE_INPUT_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS) +#else +#define PSA_PAKE_INPUT_MAX_SIZE PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) +#endif + +static inline psa_algorithm_t psa_pake_cs_get_algorithm( + const psa_pake_cipher_suite_t *cipher_suite) +{ + return cipher_suite->algorithm; +} + +static inline void psa_pake_cs_set_algorithm( + psa_pake_cipher_suite_t *cipher_suite, + psa_algorithm_t algorithm) +{ + if (!PSA_ALG_IS_PAKE(algorithm)) { + cipher_suite->algorithm = 0; + } else { + cipher_suite->algorithm = algorithm; + } +} + +static inline psa_pake_primitive_t psa_pake_cs_get_primitive( + const psa_pake_cipher_suite_t *cipher_suite) +{ + return cipher_suite->primitive; +} + +static inline void psa_pake_cs_set_primitive( + psa_pake_cipher_suite_t *cipher_suite, + psa_pake_primitive_t primitive) +{ + cipher_suite->primitive = primitive; +} + +static inline uint32_t psa_pake_cs_get_key_confirmation( + const psa_pake_cipher_suite_t* cipher_suite) +{ + return cipher_suite->key_confirmation; +} + +static inline void psa_pake_cs_set_key_confirmation( + psa_pake_cipher_suite_t* cipher_suite, + uint32_t key_confirmation) +{ + cipher_suite->key_confirmation = key_confirmation; +} + /**@}*/ diff --git a/interface/include/psa/crypto_sizes.h b/interface/include/psa/crypto_sizes.h index 635ee98f8..bed80f475 100644 --- a/interface/include/psa/crypto_sizes.h +++ b/interface/include/psa/crypto_sizes.h @@ -872,6 +872,34 @@ #define PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(key_bits) \ (PSA_BITS_TO_BYTES(key_bits)) +/* Maximum size of the export encoding of an SPAKE2+ public key. + * + * An SPAKE2+ public key is represented by the secret values w0 and L. + */ +#define PSA_KEY_EXPORT_SPAKE2P_PUBLIC_KEY_MAX_SIZE(key_bits) \ + (3u * PSA_BITS_TO_BYTES(key_bits) + 1u) + +/* Maximum size of the export encoding of an SPAKE2+ key pair. + * + * An SPAKE2+ key pair is represented by the secret values w0 and w1. + */ +#define PSA_KEY_EXPORT_SPAKE2P_KEY_PAIR_MAX_SIZE(key_bits) \ + (2u * PSA_BITS_TO_BYTES(key_bits)) + +/* Maximum size of the export encoding of an SRP public key. + * + * An SRP public key is represented by the password verifier. + */ +#define PSA_KEY_EXPORT_SRP_PUBLIC_KEY_MAX_SIZE(key_bits) \ + (PSA_BITS_TO_BYTES(key_bits)) + +/* Maximum size of the export encoding of an SRP key pair. + * + * An SRP key pair is represented by the password hash. + */ +#define PSA_KEY_EXPORT_SRP_KEY_PAIR_MAX_SIZE(key_bits) \ + (PSA_HASH_MAX_SIZE) + /** Sufficient output buffer size for psa_export_key() or * psa_export_public_key(). * @@ -918,6 +946,10 @@ (key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \ (key_type) == PSA_KEY_TYPE_DSA_KEY_PAIR ? PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) : \ (key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \ + PSA_KEY_TYPE_IS_SPAKE2P_KEY_PAIR(key_type) ? 2u * PSA_BITS_TO_BYTES(key_bits) : \ + PSA_KEY_TYPE_IS_SPAKE2P_PUBLIC_KEY(key_type) ? 3u * PSA_BITS_TO_BYTES(key_bits) + 1u : \ + PSA_KEY_TYPE_IS_SRP_KEY_PAIR(key_type) ? PSA_HASH_MAX_SIZE : \ + PSA_KEY_TYPE_IS_SRP_PUBLIC_KEY(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \ PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) : \ PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \ 0u) @@ -971,6 +1003,8 @@ (PSA_KEY_TYPE_IS_RSA(key_type) ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \ PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \ PSA_KEY_TYPE_IS_DH(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \ + PSA_KEY_TYPE_IS_SPAKE2P(key_type) ? 3u * PSA_BITS_TO_BYTES(key_bits) + 1u : \ + PSA_KEY_TYPE_IS_SRP(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \ 0u) /** Sufficient buffer size for exporting any asymmetric key pair. @@ -1004,6 +1038,20 @@ #define PSA_EXPORT_KEY_PAIR_MAX_SIZE \ PSA_KEY_EXPORT_FFDH_KEY_PAIR_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) #endif +#if defined(PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_BASIC) && \ + (PSA_KEY_EXPORT_SPAKE2P_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) > \ + PSA_EXPORT_KEY_PAIR_MAX_SIZE) +#undef PSA_EXPORT_KEY_PAIR_MAX_SIZE +#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \ + PSA_KEY_EXPORT_SPAKE2P_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) +#endif +#if defined(PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_BASIC) && \ + (PSA_KEY_EXPORT_SRP_KEY_PAIR_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) > \ + PSA_EXPORT_KEY_PAIR_MAX_SIZE) +#undef PSA_EXPORT_KEY_PAIR_MAX_SIZE +#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \ + PSA_KEY_EXPORT_SRP_KEY_PAIR_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) +#endif /** Sufficient buffer size for exporting any asymmetric public key. * @@ -1037,6 +1085,20 @@ #define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \ PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) #endif +#if defined(PSA_WANT_KEY_TYPE_SPAKE2P_PUBLIC_KEY) && \ + (PSA_KEY_EXPORT_SPAKE2P_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) > \ + PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) +#undef PSA_EXPORT_PUBLIC_KEY_MAX_SIZE +#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \ + PSA_KEY_EXPORT_SPAKE2P_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) +#endif +#if defined(PSA_WANT_KEY_TYPE_SRP_PUBLIC_KEY) && \ + (PSA_KEY_EXPORT_SRP_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) > \ + PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) +#undef PSA_EXPORT_PUBLIC_KEY_MAX_SIZE +#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \ + PSA_KEY_EXPORT_SRP_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) +#endif /** Sufficient output buffer size for psa_raw_key_agreement(). * diff --git a/interface/include/psa/crypto_struct.h b/interface/include/psa/crypto_struct.h index 3913551aa..8c96df9c6 100644 --- a/interface/include/psa/crypto_struct.h +++ b/interface/include/psa/crypto_struct.h @@ -494,6 +494,30 @@ psa_verify_hash_interruptible_operation_init(void) return v; } +struct psa_pake_cipher_suite_s { + psa_algorithm_t algorithm; + psa_pake_primitive_t primitive; + uint32_t key_confirmation; +}; + +#define PSA_PAKE_CIPHER_SUITE_INIT {PSA_ALG_NONE, 0, 0} +static inline struct psa_pake_cipher_suite_s psa_pake_cipher_suite_init(void) +{ + const struct psa_pake_cipher_suite_s v = PSA_PAKE_CIPHER_SUITE_INIT; + return v; +} + +struct psa_pake_operation_s { + uint32_t handle; +}; + +#define PSA_PAKE_OPERATION_INIT {0} +static inline struct psa_pake_operation_s psa_pake_operation_init(void) +{ + const struct psa_pake_operation_s v = PSA_PAKE_OPERATION_INIT; + return v; +} + #ifdef __cplusplus } #endif diff --git a/interface/include/psa/crypto_types.h b/interface/include/psa/crypto_types.h index c21bad86c..8739a2caf 100644 --- a/interface/include/psa/crypto_types.h +++ b/interface/include/psa/crypto_types.h @@ -481,4 +481,51 @@ typedef struct psa_key_production_parameters_s psa_key_production_parameters_t; /**@}*/ +/** The type of the data structure for PAKE cipher suites. + * + * This is an implementation-defined \c struct. Applications should not + * make any assumptions about the content of this structure. + * Implementation details can change in future versions without notice. + */ +typedef struct psa_pake_cipher_suite_s psa_pake_cipher_suite_t; + +/** Encoding of the type of the PAKE's primitive. +* +* Values defined by this standard will never be in the range 0x80-0xff. +* Vendors who define additional types must use an encoding in this range. +* +* For more information see the documentation of individual +* \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants. +*/ +typedef uint8_t psa_pake_primitive_type_t; + +/** \brief Encoding of the family of the primitive associated with the PAKE. +* +* For more information see the documentation of individual +* \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants. +*/ +typedef uint8_t psa_pake_family_t; + +/** \brief Encoding of the primitive associated with the PAKE. +* +* For more information see the documentation of the #PSA_PAKE_PRIMITIVE macro. +*/ +typedef uint32_t psa_pake_primitive_t; + +/** \brief Encoding of the application role of PAKE + * + * Encodes the application's role in the algorithm being executed. For more + * information see the documentation of individual \c PSA_PAKE_ROLE_XXX + * constants. + */ +typedef uint8_t psa_pake_role_t; + +/** Encoding of input and output indicators for PAKE. + * + * Some PAKE algorithms need to exchange more data than just a single key share. + * This type is for encoding additional input and output data for such + * algorithms. + */ +typedef uint8_t psa_pake_step_t; + #endif /* PSA_CRYPTO_TYPES_H */ diff --git a/interface/include/psa/crypto_values.h b/interface/include/psa/crypto_values.h index 1d678dbfc..3efe364c1 100644 --- a/interface/include/psa/crypto_values.h +++ b/interface/include/psa/crypto_values.h @@ -741,6 +741,14 @@ */ #define PSA_DH_FAMILY_RFC7919 ((psa_dh_family_t) 0x03) +/** Diffie-Hellman groups defined in RFC 3526. + * + * This family includes groups with the following key sizes (in bits): + * 1536, 2048, 3072, 4096, 6144, 8192. A given implementation may support + * all of these sizes or only a subset. + */ +#define PSA_DH_FAMILY_RFC3526 ((psa_dh_family_t) 0x05) /*!!OM*/ + #define PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type) \ (((type) >> 8) & 7) /** The block size of a block cipher. @@ -2134,6 +2142,35 @@ (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg) || \ ((kdf_alg) == PSA_ALG_PBKDF2_AES_CMAC_PRF_128)) +#define PSA_ALG_SRP_PASSWORD_HASH_BASE ((psa_algorithm_t) 0x08800300) + /** The SRP password to password-hash KDF. + * It takes the password p, the salt s, and the user id u. + * It calculates the password hash h as + * h = H(salt || H(u || ":" || p)) + * where H is the given hash algorithm. + * + * This key derivation algorithm uses the following inputs, which must be + * provided in the following order: + * - #PSA_KEY_DERIVATION_INPUT_INFO is the user id. + * - #PSA_KEY_DERIVATION_INPUT_PASSWORD is the password. + * - #PSA_KEY_DERIVATION_INPUT_SALT is the salt. + * The output has to be read as a key of type PSA_KEY_TYPE_SRP_KEY_PAIR. + */ +#define PSA_ALG_SRP_PASSWORD_HASH(hash_alg) \ + (PSA_ALG_SRP_PASSWORD_HASH_BASE | ((hash_alg) & PSA_ALG_HASH_MASK)) + + /** Whether the specified algorithm is a key derivation algorithm constructed + * using #PSA_ALG_SRP_PASSWORD_HASH(\p hash_alg). + * + * \param alg An algorithm identifier (value of type #psa_algorithm_t). + * + * \return 1 if \p alg is a key derivation algorithm constructed using #PSA_ALG_SRP_PASSWORD_HASH(), + * 0 otherwise. This macro may return either 0 or 1 if \c alg is not a supported + * key derivation algorithm identifier. + */ +#define PSA_ALG_IS_SRP_PASSWORD_HASH(alg) \ + (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_SRP_PASSWORD_HASH_BASE) + #define PSA_ALG_KEY_DERIVATION_MASK ((psa_algorithm_t) 0xfe00ffff) #define PSA_ALG_KEY_AGREEMENT_MASK ((psa_algorithm_t) 0xffff0000) diff --git a/interface/include/tfm_crypto_defs.h b/interface/include/tfm_crypto_defs.h index ad34edeb0..52357cb6a 100644 --- a/interface/include/tfm_crypto_defs.h +++ b/interface/include/tfm_crypto_defs.h @@ -60,6 +60,7 @@ struct tfm_crypto_pack_iovec { size_t capacity; /*!< Key derivation capacity */ uint64_t value; /*!< Key derivation integer for update*/ }; + psa_pake_role_t role; /*!< PAKE role */ }; /** @@ -76,7 +77,8 @@ enum tfm_crypto_group_id_t { TFM_CRYPTO_GROUP_ID_AEAD = UINT8_C(6), TFM_CRYPTO_GROUP_ID_ASYM_SIGN = UINT8_C(7), TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT = UINT8_C(8), - TFM_CRYPTO_GROUP_ID_KEY_DERIVATION = UINT8_C(9) + TFM_CRYPTO_GROUP_ID_KEY_DERIVATION = UINT8_C(9), + TFM_CRYPTO_GROUP_ID_PAKE = UINT8_C(10) }; /* Set of X macros describing each of the available PSA Crypto APIs */ @@ -165,6 +167,17 @@ enum tfm_crypto_group_id_t { #define BASE__VALUE(x) ((uint16_t)((((uint16_t)(x)) << 8) & 0xFF00)) +#define PAKE_FUNCS \ + X(TFM_CRYPTO_PAKE_SETUP) \ + X(TFM_CRYPTO_PAKE_SET_ROLE) \ + X(TFM_CRYPTO_PAKE_SET_USER) \ + X(TFM_CRYPTO_PAKE_SET_PEER) \ + X(TFM_CRYPTO_PAKE_SET_CONTEXT) \ + X(TFM_CRYPTO_PAKE_OUTPUT) \ + X(TFM_CRYPTO_PAKE_INPUT) \ + X(TFM_CRYPTO_PAKE_GET_SHARED_KEY) \ + X(TFM_CRYPTO_PAKE_ABORT) + /** * \brief This type defines numerical progressive values identifying a function API * exposed through the interfaces (S or NS). It's used to dispatch the requests @@ -197,6 +210,8 @@ enum tfm_crypto_func_sid_t { ASYM_ENCRYPT_FUNCS BASE__KEY_DERIVATION = BASE__VALUE(TFM_CRYPTO_GROUP_ID_KEY_DERIVATION) - 1, KEY_DERIVATION_FUNCS + BASE__PAKE = BASE__VALUE(TFM_CRYPTO_GROUP_ID_PAKE) - 1, + PAKE_FUNCS #undef X }; diff --git a/interface/src/tfm_crypto_api.c b/interface/src/tfm_crypto_api.c index 65eae4682..67e8d0451 100644 --- a/interface/src/tfm_crypto_api.c +++ b/interface/src/tfm_crypto_api.c @@ -1690,3 +1690,158 @@ TFM_CRYPTO_API(void, psa_reset_key_attributes)( { memset(attributes, 0, sizeof(*attributes)); } + +TFM_CRYPTO_API(psa_status_t, psa_pake_setup) +(psa_pake_operation_t *operation, psa_key_id_t password_key, + const psa_pake_cipher_suite_t *cipher_suite) { + struct tfm_crypto_pack_iovec iov = {.function_id = TFM_CRYPTO_PAKE_SETUP_SID, + .op_handle = operation->handle, + .key_id = password_key}; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + {.base = cipher_suite, .len = sizeof(psa_pake_cipher_suite_t)}, + }; + + psa_outvec out_vec[] = { + {.base = &(operation->handle), .len = sizeof(uint32_t)}, + }; + + return API_DISPATCH(in_vec, out_vec); +} + +TFM_CRYPTO_API(psa_status_t, psa_pake_set_role) +(psa_pake_operation_t *operation, psa_pake_role_t role) { + struct tfm_crypto_pack_iovec iov = { + .function_id = TFM_CRYPTO_PAKE_SET_ROLE_SID, + .op_handle = operation->handle, + .role = role, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + }; + + return API_DISPATCH_NO_OUTVEC(in_vec); +} + +TFM_CRYPTO_API(psa_status_t, psa_pake_set_user) +(psa_pake_operation_t *operation, const uint8_t *user_id, size_t user_id_len) { + struct tfm_crypto_pack_iovec iov = { + .function_id = TFM_CRYPTO_PAKE_SET_USER_SID, + .op_handle = operation->handle, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + {.base = user_id, .len = user_id_len}, + }; + + return API_DISPATCH_NO_OUTVEC(in_vec); +} + +TFM_CRYPTO_API(psa_status_t, psa_pake_set_peer) +(psa_pake_operation_t *operation, const uint8_t *peer_id, size_t peer_id_len) { + struct tfm_crypto_pack_iovec iov = { + .function_id = TFM_CRYPTO_PAKE_SET_PEER_SID, + .op_handle = operation->handle, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + {.base = peer_id, .len = peer_id_len}, + }; + + return API_DISPATCH_NO_OUTVEC(in_vec); +} + +TFM_CRYPTO_API(psa_status_t, psa_pake_set_context) +(psa_pake_operation_t *operation, const uint8_t *context, size_t context_len) { + struct tfm_crypto_pack_iovec iov = { + .function_id = TFM_CRYPTO_PAKE_SET_CONTEXT_SID, + .op_handle = operation->handle, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + {.base = context, .len = context_len}, + }; + + return API_DISPATCH_NO_OUTVEC(in_vec); +} + +TFM_CRYPTO_API(psa_status_t, psa_pake_output) +(psa_pake_operation_t *operation, psa_pake_step_t step, uint8_t *output, + size_t output_size, size_t *output_length) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + struct tfm_crypto_pack_iovec iov = { + .function_id = TFM_CRYPTO_PAKE_OUTPUT_SID, + .op_handle = operation->handle, + .step = step, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + }; + + psa_outvec out_vec[] = {{.base = output, .len = output_size}}; + + status = API_DISPATCH(in_vec, out_vec); + + *output_length = out_vec[0].len; + + return status; +} + +TFM_CRYPTO_API(psa_status_t, psa_pake_input) +(psa_pake_operation_t *operation, psa_pake_step_t step, const uint8_t *input, + size_t input_length) { + struct tfm_crypto_pack_iovec iov = { + .function_id = TFM_CRYPTO_PAKE_INPUT_SID, + .op_handle = operation->handle, + .step = step, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + {.base = input, .len = input_length}, + }; + + return API_DISPATCH_NO_OUTVEC(in_vec); +} + +TFM_CRYPTO_API(psa_status_t, psa_pake_get_shared_key) +(psa_pake_operation_t *operation, const psa_key_attributes_t *attributes, + mbedtls_svc_key_id_t *key) { + struct tfm_crypto_pack_iovec iov = { + .function_id = TFM_CRYPTO_PAKE_GET_SHARED_KEY_SID, + .op_handle = operation->handle, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + {.base = attributes, .len = sizeof(psa_key_attributes_t)}, + }; + + psa_outvec out_vec[] = { + {.base = &(operation->handle), .len = sizeof(uint32_t)}, + {.base = key, .len = sizeof(mbedtls_svc_key_id_t)}}; + + return API_DISPATCH(in_vec, out_vec); +} + +TFM_CRYPTO_API(psa_status_t, psa_pake_abort)(psa_pake_operation_t *operation) { + struct tfm_crypto_pack_iovec iov = { + .function_id = TFM_CRYPTO_PAKE_ABORT_SID, + .op_handle = operation->handle, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + }; + psa_outvec out_vec[] = { + {.base = &(operation->handle), .len = sizeof(uint32_t)}, + }; + + return API_DISPATCH(in_vec, out_vec); +} diff --git a/secure_fw/partitions/crypto/CMakeLists.txt b/secure_fw/partitions/crypto/CMakeLists.txt index 90ada7036..5197a7b52 100644 --- a/secure_fw/partitions/crypto/CMakeLists.txt +++ b/secure_fw/partitions/crypto/CMakeLists.txt @@ -57,6 +57,7 @@ target_sources(tfm_psa_rot_partition_crypto crypto_key_management.c crypto_rng.c crypto_library.c + crypto_pake.c $<$:psa_driver_api/tfm_builtin_key_loader.c> ) diff --git a/secure_fw/partitions/crypto/Kconfig.comp b/secure_fw/partitions/crypto/Kconfig.comp index 4ea7d66e7..6ec20387e 100644 --- a/secure_fw/partitions/crypto/Kconfig.comp +++ b/secure_fw/partitions/crypto/Kconfig.comp @@ -71,6 +71,10 @@ config CRYPTO_KEY_DERIVATION_MODULE_ENABLED bool "PSA Crypto key derivation module" default y +config CRYPTO_PAKE_MODULE_ENABLED + bool "PSA Crypto PAKE module" + default y + config CRYPTO_NV_SEED bool default n if CRYPTO_HW_ACCELERATOR diff --git a/secure_fw/partitions/crypto/crypto_check_config.h b/secure_fw/partitions/crypto/crypto_check_config.h index 364912257..19d04b77b 100644 --- a/secure_fw/partitions/crypto/crypto_check_config.h +++ b/secure_fw/partitions/crypto/crypto_check_config.h @@ -118,4 +118,14 @@ #error "CRYPTO_KEY_DERIVATION_MODULE_ENABLED enabled, but not all prerequisites (missing key derivation algorithms)!" #endif +#if CRYPTO_PAKE_MODULE_ENABLED && \ + (!defined(PSA_WANT_ALG_JPAKE) && \ + !defined(PSA_WANT_ALG_SPAKE2P_HMAC) && \ + !defined(PSA_WANT_ALG_SPAKE2P_CMAC) && \ + !defined(PSA_WANT_ALG_SPAKE2P_MATTER) && \ + !defined(PSA_WANT_ALG_SRP_6) && \ + !defined(PSA_WANT_ALG_SRP_PASSWORD_HASH)) +#error "CRYPTO_PAKE_MODULE_ENABLED enabled, but not all prerequisites (missing PAKE algorithms)!" +#endif + #endif /* __CRYPTO_CHECK_CONFIG_H__ */ diff --git a/secure_fw/partitions/crypto/crypto_init.c b/secure_fw/partitions/crypto/crypto_init.c index 1854b8faf..c48ead1aa 100644 --- a/secure_fw/partitions/crypto/crypto_init.c +++ b/secure_fw/partitions/crypto/crypto_init.c @@ -387,6 +387,8 @@ psa_status_t tfm_crypto_api_dispatcher(psa_invec in_vec[], &encoded_key); case TFM_CRYPTO_GROUP_ID_RANDOM: return tfm_crypto_random_interface(in_vec, out_vec); + case TFM_CRYPTO_GROUP_ID_PAKE: + return tfm_crypto_pake_interface(in_vec, out_vec, &encoded_key); default: LOG_ERRFMT("[ERR][Crypto] Unsupported request!\r\n"); return PSA_ERROR_NOT_SUPPORTED; diff --git a/secure_fw/partitions/crypto/crypto_pake.c b/secure_fw/partitions/crypto/crypto_pake.c new file mode 100644 index 000000000..3cb37dd77 --- /dev/null +++ b/secure_fw/partitions/crypto/crypto_pake.c @@ -0,0 +1,167 @@ +/* + * Copyright (c) 2024, Nordic Semiconductor ASA. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include "config_tfm.h" +#include "tfm_mbedcrypto_include.h" + +#include "tfm_crypto_api.h" +#include "tfm_crypto_key.h" +#include "tfm_crypto_defs.h" + +#include "crypto_library.h" + +/*! + * \addtogroup tfm_crypto_api_shim_layer + * + */ + +/*!@{*/ +#if CRYPTO_PAKE_MODULE_ENABLED +psa_status_t tfm_crypto_pake_interface(psa_invec in_vec[], + psa_outvec out_vec[], + struct tfm_crypto_key_id_s *encoded_key) +{ + const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; + psa_status_t status = PSA_ERROR_NOT_SUPPORTED; + psa_pake_operation_t *operation = NULL; + uint32_t *p_handle = NULL; + uint16_t sid = iov->function_id; + + tfm_crypto_library_key_id_t library_key = tfm_crypto_library_key_id_init( + encoded_key->owner, encoded_key->key_id); + if(sid == TFM_CRYPTO_PAKE_SETUP_SID) { + p_handle = out_vec[0].base; + *p_handle = iov->op_handle; + status = tfm_crypto_operation_alloc(TFM_CRYPTO_PAKE_OPERATION, + out_vec[0].base, + (void **)&operation); + } else { + status = tfm_crypto_operation_lookup(TFM_CRYPTO_PAKE_OPERATION, + iov->op_handle, + (void **)&operation); + if ((sid == TFM_CRYPTO_PAKE_ABORT_SID) || sid == TFM_CRYPTO_PAKE_GET_SHARED_KEY_SID){ + /* + * finish()/abort() interface put handle in out_vec[0]. + * Therefore, out_vec[0] shall be specially set to original handle + * value. Otherwise, the garbage data in message out_vec[0] may + * override the original handle value in client, after lookup fails. + */ + p_handle = out_vec[0].base; + *p_handle = iov->op_handle; + } + } + if (status != PSA_SUCCESS) { + if (sid == TFM_CRYPTO_PAKE_ABORT_SID) { + /* + * Mbed TLS psa_pake_abort() will return a misleading error code + * if it is called with invalid operation content, since it + * doesn't validate the operation handle. + * It is neither necessary to call tfm_crypto_operation_release() + * with an invalid handle. + * Therefore return PSA_SUCCESS directly as psa_cipher_abort() can + * be called multiple times. + */ + return PSA_SUCCESS; + } + return status; + } + + switch (sid) + { + case TFM_CRYPTO_PAKE_SETUP_SID: + { + status = psa_pake_setup(operation, library_key, in_vec[1].base); + if (status != PSA_SUCCESS) { + goto release_operation_and_return; + } + } + break; + case TFM_CRYPTO_PAKE_SET_ROLE_SID: + { + status = psa_pake_set_role(operation, iov->role); + } + break; + case TFM_CRYPTO_PAKE_SET_USER_SID: + { + status = psa_pake_set_user(operation, in_vec[1].base, in_vec[1].len); + } + break; + case TFM_CRYPTO_PAKE_SET_PEER_SID: + { + status = psa_pake_set_peer(operation, in_vec[1].base, in_vec[1].len); + } + break; + case TFM_CRYPTO_PAKE_SET_CONTEXT_SID: + { + status = psa_pake_set_context(operation, in_vec[1].base, in_vec[1].len); + } + break; + case TFM_CRYPTO_PAKE_OUTPUT_SID: + { + psa_pake_step_t step = (psa_pake_step_t)iov->step; + uint8_t *output = (uint8_t *)out_vec[0].base; + size_t output_size = out_vec[0].len; + size_t *output_length = &out_vec[0].len; + status = psa_pake_output(operation, step, output, output_size, output_length); + if (status != PSA_SUCCESS) { + out_vec[0].len = 0; + } + } + break; + case TFM_CRYPTO_PAKE_INPUT_SID: + { + status = psa_pake_input(operation, (psa_pake_step_t)iov->step, in_vec[1].base, in_vec[1].len); + } + break; + case TFM_CRYPTO_PAKE_GET_SHARED_KEY_SID: + { + psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_id_t *key_handle = out_vec[1].base; + + memcpy(&key_attributes, in_vec[1].base, in_vec[1].len); + tfm_crypto_library_get_library_key_id_set_owner(encoded_key->owner, &key_attributes); + + if (status != PSA_SUCCESS) { + break; + } + + status = psa_pake_get_shared_key(operation, &key_attributes, &library_key); + if (status == PSA_SUCCESS) { + *key_handle = CRYPTO_LIBRARY_GET_KEY_ID(library_key); + /* In case of success automatically release the operation */ + goto release_operation_and_return; + } + } + break; + case TFM_CRYPTO_PAKE_ABORT_SID: + { + status = psa_pake_abort(operation); + goto release_operation_and_return; + } + default: + return PSA_ERROR_NOT_SUPPORTED; + } + + return status; + +release_operation_and_return: + /* Release the operation context, ignore if the operation fails. */ + (void)tfm_crypto_operation_release(p_handle); + return status; +} +#else /* CRYPTO_PAKE_MODULE_ENABLED */ +psa_status_t tfm_crypto_pake_interface(psa_invec in_vec[], + psa_outvec out_vec[], + struct tfm_crypto_key_id_s *encoded_key) +{ + (void)in_vec; + (void)out_vec; + (void)encoded_key; + + return PSA_ERROR_NOT_SUPPORTED; +} +#endif /* CRYPTO_PAKE_MODULE_ENABLED */ +/*!@}*/ diff --git a/secure_fw/partitions/crypto/crypto_spe.h b/secure_fw/partitions/crypto/crypto_spe.h index 61e85488b..29ed716df 100644 --- a/secure_fw/partitions/crypto/crypto_spe.h +++ b/secure_fw/partitions/crypto/crypto_spe.h @@ -162,5 +162,23 @@ PSA_FUNCTION_NAME(psa_asymmetric_decrypt) #define psa_generate_key \ PSA_FUNCTION_NAME(psa_generate_key) +#define psa_pake_setup \ + PSA_FUNCTION_NAME(psa_pake_setup) +#define psa_pake_set_role \ + PSA_FUNCTION_NAME(psa_pake_set_role) +#define psa_pake_set_user \ + PSA_FUNCTION_NAME(psa_pake_set_user) +#define psa_pake_set_peer \ + PSA_FUNCTION_NAME(psa_pake_set_peer) +#define psa_pake_set_context \ + PSA_FUNCTION_NAME(psa_pake_set_context) +#define psa_pake_output \ + PSA_FUNCTION_NAME(psa_pake_output) +#define psa_pake_input \ + PSA_FUNCTION_NAME(psa_pake_input) +#define psa_pake_get_shared_key \ + PSA_FUNCTION_NAME(psa_pake_get_shared_key) +#define psa_pake_abort \ + PSA_FUNCTION_NAME(psa_pake_abort) #endif /* CRYPTO_SPE_H */ diff --git a/secure_fw/partitions/crypto/tfm_crypto_api.h b/secure_fw/partitions/crypto/tfm_crypto_api.h index 8fff29dce..2dc8473fd 100644 --- a/secure_fw/partitions/crypto/tfm_crypto_api.h +++ b/secure_fw/partitions/crypto/tfm_crypto_api.h @@ -31,6 +31,7 @@ enum tfm_crypto_operation_type { TFM_CRYPTO_HASH_OPERATION = 3, TFM_CRYPTO_KEY_DERIVATION_OPERATION = 4, TFM_CRYPTO_AEAD_OPERATION = 5, + TFM_CRYPTO_PAKE_OPERATION = 6, /* Used to force the enum size */ TFM_CRYPTO_OPERATION_TYPE_MAX = INT_MAX @@ -217,6 +218,19 @@ psa_status_t tfm_crypto_random_interface(psa_invec in_vec[], psa_status_t tfm_crypto_hash_interface(psa_invec in_vec[], psa_outvec out_vec[]); +/** + * \brief This function acts as interface for the PAKE module + * + * \param[in] in_vec Array of invec parameters + * \param[out] out_vec Array of outvec parameters + * \param[in] encoded_key Key encoded with partition_id and key_id + * + * \return Return values as described in \ref psa_status_t + */ +psa_status_t tfm_crypto_pake_interface(psa_invec in_vec[], + psa_outvec out_vec[], + struct tfm_crypto_key_id_s *encoded_key); + #ifdef __cplusplus } #endif From 026dc04debb55575fa892fe07f268dc877c05bcd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20B=C3=B8e?= Date: Tue, 19 Mar 2024 14:27:01 +0100 Subject: [PATCH 17/73] [nrf noup] platform: nordic_nrf: include autoconf.h from target_cfg.c MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Include autoconf.h from target_cfg.c so we can configure the TF-M image based on the non-secure image's Kconfig. Signed-off-by: Sebastian Bøe Change-Id: I2212f2ec3428f16618334c5583b0e641aa30ea08 --- platform/ext/target/nordic_nrf/common/core/target_cfg.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.c b/platform/ext/target/nordic_nrf/common/core/target_cfg.c index 7b6cf571a..fd6946c45 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.c +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.c @@ -23,6 +23,8 @@ #include "region.h" #include "array.h" +#include + #include #include #include From b859d7a05d807b84f42a1f30b9476e07f7f82590 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Thu, 15 Aug 2024 15:24:41 +0200 Subject: [PATCH 18/73] [nrf noup] Support CMAC KDF and custom builtin solution MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Allows custom key-loader to be used for the PSA core and allows configuring CMAC KDF usage for PS. noup-reason: PSA_ALG_SP800_108_COUNTER_CMAC is not available in upstream. After testing and verifying the solution (determining if we need further changes) we should try to upstream this. Ref: NCSDK-28740 Signed-off-by: Vidar Lillebø Signed-off-by: Frank Audun Kvamtrø --- config/config_base.cmake | 1 + interface/include/psa/crypto_values.h | 3 +++ secure_fw/partitions/crypto/crypto_library.c | 2 ++ .../internal_trusted_storage/CMakeLists.txt | 1 + .../protected_storage/crypto/ps_crypto_interface.c | 13 +++++++++++-- 5 files changed, 18 insertions(+), 2 deletions(-) diff --git a/config/config_base.cmake b/config/config_base.cmake index 52aef1ddd..1424100b6 100644 --- a/config/config_base.cmake +++ b/config/config_base.cmake @@ -133,6 +133,7 @@ set(BL2_TRAILER_SIZE 0x000 CACHE STRING "BL2 Trailer set(TFM_PARTITION_PROTECTED_STORAGE OFF CACHE BOOL "Enable Protected Storage partition") set(PS_ENCRYPTION ON CACHE BOOL "Enable encryption for Protected Storage partition") set(PS_CRYPTO_AEAD_ALG PSA_ALG_GCM CACHE STRING "The AEAD algorithm to use for authenticated encryption in Protected Storage") +set(PS_CRYPTO_KDF_ALG PSA_ALG_HKDF\(PSA_ALG_SHA_256\) CACHE STRING "KDF Algorithm to use for Protect Storage") set(TFM_PARTITION_INTERNAL_TRUSTED_STORAGE OFF CACHE BOOL "Enable Internal Trusted Storage partition") set(ITS_ENCRYPTION OFF CACHE BOOL "Enable authenticated encryption of ITS files using platform specific APIs") diff --git a/interface/include/psa/crypto_values.h b/interface/include/psa/crypto_values.h index 3efe364c1..1620a21be 100644 --- a/interface/include/psa/crypto_values.h +++ b/interface/include/psa/crypto_values.h @@ -2127,6 +2127,9 @@ (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_PBKDF2_HMAC_BASE) #define PSA_ALG_PBKDF2_HMAC_GET_HASH(pbkdf2_alg) \ (PSA_ALG_CATEGORY_HASH | ((pbkdf2_alg) & PSA_ALG_HASH_MASK)) + +#define PSA_ALG_SP800_108_COUNTER_CMAC ((psa_algorithm_t) 0x08000800) + /** The PBKDF2-AES-CMAC-PRF-128 password hashing / key stretching algorithm. * * PBKDF2 is defined by PKCS#5, republished as RFC 8018 (section 5.2). diff --git a/secure_fw/partitions/crypto/crypto_library.c b/secure_fw/partitions/crypto/crypto_library.c index f840f9019..5aa9bb06b 100644 --- a/secure_fw/partitions/crypto/crypto_library.c +++ b/secure_fw/partitions/crypto/crypto_library.c @@ -98,6 +98,7 @@ void tfm_crypto_library_get_library_key_id_set_owner(int32_t owner, psa_key_attr attr->MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(owner) = owner; } +#ifdef PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER /** * \brief This function is required by mbed TLS to enable support for * platform builtin keys in the PSA Crypto core layer implemented @@ -126,4 +127,5 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( return PSA_ERROR_DOES_NOT_EXIST; } +#endif /*!@}*/ diff --git a/secure_fw/partitions/internal_trusted_storage/CMakeLists.txt b/secure_fw/partitions/internal_trusted_storage/CMakeLists.txt index 6c139d515..4f30c6242 100644 --- a/secure_fw/partitions/internal_trusted_storage/CMakeLists.txt +++ b/secure_fw/partitions/internal_trusted_storage/CMakeLists.txt @@ -63,6 +63,7 @@ target_link_libraries(tfm_psa_rot_partition_its target_compile_definitions(tfm_psa_rot_partition_its PUBLIC PS_CRYPTO_AEAD_ALG=${PS_CRYPTO_AEAD_ALG} + PS_CRYPTO_KDF_ALG=${PS_CRYPTO_KDF_ALG} ) ################ Display the configuration being applied ####################### diff --git a/secure_fw/partitions/protected_storage/crypto/ps_crypto_interface.c b/secure_fw/partitions/protected_storage/crypto/ps_crypto_interface.c index 20e9adfed..f508ff455 100644 --- a/secure_fw/partitions/protected_storage/crypto/ps_crypto_interface.c +++ b/secure_fw/partitions/protected_storage/crypto/ps_crypto_interface.c @@ -18,6 +18,14 @@ #define PS_CRYPTO_AEAD_ALG PSA_ALG_GCM #endif +/* CMake can't handle round brackets for compile defines so PSA_ALG_HKDF(PSA_ALG_SHA_256) doesn't + * work, therefore we have to use a own defined for the C code where + * PSA_ALG_HKDF_PSA_ALG_SHA_256 gets translated to PSA_ALG_HKDF_PSA_ALG_SHA_256 + */ +#if !defined(PS_CRYPTO_KDF_ALG) +#define PS_CRYPTO_KDF_ALG PSA_ALG_HKDF(PSA_ALG_SHA_256) +#endif + /* The PSA key type used by this implementation */ #define PS_KEY_TYPE PSA_KEY_TYPE_AES /* The PSA key usage required by this implementation */ @@ -73,7 +81,7 @@ psa_status_t ps_crypto_setkey(const uint8_t *key_label, size_t key_label_len) psa_set_key_type(&attributes, PS_KEY_TYPE); psa_set_key_bits(&attributes, PSA_BYTES_TO_BITS(PS_KEY_LEN_BYTES)); - status = psa_key_derivation_setup(&op, PSA_ALG_HKDF(PSA_ALG_SHA_256)); + status = psa_key_derivation_setup(&op, PS_CRYPTO_KDF_ALG); if (status != PSA_SUCCESS) { return status; } @@ -86,7 +94,8 @@ psa_status_t ps_crypto_setkey(const uint8_t *key_label, size_t key_label_len) } /* Supply the PS key label as an input to the key derivation */ - status = psa_key_derivation_input_bytes(&op, PSA_KEY_DERIVATION_INPUT_INFO, + status = psa_key_derivation_input_bytes(&op, PS_CRYPTO_KDF_ALG == PSA_ALG_SP800_108_COUNTER_CMAC ? + PSA_KEY_DERIVATION_INPUT_LABEL : PSA_KEY_DERIVATION_INPUT_INFO, key_label, key_label_len); if (status != PSA_SUCCESS) { From 56b2e7cee6dccf64e6f02ea22627746a873ffd0a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20B=C3=B8e?= Date: Wed, 10 Apr 2024 16:00:24 +0200 Subject: [PATCH 19/73] [nrf noup] crypto: Detect wrong headers being included MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit is a noup because we want an NCS specific error message. Detect wrong headers being included. See comment for details. Ref: NCSDK-28740 Signed-off-by: Sebastian Bøe Signed-off-by: Frank Audun Kvamtrø --- interface/include/psa/crypto_platform.h | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/interface/include/psa/crypto_platform.h b/interface/include/psa/crypto_platform.h index a871ee124..d97340a6f 100644 --- a/interface/include/psa/crypto_platform.h +++ b/interface/include/psa/crypto_platform.h @@ -99,4 +99,25 @@ typedef struct { typedef uint32_t mbedtls_psa_client_handle_t; #endif +#if defined(__NRF_TFM__) && defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) +/* + * This header file is provided by TF-M and is only intended to be + * used by clients of PSA, not implementations of PSA. So secure + * partitions in the TF-M image (other than the crypto partition + * itself), and non-secure images. + * + * In NCS, the TF-M crypto partition should be using PSA header files + * from Oberon as it is Oberon that implements PSA. + * + * We want to detect that a source file is in the crypto partition, + * but has accidentally used this TF-M header instead of headers + * provided by Oberon. To do this we would ideally have a + * IS_IN_CRYPTO_PARTION define, but since there is no such define at + * time of writing we check MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER + * instead, which should only be defined by the PSA implementation, + * not by PSA clients. + */ +#error "The TF-M image included the TF-M PSA headers but should have included Oberon PSA headers" +#endif + #endif /* PSA_CRYPTO_PLATFORM_H */ From 5cc51b0bf7be0995b31f36aebea9547af08f4a6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Thu, 15 Aug 2024 15:52:03 +0200 Subject: [PATCH 20/73] [nrf noup] platform: nordic_nrf: Configure XL1/2 pin based on Kconfig MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit For Secure only builds on 53 there exists the Kconfig CONFIG_SOC_ENABLE_LFXO to define if the XL1 and XL2 pin should be configured to used for the LFXO oscillator. TF-M should have the same behavior, to enable the possibility to use these pins for something else [nrf noup] as we don't have the NCS Kconfigs available in upstream TF-M. The CONFIG_ prefixed Kconfigs is made available in the noup commit: Ref: NCSDK-20678 Ref: NCSDK-28740 Signed-off-by: Markus Swarowsky Signed-off-by: Frank Audun Kvamtrø --- platform/ext/target/nordic_nrf/common/core/target_cfg.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.c b/platform/ext/target/nordic_nrf/common/core/target_cfg.c index fd6946c45..1f7f193bf 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.c +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.c @@ -931,8 +931,11 @@ static const uint32_t target_peripherals[] = { * This configuration can be done only from secure code, as otherwise those * register fields are not accessible. That's why it is placed here. */ +#if defined(CONFIG_SOC_ENABLE_LFXO) && CONFIG_SOC_ENABLE_LFXO == 1 +/* CONFIG_SOC_ENABLE_LFXO doesn't exist for 54L15 target, might be changed in future */ nrf_gpio_pin_control_select(PIN_XL1, NRF_GPIO_PIN_SEL_PERIPHERAL); nrf_gpio_pin_control_select(PIN_XL2, NRF_GPIO_PIN_SEL_PERIPHERAL); +#endif /* CONFIG_SOC_ENABLE_LFXO */ #endif /* From 96fe5a5846d1d37ad591b323b37f3b46c851a663 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vidar=20Lilleb=C3=B8?= Date: Fri, 21 Jun 2024 10:49:48 +0200 Subject: [PATCH 21/73] [nrf noup] Fix version warning MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Version check depends on upstream's tagging scheme which differs from NCS's Signed-off-by: Vidar Lillebø --- cmake/version.cmake | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmake/version.cmake b/cmake/version.cmake index 5293af593..fd07243dc 100644 --- a/cmake/version.cmake +++ b/cmake/version.cmake @@ -16,7 +16,7 @@ execute_process(COMMAND git describe --tags --always # In a repository cloned with --no-tags option TFM_VERSION_FULL will be a hash # only hence checking it for a tag format to accept as valid version. -string(FIND ${TFM_VERSION_FULL} "TF-M" TFM_TAG) +string(FIND ${TFM_VERSION_FULL} "v" TFM_TAG) if(TFM_TAG EQUAL -1) set(TFM_VERSION_FULL v${TFM_VERSION_MANUAL}) endif() From 94f544ed4b0b90be0bfe1a7eb0f8640e31cd409b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Fri, 16 Aug 2024 15:17:39 +0200 Subject: [PATCH 22/73] [nrf noup] platform: nordic_nrf: Add support shared UART and using UART0 instance MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add support for selecting which UART instance to use as the secure UART instance. The supported options are UART0 and UART1. Add support for the secure UART instance being shared with the non-secure application. The UART instance is configured as non-secure after it has been uninitialized, and configured as secure when it is initialized again on a fatal error. Note: device-specific target_cfg.h was provided here, which has been dropped from the commit Fixup: The spu_peripheral_config_(non_)secure calls takes the ID of the peripheral as the argument and not the register address. Ref: NCSDK-18595 Ref: NCSDK-28740 Signed-off-by: Joakim Andersson (cherry picked from commit b2346e8698e278105b9f02319b852ec77665d21e) Signed-off-by: Joakim Andersson (cherry picked from commit 97224b077a5c635f9e9e7608159959eefccefbfa) Signed-off-by: Markus Swarowsky Change-Id: I2da826ec4817143ece52baeceaab14999f0d2d96 Signed-off-by: Markus Swarowsky (cherry picked from commit d2a1b8945d91446d18187fec49e3bbc9b33cd756) Signed-off-by: Markus Swarowsky Signed-off-by: Georgios Vasilakis Signed-off-by: Frank Audun Kvamtrø --- .../nordic_nrf/common/core/CMakeLists.txt | 5 +++++ .../common/core/cmsis_drivers/Driver_USART.c | 17 ++++++++++++++++ .../nordic_nrf/common/core/config.cmake | 2 ++ .../nordic_nrf/common/core/target_cfg.c | 20 +++++++++++++++---- .../tfm_peripherals_config.h | 4 ++++ .../tfm_peripherals_config.h | 4 ++++ 6 files changed, 48 insertions(+), 4 deletions(-) diff --git a/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt b/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt index a42b21cf3..3b3db42cb 100644 --- a/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt +++ b/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt @@ -129,6 +129,11 @@ if(TFM_SPM_LOG_RAW_ENABLED) cmsis_drivers/Driver_USART.c ${HAL_NORDIC_PATH}/nrfx/drivers/src/nrfx_uarte.c ) + + target_compile_definitions(platform_s + PUBLIC + NRF_SECURE_UART_INSTANCE=${NRF_SECURE_UART_INSTANCE} + ) endif() target_compile_options(platform_s diff --git a/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_USART.c b/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_USART.c index 953bd629e..012246b21 100644 --- a/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_USART.c +++ b/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_USART.c @@ -28,6 +28,12 @@ #define ARRAY_SIZE(arr) (sizeof(arr)/sizeof(arr[0])) #endif +// TODO: NCSDK-22597: Support configuring peripherals as secure +#if !(DOMAIN_NS == 1U) && defined(CONFIG_TFM_LOG_SHARE_UART) && defined(NRF_SPU) +#define SPU_CONFIGURE_UART +#include +#endif + #ifndef ARG_UNUSED #define ARG_UNUSED(arg) (void)arg #endif @@ -108,6 +114,11 @@ static int32_t ARM_USARTx_Initialize(ARM_USART_SignalEvent_t cb_event, { ARG_UNUSED(cb_event); +#ifdef SPU_CONFIGURE_UART + spu_peripheral_config_secure(NRFX_PERIPHERAL_ID_GET((uint32_t)uart_resources->uarte.p_reg), false); + NVIC_ClearTargetState(NRFX_IRQ_NUMBER_GET((uint32_t)uart_resources->uarte.p_reg)); +#endif + nrfx_uarte_config_t uart_config = UART_CONFIG_INITIALIZER(); uart_config_set_uart_pins(&uart_config, @@ -135,6 +146,12 @@ static int32_t ARM_USARTx_Uninitialize(UARTx_Resources *uart_resources) nrfx_uarte_uninit(&uart_resources->uarte); uart_resources->initialized = false; + +#ifdef SPU_CONFIGURE_UART + spu_peripheral_config_non_secure(NRFX_PERIPHERAL_ID_GET((uint32_t)uart_resources->uarte.p_reg), false); + NVIC_SetTargetState(NRFX_IRQ_NUMBER_GET((uint32_t)uart_resources->uarte.p_reg)); +#endif + return ARM_DRIVER_OK; } diff --git a/platform/ext/target/nordic_nrf/common/core/config.cmake b/platform/ext/target/nordic_nrf/common/core/config.cmake index 0becc02a0..833f10a58 100644 --- a/platform/ext/target/nordic_nrf/common/core/config.cmake +++ b/platform/ext/target/nordic_nrf/common/core/config.cmake @@ -43,3 +43,5 @@ set(NRF_SECURE_APPROTECT OFF CACHE BOOL "Enable secur # Platform-specific configurations set(CONFIG_TFM_USE_TRUSTZONE ON) set(TFM_MULTI_CORE_TOPOLOGY OFF) + +set(NRF_SECURE_UART_INSTANCE 1 CACHE STRING "The UART instance number to use for secure UART") diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.c b/platform/ext/target/nordic_nrf/common/core/target_cfg.c index 1f7f193bf..d6a0c9872 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.c +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.c @@ -682,8 +682,13 @@ enum tfm_plat_err_t nvic_interrupt_target_state_cfg(void) NVIC_ClearTargetState(NRFX_IRQ_NUMBER_GET(NRF_SPU)); #ifdef SECURE_UART1 +#if NRF_SECURE_UART_INSTANCE == 0 + /* UARTE0 is a secure peripheral, so its IRQ has to target S state */ + NVIC_ClearTargetState(NRFX_IRQ_NUMBER_GET(NRF_UARTE0)); +#elif NRF_SECURE_UART_INSTANCE == 1 /* UARTE1 is a secure peripheral, so its IRQ has to target S state */ NVIC_ClearTargetState(NRFX_IRQ_NUMBER_GET(NRF_UARTE1)); +#endif #endif return TFM_PLAT_ERR_SUCCESS; @@ -820,10 +825,17 @@ static const uint32_t target_peripherals[] = { * - TWISx * - UARTEx */ - NRF_SPIM0_S_BASE, -#ifndef SECURE_UART1 - /* UART1 is a secure peripheral, so we need to leave Serial-Box 1 as Secure */ - NRF_SPIM1_S_BASE, + + /* When UART0 is a secure peripheral we need to leave Serial-Box 0 as Secure. + * The UART Driver will configure it as non-secure when it uninitializes. + */ +#if !(defined(SECURE_UART1) && NRF_SECURE_UART_INSTANCE == 0) + spu_peripheral_config_non_secure((uint32_t)NRF_SPIM0, false); +#endif + + /* When UART1 is a secure peripheral we need to leave Serial-Box 1 as Secure */ +#if !(defined(SECURE_UART1) && NRF_SECURE_UART_INSTANCE == 1) + spu_peripheral_config_non_secure((uint32_t)NRF_SPIM1, false); #endif NRF_SPIM2_S_BASE, NRF_SPIM3_S_BASE, diff --git a/platform/ext/target/nordic_nrf/nrf5340dk_nrf5340_cpuapp/tfm_peripherals_config.h b/platform/ext/target/nordic_nrf/nrf5340dk_nrf5340_cpuapp/tfm_peripherals_config.h index 7a8885712..18a044094 100644 --- a/platform/ext/target/nordic_nrf/nrf5340dk_nrf5340_cpuapp/tfm_peripherals_config.h +++ b/platform/ext/target/nordic_nrf/nrf5340dk_nrf5340_cpuapp/tfm_peripherals_config.h @@ -13,8 +13,12 @@ extern "C" { #endif #ifdef SECURE_UART1 +#if NRF_SECURE_UART_INSTANCE == 0 +#define TFM_PERIPHERAL_UARTE0_SECURE 1 +#elif NRF_SECURE_UART_INSTANCE == 1 #define TFM_PERIPHERAL_UARTE1_SECURE 1 #endif +#endif #if TFM_PARTITION_SLIH_TEST || TFM_PARTITION_FLIH_TEST #define TFM_PERIPHERAL_TIMER0_SECURE 1 diff --git a/platform/ext/target/nordic_nrf/nrf9160dk_nrf9160/tfm_peripherals_config.h b/platform/ext/target/nordic_nrf/nrf9160dk_nrf9160/tfm_peripherals_config.h index 80f8540c5..cc980516e 100644 --- a/platform/ext/target/nordic_nrf/nrf9160dk_nrf9160/tfm_peripherals_config.h +++ b/platform/ext/target/nordic_nrf/nrf9160dk_nrf9160/tfm_peripherals_config.h @@ -13,8 +13,12 @@ extern "C" { #endif #ifdef SECURE_UART1 +#if NRF_SECURE_UART_INSTANCE == 0 +#define TFM_PERIPHERAL_UARTE0_SECURE 1 +#elif NRF_SECURE_UART_INSTANCE == 1 #define TFM_PERIPHERAL_UARTE1_SECURE 1 #endif +#endif #if TFM_PARTITION_SLIH_TEST || TFM_PARTITION_FLIH_TEST #define TFM_PERIPHERAL_TIMER0_SECURE 1 From e0b56869797d4a036c50203311e45c8bd17a0862 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Fri, 16 Aug 2024 16:00:28 +0200 Subject: [PATCH 23/73] [nrf noup] platform: nordic_nrf: Add support for nRF54L MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add support for nRF54L Signed-off-by: Sebastian Bøe Signed-off-by: Joakim Andersson Signed-off-by: Markus Swarowsky Signed-off-by: Georgios Vasilakis Signed-off-by: Vidar Lillebø Signed-off-by: Frank Audun Kvamtrø --- platform/ext/common/gcc/tfm_common_s.ld | 9 + .../nordic_nrf/common/core/CMakeLists.txt | 10 +- .../common/core/cmsis_drivers/Driver_Flash.c | 59 ++ .../common/core/cmsis_drivers/Driver_USART.c | 21 +- .../target/nordic_nrf/common/core/faults.c | 94 ++- .../common/core/native_drivers/spu.c | 146 +++- .../common/core/native_drivers/spu.h | 82 +- .../common/core/nrf_exception_info.c | 43 +- .../common/core/nrf_exception_info.h | 10 + .../nordic_nrf/common/core/nrfx_config.h | 14 +- .../services/src/tfm_platform_hal_ioctl.c | 7 + .../target/nordic_nrf/common/core/startup.h | 9 + .../nordic_nrf/common/core/startup_nrf54l15.c | 419 ++++++++++ .../nordic_nrf/common/core/target_cfg.c | 767 +++++++++++++++--- .../nordic_nrf/common/core/target_cfg.h | 26 +- .../common/core/tfm_hal_isolation.c | 7 + .../core/tfm_hal_its_encryption_cracen.c | 233 ++++++ .../nordic_nrf/common/nrf54l15/CMakeLists.txt | 51 ++ .../nordic_nrf/common/nrf54l15/config.cmake | 14 + .../nordic_nrf/common/nrf54l15/cpuarch.cmake | 23 + .../nordic_nrf/common/nrf54l15/mmio_defs.h | 100 +++ .../nrfx_config_nrf54l15_application.h | 74 ++ .../common/nrf54l15/ns/CMakeLists.txt | 29 + .../common/nrf54l15/partition/flash_layout.h | 23 + .../common/nrf54l15/partition/region_defs.h | 23 + .../tests/psa_arch_tests_config.cmake | 9 + .../common/nrf54l15/tfm_interrupts.c | 320 ++++++++ .../tfm_peripherals_config_nrf54l15.h | 24 + .../common/nrf54l15/tfm_peripherals_def.h | 124 +++ .../ns/CMakeLists.txt | 31 + .../ns/cpuarch_ns.cmake | 10 + .../tests/psa_arch_tests_config.cmake | 8 + .../tests/tfm_tests_config.cmake | 8 + .../tfm_peripherals_config.h | 34 + .../crypto/ps_crypto_interface.c | 4 - 35 files changed, 2656 insertions(+), 209 deletions(-) create mode 100644 platform/ext/target/nordic_nrf/common/core/startup_nrf54l15.c create mode 100644 platform/ext/target/nordic_nrf/common/core/tfm_hal_its_encryption_cracen.c create mode 100644 platform/ext/target/nordic_nrf/common/nrf54l15/CMakeLists.txt create mode 100644 platform/ext/target/nordic_nrf/common/nrf54l15/config.cmake create mode 100644 platform/ext/target/nordic_nrf/common/nrf54l15/cpuarch.cmake create mode 100644 platform/ext/target/nordic_nrf/common/nrf54l15/mmio_defs.h create mode 100644 platform/ext/target/nordic_nrf/common/nrf54l15/nrfx_config_nrf54l15_application.h create mode 100644 platform/ext/target/nordic_nrf/common/nrf54l15/ns/CMakeLists.txt create mode 100644 platform/ext/target/nordic_nrf/common/nrf54l15/partition/flash_layout.h create mode 100755 platform/ext/target/nordic_nrf/common/nrf54l15/partition/region_defs.h create mode 100644 platform/ext/target/nordic_nrf/common/nrf54l15/tests/psa_arch_tests_config.cmake create mode 100644 platform/ext/target/nordic_nrf/common/nrf54l15/tfm_interrupts.c create mode 100644 platform/ext/target/nordic_nrf/common/nrf54l15/tfm_peripherals_config_nrf54l15.h create mode 100644 platform/ext/target/nordic_nrf/common/nrf54l15/tfm_peripherals_def.h create mode 100644 platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/CMakeLists.txt create mode 100644 platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/cpuarch_ns.cmake create mode 100644 platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tests/psa_arch_tests_config.cmake create mode 100644 platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tests/tfm_tests_config.cmake create mode 100644 platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tfm_peripherals_config.h diff --git a/platform/ext/common/gcc/tfm_common_s.ld b/platform/ext/common/gcc/tfm_common_s.ld index 67c96a9a7..7026e752c 100644 --- a/platform/ext/common/gcc/tfm_common_s.ld +++ b/platform/ext/common/gcc/tfm_common_s.ld @@ -286,6 +286,15 @@ SECTIONS . = ALIGN(TFM_LINKER_PT_RO_ALIGNMENT); Image$$PT_RO_END$$Base = .; +#if defined(CONFIG_PSA_NEED_CRACEN_KMU_DRIVER) + .nrf_kmu_reserved_push_area S_DATA_START (NOLOAD): + { + __nrf_kmu_reserved_push_area = .; + *(.nrf_kmu_reserved_push_area) + __nrf_kmu_reserved_push_area_end = .; + } > RAM +#endif /* CONFIG_PSA_NEED_CRACEN_KMU_DRIVER */ + /**** Base address of secure data area */ .tfm_secure_data_start : { diff --git a/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt b/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt index 3b3db42cb..9797d8834 100644 --- a/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt +++ b/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt @@ -22,12 +22,14 @@ endif() # At the time of writing there is no systematic way to identify which # NVM technology is used by the SoC from the Kconfig, so we just # hardcode this information here instead. -if((NRF_SOC_VARIANT STREQUAL nrf54l15) OR (target STREQUAL nrf54l15)) +if((NRF_SOC_VARIANT STREQUAL nrf54l15) OR (target STREQUAL nrf54l15) OR (PSA_API_TEST_TARGET STREQUAL nrf54l15)) # Maybe we only need to check one of these options but these # variables keep changing so we check both to be future proof set(HAS_RRAMC 1) + set(HAS_CRACEN 1) else() set(HAS_NVMC 1) + set(HAS_CRACEN 0) endif() #========================= Platform dependencies ===============================# @@ -75,7 +77,7 @@ target_include_directories(platform_s ) set(nvm_sources - ${CMAKE_CURRENT_SOURCE_DIR}/cmsis_drivers/Driver_Flash.c + $<$:${CMAKE_CURRENT_SOURCE_DIR}/cmsis_drivers/Driver_Flash.c> ) if(HAS_RRAMC) @@ -99,7 +101,8 @@ target_sources(platform_s $<$:${CMAKE_CURRENT_SOURCE_DIR}/nrf_exception_info.c> $<$,$>:${CMAKE_CURRENT_SOURCE_DIR}/plat_test.c> $<$:${CMAKE_CURRENT_SOURCE_DIR}/pal_plat_test.c> - $<$:${CMAKE_CURRENT_SOURCE_DIR}/tfm_hal_its_encryption.c> + $<$,$>:${CMAKE_CURRENT_SOURCE_DIR}/tfm_hal_its_encryption.c> + $<$,$>:${CMAKE_CURRENT_SOURCE_DIR}/tfm_hal_its_encryption_cracen.c> ) if (NRF_HW_INIT_RESET_ON_BOOT) @@ -269,3 +272,4 @@ install(DIRECTORY native_drivers install(FILES ${PLATFORM_DIR}/ext/common/gcc/tfm_common_ns.ld DESTINATION ${INSTALL_PLATFORM_NS_DIR}/linker_scripts) + diff --git a/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c b/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c index 7e1d6c228..18c3aef32 100644 --- a/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c +++ b/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c @@ -24,8 +24,19 @@ #include +#include + #if defined(NRF_NVMC_S) #include +#elif defined(NRF_RRAMC_S) +#include + +#if CONFIG_NRF_RRAM_WRITE_BUFFER_SIZE > 0 +#define WRITE_BUFFER_SIZE CONFIG_NRF_RRAM_WRITE_BUFFER_SIZE +#else +#define WRITE_BUFFER_SIZE 0 +#endif + #else #error "Unrecognized platform" #endif @@ -87,6 +98,30 @@ static int32_t ARM_Flash_Initialize(ARM_Flash_SignalEvent_t cb_event) ARG_UNUSED(cb_event); +#ifdef RRAMC_PRESENT + nrfx_rramc_config_t config = NRFX_RRAMC_DEFAULT_CONFIG(WRITE_BUFFER_SIZE); + + config.mode_write = true; + +#if CONFIG_NRF_RRAM_READYNEXT_TIMEOUT_VALUE > 0 + config.preload_timeout_enable = true; + config.preload_timeout = CONFIG_NRF_RRAM_READYNEXT_TIMEOUT_VALUE; +#else + config.preload_timeout_enable = false; + config.preload_timeout = 0; +#endif + + /* Don't use an event handler until it's understood whether we + * want it or not + */ + nrfx_rramc_evt_handler_t handler = NULL; + + nrfx_err_t err = nrfx_rramc_init(&config, handler); + + if(err != NRFX_SUCCESS && err != NRFX_ERROR_ALREADY) { + return err; + } +#endif /* RRAMC_PRESENT */ return ARM_DRIVER_OK; } @@ -127,18 +162,42 @@ static int32_t ARM_Flash_ProgramData(uint32_t addr, const void *data, return ARM_DRIVER_ERROR_PARAMETER; } +#ifdef NRF_NVMC_S nrfx_nvmc_words_write(addr, data, cnt); +#else + nrfx_rramc_words_write(addr, data, cnt); + + /* At time of writing, the Zephyr driver commits writes, but the + * nrfx driver does not, so we commit here using the HAL to align + * Zephyr and TF-M behaviour. + * + * Not committing may cause data loss and/or high power + * consumption. + */ + nrf_rramc_task_trigger(NRF_RRAMC, NRF_RRAMC_TASK_COMMIT_WRITEBUF); +#endif return cnt; } static int32_t ARM_Flash_EraseSector(uint32_t addr) { +#ifdef NRF_NVMC_S nrfx_err_t err_code = nrfx_nvmc_page_erase(addr); if (err_code != NRFX_SUCCESS) { return ARM_DRIVER_ERROR_PARAMETER; } +#else + for (uint32_t *erase_word_ptr = (uint32_t *)addr; + (uint32_t)erase_word_ptr < addr + FLASH_AREA_IMAGE_SECTOR_SIZE; erase_word_ptr++) { + if(*erase_word_ptr != 0xFFFFFFFFU) { + nrfx_rramc_word_write((uint32_t)erase_word_ptr, 0xFFFFFFFFU); + } + } + + nrf_rramc_task_trigger(NRF_RRAMC, NRF_RRAMC_TASK_COMMIT_WRITEBUF); +#endif return ARM_DRIVER_OK; } diff --git a/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_USART.c b/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_USART.c index 012246b21..2720cf7e9 100644 --- a/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_USART.c +++ b/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_USART.c @@ -28,8 +28,7 @@ #define ARRAY_SIZE(arr) (sizeof(arr)/sizeof(arr[0])) #endif -// TODO: NCSDK-22597: Support configuring peripherals as secure -#if !(DOMAIN_NS == 1U) && defined(CONFIG_TFM_LOG_SHARE_UART) && defined(NRF_SPU) +#if !(DOMAIN_NS == 1U) && defined(CONFIG_TFM_LOG_SHARE_UART) && (defined(NRF_SPU) || defined(NRF_SPU00)) #define SPU_CONFIGURE_UART #include #endif @@ -40,7 +39,8 @@ #define ARM_USART_DRV_VERSION ARM_DRIVER_VERSION_MAJOR_MINOR(2, 2) -#if RTE_USART0 || RTE_USART1 || RTE_USART2 || RTE_USART3 || RTE_USART20 || RTE_USART22 +#if RTE_USART0 || RTE_USART1 || RTE_USART2 || RTE_USART3 || \ + RTE_UART00 || RTE_USART20 || RTE_UART21 || RTE_UART22 || RTE_USART30 #define PSEL_DISCONNECTED 0xFFFFFFFFUL @@ -439,13 +439,24 @@ DRIVER_USART(2); DRIVER_USART(3); #endif -// TODO: NCSDK-25009: Support choosing an instance for TF-M +#if RTE_USART00 +DRIVER_USART(00); +#endif + #if RTE_USART20 DRIVER_USART(20); #endif +#if RTE_USART21 +DRIVER_USART(21); +#endif + #if RTE_USART22 DRIVER_USART(22); #endif -#endif /* RTE_USART0 || RTE_USART1 || etc. */ +#if RTE_USART30 +DRIVER_USART(30); +#endif + +#endif /* RTE_USART0 || RTE_USART1 || RTE_USART2 || RTE_USART3 || RTE_USART20 || RTE_USART22 */ diff --git a/platform/ext/target/nordic_nrf/common/core/faults.c b/platform/ext/target/nordic_nrf/common/core/faults.c index 3d847a7af..4cdffd8d7 100644 --- a/platform/ext/target/nordic_nrf/common/core/faults.c +++ b/platform/ext/target/nordic_nrf/common/core/faults.c @@ -22,7 +22,7 @@ void SPU_Handler(void) /* Clear SPU interrupt flag and pending SPU IRQ */ spu_clear_events(); - NVIC_ClearPendingIRQ(SPU_IRQn); + NVIC_ClearPendingIRQ((SCB->ICSR & SCB_ICSR_VECTACTIVE_Msk) - NVIC_USER_IRQ_OFFSET); tfm_core_panic(); } @@ -36,3 +36,95 @@ __attribute__((naked)) void SPU_IRQHandler(void) "B . \n" ); } + +#ifdef NRF_SPU00 +__attribute__((naked)) void SPU00_IRQHandler(void) +{ + EXCEPTION_INFO(); + + __ASM volatile( + "BL SPU_Handler \n" + "B . \n" + ); +} +#endif + +#ifdef NRF_SPU10 +__attribute__((naked)) void SPU10_IRQHandler(void) +{ + EXCEPTION_INFO(); + + __ASM volatile( + "BL SPU_Handler \n" + "B . \n" + ); +} +#endif + +#ifdef NRF_SPU20 +__attribute__((naked)) void SPU20_IRQHandler(void) +{ + EXCEPTION_INFO(); + + __ASM volatile( + "BL SPU_Handler \n" + "B . \n" + ); +} +#endif + +#ifdef NRF_SPU30 +__attribute__((naked)) void SPU30_IRQHandler(void) +{ + EXCEPTION_INFO(); + + __ASM volatile( + "BL SPU_Handler \n" + "B . \n" + ); +} +#endif + +#ifdef NRF_MPC00 +__attribute__((naked)) void MPC_Handler(void) +{ + EXCEPTION_INFO(); + +#ifdef TFM_EXCEPTION_INFO_DUMP + nrf_exception_info_store_context(); +#endif + + /* Clear MPC interrupt flag and pending MPC IRQ */ + mpc_clear_events(); + + NVIC_ClearPendingIRQ(MPC00_IRQn); + + tfm_core_panic(); + + __ASM volatile( + "B . \n" + ); +} + +void MPC00_IRQHandler(void) +{ + /* Address 0xFFFFFFFE is used by TF-M as a return address in some cases + * (e.g., THRD_GENERAL_EXIT). This causes the debugger to access this + * address when analyzing stack frames upon hitting a breakpoint in TF-M. + * Attempting to access this address triggers the MPC MEMACCERR event, + * disrupting debugging. To prevent this, we ignore events from this address. + * Note that this does not affect exception information in MPC_Handler, + * except for scratch registers (R0-R3). + **/ + if( nrf_mpc_event_check(NRF_MPC00, NRF_MPC_EVENT_MEMACCERR)){ + if(NRF_MPC00->MEMACCERR.ADDRESS == 0xFFFFFFFE) + { + mpc_clear_events(); + NVIC_ClearPendingIRQ(MPC00_IRQn); + return; + } + } + + MPC_Handler(); +} +#endif diff --git a/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.c b/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.c index 5bf8e97f8..3d93de8b6 100644 --- a/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.c +++ b/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.c @@ -16,8 +16,14 @@ #include "spu.h" #include "region_defs.h" +#include "array.h" /* Platform-specific configuration */ +#if NRF_SPU_HAS_MEMORY + +#define DEVICE_FLASH_BASE_ADDRESS FLASH_BASE_ADDRESS +#define DEVICE_SRAM_BASE_ADDRESS SRAM_BASE_ADDRESS + #define FLASH_SECURE_ATTRIBUTION_REGION_SIZE SPU_FLASH_REGION_SIZE #define SRAM_SECURE_ATTRIBUTION_REGION_SIZE SPU_SRAM_REGION_SIZE @@ -29,9 +35,6 @@ #define NUM_SRAM_SECURE_ATTRIBUTION_REGIONS \ (TOTAL_RAM_SIZE / SRAM_SECURE_ATTRIBUTION_REGION_SIZE) -#define DEVICE_FLASH_BASE_ADDRESS FLASH_BASE_ADDRESS -#define DEVICE_SRAM_BASE_ADDRESS SRAM_BASE_ADDRESS - /* Convenience macros for SPU Non-Secure Callable (NCS) attribution */ /* @@ -56,37 +59,24 @@ */ #define FLASH_NSC_SIZE_REG(size) ((31 - __builtin_clz(size)) - 4) - -void spu_enable_interrupts(void) +#if defined(REGION_PCD_SRAM_ADDRESS) +static bool spu_region_is_sram_region_in_address_range(uint8_t region_id, uint32_t start_address, uint32_t end_address) { - nrf_spu_int_enable(NRF_SPU, - NRF_SPU_INT_FLASHACCERR_MASK | - NRF_SPU_INT_RAMACCERR_MASK | - NRF_SPU_INT_PERIPHACCERR_MASK); + size_t start_id = (start_address - DEVICE_SRAM_BASE_ADDRESS) / SRAM_SECURE_ATTRIBUTION_REGION_SIZE; + size_t end_id = (end_address - DEVICE_SRAM_BASE_ADDRESS) / SRAM_SECURE_ATTRIBUTION_REGION_SIZE; + return region_id >= start_id && region_id <= end_id; } +#endif -uint32_t spu_events_get(void) +static bool spu_region_is_pcd_region(NRF_SPU_Type * p_reg, uint8_t region_id) { - uint32_t events = 0; - - if (nrf_spu_event_check(NRF_SPU, NRF_SPU_EVENT_RAMACCERR)) { - events |= SPU_EVENT_RAMACCERR; - } - if (nrf_spu_event_check(NRF_SPU, NRF_SPU_EVENT_FLASHACCERR)) { - events |= SPU_EVENT_FLASHACCERR; - } - if (nrf_spu_event_check(NRF_SPU, NRF_SPU_EVENT_PERIPHACCERR)) { - events |= SPU_EVENT_PERIPHACCERR; - } + bool is_pcd = false; - return events; -} +#ifdef PM_PCD_SRAM_ADDRESS + is_pcd = is_pcd || spu_region_is_sram_region_in_address_range(region_id, PM_PCD_SRAM_ADDRESS, PM_PCD_SRAM_END_ADDRESS); +#endif -void spu_clear_events(void) -{ - nrf_spu_event_clear(NRF_SPU, NRF_SPU_EVENT_RAMACCERR); - nrf_spu_event_clear(NRF_SPU, NRF_SPU_EVENT_FLASHACCERR); - nrf_spu_event_clear(NRF_SPU, NRF_SPU_EVENT_PERIPHACCERR); + return is_pcd; } #if defined(REGION_MCUBOOT_ADDRESS) || defined(REGION_B0_ADDRESS) || defined(REGION_S0_ADDRESS) || defined(REGION_S1_ADDRESS) @@ -98,15 +88,6 @@ static bool spu_region_is_flash_region_in_address_range(uint8_t region_id, uint3 } #endif -#if defined(REGION_PCD_SRAM_ADDRESS) -static bool spu_region_is_sram_region_in_address_range(uint8_t region_id, uint32_t start_address, uint32_t end_address) -{ - size_t start_id = (start_address - DEVICE_SRAM_BASE_ADDRESS) / SRAM_SECURE_ATTRIBUTION_REGION_SIZE; - size_t end_id = (end_address - DEVICE_SRAM_BASE_ADDRESS) / SRAM_SECURE_ATTRIBUTION_REGION_SIZE; - return region_id >= start_id && region_id <= end_id; -} -#endif - static bool spu_region_is_bootloader_region(NRF_SPU_Type * p_reg, uint8_t region_id) { bool is_bootloader = false; @@ -127,17 +108,98 @@ static bool spu_region_is_bootloader_region(NRF_SPU_Type * p_reg, uint8_t region return is_bootloader; } -static bool spu_region_is_pcd_region(NRF_SPU_Type * p_reg, uint8_t region_id) +#endif /* NRF_SPU_HAS_MEMORY */ + +void spu_enable_interrupts(void) { - bool is_pcd = false; + uint32_t mask = 0; -#ifdef PM_PCD_SRAM_ADDRESS - is_pcd = is_pcd || spu_region_is_sram_region_in_address_range(region_id, PM_PCD_SRAM_ADDRESS, PM_PCD_SRAM_END_ADDRESS); +#if NRF_SPU_HAS_MEMORY + mask |= NRF_SPU_INT_RAMACCERR_MASK; + mask |= NRF_SPU_INT_FLASHACCERR_MASK; #endif - return is_pcd; + mask |= NRF_SPU_INT_PERIPHACCERR_MASK; + + for(int i = 0; i < ARRAY_SIZE(spu_instances); i++) { + nrf_spu_int_enable(spu_instances[i], mask); + } +} + +uint32_t spu_events_get(void) +{ + uint32_t events = 0; + + for(int i = 0; i < ARRAY_SIZE(spu_instances); i++) { + if(nrf_spu_event_check(spu_instances[i], NRF_SPU_EVENT_PERIPHACCERR)){ + events |= SPU_EVENT_PERIPHACCERR; + } +#if NRF_SPU_HAS_MEMORY + if (nrf_spu_event_check(spu_instances[i], NRF_SPU_EVENT_RAMACCERR)) { + events |= SPU_EVENT_RAMACCERR; + } + if (nrf_spu_event_check(spu_instances[i], NRF_SPU_EVENT_FLASHACCERR)) { + events |= SPU_EVENT_FLASHACCERR; + } +#endif /* NRF_SPU_HAS_MEMORY */ + } + + return events; +} + +#ifdef MPC_PRESENT +void mpc_enable_interrupts(void) +{ + uint32_t mask = NRF_MPC_INT_MEMACCERR_MASK; + nrf_mpc_int_enable(NRF_MPC00, mask); +} + +uint32_t mpc_events_get(void) +{ + uint32_t events = 0; + + if (nrf_mpc_event_check(NRF_MPC00, NRF_MPC_EVENT_MEMACCERR)){ + events |= MPC_EVENT_MEMACCERR; + } + + return events; } +void mpc_clear_events() +{ + nrf_mpc_event_clear(NRF_MPC00, NRF_MPC_EVENT_MEMACCERR); +} +#endif /* MPC_PRESENT */ + +void spu_clear_events(void) +{ + for(int i = 0; i < ARRAY_SIZE(spu_instances); i++) { +#if NRF_SPU_HAS_MEMORY + nrf_spu_event_clear(spu_instances[i], NRF_SPU_EVENT_RAMACCERR); + nrf_spu_event_clear(spu_instances[i], NRF_SPU_EVENT_FLASHACCERR); +#endif + nrf_spu_event_clear(spu_instances[i], NRF_SPU_EVENT_PERIPHACCERR); + } +} + +#ifdef SPU_PERIPHACCERR_ADDRESS_ADDRESS_Msk +uint32_t spu_get_peri_addr(void) { + uint32_t addr = 0; + + for(int i = 0; i < ARRAY_SIZE(spu_instances); i++) { + if(spu_instances[i]->EVENTS_PERIPHACCERR){ + /* Only the lower 16 bits of the address are captured into the register. The upper + * 16 bits correspond to the upper 16 bits of the SPU's base address. + */ + addr = spu_instances[i]->PERIPHACCERR.ADDRESS | ((uint32_t)spu_instances[i] & 0xFFFF0000); + } + } + + return addr; +} +#endif + +#if NRF_SPU_HAS_MEMORY void spu_regions_reset_unlocked_secure(void) { for (size_t i = 0; i < NUM_FLASH_SECURE_ATTRIBUTION_REGIONS ; i++) { diff --git a/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.h b/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.h index 2cb75739f..da7f9fc1f 100644 --- a/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.h +++ b/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.h @@ -20,14 +20,36 @@ #include #include #include +#include #include +#ifdef MPC_PRESENT +#include +#endif #define SPU_LOCK_CONF_LOCKED true #define SPU_LOCK_CONF_UNLOCKED false #define SPU_SECURE_ATTR_SECURE true #define SPU_SECURE_ATTR_NONSECURE false +__attribute__((unused)) static NRF_SPU_Type * spu_instances[] = { +#ifdef NRF_SPU + NRF_SPU, +#endif +#ifdef NRF_SPU00 + NRF_SPU00, +#endif +#ifdef NRF_SPU10 + NRF_SPU10, +#endif +#ifdef NRF_SPU20 + NRF_SPU20, +#endif +#ifdef NRF_SPU30 + NRF_SPU30, +#endif +}; + /** * \brief SPU interrupt enabling * @@ -40,6 +62,7 @@ enum spu_events { SPU_EVENT_RAMACCERR = 1 << 0, SPU_EVENT_FLASHACCERR = 1 << 1, SPU_EVENT_PERIPHACCERR= 1 << 2, + MPC_EVENT_MEMACCERR = 1 << 3 }; /** @@ -122,45 +145,10 @@ void spu_peripheral_config_secure(const uint32_t periph_base_address, bool perip void spu_peripheral_config_non_secure(const uint32_t periph_base_address, bool periph_lock); /** - * Configure DPPI channels to be accessible from Non-Secure domain. + * /brief Retrieve the address of the transaction that triggered PERIPHACCERR. * - * \param channels_mask Bitmask with channels configuration. - * \param lock_conf Variable indicating whether to lock DPPI channel security - * - * \note all channels are configured as Non-Secure - */ -static inline void spu_dppi_config_non_secure(uint32_t channels_mask, bool lock_conf) -{ - nrf_spu_dppi_config_set(NRF_SPU, 0, channels_mask, lock_conf); -} - -/** - * Configure GPIO pins to be accessible from Non-Secure domain. - * - * \param port_number GPIO Port number - * \param gpio_mask Bitmask with gpio configuration. - * \param lock_conf Variable indicating whether to lock GPIO port security - * - * \note all pins are configured as Non-Secure - */ -static inline void spu_gpio_config_non_secure(uint8_t port_number, uint32_t gpio_mask, - bool lock_conf) -{ - nrf_spu_gpio_config_set(NRF_SPU, port_number, gpio_mask, lock_conf); -} - -/** - * Return the SPU instance that can be used to configure the - * peripheral at the given base address. */ -static inline NRF_SPU_Type * spu_instance_from_peripheral_addr(uint32_t peripheral_addr) -{ - /* See the SPU chapter in the IPS for how this is calculated */ - - uint32_t apb_bus_number = peripheral_addr & 0x00FC0000; - - return (NRF_SPU_Type *)(0x50000000 | apb_bus_number); -} +uint32_t spu_get_peri_addr(void); /** * \brief Return base address of a Flash SPU regions @@ -248,4 +236,24 @@ uint32_t spu_regions_sram_get_last_id(void); */ uint32_t spu_regions_sram_get_region_size(void); +/** + * \brief MPC interrupt enabling + * + * Enable security violations outside the Cortex-M33 + * to trigger SPU interrupts. + */ +void mpc_enable_interrupts(void); + +/** + * \brief Retrieve bitmask of MPC events. + */ +uint32_t mpc_events_get(void); + +/** + * \brief MPC event clearing + * + * Clear MPC event registers + */ +void mpc_clear_events(void); + #endif diff --git a/platform/ext/target/nordic_nrf/common/core/nrf_exception_info.c b/platform/ext/target/nordic_nrf/common/core/nrf_exception_info.c index 16ac5a5d1..a5df17e8e 100644 --- a/platform/ext/target/nordic_nrf/common/core/nrf_exception_info.c +++ b/platform/ext/target/nordic_nrf/common/core/nrf_exception_info.c @@ -11,29 +11,60 @@ static struct nrf_exception_info nrf_exc_info; -static void spu_dump_context(struct nrf_exception_info *ctx) +static void dump_exception_info(struct nrf_exception_info *ctx) { - SPMLOG_ERRMSG("Platform Exception: SPU Fault\r\n"); + SPMLOG_ERRMSG("Platform Exception:\r\n"); /* Report which type of violation occured */ if (ctx->events & SPU_EVENT_RAMACCERR) { - SPMLOG_DBGMSG(" RAMACCERR\r\n"); + SPMLOG_DBGMSG(" SPU.RAMACCERR\r\n"); } if (ctx->events & SPU_EVENT_PERIPHACCERR) { - SPMLOG_DBGMSG(" PERIPHACCERR\r\n"); + SPMLOG_DBGMSG(" SPU.PERIPHACCERR\r\n"); + SPMLOG_DBGMSGVAL(" Target addr: ", ctx->periphaccerr.address); } if (ctx->events & SPU_EVENT_FLASHACCERR) { - SPMLOG_DBGMSG(" FLASHACCERR\r\n"); + SPMLOG_DBGMSG(" SPU.FLASHACCERR\r\n"); } + +#if MPC_PRESENT + if (ctx->events & MPC_EVENT_MEMACCERR) { + SPMLOG_DBGMSG(" MPC.MEMACCERR\r\n"); + SPMLOG_DBGMSGVAL(" Target addr: ", ctx->memaccerr.address); + SPMLOG_DBGMSGVAL(" Access information: ", ctx->memaccerr.info); + SPMLOG_DBGMSGVAL(" Owner id: ", ctx->memaccerr.info & 0xf); + SPMLOG_DBGMSGVAL(" Masterport: ", (ctx->memaccerr.info & 0x1f0) >> 4); + SPMLOG_DBGMSGVAL(" Read: ", (ctx->memaccerr.info >> 12) & 1); + SPMLOG_DBGMSGVAL(" Write: ", (ctx->memaccerr.info >> 13) & 1); + SPMLOG_DBGMSGVAL(" Execute: ", (ctx->memaccerr.info >> 14) & 1); + SPMLOG_DBGMSGVAL(" Secure: ", (ctx->memaccerr.info >> 15) & 1); + SPMLOG_DBGMSGVAL(" Error source: ", (ctx->memaccerr.info >> 16) & 1); + } +#endif } void nrf_exception_info_store_context(void) { nrf_exc_info.events = spu_events_get(); - spu_dump_context(&nrf_exc_info); +#ifdef SPU_PERIPHACCERR_ADDRESS_ADDRESS_Msk + if (nrf_exc_info.events & SPU_EVENT_PERIPHACCERR){ + nrf_exc_info.periphaccerr.address = spu_get_peri_addr(); + } +#endif + +#ifdef MPC_PRESENT + nrf_exc_info.events |= mpc_events_get(); + if (nrf_exc_info.events & MPC_EVENT_MEMACCERR) + { + nrf_exc_info.memaccerr.address = NRF_MPC00->MEMACCERR.ADDRESS; + nrf_exc_info.memaccerr.info = NRF_MPC00->MEMACCERR.INFO; + } +#endif + + dump_exception_info(&nrf_exc_info); } void nrf_exception_info_get_context(struct nrf_exception_info *ctx) diff --git a/platform/ext/target/nordic_nrf/common/core/nrf_exception_info.h b/platform/ext/target/nordic_nrf/common/core/nrf_exception_info.h index 7f297c800..04b2eb8ba 100644 --- a/platform/ext/target/nordic_nrf/common/core/nrf_exception_info.h +++ b/platform/ext/target/nordic_nrf/common/core/nrf_exception_info.h @@ -11,6 +11,16 @@ struct nrf_exception_info { uint32_t events; + union{ + struct { + uint32_t address; + } periphaccerr; + + struct { + uint32_t address; + uint32_t info; + } memaccerr; + }; }; void nrf_exception_info_store_context(void); diff --git a/platform/ext/target/nordic_nrf/common/core/nrfx_config.h b/platform/ext/target/nordic_nrf/common/core/nrfx_config.h index dadddeb97..f76e49cdd 100644 --- a/platform/ext/target/nordic_nrf/common/core/nrfx_config.h +++ b/platform/ext/target/nordic_nrf/common/core/nrfx_config.h @@ -48,7 +48,8 @@ #endif /* RTE_FLASH0 */ -#if RTE_USART0 || RTE_USART1 || RTE_USART2 || RTE_USART3 || RTE_USART20 || RTE_USART22 +#if RTE_USART0 || RTE_USART1 || RTE_USART2 || RTE_USART3 || \ + RTE_USART00 || RTE_USART20 || RTE_USART21 || RTE_USART22 || RTE_USART30 #define NRFX_UARTE_ENABLED 1 #endif #if RTE_USART0 @@ -64,13 +65,22 @@ #define NRFX_UARTE3_ENABLED 1 #endif -// TODO: NCSDK-25009: Moonlight: Make it possible to use different UARTS with TF-M +/* 54L15 has different UART instances */ +#if RTE_USART00 +#define NRFX_UARTE00_ENABLED 1 +#endif #if RTE_USART20 #define NRFX_UARTE20_ENABLED 1 #endif +#if RTE_USART21 +#define NRFX_UARTE21_ENABLED 1 +#endif #if RTE_USART22 #define NRFX_UARTE22_ENABLED 1 #endif +#if RTE_USART30 +#define NRFX_UARTE30_ENABLED 1 +#endif /* * For chips with TrustZone support, MDK provides CMSIS-Core peripheral diff --git a/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c b/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c index 9b0a4b4a4..87a9c4c27 100644 --- a/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c +++ b/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c @@ -103,10 +103,17 @@ tfm_platform_hal_read_service(const psa_invec *in_vec, static bool valid_mcu_select(uint32_t mcu) { switch (mcu) { +#if defined(NRF54L15_ENGA_XXAA) + case NRF_GPIO_PIN_SEL_GPIO: + case NRF_GPIO_PIN_SEL_VPR: + case NRF_GPIO_PIN_SEL_GRTC: + case NRF_GPIO_PIN_SEL_TND: +#else case NRF_GPIO_PIN_SEL_APP: case NRF_GPIO_PIN_SEL_NETWORK: case NRF_GPIO_PIN_SEL_PERIPHERAL: case NRF_GPIO_PIN_SEL_TND: +#endif return true; default: return false; diff --git a/platform/ext/target/nordic_nrf/common/core/startup.h b/platform/ext/target/nordic_nrf/common/core/startup.h index bb1295886..4b3f738b0 100644 --- a/platform/ext/target/nordic_nrf/common/core/startup.h +++ b/platform/ext/target/nordic_nrf/common/core/startup.h @@ -36,6 +36,15 @@ __NO_RETURN void SecureFault_Handler(void); void SPU_IRQHandler(void); +void SPU00_IRQHandler(void); +void SPU10_IRQHandler(void); +void SPU20_IRQHandler(void); +void SPU30_IRQHandler(void); + +void MPC00_IRQHandler(void); + +void CRACEN_IRQHandler(void); + /* * The default irq handler is used as a backup in case of * misconfiguration. diff --git a/platform/ext/target/nordic_nrf/common/core/startup_nrf54l15.c b/platform/ext/target/nordic_nrf/common/core/startup_nrf54l15.c new file mode 100644 index 000000000..aa81ab1b1 --- /dev/null +++ b/platform/ext/target/nordic_nrf/common/core/startup_nrf54l15.c @@ -0,0 +1,419 @@ +/* + * Copyright (c) 2022 Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an AS IS BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* + * This file is derivative of CMSIS V5.9.0 startup_ARMCM33.c + * Git SHA: 2b7495b8535bdcb306dac29b9ded4cfb679d7e5c + */ + +// TODO: NCSDK-25033: Support interrupt handling in TF-M. The IRQs +// below correspond to nrf53, not nrf54L. + +/* + * Define __VECTOR_TABLE_ATTRIBUTE (which can be provided by cmsis.h) + * before including cmsis.h because TF-M's linker script + * tfm_common_s.ld assumes the vector table section is called .vectors + * while cmsis.h will sometimes (e.g. when cmsis is provided by nrfx) + * default to using the name .isr_vector. + */ +#define __VECTOR_TABLE_ATTRIBUTE __attribute__((used, section(".vectors"))) + +#include "cmsis.h" +#include "startup.h" +#include "exception_info.h" + +__NO_RETURN __attribute__((naked)) void default_tfm_IRQHandler(void) { + EXCEPTION_INFO(); + + __ASM volatile( + "BL default_irq_handler \n" + "B . \n" + ); +} + +DEFAULT_IRQ_HANDLER(NMI_Handler) +DEFAULT_IRQ_HANDLER(HardFault_Handler) +DEFAULT_IRQ_HANDLER(MemManage_Handler) +DEFAULT_IRQ_HANDLER(BusFault_Handler) +DEFAULT_IRQ_HANDLER(UsageFault_Handler) +DEFAULT_IRQ_HANDLER(SecureFault_Handler) +DEFAULT_IRQ_HANDLER(SVC_Handler) +DEFAULT_IRQ_HANDLER(DebugMon_Handler) +DEFAULT_IRQ_HANDLER(PendSV_Handler) +DEFAULT_IRQ_HANDLER(SysTick_Handler) + +DEFAULT_IRQ_HANDLER(SWI00_IRQHandler) +DEFAULT_IRQ_HANDLER(SWI01_IRQHandler) +DEFAULT_IRQ_HANDLER(SWI02_IRQHandler) +DEFAULT_IRQ_HANDLER(SWI03_IRQHandler) +DEFAULT_IRQ_HANDLER(AAR00_CCM00_IRQHandler) +DEFAULT_IRQ_HANDLER(ECB00_IRQHandler) +DEFAULT_IRQ_HANDLER(SERIAL00_IRQHandler) +DEFAULT_IRQ_HANDLER(RRAMC_IRQHandler) +DEFAULT_IRQ_HANDLER(VPR00_IRQHandler) +DEFAULT_IRQ_HANDLER(CTRLAP_IRQHandler) +DEFAULT_IRQ_HANDLER(CM33SS_IRQHandler) +DEFAULT_IRQ_HANDLER(TIMER00_IRQHandler) +DEFAULT_IRQ_HANDLER(TIMER10_IRQHandler) +DEFAULT_IRQ_HANDLER(RTC10_IRQHandler) +DEFAULT_IRQ_HANDLER(EGU10_IRQHandler) +DEFAULT_IRQ_HANDLER(AAR10_CCM10_IRQHandler) +DEFAULT_IRQ_HANDLER(ECB10_IRQHandler) +DEFAULT_IRQ_HANDLER(RADIO_0_IRQHandler) +DEFAULT_IRQ_HANDLER(RADIO_1_IRQHandler) +DEFAULT_IRQ_HANDLER(SERIAL20_IRQHandler) +DEFAULT_IRQ_HANDLER(SERIAL21_IRQHandler) +DEFAULT_IRQ_HANDLER(SERIAL22_IRQHandler) +DEFAULT_IRQ_HANDLER(EGU20_IRQHandler) +DEFAULT_IRQ_HANDLER(TIMER20_IRQHandler) +DEFAULT_IRQ_HANDLER(TIMER21_IRQHandler) +DEFAULT_IRQ_HANDLER(TIMER22_IRQHandler) +DEFAULT_IRQ_HANDLER(TIMER23_IRQHandler) +DEFAULT_IRQ_HANDLER(TIMER24_IRQHandler) +DEFAULT_IRQ_HANDLER(PWM20_IRQHandler) +DEFAULT_IRQ_HANDLER(PWM21_IRQHandler) +DEFAULT_IRQ_HANDLER(PWM22_IRQHandler) +DEFAULT_IRQ_HANDLER(SAADC_IRQHandler) +DEFAULT_IRQ_HANDLER(NFCT_IRQHandler) +DEFAULT_IRQ_HANDLER(TEMP_IRQHandler) +DEFAULT_IRQ_HANDLER(GPIOTE20_1_IRQHandler) +DEFAULT_IRQ_HANDLER(TAMPC_IRQHandler) +DEFAULT_IRQ_HANDLER(I2S20_IRQHandler) +DEFAULT_IRQ_HANDLER(QDEC20_IRQHandler) +DEFAULT_IRQ_HANDLER(QDEC21_IRQHandler) +DEFAULT_IRQ_HANDLER(GRTC_0_IRQHandler) +DEFAULT_IRQ_HANDLER(GRTC_1_IRQHandler) +DEFAULT_IRQ_HANDLER(GRTC_2_IRQHandler) +DEFAULT_IRQ_HANDLER(GRTC_3_IRQHandler) +DEFAULT_IRQ_HANDLER(SERIAL30_IRQHandler) +DEFAULT_IRQ_HANDLER(RTC30_IRQHandler) +DEFAULT_IRQ_HANDLER(COMP_LPCOMP_IRQHandler) +DEFAULT_IRQ_HANDLER(WDT30_IRQHandler) +DEFAULT_IRQ_HANDLER(WDT31_IRQHandler) +DEFAULT_IRQ_HANDLER(GPIOTE30_1_IRQHandler) +DEFAULT_IRQ_HANDLER(CLOCK_POWER_IRQHandler) + +#if defined(DOMAIN_NS) || defined(BL2) +DEFAULT_IRQ_HANDLER(MPC00_IRQHandler) +DEFAULT_IRQ_HANDLER(SPU00_IRQHandler) +DEFAULT_IRQ_HANDLER(SPU10_IRQHandler) +DEFAULT_IRQ_HANDLER(SPU20_IRQHandler) +DEFAULT_IRQ_HANDLER(SPU30_IRQHandler) +DEFAULT_IRQ_HANDLER(CRACEN_IRQHandler) +#endif + +#if defined ( __GNUC__ ) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wpedantic" +#endif + +const VECTOR_TABLE_Type __VECTOR_TABLE[] __VECTOR_TABLE_ATTRIBUTE = { + (VECTOR_TABLE_Type)(&__INITIAL_SP), /* Initial Stack Pointer */ +/* Exceptions */ + Reset_Handler, + NMI_Handler, + HardFault_Handler, + MemManage_Handler, /* MPU Fault Handler */ + BusFault_Handler, + UsageFault_Handler, + SecureFault_Handler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + SVC_Handler, + DebugMon_Handler, + default_tfm_IRQHandler, + PendSV_Handler, + SysTick_Handler, +/* Device specific interrupt handlers */ + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + SWI00_IRQHandler, + SWI01_IRQHandler, + SWI02_IRQHandler, + SWI03_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + SPU00_IRQHandler, + MPC00_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + AAR00_CCM00_IRQHandler, + ECB00_IRQHandler, + CRACEN_IRQHandler, + default_tfm_IRQHandler, + SERIAL00_IRQHandler, + RRAMC_IRQHandler, + VPR00_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + CTRLAP_IRQHandler, + CM33SS_IRQHandler, + default_tfm_IRQHandler, + TIMER00_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + SPU10_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + TIMER10_IRQHandler, + RTC10_IRQHandler, + EGU10_IRQHandler, + AAR10_CCM10_IRQHandler, + ECB10_IRQHandler, + RADIO_0_IRQHandler, + RADIO_1_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + SPU20_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + SERIAL20_IRQHandler, + SERIAL21_IRQHandler, + SERIAL22_IRQHandler, + EGU20_IRQHandler, + TIMER20_IRQHandler, + TIMER21_IRQHandler, + TIMER22_IRQHandler, + TIMER23_IRQHandler, + TIMER24_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + PWM20_IRQHandler, + PWM21_IRQHandler, + PWM22_IRQHandler, + SAADC_IRQHandler, + NFCT_IRQHandler, + TEMP_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + GPIOTE20_1_IRQHandler, + TAMPC_IRQHandler, + I2S20_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + QDEC20_IRQHandler, + QDEC21_IRQHandler, + GRTC_0_IRQHandler, + GRTC_1_IRQHandler, + GRTC_2_IRQHandler, + GRTC_3_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + SPU30_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + SERIAL30_IRQHandler, + RTC30_IRQHandler, + COMP_LPCOMP_IRQHandler, + default_tfm_IRQHandler, + WDT30_IRQHandler, + WDT31_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + GPIOTE30_1_IRQHandler, + CLOCK_POWER_IRQHandler, +}; + +#if defined ( __GNUC__ ) +#pragma GCC diagnostic pop +#endif diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.c b/platform/ext/target/nordic_nrf/common/core/target_cfg.c index d6a0c9872..b2b1f1dff 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.c +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.c @@ -20,6 +20,7 @@ #include "region_defs.h" #include "tfm_plat_defs.h" #include "tfm_peripherals_config.h" +#include "utilities.h" #include "region.h" #include "array.h" @@ -27,18 +28,55 @@ #include #include -#include -#include + #include #include +#ifdef RRAMC_PRESENT +#include +#include + +#if CONFIG_NRF_RRAM_WRITE_BUFFER_SIZE > 0 +#define WRITE_BUFFER_SIZE CONFIG_NRF_RRAM_WRITE_BUFFER_SIZE +#else +#define WRITE_BUFFER_SIZE 0 +#endif + +#endif + +#define SPU_ADDRESS_REGION (0x50000000) +#define GET_SPU_SLAVE_INDEX(periph) ((periph.periph_start & 0x0003F000) >> 12) +#define GET_SPU_INSTANCE(periph) ((NRF_SPU_Type*)(SPU_ADDRESS_REGION | (periph.periph_start & 0x00FC0000))) + + +#ifdef CACHE_PRESENT +#include +#endif + +#ifdef NVMC_PRESENT +#include +#include +#endif + +#ifdef MPC_PRESENT +#include +#endif + +#ifdef NRF53_SERIES #define PIN_XL1 0 #define PIN_XL2 1 - -#if !(defined(NRF91_SERIES) || defined(NRF53_SERIES)) -#error "Invalid configuration" #endif +#ifdef NRF54L15_ENGA_XXAA +/* On nRF54L15 XL1 and XL2 are(P1.00) and XL2(P1.01) */ +#define PIN_XL1 32 +#define PIN_XL2 33 +/* During TF-M system initialization we invoke a function that comes + * from Zephyr. This function does not have a header file so we + * declare it's prototype here. + */ +int nordicsemi_nrf54l_init(void); +#endif #if TFM_PERIPHERAL_DCNF_SECURE struct platform_data_t tfm_peripheral_dcnf = { @@ -96,6 +134,48 @@ struct platform_data_t tfm_peripheral_spim0 = { }; #endif +#if TFM_PERIPHERAL_SPIM00_SECURE +struct platform_data_t tfm_peripheral_spim00 = { + NRF_SPIM00_S_BASE, + NRF_SPIM00_S_BASE + (sizeof(NRF_SPIM_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_SPIM20_SECURE +struct platform_data_t tfm_peripheral_spim20 = { + NRF_SPIM20_S_BASE, + NRF_SPIM20_S_BASE + (sizeof(NRF_SPIM_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_SPIM22_SECURE +struct platform_data_t tfm_peripheral_spim21 = { + NRF_SPIM21_S_BASE, + NRF_SPIM21_S_BASE + (sizeof(NRF_SPIM_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_SPIM22_SECURE +struct platform_data_t tfm_peripheral_spim22 = { + NRF_SPIM22_S_BASE, + NRF_SPIM22_S_BASE + (sizeof(NRF_SPIM_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_SPIM23_SECURE +struct platform_data_t tfm_peripheral_spim23 = { + NRF_SPIM23_S_BASE, + NRF_SPIM23_S_BASE + (sizeof(NRF_SPIM_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_SPIM30_SECURE +struct platform_data_t tfm_peripheral_spim30 = { + NRF_SPIM30_S_BASE, + NRF_SPIM30_S_BASE + (sizeof(NRF_SPIM_Type) - 1), +}; +#endif + #if TFM_PERIPHERAL_SPIS0_SECURE struct platform_data_t tfm_peripheral_spis0 = { NRF_SPIS0_S_BASE, @@ -236,6 +316,41 @@ struct platform_data_t tfm_peripheral_uarte3 = { }; #endif +#if TFM_PERIPHERAL_UARTE00_SECURE +struct platform_data_t tfm_peripheral_uarte00 = { + NRF_UARTE00_S_BASE, + NRF_UARTE00_S_BASE + (sizeof(NRF_UARTE_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_UARTE20_SECURE +struct platform_data_t tfm_peripheral_uarte20 = { + NRF_UARTE20_S_BASE, + NRF_UARTE20_S_BASE + (sizeof(NRF_UARTE_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_UARTE21_SECURE +struct platform_data_t tfm_peripheral_uarte21 = { + NRF_UARTE21_S_BASE, + NRF_UARTE21_S_BASE + (sizeof(NRF_UARTE_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_UARTE22_SECURE +struct platform_data_t tfm_peripheral_uarte22 = { + NRF_UARTE22_S_BASE, + NRF_UARTE22_S_BASE + (sizeof(NRF_UARTE_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_UARTE30_SECURE +struct platform_data_t tfm_peripheral_uarte30 = { + NRF_UARTE30_S_BASE, + NRF_UARTE30_S_BASE + (sizeof(NRF_UARTE_Type) - 1), +}; +#endif + #if TFM_PERIPHERAL_SAADC_SECURE struct platform_data_t tfm_peripheral_saadc = { NRF_SAADC_S_BASE, @@ -250,6 +365,55 @@ struct platform_data_t tfm_peripheral_timer0 = { }; #endif +#if TFM_PERIPHERAL_TIMER00_SECURE +struct platform_data_t tfm_peripheral_timer00 = { + NRF_TIMER00_S_BASE, + NRF_TIMER00_S_BASE + (sizeof(NRF_TIMER_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_TIMER10_SECURE +struct platform_data_t tfm_peripheral_timer10 = { + NRF_TIMER10_S_BASE, + NRF_TIMER10_S_BASE + (sizeof(NRF_TIMER_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_TIMER20_SECURE +struct platform_data_t tfm_peripheral_timer20 = { + NRF_TIMER20_S_BASE, + NRF_TIMER20_S_BASE + (sizeof(NRF_TIMER_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_TIMER21_SECURE +struct platform_data_t tfm_peripheral_timer21 = { + NRF_TIMER21_S_BASE, + NRF_TIMER21_S_BASE + (sizeof(NRF_TIMER_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_TIMER22_SECURE +struct platform_data_t tfm_peripheral_timer22 = { + NRF_TIMER22_S_BASE, + NRF_TIMER22_S_BASE + (sizeof(NRF_TIMER_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_TIMER23_SECURE +struct platform_data_t tfm_peripheral_timer23 = { + NRF_TIMER23_S_BASE, + NRF_TIMER23_S_BASE + (sizeof(NRF_TIMER_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_TIMER24_SECURE +struct platform_data_t tfm_peripheral_timer24 = { + NRF_TIMER24_S_BASE, + NRF_TIMER24_S_BASE + (sizeof(NRF_TIMER_Type) - 1), +}; +#endif + #if TFM_PERIPHERAL_TIMER1_SECURE struct platform_data_t tfm_peripheral_timer1 = { NRF_TIMER1_S_BASE, @@ -362,6 +526,20 @@ struct platform_data_t tfm_peripheral_egu5 = { }; #endif +#if TFM_PERIPHERAL_EGU10_SECURE +struct platform_data_t tfm_peripheral_egu10 = { + NRF_EGU10_S_BASE, + NRF_EGU10_S_BASE + (sizeof(NRF_EGU_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_EGU20_SECURE +struct platform_data_t tfm_peripheral_egu20 = { + NRF_EGU20_S_BASE, + NRF_EGU20_S_BASE + (sizeof(NRF_EGU_Type) - 1), +}; +#endif + #if TFM_PERIPHERAL_PWM0_SECURE struct platform_data_t tfm_peripheral_pwm0 = { NRF_PWM0_S_BASE, @@ -390,6 +568,27 @@ struct platform_data_t tfm_peripheral_pwm3 = { }; #endif +#if TFM_PERIPHERAL_PWM20_SECURE +struct platform_data_t tfm_peripheral_pwm20 = { + NRF_PWM20_S_BASE, + NRF_PWM20_S_BASE + (sizeof(NRF_PWM_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_PWM21_SECURE +struct platform_data_t tfm_peripheral_pwm21 = { + NRF_PWM21_S_BASE, + NRF_PWM21_S_BASE + (sizeof(NRF_PWM_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_PWM22_SECURE +struct platform_data_t tfm_peripheral_pwm22 = { + NRF_PWM22_S_BASE, + NRF_PWM22_S_BASE + (sizeof(NRF_PWM_Type) - 1), +}; +#endif + #if TFM_PERIPHERAL_PDM0_SECURE struct platform_data_t tfm_peripheral_pdm0 = { NRF_PDM0_S_BASE, @@ -608,33 +807,7 @@ enum tfm_plat_err_t system_reset_cfg(void) enum tfm_plat_err_t init_debug(void) { -#if defined(NRF_APPROTECT) || defined(NRF_SECURE_APPROTECT) - -#if !defined(DAUTH_CHIP_DEFAULT) -#error "Debug access controlled by NRF_APPROTECT and NRF_SECURE_APPROTECT." -#endif - -#if defined(NRF_APPROTECT) - /* For nRF53 and nRF91x1 already active. For nRF9160, active in the next boot.*/ - if (nrfx_nvmc_word_writable_check((uint32_t)&NRF_UICR_S->APPROTECT, - UICR_APPROTECT_PALL_Protected)) { - nrfx_nvmc_word_write((uint32_t)&NRF_UICR_S->APPROTECT, UICR_APPROTECT_PALL_Protected); - } else { - return TFM_PLAT_ERR_SYSTEM_ERR; - } -#endif -#if defined(NRF_SECURE_APPROTECT) - /* For nRF53 and nRF91x1 already active. For nRF9160, active in the next boot. */ - if (nrfx_nvmc_word_writable_check((uint32_t)&NRF_UICR_S->SECUREAPPROTECT, - UICR_SECUREAPPROTECT_PALL_Protected)) { - nrfx_nvmc_word_write((uint32_t)&NRF_UICR_S->SECUREAPPROTECT, - UICR_SECUREAPPROTECT_PALL_Protected); - } else { - return TFM_PLAT_ERR_SYSTEM_ERR; - } -#endif - -#elif defined(NRF91_SERIES) +#if defined(NRF91_SERIES) || defined(NRF54L15_ENGA_XXAA) #if !defined(DAUTH_CHIP_DEFAULT) #error "Debug access on this platform can only be configured by programming the corresponding registers in UICR." @@ -665,11 +838,17 @@ enum tfm_plat_err_t init_debug(void) NRF_CTRLAP->SECUREAPPROTECT.LOCK = CTRLAPPERI_SECUREAPPROTECT_LOCK_LOCK_Locked << CTRLAPPERI_SECUREAPPROTECT_LOCK_LOCK_Msk; +#else +#error "Unrecognized platform" + #endif return TFM_PLAT_ERR_SUCCESS; } +#define NRF_UARTE_INSTANCE(id) NRF_UARTE ## id +#define NRF_UARTE_INSTANCE_GET(id) NRF_UARTE_INSTANCE(id) + /*----------------- NVIC interrupt target state to NS configuration ----------*/ enum tfm_plat_err_t nvic_interrupt_target_state_cfg(void) { @@ -678,17 +857,21 @@ enum tfm_plat_err_t nvic_interrupt_target_state_cfg(void) NVIC->ITNS[i] = 0xFFFFFFFF; } - /* Make sure that the SPU is targeted to S state */ - NVIC_ClearTargetState(NRFX_IRQ_NUMBER_GET(NRF_SPU)); + /* Make sure that the SPU instance(s) are targeted to S state */ + for(int i = 0; i < ARRAY_SIZE(spu_instances); i++) { + NVIC_ClearTargetState(NRFX_IRQ_NUMBER_GET(spu_instances[i])); + } -#ifdef SECURE_UART1 -#if NRF_SECURE_UART_INSTANCE == 0 - /* UARTE0 is a secure peripheral, so its IRQ has to target S state */ - NVIC_ClearTargetState(NRFX_IRQ_NUMBER_GET(NRF_UARTE0)); -#elif NRF_SECURE_UART_INSTANCE == 1 - /* UARTE1 is a secure peripheral, so its IRQ has to target S state */ - NVIC_ClearTargetState(NRFX_IRQ_NUMBER_GET(NRF_UARTE1)); +#ifdef NRF_CRACEN + NVIC_ClearTargetState(NRFX_IRQ_NUMBER_GET(NRF_CRACEN)); #endif +#ifdef NRF_MPC00 + NVIC_ClearTargetState(MPC00_IRQn); +#endif + +#ifdef SECURE_UART1 + /* IRQ for the selected secure UART has to target S state */ + NVIC_ClearTargetState(NRFX_IRQ_NUMBER_GET(NRF_UARTE_INSTANCE_GET(NRF_SECURE_UART_INSTANCE))); #endif return TFM_PLAT_ERR_SUCCESS; @@ -700,8 +883,23 @@ enum tfm_plat_err_t nvic_interrupt_enable(void) /* SPU interrupt enabling */ spu_enable_interrupts(); - NVIC_ClearPendingIRQ(NRFX_IRQ_NUMBER_GET(NRF_SPU)); - NVIC_EnableIRQ(NRFX_IRQ_NUMBER_GET(NRF_SPU)); + for(int i = 0; i < ARRAY_SIZE(spu_instances); i++) { + NVIC_ClearPendingIRQ(NRFX_IRQ_NUMBER_GET(spu_instances[i])); + NVIC_EnableIRQ(NRFX_IRQ_NUMBER_GET(spu_instances[i])); + } + +#ifdef MPC_PRESENT + mpc_clear_events(); + /* MPC interrupt enabling */ + mpc_enable_interrupts(); + + NVIC_ClearPendingIRQ(NRFX_IRQ_NUMBER_GET(NRF_MPC00)); + NVIC_EnableIRQ(NRFX_IRQ_NUMBER_GET(NRF_MPC00)); +#endif + + /* The CRACEN driver configures the NVIC for CRACEN and is + * therefore omitted here. + */ return TFM_PLAT_ERR_SUCCESS; } @@ -710,13 +908,61 @@ enum tfm_plat_err_t nvic_interrupt_enable(void) void sau_and_idau_cfg(void) { + /* + * SAU and IDAU configuration is very different between old + * (53/91) and new (54++) platforms. New platforms have a proper SAU + * and IDAU, whereas old platforms do not. + */ +#ifdef NRF54L15_ENGA_XXAA + /* + * This SAU configuration aligns with ARM's RSS implementation of + * sau_and_idau_cfg when possible. + */ + + /* Enables SAU */ + TZ_SAU_Enable(); + + /* Configures SAU regions to be non-secure */ + + /* Note that this SAU configuration assumes that there is only one + * secure NVM partition and one non-secure NVM partition. Meaning, + * memory_regions.non_secure_partition_limit is at the end of + * NVM. + */ + + /* Configure the end of NVM, and the FICR, to be non-secure using + a single region. Note that the FICR is placed after the + non-secure NVM and before the UICR.*/ + SAU->RNR = 0; + SAU->RBAR = (memory_regions.non_secure_partition_base + & SAU_RBAR_BADDR_Msk); + SAU->RLAR = (NRF_UICR_S_BASE & SAU_RLAR_LADDR_Msk) | SAU_RLAR_ENABLE_Msk; + + /* Leave SAU region 1 disabled until we find a use for it */ + + /* Configures veneers region to be non-secure callable */ + SAU->RNR = 2; + SAU->RBAR = (memory_regions.veneer_base & SAU_RBAR_BADDR_Msk); + SAU->RLAR = (memory_regions.veneer_limit & SAU_RLAR_LADDR_Msk) + | SAU_RLAR_ENABLE_Msk | SAU_RLAR_NSC_Msk; + + /* Configures SAU region 3 to cover both the end of SRAM and + * regions above it as shown in the "Example memory map" in the + * "Product Specification" */ + SAU->RNR = 3; + SAU->RBAR = (NS_DATA_START & SAU_RBAR_BADDR_Msk); + SAU->RLAR = (0xFFFFFFFFul & SAU_RLAR_LADDR_Msk) | SAU_RLAR_ENABLE_Msk; + +#else /* IDAU (SPU) is always enabled. SAU is non-existent. * Allow SPU to have precedence over (non-existing) ARMv8-M SAU. */ TZ_SAU_Disable(); SAU->CTRL |= SAU_CTRL_ALLNS_Msk; +#endif } +#if NRF_SPU_HAS_MEMORY enum tfm_plat_err_t spu_init_cfg(void) { /* @@ -795,29 +1041,264 @@ enum tfm_plat_err_t spu_init_cfg(void) return TFM_PLAT_ERR_SUCCESS; } +#endif /* NRF_SPU_HAS_MEMORY */ + + +#ifdef MPC_PRESENT +struct mpc_region_override { + nrf_mpc_override_config_t config; + nrf_owner_t owner_id; + uintptr_t start_address; + size_t endaddr; + uint32_t perm; + uint32_t permmask; + size_t index; +}; + +static void mpc_configure_override(NRF_MPC_Type *mpc, struct mpc_region_override *override) +{ + nrf_mpc_override_startaddr_set(mpc, override->index, override->start_address); + nrf_mpc_override_endaddr_set(mpc, override->index, override->endaddr); + nrf_mpc_override_perm_set(mpc, override->index, override->perm); + nrf_mpc_override_permmask_set(mpc, override->index, override->permmask); + nrf_mpc_override_ownerid_set(mpc, override->index, override->owner_id); + nrf_mpc_override_config_set(mpc, override->index, &override->config); +} + +/* + * Configure the override struct with reasonable defaults. This includes: + * + * Use a slave number of 0 to avoid redirecting bus transactions from + * one slave to another. + * + * Lock the override to prevent the code that follows from tampering + * with the configuration. + * + * Enable the override so it takes effect. + * + * Indicate that secdom is not enabled as this driver is not used on + * platforms with secdom. + */ +static void init_mpc_region_override(struct mpc_region_override * override) +{ + *override = (struct mpc_region_override){ + .config = + (nrf_mpc_override_config_t){ + .slave_number = 0, + .lock = true, + .enable = true, + .secdom_enable = false, + .secure_mask = true, + }, + .perm = 0, /* 0 for non-secure */ + .owner_id = 0, + }; + + override->permmask = MPC_OVERRIDE_PERM_SECATTR_Msk; +} + +enum tfm_plat_err_t nrf_mpc_init_cfg(void) +{ + /* On 54l the NRF_MPC00->REGION[]'s are fixed in HW and the + * OVERRIDE indexes (that are useful to us) start at 0 and end + * (inclusive) at 4. + * + * Note that the MPC regions configure all volatile and non-volatile memory as secure, so we only + * need to explicitly OVERRIDE the non-secure addresses to permit non-secure access. + * + * Explicitly configuring memory as secure is not necessary. + * + * The last OVERRIDE in 54L is fixed in HW and exists to prevent + * other bus masters than the KMU from accessing CRACEN protected RAM. + * + * Note that we must take care not to configure an OVERRIDE that + * affects an active bus transaction. + * + * Note that we don't configure the NSC region to be NS because + * from the MPC's perspective it is secure. NSC is only configurable from the SAU. + * + * Note that OVERRIDE[n].MASTERPORT has a reasonable reset value + * so it is left unconfigured. + * + * Note that there are two owners in 54L. KMU with owner ID 1, and everything else with owner ID 0. + */ + + uint32_t index = 0; + /* + * Configure the non-secure partition of the non-volatile + * memory. This MPC region is intended to cover both the + * non-secure partition in the NVM and also the FICR. The FICR + * starts after the NVM and ends just before the UICR. + */ + { + struct mpc_region_override override; + + init_mpc_region_override(&override); + + override.start_address = memory_regions.non_secure_partition_base; + override.endaddr = NRF_UICR_S_BASE; + override.index = index++; + + mpc_configure_override(NRF_MPC00, &override); + } + + /* Configure the non-secure partition of the volatile memory */ + { + struct mpc_region_override override; + + init_mpc_region_override(&override); + + override.start_address = NS_DATA_START; + override.endaddr = 1 + NS_DATA_LIMIT; + override.index = index++; + + mpc_configure_override(NRF_MPC00, &override); + } + + if(index > 4) { + /* Used more overrides than are available */ + tfm_core_panic(); + } + + /* Lock and disable any unused MPC overrides to prevent malicious configuration */ + while(index <= 4) { + struct mpc_region_override override; + + init_mpc_region_override(&override); + + override.config.enable = false; + + override.index = index++; + + mpc_configure_override(NRF_MPC00, &override); + } + + return TFM_PLAT_ERR_SUCCESS; +} + +#endif /* MPC_PRESENT */ + +static void dppi_channel_configuration(void) +{ + /* The SPU HW and corresponding NRFX HAL API have two different + * API's for DPPI security configuration. The defines + * NRF_SPU_HAS_OWNERSHIP and NRF_SPU_HAS_MEMORY identify which of the two API's + * are present. + * + * TFM_PERIPHERAL_DPPI_CHANNEL_MASK_SECURE is configurable, but + * usually defaults to 0, which results in all DPPI channels being + * non-secure. + */ +#if NRF_SPU_HAS_MEMORY + /* There is only one dppi_id */ + uint8_t dppi_id = 0; + nrf_spu_dppi_config_set(NRF_SPU, dppi_id, TFM_PERIPHERAL_DPPI_CHANNEL_MASK_SECURE, + SPU_LOCK_CONF_LOCKED); +#else + /* TODO_NRF54L15: Use the nrf_spu_feature API to configure DPPI + channels according to a user-controllable config similar to + TFM_PERIPHERAL_DPPI_CHANNEL_MASK_SECURE. */ +#endif +} enum tfm_plat_err_t spu_periph_init_cfg(void) { /* Peripheral configuration */ -static const uint32_t target_peripherals[] = { +#ifdef NRF54L15_ENGA_XXAA + /* Configure features to be non-secure */ + + /* + * Due to MLT-7600, many SPU HW reset values are wrong. The docs + * generally features being non-secure when coming out of HW + * reset, but the HW has a good mix of both. + * + * When configuring NRF_SPU 0 will indicate non-secure and 1 will + * indicate secure. + * + * Most of the chip should be non-secure so to simplify and be + * consistent, we memset the entire memory map of each SPU + * peripheral to 0. + * + * Just after memsetting to 0 we explicitly configure the + * peripherals that should be secure back to secure again. + */ + // TODO: NCSDK-22597: Evaluate if it is safe to memset everything + // in NRF_SPU to 0. + memset(NRF_SPU00, 0, sizeof(NRF_SPU_Type)); + memset(NRF_SPU10, 0, sizeof(NRF_SPU_Type)); + memset(NRF_SPU20, 0, sizeof(NRF_SPU_Type)); + memset(NRF_SPU30, 0, sizeof(NRF_SPU_Type)); + +#if SECURE_UART1 + /* Configure TF-M's UART peripheral to be secure */ +#if NRF_SECURE_UART_INSTANCE == 00 + uint32_t uart_periph_start = tfm_peripheral_uarte00.periph_start; +#endif +#if NRF_SECURE_UART_INSTANCE == 20 + uint32_t uart_periph_start = tfm_peripheral_uarte20.periph_start; +#endif +#if NRF_SECURE_UART_INSTANCE == 21 + uint32_t uart_periph_start = tfm_peripheral_uarte21.periph_start; +#endif +#if NRF_SECURE_UART_INSTANCE == 22 + uint32_t uart_periph_start = tfm_peripheral_uarte22.periph_start; +#endif +#if NRF_SECURE_UART_INSTANCE == 30 + uint32_t uart_periph_start = tfm_peripheral_uarte30.periph_start; +#endif + spu_peripheral_config_secure(uart_periph_start, SPU_LOCK_CONF_LOCKED); +#endif + + /* Configure the CTRL-AP mailbox interface to be secure as it is used by the secure ADAC service */ + spu_peripheral_config_secure(NRF_CTRLAP_S_BASE, SPU_LOCK_CONF_LOCKED); + + /* Configure NRF_MEMCONF to be secure as it could otherwise be used to corrupt secure RAM. */ + spu_peripheral_config_secure(NRF_MEMCONF_S_BASE, SPU_LOCK_CONF_LOCKED); + + /* Configure trace to be secure, as the security implications of non-secure trace are not understood */ + spu_peripheral_config_secure(NRF_TAD_S_BASE, SPU_LOCK_CONF_LOCKED); + + /* Configure these HW features, which are not in the MDK, to be + * secure, as the security implications of them being non-secure + * are not understood + */ + uint32_t base_addresses[4] = { + 0x50056000, + 0x5008C000, + 0x500E6000, + 0x5010F000 + }; + for(int i = 0; i < 4; i++) { + spu_peripheral_config_secure(base_addresses[i], SPU_LOCK_CONF_LOCKED); + } + + /* Configure NRF_REGULATORS, and NRF_OSCILLATORS to be secure as NRF_REGULATORS.POFCON is needed + * to prevent glitches when the power supply is attacked. + * + * NB: Note that NRF_OSCILLATORS and NRF_REGULATORS have the same base address and must therefore + * have the same security configuration. + */ + spu_peripheral_config_secure(NRF_REGULATORS_S_BASE, SPU_LOCK_CONF_LOCKED); +#else +static const uint8_t target_peripherals[] = { /* The following peripherals share ID: * - FPU (FPU cannot be configured in NRF91 series, it's always NS) * - DCNF (On 53, but not 91) */ #ifndef NRF91_SERIES - NRF_FPU_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_FPU), #endif /* The following peripherals share ID: * - REGULATORS * - OSCILLATORS */ - NRF_REGULATORS_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_REGULATORS), /* The following peripherals share ID: * - CLOCK * - POWER * - RESET (On 53, but not 91) */ - NRF_CLOCK_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_CLOCK), /* The following peripherals share ID: (referred to as Serial-Box) * - SPIMx * - SPISx @@ -830,124 +1311,168 @@ static const uint32_t target_peripherals[] = { * The UART Driver will configure it as non-secure when it uninitializes. */ #if !(defined(SECURE_UART1) && NRF_SECURE_UART_INSTANCE == 0) - spu_peripheral_config_non_secure((uint32_t)NRF_SPIM0, false); + NRFX_PERIPHERAL_ID_GET(NRF_SPIM0), +#ifndef SECURE_UART1 + /* UART1 is a secure peripheral, so we need to leave Serial-Box 1 as Secure */ + NRFX_PERIPHERAL_ID_GET(NRF_SPIM1), #endif + NRFX_PERIPHERAL_ID_GET(NRF_SPIM2), + NRFX_PERIPHERAL_ID_GET(NRF_SPIM3), - /* When UART1 is a secure peripheral we need to leave Serial-Box 1 as Secure */ -#if !(defined(SECURE_UART1) && NRF_SECURE_UART_INSTANCE == 1) - spu_peripheral_config_non_secure((uint32_t)NRF_SPIM1, false); -#endif - NRF_SPIM2_S_BASE, - NRF_SPIM3_S_BASE, #ifdef NRF_SPIM4 - NRF_SPIM4_S_BASE, -#endif - NRF_SAADC_S_BASE, - NRF_TIMER0_S_BASE, - NRF_TIMER1_S_BASE, - NRF_TIMER2_S_BASE, - NRF_RTC0_S_BASE, - NRF_RTC1_S_BASE, - NRF_DPPIC_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_SPIM4), +#endif + NRFX_PERIPHERAL_ID_GET(NRF_SAADC), + NRFX_PERIPHERAL_ID_GET(NRF_TIMER0), + NRFX_PERIPHERAL_ID_GET(NRF_TIMER1), + NRFX_PERIPHERAL_ID_GET(NRF_TIMER2), + NRFX_PERIPHERAL_ID_GET(NRF_RTC0), + NRFX_PERIPHERAL_ID_GET(NRF_RTC1), + NRFX_PERIPHERAL_ID_GET(NRF_DPPIC), #ifndef PSA_API_TEST_IPC #ifdef NRF_WDT0 /* WDT0 is used as a secure peripheral in PSA FF tests */ - NRF_WDT0_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_WDT0), #endif #ifdef NRF_WDT - NRF_WDT_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_WDT), #endif #endif /* PSA_API_TEST_IPC */ #ifdef NRF_WDT1 - NRF_WDT1_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_WDT1), #endif /* The following peripherals share ID: * - COMP * - LPCOMP */ #ifdef NRF_COMP - NRF_COMP_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_COMP), #endif - NRF_EGU0_S_BASE, - NRF_EGU1_S_BASE, - NRF_EGU2_S_BASE, - NRF_EGU3_S_BASE, - NRF_EGU4_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_EGU0), + NRFX_PERIPHERAL_ID_GET(NRF_EGU1), + NRFX_PERIPHERAL_ID_GET(NRF_EGU2), + NRFX_PERIPHERAL_ID_GET(NRF_EGU3), + NRFX_PERIPHERAL_ID_GET(NRF_EGU4), #ifndef PSA_API_TEST_IPC /* EGU5 is used as a secure peripheral in PSA FF tests */ - NRF_EGU5_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_EGU5), #endif - NRF_PWM0_S_BASE, - NRF_PWM1_S_BASE, - NRF_PWM2_S_BASE, - NRF_PWM3_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_PWM0), + NRFX_PERIPHERAL_ID_GET(NRF_PWM1), + NRFX_PERIPHERAL_ID_GET(NRF_PWM2), + NRFX_PERIPHERAL_ID_GET(NRF_PWM3), #ifdef NRF_PDM - NRF_PDM_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_PDM), #endif #ifdef NRF_PDM0 - NRF_PDM0_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_PDM0), #endif #ifdef NRF_I2S - NRF_I2S_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_I2S), #endif #ifdef NRF_I2S0 - NRF_I2S0_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_I2S0), #endif - NRF_IPC_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_IPC), #ifndef SECURE_QSPI #ifdef NRF_QSPI - NRF_QSPI_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_QSPI), #endif #endif #ifdef NRF_NFCT - NRF_NFCT_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_NFCT), #endif #ifdef NRF_MUTEX - NRF_MUTEX_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_MUTEX), #endif #ifdef NRF_QDEC0 - NRF_QDEC0_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_QDEC0), #endif #ifdef NRF_QDEC1 - NRF_QDEC1_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_QDEC1), #endif #ifdef NRF_USBD - NRF_USBD_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_USBD), #endif #ifdef NRF_USBREGULATOR - NRF_USBREGULATOR_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_USBREGULATOR), #endif - NRF_NVMC_S_BASE, - NRF_P0_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_NVMC), + NRFX_PERIPHERAL_ID_GET(NRF_P0), #ifdef NRF_P1 - NRF_P1_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_P1), #endif + NRFX_PERIPHERAL_ID_GET(NRF_VMC), }; for (int i = 0; i < ARRAY_SIZE(target_peripherals); i++) { spu_peripheral_config_non_secure(target_peripherals[i], SPU_LOCK_CONF_UNLOCKED); } +#endif /* Moonlight */ + /* DPPI channel configuration */ - spu_dppi_config_non_secure(TFM_PERIPHERAL_DPPI_CHANNEL_MASK_SECURE, SPU_LOCK_CONF_LOCKED); + dppi_channel_configuration(); /* GPIO pin configuration */ - spu_gpio_config_non_secure(0, TFM_PERIPHERAL_GPIO0_PIN_MASK_SECURE, SPU_LOCK_CONF_LOCKED); + uint32_t secure_pins[] = { + TFM_PERIPHERAL_GPIO0_PIN_MASK_SECURE, #ifdef TFM_PERIPHERAL_GPIO1_PIN_MASK_SECURE - spu_gpio_config_non_secure(1, TFM_PERIPHERAL_GPIO1_PIN_MASK_SECURE, SPU_LOCK_CONF_LOCKED); + TFM_PERIPHERAL_GPIO1_PIN_MASK_SECURE, +#endif +#ifdef TFM_PERIPHERAL_GPIO2_PIN_MASK_SECURE + TFM_PERIPHERAL_GPIO2_PIN_MASK_SECURE, +#endif + }; + + /* Note that there are two different API's for SPU configuration */ +#if NRF_SPU_HAS_MEMORY + + for(int port = 0; port < ARRAY_SIZE(secure_pins); port++){ + nrf_spu_gpio_config_set(NRF_SPU, port, secure_pins[port], SPU_LOCK_CONF_LOCKED); + } + +#elif NRF_SPU_HAS_PERIPHERAL_ACCESS + + for(int port = 0; port < ARRAY_SIZE(secure_pins); port++) { + for (int pin = 0; pin < 32; pin++) { + if (secure_pins[port] & (1 << pin)) { + bool enable = true; // secure + + /* + * Unfortunately, NRF_P0 is not configured by NRF_SPU00, etc. + * so it is a bit convoluted to find the SPU instance for port x. + */ + uint32_t gpio_port_addr[2] = { + NRF_P0_S_BASE, + NRF_P1_S_BASE, + }; + + NRF_SPU_Type * spu_instance = spu_instance_from_peripheral_addr(gpio_port_addr[port]); + + nrf_spu_feature_secattr_set(spu_instance, NRF_SPU_FEATURE_GPIO_PIN, port, pin, enable); + nrf_spu_feature_lock_enable(spu_instance, NRF_SPU_FEATURE_GPIO_PIN, port, pin); + } + } + } +#else +#error "Expected either NRF_SPU_HAS_MEMORY or NRF_SPU_HAS_PERIPHERAL_ACCESS to be true" #endif -#ifdef NRF53_SERIES /* Configure properly the XL1 and XL2 pins so that the low-frequency crystal * oscillator (LFXO) can be used. * This configuration can be done only from secure code, as otherwise those * register fields are not accessible. That's why it is placed here. */ -#if defined(CONFIG_SOC_ENABLE_LFXO) && CONFIG_SOC_ENABLE_LFXO == 1 -/* CONFIG_SOC_ENABLE_LFXO doesn't exist for 54L15 target, might be changed in future */ +#ifdef NRF53_SERIES nrf_gpio_pin_control_select(PIN_XL1, NRF_GPIO_PIN_SEL_PERIPHERAL); nrf_gpio_pin_control_select(PIN_XL2, NRF_GPIO_PIN_SEL_PERIPHERAL); #endif /* CONFIG_SOC_ENABLE_LFXO */ +#endif +#ifdef NRF54L15_ENGA_XXAA + /* NRF54L has a different define */ + nrf_gpio_pin_control_select(PIN_XL1, NRF_GPIO_PIN_SEL_GPIO); + nrf_gpio_pin_control_select(PIN_XL2, NRF_GPIO_PIN_SEL_GPIO); #endif /* @@ -963,9 +1488,52 @@ static const uint32_t target_peripherals[] = { #if defined(NVMC_FEATURE_CACHE_PRESENT) // From MDK nrfx_nvmc_icache_enable(); #elif defined(CACHE_PRESENT) // From MDK - NRF_CACHE->ENABLE = CACHE_ENABLE_ENABLE_Enabled; + +#ifdef NRF_CACHE + nrf_cache_enable(NRF_CACHE); +#endif +#ifdef NRF_ICACHE + nrf_cache_enable(NRF_ICACHE); +#endif +#ifdef NRF_DCACHE + nrf_cache_enable(NRF_DCACHE); #endif +#endif + +#ifdef RRAMC_PRESENT + nrfx_rramc_config_t config = NRFX_RRAMC_DEFAULT_CONFIG(WRITE_BUFFER_SIZE); + + config.mode_write = true; + +#if CONFIG_NRF_RRAM_READYNEXT_TIMEOUT_VALUE > 0 + config.preload_timeout_enable = true; + config.preload_timeout = CONFIG_NRF_RRAM_READYNEXT_TIMEOUT_VALUE; +#else + config.preload_timeout_enable = false; + config.preload_timeout = 0; +#endif + + /* Don't use an event handler until it's understood whether we + * want it or not + */ + nrfx_rramc_evt_handler_t handler = NULL; + + nrfx_err_t err = nrfx_rramc_init(&config, handler); + if(err != NRFX_SUCCESS && err != NRFX_ERROR_ALREADY) { + return err; + } +#endif /* RRAMC_PRESENT */ + +#ifdef NRF54L15_ENGA_XXAA + /* SOC configuration from Zephyr's soc.c. */ + int soc_err = nordicsemi_nrf54l_init(); + if(soc_err) { + return soc_err; + } +#endif + +#if NRF_SPU_HAS_MEMORY /* Enforce that the nRF5340 Network MCU is in the Non-Secure * domain. Non-secure is the HW reset value for the network core * so configuring this should not be necessary, but we want to @@ -974,6 +1542,7 @@ static const uint32_t target_peripherals[] = { * it doesn't get changed by accident. */ nrf_spu_extdomain_set(NRF_SPU, 0, false, true); +#endif return TFM_PLAT_ERR_SUCCESS; } diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.h b/platform/ext/target/nordic_nrf/common/core/target_cfg.h index 0081c03d2..aea09bece 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.h +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.h @@ -35,20 +35,31 @@ #include "tfm_plat_defs.h" #include "region_defs.h" -// TODO: NCSDK-25009: Support configuring which UART is used by TF-M on nrf54L - -#ifndef NRF_SECURE_UART_INSTANCE -#define TFM_DRIVER_STDIO Driver_USART1 -#elif NRF_SECURE_UART_INSTANCE == 0 +#if NRF_SECURE_UART_INSTANCE == 0 #define TFM_DRIVER_STDIO Driver_USART0 #elif NRF_SECURE_UART_INSTANCE == 1 #define TFM_DRIVER_STDIO Driver_USART1 +#elif NRF_SECURE_UART_INSTANCE == 00 +#define TFM_DRIVER_STDIO Driver_USART00 +#elif NRF_SECURE_UART_INSTANCE == 20 +#define TFM_DRIVER_STDIO Driver_USART20 +#elif NRF_SECURE_UART_INSTANCE == 21 +#define TFM_DRIVER_STDIO Driver_USART21 #elif NRF_SECURE_UART_INSTANCE == 22 #define TFM_DRIVER_STDIO Driver_USART22 +#elif NRF_SECURE_UART_INSTANCE == 30 +#define TFM_DRIVER_STDIO Driver_USART30 #endif +/* Only UART20 and UART30 are supported for TF-M tests, which are the + * Non-secure applications build via the TF-M build system + */ #ifdef NRF54L15_ENGA_XXAA +#if NRF_SECURE_UART_INSTANCE == 20 +#define NS_DRIVER_STDIO Driver_USART30 +#else #define NS_DRIVER_STDIO Driver_USART20 +#endif #else #define NS_DRIVER_STDIO Driver_USART0 #endif @@ -102,11 +113,6 @@ enum tfm_plat_err_t spu_init_cfg(void); */ enum tfm_plat_err_t spu_periph_init_cfg(void); -/** - * \brief Clears SPU interrupt. - */ -void spu_clear_irq(void); - /** * \brief Configures memory permissions via the MPC. * diff --git a/platform/ext/target/nordic_nrf/common/core/tfm_hal_isolation.c b/platform/ext/target/nordic_nrf/common/core/tfm_hal_isolation.c index e9a01daf5..33b1d0376 100644 --- a/platform/ext/target/nordic_nrf/common/core/tfm_hal_isolation.c +++ b/platform/ext/target/nordic_nrf/common/core/tfm_hal_isolation.c @@ -50,9 +50,16 @@ enum tfm_hal_status_t tfm_hal_set_up_static_boundaries( /* Set up isolation boundaries between SPE and NSPE */ sau_and_idau_cfg(); +#if NRF_SPU_HAS_MEMORY if (spu_init_cfg() != TFM_PLAT_ERR_SUCCESS) { return TFM_HAL_ERROR_GENERIC; } +#else + /* If the SPU doesn't configure MEMORY on this platform then the NRF_MPC does */ + if (nrf_mpc_init_cfg() != TFM_PLAT_ERR_SUCCESS) { + return TFM_HAL_ERROR_GENERIC; + } +#endif if (spu_periph_init_cfg() != TFM_PLAT_ERR_SUCCESS) { return TFM_HAL_ERROR_GENERIC; diff --git a/platform/ext/target/nordic_nrf/common/core/tfm_hal_its_encryption_cracen.c b/platform/ext/target/nordic_nrf/common/core/tfm_hal_its_encryption_cracen.c new file mode 100644 index 000000000..3f2420ce5 --- /dev/null +++ b/platform/ext/target/nordic_nrf/common/core/tfm_hal_its_encryption_cracen.c @@ -0,0 +1,233 @@ +/* + * Copyright (c) 2023 Nordic Semiconductor ASA. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include + +#include "config_tfm.h" +#include "platform/include/tfm_hal_its_encryption.h" +#include "platform/include/tfm_hal_its.h" + +typedef uint64_t psa_drv_slot_number_t; +#include +#include + + +#define CHACHA20_KEY_SIZE 32 +#define TFM_ITS_AEAD_ALG PSA_ALG_CHACHA20_POLY1305 + + +/* Global encryption counter which resets per boot. The counter ensures that + * the nonce will not be identical for consecutive file writes during the same + * boot. + */ +static uint32_t g_enc_counter; + +/* The global nonce seed which is fetched once in every boot. The seed is used + * as part of the nonce and allows the platforms to diversify their nonces + * across resets. Note that the way that this seed is generated is platform + * specific, so the diversification is optional. + */ +static uint8_t g_enc_nonce_seed[TFM_ITS_ENC_NONCE_LENGTH - + sizeof(g_enc_counter)]; + +/* TFM_ITS_ENC_NONCE_LENGTH is configurable but this implementation expects + * the seed to be 8 bytes and the nonce length to be 12. + */ +#if TFM_ITS_ENC_NONCE_LENGTH != 12 +#error "This implementation only supports a ITS nonce of size 12" +#endif + +/* + * This implementation doesn't use monotonic counters, but therfore a 64 bit + * seed combined with a counter, that gets reset on each reboot. + * This still has the risk of getting a collision on the seed resulting in + * nonce's beeing the same after a reboot. + * It would still need 3.3x10^9 resets to get a collision with a probability of + * 0.25. + */ +enum tfm_hal_status_t tfm_hal_its_aead_generate_nonce(uint8_t *nonce, + const size_t nonce_size) +{ + if(nonce == NULL){ + return TFM_HAL_ERROR_INVALID_INPUT; + } + + if(nonce_size < sizeof(g_enc_nonce_seed) + sizeof(g_enc_counter)){ + return TFM_HAL_ERROR_INVALID_INPUT; + } + + /* To avoid wrap-around of the g_enc_counter and subsequent re-use of the + * nonce we check the counter value for its max value + */ + if(g_enc_counter == UINT32_MAX) { + return TFM_HAL_ERROR_GENERIC; + } + + if (g_enc_counter == 0) { + psa_status_t status = cracen_get_random(NULL, g_enc_nonce_seed, sizeof(g_enc_nonce_seed)); + if (status != PSA_SUCCESS) { + return TFM_HAL_ERROR_GENERIC; + } + } + + memcpy(nonce, g_enc_nonce_seed, sizeof(g_enc_nonce_seed)); + memcpy(nonce + sizeof(g_enc_nonce_seed), + &g_enc_counter, + sizeof(g_enc_counter)); + + g_enc_counter++; + + return TFM_HAL_SUCCESS; +} + +static bool ctx_is_valid(struct tfm_hal_its_auth_crypt_ctx *ctx) +{ + bool ret; + + if (ctx == NULL) { + return false; + } + + ret = (ctx->deriv_label == NULL && ctx->deriv_label_size != 0) || + (ctx->aad == NULL && ctx->add_size != 0) || + (ctx->nonce == NULL && ctx->nonce_size != 0); + + return !ret; +} + +psa_status_t tfm_hal_its_get_aead(struct tfm_hal_its_auth_crypt_ctx *ctx, + const uint8_t *input, + const size_t input_size, + uint8_t *output, + const size_t output_size, + uint8_t *tag, + const size_t tag_size, + bool encrypt) +{ + psa_status_t status; + uint8_t key_out[CHACHA20_KEY_SIZE]; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + cracen_aead_operation_t operation = {0}; + size_t out_length; + size_t tag_length = PSA_AEAD_TAG_LENGTH(PSA_KEY_TYPE_CHACHA20, + PSA_BYTES_TO_BITS(CHACHA20_KEY_SIZE), + TFM_ITS_AEAD_ALG); + + if (!ctx_is_valid(ctx) || tag == NULL) { + return TFM_HAL_ERROR_INVALID_INPUT; + } + + if(tag_size < tag_length){ + return TFM_HAL_ERROR_INVALID_INPUT; + } + + if (encrypt && (output_size < PSA_AEAD_UPDATE_OUTPUT_SIZE(PSA_KEY_TYPE_CHACHA20, + TFM_ITS_AEAD_ALG, + input_size))){ + return TFM_HAL_ERROR_INVALID_INPUT; + } + + status = hw_unique_key_derive_key(HUK_KEYSLOT_MKEK, NULL, 0, ctx->deriv_label, ctx->deriv_label_size, key_out, sizeof(key_out)); + if (status != HW_UNIQUE_KEY_SUCCESS) { + return TFM_HAL_ERROR_GENERIC; + } + + psa_set_key_usage_flags(&attributes, (PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT)); + psa_set_key_algorithm(&attributes, TFM_ITS_AEAD_ALG); + psa_set_key_type(&attributes, PSA_KEY_TYPE_CHACHA20); + psa_set_key_bits(&attributes, PSA_BYTES_TO_BITS(CHACHA20_KEY_SIZE)); + + if (encrypt) { + status = cracen_aead_encrypt_setup(&operation, &attributes, key_out, sizeof(key_out), TFM_ITS_AEAD_ALG); + } else { + status = cracen_aead_decrypt_setup(&operation, &attributes, key_out, sizeof(key_out), TFM_ITS_AEAD_ALG); + } + + if (status != PSA_SUCCESS) { + return status; + } + + status = cracen_aead_set_nonce(&operation, ctx->nonce, ctx->nonce_size); + if (status != PSA_SUCCESS) { + return status; + } + + status = cracen_aead_update_ad(&operation, ctx->aad, ctx->add_size); + if (status != PSA_SUCCESS) { + return status; + } + + status = cracen_aead_update(&operation, input, input_size, output, output_size, &out_length); + if (status != PSA_SUCCESS) { + return status; + } + + if (encrypt) { + status = cracen_aead_finish(&operation, output + out_length, output_size - out_length, &out_length, tag, tag_size, &tag_length); + } else { + status = cracen_aead_verify(&operation, output + out_length, output_size - out_length, &out_length , tag, tag_size); + } + + return status; +} + +enum tfm_hal_status_t tfm_hal_its_aead_encrypt(struct tfm_hal_its_auth_crypt_ctx *ctx, + const uint8_t *plaintext, + const size_t plaintext_size, + uint8_t *ciphertext, + const size_t ciphertext_size, + uint8_t *tag, + const size_t tag_size) +{ + psa_status_t status = tfm_hal_its_get_aead(ctx, + plaintext, + plaintext_size, + ciphertext, + ciphertext_size, + tag, + tag_size, + true); + if (status != PSA_SUCCESS) { + return TFM_HAL_ERROR_GENERIC; + } + + return TFM_HAL_SUCCESS; +} + +enum tfm_hal_status_t tfm_hal_its_aead_decrypt(struct tfm_hal_its_auth_crypt_ctx *ctx, + const uint8_t *ciphertext, + const size_t ciphertext_size, + uint8_t *tag, + const size_t tag_size, + uint8_t *plaintext, + const size_t plaintext_size) +{ + psa_status_t status = tfm_hal_its_get_aead(ctx, + ciphertext, + ciphertext_size, + plaintext, + plaintext_size, + tag, + tag_size, + false); + + if (status != PSA_SUCCESS) { + return TFM_HAL_ERROR_GENERIC; + } + + return TFM_HAL_SUCCESS; +} diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/CMakeLists.txt b/platform/ext/target/nordic_nrf/common/nrf54l15/CMakeLists.txt new file mode 100644 index 000000000..e093190b3 --- /dev/null +++ b/platform/ext/target/nordic_nrf/common/nrf54l15/CMakeLists.txt @@ -0,0 +1,51 @@ +#------------------------------------------------------------------------------- +# Copyright (c) 2020-2022, Arm Limited. All rights reserved. +# Copyright (c) 2020, Nordic Semiconductor ASA. +# +# SPDX-License-Identifier: BSD-3-Clause +# +#------------------------------------------------------------------------------- + +cmake_policy(SET CMP0076 NEW) +set(CMAKE_CURRENT_SOURCE_DIR ${CMAKE_CURRENT_LIST_DIR}) + +set(target nrf54l15) +add_subdirectory(../core nrf_common) + +#========================= Platform Secure ====================================# + +target_include_directories(platform_s + PUBLIC + . +) + +target_sources(platform_s + PRIVATE + ${HAL_NORDIC_PATH}/nrfx/mdk/system_nrf54l.c +) + +target_compile_definitions(platform_s + PUBLIC + NRF_SKIP_FICR_NS_COPY_TO_RAM +) + +#========================= tfm_spm ============================================# + +target_sources(tfm_spm + PRIVATE + $<$,$>:${CMAKE_CURRENT_SOURCE_DIR}/tfm_interrupts.c> +) + +#========================= Files for building NS side platform ================# + +install(FILES nrfx_config_nrf54l15_application.h + ns/CMakeLists.txt + config.cmake + cpuarch.cmake + DESTINATION ${INSTALL_PLATFORM_NS_DIR}/common/nrf54l15 +) + +install(DIRECTORY partition + tests + DESTINATION ${INSTALL_PLATFORM_NS_DIR}/common/nrf54l15 +) diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/config.cmake b/platform/ext/target/nordic_nrf/common/nrf54l15/config.cmake new file mode 100644 index 000000000..f81eafb02 --- /dev/null +++ b/platform/ext/target/nordic_nrf/common/nrf54l15/config.cmake @@ -0,0 +1,14 @@ +#------------------------------------------------------------------------------- +# Copyright (c) 2020, Nordic Semiconductor ASA. +# Copyright (c) 2020-2023, Arm Limited. All rights reserved. +# +# SPDX-License-Identifier: BSD-3-Clause +# +#------------------------------------------------------------------------------- + +include(${PLATFORM_PATH}/common/core/config.cmake) + +set(SECURE_UART30 ON CACHE BOOL "Enable secure UART") +set(NRF_NS_STORAGE OFF CACHE BOOL "Enable non-secure storage partition") +set(BL2 OFF CACHE BOOL "Whether to build BL2") +set(NRF_NS_SECONDARY OFF CACHE BOOL "Enable non-secure secondary partition") diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/cpuarch.cmake b/platform/ext/target/nordic_nrf/common/nrf54l15/cpuarch.cmake new file mode 100644 index 000000000..18c7fa920 --- /dev/null +++ b/platform/ext/target/nordic_nrf/common/nrf54l15/cpuarch.cmake @@ -0,0 +1,23 @@ +# +# Copyright (c) 2023, Nordic Semiconductor ASA. +# +# SPDX-License-Identifier: BSD-3-Clause +# + +# cpuarch.cmake is used to set things that related to the platform that are both +# immutable and global, which is to say they should apply to any kind of project +# that uses this platform. In practice this is normally compiler definitions and +# variables related to hardware. + +# Set architecture and CPU +set(TFM_SYSTEM_PROCESSOR cortex-m33) +set(TFM_SYSTEM_ARCHITECTURE armv8-m.main) +set(CONFIG_TFM_FP_ARCH "fpv5-sp-d16") + +add_compile_definitions( + NRF54L15_ENGA_XXAA # Required by nrf.h + NRF_APPLICATION + # SKIP configuring the SAU from the MDK as it does not fit TF-M's needs + NRF_SKIP_SAU_CONFIGURATION + NRF_SKIP_FICR_NS_COPY_TO_RAM +) diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/mmio_defs.h b/platform/ext/target/nordic_nrf/common/nrf54l15/mmio_defs.h new file mode 100644 index 000000000..ab6e099e8 --- /dev/null +++ b/platform/ext/target/nordic_nrf/common/nrf54l15/mmio_defs.h @@ -0,0 +1,100 @@ +/* + * Copyright (c) 2024 Nordic Semiconductor ASA + * + * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause + * + */ + +#ifndef __MMIO_DEFS_H__ +#define __MMIO_DEFS_H__ + +#ifdef __cplusplus +extern "C" { +#endif + +#include "handle_attr.h" +#include "tfm_peripherals_config.h" +#include "tfm_peripherals_def.h" +#include + +/* Allowed named MMIO of this platform */ +const uintptr_t partition_named_mmio_list[] = { +#if TFM_PERIPHERAL_TIMER00_SECURE + (uintptr_t)TFM_PERIPHERAL_TIMER00, +#endif +#if TFM_PERIPHERAL_TIMER10_SECURE + (uintptr_t)TFM_PERIPHERAL_TIMER10, +#endif +#if TFM_PERIPHERAL_TIMER20_SECURE + (uintptr_t)TFM_PERIPHERAL_TIMER20, +#endif +#if TFM_PERIPHERAL_TIMER21_SECURE + (uintptr_t)TFM_PERIPHERAL_TIMER21, +#endif +#if TFM_PERIPHERAL_TIMER22_SECURE + (uintptr_t)TFM_PERIPHERAL_TIMER22, +#endif +#if TFM_PERIPHERAL_TIMER23_SECURE + (uintptr_t)TFM_PERIPHERAL_TIMER23, +#endif +#if TFM_PERIPHERAL_TIMER24_SECURE + (uintptr_t)TFM_PERIPHERAL_TIMER24, +#endif +#if TFM_PERIPHERAL_SPIM00_SECURE + (uintptr_t)TFM_PERIPHERAL_SPIM00, +#endif +#if TFM_PERIPHERAL_SPIM20_SECURE + (uintptr_t)TFM_PERIPHERAL_SPIM20, +#endif +#if TFM_PERIPHERAL_SPIM21_SECURE + (uintptr_t)TFM_PERIPHERAL_SPIM21, +#endif +#if TFM_PERIPHERAL_SPIM22_SECURE + (uintptr_t)TFM_PERIPHERAL_SPIM22, +#endif +#if TFM_PERIPHERAL_SPIM23_SECURE + (uintptr_t)TFM_PERIPHERAL_SPIM23, +#endif +#if TFM_PERIPHERAL_SPIM30_SECURE + (uintptr_t)TFM_PERIPHERAL_SPIM30, +#endif +#if TFM_PERIPHERAL_EGU10_SECURE + (uintptr_t)TFM_PERIPHERAL_EGU10, +#endif +#if TFM_PERIPHERAL_EGU20_SECURE + (uintptr_t)TFM_PERIPHERAL_EGU20, +#endif +#if TFM_PERIPHERAL_PWM20_SECURE + (uintptr_t)TFM_PERIPHERAL_PWM20, +#endif +#if TFM_PERIPHERAL_PWM21_SECURE + (uintptr_t)TFM_PERIPHERAL_PWM21, +#endif +#if TFM_PERIPHERAL_PWM22_SECURE + (uintptr_t)TFM_PERIPHERAL_PWM22, +#endif +#if TFM_PERIPHERAL_PWM20_SECURE + (uintptr_t)TFM_PERIPHERAL_PWM20, +#endif +#if TFM_PERIPHERAL_UARTE00_SECURE + (uintptr_t)TFM_PERIPHERAL_UARTE00, +#endif +#if TFM_PERIPHERAL_UARTE20_SECURE + (uintptr_t)TFM_PERIPHERAL_UARTE20, +#endif +#if TFM_PERIPHERAL_UARTE21_SECURE + (uintptr_t)TFM_PERIPHERAL_UARTE21, +#endif +#if TFM_PERIPHERAL_UARTE22_SECURE + (uintptr_t)TFM_PERIPHERAL_UARTE22, +#endif +#if TFM_PERIPHERAL_UARTE30_SECURE + (uintptr_t)TFM_PERIPHERAL_UARTE30, +#endif +}; + +#ifdef __cplusplus +} +#endif + +#endif /* __MMIO_DEFS_H__ */ diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/nrfx_config_nrf54l15_application.h b/platform/ext/target/nordic_nrf/common/nrf54l15/nrfx_config_nrf54l15_application.h new file mode 100644 index 000000000..814f022b4 --- /dev/null +++ b/platform/ext/target/nordic_nrf/common/nrf54l15/nrfx_config_nrf54l15_application.h @@ -0,0 +1,74 @@ +/* + * Copyright (c) 2024 Nordic Semiconductor ASA + * + * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause + */ + +#ifndef NRFX_CONFIG_NRF54L15_APPLICATION_H__ +#define NRFX_CONFIG_NRF54L15_APPLICATION_H__ + +#ifndef NRFX_CONFIG_H__ +#error "This file should not be included directly. Include nrfx_config.h instead." +#endif + +/** + * @brief NRFX_DEFAULT_IRQ_PRIORITY + * + * Integer value. Minimum: 0 Maximum: 7 + */ +#ifndef NRFX_DEFAULT_IRQ_PRIORITY +#define NRFX_DEFAULT_IRQ_PRIORITY 7 +#endif + +/** + * @brief NRFX_UARTE_DEFAULT_CONFIG_IRQ_PRIORITY + * + * Integer value. Minimum: 0 Maximum: 7 + */ +#ifndef NRFX_UARTE_DEFAULT_CONFIG_IRQ_PRIORITY +#define NRFX_UARTE_DEFAULT_CONFIG_IRQ_PRIORITY NRFX_DEFAULT_IRQ_PRIORITY +#endif + +/** + * @brief NRFX_RRAMC_ENABLED + * + * Boolean. Accepted values: 0 and 1. + */ +#ifndef NRFX_RRAMC_ENABLED +#define NRFX_RRAMC_ENABLED 0 +#endif + +/** + * @brief NRFX_RRAMC_DEFAULT_CONFIG_IRQ_PRIORITY + * + * Integer value. Minimum: 0. Maximum: 7. + */ +#ifndef NRFX_RRAMC_DEFAULT_CONFIG_IRQ_PRIORITY +#define NRFX_RRAMC_DEFAULT_CONFIG_IRQ_PRIORITY NRFX_DEFAULT_IRQ_PRIORITY +#endif + +/** + * @brief NRFX_RRAMC_CONFIG_LOG_ENABLED + * + * Boolean. Accepted values: 0 and 1. + */ +#ifndef NRFX_RRAMC_CONFIG_LOG_ENABLED +#define NRFX_RRAMC_CONFIG_LOG_ENABLED 0 +#endif + +/** + * @brief NRFX_RRAMC_CONFIG_LOG_LEVEL + * + * Integer value. + * Supported values: + * - Off = 0 + * - Error = 1 + * - Warning = 2 + * - Info = 3 + * - Debug = 4 + */ +#ifndef NRFX_RRAMC_CONFIG_LOG_LEVEL +#define NRFX_RRAMC_CONFIG_LOG_LEVEL 3 +#endif + +#endif // NRFX_CONFIG_NRF54L15_APPLICATION_H__ diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/ns/CMakeLists.txt b/platform/ext/target/nordic_nrf/common/nrf54l15/ns/CMakeLists.txt new file mode 100644 index 000000000..94c6d7725 --- /dev/null +++ b/platform/ext/target/nordic_nrf/common/nrf54l15/ns/CMakeLists.txt @@ -0,0 +1,29 @@ +#------------------------------------------------------------------------------- +# Copyright (c) 2023, Arm Limited. All rights reserved. +# +# SPDX-License-Identifier: BSD-3-Clause +# +#------------------------------------------------------------------------------- + +cmake_policy(SET CMP0076 NEW) +set(CMAKE_CURRENT_SOURCE_DIR ${CMAKE_CURRENT_LIST_DIR}) + +set(target nrf54l15) +add_subdirectory(${CMAKE_CURRENT_LIST_DIR}/../core nrf_common) + +target_include_directories(platform_ns + PUBLIC + ${CMAKE_CURRENT_LIST_DIR} +) + +target_sources(platform_ns + PRIVATE + ${HAL_NORDIC_PATH}/nrfx/mdk/system_nrf54l.c +) + +target_compile_definitions(platform_ns + PUBLIC + NRF_TRUSTZONE_NONSECURE + NRF_SKIP_CLOCK_CONFIGURATION + DOMAIN_NS=1 +) diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/partition/flash_layout.h b/platform/ext/target/nordic_nrf/common/nrf54l15/partition/flash_layout.h new file mode 100644 index 000000000..08b90647e --- /dev/null +++ b/platform/ext/target/nordic_nrf/common/nrf54l15/partition/flash_layout.h @@ -0,0 +1,23 @@ +/* + * Copyright (c) 2018-2022 Arm Limited. All rights reserved. + * Copyright (c) 2020 Nordic Semiconductor ASA. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __FLASH_LAYOUT_H__ +#define __FLASH_LAYOUT_H__ + +#error "not supported yet" + +#endif /* __FLASH_LAYOUT_H__ */ diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/partition/region_defs.h b/platform/ext/target/nordic_nrf/common/nrf54l15/partition/region_defs.h new file mode 100755 index 000000000..212106c96 --- /dev/null +++ b/platform/ext/target/nordic_nrf/common/nrf54l15/partition/region_defs.h @@ -0,0 +1,23 @@ +/* + * Copyright (c) 2017-2022 Arm Limited. All rights reserved. + * Copyright (c) 2020 Nordic Semiconductor ASA. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __REGION_DEFS_H__ +#define __REGION_DEFS_H__ + +#include "flash_layout.h" + +#endif /* __REGION_DEFS_H__ */ diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/tests/psa_arch_tests_config.cmake b/platform/ext/target/nordic_nrf/common/nrf54l15/tests/psa_arch_tests_config.cmake new file mode 100644 index 000000000..88586c115 --- /dev/null +++ b/platform/ext/target/nordic_nrf/common/nrf54l15/tests/psa_arch_tests_config.cmake @@ -0,0 +1,9 @@ +#------------------------------------------------------------------------------- +# Copyright (c) 2023, Arm Limited. All rights reserved. +# +# SPDX-License-Identifier: BSD-3-Clause +# +#------------------------------------------------------------------------------- + +# Platform-specific configurations +set(PSA_API_TEST_TARGET "nrf54l15") diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/tfm_interrupts.c b/platform/ext/target/nordic_nrf/common/nrf54l15/tfm_interrupts.c new file mode 100644 index 000000000..b3bca1bfc --- /dev/null +++ b/platform/ext/target/nordic_nrf/common/nrf54l15/tfm_interrupts.c @@ -0,0 +1,320 @@ +/* + * Copyright (c) 2024 Nordic Semiconductor ASA + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ + +#include + +#include "cmsis.h" +#include "spm.h" +#include "tfm_hal_interrupt.h" +#include "tfm_peripherals_def.h" +#include "tfm_peripherals_config.h" +#include "load/interrupt_defs.h" +#include "interrupt.h" + +static enum tfm_hal_status_t irq_init(struct irq_t *irq, IRQn_Type irqn, + void * p_pt, + const struct irq_load_info_t *p_ildi) +{ + irq->p_ildi = p_ildi; + irq->p_pt = p_pt; + + NVIC_SetPriority(irqn, DEFAULT_IRQ_PRIORITY); + NVIC_ClearTargetState(irqn); + NVIC_DisableIRQ(irqn); + + return TFM_HAL_SUCCESS; +} + +#if TFM_PERIPHERAL_FPU_SECURE +static struct irq_t fpu_irq = {0}; + +void FPU_IRQHandler(void) +{ + spm_handle_interrupt(fpu_irq.p_pt, fpu_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_fpu_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&fpu_irq, TFM_FPU_IRQ, p_pt, p_ildi); +} +#endif + +#if TFM_PERIPHERAL_TIMER00_SECURE +static struct irq_t timer00_irq = {0}; + +void TIMER00_IRQHandler(void) +{ + spm_handle_interrupt(timer00_irq.p_pt, timer00_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_timer00_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&timer00_irq, TFM_TIMER00_IRQ, p_pt, p_ildi); +} +#endif + +#if TFM_PERIPHERAL_TIMER10_SECURE +static struct irq_t timer10_irq = {0}; + +void TIMER10_IRQHandler(void) +{ + spm_handle_interrupt(timer10_irq.p_pt, timer10_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_timer10_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&timer10_irq, TFM_TIMER10_IRQ, p_pt, p_ildi); +} +#endif + +#if TFM_PERIPHERAL_TIMER20_SECURE +static struct irq_t timer20_irq = {0}; + +void TIMER20_IRQHandler(void) +{ + spm_handle_interrupt(timer20_irq.p_pt, timer20_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_timer20_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&timer20_irq, TFM_TIMER20_IRQ, p_pt, p_ildi); +} +#endif + +#if TFM_PERIPHERAL_TIMER21_SECURE +static struct irq_t timer21_irq = {0}; + +void TIMER21_IRQHandler(void) +{ + spm_handle_interrupt(timer21_irq.p_pt, timer21_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_timer21_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&timer21_irq, TFM_TIMER21_IRQ, p_pt, p_ildi); +} +#endif + +#if TFM_PERIPHERAL_TIMER22_SECURE +static struct irq_t timer22_irq = {0}; + +void TIMER22_IRQHandler(void) +{ + spm_handle_interrupt(timer22_irq.p_pt, timer22_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_timer22_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&timer22_irq, TFM_TIMER22_IRQ, p_pt, p_ildi); +} +#endif + +#if TFM_PERIPHERAL_TIMER23_SECURE +static struct irq_t timer23_irq = {0}; + +void TIMER23_IRQHandler(void) +{ + spm_handle_interrupt(timer23_irq.p_pt, timer23_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_timer23_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&timer23_irq, TFM_TIMER23_IRQ, p_pt, p_ildi); +} +#endif + +#if TFM_PERIPHERAL_TIMER24_SECURE +static struct irq_t timer24_irq = {0}; + +void TIMER24_IRQHandler(void) +{ + spm_handle_interrupt(timer24_irq.p_pt, timer24_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_timer24_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&timer24_irq, TFM_TIMER24_IRQ, p_pt, p_ildi); +} +#endif + +/* By NRFX convention GPIOTE interrupt 1 targets secure, while 0 targets non-secure. */ +static struct irq_t gpiote20_1_irq = {0}; + +void GPIOTE20_1_IRQHandler(void) +{ + spm_handle_interrupt(gpiote20_1_irq.p_pt, gpiote20_1_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_gpiote20_1_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&gpiote20_1_irq, TFM_GPIOTE20_1_IRQ, p_pt, p_ildi); +} + +/* By NRFX convention GPIOTE interrupt 1 targets secure, while 0 targets non-secure. */ +static struct irq_t gpiote30_1_irq = {0}; + +void GPIOTE30_1_IRQHandler(void) +{ + spm_handle_interrupt(gpiote30_1_irq.p_pt, gpiote30_1_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_gpiote30_1_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&gpiote30_1_irq, TFM_GPIOTE30_1_IRQ, p_pt, p_ildi); +} + +#if TFM_PERIPHERAL_SPIM00_SECURE +static struct irq_t spim00_irq = {0}; + +void SPIM00_IRQHandler(void) +{ + spm_handle_interrupt(spim00_irq.p_pt, spim00_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_spim00_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&spim00_irq, TFM_SPIM00_IRQ, p_pt, p_ildi); +} +#endif + +#if TFM_PERIPHERAL_SPIM22_SECURE +static struct irq_t spim22_irq = {0}; + +void SPIM22_IRQHandler(void) +{ + spm_handle_interrupt(spim22_irq.p_pt, spim22_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_spim22_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&spim22_irq, TFM_SPIM22_IRQ, p_pt, p_ildi); +} +#endif + +#if TFM_PERIPHERAL_SPIM23_SECURE +static struct irq_t spim23_irq = {0}; + +void SPIM23_IRQHandler(void) +{ + spm_handle_interrupt(spim23_irq.p_pt, spim23_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_spim23_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&spim23_irq, TFM_SPIM23_IRQ, p_pt, p_ildi); +} +#endif + +#if TFM_PERIPHERAL_SPIM30_SECURE +static struct irq_t spim30_irq = {0}; + +void SPIM30_IRQHandler(void) +{ + spm_handle_interrupt(spim30_irq.p_pt, spim30_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_spim30_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&spim30_irq, TFM_SPIM30_IRQ, p_pt, p_ildi); +} +#endif + +#if TFM_PERIPHERAL_EGU10_SECURE +static struct irq_t egu10_irq = {0}; + +void EGU10_IRQHandler(void) +{ + spm_handle_interrupt(egu10_irq.p_pt, egu10_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_egu10_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&egu10_irq, TFM_EGU10_IRQ, p_pt, p_ildi); +} +#endif + +#if TFM_PERIPHERAL_EGU20_SECURE +static struct irq_t egu20_irq = {0}; + +void EGU20_IRQHandler(void) +{ + spm_handle_interrupt(egu20_irq.p_pt, egu20_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_egu20_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&egu20_irq, TFM_EGU20_IRQ, p_pt, p_ildi); +} +#endif + +#if TFM_PERIPHERAL_PWM20_SECURE +static struct irq_t pwm20_irq = {0}; + +void PWM20_IRQHandler(void) +{ + spm_handle_interrupt(pwm20_irq.p_pt, pwm20_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_pwm20_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&pwm20_irq, TFM_PWM20_IRQ, p_pt, p_ildi); +} +#endif + +#if TFM_PERIPHERAL_PWM21_SECURE +static struct irq_t pwm21_irq = {0}; + +void PWM21_IRQHandler(void) +{ + spm_handle_interrupt(pwm21_irq.p_pt, pwm21_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_pwm21_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&pwm21_irq, TFM_PWM21_IRQ, p_pt, p_ildi); +} +#endif + +#if TFM_PERIPHERAL_PWM22_SECURE +static struct irq_t pwm22_irq = {0}; + +void PWM22_IRQHandler(void) +{ + spm_handle_interrupt(pwm22_irq.p_pt, pwm22_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_pwm22_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&pwm22_irq, TFM_PWM22_IRQ, p_pt, p_ildi); +} +#endif + +#ifdef PSA_API_TEST_IPC +enum tfm_hal_status_t ff_test_uart_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +__attribute__((alias("tfm_egu10_irq_init"))); + +#endif diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/tfm_peripherals_config_nrf54l15.h b/platform/ext/target/nordic_nrf/common/nrf54l15/tfm_peripherals_config_nrf54l15.h new file mode 100644 index 000000000..12f3a003c --- /dev/null +++ b/platform/ext/target/nordic_nrf/common/nrf54l15/tfm_peripherals_config_nrf54l15.h @@ -0,0 +1,24 @@ + +#ifndef TFM_PERIPHERAL_TIMER00_SECURE +#define TFM_PERIPHERAL_TIMER00_SECURE 0 +#endif + +#ifndef TFM_PERIPHERAL_UARTE00_SECURE +#define TFM_PERIPHERAL_UARTE00_SECURE 0 +#endif + +#ifndef TFM_PERIPHERAL_UARTE20_SECURE +#define TFM_PERIPHERAL_UARTE20_SECURE 0 +#endif + +#ifndef TFM_PERIPHERAL_UARTE21_SECURE +#define TFM_PERIPHERAL_UARTE21_SECURE 0 +#endif + +#ifndef TFM_PERIPHERAL_UARTE22_SECURE +#define TFM_PERIPHERAL_UARTE22_SECURE 0 +#endif + +#ifndef TFM_PERIPHERAL_UARTE30_SECURE +#define TFM_PERIPHERAL_UARTE30_SECURE 0 +#endif diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/tfm_peripherals_def.h b/platform/ext/target/nordic_nrf/common/nrf54l15/tfm_peripherals_def.h new file mode 100644 index 000000000..77227a3fb --- /dev/null +++ b/platform/ext/target/nordic_nrf/common/nrf54l15/tfm_peripherals_def.h @@ -0,0 +1,124 @@ +/* + * Copyright (c) 2024 Nordic Semiconductor ASA + * + * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause + * + */ + +#ifndef __TFM_PERIPHERALS_DEF_H__ +#define __TFM_PERIPHERALS_DEF_H__ + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +#define TFM_FPU_IRQ (NRFX_IRQ_NUMBER_GET(NRF_FPU)) +#define TFM_TIMER00_IRQ (NRFX_IRQ_NUMBER_GET(NRF_TIMER00)) +#define TFM_TIMER10_IRQ (NRFX_IRQ_NUMBER_GET(NRF_TIMER10)) +#define TFM_TIMER20_IRQ (NRFX_IRQ_NUMBER_GET(NRF_TIMER20)) +#define TFM_TIMER21_IRQ (NRFX_IRQ_NUMBER_GET(NRF_TIMER21)) +#define TFM_TIMER22_IRQ (NRFX_IRQ_NUMBER_GET(NRF_TIMER22)) +#define TFM_TIMER23_IRQ (NRFX_IRQ_NUMBER_GET(NRF_TIMER23)) +#define TFM_TIMER24_IRQ (NRFX_IRQ_NUMBER_GET(NRF_TIMER24)) +#define TFM_SPIM00_IRQ (NRFX_IRQ_NUMBER_GET(NRF_SPIM00)) +#define TFM_SPIM20_IRQ (NRFX_IRQ_NUMBER_GET(NRF_SPIM20)) +#define TFM_SPIM21_IRQ (NRFX_IRQ_NUMBER_GET(NRF_SPIM21)) +#define TFM_SPIM22_IRQ (NRFX_IRQ_NUMBER_GET(NRF_SPIM22)) +#define TFM_SPIM23_IRQ (NRFX_IRQ_NUMBER_GET(NRF_SPIM23)) +#define TFM_SPIM30_IRQ (NRFX_IRQ_NUMBER_GET(NRF_SPIM30)) +#define TFM_EGU10_IRQ (NRFX_IRQ_NUMBER_GET(NRF_EGU10)) +#define TFM_EGU20_IRQ (NRFX_IRQ_NUMBER_GET(NRF_EGU20)) +#define TFM_GPIOTE20_1_IRQ GPIOTE20_1_IRQn +#define TFM_GPIOTE30_1_IRQ GPIOTE30_1_IRQn +#define TFM_PWM20_IRQ (NRFX_IRQ_NUMBER_GET(NRF_PWM20)) +#define TFM_PWM21_IRQ (NRFX_IRQ_NUMBER_GET(NRF_PWM21)) +#define TFM_PWM22_IRQ (NRFX_IRQ_NUMBER_GET(NRF_PWM22)) + +extern struct platform_data_t tfm_peripheral_timer00; +extern struct platform_data_t tfm_peripheral_timer10; +extern struct platform_data_t tfm_peripheral_timer20; +extern struct platform_data_t tfm_peripheral_timer21; +extern struct platform_data_t tfm_peripheral_timer22; +extern struct platform_data_t tfm_peripheral_timer23; +extern struct platform_data_t tfm_peripheral_timer24; +extern struct platform_data_t tfm_peripheral_spim00; +extern struct platform_data_t tfm_peripheral_spim20; +extern struct platform_data_t tfm_peripheral_spim21; +extern struct platform_data_t tfm_peripheral_spim22; +extern struct platform_data_t tfm_peripheral_spim23; +extern struct platform_data_t tfm_peripheral_spim30; +extern struct platform_data_t tfm_peripheral_egu10; +extern struct platform_data_t tfm_peripheral_egu20; +extern struct platform_data_t tfm_peripheral_gpiote20; +extern struct platform_data_t tfm_peripheral_gpiote30; +extern struct platform_data_t tfm_peripheral_pwm20; +extern struct platform_data_t tfm_peripheral_pwm21; +extern struct platform_data_t tfm_peripheral_pwm22; + +#define TFM_PERIPHERAL_TIMER00 (&tfm_peripheral_timer00) +#define TFM_PERIPHERAL_TIMER10 (&tfm_peripheral_timer10) +#define TFM_PERIPHERAL_TIMER20 (&tfm_peripheral_timer20) +#define TFM_PERIPHERAL_TIMER21 (&tfm_peripheral_timer21) +#define TFM_PERIPHERAL_TIMER22 (&tfm_peripheral_timer22) +#define TFM_PERIPHERAL_TIMER23 (&tfm_peripheral_timer23) +#define TFM_PERIPHERAL_TIMER24 (&tfm_peripheral_timer24) +#define TFM_PERIPHERAL_SPIM00 (&tfm_peripheral_spim00) +#define TFM_PERIPHERAL_SPIM20 (&tfm_peripheral_spim20) +#define TFM_PERIPHERAL_SPIM21 (&tfm_peripheral_spim21) +#define TFM_PERIPHERAL_SPIM22 (&tfm_peripheral_spim22) +#define TFM_PERIPHERAL_SPIM23 (&tfm_peripheral_spim23) +#define TFM_PERIPHERAL_SPIM30 (&tfm_peripheral_spim30) +#define TFM_PERIPHERAL_EGU10 (&tfm_peripheral_egu10) +#define TFM_PERIPHERAL_EGU20 (&tfm_peripheral_egu20) +#define TFM_PERIPHERAL_GPIOTE20 (&tfm_peripheral_gpiote20) +#define TFM_PERIPHERAL_GPIOTE30 (&tfm_peripheral_gpiote30) +#define TFM_PERIPHERAL_PWM20 (&tfm_peripheral_pwm20) +#define TFM_PERIPHERAL_PWM21 (&tfm_peripheral_pwm21) +#define TFM_PERIPHERAL_PWM22 (&tfm_peripheral_pwm22) + +/* + * Quantized default IRQ priority, the value is: + * (Number of configurable priority) / 4: (1UL << __NVIC_PRIO_BITS) / 4 + */ +#define DEFAULT_IRQ_PRIORITY (1UL << (__NVIC_PRIO_BITS - 2)) + +extern struct platform_data_t tfm_peripheral_uarte00; +extern struct platform_data_t tfm_peripheral_uarte20; +extern struct platform_data_t tfm_peripheral_uarte21; +extern struct platform_data_t tfm_peripheral_uarte22; +extern struct platform_data_t tfm_peripheral_uarte30; + +#define TFM_PERIPHERAL_UARTE00 (&tfm_peripheral_uarte00) +#define TFM_PERIPHERAL_UARTE20 (&tfm_peripheral_uarte20) +#define TFM_PERIPHERAL_UARTE21 (&tfm_peripheral_uarte21) +#define TFM_PERIPHERAL_UARTE22 (&tfm_peripheral_uarte22) +#define TFM_PERIPHERAL_UARTE30 (&tfm_peripheral_uarte30) + +#define TFM_PERIPHERAL_STD_UART TFM_PERIPHERAL_UARTE30 + +extern struct platform_data_t tfm_peripheral_uarte00; +extern struct platform_data_t tfm_peripheral_uarte20; +extern struct platform_data_t tfm_peripheral_uarte21; +extern struct platform_data_t tfm_peripheral_uarte22; +extern struct platform_data_t tfm_peripheral_uarte30; + +#define TFM_PERIPHERAL_UARTE00 (&tfm_peripheral_uarte00) +#define TFM_PERIPHERAL_UARTE20 (&tfm_peripheral_uarte20) +#define TFM_PERIPHERAL_UARTE21 (&tfm_peripheral_uarte21) +#define TFM_PERIPHERAL_UARTE22 (&tfm_peripheral_uarte22) +#define TFM_PERIPHERAL_UARTE30 (&tfm_peripheral_uarte30) + +#define TFM_PERIPHERAL_STD_UART TFM_PERIPHERAL_UARTE30 + +#ifdef PSA_API_TEST_IPC +/* see other platforms when supporting this */ +#error "Not supported yet" +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* __TFM_PERIPHERALS_DEF_H__ */ diff --git a/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/CMakeLists.txt b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/CMakeLists.txt new file mode 100644 index 000000000..5cd4273e4 --- /dev/null +++ b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/CMakeLists.txt @@ -0,0 +1,31 @@ +#------------------------------------------------------------------------------- +# Copyright (c) 2023, Arm Limited. All rights reserved. +# +# SPDX-License-Identifier: BSD-3-Clause +# +#------------------------------------------------------------------------------- + +cmake_policy(SET CMP0076 NEW) +set(CMAKE_CURRENT_SOURCE_DIR ${CMAKE_CURRENT_LIST_DIR}) +set(NRF_BOARD_SELECTED True) + +add_library(platform_ns STATIC) + +# Get the value of HAL_NORDIC_PATH +include(${CMAKE_CURRENT_LIST_DIR}/common/core/config_nordic_nrf_spe.cmake) +add_subdirectory(${CMAKE_CURRENT_LIST_DIR}/common/nrf54l15 nrf54l15) + +target_include_directories(platform_ns + PUBLIC + ${CMAKE_CURRENT_LIST_DIR} +) + +target_link_libraries(platform_ns + PUBLIC + platform_region_defs +) + +target_include_directories(platform_region_defs + INTERFACE + ${CMAKE_CURRENT_LIST_DIR}/common/nrf54l15/partition +) diff --git a/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/cpuarch_ns.cmake b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/cpuarch_ns.cmake new file mode 100644 index 000000000..25f91fb54 --- /dev/null +++ b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/cpuarch_ns.cmake @@ -0,0 +1,10 @@ +#------------------------------------------------------------------------------- +# Copyright (c) 2023, Nordic Semiconductor ASA. +# +# SPDX-License-Identifier: BSD-3-Clause +#------------------------------------------------------------------------------- + +set(PLATFORM_DIR ${CMAKE_CURRENT_LIST_DIR}) +set(PLATFORM_PATH ${CMAKE_CURRENT_LIST_DIR}) + +include(${CMAKE_CURRENT_LIST_DIR}/common/nrf54l15/cpuarch.cmake) diff --git a/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tests/psa_arch_tests_config.cmake b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tests/psa_arch_tests_config.cmake new file mode 100644 index 000000000..327e36c66 --- /dev/null +++ b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tests/psa_arch_tests_config.cmake @@ -0,0 +1,8 @@ +#------------------------------------------------------------------------------- +# Copyright (c) 2023, Arm Limited. All rights reserved. +# +# SPDX-License-Identifier: BSD-3-Clause +# +#------------------------------------------------------------------------------- + +include(${PLATFORM_PATH}/common/nrf54l15/tests/psa_arch_tests_config.cmake) diff --git a/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tests/tfm_tests_config.cmake b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tests/tfm_tests_config.cmake new file mode 100644 index 000000000..619f1f92c --- /dev/null +++ b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tests/tfm_tests_config.cmake @@ -0,0 +1,8 @@ +#------------------------------------------------------------------------------- +# Copyright (c) 2023, Arm Limited. All rights reserved. +# +# SPDX-License-Identifier: BSD-3-Clause +# +#------------------------------------------------------------------------------- + +include(${PLATFORM_PATH}/common/core/tests/tfm_tests_config.cmake) diff --git a/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tfm_peripherals_config.h b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tfm_peripherals_config.h new file mode 100644 index 000000000..bc3301087 --- /dev/null +++ b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tfm_peripherals_config.h @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2021, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ + +#ifndef TFM_PERIPHERALS_CONFIG_H__ +#define TFM_PERIPHERALS_CONFIG_H__ + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef SECURE_UART30 +#define TFM_PERIPHERAL_UARTE30_SECURE 1 +#endiff + +#if TFM_PARTITION_SLIH_TEST || TFM_PARTITION_FLIH_TEST +#define TFM_PERIPHERAL_TIMER00_SECURE 1 +#endif + + +#if defined(NRF54L15_ENGA_XXAA) + #include +#else + #error "Unknown device." +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* TFM_PERIPHERAL_CONFIG_H__ */ diff --git a/secure_fw/partitions/protected_storage/crypto/ps_crypto_interface.c b/secure_fw/partitions/protected_storage/crypto/ps_crypto_interface.c index f508ff455..5b12275d0 100644 --- a/secure_fw/partitions/protected_storage/crypto/ps_crypto_interface.c +++ b/secure_fw/partitions/protected_storage/crypto/ps_crypto_interface.c @@ -18,10 +18,6 @@ #define PS_CRYPTO_AEAD_ALG PSA_ALG_GCM #endif -/* CMake can't handle round brackets for compile defines so PSA_ALG_HKDF(PSA_ALG_SHA_256) doesn't - * work, therefore we have to use a own defined for the C code where - * PSA_ALG_HKDF_PSA_ALG_SHA_256 gets translated to PSA_ALG_HKDF_PSA_ALG_SHA_256 - */ #if !defined(PS_CRYPTO_KDF_ALG) #define PS_CRYPTO_KDF_ALG PSA_ALG_HKDF(PSA_ALG_SHA_256) #endif From e6376051622272261f8a913a363c695d467777bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Thu, 5 Sep 2024 15:52:15 +0200 Subject: [PATCH 24/73] [nrf noup] tf-m: Enable support for external PSA core MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -This commit adds support for externally built PSA core in TF-M by checking for the CMake variable (cached) PSA_CRYPTO_EXTERNAL_CORE. By setting this define, then a platform-target file called external_core.cmake as well as external_core_install.cmake is called to allow for the following: - Early include of necessary replacement include folders - Support for using generated configuration files for TF-M build -This commit also tries to make psa_crypto_config and psa_crypto_library_config linked in first to ensure that certain folders are included as early as possible in the build Signed-off-by: Frank Audun Kvamtrø --- cmake/install.cmake | 61 +++++++------ cmake/spe-CMakeLists.cmake | 9 ++ interface/CMakeLists.txt | 9 ++ secure_fw/partitions/crypto/CMakeLists.txt | 86 +++++++++++++------ .../partitions/lib/runtime/CMakeLists.txt | 4 + .../protected_storage/CMakeLists.txt | 2 +- 6 files changed, 115 insertions(+), 56 deletions(-) diff --git a/cmake/install.cmake b/cmake/install.cmake index 0297080f1..b9d338602 100644 --- a/cmake/install.cmake +++ b/cmake/install.cmake @@ -75,33 +75,37 @@ if (TFM_PARTITION_INTERNAL_TRUSTED_STORAGE) endif() if (TFM_PARTITION_CRYPTO) - install(FILES ${INTERFACE_INC_DIR}/psa/README.rst - ${INTERFACE_INC_DIR}/psa/build_info.h - ${INTERFACE_INC_DIR}/psa/crypto.h - ${INTERFACE_INC_DIR}/psa/crypto_adjust_auto_enabled.h - ${INTERFACE_INC_DIR}/psa/crypto_adjust_config_key_pair_types.h - ${INTERFACE_INC_DIR}/psa/crypto_adjust_config_synonyms.h - ${INTERFACE_INC_DIR}/psa/crypto_builtin_composites.h - ${INTERFACE_INC_DIR}/psa/crypto_builtin_key_derivation.h - ${INTERFACE_INC_DIR}/psa/crypto_builtin_primitives.h - ${INTERFACE_INC_DIR}/psa/crypto_compat.h - ${INTERFACE_INC_DIR}/psa/crypto_driver_common.h - ${INTERFACE_INC_DIR}/psa/crypto_driver_contexts_composites.h - ${INTERFACE_INC_DIR}/psa/crypto_driver_contexts_key_derivation.h - ${INTERFACE_INC_DIR}/psa/crypto_driver_contexts_primitives.h - ${INTERFACE_INC_DIR}/psa/crypto_extra.h - ${INTERFACE_INC_DIR}/psa/crypto_legacy.h - ${INTERFACE_INC_DIR}/psa/crypto_platform.h - ${INTERFACE_INC_DIR}/psa/crypto_se_driver.h - ${INTERFACE_INC_DIR}/psa/crypto_sizes.h - ${INTERFACE_INC_DIR}/psa/crypto_struct.h - ${INTERFACE_INC_DIR}/psa/crypto_types.h - ${INTERFACE_INC_DIR}/psa/crypto_values.h - DESTINATION ${INSTALL_INTERFACE_INC_DIR}/psa) - install(FILES ${INTERFACE_INC_DIR}/tfm_crypto_defs.h - DESTINATION ${INSTALL_INTERFACE_INC_DIR}) - install(DIRECTORY ${INTERFACE_INC_DIR}/mbedtls - DESTINATION ${INSTALL_INTERFACE_INC_DIR}) + if(PSA_CRYPTO_EXTERNAL_CORE) + include(${TARGET_PLATFORM_PATH}/../external_core_install.cmake) + else() + install(FILES ${INTERFACE_INC_DIR}/psa/README.rst + ${INTERFACE_INC_DIR}/psa/build_info.h + ${INTERFACE_INC_DIR}/psa/crypto.h + ${INTERFACE_INC_DIR}/psa/crypto_adjust_auto_enabled.h + ${INTERFACE_INC_DIR}/psa/crypto_adjust_config_key_pair_types.h + ${INTERFACE_INC_DIR}/psa/crypto_adjust_config_synonyms.h + ${INTERFACE_INC_DIR}/psa/crypto_builtin_composites.h + ${INTERFACE_INC_DIR}/psa/crypto_builtin_key_derivation.h + ${INTERFACE_INC_DIR}/psa/crypto_builtin_primitives.h + ${INTERFACE_INC_DIR}/psa/crypto_compat.h + ${INTERFACE_INC_DIR}/psa/crypto_driver_common.h + ${INTERFACE_INC_DIR}/psa/crypto_driver_contexts_composites.h + ${INTERFACE_INC_DIR}/psa/crypto_driver_contexts_key_derivation.h + ${INTERFACE_INC_DIR}/psa/crypto_driver_contexts_primitives.h + ${INTERFACE_INC_DIR}/psa/crypto_extra.h + ${INTERFACE_INC_DIR}/psa/crypto_legacy.h + ${INTERFACE_INC_DIR}/psa/crypto_platform.h + ${INTERFACE_INC_DIR}/psa/crypto_se_driver.h + ${INTERFACE_INC_DIR}/psa/crypto_sizes.h + ${INTERFACE_INC_DIR}/psa/crypto_struct.h + ${INTERFACE_INC_DIR}/psa/crypto_types.h + ${INTERFACE_INC_DIR}/psa/crypto_values.h + DESTINATION ${INSTALL_INTERFACE_INC_DIR}/psa) + install(FILES ${INTERFACE_INC_DIR}/tfm_crypto_defs.h + DESTINATION ${INSTALL_INTERFACE_INC_DIR}) + install(DIRECTORY ${INTERFACE_INC_DIR}/mbedtls + DESTINATION ${INSTALL_INTERFACE_INC_DIR}) + endif() endif() if (TFM_PARTITION_INITIAL_ATTESTATION) @@ -284,10 +288,11 @@ else() ) endif() +# PSA_CRYPTO_EXTERNAL_CORE target_include_directories(psa_interface INTERFACE $ - ) +) install(EXPORT tfm-config FILE spe_export.cmake diff --git a/cmake/spe-CMakeLists.cmake b/cmake/spe-CMakeLists.cmake index cb0d36e98..959912cbd 100644 --- a/cmake/spe-CMakeLists.cmake +++ b/cmake/spe-CMakeLists.cmake @@ -34,6 +34,15 @@ target_sources(tfm_api_ns ) # Include interface headers exported by TF-M +if(PSA_CRYPTO_EXTERNAL_CORE) + include(${TARGET_PLATFORM_PATH}/../external_core.cmake) +else() + target_include_directories(tfm_api_ns + PUBLIC + ${INTERFACE_INC_DIR} + ) +endif() + target_include_directories(tfm_api_ns PUBLIC ${INTERFACE_INC_DIR} diff --git a/interface/CMakeLists.txt b/interface/CMakeLists.txt index 97711e8f2..94be57a12 100644 --- a/interface/CMakeLists.txt +++ b/interface/CMakeLists.txt @@ -19,6 +19,15 @@ configure_file(${CMAKE_CURRENT_SOURCE_DIR}/include/psa/framework_feature.h.in add_library(psa_interface INTERFACE) +if(PSA_CRYPTO_EXTERNAL_CORE) + include(${TARGET_PLATFORM_PATH}/../external_core.cmake) +else() + target_include_directories(psa_interface + INTERFACE + $ + ) +endif() + target_include_directories(psa_interface INTERFACE $ diff --git a/secure_fw/partitions/crypto/CMakeLists.txt b/secure_fw/partitions/crypto/CMakeLists.txt index 5197a7b52..5e333400b 100644 --- a/secure_fw/partitions/crypto/CMakeLists.txt +++ b/secure_fw/partitions/crypto/CMakeLists.txt @@ -7,30 +7,41 @@ ############################### PSA CRYPTO CONFIG ############################## # Make sure these are available even if the TFM_PARTITION_CRYPTO is not defined +add_library(psa_crypto_config INTERFACE) -# This defines the configuration files for the users of the client interface -set(TFM_MBEDCRYPTO_CONFIG_CLIENT_PATH ${TFM_MBEDCRYPTO_CONFIG_PATH}) -cmake_path(REMOVE_EXTENSION TFM_MBEDCRYPTO_CONFIG_CLIENT_PATH) -cmake_path(APPEND_STRING TFM_MBEDCRYPTO_CONFIG_CLIENT_PATH "_client.h") -add_library(psa_crypto_config INTERFACE) -target_compile_definitions(psa_crypto_config - INTERFACE - MBEDTLS_PSA_CRYPTO_CONFIG_FILE="${TFM_MBEDCRYPTO_PSA_CRYPTO_CONFIG_PATH}" - MBEDTLS_CONFIG_FILE="${TFM_MBEDCRYPTO_CONFIG_CLIENT_PATH}" -) # The following is required for tfm_plat_crypto_nv_seed.h target_include_directories(psa_crypto_config INTERFACE $ ) -# This defines the configuration files for the users of the library directly -add_library(psa_crypto_library_config INTERFACE) -target_compile_definitions(psa_crypto_library_config + +if(PSA_CRYPTO_EXTERNAL_CORE) + include(${TARGET_PLATFORM_PATH}/../external_core.cmake) +else() + #This defines the configuration files for the users of the client interface + set(TFM_MBEDCRYPTO_CONFIG_CLIENT_PATH ${TFM_MBEDCRYPTO_CONFIG_PATH}) + cmake_path(REMOVE_EXTENSION TFM_MBEDCRYPTO_CONFIG_CLIENT_PATH) + cmake_path(APPEND_STRING TFM_MBEDCRYPTO_CONFIG_CLIENT_PATH "_client.h") + + target_compile_definitions(psa_crypto_config INTERFACE MBEDTLS_PSA_CRYPTO_CONFIG_FILE="${TFM_MBEDCRYPTO_PSA_CRYPTO_CONFIG_PATH}" - MBEDTLS_CONFIG_FILE="${TFM_MBEDCRYPTO_CONFIG_PATH}" -) + MBEDTLS_CONFIG_FILE="${TFM_MBEDCRYPTO_CONFIG_CLIENT_PATH}" + ) +endif() + +# This defines the configuration files for the users of the library directly +add_library(psa_crypto_library_config INTERFACE) +if(PSA_CRYPTO_EXTERNAL_CORE) + include(${TARGET_PLATFORM_PATH}/../external_core.cmake) +else() + target_compile_definitions(psa_crypto_library_config + INTERFACE + MBEDTLS_PSA_CRYPTO_CONFIG_FILE="${TFM_MBEDCRYPTO_PSA_CRYPTO_CONFIG_PATH}" + MBEDTLS_CONFIG_FILE="${TFM_MBEDCRYPTO_CONFIG_PATH}" + ) +endif() if (NOT TFM_PARTITION_CRYPTO) return() @@ -71,13 +82,24 @@ target_sources(tfm_partitions ${CMAKE_BINARY_DIR}/generated/secure_fw/partitions/crypto/auto_generated/load_info_tfm_crypto.c ) + # Set include directory target_include_directories(tfm_psa_rot_partition_crypto PRIVATE - $ + #$ + ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_BINARY_DIR}/generated/secure_fw/partitions/crypto - $ ) + +if(PSA_CRYPTO_EXTERNAL_CORE) + include(${TARGET_PLATFORM_PATH}/../external_core.cmake) +else() + target_include_directories(tfm_psa_rot_partition_crypto + PRIVATE + $ + ) +endif() + target_include_directories(tfm_partitions INTERFACE ${CMAKE_BINARY_DIR}/generated/secure_fw/partitions/crypto @@ -113,19 +135,20 @@ target_link_libraries(tfm_config psa_crypto_config ) -############################### PSA CRYPTO CONFIG ############################## -add_library(psa_crypto_config INTERFACE) -# target_compile_definitions(psa_crypto_config -# INTERFACE -# MBEDTLS_PSA_CRYPTO_CONFIG_FILE="${TFM_MBEDCRYPTO_PSA_CRYPTO_CONFIG_PATH}" -# ) - ############################### MBEDCRYPTO ##################################### add_library(crypto_service_mbedcrypto_config INTERFACE) +if(PSA_CRYPTO_EXTERNAL_CORE) + include(${TARGET_PLATFORM_PATH}/../external_core.cmake) +else() + target_compile_definitions(crypto_service_mbedcrypto_config + INTERFACE + MBEDTLS_CONFIG_FILE="${TFM_MBEDCRYPTO_CONFIG_PATH}" + $<$:MBEDTLS_USER_CONFIG_FILE="${TFM_MBEDCRYPTO_PLATFORM_EXTRA_CONFIG_PATH}"> + ) +endif() target_compile_definitions(crypto_service_mbedcrypto_config INTERFACE - $<$:MBEDTLS_USER_CONFIG_FILE="${TFM_MBEDCRYPTO_PLATFORM_EXTRA_CONFIG_PATH}"> # Workaround for https://github.com/ARMmbed/mbedtls/issues/1077 $<$,$>:MULADDC_CANNOT_USE_R7> $<$:PLATFORM_DEFAULT_NV_SEED> @@ -173,10 +196,19 @@ target_include_directories(${MBEDTLS_TARGET_PREFIX}mbedcrypto PUBLIC ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_SOURCE_DIR}/psa_driver_api - # The following is required for psa/error.h - $ ) +if(PSA_CRYPTO_EXTERNAL_CORE) + include(${TARGET_PLATFORM_PATH}/../external_core.cmake) +else() + target_include_directories(${MBEDTLS_TARGET_PREFIX}mbedcrypto + PUBLIC + # The following is required for psa/error.h + $ + ) +endif() + + # Fix platform_s and crypto_service_mbedcrypto libraries cyclic linking set_target_properties(${MBEDTLS_TARGET_PREFIX}mbedcrypto PROPERTIES LINK_INTERFACE_MULTIPLICITY 3) diff --git a/secure_fw/partitions/lib/runtime/CMakeLists.txt b/secure_fw/partitions/lib/runtime/CMakeLists.txt index 7a626b961..c29561764 100644 --- a/secure_fw/partitions/lib/runtime/CMakeLists.txt +++ b/secure_fw/partitions/lib/runtime/CMakeLists.txt @@ -16,6 +16,10 @@ target_include_directories(tfm_sprt ${CMAKE_SOURCE_DIR}/secure_fw/include ) +if(PSA_CRYPTO_EXTERNAL_CORE) + include(${TARGET_PLATFORM_PATH}/../external_core.cmake) +endif() + target_sources(tfm_sprt PUBLIC $<$:${CMAKE_SOURCE_DIR}/platform/ext/common/syscalls_stub.c> diff --git a/secure_fw/partitions/protected_storage/CMakeLists.txt b/secure_fw/partitions/protected_storage/CMakeLists.txt index 0cfedac08..bb6e5fcfe 100644 --- a/secure_fw/partitions/protected_storage/CMakeLists.txt +++ b/secure_fw/partitions/protected_storage/CMakeLists.txt @@ -75,11 +75,11 @@ target_sources(tfm_partitions target_link_libraries(tfm_app_rot_partition_ps PRIVATE + psa_crypto_config secure_fw platform_s tfm_config tfm_sprt - psa_crypto_config ) target_compile_definitions(tfm_app_rot_partition_ps From abc21271e995e6c100abecb0ede577119f509b01 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Thu, 5 Sep 2024 15:54:13 +0200 Subject: [PATCH 25/73] WIP: TF-M: Fixing deprecated autoconf.h includes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -This changes includes from autoconf.h to zephyr/autoconf.h as the former has been deprecated Signed-off-by: Frank Audun Kvamtrø --- .../target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c | 2 +- platform/ext/target/nordic_nrf/common/core/target_cfg.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c b/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c index 18c3aef32..2f10bcf6e 100644 --- a/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c +++ b/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c @@ -24,7 +24,7 @@ #include -#include +#include #if defined(NRF_NVMC_S) #include diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.c b/platform/ext/target/nordic_nrf/common/core/target_cfg.c index b2b1f1dff..496b151df 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.c +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.c @@ -24,7 +24,7 @@ #include "region.h" #include "array.h" -#include +#include #include #include From ccb7244d762f3e0d444377d05cd0f5675ddb68a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Wed, 18 Sep 2024 12:17:43 +0200 Subject: [PATCH 26/73] WIP: Fixing the last remaining issues for L15 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit will be reworked Signed-off-by: Frank Audun Kvamtrø --- .../nordic_nrf/common/core/native_drivers/spu.h | 13 +++++++++++++ .../core/services/src/tfm_platform_hal_ioctl.c | 1 - .../ext/target/nordic_nrf/common/core/target_cfg.c | 10 +++++----- secure_fw/partitions/crypto/CMakeLists.txt | 4 ++-- 4 files changed, 20 insertions(+), 8 deletions(-) diff --git a/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.h b/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.h index da7f9fc1f..59f53b7ba 100644 --- a/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.h +++ b/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.h @@ -256,4 +256,17 @@ uint32_t mpc_events_get(void); */ void mpc_clear_events(void); +/** + * Return the SPU instance that can be used to configure the + * peripheral at the given base address. + */ +static inline NRF_SPU_Type * spu_instance_from_peripheral_addr(uint32_t peripheral_addr) +{ + /* See the SPU chapter in the IPS for how this is calculated */ + + uint32_t apb_bus_number = peripheral_addr & 0x00FC0000; + + return (NRF_SPU_Type *)(0x50000000 | apb_bus_number); +} + #endif diff --git a/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c b/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c index 87a9c4c27..8cfa2ecda 100644 --- a/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c +++ b/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c @@ -107,7 +107,6 @@ static bool valid_mcu_select(uint32_t mcu) case NRF_GPIO_PIN_SEL_GPIO: case NRF_GPIO_PIN_SEL_VPR: case NRF_GPIO_PIN_SEL_GRTC: - case NRF_GPIO_PIN_SEL_TND: #else case NRF_GPIO_PIN_SEL_APP: case NRF_GPIO_PIN_SEL_NETWORK: diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.c b/platform/ext/target/nordic_nrf/common/core/target_cfg.c index 496b151df..073525e74 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.c +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.c @@ -1312,7 +1312,8 @@ static const uint8_t target_peripherals[] = { */ #if !(defined(SECURE_UART1) && NRF_SECURE_UART_INSTANCE == 0) NRFX_PERIPHERAL_ID_GET(NRF_SPIM0), -#ifndef SECURE_UART1 +#endif +#if !(defined(SECURE_UART1) && NRF_SECURE_UART_INSTANCE == 1) /* UART1 is a secure peripheral, so we need to leave Serial-Box 1 as Secure */ NRFX_PERIPHERAL_ID_GET(NRF_SPIM1), #endif @@ -1396,12 +1397,12 @@ static const uint8_t target_peripherals[] = { #endif #ifdef NRF_USBREGULATOR NRFX_PERIPHERAL_ID_GET(NRF_USBREGULATOR), -#endif +#endif /* NRF_USBREGULATOR */ NRFX_PERIPHERAL_ID_GET(NRF_NVMC), NRFX_PERIPHERAL_ID_GET(NRF_P0), #ifdef NRF_P1 NRFX_PERIPHERAL_ID_GET(NRF_P1), -#endif +#endif /*NRF_P1 */ NRFX_PERIPHERAL_ID_GET(NRF_VMC), }; @@ -1409,7 +1410,7 @@ static const uint8_t target_peripherals[] = { spu_peripheral_config_non_secure(target_peripherals[i], SPU_LOCK_CONF_UNLOCKED); } -#endif /* Moonlight */ +#endif /* NRF54L15_ENGA_XXAA */ /* DPPI channel configuration */ dppi_channel_configuration(); @@ -1468,7 +1469,6 @@ static const uint8_t target_peripherals[] = { nrf_gpio_pin_control_select(PIN_XL1, NRF_GPIO_PIN_SEL_PERIPHERAL); nrf_gpio_pin_control_select(PIN_XL2, NRF_GPIO_PIN_SEL_PERIPHERAL); #endif /* CONFIG_SOC_ENABLE_LFXO */ -#endif #ifdef NRF54L15_ENGA_XXAA /* NRF54L has a different define */ nrf_gpio_pin_control_select(PIN_XL1, NRF_GPIO_PIN_SEL_GPIO); diff --git a/secure_fw/partitions/crypto/CMakeLists.txt b/secure_fw/partitions/crypto/CMakeLists.txt index 5e333400b..6456c45c5 100644 --- a/secure_fw/partitions/crypto/CMakeLists.txt +++ b/secure_fw/partitions/crypto/CMakeLists.txt @@ -192,8 +192,8 @@ if(NOT TARGET ${MBEDTLS_TARGET_PREFIX}mbedcrypto) Hint: The command might be `cd ${MBEDCRYPTO_PATH} && git apply ${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/*.patch`") endif() -target_include_directories(${MBEDTLS_TARGET_PREFIX}mbedcrypto - PUBLIC +target_include_directories(psa_crypto_library_config + INTERFACE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_SOURCE_DIR}/psa_driver_api ) From 4392e16321fda5f9a290e0ce983881f40ca95e9d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Sat, 21 Sep 2024 14:57:20 +0200 Subject: [PATCH 27/73] [nrf noup] attestation: Prevent errors of multiple defs of ARRAY_LENGTH MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -The macro ARRAY_LENGTH is defined without checking if there is already a definition. This commit can be reverted once the proposed fix is handled upstream -This fixes ARRAY_LENGTH in s_io_sorage_tests.c Signed-off-by: Frank Audun Kvamtrø --- .../arm/corstone1000/ci_regression_tests/s_io_storage_test.c | 2 ++ secure_fw/partitions/initial_attestation/attest_core.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/platform/ext/target/arm/corstone1000/ci_regression_tests/s_io_storage_test.c b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_io_storage_test.c index f8be384a7..e5a9ab3bc 100644 --- a/platform/ext/target/arm/corstone1000/ci_regression_tests/s_io_storage_test.c +++ b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_io_storage_test.c @@ -14,7 +14,9 @@ #include "io_flash.h" #include "tfm_sp_log.h" +#ifndef ARRAY_LENGTH #define ARRAY_LENGTH(array) (sizeof(array) / sizeof(*(array))) +#endif extern ARM_DRIVER_FLASH Driver_FLASH0; extern ARM_DRIVER_FLASH Driver_TEST_FLASH; diff --git a/secure_fw/partitions/initial_attestation/attest_core.c b/secure_fw/partitions/initial_attestation/attest_core.c index f58715ac7..8262dec18 100644 --- a/secure_fw/partitions/initial_attestation/attest_core.c +++ b/secure_fw/partitions/initial_attestation/attest_core.c @@ -23,7 +23,9 @@ #include "tfm_crypto_defs.h" #include "tfm_sp_log.h" +#ifndef ARRAY_LENGTH #define ARRAY_LENGTH(array) (sizeof(array) / sizeof(*(array))) +#endif /*! * \brief Static function to map return values between \ref psa_attest_err_t From 6d6229ad0f637e5aa40bca961399ae481e76c68e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Thu, 26 Sep 2024 09:50:11 +0200 Subject: [PATCH 28/73] WIP: Adding the previous methodology of using base addresses MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -The upstream code is using peripheral-ids, but is lacking the ability to resolve SPU entries for the peripheral. This WIP commit sets it back to the way it is in sdk-trusted-firmware-m prior to TF-M 2.1.0 Signed-off-by: Frank Audun Kvamtrø --- .../nordic_nrf/common/core/target_cfg.c | 142 ++++++++++++------ 1 file changed, 94 insertions(+), 48 deletions(-) diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.c b/platform/ext/target/nordic_nrf/common/core/target_cfg.c index 073525e74..953d63710 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.c +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.c @@ -1280,25 +1280,28 @@ enum tfm_plat_err_t spu_periph_init_cfg(void) */ spu_peripheral_config_secure(NRF_REGULATORS_S_BASE, SPU_LOCK_CONF_LOCKED); #else -static const uint8_t target_peripherals[] = { +static const uint32_t target_peripherals[] = { /* The following peripherals share ID: * - FPU (FPU cannot be configured in NRF91 series, it's always NS) * - DCNF (On 53, but not 91) */ #ifndef NRF91_SERIES - NRFX_PERIPHERAL_ID_GET(NRF_FPU), + //NRFX_PERIPHERAL_ID_GET(NRF_FPU), + NRF_FPU_S_BASE, #endif /* The following peripherals share ID: * - REGULATORS * - OSCILLATORS */ - NRFX_PERIPHERAL_ID_GET(NRF_REGULATORS), + //NRFX_PERIPHERAL_ID_GET(NRF_REGULATORS), + NRF_REGULATORS_S_BASE, /* The following peripherals share ID: * - CLOCK * - POWER * - RESET (On 53, but not 91) */ - NRFX_PERIPHERAL_ID_GET(NRF_CLOCK), + //NRFX_PERIPHERAL_ID_GET(NRF_CLOCK), + NRF_CLOCK_S_BASE, /* The following peripherals share ID: (referred to as Serial-Box) * - SPIMx * - SPISx @@ -1311,99 +1314,142 @@ static const uint8_t target_peripherals[] = { * The UART Driver will configure it as non-secure when it uninitializes. */ #if !(defined(SECURE_UART1) && NRF_SECURE_UART_INSTANCE == 0) - NRFX_PERIPHERAL_ID_GET(NRF_SPIM0), + //NRFX_PERIPHERAL_ID_GET(NRF_SPIM0), + NRF_SPIM0_S_BASE, #endif #if !(defined(SECURE_UART1) && NRF_SECURE_UART_INSTANCE == 1) /* UART1 is a secure peripheral, so we need to leave Serial-Box 1 as Secure */ - NRFX_PERIPHERAL_ID_GET(NRF_SPIM1), + //NRFX_PERIPHERAL_ID_GET(NRF_SPIM1), + NRF_SPIM1_S_BASE, #endif - NRFX_PERIPHERAL_ID_GET(NRF_SPIM2), - NRFX_PERIPHERAL_ID_GET(NRF_SPIM3), - + //NRFX_PERIPHERAL_ID_GET(NRF_SPIM2), + //NRFX_PERIPHERAL_ID_GET(NRF_SPIM3), + NRF_SPIM2_S_BASE, + NRF_SPIM3_S_BASE, #ifdef NRF_SPIM4 - NRFX_PERIPHERAL_ID_GET(NRF_SPIM4), -#endif - NRFX_PERIPHERAL_ID_GET(NRF_SAADC), - NRFX_PERIPHERAL_ID_GET(NRF_TIMER0), - NRFX_PERIPHERAL_ID_GET(NRF_TIMER1), - NRFX_PERIPHERAL_ID_GET(NRF_TIMER2), - NRFX_PERIPHERAL_ID_GET(NRF_RTC0), - NRFX_PERIPHERAL_ID_GET(NRF_RTC1), - NRFX_PERIPHERAL_ID_GET(NRF_DPPIC), + //NRFX_PERIPHERAL_ID_GET(NRF_SPIM4), + NRF_SPIM4_S_BASE, +#endif + //NRFX_PERIPHERAL_ID_GET(NRF_SAADC), + //NRFX_PERIPHERAL_ID_GET(NRF_TIMER0), + //NRFX_PERIPHERAL_ID_GET(NRF_TIMER1), + //NRFX_PERIPHERAL_ID_GET(NRF_TIMER2), + //NRFX_PERIPHERAL_ID_GET(NRF_RTC0), + //NRFX_PERIPHERAL_ID_GET(NRF_RTC1), + //NRFX_PERIPHERAL_ID_GET(NRF_DPPIC), + NRF_SAADC_S_BASE, + NRF_TIMER0_S_BASE, + NRF_TIMER1_S_BASE, + NRF_TIMER2_S_BASE, + NRF_RTC0_S_BASE, + NRF_RTC1_S_BASE, + NRF_DPPIC_S_BASE, #ifndef PSA_API_TEST_IPC #ifdef NRF_WDT0 /* WDT0 is used as a secure peripheral in PSA FF tests */ - NRFX_PERIPHERAL_ID_GET(NRF_WDT0), + //NRFX_PERIPHERAL_ID_GET(NRF_WDT0), + NRF_WDT0_S_BASE, #endif #ifdef NRF_WDT - NRFX_PERIPHERAL_ID_GET(NRF_WDT), + //NRFX_PERIPHERAL_ID_GET(NRF_WDT), + NRF_WDT_S_BASE, #endif #endif /* PSA_API_TEST_IPC */ #ifdef NRF_WDT1 - NRFX_PERIPHERAL_ID_GET(NRF_WDT1), + //NRFX_PERIPHERAL_ID_GET(NRF_WDT1), + NRF_WDT1_S_BASE, #endif /* The following peripherals share ID: * - COMP * - LPCOMP */ #ifdef NRF_COMP - NRFX_PERIPHERAL_ID_GET(NRF_COMP), + //NRFX_PERIPHERAL_ID_GET(NRF_COMP), + NRF_COMP_S_BASE, #endif - NRFX_PERIPHERAL_ID_GET(NRF_EGU0), - NRFX_PERIPHERAL_ID_GET(NRF_EGU1), - NRFX_PERIPHERAL_ID_GET(NRF_EGU2), - NRFX_PERIPHERAL_ID_GET(NRF_EGU3), - NRFX_PERIPHERAL_ID_GET(NRF_EGU4), + //NRFX_PERIPHERAL_ID_GET(NRF_EGU0), + //NRFX_PERIPHERAL_ID_GET(NRF_EGU1), + //NRFX_PERIPHERAL_ID_GET(NRF_EGU2), + //NRFX_PERIPHERAL_ID_GET(NRF_EGU3), + //NRFX_PERIPHERAL_ID_GET(NRF_EGU4), + NRF_EGU0_S_BASE, + NRF_EGU1_S_BASE, + NRF_EGU2_S_BASE, + NRF_EGU3_S_BASE, + NRF_EGU4_S_BASE, #ifndef PSA_API_TEST_IPC /* EGU5 is used as a secure peripheral in PSA FF tests */ - NRFX_PERIPHERAL_ID_GET(NRF_EGU5), + //NRFX_PERIPHERAL_ID_GET(NRF_EGU5), + NRF_EGU5_S_BASE, #endif - NRFX_PERIPHERAL_ID_GET(NRF_PWM0), - NRFX_PERIPHERAL_ID_GET(NRF_PWM1), - NRFX_PERIPHERAL_ID_GET(NRF_PWM2), - NRFX_PERIPHERAL_ID_GET(NRF_PWM3), + //NRFX_PERIPHERAL_ID_GET(NRF_PWM0), + //NRFX_PERIPHERAL_ID_GET(NRF_PWM1), + //NRFX_PERIPHERAL_ID_GET(NRF_PWM2), + //NRFX_PERIPHERAL_ID_GET(NRF_PWM3), + NRF_PWM0_S_BASE, + NRF_PWM1_S_BASE, + NRF_PWM2_S_BASE, + NRF_PWM3_S_BASE, #ifdef NRF_PDM - NRFX_PERIPHERAL_ID_GET(NRF_PDM), + //NRFX_PERIPHERAL_ID_GET(NRF_PDM), + NRF_PDM_S_BASE, #endif #ifdef NRF_PDM0 - NRFX_PERIPHERAL_ID_GET(NRF_PDM0), + //NRFX_PERIPHERAL_ID_GET(NRF_PDM0), + NRF_PDM0_S_BASE, #endif #ifdef NRF_I2S - NRFX_PERIPHERAL_ID_GET(NRF_I2S), + //NRFX_PERIPHERAL_ID_GET(NRF_I2S), + NRF_I2S_S_BASE, #endif #ifdef NRF_I2S0 - NRFX_PERIPHERAL_ID_GET(NRF_I2S0), + //NRFX_PERIPHERAL_ID_GET(NRF_I2S0), + NRF_I2S0_S_BASE, #endif - NRFX_PERIPHERAL_ID_GET(NRF_IPC), + //NRFX_PERIPHERAL_ID_GET(NRF_IPC), + NRF_IPC_S_BASE, #ifndef SECURE_QSPI #ifdef NRF_QSPI - NRFX_PERIPHERAL_ID_GET(NRF_QSPI), + //NRFX_PERIPHERAL_ID_GET(NRF_QSPI), + NRF_QSPI_S_BASE, #endif #endif #ifdef NRF_NFCT - NRFX_PERIPHERAL_ID_GET(NRF_NFCT), + //NRFX_PERIPHERAL_ID_GET(NRF_NFCT), + NRF_NFCT_S_BASE, #endif #ifdef NRF_MUTEX - NRFX_PERIPHERAL_ID_GET(NRF_MUTEX), + //NRFX_PERIPHERAL_ID_GET(NRF_MUTEX), + NRF_MUTEX_S_BASE, #endif #ifdef NRF_QDEC0 - NRFX_PERIPHERAL_ID_GET(NRF_QDEC0), + //NRFX_PERIPHERAL_ID_GET(NRF_QDEC0), + NRF_QDEC0_S_BASE, #endif #ifdef NRF_QDEC1 - NRFX_PERIPHERAL_ID_GET(NRF_QDEC1), + //NRFX_PERIPHERAL_ID_GET(NRF_QDEC1), + NRF_QDEC1_S_BASE, #endif #ifdef NRF_USBD - NRFX_PERIPHERAL_ID_GET(NRF_USBD), + //NRFX_PERIPHERAL_ID_GET(NRF_USBD), + NRF_USBD_S_BASE, #endif #ifdef NRF_USBREGULATOR - NRFX_PERIPHERAL_ID_GET(NRF_USBREGULATOR), + //NRFX_PERIPHERAL_ID_GET(NRF_USBREGULATOR), + NRF_USBREGULATOR_S_BASE, #endif /* NRF_USBREGULATOR */ - NRFX_PERIPHERAL_ID_GET(NRF_NVMC), - NRFX_PERIPHERAL_ID_GET(NRF_P0), + //NRFX_PERIPHERAL_ID_GET(NRF_NVMC), + //NRFX_PERIPHERAL_ID_GET(NRF_P0), + NRF_NVMC_S_BASE, + NRF_P0_S_BASE, #ifdef NRF_P1 - NRFX_PERIPHERAL_ID_GET(NRF_P1), + //NRFX_PERIPHERAL_ID_GET(NRF_P1), + NRF_P1_S_BASE, #endif /*NRF_P1 */ - NRFX_PERIPHERAL_ID_GET(NRF_VMC), +#if defined(NRF91_SERIES) || defined(NRF53_SERIES) + //NRFX_PERIPHERAL_ID_GET(NRF_VMC), + NRF_VMC_S_BASE +#endif }; for (int i = 0; i < ARRAY_SIZE(target_peripherals); i++) { From 45ae0778b32d433a763ab9e1d853d060f248452a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Fri, 27 Sep 2024 00:49:11 +0200 Subject: [PATCH 29/73] [nrf noup]: Add definitions for builtin key support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -This adds MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS and PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY to tfm_psa_rot_partition_crypto Signed-off-by: Frank Audun Kvamtrø --- secure_fw/partitions/crypto/CMakeLists.txt | 3 +++ 1 file changed, 3 insertions(+) diff --git a/secure_fw/partitions/crypto/CMakeLists.txt b/secure_fw/partitions/crypto/CMakeLists.txt index 6456c45c5..e4a8d5702 100644 --- a/secure_fw/partitions/crypto/CMakeLists.txt +++ b/secure_fw/partitions/crypto/CMakeLists.txt @@ -114,6 +114,9 @@ target_link_libraries(tfm_psa_rot_partition_crypto tfm_sp_log ) target_compile_definitions(tfm_psa_rot_partition_crypto + PUBLIC + MBEDTLS_PSA_CRYPTO_DRIVERS + $<$:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY> PRIVATE $<$:CRYPTO_HW_ACCELERATOR_CC312> ) From d7a564d78097337b8cedf8c535bb4da8b8ac19d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Mon, 30 Sep 2024 12:25:18 +0200 Subject: [PATCH 30/73] tf-m: Add missing include for generic configurations MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -Hopefully fixes TF-M shared UART issues Signed-off-by: Frank Audun Kvamtrø --- platform/ext/target/nordic_nrf/common/core/CMakeLists.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt b/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt index 9797d8834..066143c4f 100644 --- a/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt +++ b/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt @@ -9,6 +9,8 @@ cmake_policy(SET CMP0076 NEW) set(CMAKE_CURRENT_SOURCE_DIR ${CMAKE_CURRENT_LIST_DIR}) +include(${CMAKE_CURRENT_LIST_DIR}/config.cmake) + if (NOT NRF_BOARD_SELECTED) if (${TFM_PLATFORM} STREQUAL "nordic_nrf/nrf5340") set(hint nordic_nrf/nrf5340dk_nrf5340_cpuapp) From c227cf7e1603d1c2909b6e9ccd37cca7a73215a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Mon, 30 Sep 2024 13:38:32 +0200 Subject: [PATCH 31/73] tf-m: Fix peripheral => base address for UART instance MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Reverting change from upstream TF-M Signed-off-by: Frank Audun Kvamtrø --- .../nordic_nrf/common/core/cmsis_drivers/Driver_USART.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_USART.c b/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_USART.c index 2720cf7e9..db99c0bb7 100644 --- a/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_USART.c +++ b/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_USART.c @@ -115,7 +115,7 @@ static int32_t ARM_USARTx_Initialize(ARM_USART_SignalEvent_t cb_event, ARG_UNUSED(cb_event); #ifdef SPU_CONFIGURE_UART - spu_peripheral_config_secure(NRFX_PERIPHERAL_ID_GET((uint32_t)uart_resources->uarte.p_reg), false); + spu_peripheral_config_secure((uint32_t)uart_resources->uarte.p_reg, false); NVIC_ClearTargetState(NRFX_IRQ_NUMBER_GET((uint32_t)uart_resources->uarte.p_reg)); #endif @@ -148,7 +148,7 @@ static int32_t ARM_USARTx_Uninitialize(UARTx_Resources *uart_resources) uart_resources->initialized = false; #ifdef SPU_CONFIGURE_UART - spu_peripheral_config_non_secure(NRFX_PERIPHERAL_ID_GET((uint32_t)uart_resources->uarte.p_reg), false); + spu_peripheral_config_non_secure((uint32_t)uart_resources->uarte.p_reg, false); NVIC_SetTargetState(NRFX_IRQ_NUMBER_GET((uint32_t)uart_resources->uarte.p_reg)); #endif From a2fe2e63b18214db2192dd6a6bcae47be70b9819 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Mon, 30 Sep 2024 19:25:39 +0200 Subject: [PATCH 32/73] tf-m: Reworking a previous version of unitializing uart for sharing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -Will be squashed in a different commit which was the version that worked before Signed-off-by: Frank Audun Kvamtrø --- secure_fw/spm/core/spm_ipc.c | 5 +++++ secure_fw/spm/core/tfm_svcalls.c | 4 ---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/secure_fw/spm/core/spm_ipc.c b/secure_fw/spm/core/spm_ipc.c index 7b8771ca5..aeea3aaca 100644 --- a/secure_fw/spm/core/spm_ipc.c +++ b/secure_fw/spm/core/spm_ipc.c @@ -40,6 +40,7 @@ #include "load/spm_load_api.h" #include "tfm_nspm.h" #include "private/assert.h" +#include "uart_stdout.h" /* Partition and service runtime data list head/runtime data table */ static struct service_head_t services_listhead; @@ -398,6 +399,10 @@ uint32_t tfm_spm_init(void) backend_init_comp_assuredly(partition, service_setting); } + #if defined(CONFIG_TFM_LOG_SHARE_UART) + stdio_uninit(); + #endif + return backend_system_run(); } diff --git a/secure_fw/spm/core/tfm_svcalls.c b/secure_fw/spm/core/tfm_svcalls.c index 5ed6634a9..e6a99754f 100644 --- a/secure_fw/spm/core/tfm_svcalls.c +++ b/secure_fw/spm/core/tfm_svcalls.c @@ -27,7 +27,6 @@ #include "load/spm_load_api.h" #include "load/partition_defs.h" #include "psa/client.h" -#include "uart_stdout.h" #define INVALID_PSP_VALUE 0xFFFFFFFFU @@ -206,9 +205,6 @@ static uint32_t handle_spm_svc_requests(uint32_t svc_number, uint32_t exc_return exc_return = tfm_spm_init(); tfm_arch_check_msp_sealing(); -#if defined(CONFIG_TFM_LOG_SHARE_UART) - stdio_uninit(); -#endif /* The following call does not return */ tfm_arch_free_msp_and_exc_ret(SPM_BOOT_STACK_BOTTOM, exc_return); break; From 9573717cc8c078326fceb2869fe029e98615723b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Tue, 1 Oct 2024 15:44:14 +0200 Subject: [PATCH 33/73] [nrf fromtree] platform: nordic_nrf: APPROTECT to lock debugging MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit NRF_APPROTECT and NRF_SECURE_APPROTECT to take precedence over other mechanisms when configuring debugging for TF-M. For nRF53 and nRF91x1 the actual locking of firmware is done elsewhere. This further locks the UICR. nRF9160 supports only hardware APPROTECT. This will lock the APPROTECT / SECUREAPPROTECT in the next boot, when the above settings are configured. Change-Id: I5e304be0f8a34c0016488d9ec09929bbcb38481f Signed-off-by: Markus Lassila Signed-off-by: Frank Audun Kvamtrø --- .../nordic_nrf/common/core/target_cfg.c | 28 ++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.c b/platform/ext/target/nordic_nrf/common/core/target_cfg.c index 953d63710..f9f7fc742 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.c +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.c @@ -807,7 +807,33 @@ enum tfm_plat_err_t system_reset_cfg(void) enum tfm_plat_err_t init_debug(void) { -#if defined(NRF91_SERIES) || defined(NRF54L15_ENGA_XXAA) +#if defined(NRF_APPROTECT) || defined(NRF_SECURE_APPROTECT) + +#if !defined(DAUTH_CHIP_DEFAULT) +#error "Debug access controlled by NRF_APPROTECT and NRF_SECURE_APPROTECT." +#endif + +#if defined(NRF_APPROTECT) + /* For nRF53 and nRF91x1 already active. For nRF9160, active in the next boot.*/ + if (nrfx_nvmc_word_writable_check((uint32_t)&NRF_UICR_S->APPROTECT, + UICR_APPROTECT_PALL_Protected)) { + nrfx_nvmc_word_write((uint32_t)&NRF_UICR_S->APPROTECT, UICR_APPROTECT_PALL_Protected); + } else { + return TFM_PLAT_ERR_SYSTEM_ERR; + } +#endif +#if defined(NRF_SECURE_APPROTECT) + /* For nRF53 and nRF91x1 already active. For nRF9160, active in the next boot. */ + if (nrfx_nvmc_word_writable_check((uint32_t)&NRF_UICR_S->SECUREAPPROTECT, + UICR_SECUREAPPROTECT_PALL_Protected)) { + nrfx_nvmc_word_write((uint32_t)&NRF_UICR_S->SECUREAPPROTECT, + UICR_SECUREAPPROTECT_PALL_Protected); + } else { + return TFM_PLAT_ERR_SYSTEM_ERR; + } +#endif + +#elif defined(NRF91_SERIES) || defined(NRF54L15_ENGA_XXAA) #if !defined(DAUTH_CHIP_DEFAULT) #error "Debug access on this platform can only be configured by programming the corresponding registers in UICR." From d76200476c9b6c137a6e5fc400264134ae589708 Mon Sep 17 00:00:00 2001 From: Tomi Fontanilles Date: Tue, 24 Sep 2024 16:09:22 +0300 Subject: [PATCH 34/73] [nrf noup] platform: nordic_nrf: add support for nrf54l15dk And remove support for `nrf54l15pdk` at the same time. Occurences of `NRF54L15_ENGA_XXAA` are replaced by `NRF54L15_XXAA`. Files from the `nrf54l15dk_nrf54l15_cpuapp` directory that are unused are deleted. One of them, `tfm_peripherals_config.h`, even had a blatant syntax issue (`#endiff`). Signed-off-by: Tomi Fontanilles --- .../nordic_nrf/common/core/CMakeLists.txt | 3 +- .../nordic_nrf/common/core/nrfx_config.h | 2 +- .../services/src/tfm_platform_hal_ioctl.c | 2 +- .../nordic_nrf/common/core/startup_nrf54l15.c | 3 -- .../nordic_nrf/common/core/target_cfg.c | 38 +++++++++---------- .../nordic_nrf/common/core/target_cfg.h | 4 +- .../nordic_nrf/common/nrf54l15/cpuarch.cmake | 2 +- .../ns/CMakeLists.txt | 31 --------------- .../ns/cpuarch_ns.cmake | 10 ----- .../tfm_peripherals_config.h | 34 ----------------- 10 files changed, 23 insertions(+), 106 deletions(-) delete mode 100644 platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/CMakeLists.txt delete mode 100644 platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/cpuarch_ns.cmake delete mode 100644 platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tfm_peripherals_config.h diff --git a/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt b/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt index 066143c4f..d7cb7dc1c 100644 --- a/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt +++ b/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt @@ -24,7 +24,7 @@ endif() # At the time of writing there is no systematic way to identify which # NVM technology is used by the SoC from the Kconfig, so we just # hardcode this information here instead. -if((NRF_SOC_VARIANT STREQUAL nrf54l15) OR (target STREQUAL nrf54l15) OR (PSA_API_TEST_TARGET STREQUAL nrf54l15)) +if(NRF_SOC_VARIANT STREQUAL nrf54l15 OR (PSA_API_TEST_TARGET STREQUAL nrf54l15)) # Maybe we only need to check one of these options but these # variables keep changing so we check both to be future proof set(HAS_RRAMC 1) @@ -274,4 +274,3 @@ install(DIRECTORY native_drivers install(FILES ${PLATFORM_DIR}/ext/common/gcc/tfm_common_ns.ld DESTINATION ${INSTALL_PLATFORM_NS_DIR}/linker_scripts) - diff --git a/platform/ext/target/nordic_nrf/common/core/nrfx_config.h b/platform/ext/target/nordic_nrf/common/core/nrfx_config.h index f76e49cdd..dbaf8fbf0 100644 --- a/platform/ext/target/nordic_nrf/common/core/nrfx_config.h +++ b/platform/ext/target/nordic_nrf/common/core/nrfx_config.h @@ -100,7 +100,7 @@ #include #elif defined(NRF91_SERIES) #include -#elif defined(NRF54L15_ENGA_XXAA) +#elif defined(NRF54L15_XXAA) #include #else #error "Unknown device." diff --git a/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c b/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c index 8cfa2ecda..ae909ca5b 100644 --- a/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c +++ b/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c @@ -103,7 +103,7 @@ tfm_platform_hal_read_service(const psa_invec *in_vec, static bool valid_mcu_select(uint32_t mcu) { switch (mcu) { -#if defined(NRF54L15_ENGA_XXAA) +#if defined(NRF54L15_XXAA) case NRF_GPIO_PIN_SEL_GPIO: case NRF_GPIO_PIN_SEL_VPR: case NRF_GPIO_PIN_SEL_GRTC: diff --git a/platform/ext/target/nordic_nrf/common/core/startup_nrf54l15.c b/platform/ext/target/nordic_nrf/common/core/startup_nrf54l15.c index aa81ab1b1..b940ae8c3 100644 --- a/platform/ext/target/nordic_nrf/common/core/startup_nrf54l15.c +++ b/platform/ext/target/nordic_nrf/common/core/startup_nrf54l15.c @@ -21,9 +21,6 @@ * Git SHA: 2b7495b8535bdcb306dac29b9ded4cfb679d7e5c */ -// TODO: NCSDK-25033: Support interrupt handling in TF-M. The IRQs -// below correspond to nrf53, not nrf54L. - /* * Define __VECTOR_TABLE_ATTRIBUTE (which can be provided by cmsis.h) * before including cmsis.h because TF-M's linker script diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.c b/platform/ext/target/nordic_nrf/common/core/target_cfg.c index f9f7fc742..d65988e4a 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.c +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.c @@ -15,7 +15,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - #include "target_cfg.h" #include "region_defs.h" #include "tfm_plat_defs.h" @@ -66,14 +65,15 @@ #define PIN_XL1 0 #define PIN_XL2 1 #endif -#ifdef NRF54L15_ENGA_XXAA + +#ifdef NRF54L15_XXAA /* On nRF54L15 XL1 and XL2 are(P1.00) and XL2(P1.01) */ #define PIN_XL1 32 #define PIN_XL2 33 /* During TF-M system initialization we invoke a function that comes * from Zephyr. This function does not have a header file so we - * declare it's prototype here. + * declare its prototype here. */ int nordicsemi_nrf54l_init(void); #endif @@ -833,7 +833,7 @@ enum tfm_plat_err_t init_debug(void) } #endif -#elif defined(NRF91_SERIES) || defined(NRF54L15_ENGA_XXAA) +#elif defined(NRF91_SERIES) || defined(NRF54L15_XXAA) #if !defined(DAUTH_CHIP_DEFAULT) #error "Debug access on this platform can only be configured by programming the corresponding registers in UICR." @@ -939,7 +939,7 @@ void sau_and_idau_cfg(void) * (53/91) and new (54++) platforms. New platforms have a proper SAU * and IDAU, whereas old platforms do not. */ -#ifdef NRF54L15_ENGA_XXAA +#ifdef NRF54L15_XXAA /* * This SAU configuration aligns with ARM's RSS implementation of * sau_and_idau_cfg when possible. @@ -1230,7 +1230,7 @@ static void dppi_channel_configuration(void) enum tfm_plat_err_t spu_periph_init_cfg(void) { /* Peripheral configuration */ -#ifdef NRF54L15_ENGA_XXAA +#ifdef NRF54L15_XXAA /* Configure features to be non-secure */ /* @@ -1259,21 +1259,17 @@ enum tfm_plat_err_t spu_periph_init_cfg(void) /* Configure TF-M's UART peripheral to be secure */ #if NRF_SECURE_UART_INSTANCE == 00 uint32_t uart_periph_start = tfm_peripheral_uarte00.periph_start; -#endif -#if NRF_SECURE_UART_INSTANCE == 20 +#elif NRF_SECURE_UART_INSTANCE == 20 uint32_t uart_periph_start = tfm_peripheral_uarte20.periph_start; -#endif -#if NRF_SECURE_UART_INSTANCE == 21 +#elif NRF_SECURE_UART_INSTANCE == 21 uint32_t uart_periph_start = tfm_peripheral_uarte21.periph_start; -#endif -#if NRF_SECURE_UART_INSTANCE == 22 +#elif NRF_SECURE_UART_INSTANCE == 22 uint32_t uart_periph_start = tfm_peripheral_uarte22.periph_start; -#endif -#if NRF_SECURE_UART_INSTANCE == 30 +#elif NRF_SECURE_UART_INSTANCE == 30 uint32_t uart_periph_start = tfm_peripheral_uarte30.periph_start; #endif spu_peripheral_config_secure(uart_periph_start, SPU_LOCK_CONF_LOCKED); -#endif +#endif /* SECURE_UART1 */ /* Configure the CTRL-AP mailbox interface to be secure as it is used by the secure ADAC service */ spu_peripheral_config_secure(NRF_CTRLAP_S_BASE, SPU_LOCK_CONF_LOCKED); @@ -1305,7 +1301,7 @@ enum tfm_plat_err_t spu_periph_init_cfg(void) * have the same security configuration. */ spu_peripheral_config_secure(NRF_REGULATORS_S_BASE, SPU_LOCK_CONF_LOCKED); -#else +#else /* NRF54L15_XXAA */ static const uint32_t target_peripherals[] = { /* The following peripherals share ID: * - FPU (FPU cannot be configured in NRF91 series, it's always NS) @@ -1482,7 +1478,7 @@ static const uint32_t target_peripherals[] = { spu_peripheral_config_non_secure(target_peripherals[i], SPU_LOCK_CONF_UNLOCKED); } -#endif /* NRF54L15_ENGA_XXAA */ +#endif /* NRF54L15_XXAA */ /* DPPI channel configuration */ dppi_channel_configuration(); @@ -1540,8 +1536,8 @@ static const uint32_t target_peripherals[] = { #ifdef NRF53_SERIES nrf_gpio_pin_control_select(PIN_XL1, NRF_GPIO_PIN_SEL_PERIPHERAL); nrf_gpio_pin_control_select(PIN_XL2, NRF_GPIO_PIN_SEL_PERIPHERAL); -#endif /* CONFIG_SOC_ENABLE_LFXO */ -#ifdef NRF54L15_ENGA_XXAA +#endif /* NRF53_SERIES */ +#ifdef NRF54L15_XXAA /* NRF54L has a different define */ nrf_gpio_pin_control_select(PIN_XL1, NRF_GPIO_PIN_SEL_GPIO); nrf_gpio_pin_control_select(PIN_XL2, NRF_GPIO_PIN_SEL_GPIO); @@ -1597,10 +1593,10 @@ static const uint32_t target_peripherals[] = { } #endif /* RRAMC_PRESENT */ -#ifdef NRF54L15_ENGA_XXAA +#ifdef NRF54L15_XXAA /* SOC configuration from Zephyr's soc.c. */ int soc_err = nordicsemi_nrf54l_init(); - if(soc_err) { + if (soc_err) { return soc_err; } #endif diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.h b/platform/ext/target/nordic_nrf/common/core/target_cfg.h index aea09bece..08cebecce 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.h +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.h @@ -54,7 +54,7 @@ /* Only UART20 and UART30 are supported for TF-M tests, which are the * Non-secure applications build via the TF-M build system */ -#ifdef NRF54L15_ENGA_XXAA +#ifdef NRF54L15_XXAA #if NRF_SECURE_UART_INSTANCE == 20 #define NS_DRIVER_STDIO Driver_USART30 #else @@ -62,7 +62,7 @@ #endif #else #define NS_DRIVER_STDIO Driver_USART0 -#endif +#endif /* NRF54L15_XXAA */ /** * \brief Store the addresses of memory regions diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/cpuarch.cmake b/platform/ext/target/nordic_nrf/common/nrf54l15/cpuarch.cmake index 18c7fa920..e9fc59b84 100644 --- a/platform/ext/target/nordic_nrf/common/nrf54l15/cpuarch.cmake +++ b/platform/ext/target/nordic_nrf/common/nrf54l15/cpuarch.cmake @@ -15,7 +15,7 @@ set(TFM_SYSTEM_ARCHITECTURE armv8-m.main) set(CONFIG_TFM_FP_ARCH "fpv5-sp-d16") add_compile_definitions( - NRF54L15_ENGA_XXAA # Required by nrf.h + NRF54L15_XXAA NRF_APPLICATION # SKIP configuring the SAU from the MDK as it does not fit TF-M's needs NRF_SKIP_SAU_CONFIGURATION diff --git a/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/CMakeLists.txt b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/CMakeLists.txt deleted file mode 100644 index 5cd4273e4..000000000 --- a/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/CMakeLists.txt +++ /dev/null @@ -1,31 +0,0 @@ -#------------------------------------------------------------------------------- -# Copyright (c) 2023, Arm Limited. All rights reserved. -# -# SPDX-License-Identifier: BSD-3-Clause -# -#------------------------------------------------------------------------------- - -cmake_policy(SET CMP0076 NEW) -set(CMAKE_CURRENT_SOURCE_DIR ${CMAKE_CURRENT_LIST_DIR}) -set(NRF_BOARD_SELECTED True) - -add_library(platform_ns STATIC) - -# Get the value of HAL_NORDIC_PATH -include(${CMAKE_CURRENT_LIST_DIR}/common/core/config_nordic_nrf_spe.cmake) -add_subdirectory(${CMAKE_CURRENT_LIST_DIR}/common/nrf54l15 nrf54l15) - -target_include_directories(platform_ns - PUBLIC - ${CMAKE_CURRENT_LIST_DIR} -) - -target_link_libraries(platform_ns - PUBLIC - platform_region_defs -) - -target_include_directories(platform_region_defs - INTERFACE - ${CMAKE_CURRENT_LIST_DIR}/common/nrf54l15/partition -) diff --git a/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/cpuarch_ns.cmake b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/cpuarch_ns.cmake deleted file mode 100644 index 25f91fb54..000000000 --- a/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/cpuarch_ns.cmake +++ /dev/null @@ -1,10 +0,0 @@ -#------------------------------------------------------------------------------- -# Copyright (c) 2023, Nordic Semiconductor ASA. -# -# SPDX-License-Identifier: BSD-3-Clause -#------------------------------------------------------------------------------- - -set(PLATFORM_DIR ${CMAKE_CURRENT_LIST_DIR}) -set(PLATFORM_PATH ${CMAKE_CURRENT_LIST_DIR}) - -include(${CMAKE_CURRENT_LIST_DIR}/common/nrf54l15/cpuarch.cmake) diff --git a/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tfm_peripherals_config.h b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tfm_peripherals_config.h deleted file mode 100644 index bc3301087..000000000 --- a/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tfm_peripherals_config.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright (c) 2021, Arm Limited. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - * - */ - -#ifndef TFM_PERIPHERALS_CONFIG_H__ -#define TFM_PERIPHERALS_CONFIG_H__ - -#ifdef __cplusplus -extern "C" { -#endif - -#ifdef SECURE_UART30 -#define TFM_PERIPHERAL_UARTE30_SECURE 1 -#endiff - -#if TFM_PARTITION_SLIH_TEST || TFM_PARTITION_FLIH_TEST -#define TFM_PERIPHERAL_TIMER00_SECURE 1 -#endif - - -#if defined(NRF54L15_ENGA_XXAA) - #include -#else - #error "Unknown device." -#endif - -#ifdef __cplusplus -} -#endif - -#endif /* TFM_PERIPHERAL_CONFIG_H__ */ From 138ed215371a9b34d58136894e5b48df83497dff Mon Sep 17 00:00:00 2001 From: Ahmad EL JOUAID Date: Mon, 24 Jun 2024 16:33:35 +0200 Subject: [PATCH 35/73] [nrf fromtree] stm : fix error on b_u585i_iot02a with TF-Mv2.1.0 Deactivation of STSAFEA, which is used to deactivate the flag MBEDTLS_PSA_CRYPTO_SE_C and the latter causes a problem of structure alignment /*psa_key_attributes_s*/ in the crypto_struct.h file between the 2 service protected storage(PS) and crypto Change-Id: I8312e0a92030d2bd205222c9beb81bc4089c6be6 Signed-off-by: Ahmad EL JOUAID (cherry picked from commit 7045675209ca6f91236d15bde00a49697d6a45d6) Signed-off-by: Tomi Fontanilles --- platform/ext/target/stm/common/scripts/TFM_UPDATE.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/platform/ext/target/stm/common/scripts/TFM_UPDATE.sh b/platform/ext/target/stm/common/scripts/TFM_UPDATE.sh index ea8a377c0..5577c85af 100644 --- a/platform/ext/target/stm/common/scripts/TFM_UPDATE.sh +++ b/platform/ext/target/stm/common/scripts/TFM_UPDATE.sh @@ -19,8 +19,11 @@ sn_option="sn=$1" fi # Absolute path to this script SCRIPT=$(readlink -f $0) -# Absolute path this script SCRIPTPATH=`dirname $SCRIPT` +#copy tfm_ns_signed to the true path +cp $SCRIPTPATH/../../build_ns/bin/tfm_ns_signed.bin image_signing/scripts + +# Absolute path this script BINPATH_SPE="$SCRIPTPATH/bin" BINPATH_BL2="$SCRIPTPATH/bin" BINPATH_NSPE="$SCRIPTPATH/image_signing/scripts" From eab0eb7d742a5b369747d0a7a7926aabca65a17e Mon Sep 17 00:00:00 2001 From: Jamie Fox Date: Thu, 22 Aug 2024 16:54:45 +0100 Subject: [PATCH 36/73] [nrf fromtree] Platform: corstone1000: Fix isolation L2 memory protection The whole of the SRAM was configured unprivileged on this platform, so the memory protection required for isolation level 2 was not present. This patch changes the S_DATA_START to S_DATA_LIMIT MPU region to be configured for privileged access only. It also reorders the MPU regions so that the App RoT sub-region overlapping S_DATA has a higher region number and so takes priority in the operation of the Armv6-M MPU. Signed-off-by: Jamie Fox Change-Id: Icdf169f92f7a47b27ea38dac4098e3205af7f5af (cherry picked from commit 66596b4dae57bd675d006f4ad3fa3e5db512eba8) Signed-off-by: Tomi Fontanilles --- .../arm/corstone1000/tfm_hal_isolation.c | 43 +++++++++---------- 1 file changed, 21 insertions(+), 22 deletions(-) diff --git a/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c b/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c index 39b19c535..498f14ed2 100644 --- a/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c +++ b/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2023, Arm Limited. All rights reserved. + * Copyright (c) 2020-2024, Arm Limited. All rights reserved. * Copyright (c) 2022 Cypress Semiconductor Corporation (an Infineon * company) or an affiliate of Cypress Semiconductor Corporation. All rights * reserved. @@ -99,6 +99,26 @@ enum tfm_hal_status_t tfm_hal_set_up_static_boundaries( return ret; } + /* Set the RAM attributes. It is needed because the first region overlaps the whole + * SRAM and it has to be overridden. + * The RAM_MPU_REGION_BLOCK_1_SIZE and RAM_MPU_REGION_BLOCK_2_SIZE are calculated manually + * and added to the platform_region_defs compile definitions. + */ + base = S_DATA_START; + limit = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE; + ret = configure_mpu(rnr++, base, limit, + XN_EXEC_NOT_OK, AP_RW_PRIV_ONLY); + if (ret != TFM_HAL_SUCCESS) { + return ret; + } + + base = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE; + limit = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE + RAM_MPU_REGION_BLOCK_2_SIZE; + ret = configure_mpu(rnr++, base, limit, + XN_EXEC_NOT_OK, AP_RW_PRIV_ONLY); + if (ret != TFM_HAL_SUCCESS) { + return ret; + } /* RW, ZI and stack as one region */ base = (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base); @@ -133,27 +153,6 @@ enum tfm_hal_status_t tfm_hal_set_up_static_boundaries( #endif - /* Set the RAM attributes. It is needed because the first region overlaps the whole - * SRAM and it has to be overridden. - * The RAM_MPU_REGION_BLOCK_1_SIZE and RAM_MPU_REGION_BLOCK_2_SIZE are calculated manually - * and added to the platform_region_defs compile definitions. - */ - base = S_DATA_START; - limit = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE; - ret = configure_mpu(rnr++, base, limit, - XN_EXEC_NOT_OK, AP_RW_PRIV_UNPRIV); - if (ret != TFM_HAL_SUCCESS) { - return ret; - } - - base = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE; - limit = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE + RAM_MPU_REGION_BLOCK_2_SIZE; - ret = configure_mpu(rnr++, base, limit, - XN_EXEC_NOT_OK, AP_RW_PRIV_UNPRIV); - if (ret != TFM_HAL_SUCCESS) { - return ret; - } - arm_mpu_enable(); #endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */ From a929ac50615e94fa7f44457767d5b467a64effdd Mon Sep 17 00:00:00 2001 From: Ahmad EL JOUAID Date: Mon, 22 Jul 2024 09:44:10 +0200 Subject: [PATCH 37/73] [nrf fromtree] Platform: STM32: script all_stm_platfrom These scripts help the user to compile the TF-M project on all the STM platforms. Picking it up as platform specific improvement which is acceptable in LTS designed branches) Signed-off-by: Ahmad EL JOUAID Change-Id: Id9fe7c8c048b4919e2ec199a251b0ecec5e1c1aa (cherry picked from commit 6737911b041db2c2f37f4e827af29cf36129fe4b) (cherry picked from commit 6a54ec89f22ffc2a90a7082000b4613db47be983) Signed-off-by: Tomi Fontanilles --- docs/platform/stm/b_u585i_iot02a/readme.rst | 3 ++ docs/platform/stm/nucleo_l552ze_q/readme.rst | 3 ++ docs/platform/stm/stm32h573i_dk/readme.rst | 3 ++ docs/platform/stm/stm32l562e_dk/readme.rst | 3 ++ .../stm/common/build_stm/ReBuildTFM_NS.bat | 19 ++++++++++ .../stm/common/build_stm/ReBuildTFM_S.bat | 32 +++++++++++++++++ .../ext/target/stm/common/build_stm/image.png | Bin 0 -> 7380 bytes .../target/stm/common/build_stm/readme.txt | 33 ++++++++++++++++++ 8 files changed, 96 insertions(+) create mode 100644 platform/ext/target/stm/common/build_stm/ReBuildTFM_NS.bat create mode 100644 platform/ext/target/stm/common/build_stm/ReBuildTFM_S.bat create mode 100644 platform/ext/target/stm/common/build_stm/image.png create mode 100644 platform/ext/target/stm/common/build_stm/readme.txt diff --git a/docs/platform/stm/b_u585i_iot02a/readme.rst b/docs/platform/stm/b_u585i_iot02a/readme.rst index 28f5abe30..408bfae59 100644 --- a/docs/platform/stm/b_u585i_iot02a/readme.rst +++ b/docs/platform/stm/b_u585i_iot02a/readme.rst @@ -16,6 +16,9 @@ line arguments. Required arguments are noted below. The following instructions build multi-core TF-M with regression test suites in Isolation Level 1. +In common STM (``platform\ext\target\stm\common\build_stm``) +There are scripts that help users to build the TF-M project on all STM platforms + .. code-block:: bash diff --git a/docs/platform/stm/nucleo_l552ze_q/readme.rst b/docs/platform/stm/nucleo_l552ze_q/readme.rst index 7971a49f5..c0a2ee657 100644 --- a/docs/platform/stm/nucleo_l552ze_q/readme.rst +++ b/docs/platform/stm/nucleo_l552ze_q/readme.rst @@ -16,6 +16,9 @@ line arguments. Required arguments are noted below. The following instructions build multi-core TF-M with regression test suites in Isolation Level 1. +In common STM (``platform\ext\target\stm\common\build_stm``) +There are scripts that help users to build the TF-M project on all STM platforms + .. code-block:: bash diff --git a/docs/platform/stm/stm32h573i_dk/readme.rst b/docs/platform/stm/stm32h573i_dk/readme.rst index 1196560bd..01cbdb8d8 100644 --- a/docs/platform/stm/stm32h573i_dk/readme.rst +++ b/docs/platform/stm/stm32h573i_dk/readme.rst @@ -16,6 +16,9 @@ line arguments. Required arguments are noted below. The following instructions build multi-core TF-M with regression test suites in Isolation Level 1. +In common STM (``platform\ext\target\stm\common\build_stm``) +There are scripts that help users to build the TF-M project on all STM platforms + .. code-block:: bash diff --git a/docs/platform/stm/stm32l562e_dk/readme.rst b/docs/platform/stm/stm32l562e_dk/readme.rst index d3b9fd54f..4f256830d 100644 --- a/docs/platform/stm/stm32l562e_dk/readme.rst +++ b/docs/platform/stm/stm32l562e_dk/readme.rst @@ -16,6 +16,9 @@ line arguments. Required arguments are noted below. The following instructions build multi-core TF-M with regression test suites in Isolation Level 1. +In common STM (``platform\ext\target\stm\common\build_stm``) +There are scripts that help users to build the TF-M project on all STM platforms + .. code-block:: bash diff --git a/platform/ext/target/stm/common/build_stm/ReBuildTFM_NS.bat b/platform/ext/target/stm/common/build_stm/ReBuildTFM_NS.bat new file mode 100644 index 000000000..fc868238b --- /dev/null +++ b/platform/ext/target/stm/common/build_stm/ReBuildTFM_NS.bat @@ -0,0 +1,19 @@ +set WORK_DIR=%CD% +set BUILD_DIR=%WORK_DIR%\iar +set BUILD_TFM=build_ns + +cd %BUILD_DIR% +del /s/q %BUILD_TFM% + +set WORK_DIR=%WORK_DIR:\=/% +set BUILD_S=%WORK_DIR%/iar/build_s + +set TFM_SOURCE=%WORK_DIR%/trusted-firmware-m +set QCBOR=-DQCBOR_PATH=%WORK_DIR%/QCBOR +set TFMTEST_SRC=%WORK_DIR%/tf-m-tests/tests_reg + +set TOOL_CHAIN=-DTFM_TOOLCHAIN_FILE=%BUILD_S%/api_ns/cmake/toolchain_ns_IARARM.cmake + +cmake -S %TFM_SOURCE% %TFMTEST_SRC% -B %BUILD_TFM% -GNinja -DCONFIG_SPE_PATH=%BUILD_S%/api_ns %TOOL_CHAIN% +ninja -C %BUILD_TFM% -j12 +pause \ No newline at end of file diff --git a/platform/ext/target/stm/common/build_stm/ReBuildTFM_S.bat b/platform/ext/target/stm/common/build_stm/ReBuildTFM_S.bat new file mode 100644 index 000000000..0bc96622b --- /dev/null +++ b/platform/ext/target/stm/common/build_stm/ReBuildTFM_S.bat @@ -0,0 +1,32 @@ +set WORK_DIR=%CD% +set BUILD_DIR=%WORK_DIR%\iar +set BUILD_TFM=build_s +mkdir %BUILD_DIR% +cd %BUILD_DIR% +del /S/Q %BUILD_TFM% + +set WORK_DIR=%WORK_DIR:\=/% +set TFM_SOURCE=%WORK_DIR%/trusted-firmware-m +set TOOL_CHAIN=-DTFM_TOOLCHAIN_FILE=%TFM_SOURCE%/toolchain_IARARM.cmake +::platform +set TARGET=-DTFM_PLATFORM=stm/b_u585i_iot02a +::set TARGET=-DTFM_PLATFORM=stm/stm32h573i_dk +::set TARGET=-DTFM_PLATFORM=stm/stm32l562e_dk +::profile +set PROFILE=-DTFM_PROFILE=profile_medium +::library +set MCUBOOT_SRC=-DMCUBOOT_PATH=%WORK_DIR%/mcuboot-src +set MBEDCRYPTO_SRC=-DMBEDCRYPTO_PATH=%WORK_DIR%/mbedtls +set TFMTEST_SRC=%WORK_DIR%/tf-m-tests/tests_reg/spe +set QCBOR=-DQCBOR_PATH=%WORK_DIR%/QCBOR +set BUILD_TYPE=RelWithDebInfo +::set BUILD_TYPE=Debug +set MBED_BUILD_TYPE=RelWithDebInfo +::set MBED_BUILD_TYPE=Debug +set BUILD_NS_TESTS=-DTEST_NS=ON +set BUILD_S_TESTS=-DTEST_S=ON + + +cmake -S %TFMTEST_SRC% -B %BUILD_TFM% -GNinja %TARGET% %TOOL_CHAIN% -DCONFIG_TFM_SOURCE_PATH=%TFM_SOURCE% -DCMAKE_BUILD_TYPE=%BUILD_TYPE% %PROFILE% -DTFM_PSA_API=OFF -DTFM_ISOLATION_LEVEL=2 -DTEST_S=OFF -DTEST_NS=OFF -DTEST_S_CRYPTO=OFF -DTEST_NS_CRYPTO=OFF +ninja -C %BUILD_TFM% -j12 install +pause \ No newline at end of file diff --git a/platform/ext/target/stm/common/build_stm/image.png b/platform/ext/target/stm/common/build_stm/image.png new file mode 100644 index 0000000000000000000000000000000000000000..cfdb585ab7e1032cb7d8fade84d4afbc4d2bfd22 GIT binary patch literal 7380 zcmbt(cQ~8x-!{HhsS#?_Zcy6VT6f8OK!9>?<>&mS50mHWQ#>vQM)oY&_(KjGS1YE%>~6a)kWRL`D*bO{Iu z-{8Mblau1#;V$#`_zyxaU9~3!Kl<6$@dw2AN}5Up1juO03o8=*@eTK<#$E&j)NOxW zgk5e0HUtE0j?X|!`aTw0Gkz|n<5r}*(O(PrY|k#AvrT19zqH*fa*haPsj|5p`i#Tm zjrrIQ!n`aa-mijpD^ti`zZ@qRBXY4|y4R-tl)02bWk_j)R1lsER2g~ree_}E`(IfM zrm<=LQN``TJ#TdvoL8sGyj4Dr=C*V9j$?%z8GJeYPoty5)C^C&ct5yHA%=%_X#p|f zHIW%0&=S|pH$Whnbqzg0nzk(s)*Z~e4FXZOyYm4(xk6bv2wy)(N8n~d*I$Z6BatPg;v zZBJnt7#Se2S2ovcd%>A-+Ep?lz^|iw1`YxWg~;CxJNj)sZp7zgUb)65zD*C%F^CAt z`ZD;$Oskv^G>CF%y5=(o|HP!Y3^BbBWPW}#yTfgo513tqo_D!@dree+uu^-RDPYM} z93L=0A5O$GaYRH%esnnq12cE+<((iKbV*LQ?O-8u&^acTS@Q7M(e(!dE~P^rnC+K{ zaUWM*6`StpHcyEXZJS}P?P98c)PBPabMnQksp-9`w-pK`&-%iFY@+n;WWiq%vk+5% z(<5Ms`V6iQ;Sqjfd|nGX-Mo(AG(0l*5*>6wOyhBf+JE0 z0yR7o-e~(kl9@#g7~Rib@kFF zsN9~`vL^U6&*T=vIfBYSS_?%B7>XDTt-l-Wvm`Nh?8rpL4Fn$D8mQF}s%cEQy$J&0 z9N1gaU@$c6zXI@{978P0Bnb2|TVUGwlO{-CsyEMei9GG^Sk~))bAQ3^7fMjAgldUm zt*Wl>u0?u4VeZ3e@WDY+qYndp{s7p?hi%?j&$`_eTG)$HUU7fa9b%P4KQyEEtOhlg z-snzfpAkr%-+U_2A9zsjbG{y!D!oV4*(46@c9~$V#ZuwX|N2CSZX22Gh`72GPx7%P z=gn1-+Ksd?UCyG(>|Sm?Vj7sgs16DN>7%zNZ4v2YGCIzw9^8J&E*aa~Re{YC-VXA0 z6+2~+vYsBJ=Ax%lWldFH?MC-93=PhxvMNnnG!i^gItPuN6%ww#z+e(Yyz>fItp`bL z{bY`Xfd)Y^zWrh$kTgwi3^toy)MQ^6d2#au(!58H2< zSni-okIt2g`4U4gbvq7ZgBXYB-(jUcwpH2+iq<}N5pH2fYnvE?0|NqR-bT8jWnTBt zxe^cEiC$MPoZ*lPM?Y@9GO~U)^Bknl@6>uphE<+KQ=CE}Av<#lx8mb-76u99wtj%l zjy-))jY(1gfSB+R>037NcUz9Z20`X;%qXXAZdXASKg28%%#@WhlRz|;nK>A$yHwjP zI{D3_s&E}iX0D%b@7blSK9o1-YRaWkjXffVj$_Y?gJA_NaUafqebfQ0@$UXs*V%mV zerhpPjks>yu!y8See6T$bKl;q?02E#ic46LM|BK%>}&A&pY3=JY)jOTSbb9 z!gu2zB*~oIZDs1`7Q2HE2l&0d6E$oeZ%u3&=ciO9s6-rkG*qFHqOlXApirWmC_!df z?DiQhG0ljJ^!2a(0ia57OqOAD>)oXs3tm}T)UPHTL|Z?n2LKq7Vo@~HZ?|4H9O-lS z-hVe-tinH2&pDLr3%Z*x`o@a|=_5)sAP@hRqh^H9i?8ouW6oE&X~5S^O^CB~sk|S* zaxTL808qEirDaocY}CS>VRO_s8bxZuJuOl^wG;IUu`#BkwDlQUbT03lyz)>*p!xWa zTSF$B=f6Hryk073I7J}&0D$F`R*fqFa>5;8cI&_I79Z_VrCcen0`0huvXo`v zFbcKF3ItnL`JXY7xc*vr2?+^*w*}SlSGt&TeyS699)zW4)MDR>n)@+YYBnPSU6K`O z$Y4{#s3-y}aF6>?e{)-do@uZ8ecI`T2H)Q3KvSfm;z5SbMx}zB`;($PEQDeNvcIOsA9hX%?}wvhRa#%jTPR%_x9xxzuyXntOO}JeBF| z#uyYr)faU!kbPu1gL8^lbN`Cn+3YVOH%1S79alUCqgB(pUUXT0aPuRn+TORCN>_K8 zG!8vK+3GapxMsA-VDD;KrlnJ-D6^$C$f>r{$KGZ1(|kLrUYXcizFei(4dk`LsP*9Xbnlw(E#+1c7u|5ijoq-f4MD9icd^)Ts4C8|z^P!48W%IF?{CDb;j8lh?_v)s1VULxYD9bLp25Fz` zg+w}y5)0;R1UJReZEogb0_=7p06u=zkr3%_lhU-kOIm;}K0;1KqcFvqopK-RuKeA- zV#_C$CxAoqEBgj7oLsAyPCFC*grUhty6A`y7ey1&b3kd_D;&2qvI$a1JT*op5dTVJ zQlnCN#bd0|fw{6;5R9zqG5871J5dJ3CF2w0!>r#wijAkr{=erHKaMYUoOE6h3Y(vc z=B?(@Hpz!YkZ@k@g$K2ULH_{oDG5GhX{o?-TR~lsXU;VojS-2nTWu~jgm6k7AEw4r z9QL>D=rtyP-ovkbc2k!Z*ehwvM4b}-YrayWB=h7~^TMxFVeO6L7I0V~XU5Ho8wxcz z80>YZ3?Sxy@1Mm;f$qD&`?qZ8`$JstIiw>Y$gQ^ackJfh zdPd2DvaGmI0~32pVS+M+n^mS+NAj>n3E(_{@ ziL33YRzhJ6jq=^wh@_{pNrDmfzF zE54NKD?jMQzF;qh#)LabH|F11Aaw=Uq-Cj|kbc*wfEV2S)(bCHDXjqyIz#d_MK1PA5aISSL1L&LHQ}t6wRmGP;Rr z*;456{@1}JB-PUQC8I0TFU8)iY#3xNg1*!Sp2cEl9Ux{bXY>FFmwKzYiW1b^kSK?$ zu|T3<^i3_O6z;w)WfeYKC$xA=&5INHkf_-94# zm@d0k_h(0zVooXiKlL6D_aalJD!CGK#E-CwT6dfy0t7md;Qc>X(uK~8Fxt=q7^2GX zbvqtg`;;$%!21IKTEFZ1RNeeb&nm_>f4SNHZ^+Nt;ay1ZQKVxJm=KYT{?)JYt+{z%nX?2-3fmOA$z-|uiZR5JPP9o zaC$n;=_Kz+{Q6s6+-e+z6If9hLgQg6%kj2vw&hs`>F*-BFMUYqRaYXeU}UnB64 zc%yV2F&tIE3n-QEO!c4f5Ol9>8e6)gRb85sU)*B^b6dNC9}1m(X99Z}w|qOQN86t< za!pKz!T6)`OPZxDGhA@{nJIc-i>GcFnr>%%etP$i?}Q%C7Q)(f4BH{Too}|eiDxOb z|6qwV_*#T$4V`a2yjy+Kx`G?_>G&m=yzDtGVEH|MH9<;H_9)5R3s1e;(bXd5@dB6j z9};7bhNJ@B(ZR)onqpc zk*If;&PvB7%jbK~7d(nPW-#84x6w(QS*>*bAGrOy*~_tqUu_%drKkI>?$77{!ZcHC=XjqQ6fDUMLZ;?#@nGmM%4wy(e zZYdXbfW5jwH#CN)Jm>E??wu7oW2m6>p03&g`W#A8wCsBO+pz%7Syl}Zzb+7D)~Gx1 zTjp@;O@kdP$?QLU=;OOMFvb4SZPw+$6=ctech><0)QRNLu_ZSEBB0(HaPe_fRQgoR z-%k=eqD*5w6-KnMN~TlUOwlACpCs+Yuqd3)kU{kQUblqCZYb@y7~Am&qZ^a=N)zrR z{J1bN#YVhKwFBV%1|PJ_eqN4FX{wPudIYB-!r$DxtD{PRJA~{vEd^0y{-HLz>=@<2 z_b29wd%u@)Yp&J)6UG^mBYu7Dv(7x(kt&)s*K>aSQznGiADX-D(_z_Vp89Mu@5*N4 z`LPz%ZnaGG`NBXkWI~9G#-z6dw6{<^-V$~6lR8yILHN)6OhY) z9RG96qm7$r2KN9RGNZSt`dS9jZkA3_R*p2+O3S;DVV%mw_|7SYlI|7Hk4_N$enKT> zz_&vKe!UrI^k5rR6hCi9vnY?qRz_@#qs$H)g?7SVad<$eG^w|PJpz*B?Ylv=DRto> z{q%d>t=tKNSD8J_{f0`=M@}KipZ?MAdyHit;WI}4CphI|DMx=Ugm;yFa)M4zG}yCr zb|OlL!VEd-De_<)EjtPr)Cv-GH8?|Gg4DqvTKVfjK;T z1u@Bb5v56m$5Y2;#qzjkqv(LZ_@f9N&wY>aWXrsIau+Xk&@7F2n1CJ+-(awTK5Bec z3h}rz#xL(g9i)}LwEs`Fg&%{P{1~i^BJ;H~K>cJ}?X?|8OpoKQnN(E)3q*_8K=uaz zADY$I7W2gVFIjC~wtamgXj4;%Wu#8V}20uRXWrAvuoi)YFZJ>~&s`|J7iSmIgW7Vn4{ z2&8ZH|2j6KW1GBm7*2kb4&VSh=0vYYG4q~~5IPWF++Xoio;>9V(MS{m+d)Y=s@0n9 z!W#nXkDH0@?3Uh2UIZ#uxl9s8cY)cS;YlB_ule}+bSx}{R9AV$Mg-|8M|23^Y| z8;RoM6*i}9KNG$H#qp`HPA^(l2qiwG7u#j@tIY87D)(7UvvlMn1%cu?or1FNzrXCa z89((`V3T`IPQxa}FRrkadOe8em=mUj_}*0*WK+ zV(Qt#;kIv~jPtuhD=Vve-!&5V`mfE^h4!yDr&CX9yCs~kuO<}mt_NZ6h!|$goY%7f;ZHgMV2&7PIAeI8tME>jbMm zZbUlf$XYZ{V}XlMlozt%3yipf`;B}B6Cf8p)KayRQDiivgJ}Tv>%S_cU zZlGpn-z-%E2vpkYp5anktA}p3G|kkPx(&FV-oIZVZu49W;}v;Qu^DHzs?U@5L@w}! z8h>uks21{=S@lV0pNqlUOXw^oAf{Ako&(+`Dlh(iN^hhlz>ng5X9^x0O9%eWR2UOoWZPLxY9mr`3s-IAh*!!=lgng`OiUh^ zom6pg2|tU?P4Bw8AU(5+Du_$2_r3j>xH-{6FXwK0R?I|w8B!7n3NN6I`*`0votFzDJp1LjJ}lU?d?5$zw;KKsrLnJ=Y@I*sx`D8 zNs-~LFbWMvye+F^RfL+vCv!#9zblKLNwFb^TZux=&N%(2xO<;eR5+%CumRMvg0V3C z)_vn-a#C9Ey7ivROx??R;cK5B-mA}6ZdYdwg#`sq@dKsnm`dEKOB?4OqZj@3S|wxvxiii;7xkfyQIy6A!D1dfxPnaIAEFFVuUO$mmWUp#N8KOKq=3V9K*zldLb z_9I>KRiV~N+);MT1pI85$gUNhWQ=IjGl^oQ|D5zCS;^NoxvKlSa>6Ypct(fu6Z5N% ze1!$c#CYL1^ZC`Dfe0t<8qTM{DEOk`|_+Ob^k<503i| z8+7v)^(;!3pMW(4bqpr)keca>yL#fie|+nQMKg)pv)ha-b|R0YgOlo+6H5?$tBcDo z4xms~tI%mI^jYOH^Oib7B5LSIa{83*KM9XyjnlnKmrEy{e5o)p2f^>jLx(FLQ_b0Y zPs7oo7IET1uLSE|8;w+*MauRSlc+8pbJel(Q@ycNsZDiL;wgjC$obF;dC0QBTNlx4 zYj$(V)euw7sZUV$qsTGsTja0SzwF$d9Kww9%wl_4FzsXp^$myaENC2BV?p^luX!{% zKst8VJyB0gZ$une6O0;nwHiUQCnY7dY!%+#^P;2wTwQtTNdfIKc;-zZ_;3mV@ZDG& zd8>%(9^IF#OylnC9s4eQ2d-EYkPlvSp~+fo_gK85_+~oD=%50wV|t)S5GLlL5uast z-VgLRbMvyFmjXcK)Y}43EBA>N_eJDjR(2Z_cyPPB?+9&9G%+;$h=0h)2&CV!7|VAs zp!U%)bQIzp>j~7$RD_VEoA3K3L=^iCI+q8H?X$F($XwQ{3Hdqs%1Rro!}@o>@xcsvoSDYAzCq4nrE`;&h~)!f*;mJ&s5*IBJ-$M( z?LuFpH`b0$wsT)kcOAqPD>mtZr#K(udS0(@si88j-0r4i43jnZ1gu9iI;bax`>N=p{+o2UUJ6ywm+|`N(OGvKZv2RR z(j+8mq4;Pp{CIFUOijzi`&E_Y52tH8rPqATKpX3O`xeKPlWh3u3+C|h0Lal*i5nNa zIIdmtJl?AA$i_B#+3md0W{b`&(r>v7H2Uw#&rCr84Q5Judfw62!BE|}k zq>ZW3lCE|<8TJJXD+InpA81)8)VKKMdd(0`ye=^WvUUS9bp~AiapF) zN7Q!;8qY?t_iXt0Ex<8S00zA3P4xDyj1Ig>vx&_xquvZ6AmgM(1^=_Fc*+&Uabqs) zab!&Zc^EZ&`+MuNM(ic~BEZ19`YT4vJf{zpk}uW!I6hyGW$O3RL=dm%Z}57Os_1N$ zq#*b`n=e@k+Q0{b=>NPy4VID~w~WMF#mf($f4`|RdmG-aN6{7TplnS~k8c|lqf%vy z6H=dus$o~GSEH-(u2)ygpMH|Z(*L)W^q;QNA0;bI`=?G~gZ=UNslVFwn|~0eEPKgl zLn+XFH(LOo?(rm(5fo*{ftsKP+AMe_)bBb*GWq9627Gcd+Spfbgt#PF(hpI@h2kwj zUX(K}YX6rRL`ecw63#E1J1>Of@;giQyZX-@$@gg9gp*7f7gcgi6^w(=9{o|V_-R(H z8UF9Ae-HWbZpq(Sjmp*V{V<%^s@8YjeB)n$y4pY1r$Og`FT#J-<^OJ~{tr)GB)G;a Yn7LI(S^iu2P9(uI6)n(@C$B>O3&xpODgXcg literal 0 HcmV?d00001 diff --git a/platform/ext/target/stm/common/build_stm/readme.txt b/platform/ext/target/stm/common/build_stm/readme.txt new file mode 100644 index 000000000..9bd2d161b --- /dev/null +++ b/platform/ext/target/stm/common/build_stm/readme.txt @@ -0,0 +1,33 @@ +STM_PLATFORM +^^^^^^^^^^^^ + +Configuration and Build +""""""""""""""""""""""" + +GNUARM/ARMCLANG/IARARM compilation is available for this target. +and build the selected configuration as follow. + +The build configuration for TF-M is provided to the build system using command +line arguments. Required arguments are noted below. + +The following instructions build multi-core TF-M with regression test suites +in Isolation Level 1. + + +Getting_started +""""""""""""""" + +1- Should install TF-M repo and all library in the same directory (trusted-firmware-m, mbedtls, mcuboot, QCBOR, tf-m-tests). +2- Configure the script as you nedd for your project. +3- Launch the script ReBuildTFM_S.bat and ReBuildTFM_NS.bat +4- In iar/build_s/api_ns laucn the scripts (postbuild.sh, regressions.sh, TFM_UPDATE.sh). +5- Reset the board. + +Example +""""""" +There's image example to the environment what should you have to use these scripts + +------------- + +*Copyright (c) 2021, STMicroelectronics. All rights reserved.* +*SPDX-License-Identifier: BSD-3-Clause* From f206a24f1684054d085b662d0d48935297c4d01b Mon Sep 17 00:00:00 2001 From: Tomi Fontanilles Date: Tue, 15 Oct 2024 11:34:32 +0300 Subject: [PATCH 38/73] Revert "[nrf noup] tf-m: Enable support for external PSA core" This reverts commit e6376051622272261f8a913a363c695d467777bd. To cleanly apply the fromtree that follows. This commit is re-applied afterwards Signed-off-by: Tomi Fontanilles --- cmake/install.cmake | 61 ++++++------- cmake/spe-CMakeLists.cmake | 9 -- interface/CMakeLists.txt | 9 -- secure_fw/partitions/crypto/CMakeLists.txt | 86 ++++++------------- .../partitions/lib/runtime/CMakeLists.txt | 4 - .../protected_storage/CMakeLists.txt | 2 +- 6 files changed, 56 insertions(+), 115 deletions(-) diff --git a/cmake/install.cmake b/cmake/install.cmake index b9d338602..0297080f1 100644 --- a/cmake/install.cmake +++ b/cmake/install.cmake @@ -75,37 +75,33 @@ if (TFM_PARTITION_INTERNAL_TRUSTED_STORAGE) endif() if (TFM_PARTITION_CRYPTO) - if(PSA_CRYPTO_EXTERNAL_CORE) - include(${TARGET_PLATFORM_PATH}/../external_core_install.cmake) - else() - install(FILES ${INTERFACE_INC_DIR}/psa/README.rst - ${INTERFACE_INC_DIR}/psa/build_info.h - ${INTERFACE_INC_DIR}/psa/crypto.h - ${INTERFACE_INC_DIR}/psa/crypto_adjust_auto_enabled.h - ${INTERFACE_INC_DIR}/psa/crypto_adjust_config_key_pair_types.h - ${INTERFACE_INC_DIR}/psa/crypto_adjust_config_synonyms.h - ${INTERFACE_INC_DIR}/psa/crypto_builtin_composites.h - ${INTERFACE_INC_DIR}/psa/crypto_builtin_key_derivation.h - ${INTERFACE_INC_DIR}/psa/crypto_builtin_primitives.h - ${INTERFACE_INC_DIR}/psa/crypto_compat.h - ${INTERFACE_INC_DIR}/psa/crypto_driver_common.h - ${INTERFACE_INC_DIR}/psa/crypto_driver_contexts_composites.h - ${INTERFACE_INC_DIR}/psa/crypto_driver_contexts_key_derivation.h - ${INTERFACE_INC_DIR}/psa/crypto_driver_contexts_primitives.h - ${INTERFACE_INC_DIR}/psa/crypto_extra.h - ${INTERFACE_INC_DIR}/psa/crypto_legacy.h - ${INTERFACE_INC_DIR}/psa/crypto_platform.h - ${INTERFACE_INC_DIR}/psa/crypto_se_driver.h - ${INTERFACE_INC_DIR}/psa/crypto_sizes.h - ${INTERFACE_INC_DIR}/psa/crypto_struct.h - ${INTERFACE_INC_DIR}/psa/crypto_types.h - ${INTERFACE_INC_DIR}/psa/crypto_values.h - DESTINATION ${INSTALL_INTERFACE_INC_DIR}/psa) - install(FILES ${INTERFACE_INC_DIR}/tfm_crypto_defs.h - DESTINATION ${INSTALL_INTERFACE_INC_DIR}) - install(DIRECTORY ${INTERFACE_INC_DIR}/mbedtls - DESTINATION ${INSTALL_INTERFACE_INC_DIR}) - endif() + install(FILES ${INTERFACE_INC_DIR}/psa/README.rst + ${INTERFACE_INC_DIR}/psa/build_info.h + ${INTERFACE_INC_DIR}/psa/crypto.h + ${INTERFACE_INC_DIR}/psa/crypto_adjust_auto_enabled.h + ${INTERFACE_INC_DIR}/psa/crypto_adjust_config_key_pair_types.h + ${INTERFACE_INC_DIR}/psa/crypto_adjust_config_synonyms.h + ${INTERFACE_INC_DIR}/psa/crypto_builtin_composites.h + ${INTERFACE_INC_DIR}/psa/crypto_builtin_key_derivation.h + ${INTERFACE_INC_DIR}/psa/crypto_builtin_primitives.h + ${INTERFACE_INC_DIR}/psa/crypto_compat.h + ${INTERFACE_INC_DIR}/psa/crypto_driver_common.h + ${INTERFACE_INC_DIR}/psa/crypto_driver_contexts_composites.h + ${INTERFACE_INC_DIR}/psa/crypto_driver_contexts_key_derivation.h + ${INTERFACE_INC_DIR}/psa/crypto_driver_contexts_primitives.h + ${INTERFACE_INC_DIR}/psa/crypto_extra.h + ${INTERFACE_INC_DIR}/psa/crypto_legacy.h + ${INTERFACE_INC_DIR}/psa/crypto_platform.h + ${INTERFACE_INC_DIR}/psa/crypto_se_driver.h + ${INTERFACE_INC_DIR}/psa/crypto_sizes.h + ${INTERFACE_INC_DIR}/psa/crypto_struct.h + ${INTERFACE_INC_DIR}/psa/crypto_types.h + ${INTERFACE_INC_DIR}/psa/crypto_values.h + DESTINATION ${INSTALL_INTERFACE_INC_DIR}/psa) + install(FILES ${INTERFACE_INC_DIR}/tfm_crypto_defs.h + DESTINATION ${INSTALL_INTERFACE_INC_DIR}) + install(DIRECTORY ${INTERFACE_INC_DIR}/mbedtls + DESTINATION ${INSTALL_INTERFACE_INC_DIR}) endif() if (TFM_PARTITION_INITIAL_ATTESTATION) @@ -288,11 +284,10 @@ else() ) endif() -# PSA_CRYPTO_EXTERNAL_CORE target_include_directories(psa_interface INTERFACE $ -) + ) install(EXPORT tfm-config FILE spe_export.cmake diff --git a/cmake/spe-CMakeLists.cmake b/cmake/spe-CMakeLists.cmake index 959912cbd..cb0d36e98 100644 --- a/cmake/spe-CMakeLists.cmake +++ b/cmake/spe-CMakeLists.cmake @@ -34,15 +34,6 @@ target_sources(tfm_api_ns ) # Include interface headers exported by TF-M -if(PSA_CRYPTO_EXTERNAL_CORE) - include(${TARGET_PLATFORM_PATH}/../external_core.cmake) -else() - target_include_directories(tfm_api_ns - PUBLIC - ${INTERFACE_INC_DIR} - ) -endif() - target_include_directories(tfm_api_ns PUBLIC ${INTERFACE_INC_DIR} diff --git a/interface/CMakeLists.txt b/interface/CMakeLists.txt index 94be57a12..97711e8f2 100644 --- a/interface/CMakeLists.txt +++ b/interface/CMakeLists.txt @@ -19,15 +19,6 @@ configure_file(${CMAKE_CURRENT_SOURCE_DIR}/include/psa/framework_feature.h.in add_library(psa_interface INTERFACE) -if(PSA_CRYPTO_EXTERNAL_CORE) - include(${TARGET_PLATFORM_PATH}/../external_core.cmake) -else() - target_include_directories(psa_interface - INTERFACE - $ - ) -endif() - target_include_directories(psa_interface INTERFACE $ diff --git a/secure_fw/partitions/crypto/CMakeLists.txt b/secure_fw/partitions/crypto/CMakeLists.txt index e4a8d5702..284db4f2d 100644 --- a/secure_fw/partitions/crypto/CMakeLists.txt +++ b/secure_fw/partitions/crypto/CMakeLists.txt @@ -7,41 +7,30 @@ ############################### PSA CRYPTO CONFIG ############################## # Make sure these are available even if the TFM_PARTITION_CRYPTO is not defined -add_library(psa_crypto_config INTERFACE) +# This defines the configuration files for the users of the client interface +set(TFM_MBEDCRYPTO_CONFIG_CLIENT_PATH ${TFM_MBEDCRYPTO_CONFIG_PATH}) +cmake_path(REMOVE_EXTENSION TFM_MBEDCRYPTO_CONFIG_CLIENT_PATH) +cmake_path(APPEND_STRING TFM_MBEDCRYPTO_CONFIG_CLIENT_PATH "_client.h") +add_library(psa_crypto_config INTERFACE) +target_compile_definitions(psa_crypto_config + INTERFACE + MBEDTLS_PSA_CRYPTO_CONFIG_FILE="${TFM_MBEDCRYPTO_PSA_CRYPTO_CONFIG_PATH}" + MBEDTLS_CONFIG_FILE="${TFM_MBEDCRYPTO_CONFIG_CLIENT_PATH}" +) # The following is required for tfm_plat_crypto_nv_seed.h target_include_directories(psa_crypto_config INTERFACE $ ) - -if(PSA_CRYPTO_EXTERNAL_CORE) - include(${TARGET_PLATFORM_PATH}/../external_core.cmake) -else() - #This defines the configuration files for the users of the client interface - set(TFM_MBEDCRYPTO_CONFIG_CLIENT_PATH ${TFM_MBEDCRYPTO_CONFIG_PATH}) - cmake_path(REMOVE_EXTENSION TFM_MBEDCRYPTO_CONFIG_CLIENT_PATH) - cmake_path(APPEND_STRING TFM_MBEDCRYPTO_CONFIG_CLIENT_PATH "_client.h") - - target_compile_definitions(psa_crypto_config - INTERFACE - MBEDTLS_PSA_CRYPTO_CONFIG_FILE="${TFM_MBEDCRYPTO_PSA_CRYPTO_CONFIG_PATH}" - MBEDTLS_CONFIG_FILE="${TFM_MBEDCRYPTO_CONFIG_CLIENT_PATH}" - ) -endif() - # This defines the configuration files for the users of the library directly add_library(psa_crypto_library_config INTERFACE) -if(PSA_CRYPTO_EXTERNAL_CORE) - include(${TARGET_PLATFORM_PATH}/../external_core.cmake) -else() - target_compile_definitions(psa_crypto_library_config - INTERFACE - MBEDTLS_PSA_CRYPTO_CONFIG_FILE="${TFM_MBEDCRYPTO_PSA_CRYPTO_CONFIG_PATH}" - MBEDTLS_CONFIG_FILE="${TFM_MBEDCRYPTO_CONFIG_PATH}" - ) -endif() +target_compile_definitions(psa_crypto_library_config + INTERFACE + MBEDTLS_PSA_CRYPTO_CONFIG_FILE="${TFM_MBEDCRYPTO_PSA_CRYPTO_CONFIG_PATH}" + MBEDTLS_CONFIG_FILE="${TFM_MBEDCRYPTO_CONFIG_PATH}" +) if (NOT TFM_PARTITION_CRYPTO) return() @@ -82,24 +71,13 @@ target_sources(tfm_partitions ${CMAKE_BINARY_DIR}/generated/secure_fw/partitions/crypto/auto_generated/load_info_tfm_crypto.c ) - # Set include directory target_include_directories(tfm_psa_rot_partition_crypto PRIVATE - #$ - ${CMAKE_CURRENT_SOURCE_DIR} + $ ${CMAKE_BINARY_DIR}/generated/secure_fw/partitions/crypto + $ ) - -if(PSA_CRYPTO_EXTERNAL_CORE) - include(${TARGET_PLATFORM_PATH}/../external_core.cmake) -else() - target_include_directories(tfm_psa_rot_partition_crypto - PRIVATE - $ - ) -endif() - target_include_directories(tfm_partitions INTERFACE ${CMAKE_BINARY_DIR}/generated/secure_fw/partitions/crypto @@ -138,20 +116,19 @@ target_link_libraries(tfm_config psa_crypto_config ) +############################### PSA CRYPTO CONFIG ############################## +add_library(psa_crypto_config INTERFACE) +# target_compile_definitions(psa_crypto_config +# INTERFACE +# MBEDTLS_PSA_CRYPTO_CONFIG_FILE="${TFM_MBEDCRYPTO_PSA_CRYPTO_CONFIG_PATH}" +# ) + ############################### MBEDCRYPTO ##################################### add_library(crypto_service_mbedcrypto_config INTERFACE) -if(PSA_CRYPTO_EXTERNAL_CORE) - include(${TARGET_PLATFORM_PATH}/../external_core.cmake) -else() - target_compile_definitions(crypto_service_mbedcrypto_config - INTERFACE - MBEDTLS_CONFIG_FILE="${TFM_MBEDCRYPTO_CONFIG_PATH}" - $<$:MBEDTLS_USER_CONFIG_FILE="${TFM_MBEDCRYPTO_PLATFORM_EXTRA_CONFIG_PATH}"> - ) -endif() target_compile_definitions(crypto_service_mbedcrypto_config INTERFACE + $<$:MBEDTLS_USER_CONFIG_FILE="${TFM_MBEDCRYPTO_PLATFORM_EXTRA_CONFIG_PATH}"> # Workaround for https://github.com/ARMmbed/mbedtls/issues/1077 $<$,$>:MULADDC_CANNOT_USE_R7> $<$:PLATFORM_DEFAULT_NV_SEED> @@ -199,19 +176,10 @@ target_include_directories(psa_crypto_library_config INTERFACE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_SOURCE_DIR}/psa_driver_api + # The following is required for psa/error.h + $ ) -if(PSA_CRYPTO_EXTERNAL_CORE) - include(${TARGET_PLATFORM_PATH}/../external_core.cmake) -else() - target_include_directories(${MBEDTLS_TARGET_PREFIX}mbedcrypto - PUBLIC - # The following is required for psa/error.h - $ - ) -endif() - - # Fix platform_s and crypto_service_mbedcrypto libraries cyclic linking set_target_properties(${MBEDTLS_TARGET_PREFIX}mbedcrypto PROPERTIES LINK_INTERFACE_MULTIPLICITY 3) diff --git a/secure_fw/partitions/lib/runtime/CMakeLists.txt b/secure_fw/partitions/lib/runtime/CMakeLists.txt index c29561764..7a626b961 100644 --- a/secure_fw/partitions/lib/runtime/CMakeLists.txt +++ b/secure_fw/partitions/lib/runtime/CMakeLists.txt @@ -16,10 +16,6 @@ target_include_directories(tfm_sprt ${CMAKE_SOURCE_DIR}/secure_fw/include ) -if(PSA_CRYPTO_EXTERNAL_CORE) - include(${TARGET_PLATFORM_PATH}/../external_core.cmake) -endif() - target_sources(tfm_sprt PUBLIC $<$:${CMAKE_SOURCE_DIR}/platform/ext/common/syscalls_stub.c> diff --git a/secure_fw/partitions/protected_storage/CMakeLists.txt b/secure_fw/partitions/protected_storage/CMakeLists.txt index bb6e5fcfe..0cfedac08 100644 --- a/secure_fw/partitions/protected_storage/CMakeLists.txt +++ b/secure_fw/partitions/protected_storage/CMakeLists.txt @@ -75,11 +75,11 @@ target_sources(tfm_partitions target_link_libraries(tfm_app_rot_partition_ps PRIVATE - psa_crypto_config secure_fw platform_s tfm_config tfm_sprt + psa_crypto_config ) target_compile_definitions(tfm_app_rot_partition_ps From 8b0ac1734c48d3a7a59e157fb2bc805405082744 Mon Sep 17 00:00:00 2001 From: Antonio de Angelis Date: Wed, 18 Sep 2024 12:07:25 +0100 Subject: [PATCH 39/73] [nrf fromtree] Crypto: Update to Mbed TLS 3.6.1 Update the CMake checkout dependency and re-align the headers to the ones available in Mbed TLS 3.6.1. Signed-off-by: Antonio de Angelis Change-Id: I681df1f2662c55b7aaf7eed2642b7ce3eeae8192 (cherry picked from commit 2a59580b58093bfb031bed9cf47f4c6d5530cfad) Signed-off-by: Tomi Fontanilles --- bl2/ext/mcuboot/config/mcuboot-mbedtls-cfg.h | 1 + bl2/src/thin_psa_crypto_core.c | 110 +---------- cmake/install.cmake | 1 + config/config_base.cmake | 2 +- interface/include/mbedtls/bignum.h | 2 +- interface/include/mbedtls/build_info.h | 30 ++- interface/include/mbedtls/check_config.h | 14 ++ .../mbedtls/config_adjust_legacy_crypto.h | 29 ++- .../mbedtls/config_adjust_legacy_from_psa.h | 16 +- .../mbedtls/config_adjust_psa_from_legacy.h | 10 + .../config_adjust_psa_superset_legacy.h | 10 + interface/include/mbedtls/config_adjust_ssl.h | 12 +- .../include/mbedtls/config_adjust_x509.h | 12 +- interface/include/mbedtls/config_psa.h | 6 + interface/include/mbedtls/ctr_drbg.h | 33 +++- interface/include/mbedtls/ecdh.h | 2 +- interface/include/mbedtls/ecp.h | 2 +- interface/include/mbedtls/pk.h | 60 +++--- interface/include/mbedtls/psa_util.h | 2 +- interface/include/mbedtls/ssl.h | 145 ++++++++++---- interface/include/psa/crypto.h | 184 ++++++++++++++++-- .../include/psa/crypto_adjust_auto_enabled.h | 10 + .../psa/crypto_adjust_config_dependencies.h | 51 +++++ .../psa/crypto_adjust_config_key_pair_types.h | 10 + .../psa/crypto_adjust_config_synonyms.h | 10 + interface/include/psa/crypto_extra.h | 10 +- interface/include/psa/crypto_struct.h | 28 ++- interface/include/psa/crypto_types.h | 24 +++ ...iltin-Key-Loader-driver-entry-points.patch | 42 ++-- ...de-sharing-between-independent-binar.patch | 4 +- ...-use-key-vendor-id-within-PSA-crypto.patch | 6 +- ...r-wrappers-as-first-step-in-psa_cryp.patch | 6 +- .../0005-Hardcode-CC3XX-entry-points.patch | 78 ++++---- .../0006-Enable-psa_can_do_hash.patch | 4 +- ...hen-MCUBOOT_USE_PSA_CRYPTO-and-not-M.patch | 6 +- .../tfm_mbedcrypto_config_default_client.h | 14 -- ...m_mbedcrypto_config_profile_large_client.h | 14 -- .../tfm_mbedcrypto_config_profile_small.h | 2 +- ...m_mbedcrypto_config_profile_small_client.h | 2 +- .../cc312/crypto_accelerator_config.h | 1 + 40 files changed, 671 insertions(+), 334 deletions(-) create mode 100644 interface/include/psa/crypto_adjust_config_dependencies.h diff --git a/bl2/ext/mcuboot/config/mcuboot-mbedtls-cfg.h b/bl2/ext/mcuboot/config/mcuboot-mbedtls-cfg.h index 4dcc50f95..6aaaf47d0 100644 --- a/bl2/ext/mcuboot/config/mcuboot-mbedtls-cfg.h +++ b/bl2/ext/mcuboot/config/mcuboot-mbedtls-cfg.h @@ -51,6 +51,7 @@ #define MBEDTLS_ENTROPY_C #define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG #define MBEDTLS_PSA_CRYPTO_CONFIG +#define MBEDTLS_PSA_CRYPTO_C #if defined(MCUBOOT_SIGN_EC256) #define MBEDTLS_PSA_P256M_DRIVER_ENABLED #endif diff --git a/bl2/src/thin_psa_crypto_core.c b/bl2/src/thin_psa_crypto_core.c index 6fa03c929..6bf2f4461 100644 --- a/bl2/src/thin_psa_crypto_core.c +++ b/bl2/src/thin_psa_crypto_core.c @@ -165,9 +165,7 @@ psa_status_t psa_hash_setup(psa_hash_operation_t *operation, status = psa_driver_wrapper_hash_setup(operation, alg); - if (status != PSA_SUCCESS) { - psa_hash_abort(operation); - } + assert(status == PSA_SUCCESS); return status; } @@ -189,9 +187,7 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation, status = psa_driver_wrapper_hash_update(operation, input, input_length); - if (status != PSA_SUCCESS) { - psa_hash_abort(operation); - } + assert(status == PSA_SUCCESS); return status; } @@ -349,28 +345,6 @@ psa_status_t mbedtls_to_psa_error(int ret) } } -#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) -int mbedtls_psa_get_random(void *p_rng, - unsigned char *output, - size_t output_size) -{ - /* This function takes a pointer to the RNG state because that's what - * classic mbedtls functions using an RNG expect. The PSA RNG manages - * its own state internally and doesn't let the caller access that state. - * So we just ignore the state parameter, and in practice we'll pass - * NULL. - */ - (void) p_rng; - psa_status_t status = psa_generate_random(output, output_size); - - if (status == PSA_SUCCESS) { - return 0; - } else { - return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; - } -} -#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ - psa_status_t psa_generate_random(uint8_t *output, size_t output_size) { @@ -446,86 +420,6 @@ psa_status_t psa_verify_hash_builtin( return PSA_ERROR_NOT_SUPPORTED; } -/* Required when Mbed TLS backend converts from PSA to Mbed TLS native */ -mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t family, - size_t bits) -{ - switch (family) { - case PSA_ECC_FAMILY_SECP_R1: - switch (bits) { -#if defined(PSA_WANT_ECC_SECP_R1_192) - case 192: - return MBEDTLS_ECP_DP_SECP192R1; -#endif -#if defined(PSA_WANT_ECC_SECP_R1_224) - case 224: - return MBEDTLS_ECP_DP_SECP224R1; -#endif -#if defined(PSA_WANT_ECC_SECP_R1_256) - case 256: - return MBEDTLS_ECP_DP_SECP256R1; -#endif -#if defined(PSA_WANT_ECC_SECP_R1_384) - case 384: - return MBEDTLS_ECP_DP_SECP384R1; -#endif -#if defined(PSA_WANT_ECC_SECP_R1_521) - case 521: - return MBEDTLS_ECP_DP_SECP521R1; -#endif - } - break; - - case PSA_ECC_FAMILY_BRAINPOOL_P_R1: - switch (bits) { -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) - case 256: - return MBEDTLS_ECP_DP_BP256R1; -#endif -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) - case 384: - return MBEDTLS_ECP_DP_BP384R1; -#endif -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) - case 512: - return MBEDTLS_ECP_DP_BP512R1; -#endif - } - break; - - case PSA_ECC_FAMILY_MONTGOMERY: - switch (bits) { -#if defined(PSA_WANT_ECC_MONTGOMERY_255) - case 255: - return MBEDTLS_ECP_DP_CURVE25519; -#endif -#if defined(PSA_WANT_ECC_MONTGOMERY_448) - case 448: - return MBEDTLS_ECP_DP_CURVE448; -#endif - } - break; - - case PSA_ECC_FAMILY_SECP_K1: - switch (bits) { -#if defined(PSA_WANT_ECC_SECP_K1_192) - case 192: - return MBEDTLS_ECP_DP_SECP192K1; -#endif -#if defined(PSA_WANT_ECC_SECP_K1_224) - /* secp224k1 is not and will not be supported in PSA (#3541). */ -#endif -#if defined(PSA_WANT_ECC_SECP_K1_256) - case 256: - return MBEDTLS_ECP_DP_SECP256K1; -#endif - } - break; - } - - return MBEDTLS_ECP_DP_NONE; -} - /* We don't need the full driver wrapper, we know the key is already a public key */ psa_status_t psa_driver_wrapper_export_public_key( const psa_key_attributes_t *attributes, diff --git a/cmake/install.cmake b/cmake/install.cmake index 0297080f1..8e4003f5f 100644 --- a/cmake/install.cmake +++ b/cmake/install.cmake @@ -79,6 +79,7 @@ if (TFM_PARTITION_CRYPTO) ${INTERFACE_INC_DIR}/psa/build_info.h ${INTERFACE_INC_DIR}/psa/crypto.h ${INTERFACE_INC_DIR}/psa/crypto_adjust_auto_enabled.h + ${INTERFACE_INC_DIR}/psa/crypto_adjust_config_dependencies.h ${INTERFACE_INC_DIR}/psa/crypto_adjust_config_key_pair_types.h ${INTERFACE_INC_DIR}/psa/crypto_adjust_config_synonyms.h ${INTERFACE_INC_DIR}/psa/crypto_builtin_composites.h diff --git a/config/config_base.cmake b/config/config_base.cmake index 1424100b6..56b52ca77 100644 --- a/config/config_base.cmake +++ b/config/config_base.cmake @@ -37,7 +37,7 @@ set(PROJECT_CONFIG_HEADER_FILE "" CACHE FILEPATH "User define # External libraries source and version set(MBEDCRYPTO_PATH "DOWNLOAD" CACHE PATH "Path to Mbed Crypto (or DOWNLOAD to fetch automatically") set(MBEDCRYPTO_FORCE_PATCH OFF CACHE BOOL "Always apply MBed Crypto patches") -set(MBEDCRYPTO_VERSION "mbedtls-3.6.0" CACHE STRING "The version of Mbed Crypto to use") +set(MBEDCRYPTO_VERSION "mbedtls-3.6.1" CACHE STRING "The version of Mbed Crypto to use") set(MBEDCRYPTO_GIT_REMOTE "https://github.com/Mbed-TLS/mbedtls.git" CACHE STRING "The URL (or path) to retrieve MbedTLS from.") set(MCUBOOT_PATH "DOWNLOAD" CACHE PATH "Path to MCUboot (or DOWNLOAD to fetch automatically") diff --git a/interface/include/mbedtls/bignum.h b/interface/include/mbedtls/bignum.h index 71d7b9767..8367cd34e 100644 --- a/interface/include/mbedtls/bignum.h +++ b/interface/include/mbedtls/bignum.h @@ -880,7 +880,7 @@ int mbedtls_mpi_mod_int(mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_sint b); /** - * \brief Perform a sliding-window exponentiation: X = A^E mod N + * \brief Perform a modular exponentiation: X = A^E mod N * * \param X The destination MPI. This must point to an initialized MPI. * This must not alias E or N. diff --git a/interface/include/mbedtls/build_info.h b/interface/include/mbedtls/build_info.h index eab167f38..8242ec682 100644 --- a/interface/include/mbedtls/build_info.h +++ b/interface/include/mbedtls/build_info.h @@ -26,16 +26,16 @@ */ #define MBEDTLS_VERSION_MAJOR 3 #define MBEDTLS_VERSION_MINOR 6 -#define MBEDTLS_VERSION_PATCH 0 +#define MBEDTLS_VERSION_PATCH 1 /** * The single version number has the following structure: * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x03060000 -#define MBEDTLS_VERSION_STRING "3.6.0" -#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.6.0" +#define MBEDTLS_VERSION_NUMBER 0x03060100 +#define MBEDTLS_VERSION_STRING "3.6.1" +#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.6.1" /* Macros for build-time platform detection */ @@ -101,6 +101,13 @@ #define inline __inline #endif +#if defined(MBEDTLS_CONFIG_FILES_READ) +#error "Something went wrong: MBEDTLS_CONFIG_FILES_READ defined before reading the config files!" +#endif +#if defined(MBEDTLS_CONFIG_IS_FINALIZED) +#error "Something went wrong: MBEDTLS_CONFIG_IS_FINALIZED defined before reading the config files!" +#endif + /* X.509, TLS and non-PSA crypto configuration */ #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/mbedtls_config.h" @@ -135,6 +142,12 @@ #endif #endif /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */ +/* Indicate that all configuration files have been read. + * It is now time to adjust the configuration (follow through on dependencies, + * make PSA and legacy crypto consistent, etc.). + */ +#define MBEDTLS_CONFIG_FILES_READ + /* Auto-enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY if * MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH and MBEDTLS_CTR_DRBG_C defined * to ensure a 128-bit key size in CTR_DRBG. @@ -169,8 +182,13 @@ #include "mbedtls/config_adjust_ssl.h" -/* Make sure all configuration symbols are set before including check_config.h, - * even the ones that are calculated programmatically. */ +/* Indicate that all configuration symbols are set, + * even the ones that are calculated programmatically. + * It is now safe to query the configuration (to check it, to size buffers, + * etc.). + */ +#define MBEDTLS_CONFIG_IS_FINALIZED + #include "mbedtls/check_config.h" #endif /* MBEDTLS_BUILD_INFO_H */ diff --git a/interface/include/mbedtls/check_config.h b/interface/include/mbedtls/check_config.h index b3c038dd2..67a05f83b 100644 --- a/interface/include/mbedtls/check_config.h +++ b/interface/include/mbedtls/check_config.h @@ -2,6 +2,13 @@ * \file check_config.h * * \brief Consistency checks for configuration options + * + * This is an internal header. Do not include it directly. + * + * This header is included automatically by all public Mbed TLS headers + * (via mbedtls/build_info.h). Do not include it directly in a configuration + * file such as mbedtls/mbedtls_config.h or #MBEDTLS_USER_CONFIG_FILE! + * It would run at the wrong time due to missing derived symbols. */ /* * Copyright The Mbed TLS Contributors @@ -12,6 +19,13 @@ #define MBEDTLS_CHECK_CONFIG_H /* *INDENT-OFF* */ + +#if !defined(MBEDTLS_CONFIG_IS_FINALIZED) +#warning "Do not include mbedtls/check_config.h manually! " \ + "This may cause spurious errors. " \ + "It is included automatically at the right point since Mbed TLS 3.0." +#endif /* !MBEDTLS_CONFIG_IS_FINALIZED */ + /* * We assume CHAR_BIT is 8 in many places. In practice, this is true on our * target platforms, so not an issue, but let's just be extra sure. diff --git a/interface/include/mbedtls/config_adjust_legacy_crypto.h b/interface/include/mbedtls/config_adjust_legacy_crypto.h index 9b0604122..3ba987ebb 100644 --- a/interface/include/mbedtls/config_adjust_legacy_crypto.h +++ b/interface/include/mbedtls/config_adjust_legacy_crypto.h @@ -2,7 +2,9 @@ * \file mbedtls/config_adjust_legacy_crypto.h * \brief Adjust legacy configuration configuration * - * Automatically enable certain dependencies. Generally, MBEDLTS_xxx + * This is an internal header. Do not include it directly. + * + * Automatically enable certain dependencies. Generally, MBEDTLS_xxx * configurations need to be explicitly enabled by the user: enabling * MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a * compilation error. However, we do automatically enable certain options @@ -22,6 +24,14 @@ #ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H #define MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H +#if !defined(MBEDTLS_CONFIG_FILES_READ) +#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \ + "up to and including runtime errors such as buffer overflows. " \ + "If you're trying to fix a complaint from check_config.h, just remove " \ + "it from your configuration file: since Mbed TLS 3.0, it is included " \ + "automatically at the right point." +#endif /* */ + /* Ideally, we'd set those as defaults in mbedtls_config.h, but * putting an #ifdef _WIN32 in mbedtls_config.h would confuse config.py. * @@ -48,7 +58,8 @@ defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG)) + defined(MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)) #define MBEDTLS_CIPHER_C #endif @@ -293,6 +304,14 @@ #define MBEDTLS_ECP_LIGHT #endif +/* Backward compatibility: after #8740 the RSA module offers functions to parse + * and write RSA private/public keys without relying on the PK one. Of course + * this needs ASN1 support to do so, so we enable it here. */ +#if defined(MBEDTLS_RSA_C) +#define MBEDTLS_ASN1_PARSE_C +#define MBEDTLS_ASN1_WRITE_C +#endif + /* MBEDTLS_PK_PARSE_EC_COMPRESSED is introduced in Mbed TLS version 3.5, while * in previous version compressed points were automatically supported as long * as PK_PARSE_C and ECP_C were enabled. As a consequence, for backward @@ -409,12 +428,12 @@ /* psa_util file features some ECDSA conversion functions, to convert between * legacy's ASN.1 DER format and PSA's raw one. */ -#if defined(MBEDTLS_ECDSA_C) || (defined(MBEDTLS_PSA_CRYPTO_C) && \ +#if (defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \ (defined(PSA_WANT_ALG_ECDSA) || defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA))) #define MBEDTLS_PSA_UTIL_HAVE_ECDSA #endif -/* Some internal helpers to determine which keys are availble. */ +/* Some internal helpers to determine which keys are available. */ #if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_AES_C)) || \ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_AES)) #define MBEDTLS_SSL_HAVE_AES @@ -428,7 +447,7 @@ #define MBEDTLS_SSL_HAVE_CAMELLIA #endif -/* Some internal helpers to determine which operation modes are availble. */ +/* Some internal helpers to determine which operation modes are available. */ #if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CIPHER_MODE_CBC)) || \ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CBC_NO_PADDING)) #define MBEDTLS_SSL_HAVE_CBC diff --git a/interface/include/mbedtls/config_adjust_legacy_from_psa.h b/interface/include/mbedtls/config_adjust_legacy_from_psa.h index 0091e246b..04bdae61b 100644 --- a/interface/include/mbedtls/config_adjust_legacy_from_psa.h +++ b/interface/include/mbedtls/config_adjust_legacy_from_psa.h @@ -2,6 +2,8 @@ * \file mbedtls/config_adjust_legacy_from_psa.h * \brief Adjust PSA configuration: activate legacy implementations * + * This is an internal header. Do not include it directly. + * * When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, activate legacy implementations * of cryptographic mechanisms as needed to fulfill the needs of the PSA * configuration. Generally speaking, we activate a legacy mechanism if @@ -16,6 +18,14 @@ #ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H #define MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H +#if !defined(MBEDTLS_CONFIG_FILES_READ) +#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \ + "up to and including runtime errors such as buffer overflows. " \ + "If you're trying to fix a complaint from check_config.h, just remove " \ + "it from your configuration file: since Mbed TLS 3.0, it is included " \ + "automatically at the right point." +#endif /* */ + /* Define appropriate ACCEL macros for the p256-m driver. * In the future, those should be generated from the drivers JSON description. */ @@ -498,7 +508,6 @@ * The PSA implementation has its own implementation of HKDF, separate from * hkdf.c. No need to enable MBEDTLS_HKDF_C here. */ -#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 #define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1 #endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */ #endif /* PSA_WANT_ALG_HKDF */ @@ -509,7 +518,6 @@ * The PSA implementation has its own implementation of HKDF, separate from * hkdf.c. No need to enable MBEDTLS_HKDF_C here. */ -#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 #define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT 1 #endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT */ #endif /* PSA_WANT_ALG_HKDF_EXTRACT */ @@ -520,7 +528,6 @@ * The PSA implementation has its own implementation of HKDF, separate from * hkdf.c. No need to enable MBEDTLS_HKDF_C here. */ -#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 #define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND 1 #endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND */ #endif /* PSA_WANT_ALG_HKDF_EXPAND */ @@ -630,9 +637,6 @@ #if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC) #define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1 #define PSA_HAVE_SOFT_PBKDF2_HMAC 1 -#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) -#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 -#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */ #endif /* !MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ #endif /* PSA_WANT_ALG_PBKDF2_HMAC */ diff --git a/interface/include/mbedtls/config_adjust_psa_from_legacy.h b/interface/include/mbedtls/config_adjust_psa_from_legacy.h index 345661594..14ca14696 100644 --- a/interface/include/mbedtls/config_adjust_psa_from_legacy.h +++ b/interface/include/mbedtls/config_adjust_psa_from_legacy.h @@ -2,6 +2,8 @@ * \file mbedtls/config_adjust_psa_from_legacy.h * \brief Adjust PSA configuration: construct PSA configuration from legacy * + * This is an internal header. Do not include it directly. + * * When MBEDTLS_PSA_CRYPTO_CONFIG is disabled, we automatically enable * cryptographic mechanisms through the PSA interface when the corresponding * legacy mechanism is enabled. In many cases, this just enables the PSA @@ -18,6 +20,14 @@ #ifndef MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H #define MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H +#if !defined(MBEDTLS_CONFIG_FILES_READ) +#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \ + "up to and including runtime errors such as buffer overflows. " \ + "If you're trying to fix a complaint from check_config.h, just remove " \ + "it from your configuration file: since Mbed TLS 3.0, it is included " \ + "automatically at the right point." +#endif /* */ + /* * Ensure PSA_WANT_* defines are setup properly if MBEDTLS_PSA_CRYPTO_CONFIG * is not defined diff --git a/interface/include/mbedtls/config_adjust_psa_superset_legacy.h b/interface/include/mbedtls/config_adjust_psa_superset_legacy.h index 3a55c3f6e..ef65cce0d 100644 --- a/interface/include/mbedtls/config_adjust_psa_superset_legacy.h +++ b/interface/include/mbedtls/config_adjust_psa_superset_legacy.h @@ -2,6 +2,8 @@ * \file mbedtls/config_adjust_psa_superset_legacy.h * \brief Adjust PSA configuration: automatic enablement from legacy * + * This is an internal header. Do not include it directly. + * * To simplify some edge cases, we automatically enable certain cryptographic * mechanisms in the PSA API if they are enabled in the legacy API. The general * idea is that if legacy module M uses mechanism A internally, and A has @@ -17,6 +19,14 @@ #ifndef MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H #define MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H +#if !defined(MBEDTLS_CONFIG_FILES_READ) +#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \ + "up to and including runtime errors such as buffer overflows. " \ + "If you're trying to fix a complaint from check_config.h, just remove " \ + "it from your configuration file: since Mbed TLS 3.0, it is included " \ + "automatically at the right point." +#endif /* */ + /****************************************************************/ /* Hashes that are built in are also enabled in PSA. * This simplifies dependency declarations especially diff --git a/interface/include/mbedtls/config_adjust_ssl.h b/interface/include/mbedtls/config_adjust_ssl.h index 39c7b3b11..1f82d9c00 100644 --- a/interface/include/mbedtls/config_adjust_ssl.h +++ b/interface/include/mbedtls/config_adjust_ssl.h @@ -2,7 +2,9 @@ * \file mbedtls/config_adjust_ssl.h * \brief Adjust TLS configuration * - * Automatically enable certain dependencies. Generally, MBEDLTS_xxx + * This is an internal header. Do not include it directly. + * + * Automatically enable certain dependencies. Generally, MBEDTLS_xxx * configurations need to be explicitly enabled by the user: enabling * MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a * compilation error. However, we do automatically enable certain options @@ -22,6 +24,14 @@ #ifndef MBEDTLS_CONFIG_ADJUST_SSL_H #define MBEDTLS_CONFIG_ADJUST_SSL_H +#if !defined(MBEDTLS_CONFIG_FILES_READ) +#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \ + "up to and including runtime errors such as buffer overflows. " \ + "If you're trying to fix a complaint from check_config.h, just remove " \ + "it from your configuration file: since Mbed TLS 3.0, it is included " \ + "automatically at the right point." +#endif /* */ + /* The following blocks make it easier to disable all of TLS, * or of TLS 1.2 or 1.3 or DTLS, without having to manually disable all * key exchanges, options and extensions related to them. */ diff --git a/interface/include/mbedtls/config_adjust_x509.h b/interface/include/mbedtls/config_adjust_x509.h index 346c8ae6d..cfb2d8891 100644 --- a/interface/include/mbedtls/config_adjust_x509.h +++ b/interface/include/mbedtls/config_adjust_x509.h @@ -2,7 +2,9 @@ * \file mbedtls/config_adjust_x509.h * \brief Adjust X.509 configuration * - * Automatically enable certain dependencies. Generally, MBEDLTS_xxx + * This is an internal header. Do not include it directly. + * + * Automatically enable certain dependencies. Generally, MBEDTLS_xxx * configurations need to be explicitly enabled by the user: enabling * MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a * compilation error. However, we do automatically enable certain options @@ -22,4 +24,12 @@ #ifndef MBEDTLS_CONFIG_ADJUST_X509_H #define MBEDTLS_CONFIG_ADJUST_X509_H +#if !defined(MBEDTLS_CONFIG_FILES_READ) +#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \ + "up to and including runtime errors such as buffer overflows. " \ + "If you're trying to fix a complaint from check_config.h, just remove " \ + "it from your configuration file: since Mbed TLS 3.0, it is included " \ + "automatically at the right point." +#endif /* */ + #endif /* MBEDTLS_CONFIG_ADJUST_X509_H */ diff --git a/interface/include/mbedtls/config_psa.h b/interface/include/mbedtls/config_psa.h index 17da61b3e..5f3d0f3d5 100644 --- a/interface/include/mbedtls/config_psa.h +++ b/interface/include/mbedtls/config_psa.h @@ -22,6 +22,8 @@ #include "psa/crypto_adjust_config_synonyms.h" +#include "psa/crypto_adjust_config_dependencies.h" + #include "mbedtls/config_adjust_psa_superset_legacy.h" #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) @@ -32,7 +34,11 @@ * before we deduce what built-ins are required. */ #include "psa/crypto_adjust_config_key_pair_types.h" +#if defined(MBEDTLS_PSA_CRYPTO_C) +/* If we are implementing PSA crypto ourselves, then we want to enable the + * required built-ins. Otherwise, PSA features will be provided by the server. */ #include "mbedtls/config_adjust_legacy_from_psa.h" +#endif #else /* MBEDTLS_PSA_CRYPTO_CONFIG */ diff --git a/interface/include/mbedtls/ctr_drbg.h b/interface/include/mbedtls/ctr_drbg.h index c00756df1..0b7cce192 100644 --- a/interface/include/mbedtls/ctr_drbg.h +++ b/interface/include/mbedtls/ctr_drbg.h @@ -32,12 +32,27 @@ #include "mbedtls/build_info.h" -/* In case AES_C is defined then it is the primary option for backward - * compatibility purposes. If that's not available, PSA is used instead */ -#if defined(MBEDTLS_AES_C) -#include "mbedtls/aes.h" -#else +/* The CTR_DRBG implementation can either directly call the low-level AES + * module (gated by MBEDTLS_AES_C) or call the PSA API to perform AES + * operations. Calling the AES module directly is the default, both for + * maximum backward compatibility and because it's a bit more efficient + * (less glue code). + * + * When MBEDTLS_AES_C is disabled, the CTR_DRBG module calls PSA crypto and + * thus benefits from the PSA AES accelerator driver. + * It is technically possible to enable MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO + * to use PSA even when MBEDTLS_AES_C is enabled, but there is very little + * reason to do so other than testing purposes and this is not officially + * supported. + */ +#if !defined(MBEDTLS_AES_C) +#define MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO +#endif + +#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) #include "psa/crypto.h" +#else +#include "mbedtls/aes.h" #endif #include "entropy.h" @@ -157,7 +172,7 @@ extern "C" { #define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN (MBEDTLS_CTR_DRBG_ENTROPY_LEN + 1) / 2 #endif -#if !defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) typedef struct mbedtls_ctr_drbg_psa_context { mbedtls_svc_key_id_t key_id; psa_cipher_operation_t operation; @@ -189,10 +204,10 @@ typedef struct mbedtls_ctr_drbg_context { * This is the maximum number of requests * that can be made between reseedings. */ -#if defined(MBEDTLS_AES_C) - mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx); /*!< The AES context. */ -#else +#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) mbedtls_ctr_drbg_psa_context MBEDTLS_PRIVATE(psa_ctx); /*!< The PSA context. */ +#else + mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx); /*!< The AES context. */ #endif /* diff --git a/interface/include/mbedtls/ecdh.h b/interface/include/mbedtls/ecdh.h index a0909d6b4..a6a506933 100644 --- a/interface/include/mbedtls/ecdh.h +++ b/interface/include/mbedtls/ecdh.h @@ -325,7 +325,7 @@ int mbedtls_ecdh_read_params(mbedtls_ecdh_context *ctx, * \brief This function sets up an ECDH context from an EC key. * * It is used by clients and servers in place of the - * ServerKeyEchange for static ECDH, and imports ECDH + * ServerKeyExchange for static ECDH, and imports ECDH * parameters from the EC key information of a certificate. * * \see ecp.h diff --git a/interface/include/mbedtls/ecp.h b/interface/include/mbedtls/ecp.h index d8f73ae96..623910bcb 100644 --- a/interface/include/mbedtls/ecp.h +++ b/interface/include/mbedtls/ecp.h @@ -216,7 +216,7 @@ mbedtls_ecp_point; * range of 0..2^(2*pbits)-1, and transforms it in-place to an integer * which is congruent mod \p P to the given MPI, and is close enough to \p pbits * in size, so that it may be efficiently brought in the 0..P-1 range by a few - * additions or subtractions. Therefore, it is only an approximative modular + * additions or subtractions. Therefore, it is only an approximate modular * reduction. It must return 0 on success and non-zero on failure. * * \note Alternative implementations of the ECP module must obey the diff --git a/interface/include/mbedtls/pk.h b/interface/include/mbedtls/pk.h index fde302f87..1b7e4f106 100644 --- a/interface/include/mbedtls/pk.h +++ b/interface/include/mbedtls/pk.h @@ -359,32 +359,40 @@ int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info); #if defined(MBEDTLS_USE_PSA_CRYPTO) /** - * \brief Initialize a PK context to wrap a PSA key. - * - * \note This function replaces mbedtls_pk_setup() for contexts - * that wrap a (possibly opaque) PSA key instead of - * storing and manipulating the key material directly. - * - * \param ctx The context to initialize. It must be empty (type NONE). - * \param key The PSA key to wrap, which must hold an ECC or RSA key - * pair (see notes below). - * - * \note The wrapped key must remain valid as long as the - * wrapping PK context is in use, that is at least between - * the point this function is called and the point - * mbedtls_pk_free() is called on this context. The wrapped - * key might then be independently used or destroyed. - * - * \note This function is currently only available for ECC or RSA - * key pairs (that is, keys containing private key material). - * Support for other key types may be added later. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input - * (context already used, invalid key identifier). - * \return #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the key is not an - * ECC key pair. - * \return #MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure. + * \brief Initialize a PK context to wrap a PSA key. + * + * This function creates a PK context which wraps a PSA key. The PSA wrapped + * key must be an EC or RSA key pair (DH is not supported in the PK module). + * + * Under the hood PSA functions will be used to perform the required + * operations and, based on the key type, used algorithms will be: + * * EC: + * * verify, verify_ext, sign, sign_ext: ECDSA. + * * RSA: + * * sign, decrypt: use the primary algorithm in the wrapped PSA key; + * * sign_ext: RSA PSS if the pk_type is #MBEDTLS_PK_RSASSA_PSS, otherwise + * it falls back to the sign() case; + * * verify, verify_ext, encrypt: not supported. + * + * In order for the above operations to succeed, the policy of the wrapped PSA + * key must allow the specified algorithm. + * + * Opaque PK contexts wrapping an EC keys also support \c mbedtls_pk_check_pair(), + * whereas RSA ones do not. + * + * \warning The PSA wrapped key must remain valid as long as the wrapping PK + * context is in use, that is at least between the point this function + * is called and the point mbedtls_pk_free() is called on this context. + * + * \param ctx The context to initialize. It must be empty (type NONE). + * \param key The PSA key to wrap, which must hold an ECC or RSA key pair. + * + * \return \c 0 on success. + * \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input (context already + * used, invalid key identifier). + * \return #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the key is not an ECC or + * RSA key pair. + * \return #MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure. */ int mbedtls_pk_setup_opaque(mbedtls_pk_context *ctx, const mbedtls_svc_key_id_t key); diff --git a/interface/include/mbedtls/psa_util.h b/interface/include/mbedtls/psa_util.h index c78cc2333..7350eafcb 100644 --- a/interface/include/mbedtls/psa_util.h +++ b/interface/include/mbedtls/psa_util.h @@ -21,7 +21,7 @@ * otherwise error codes would be unknown in test_suite_psa_crypto_util.data.*/ #include -#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) || defined(MCUBOOT_USE_PSA_CRYPTO) /** The random generator function for the PSA subsystem. * diff --git a/interface/include/mbedtls/ssl.h b/interface/include/mbedtls/ssl.h index 172d4693b..42fffbf86 100644 --- a/interface/include/mbedtls/ssl.h +++ b/interface/include/mbedtls/ssl.h @@ -83,10 +83,7 @@ /** Processing of the Certificate handshake message failed. */ #define MBEDTLS_ERR_SSL_BAD_CERTIFICATE -0x7A00 /* Error space gap */ -/** - * Received NewSessionTicket Post Handshake Message. - * This error code is experimental and may be changed or removed without notice. - */ +/** A TLS 1.3 NewSessionTicket message has been received. */ #define MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET -0x7B00 /** Not possible to read early data */ #define MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA -0x7B80 @@ -324,6 +321,9 @@ #define MBEDTLS_SSL_SESSION_TICKETS_DISABLED 0 #define MBEDTLS_SSL_SESSION_TICKETS_ENABLED 1 +#define MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_DISABLED 0 +#define MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_ENABLED 1 + #define MBEDTLS_SSL_PRESET_DEFAULT 0 #define MBEDTLS_SSL_PRESET_SUITEB 2 @@ -1446,6 +1446,12 @@ struct mbedtls_ssl_config { #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) && \ defined(MBEDTLS_SSL_CLI_C) + /** Encodes two booleans, one stating whether TLS 1.2 session tickets are + * enabled or not, the other one whether the handling of TLS 1.3 + * NewSessionTicket messages is enabled or not. They are respectively set + * by mbedtls_ssl_conf_session_tickets() and + * mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets(). + */ uint8_t MBEDTLS_PRIVATE(session_tickets); /*!< use session tickets? */ #endif @@ -2364,7 +2370,7 @@ int mbedtls_ssl_set_cid(mbedtls_ssl_context *ssl, */ int mbedtls_ssl_get_own_cid(mbedtls_ssl_context *ssl, int *enabled, - unsigned char own_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX], + unsigned char own_cid[MBEDTLS_SSL_CID_IN_LEN_MAX], size_t *own_cid_len); /** @@ -3216,16 +3222,16 @@ void mbedtls_ssl_conf_session_cache(mbedtls_ssl_config *conf, * a full handshake. * * \note This function can handle a variety of mechanisms for session - * resumption: For TLS 1.2, both session ID-based resumption and - * ticket-based resumption will be considered. For TLS 1.3, - * once implemented, sessions equate to tickets, and loading - * one or more sessions via this call will lead to their - * corresponding tickets being advertised as resumption PSKs - * by the client. - * - * \note Calling this function multiple times will only be useful - * once TLS 1.3 is supported. For TLS 1.2 connections, this - * function should be called at most once. + * resumption: For TLS 1.2, both session ID-based resumption + * and ticket-based resumption will be considered. For TLS 1.3, + * sessions equate to tickets, and loading one session by + * calling this function will lead to its corresponding ticket + * being advertised as resumption PSK by the client. This + * depends on session tickets being enabled (see + * #MBEDTLS_SSL_SESSION_TICKETS configuration option) though. + * If session tickets are disabled, a call to this function + * with a TLS 1.3 session, will not have any effect on the next + * handshake for the SSL context \p ssl. * * \param ssl The SSL context representing the connection which should * be attempted to be setup using session resumption. This @@ -3240,9 +3246,10 @@ void mbedtls_ssl_conf_session_cache(mbedtls_ssl_config *conf, * * \return \c 0 if successful. * \return \c MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if the session - * could not be loaded because of an implementation limitation. - * This error is non-fatal, and has no observable effect on - * the SSL context or the session that was attempted to be loaded. + * could not be loaded because one session has already been + * loaded. This error is non-fatal, and has no observable + * effect on the SSL context or the session that was attempted + * to be loaded. * \return Another negative error code on other kinds of failure. * * \sa mbedtls_ssl_get_session() @@ -3309,8 +3316,16 @@ int mbedtls_ssl_session_load(mbedtls_ssl_session *session, * to determine the necessary size by calling this function * with \p buf set to \c NULL and \p buf_len to \c 0. * + * \note For TLS 1.3 sessions, this feature is supported only if the + * MBEDTLS_SSL_SESSION_TICKETS configuration option is enabled, + * as in TLS 1.3 session resumption is possible only with + * tickets. + * * \return \c 0 if successful. * \return #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small. + * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if the + * MBEDTLS_SSL_SESSION_TICKETS configuration option is disabled + * and the session is a TLS 1.3 session. */ int mbedtls_ssl_session_save(const mbedtls_ssl_session *session, unsigned char *buf, @@ -4456,21 +4471,50 @@ int mbedtls_ssl_conf_max_frag_len(mbedtls_ssl_config *conf, unsigned char mfl_co void mbedtls_ssl_conf_preference_order(mbedtls_ssl_config *conf, int order); #endif /* MBEDTLS_SSL_SRV_C */ -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \ - defined(MBEDTLS_SSL_CLI_C) +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) /** - * \brief Enable / Disable session tickets (client only). - * (Default: MBEDTLS_SSL_SESSION_TICKETS_ENABLED.) + * \brief Enable / Disable TLS 1.2 session tickets (client only, + * TLS 1.2 only). Enabled by default. * * \note On server, use \c mbedtls_ssl_conf_session_tickets_cb(). * * \param conf SSL configuration - * \param use_tickets Enable or disable (MBEDTLS_SSL_SESSION_TICKETS_ENABLED or - * MBEDTLS_SSL_SESSION_TICKETS_DISABLED) + * \param use_tickets Enable or disable (#MBEDTLS_SSL_SESSION_TICKETS_ENABLED or + * #MBEDTLS_SSL_SESSION_TICKETS_DISABLED) */ void mbedtls_ssl_conf_session_tickets(mbedtls_ssl_config *conf, int use_tickets); -#endif /* MBEDTLS_SSL_SESSION_TICKETS && - MBEDTLS_SSL_CLI_C */ + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) +/** + * \brief Enable / Disable handling of TLS 1.3 NewSessionTicket messages + * (client only, TLS 1.3 only). + * + * The handling of TLS 1.3 NewSessionTicket messages is disabled by + * default. + * + * In TLS 1.3, servers may send a NewSessionTicket message at any time, + * and may send multiple NewSessionTicket messages. By default, TLS 1.3 + * clients ignore NewSessionTicket messages. + * + * To support session tickets in TLS 1.3 clients, call this function + * with #MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_ENABLED. When + * this is enabled, when a client receives a NewSessionTicket message, + * the next call to a message processing functions (notably + * mbedtls_ssl_handshake() and mbedtls_ssl_read()) will return + * #MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET. The client should then + * call mbedtls_ssl_get_session() to retrieve the session ticket before + * calling the same message processing function again. + * + * \param conf SSL configuration + * \param signal_new_session_tickets Enable or disable + * (#MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_ENABLED or + * #MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_DISABLED) + */ +void mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets( + mbedtls_ssl_config *conf, int signal_new_session_tickets); + +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ +#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) && \ defined(MBEDTLS_SSL_SRV_C) && \ @@ -4837,23 +4881,16 @@ const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert(const mbedtls_ssl_context *ssl * \note This function can handle a variety of mechanisms for session * resumption: For TLS 1.2, both session ID-based resumption and * ticket-based resumption will be considered. For TLS 1.3, - * once implemented, sessions equate to tickets, and calling - * this function multiple times will export the available - * tickets one a time until no further tickets are available, - * in which case MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE will - * be returned. - * - * \note Calling this function multiple times will only be useful - * once TLS 1.3 is supported. For TLS 1.2 connections, this - * function should be called at most once. + * sessions equate to tickets, and if session tickets are + * enabled (see #MBEDTLS_SSL_SESSION_TICKETS configuration + * option), this function exports the last received ticket and + * the exported session may be used to resume the TLS 1.3 + * session. If session tickets are disabled, exported sessions + * cannot be used to resume a TLS 1.3 session. * * \return \c 0 if successful. In this case, \p session can be used for * session resumption by passing it to mbedtls_ssl_set_session(), * and serialized for storage via mbedtls_ssl_session_save(). - * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if no further session - * is available for export. - * This error is a non-fatal, and has no observable effect on - * the SSL context or the destination session. * \return Another negative error code on other kinds of failure. * * \sa mbedtls_ssl_set_session() @@ -4885,6 +4922,10 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, * \return #MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED if DTLS is in use * and the client did not demonstrate reachability yet - in * this case you must stop using the context (see below). + * \return #MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET if a TLS 1.3 + * NewSessionTicket message has been received. See the + * documentation of mbedtls_ssl_read() for more information + * about this error code. * \return #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA if early data, as * defined in RFC 8446 (TLS 1.3 specification), has been * received as part of the handshake. This is server specific @@ -4901,6 +4942,7 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, * #MBEDTLS_ERR_SSL_WANT_WRITE, * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or + * #MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET or * #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA, * you must stop using the SSL context for reading or writing, * and either free it or call \c mbedtls_ssl_session_reset() @@ -4921,10 +4963,13 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, * currently being processed might or might not contain further * DTLS records. * - * \note If the context is configured to allow TLS 1.3, or if - * #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto + * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto * subsystem must have been initialized by calling * psa_crypto_init() before calling this function. + * Otherwise, the handshake may call psa_crypto_init() + * if a negotiation involving TLS 1.3 takes place (this may + * be the case even if TLS 1.3 is offered but eventually + * not selected). */ int mbedtls_ssl_handshake(mbedtls_ssl_context *ssl); @@ -4972,6 +5017,7 @@ static inline int mbedtls_ssl_is_handshake_over(mbedtls_ssl_context *ssl) * #MBEDTLS_ERR_SSL_WANT_READ, #MBEDTLS_ERR_SSL_WANT_WRITE, * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS, * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or + * #MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET or * #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA, you must stop using * the SSL context for reading or writing, and either free it * or call \c mbedtls_ssl_session_reset() on it before @@ -5040,6 +5086,17 @@ int mbedtls_ssl_renegotiate(mbedtls_ssl_context *ssl); * \return #MBEDTLS_ERR_SSL_CLIENT_RECONNECT if we're at the server * side of a DTLS connection and the client is initiating a * new connection using the same source port. See below. + * \return #MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET if a TLS 1.3 + * NewSessionTicket message has been received. + * This error code is only returned on the client side. It is + * only returned if handling of TLS 1.3 NewSessionTicket + * messages has been enabled through + * mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets(). + * This error code indicates that a TLS 1.3 NewSessionTicket + * message has been received and parsed successfully by the + * client. The ticket data can be retrieved from the SSL + * context by calling mbedtls_ssl_get_session(). It remains + * available until the next call to mbedtls_ssl_read(). * \return #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA if early data, as * defined in RFC 8446 (TLS 1.3 specification), has been * received as part of the handshake. This is server specific @@ -5057,6 +5114,7 @@ int mbedtls_ssl_renegotiate(mbedtls_ssl_context *ssl); * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS, * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, * #MBEDTLS_ERR_SSL_CLIENT_RECONNECT or + * #MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET or * #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA, * you must stop using the SSL context for reading or writing, * and either free it or call \c mbedtls_ssl_session_reset() @@ -5122,6 +5180,10 @@ int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len); * operation is in progress (see mbedtls_ecp_set_max_ops()) - * in this case you must call this function again to complete * the handshake when you're done attending other tasks. + * \return #MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET if a TLS 1.3 + * NewSessionTicket message has been received. See the + * documentation of mbedtls_ssl_read() for more information + * about this error code. * \return #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA if early data, as * defined in RFC 8446 (TLS 1.3 specification), has been * received as part of the handshake. This is server specific @@ -5138,6 +5200,7 @@ int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len); * #MBEDTLS_ERR_SSL_WANT_WRITE, * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS, * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or + * #MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET or * #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA, * you must stop using the SSL context for reading or writing, * and either free it or call \c mbedtls_ssl_session_reset() diff --git a/interface/include/psa/crypto.h b/interface/include/psa/crypto.h index 7083bd911..2bbcea3ee 100644 --- a/interface/include/psa/crypto.h +++ b/interface/include/psa/crypto.h @@ -119,8 +119,8 @@ static psa_key_attributes_t psa_key_attributes_init(void); * value in the structure. * The persistent key will be written to storage when the attribute * structure is passed to a key creation function such as - * psa_import_key(), psa_generate_key(), psa_generate_key_ext(), - * psa_key_derivation_output_key(), psa_key_derivation_output_key_ext() + * psa_import_key(), psa_generate_key(), psa_generate_key_custom(), + * psa_key_derivation_output_key(), psa_key_derivation_output_key_custom() * or psa_copy_key(). * * This function may be declared as `static` (i.e. without external @@ -129,6 +129,9 @@ static psa_key_attributes_t psa_key_attributes_init(void); * * \param[out] attributes The attribute structure to write to. * \param key The persistent identifier for the key. + * This can be any value in the range from + * #PSA_KEY_ID_USER_MIN to #PSA_KEY_ID_USER_MAX + * inclusive. */ static void psa_set_key_id(psa_key_attributes_t *attributes, mbedtls_svc_key_id_t key); @@ -164,8 +167,8 @@ static void mbedtls_set_key_owner_id(psa_key_attributes_t *attributes, * value in the structure. * The persistent key will be written to storage when the attribute * structure is passed to a key creation function such as - * psa_import_key(), psa_generate_key(), psa_generate_key_ext(), - * psa_key_derivation_output_key(), psa_key_derivation_output_key_ext() + * psa_import_key(), psa_generate_key(), psa_generate_key_custom(), + * psa_key_derivation_output_key(), psa_key_derivation_output_key_custom() * or psa_copy_key(). * * This function may be declared as `static` (i.e. without external @@ -871,7 +874,7 @@ psa_status_t psa_hash_compute(psa_algorithm_t alg, * such that #PSA_ALG_IS_HASH(\p alg) is true). * \param[in] input Buffer containing the message to hash. * \param input_length Size of the \p input buffer in bytes. - * \param[out] hash Buffer containing the expected hash value. + * \param[in] hash Buffer containing the expected hash value. * \param hash_length Size of the \p hash buffer in bytes. * * \retval #PSA_SUCCESS @@ -1224,7 +1227,7 @@ psa_status_t psa_mac_compute(mbedtls_svc_key_id_t key, * such that #PSA_ALG_IS_MAC(\p alg) is true). * \param[in] input Buffer containing the input message. * \param input_length Size of the \p input buffer in bytes. - * \param[out] mac Buffer containing the expected MAC value. + * \param[in] mac Buffer containing the expected MAC value. * \param mac_length Size of the \p mac buffer in bytes. * * \retval #PSA_SUCCESS @@ -2910,7 +2913,7 @@ psa_status_t psa_sign_message(mbedtls_svc_key_id_t key, * \p key. * \param[in] input The message whose signature is to be verified. * \param[in] input_length Size of the \p input buffer in bytes. - * \param[out] signature Buffer containing the signature to verify. + * \param[in] signature Buffer containing the signature to verify. * \param[in] signature_length Size of the \p signature buffer in bytes. * * \retval #PSA_SUCCESS \emptydescription @@ -3234,7 +3237,7 @@ static psa_key_derivation_operation_t psa_key_derivation_operation_init(void); * of or after providing inputs. For some algorithms, this step is mandatory * because the output depends on the maximum capacity. * -# To derive a key, call psa_key_derivation_output_key() or - * psa_key_derivation_output_key_ext(). + * psa_key_derivation_output_key_custom(). * To derive a byte string for a different purpose, call * psa_key_derivation_output_bytes(). * Successive calls to these functions use successive output bytes @@ -3457,7 +3460,7 @@ psa_status_t psa_key_derivation_input_integer( * \note Once all inputs steps are completed, the operations will allow: * - psa_key_derivation_output_bytes() if each input was either a direct input * or a key with #PSA_KEY_USAGE_DERIVE set; - * - psa_key_derivation_output_key() or psa_key_derivation_output_key_ext() + * - psa_key_derivation_output_key() or psa_key_derivation_output_key_custom() * if the input for step * #PSA_KEY_DERIVATION_INPUT_SECRET or #PSA_KEY_DERIVATION_INPUT_PASSWORD * was from a key slot with #PSA_KEY_USAGE_DERIVE and each other input was @@ -3707,9 +3710,9 @@ psa_status_t psa_key_derivation_output_bytes( * on the derived key based on the attributes and strength of the secret key. * * \note This function is equivalent to calling - * psa_key_derivation_output_key_ext() - * with the production parameters #PSA_KEY_PRODUCTION_PARAMETERS_INIT - * and `params_data_length == 0` (i.e. `params->data` is empty). + * psa_key_derivation_output_key_custom() + * with the custom production parameters #PSA_CUSTOM_KEY_PARAMETERS_INIT + * and `custom_data_length == 0` (i.e. `custom_data` is empty). * * \param[in] attributes The attributes for the new key. * If the key type to be created is @@ -3781,6 +3784,85 @@ psa_status_t psa_key_derivation_output_key( * the policy must be the same as in the current * operation. * \param[in,out] operation The key derivation operation object to read from. + * \param[in] custom Customization parameters for the key generation. + * When this is #PSA_CUSTOM_KEY_PARAMETERS_INIT + * with \p custom_data_length = 0, + * this function is equivalent to + * psa_key_derivation_output_key(). + * \param[in] custom_data Variable-length data associated with \c custom. + * \param custom_data_length + * Length of `custom_data` in bytes. + * \param[out] key On success, an identifier for the newly created + * key. For persistent keys, this is the key + * identifier defined in \p attributes. + * \c 0 on failure. + * + * \retval #PSA_SUCCESS + * Success. + * If the key is persistent, the key material and the key's metadata + * have been saved to persistent storage. + * \retval #PSA_ERROR_ALREADY_EXISTS + * This is an attempt to create a persistent key, and there is + * already a persistent key with the given identifier. + * \retval #PSA_ERROR_INSUFFICIENT_DATA + * There was not enough data to create the desired key. + * Note that in this case, no output is written to the output buffer. + * The operation's capacity is set to 0, thus subsequent calls to + * this function will not succeed, even with a smaller output buffer. + * \retval #PSA_ERROR_NOT_SUPPORTED + * The key type or key size is not supported, either by the + * implementation in general or in this particular location. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The provided key attributes are not valid for the operation. + * \retval #PSA_ERROR_NOT_PERMITTED + * The #PSA_KEY_DERIVATION_INPUT_SECRET or + * #PSA_KEY_DERIVATION_INPUT_PASSWORD input was not provided through a + * key; or one of the inputs was a key whose policy didn't allow + * #PSA_KEY_USAGE_DERIVE. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active and completed + * all required input steps), or the library has not been previously + * initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_key_derivation_output_key_custom( + const psa_key_attributes_t *attributes, + psa_key_derivation_operation_t *operation, + const psa_custom_key_parameters_t *custom, + const uint8_t *custom_data, + size_t custom_data_length, + mbedtls_svc_key_id_t *key); + +#ifndef __cplusplus +/* Omitted when compiling in C++, because one of the parameters is a + * pointer to a struct with a flexible array member, and that is not + * standard C++. + * https://github.com/Mbed-TLS/mbedtls/issues/9020 + */ +/** Derive a key from an ongoing key derivation operation with custom + * production parameters. + * + * \note + * This is a deprecated variant of psa_key_derivation_output_key_custom(). + * It is equivalent except that the associated variable-length data + * is passed in `params->data` instead of a separate parameter. + * This function will be removed in a future version of Mbed TLS. + * + * \param[in] attributes The attributes for the new key. + * If the key type to be created is + * #PSA_KEY_TYPE_PASSWORD_HASH then the algorithm in + * the policy must be the same as in the current + * operation. + * \param[in,out] operation The key derivation operation object to read from. * \param[in] params Customization parameters for the key derivation. * When this is #PSA_KEY_PRODUCTION_PARAMETERS_INIT * with \p params_data_length = 0, @@ -3840,6 +3922,7 @@ psa_status_t psa_key_derivation_output_key_ext( const psa_key_production_parameters_t *params, size_t params_data_length, mbedtls_svc_key_id_t *key); +#endif /* !__cplusplus */ /** Compare output data from a key derivation operation to an expected value. * @@ -3865,8 +3948,8 @@ psa_status_t psa_key_derivation_output_key_ext( * psa_key_derivation_abort(). * * \param[in,out] operation The key derivation operation object to read from. - * \param[in] expected_output Buffer containing the expected derivation output. - * \param output_length Length of the expected output; this is also the + * \param[in] expected Buffer containing the expected derivation output. + * \param expected_length Length of the expected output; this is also the * number of bytes that will be read. * * \retval #PSA_SUCCESS \emptydescription @@ -3896,8 +3979,8 @@ psa_status_t psa_key_derivation_output_key_ext( */ psa_status_t psa_key_derivation_verify_bytes( psa_key_derivation_operation_t *operation, - const uint8_t *expected_output, - size_t output_length); + const uint8_t *expected, + size_t expected_length); /** Compare output data from a key derivation operation to an expected value * stored in a key object. @@ -3927,7 +4010,7 @@ psa_status_t psa_key_derivation_verify_bytes( * operation. The value of this key was likely * computed by a previous call to * psa_key_derivation_output_key() or - * psa_key_derivation_output_key_ext(). + * psa_key_derivation_output_key_custom(). * * \retval #PSA_SUCCESS \emptydescription * \retval #PSA_ERROR_INVALID_SIGNATURE @@ -4095,9 +4178,9 @@ psa_status_t psa_generate_random(uint8_t *output, * between 2^{n-1} and 2^n where n is the bit size specified in the * attributes. * - * \note This function is equivalent to calling psa_generate_key_ext() - * with the production parameters #PSA_KEY_PRODUCTION_PARAMETERS_INIT - * and `params_data_length == 0` (i.e. `params->data` is empty). + * \note This function is equivalent to calling psa_generate_key_custom() + * with the custom production parameters #PSA_CUSTOM_KEY_PARAMETERS_INIT + * and `custom_data_length == 0` (i.e. `custom_data` is empty). * * \param[in] attributes The attributes for the new key. * \param[out] key On success, an identifier for the newly created @@ -4137,7 +4220,7 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, * See the description of psa_generate_key() for the operation of this * function with the default production parameters. In addition, this function * supports the following production customizations, described in more detail - * in the documentation of ::psa_key_production_parameters_t: + * in the documentation of ::psa_custom_key_parameters_t: * * - RSA keys: generation with a custom public exponent. * @@ -4145,6 +4228,64 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, * versions of Mbed TLS. * * \param[in] attributes The attributes for the new key. + * \param[in] custom Customization parameters for the key generation. + * When this is #PSA_CUSTOM_KEY_PARAMETERS_INIT + * with \p custom_data_length = 0, + * this function is equivalent to + * psa_generate_key(). + * \param[in] custom_data Variable-length data associated with \c custom. + * \param custom_data_length + * Length of `custom_data` in bytes. + * \param[out] key On success, an identifier for the newly created + * key. For persistent keys, this is the key + * identifier defined in \p attributes. + * \c 0 on failure. + * + * \retval #PSA_SUCCESS + * Success. + * If the key is persistent, the key material and the key's metadata + * have been saved to persistent storage. + * \retval #PSA_ERROR_ALREADY_EXISTS + * This is an attempt to create a persistent key, and there is + * already a persistent key with the given identifier. + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_generate_key_custom(const psa_key_attributes_t *attributes, + const psa_custom_key_parameters_t *custom, + const uint8_t *custom_data, + size_t custom_data_length, + mbedtls_svc_key_id_t *key); + +#ifndef __cplusplus +/* Omitted when compiling in C++, because one of the parameters is a + * pointer to a struct with a flexible array member, and that is not + * standard C++. + * https://github.com/Mbed-TLS/mbedtls/issues/9020 + */ +/** + * \brief Generate a key or key pair using custom production parameters. + * + * \note + * This is a deprecated variant of psa_key_derivation_output_key_custom(). + * It is equivalent except that the associated variable-length data + * is passed in `params->data` instead of a separate parameter. + * This function will be removed in a future version of Mbed TLS. + * + * \param[in] attributes The attributes for the new key. * \param[in] params Customization parameters for the key generation. * When this is #PSA_KEY_PRODUCTION_PARAMETERS_INIT * with \p params_data_length = 0, @@ -4184,6 +4325,7 @@ psa_status_t psa_generate_key_ext(const psa_key_attributes_t *attributes, const psa_key_production_parameters_t *params, size_t params_data_length, mbedtls_svc_key_id_t *key); +#endif /* !__cplusplus */ /**@}*/ diff --git a/interface/include/psa/crypto_adjust_auto_enabled.h b/interface/include/psa/crypto_adjust_auto_enabled.h index 63fb29e85..3a2af1518 100644 --- a/interface/include/psa/crypto_adjust_auto_enabled.h +++ b/interface/include/psa/crypto_adjust_auto_enabled.h @@ -2,6 +2,8 @@ * \file psa/crypto_adjust_auto_enabled.h * \brief Adjust PSA configuration: enable always-on features * + * This is an internal header. Do not include it directly. + * * Always enable certain features which require a negligible amount of code * to implement, to avoid some edge cases in the configuration combinatorics. */ @@ -13,6 +15,14 @@ #ifndef PSA_CRYPTO_ADJUST_AUTO_ENABLED_H #define PSA_CRYPTO_ADJUST_AUTO_ENABLED_H +#if !defined(MBEDTLS_CONFIG_FILES_READ) +#error "Do not include psa/crypto_adjust_*.h manually! This can lead to problems, " \ + "up to and including runtime errors such as buffer overflows. " \ + "If you're trying to fix a complaint from check_config.h, just remove " \ + "it from your configuration file: since Mbed TLS 3.0, it is included " \ + "automatically at the right point." +#endif /* */ + #define PSA_WANT_KEY_TYPE_DERIVE 1 #define PSA_WANT_KEY_TYPE_PASSWORD 1 #define PSA_WANT_KEY_TYPE_PASSWORD_HASH 1 diff --git a/interface/include/psa/crypto_adjust_config_dependencies.h b/interface/include/psa/crypto_adjust_config_dependencies.h new file mode 100644 index 000000000..92e9c4de2 --- /dev/null +++ b/interface/include/psa/crypto_adjust_config_dependencies.h @@ -0,0 +1,51 @@ +/** + * \file psa/crypto_adjust_config_dependencies.h + * \brief Adjust PSA configuration by resolving some dependencies. + * + * This is an internal header. Do not include it directly. + * + * See docs/proposed/psa-conditional-inclusion-c.md. + * If the Mbed TLS implementation of a cryptographic mechanism A depends on a + * cryptographic mechanism B then if the cryptographic mechanism A is enabled + * and not accelerated enable B. Note that if A is enabled and accelerated, it + * is not necessary to enable B for A support. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#ifndef PSA_CRYPTO_ADJUST_CONFIG_DEPENDENCIES_H +#define PSA_CRYPTO_ADJUST_CONFIG_DEPENDENCIES_H + +#if !defined(MBEDTLS_CONFIG_FILES_READ) +#error "Do not include psa/crypto_adjust_*.h manually! This can lead to problems, " \ + "up to and including runtime errors such as buffer overflows. " \ + "If you're trying to fix a complaint from check_config.h, just remove " \ + "it from your configuration file: since Mbed TLS 3.0, it is included " \ + "automatically at the right point." +#endif /* */ + +#if (defined(PSA_WANT_ALG_TLS12_PRF) && \ + !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF)) || \ + (defined(PSA_WANT_ALG_TLS12_PSK_TO_MS) && \ + !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS)) || \ + (defined(PSA_WANT_ALG_HKDF) && \ + !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF)) || \ + (defined(PSA_WANT_ALG_HKDF_EXTRACT) && \ + !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT)) || \ + (defined(PSA_WANT_ALG_HKDF_EXPAND) && \ + !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND)) || \ + (defined(PSA_WANT_ALG_PBKDF2_HMAC) && \ + !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC)) +#define PSA_WANT_ALG_HMAC 1 +#define PSA_WANT_KEY_TYPE_HMAC 1 +#endif + +#if (defined(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128) && \ + !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128)) +#define PSA_WANT_KEY_TYPE_AES 1 +#define PSA_WANT_ALG_CMAC 1 +#endif + +#endif /* PSA_CRYPTO_ADJUST_CONFIG_DEPENDENCIES_H */ diff --git a/interface/include/psa/crypto_adjust_config_key_pair_types.h b/interface/include/psa/crypto_adjust_config_key_pair_types.h index 63afc0e40..cec39e01c 100644 --- a/interface/include/psa/crypto_adjust_config_key_pair_types.h +++ b/interface/include/psa/crypto_adjust_config_key_pair_types.h @@ -2,6 +2,8 @@ * \file psa/crypto_adjust_config_key_pair_types.h * \brief Adjust PSA configuration for key pair types. * + * This is an internal header. Do not include it directly. + * * See docs/proposed/psa-conditional-inclusion-c.md. * - Support non-basic operations in a keypair type implicitly enables basic * support for that keypair type. @@ -19,6 +21,14 @@ #ifndef PSA_CRYPTO_ADJUST_KEYPAIR_TYPES_H #define PSA_CRYPTO_ADJUST_KEYPAIR_TYPES_H +#if !defined(MBEDTLS_CONFIG_FILES_READ) +#error "Do not include psa/crypto_adjust_*.h manually! This can lead to problems, " \ + "up to and including runtime errors such as buffer overflows. " \ + "If you're trying to fix a complaint from check_config.h, just remove " \ + "it from your configuration file: since Mbed TLS 3.0, it is included " \ + "automatically at the right point." +#endif /* */ + /***************************************************************** * ANYTHING -> BASIC ****************************************************************/ diff --git a/interface/include/psa/crypto_adjust_config_synonyms.h b/interface/include/psa/crypto_adjust_config_synonyms.h index 332b622c9..54b116f43 100644 --- a/interface/include/psa/crypto_adjust_config_synonyms.h +++ b/interface/include/psa/crypto_adjust_config_synonyms.h @@ -2,6 +2,8 @@ * \file psa/crypto_adjust_config_synonyms.h * \brief Adjust PSA configuration: enable quasi-synonyms * + * This is an internal header. Do not include it directly. + * * When two features require almost the same code, we automatically enable * both when either one is requested, to reduce the combinatorics of * possible configurations. @@ -14,6 +16,14 @@ #ifndef PSA_CRYPTO_ADJUST_CONFIG_SYNONYMS_H #define PSA_CRYPTO_ADJUST_CONFIG_SYNONYMS_H +#if !defined(MBEDTLS_CONFIG_FILES_READ) +#error "Do not include psa/crypto_adjust_*.h manually! This can lead to problems, " \ + "up to and including runtime errors such as buffer overflows. " \ + "If you're trying to fix a complaint from check_config.h, just remove " \ + "it from your configuration file: since Mbed TLS 3.0, it is included " \ + "automatically at the right point." +#endif /* */ + /****************************************************************/ /* De facto synonyms */ /****************************************************************/ diff --git a/interface/include/psa/crypto_extra.h b/interface/include/psa/crypto_extra.h index b7b4fccfb..d02baff5f 100644 --- a/interface/include/psa/crypto_extra.h +++ b/interface/include/psa/crypto_extra.h @@ -154,6 +154,14 @@ static inline void psa_clear_key_slot_number( * specified in \p attributes. * * \param[in] attributes The attributes of the existing key. + * - The lifetime must be a persistent lifetime + * in a secure element. Volatile lifetimes are + * not currently supported. + * - The key identifier must be in the valid + * range for persistent keys. + * - The key type and size must be specified and + * must be consistent with the key material + * in the secure element. * * \retval #PSA_SUCCESS * The key was successfully registered. @@ -1838,7 +1846,7 @@ psa_status_t mbedtls_psa_external_get_random( * #PSA_KEY_ID_VENDOR_MIN and #PSA_KEY_ID_VENDOR_MAX and must not intersect * with any other set of implementation-chosen key identifiers. * - * This value is part of the library's ABI since changing it would invalidate + * This value is part of the library's API since changing it would invalidate * the values of built-in key identifiers in applications. */ #define MBEDTLS_PSA_KEY_ID_BUILTIN_MIN ((psa_key_id_t) 0x7fff0000) diff --git a/interface/include/psa/crypto_struct.h b/interface/include/psa/crypto_struct.h index 8c96df9c6..280bfef8c 100644 --- a/interface/include/psa/crypto_struct.h +++ b/interface/include/psa/crypto_struct.h @@ -223,9 +223,34 @@ static inline struct psa_key_derivation_s psa_key_derivation_operation_init( return v; } -struct psa_key_production_parameters_s { +struct psa_custom_key_parameters_s { /* Future versions may add other fields in this structure. */ uint32_t flags; +}; + +/** The default production parameters for key generation or key derivation. + * + * Calling psa_generate_key_custom() or psa_key_derivation_output_key_custom() + * with `custom=PSA_CUSTOM_KEY_PARAMETERS_INIT` and `custom_data_length=0` is + * equivalent to calling psa_generate_key() or psa_key_derivation_output_key() + * respectively. + */ +#define PSA_CUSTOM_KEY_PARAMETERS_INIT { 0 } + +#ifndef __cplusplus +/* Omitted when compiling in C++, because one of the parameters is a + * pointer to a struct with a flexible array member, and that is not + * standard C++. + * https://github.com/Mbed-TLS/mbedtls/issues/9020 + */ +/* This is a deprecated variant of `struct psa_custom_key_parameters_s`. + * It has exactly the same layout, plus an extra field which is a flexible + * array member. Thus a `const struct psa_key_production_parameters_s *` + * can be passed to any function that reads a + * `const struct psa_custom_key_parameters_s *`. + */ +struct psa_key_production_parameters_s { + uint32_t flags; uint8_t data[]; }; @@ -238,6 +263,7 @@ struct psa_key_production_parameters_s { * respectively. */ #define PSA_KEY_PRODUCTION_PARAMETERS_INIT { 0 } +#endif /* !__cplusplus */ struct psa_key_policy_s { psa_key_usage_t MBEDTLS_PRIVATE(usage); diff --git a/interface/include/psa/crypto_types.h b/interface/include/psa/crypto_types.h index 8739a2caf..101422f34 100644 --- a/interface/include/psa/crypto_types.h +++ b/interface/include/psa/crypto_types.h @@ -455,6 +455,30 @@ typedef uint64_t psa_key_slot_number_t; */ typedef uint16_t psa_key_derivation_step_t; +/** \brief Custom parameters for key generation or key derivation. + * + * This is a structure type with at least the following field: + * + * - \c flags: an unsigned integer type. 0 for the default production parameters. + * + * Functions that take such a structure as input also take an associated + * input buffer \c custom_data of length \c custom_data_length. + * + * The interpretation of this structure and the associated \c custom_data + * parameter depend on the type of the created key. + * + * - #PSA_KEY_TYPE_RSA_KEY_PAIR: + * - \c flags: must be 0. + * - \c custom_data: the public exponent, in little-endian order. + * This must be an odd integer and must not be 1. + * Implementations must support 65537, should support 3 and may + * support other values. + * When not using a driver, Mbed TLS supports values up to \c INT_MAX. + * If this is empty, the default value 65537 is used. + * - Other key types: reserved for future use. \c flags must be 0. + */ +typedef struct psa_custom_key_parameters_s psa_custom_key_parameters_t; + /** \brief Custom parameters for key generation or key derivation. * * This is a structure type with at least the following fields: diff --git a/lib/ext/mbedcrypto/0001-Add-TF-M-Builtin-Key-Loader-driver-entry-points.patch b/lib/ext/mbedcrypto/0001-Add-TF-M-Builtin-Key-Loader-driver-entry-points.patch index 7eb724578..3663a75f9 100644 --- a/lib/ext/mbedcrypto/0001-Add-TF-M-Builtin-Key-Loader-driver-entry-points.patch +++ b/lib/ext/mbedcrypto/0001-Add-TF-M-Builtin-Key-Loader-driver-entry-points.patch @@ -1,4 +1,4 @@ -From f4355fd5675936015f1b822cc30b39c369ea9bfb Mon Sep 17 00:00:00 2001 +From 25ebc7306cc4aa2807a203f31725f198106d2f34 Mon Sep 17 00:00:00 2001 From: Antonio de Angelis Date: Thu, 21 Mar 2024 11:44:56 +0000 Subject: [PATCH 1/7] Add TF-M Builtin Key Loader driver entry points @@ -18,7 +18,7 @@ Co-authored-by: Antonio de Angelis 3 files changed, 143 insertions(+), 9 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c -index 969c695ac..867b4019b 100644 +index c4f41db10..5180435de 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -73,6 +73,10 @@ @@ -46,7 +46,7 @@ index 969c695ac..867b4019b 100644 *p_slot = NULL; return PSA_ERROR_NOT_SUPPORTED; diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h -index ea6aee32e..2ea6358f9 100644 +index b90155720..2e828115f 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -42,16 +42,32 @@ @@ -159,7 +159,7 @@ index ea6aee32e..2ea6358f9 100644 /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ -@@ -775,6 +815,9 @@ static inline psa_status_t psa_driver_wrapper_generate_key( +@@ -776,6 +816,9 @@ static inline psa_status_t psa_driver_wrapper_generate_key( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: @@ -169,7 +169,7 @@ index ea6aee32e..2ea6358f9 100644 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) /* Transparent drivers are limited to generating asymmetric keys. */ /* We don't support passing custom production parameters -@@ -879,6 +922,9 @@ static inline psa_status_t psa_driver_wrapper_import_key( +@@ -880,6 +923,9 @@ static inline psa_status_t psa_driver_wrapper_import_key( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: @@ -179,7 +179,7 @@ index ea6aee32e..2ea6358f9 100644 /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -@@ -980,6 +1026,9 @@ static inline psa_status_t psa_driver_wrapper_export_key( +@@ -981,6 +1027,9 @@ static inline psa_status_t psa_driver_wrapper_export_key( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: @@ -189,7 +189,7 @@ index ea6aee32e..2ea6358f9 100644 return( psa_export_key_internal( attributes, key_buffer, key_buffer_size, -@@ -1086,6 +1135,9 @@ static inline psa_status_t psa_driver_wrapper_cipher_encrypt( +@@ -1087,6 +1136,9 @@ static inline psa_status_t psa_driver_wrapper_cipher_encrypt( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: @@ -199,7 +199,7 @@ index ea6aee32e..2ea6358f9 100644 /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -@@ -1176,6 +1228,9 @@ static inline psa_status_t psa_driver_wrapper_cipher_decrypt( +@@ -1177,6 +1229,9 @@ static inline psa_status_t psa_driver_wrapper_cipher_decrypt( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: @@ -209,7 +209,7 @@ index ea6aee32e..2ea6358f9 100644 /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -@@ -1253,6 +1308,9 @@ static inline psa_status_t psa_driver_wrapper_cipher_encrypt_setup( +@@ -1254,6 +1309,9 @@ static inline psa_status_t psa_driver_wrapper_cipher_encrypt_setup( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: @@ -219,7 +219,7 @@ index ea6aee32e..2ea6358f9 100644 /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -@@ -1326,6 +1384,9 @@ static inline psa_status_t psa_driver_wrapper_cipher_decrypt_setup( +@@ -1327,6 +1385,9 @@ static inline psa_status_t psa_driver_wrapper_cipher_decrypt_setup( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: @@ -229,7 +229,7 @@ index ea6aee32e..2ea6358f9 100644 /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -@@ -1726,6 +1787,9 @@ static inline psa_status_t psa_driver_wrapper_aead_encrypt( +@@ -1727,6 +1788,9 @@ static inline psa_status_t psa_driver_wrapper_aead_encrypt( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: @@ -239,7 +239,7 @@ index ea6aee32e..2ea6358f9 100644 /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ -@@ -1778,6 +1842,9 @@ static inline psa_status_t psa_driver_wrapper_aead_decrypt( +@@ -1779,6 +1843,9 @@ static inline psa_status_t psa_driver_wrapper_aead_decrypt( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: @@ -249,7 +249,7 @@ index ea6aee32e..2ea6358f9 100644 /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ -@@ -1827,6 +1894,9 @@ static inline psa_status_t psa_driver_wrapper_aead_encrypt_setup( +@@ -1828,6 +1895,9 @@ static inline psa_status_t psa_driver_wrapper_aead_encrypt_setup( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: @@ -259,7 +259,7 @@ index ea6aee32e..2ea6358f9 100644 /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ -@@ -1875,6 +1945,9 @@ static inline psa_status_t psa_driver_wrapper_aead_decrypt_setup( +@@ -1876,6 +1946,9 @@ static inline psa_status_t psa_driver_wrapper_aead_decrypt_setup( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: @@ -269,7 +269,7 @@ index ea6aee32e..2ea6358f9 100644 /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ -@@ -2211,6 +2284,9 @@ static inline psa_status_t psa_driver_wrapper_mac_compute( +@@ -2212,6 +2285,9 @@ static inline psa_status_t psa_driver_wrapper_mac_compute( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: @@ -279,7 +279,7 @@ index ea6aee32e..2ea6358f9 100644 /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -@@ -2275,6 +2351,9 @@ static inline psa_status_t psa_driver_wrapper_mac_sign_setup( +@@ -2276,6 +2352,9 @@ static inline psa_status_t psa_driver_wrapper_mac_sign_setup( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: @@ -289,7 +289,7 @@ index ea6aee32e..2ea6358f9 100644 /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -@@ -2347,6 +2426,9 @@ static inline psa_status_t psa_driver_wrapper_mac_verify_setup( +@@ -2348,6 +2427,9 @@ static inline psa_status_t psa_driver_wrapper_mac_verify_setup( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: @@ -299,7 +299,7 @@ index ea6aee32e..2ea6358f9 100644 /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -@@ -2547,6 +2629,9 @@ static inline psa_status_t psa_driver_wrapper_asymmetric_encrypt( +@@ -2548,6 +2630,9 @@ static inline psa_status_t psa_driver_wrapper_asymmetric_encrypt( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: @@ -309,7 +309,7 @@ index ea6aee32e..2ea6358f9 100644 /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -@@ -2605,6 +2690,9 @@ static inline psa_status_t psa_driver_wrapper_asymmetric_decrypt( +@@ -2606,6 +2691,9 @@ static inline psa_status_t psa_driver_wrapper_asymmetric_decrypt( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: @@ -319,7 +319,7 @@ index ea6aee32e..2ea6358f9 100644 /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -@@ -2669,6 +2757,9 @@ static inline psa_status_t psa_driver_wrapper_key_agreement( +@@ -2670,6 +2758,9 @@ static inline psa_status_t psa_driver_wrapper_key_agreement( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: @@ -329,7 +329,7 @@ index ea6aee32e..2ea6358f9 100644 /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -@@ -2749,6 +2840,9 @@ static inline psa_status_t psa_driver_wrapper_pake_setup( +@@ -2750,6 +2841,9 @@ static inline psa_status_t psa_driver_wrapper_pake_setup( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: diff --git a/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch b/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch index 01531f264..5953f5ba3 100644 --- a/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch +++ b/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch @@ -1,4 +1,4 @@ -From 897915891d0af5947b9391f13b75bf338fabbe94 Mon Sep 17 00:00:00 2001 +From 94a4e5101cfc7c52bd41140fa32d8394615c8daa Mon Sep 17 00:00:00 2001 From: Tamas Ban Date: Tue, 27 Oct 2020 08:55:37 +0000 Subject: [PATCH 2/7] Enable crypto code sharing between independent binaries @@ -36,7 +36,7 @@ index 890c4cbab..f8109c73f 100644 void *mbedtls_calloc(size_t nmemb, size_t size) { diff --git a/library/platform_util.c b/library/platform_util.c -index 0741bf575..b867c6da1 100644 +index 19ef07aea..2d9c731d9 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -88,7 +88,7 @@ diff --git a/lib/ext/mbedcrypto/0003-Allow-SE-key-to-use-key-vendor-id-within-PSA-crypto.patch b/lib/ext/mbedcrypto/0003-Allow-SE-key-to-use-key-vendor-id-within-PSA-crypto.patch index 1b989b88c..5d48b2ac8 100644 --- a/lib/ext/mbedcrypto/0003-Allow-SE-key-to-use-key-vendor-id-within-PSA-crypto.patch +++ b/lib/ext/mbedcrypto/0003-Allow-SE-key-to-use-key-vendor-id-within-PSA-crypto.patch @@ -1,4 +1,4 @@ -From f3d7c2b7000b98a5191007cbdf0b8910642fb685 Mon Sep 17 00:00:00 2001 +From a6ddf93d23b4017582ab4f2fcef903ed5cda9725 Mon Sep 17 00:00:00 2001 From: Benjamin Baratte Date: Thu, 9 Feb 2023 10:35:01 +0100 Subject: [PATCH 3/7] Allow SE key to use key vendor id within PSA crypto @@ -9,10 +9,10 @@ Signed-off-by: Benjamin Baratte 1 file changed, 4 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c -index 867b4019b..fd1d28fc6 100644 +index 5180435de..589a00e6e 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c -@@ -1703,7 +1703,11 @@ static psa_status_t psa_validate_key_attributes( +@@ -1719,7 +1719,11 @@ static psa_status_t psa_validate_key_attributes( return PSA_ERROR_INVALID_ARGUMENT; } } else { diff --git a/lib/ext/mbedcrypto/0004-Initialise-driver-wrappers-as-first-step-in-psa_cryp.patch b/lib/ext/mbedcrypto/0004-Initialise-driver-wrappers-as-first-step-in-psa_cryp.patch index 0a830f321..80c0f68f0 100644 --- a/lib/ext/mbedcrypto/0004-Initialise-driver-wrappers-as-first-step-in-psa_cryp.patch +++ b/lib/ext/mbedcrypto/0004-Initialise-driver-wrappers-as-first-step-in-psa_cryp.patch @@ -1,4 +1,4 @@ -From ba6536c5140df75a669fc92cdef2729a6913f6af Mon Sep 17 00:00:00 2001 +From 90a321cd74cc551e929496146e3a4a4b205cff64 Mon Sep 17 00:00:00 2001 From: Antonio de Angelis Date: Thu, 21 Mar 2024 11:58:19 +0000 Subject: [PATCH 4/7] Initialise driver wrappers as first step in @@ -16,10 +16,10 @@ Signed-off-by: Antonio de Angelis 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c -index fd1d28fc6..1d91739da 100644 +index 589a00e6e..d3f729320 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c -@@ -8274,12 +8274,12 @@ psa_status_t psa_crypto_init(void) +@@ -8341,12 +8341,12 @@ psa_status_t psa_crypto_init(void) return PSA_SUCCESS; } diff --git a/lib/ext/mbedcrypto/0005-Hardcode-CC3XX-entry-points.patch b/lib/ext/mbedcrypto/0005-Hardcode-CC3XX-entry-points.patch index baf2e4e77..f6f62289f 100644 --- a/lib/ext/mbedcrypto/0005-Hardcode-CC3XX-entry-points.patch +++ b/lib/ext/mbedcrypto/0005-Hardcode-CC3XX-entry-points.patch @@ -1,4 +1,4 @@ -From bb55d3718baa1c2d787cf996da8f01d85c99b00b Mon Sep 17 00:00:00 2001 +From d3a6d47e7a59d423f90eaa061e77abbdd4b2e309 Mon Sep 17 00:00:00 2001 From: Antonio de Angelis Date: Thu, 21 Mar 2024 12:58:37 +0000 Subject: [PATCH 5/7] Hardcode CC3XX entry points @@ -87,7 +87,7 @@ index c90a5fbe7..3f00006f8 100644 #endif /* PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H */ diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h -index 2ea6358f9..3fa4583b7 100644 +index 2e828115f..9ba856145 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -53,6 +53,16 @@ @@ -277,7 +277,7 @@ index 2ea6358f9..3fa4583b7 100644 #if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED) if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) && PSA_ALG_IS_ECDSA(alg) && -@@ -834,6 +902,12 @@ static inline psa_status_t psa_driver_wrapper_generate_key( +@@ -835,6 +903,12 @@ static inline psa_status_t psa_driver_wrapper_generate_key( if( status != PSA_ERROR_NOT_SUPPORTED ) break; #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -290,7 +290,7 @@ index 2ea6358f9..3fa4583b7 100644 #if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED) if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) && psa_get_key_type(attributes) == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) && -@@ -1157,6 +1231,20 @@ static inline psa_status_t psa_driver_wrapper_cipher_encrypt( +@@ -1158,6 +1232,20 @@ static inline psa_status_t psa_driver_wrapper_cipher_encrypt( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -311,7 +311,7 @@ index 2ea6358f9..3fa4583b7 100644 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #if defined(MBEDTLS_PSA_BUILTIN_CIPHER) -@@ -1248,6 +1336,18 @@ static inline psa_status_t psa_driver_wrapper_cipher_decrypt( +@@ -1249,6 +1337,18 @@ static inline psa_status_t psa_driver_wrapper_cipher_decrypt( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -330,7 +330,7 @@ index 2ea6358f9..3fa4583b7 100644 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #if defined(MBEDTLS_PSA_BUILTIN_CIPHER) -@@ -1328,6 +1428,16 @@ static inline psa_status_t psa_driver_wrapper_cipher_encrypt_setup( +@@ -1329,6 +1429,16 @@ static inline psa_status_t psa_driver_wrapper_cipher_encrypt_setup( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -347,7 +347,7 @@ index 2ea6358f9..3fa4583b7 100644 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #if defined(MBEDTLS_PSA_BUILTIN_CIPHER) /* Fell through, meaning no accelerator supports this operation */ -@@ -1404,6 +1514,16 @@ static inline psa_status_t psa_driver_wrapper_cipher_decrypt_setup( +@@ -1405,6 +1515,16 @@ static inline psa_status_t psa_driver_wrapper_cipher_decrypt_setup( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -364,7 +364,7 @@ index 2ea6358f9..3fa4583b7 100644 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #if defined(MBEDTLS_PSA_BUILTIN_CIPHER) /* Fell through, meaning no accelerator supports this operation */ -@@ -1473,6 +1593,12 @@ static inline psa_status_t psa_driver_wrapper_cipher_set_iv( +@@ -1474,6 +1594,12 @@ static inline psa_status_t psa_driver_wrapper_cipher_set_iv( &operation->ctx.opaque_test_driver_ctx, iv, iv_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -377,7 +377,7 @@ index 2ea6358f9..3fa4583b7 100644 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } -@@ -1516,6 +1642,13 @@ static inline psa_status_t psa_driver_wrapper_cipher_update( +@@ -1517,6 +1643,13 @@ static inline psa_status_t psa_driver_wrapper_cipher_update( input, input_length, output, output_size, output_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -391,7 +391,7 @@ index 2ea6358f9..3fa4583b7 100644 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } -@@ -1556,6 +1689,12 @@ static inline psa_status_t psa_driver_wrapper_cipher_finish( +@@ -1557,6 +1690,12 @@ static inline psa_status_t psa_driver_wrapper_cipher_finish( &operation->ctx.opaque_test_driver_ctx, output, output_size, output_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -404,7 +404,7 @@ index 2ea6358f9..3fa4583b7 100644 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } -@@ -1596,6 +1735,15 @@ static inline psa_status_t psa_driver_wrapper_cipher_abort( +@@ -1597,6 +1736,15 @@ static inline psa_status_t psa_driver_wrapper_cipher_abort( sizeof( operation->ctx.opaque_test_driver_ctx ) ); return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -420,7 +420,7 @@ index 2ea6358f9..3fa4583b7 100644 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } -@@ -1617,12 +1765,19 @@ static inline psa_status_t psa_driver_wrapper_hash_compute( +@@ -1618,12 +1766,19 @@ static inline psa_status_t psa_driver_wrapper_hash_compute( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; /* Try accelerators first */ @@ -441,7 +441,7 @@ index 2ea6358f9..3fa4583b7 100644 /* If software fallback is compiled in, try fallback */ #if defined(MBEDTLS_PSA_BUILTIN_HASH) -@@ -1649,6 +1804,7 @@ static inline psa_status_t psa_driver_wrapper_hash_setup( +@@ -1650,6 +1805,7 @@ static inline psa_status_t psa_driver_wrapper_hash_setup( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; /* Try setup on accelerators first */ @@ -449,7 +449,7 @@ index 2ea6358f9..3fa4583b7 100644 #if defined(PSA_CRYPTO_DRIVER_TEST) status = mbedtls_test_transparent_hash_setup( &operation->ctx.test_driver_ctx, alg ); -@@ -1657,7 +1813,13 @@ static inline psa_status_t psa_driver_wrapper_hash_setup( +@@ -1658,7 +1814,13 @@ static inline psa_status_t psa_driver_wrapper_hash_setup( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); @@ -464,7 +464,7 @@ index 2ea6358f9..3fa4583b7 100644 /* If software fallback is compiled in, try fallback */ #if defined(MBEDTLS_PSA_BUILTIN_HASH) -@@ -1687,13 +1849,23 @@ static inline psa_status_t psa_driver_wrapper_hash_clone( +@@ -1688,13 +1850,23 @@ static inline psa_status_t psa_driver_wrapper_hash_clone( return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx, &target_operation->ctx.mbedtls_ctx ) ); #endif @@ -489,7 +489,7 @@ index 2ea6358f9..3fa4583b7 100644 default: (void) target_operation; return( PSA_ERROR_BAD_STATE ); -@@ -1712,12 +1884,20 @@ static inline psa_status_t psa_driver_wrapper_hash_update( +@@ -1713,12 +1885,20 @@ static inline psa_status_t psa_driver_wrapper_hash_update( return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx, input, input_length ) ); #endif @@ -511,7 +511,7 @@ index 2ea6358f9..3fa4583b7 100644 default: (void) input; (void) input_length; -@@ -1738,12 +1918,20 @@ static inline psa_status_t psa_driver_wrapper_hash_finish( +@@ -1739,12 +1919,20 @@ static inline psa_status_t psa_driver_wrapper_hash_finish( return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx, hash, hash_size, hash_length ) ); #endif @@ -533,7 +533,7 @@ index 2ea6358f9..3fa4583b7 100644 default: (void) hash; (void) hash_size; -@@ -1761,11 +1949,18 @@ static inline psa_status_t psa_driver_wrapper_hash_abort( +@@ -1762,11 +1950,18 @@ static inline psa_status_t psa_driver_wrapper_hash_abort( case PSA_CRYPTO_MBED_TLS_DRIVER_ID: return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) ); #endif @@ -553,7 +553,7 @@ index 2ea6358f9..3fa4583b7 100644 default: return( PSA_ERROR_BAD_STATE ); } -@@ -1806,6 +2001,17 @@ static inline psa_status_t psa_driver_wrapper_aead_encrypt( +@@ -1807,6 +2002,17 @@ static inline psa_status_t psa_driver_wrapper_aead_encrypt( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -571,7 +571,7 @@ index 2ea6358f9..3fa4583b7 100644 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Fell through, meaning no accelerator supports this operation */ -@@ -1861,6 +2067,17 @@ static inline psa_status_t psa_driver_wrapper_aead_decrypt( +@@ -1862,6 +2068,17 @@ static inline psa_status_t psa_driver_wrapper_aead_decrypt( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -589,7 +589,7 @@ index 2ea6358f9..3fa4583b7 100644 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Fell through, meaning no accelerator supports this operation */ -@@ -1912,6 +2129,15 @@ static inline psa_status_t psa_driver_wrapper_aead_encrypt_setup( +@@ -1913,6 +2130,15 @@ static inline psa_status_t psa_driver_wrapper_aead_encrypt_setup( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -605,7 +605,7 @@ index 2ea6358f9..3fa4583b7 100644 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Fell through, meaning no accelerator supports this operation */ -@@ -1964,6 +2190,16 @@ static inline psa_status_t psa_driver_wrapper_aead_decrypt_setup( +@@ -1965,6 +2191,16 @@ static inline psa_status_t psa_driver_wrapper_aead_decrypt_setup( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -622,7 +622,7 @@ index 2ea6358f9..3fa4583b7 100644 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Fell through, meaning no accelerator supports this operation */ -@@ -2010,6 +2246,12 @@ static inline psa_status_t psa_driver_wrapper_aead_set_nonce( +@@ -2011,6 +2247,12 @@ static inline psa_status_t psa_driver_wrapper_aead_set_nonce( /* Add cases for opaque driver here */ #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -635,7 +635,7 @@ index 2ea6358f9..3fa4583b7 100644 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } -@@ -2044,6 +2286,12 @@ static inline psa_status_t psa_driver_wrapper_aead_set_lengths( +@@ -2045,6 +2287,12 @@ static inline psa_status_t psa_driver_wrapper_aead_set_lengths( /* Add cases for opaque driver here */ #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -648,7 +648,7 @@ index 2ea6358f9..3fa4583b7 100644 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } -@@ -2078,6 +2326,12 @@ static inline psa_status_t psa_driver_wrapper_aead_update_ad( +@@ -2079,6 +2327,12 @@ static inline psa_status_t psa_driver_wrapper_aead_update_ad( /* Add cases for opaque driver here */ #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -661,7 +661,7 @@ index 2ea6358f9..3fa4583b7 100644 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } -@@ -2117,6 +2371,13 @@ static inline psa_status_t psa_driver_wrapper_aead_update( +@@ -2118,6 +2372,13 @@ static inline psa_status_t psa_driver_wrapper_aead_update( /* Add cases for opaque driver here */ #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -675,7 +675,7 @@ index 2ea6358f9..3fa4583b7 100644 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } -@@ -2161,6 +2422,13 @@ static inline psa_status_t psa_driver_wrapper_aead_finish( +@@ -2162,6 +2423,13 @@ static inline psa_status_t psa_driver_wrapper_aead_finish( /* Add cases for opaque driver here */ #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -689,7 +689,7 @@ index 2ea6358f9..3fa4583b7 100644 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } -@@ -2225,6 +2493,13 @@ static inline psa_status_t psa_driver_wrapper_aead_verify( +@@ -2226,6 +2494,13 @@ static inline psa_status_t psa_driver_wrapper_aead_verify( /* Add cases for opaque driver here */ #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -703,7 +703,7 @@ index 2ea6358f9..3fa4583b7 100644 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } -@@ -2257,6 +2532,11 @@ static inline psa_status_t psa_driver_wrapper_aead_abort( +@@ -2258,6 +2533,11 @@ static inline psa_status_t psa_driver_wrapper_aead_abort( /* Add cases for opaque driver here */ #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -715,7 +715,7 @@ index 2ea6358f9..3fa4583b7 100644 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } -@@ -2299,6 +2579,12 @@ static inline psa_status_t psa_driver_wrapper_mac_compute( +@@ -2300,6 +2580,12 @@ static inline psa_status_t psa_driver_wrapper_mac_compute( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -728,7 +728,7 @@ index 2ea6358f9..3fa4583b7 100644 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #if defined(MBEDTLS_PSA_BUILTIN_MAC) /* Fell through, meaning no accelerator supports this operation */ -@@ -2370,6 +2656,15 @@ static inline psa_status_t psa_driver_wrapper_mac_sign_setup( +@@ -2371,6 +2657,15 @@ static inline psa_status_t psa_driver_wrapper_mac_sign_setup( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -744,7 +744,7 @@ index 2ea6358f9..3fa4583b7 100644 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #if defined(MBEDTLS_PSA_BUILTIN_MAC) /* Fell through, meaning no accelerator supports this operation */ -@@ -2445,6 +2740,15 @@ static inline psa_status_t psa_driver_wrapper_mac_verify_setup( +@@ -2446,6 +2741,15 @@ static inline psa_status_t psa_driver_wrapper_mac_verify_setup( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -760,7 +760,7 @@ index 2ea6358f9..3fa4583b7 100644 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #if defined(MBEDTLS_PSA_BUILTIN_MAC) /* Fell through, meaning no accelerator supports this operation */ -@@ -2512,6 +2816,10 @@ static inline psa_status_t psa_driver_wrapper_mac_update( +@@ -2513,6 +2817,10 @@ static inline psa_status_t psa_driver_wrapper_mac_update( &operation->ctx.opaque_test_driver_ctx, input, input_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -771,7 +771,7 @@ index 2ea6358f9..3fa4583b7 100644 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: (void) input; -@@ -2546,6 +2854,11 @@ static inline psa_status_t psa_driver_wrapper_mac_sign_finish( +@@ -2547,6 +2855,11 @@ static inline psa_status_t psa_driver_wrapper_mac_sign_finish( &operation->ctx.opaque_test_driver_ctx, mac, mac_size, mac_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -783,7 +783,7 @@ index 2ea6358f9..3fa4583b7 100644 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: (void) mac; -@@ -2580,6 +2893,12 @@ static inline psa_status_t psa_driver_wrapper_mac_verify_finish( +@@ -2581,6 +2894,12 @@ static inline psa_status_t psa_driver_wrapper_mac_verify_finish( &operation->ctx.opaque_test_driver_ctx, mac, mac_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -796,7 +796,7 @@ index 2ea6358f9..3fa4583b7 100644 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: (void) mac; -@@ -2607,6 +2926,10 @@ static inline psa_status_t psa_driver_wrapper_mac_abort( +@@ -2608,6 +2927,10 @@ static inline psa_status_t psa_driver_wrapper_mac_abort( return( mbedtls_test_opaque_mac_abort( &operation->ctx.opaque_test_driver_ctx ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -807,7 +807,7 @@ index 2ea6358f9..3fa4583b7 100644 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: return( PSA_ERROR_INVALID_ARGUMENT ); -@@ -2644,6 +2967,20 @@ static inline psa_status_t psa_driver_wrapper_asymmetric_encrypt( +@@ -2645,6 +2968,20 @@ static inline psa_status_t psa_driver_wrapper_asymmetric_encrypt( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -828,7 +828,7 @@ index 2ea6358f9..3fa4583b7 100644 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ return( mbedtls_psa_asymmetric_encrypt( attributes, key_buffer, key_buffer_size, alg, input, input_length, -@@ -2705,6 +3042,20 @@ static inline psa_status_t psa_driver_wrapper_asymmetric_decrypt( +@@ -2706,6 +3043,20 @@ static inline psa_status_t psa_driver_wrapper_asymmetric_decrypt( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -849,7 +849,7 @@ index 2ea6358f9..3fa4583b7 100644 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ return( mbedtls_psa_asymmetric_decrypt( attributes, key_buffer, key_buffer_size, alg,input, input_length, -@@ -2772,6 +3123,18 @@ static inline psa_status_t psa_driver_wrapper_key_agreement( +@@ -2773,6 +3124,18 @@ static inline psa_status_t psa_driver_wrapper_key_agreement( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/lib/ext/mbedcrypto/0006-Enable-psa_can_do_hash.patch b/lib/ext/mbedcrypto/0006-Enable-psa_can_do_hash.patch index 38d9fd766..da654bb86 100644 --- a/lib/ext/mbedcrypto/0006-Enable-psa_can_do_hash.patch +++ b/lib/ext/mbedcrypto/0006-Enable-psa_can_do_hash.patch @@ -1,4 +1,4 @@ -From a1dae597483b1f64327902adbaa1d6b20e661081 Mon Sep 17 00:00:00 2001 +From dadf24399328816a4a55c0f3b1fa9d7f0f780306 Mon Sep 17 00:00:00 2001 From: Antonio de Angelis Date: Thu, 21 Mar 2024 13:02:44 +0000 Subject: [PATCH 6/7] Enable psa_can_do_hash @@ -14,7 +14,7 @@ Signed-off-by: Summer Qin 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c -index 1d91739da..6219f8169 100644 +index d3f729320..68895738e 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -288,7 +288,8 @@ static uint8_t psa_get_drivers_initialized(void) diff --git a/lib/ext/mbedcrypto/0007-Enable-sources-when-MCUBOOT_USE_PSA_CRYPTO-and-not-M.patch b/lib/ext/mbedcrypto/0007-Enable-sources-when-MCUBOOT_USE_PSA_CRYPTO-and-not-M.patch index c9198e1fa..cf230d54b 100644 --- a/lib/ext/mbedcrypto/0007-Enable-sources-when-MCUBOOT_USE_PSA_CRYPTO-and-not-M.patch +++ b/lib/ext/mbedcrypto/0007-Enable-sources-when-MCUBOOT_USE_PSA_CRYPTO-and-not-M.patch @@ -1,4 +1,4 @@ -From 5f1f13a6607a145ab6169810207ca1be8b844468 Mon Sep 17 00:00:00 2001 +From b543f78b0d9a103bcfec0ec1f8f3e1cb77b87f05 Mon Sep 17 00:00:00 2001 From: Antonio de Angelis Date: Tue, 9 Apr 2024 15:26:59 +0100 Subject: [PATCH 7/7] Enable sources when MCUBOOT_USE_PSA_CRYPTO and not @@ -32,7 +32,7 @@ index c78cc2333..7350eafcb 100644 /** The random generator function for the PSA subsystem. * diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h -index 3fa4583b7..1769ad405 100644 +index 9ba856145..2d566f5f8 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -23,7 +23,7 @@ @@ -71,7 +71,7 @@ index eeb7666c1..5c025b335 100644 #include #include "psa_crypto_core.h" diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c -index 2f613b32d..2594b110f 100644 +index 38dc3b8ed..20540d356 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -8,7 +8,7 @@ diff --git a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_default_client.h b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_default_client.h index c90cb8803..b13f9fc71 100644 --- a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_default_client.h +++ b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_default_client.h @@ -136,20 +136,6 @@ */ #define MBEDTLS_ECP_NIST_OPTIM -/** - * \def MBEDTLS_PK_PARSE_EC_EXTENDED - * - * Enhance support for reading EC keys using variants of SEC1 not allowed by - * RFC 5915 and RFC 5480. - * - * Currently this means parsing the SpecifiedECDomain choice of EC - * parameters (only known groups are supported, not arbitrary domains, to - * avoid validation issues). - * - * Disable if you only need to support RFC 5915 + 5480 key formats. - */ -#define MBEDTLS_PK_PARSE_EC_EXTENDED - /** * \def MBEDTLS_NO_PLATFORM_ENTROPY * diff --git a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_large_client.h b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_large_client.h index 39df0cc7b..41f7cc4d9 100644 --- a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_large_client.h +++ b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_large_client.h @@ -137,20 +137,6 @@ */ #define MBEDTLS_ECP_NIST_OPTIM -/** - * \def MBEDTLS_PK_PARSE_EC_EXTENDED - * - * Enhance support for reading EC keys using variants of SEC1 not allowed by - * RFC 5915 and RFC 5480. - * - * Currently this means parsing the SpecifiedECDomain choice of EC - * parameters (only known groups are supported, not arbitrary domains, to - * avoid validation issues). - * - * Disable if you only need to support RFC 5915 + 5480 key formats. - */ -#define MBEDTLS_PK_PARSE_EC_EXTENDED - /** * \def MBEDTLS_NO_PLATFORM_ENTROPY * diff --git a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small.h b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small.h index 81e7af24f..ffb8113d9 100644 --- a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small.h +++ b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small.h @@ -315,7 +315,7 @@ * * Uncomment to enable generic message digest wrappers. */ -#define MBEDTLS_MD_C +//#define MBEDTLS_MD_C /** * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C diff --git a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small_client.h b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small_client.h index dcab54c5c..139b81462 100644 --- a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small_client.h +++ b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small_client.h @@ -331,7 +331,7 @@ * * Uncomment to enable generic message digest wrappers. */ -#define MBEDTLS_MD_C +//#define MBEDTLS_MD_C /** * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C diff --git a/platform/ext/accelerator/cc312/crypto_accelerator_config.h b/platform/ext/accelerator/cc312/crypto_accelerator_config.h index 6cf595554..419c27941 100644 --- a/platform/ext/accelerator/cc312/crypto_accelerator_config.h +++ b/platform/ext/accelerator/cc312/crypto_accelerator_config.h @@ -114,6 +114,7 @@ extern "C" { #define MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA #define MBEDTLS_HMAC_DRBG_C #define MBEDTLS_MD_C +#define MBEDTLS_MD_CAN_SHA256 #endif #ifdef PSA_WANT_ALG_CBC_NO_PADDING From da282d1ed37e9bc0285a1c84012cbdc259451465 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Thu, 5 Sep 2024 15:52:15 +0200 Subject: [PATCH 40/73] [nrf noup] tf-m: Enable support for external PSA core MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -This commit adds support for externally built PSA core in TF-M by checking for the CMake variable (cached) PSA_CRYPTO_EXTERNAL_CORE. By setting this define, then a platform-target file called external_core.cmake as well as external_core_install.cmake is called to allow for the following: - Early include of necessary replacement include folders - Support for using generated configuration files for TF-M build -This commit also tries to make psa_crypto_config and psa_crypto_library_config linked in first to ensure that certain folders are included as early as possible in the build Signed-off-by: Frank Audun Kvamtrø --- cmake/install.cmake | 63 +++++++------- cmake/spe-CMakeLists.cmake | 9 ++ interface/CMakeLists.txt | 9 ++ secure_fw/partitions/crypto/CMakeLists.txt | 86 +++++++++++++------ .../partitions/lib/runtime/CMakeLists.txt | 4 + .../protected_storage/CMakeLists.txt | 2 +- 6 files changed, 116 insertions(+), 57 deletions(-) diff --git a/cmake/install.cmake b/cmake/install.cmake index 8e4003f5f..0797a09d7 100644 --- a/cmake/install.cmake +++ b/cmake/install.cmake @@ -75,34 +75,38 @@ if (TFM_PARTITION_INTERNAL_TRUSTED_STORAGE) endif() if (TFM_PARTITION_CRYPTO) - install(FILES ${INTERFACE_INC_DIR}/psa/README.rst - ${INTERFACE_INC_DIR}/psa/build_info.h - ${INTERFACE_INC_DIR}/psa/crypto.h - ${INTERFACE_INC_DIR}/psa/crypto_adjust_auto_enabled.h - ${INTERFACE_INC_DIR}/psa/crypto_adjust_config_dependencies.h - ${INTERFACE_INC_DIR}/psa/crypto_adjust_config_key_pair_types.h - ${INTERFACE_INC_DIR}/psa/crypto_adjust_config_synonyms.h - ${INTERFACE_INC_DIR}/psa/crypto_builtin_composites.h - ${INTERFACE_INC_DIR}/psa/crypto_builtin_key_derivation.h - ${INTERFACE_INC_DIR}/psa/crypto_builtin_primitives.h - ${INTERFACE_INC_DIR}/psa/crypto_compat.h - ${INTERFACE_INC_DIR}/psa/crypto_driver_common.h - ${INTERFACE_INC_DIR}/psa/crypto_driver_contexts_composites.h - ${INTERFACE_INC_DIR}/psa/crypto_driver_contexts_key_derivation.h - ${INTERFACE_INC_DIR}/psa/crypto_driver_contexts_primitives.h - ${INTERFACE_INC_DIR}/psa/crypto_extra.h - ${INTERFACE_INC_DIR}/psa/crypto_legacy.h - ${INTERFACE_INC_DIR}/psa/crypto_platform.h - ${INTERFACE_INC_DIR}/psa/crypto_se_driver.h - ${INTERFACE_INC_DIR}/psa/crypto_sizes.h - ${INTERFACE_INC_DIR}/psa/crypto_struct.h - ${INTERFACE_INC_DIR}/psa/crypto_types.h - ${INTERFACE_INC_DIR}/psa/crypto_values.h - DESTINATION ${INSTALL_INTERFACE_INC_DIR}/psa) - install(FILES ${INTERFACE_INC_DIR}/tfm_crypto_defs.h - DESTINATION ${INSTALL_INTERFACE_INC_DIR}) - install(DIRECTORY ${INTERFACE_INC_DIR}/mbedtls - DESTINATION ${INSTALL_INTERFACE_INC_DIR}) + if(PSA_CRYPTO_EXTERNAL_CORE) + include(${TARGET_PLATFORM_PATH}/../external_core_install.cmake) + else() + install(FILES ${INTERFACE_INC_DIR}/psa/README.rst + ${INTERFACE_INC_DIR}/psa/build_info.h + ${INTERFACE_INC_DIR}/psa/crypto.h + ${INTERFACE_INC_DIR}/psa/crypto_adjust_auto_enabled.h + ${INTERFACE_INC_DIR}/psa/crypto_adjust_config_dependencies.h + ${INTERFACE_INC_DIR}/psa/crypto_adjust_config_key_pair_types.h + ${INTERFACE_INC_DIR}/psa/crypto_adjust_config_synonyms.h + ${INTERFACE_INC_DIR}/psa/crypto_builtin_composites.h + ${INTERFACE_INC_DIR}/psa/crypto_builtin_key_derivation.h + ${INTERFACE_INC_DIR}/psa/crypto_builtin_primitives.h + ${INTERFACE_INC_DIR}/psa/crypto_compat.h + ${INTERFACE_INC_DIR}/psa/crypto_driver_common.h + ${INTERFACE_INC_DIR}/psa/crypto_driver_contexts_composites.h + ${INTERFACE_INC_DIR}/psa/crypto_driver_contexts_key_derivation.h + ${INTERFACE_INC_DIR}/psa/crypto_driver_contexts_primitives.h + ${INTERFACE_INC_DIR}/psa/crypto_extra.h + ${INTERFACE_INC_DIR}/psa/crypto_legacy.h + ${INTERFACE_INC_DIR}/psa/crypto_platform.h + ${INTERFACE_INC_DIR}/psa/crypto_se_driver.h + ${INTERFACE_INC_DIR}/psa/crypto_sizes.h + ${INTERFACE_INC_DIR}/psa/crypto_struct.h + ${INTERFACE_INC_DIR}/psa/crypto_types.h + ${INTERFACE_INC_DIR}/psa/crypto_values.h + DESTINATION ${INSTALL_INTERFACE_INC_DIR}/psa) + install(FILES ${INTERFACE_INC_DIR}/tfm_crypto_defs.h + DESTINATION ${INSTALL_INTERFACE_INC_DIR}) + install(DIRECTORY ${INTERFACE_INC_DIR}/mbedtls + DESTINATION ${INSTALL_INTERFACE_INC_DIR}) + endif() endif() if (TFM_PARTITION_INITIAL_ATTESTATION) @@ -285,10 +289,11 @@ else() ) endif() +# PSA_CRYPTO_EXTERNAL_CORE target_include_directories(psa_interface INTERFACE $ - ) +) install(EXPORT tfm-config FILE spe_export.cmake diff --git a/cmake/spe-CMakeLists.cmake b/cmake/spe-CMakeLists.cmake index cb0d36e98..959912cbd 100644 --- a/cmake/spe-CMakeLists.cmake +++ b/cmake/spe-CMakeLists.cmake @@ -34,6 +34,15 @@ target_sources(tfm_api_ns ) # Include interface headers exported by TF-M +if(PSA_CRYPTO_EXTERNAL_CORE) + include(${TARGET_PLATFORM_PATH}/../external_core.cmake) +else() + target_include_directories(tfm_api_ns + PUBLIC + ${INTERFACE_INC_DIR} + ) +endif() + target_include_directories(tfm_api_ns PUBLIC ${INTERFACE_INC_DIR} diff --git a/interface/CMakeLists.txt b/interface/CMakeLists.txt index 97711e8f2..94be57a12 100644 --- a/interface/CMakeLists.txt +++ b/interface/CMakeLists.txt @@ -19,6 +19,15 @@ configure_file(${CMAKE_CURRENT_SOURCE_DIR}/include/psa/framework_feature.h.in add_library(psa_interface INTERFACE) +if(PSA_CRYPTO_EXTERNAL_CORE) + include(${TARGET_PLATFORM_PATH}/../external_core.cmake) +else() + target_include_directories(psa_interface + INTERFACE + $ + ) +endif() + target_include_directories(psa_interface INTERFACE $ diff --git a/secure_fw/partitions/crypto/CMakeLists.txt b/secure_fw/partitions/crypto/CMakeLists.txt index 284db4f2d..e4a8d5702 100644 --- a/secure_fw/partitions/crypto/CMakeLists.txt +++ b/secure_fw/partitions/crypto/CMakeLists.txt @@ -7,30 +7,41 @@ ############################### PSA CRYPTO CONFIG ############################## # Make sure these are available even if the TFM_PARTITION_CRYPTO is not defined +add_library(psa_crypto_config INTERFACE) -# This defines the configuration files for the users of the client interface -set(TFM_MBEDCRYPTO_CONFIG_CLIENT_PATH ${TFM_MBEDCRYPTO_CONFIG_PATH}) -cmake_path(REMOVE_EXTENSION TFM_MBEDCRYPTO_CONFIG_CLIENT_PATH) -cmake_path(APPEND_STRING TFM_MBEDCRYPTO_CONFIG_CLIENT_PATH "_client.h") -add_library(psa_crypto_config INTERFACE) -target_compile_definitions(psa_crypto_config - INTERFACE - MBEDTLS_PSA_CRYPTO_CONFIG_FILE="${TFM_MBEDCRYPTO_PSA_CRYPTO_CONFIG_PATH}" - MBEDTLS_CONFIG_FILE="${TFM_MBEDCRYPTO_CONFIG_CLIENT_PATH}" -) # The following is required for tfm_plat_crypto_nv_seed.h target_include_directories(psa_crypto_config INTERFACE $ ) -# This defines the configuration files for the users of the library directly -add_library(psa_crypto_library_config INTERFACE) -target_compile_definitions(psa_crypto_library_config + +if(PSA_CRYPTO_EXTERNAL_CORE) + include(${TARGET_PLATFORM_PATH}/../external_core.cmake) +else() + #This defines the configuration files for the users of the client interface + set(TFM_MBEDCRYPTO_CONFIG_CLIENT_PATH ${TFM_MBEDCRYPTO_CONFIG_PATH}) + cmake_path(REMOVE_EXTENSION TFM_MBEDCRYPTO_CONFIG_CLIENT_PATH) + cmake_path(APPEND_STRING TFM_MBEDCRYPTO_CONFIG_CLIENT_PATH "_client.h") + + target_compile_definitions(psa_crypto_config INTERFACE MBEDTLS_PSA_CRYPTO_CONFIG_FILE="${TFM_MBEDCRYPTO_PSA_CRYPTO_CONFIG_PATH}" - MBEDTLS_CONFIG_FILE="${TFM_MBEDCRYPTO_CONFIG_PATH}" -) + MBEDTLS_CONFIG_FILE="${TFM_MBEDCRYPTO_CONFIG_CLIENT_PATH}" + ) +endif() + +# This defines the configuration files for the users of the library directly +add_library(psa_crypto_library_config INTERFACE) +if(PSA_CRYPTO_EXTERNAL_CORE) + include(${TARGET_PLATFORM_PATH}/../external_core.cmake) +else() + target_compile_definitions(psa_crypto_library_config + INTERFACE + MBEDTLS_PSA_CRYPTO_CONFIG_FILE="${TFM_MBEDCRYPTO_PSA_CRYPTO_CONFIG_PATH}" + MBEDTLS_CONFIG_FILE="${TFM_MBEDCRYPTO_CONFIG_PATH}" + ) +endif() if (NOT TFM_PARTITION_CRYPTO) return() @@ -71,13 +82,24 @@ target_sources(tfm_partitions ${CMAKE_BINARY_DIR}/generated/secure_fw/partitions/crypto/auto_generated/load_info_tfm_crypto.c ) + # Set include directory target_include_directories(tfm_psa_rot_partition_crypto PRIVATE - $ + #$ + ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_BINARY_DIR}/generated/secure_fw/partitions/crypto - $ ) + +if(PSA_CRYPTO_EXTERNAL_CORE) + include(${TARGET_PLATFORM_PATH}/../external_core.cmake) +else() + target_include_directories(tfm_psa_rot_partition_crypto + PRIVATE + $ + ) +endif() + target_include_directories(tfm_partitions INTERFACE ${CMAKE_BINARY_DIR}/generated/secure_fw/partitions/crypto @@ -116,19 +138,20 @@ target_link_libraries(tfm_config psa_crypto_config ) -############################### PSA CRYPTO CONFIG ############################## -add_library(psa_crypto_config INTERFACE) -# target_compile_definitions(psa_crypto_config -# INTERFACE -# MBEDTLS_PSA_CRYPTO_CONFIG_FILE="${TFM_MBEDCRYPTO_PSA_CRYPTO_CONFIG_PATH}" -# ) - ############################### MBEDCRYPTO ##################################### add_library(crypto_service_mbedcrypto_config INTERFACE) +if(PSA_CRYPTO_EXTERNAL_CORE) + include(${TARGET_PLATFORM_PATH}/../external_core.cmake) +else() + target_compile_definitions(crypto_service_mbedcrypto_config + INTERFACE + MBEDTLS_CONFIG_FILE="${TFM_MBEDCRYPTO_CONFIG_PATH}" + $<$:MBEDTLS_USER_CONFIG_FILE="${TFM_MBEDCRYPTO_PLATFORM_EXTRA_CONFIG_PATH}"> + ) +endif() target_compile_definitions(crypto_service_mbedcrypto_config INTERFACE - $<$:MBEDTLS_USER_CONFIG_FILE="${TFM_MBEDCRYPTO_PLATFORM_EXTRA_CONFIG_PATH}"> # Workaround for https://github.com/ARMmbed/mbedtls/issues/1077 $<$,$>:MULADDC_CANNOT_USE_R7> $<$:PLATFORM_DEFAULT_NV_SEED> @@ -176,10 +199,19 @@ target_include_directories(psa_crypto_library_config INTERFACE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_SOURCE_DIR}/psa_driver_api - # The following is required for psa/error.h - $ ) +if(PSA_CRYPTO_EXTERNAL_CORE) + include(${TARGET_PLATFORM_PATH}/../external_core.cmake) +else() + target_include_directories(${MBEDTLS_TARGET_PREFIX}mbedcrypto + PUBLIC + # The following is required for psa/error.h + $ + ) +endif() + + # Fix platform_s and crypto_service_mbedcrypto libraries cyclic linking set_target_properties(${MBEDTLS_TARGET_PREFIX}mbedcrypto PROPERTIES LINK_INTERFACE_MULTIPLICITY 3) diff --git a/secure_fw/partitions/lib/runtime/CMakeLists.txt b/secure_fw/partitions/lib/runtime/CMakeLists.txt index 7a626b961..c29561764 100644 --- a/secure_fw/partitions/lib/runtime/CMakeLists.txt +++ b/secure_fw/partitions/lib/runtime/CMakeLists.txt @@ -16,6 +16,10 @@ target_include_directories(tfm_sprt ${CMAKE_SOURCE_DIR}/secure_fw/include ) +if(PSA_CRYPTO_EXTERNAL_CORE) + include(${TARGET_PLATFORM_PATH}/../external_core.cmake) +endif() + target_sources(tfm_sprt PUBLIC $<$:${CMAKE_SOURCE_DIR}/platform/ext/common/syscalls_stub.c> diff --git a/secure_fw/partitions/protected_storage/CMakeLists.txt b/secure_fw/partitions/protected_storage/CMakeLists.txt index 0cfedac08..bb6e5fcfe 100644 --- a/secure_fw/partitions/protected_storage/CMakeLists.txt +++ b/secure_fw/partitions/protected_storage/CMakeLists.txt @@ -75,11 +75,11 @@ target_sources(tfm_partitions target_link_libraries(tfm_app_rot_partition_ps PRIVATE + psa_crypto_config secure_fw platform_s tfm_config tfm_sprt - psa_crypto_config ) target_compile_definitions(tfm_app_rot_partition_ps From 7801e1ff43dbf11928ef836b1bc32c3208237299 Mon Sep 17 00:00:00 2001 From: Nicola Mazzucato Date: Tue, 3 Sep 2024 08:15:22 +0100 Subject: [PATCH 41/73] [nrf fromtree] SPM: mailbox_agent_api: Free connection if params association fails After the connection is successfully allocated, if the parameters association fails, then the connection needs to be released. This is only required for STATELESS connections for the reason that for stateful connections those are taken care of as part of the psa_close sequence. Signed-off-by: Nicola Mazzucato Change-Id: Ic0674098b7780a4e83b21fe93c5ed83ff5a2e8d1 (cherry picked from commit 417063d18e7004f9a50ddeb9e6ce78441eaa46b2) (cherry picked from commit fbcdc69b794d9b612f4556cba347a860d6a7f28f) Signed-off-by: Tomi Fontanilles --- secure_fw/spm/core/mailbox_agent_api.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/secure_fw/spm/core/mailbox_agent_api.c b/secure_fw/spm/core/mailbox_agent_api.c index 20238e730..8873236a1 100644 --- a/secure_fw/spm/core/mailbox_agent_api.c +++ b/secure_fw/spm/core/mailbox_agent_api.c @@ -43,6 +43,9 @@ psa_status_t tfm_spm_agent_psa_call(psa_handle_t handle, status = spm_associate_call_params(p_connection, control, params->p_invecs, params->p_outvecs); if (status != PSA_SUCCESS) { + if (IS_STATIC_HANDLE(handle)) { + spm_free_connection(p_connection); + } return status; } From 43bacd7a71ccebc21ad316ea3066c43013ceb503 Mon Sep 17 00:00:00 2001 From: Antonio de Angelis Date: Fri, 5 Jul 2024 11:02:25 +0200 Subject: [PATCH 42/73] [nrf fromtree] Crypto: Prevent the scratch allocator from overflowing If the requested_size from the scratch allocator is greater than 0xfffffffc, the align macro overflows without failing allocation thus allowing out-of-bounds writes in the Crypto partition memory. Signed-off-by: Antonio de Angelis Change-Id: Ic218fea8238ecd3e8d146586d2c413386870d580 (cherry picked from commit 2ecea430fbb4e7e2de7fc6fd3fddd59f138019fc) Signed-off-by: Tomi Fontanilles --- secure_fw/partitions/crypto/crypto_init.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/secure_fw/partitions/crypto/crypto_init.c b/secure_fw/partitions/crypto/crypto_init.c index c48ead1aa..af06b31ec 100644 --- a/secure_fw/partitions/crypto/crypto_init.c +++ b/secure_fw/partitions/crypto/crypto_init.c @@ -112,6 +112,11 @@ static psa_status_t tfm_crypto_get_scratch_owner(int32_t *id) static psa_status_t tfm_crypto_alloc_scratch(size_t requested_size, void **buf) { + /* Prevent ALIGN() from overflowing */ + if (requested_size > SIZE_MAX - (TFM_CRYPTO_IOVEC_ALIGNMENT - 1)) { + return PSA_ERROR_INSUFFICIENT_MEMORY; + } + /* Ensure alloc_index remains aligned to the required iovec alignment */ requested_size = ALIGN(requested_size, TFM_CRYPTO_IOVEC_ALIGNMENT); From e6b5a12a8a6ec7a2b83239b35f35e0a91fa3ec7a Mon Sep 17 00:00:00 2001 From: Antonio de Angelis Date: Fri, 5 Jul 2024 13:43:16 +0200 Subject: [PATCH 43/73] [nrf fromtree] Crypto: Protect writes to avoid out-of-bound access Several places in the Crypto service directly write without checking at least pointer validity (i.e. not NULL) or out-of-bound access in the scratch buffer writes. These mostly would lead to crashes, i.e. a Denial-of-Service attack for which TF-M does not protect against, but reduce the potential for more serious attacks by protecting those writes anyway. Signed-off-by: Antonio de Angelis Change-Id: I4d60cca04162f15abd96a8c3fbe3683042b7b55d (cherry picked from commit 0db7ebf32ba3f5ddd54d742ccd1a6ddfc6535989) Signed-off-by: Tomi Fontanilles --- secure_fw/partitions/crypto/crypto_aead.c | 6 ++++++ secure_fw/partitions/crypto/crypto_cipher.c | 6 ++++++ secure_fw/partitions/crypto/crypto_hash.c | 9 +++++++++ .../partitions/crypto/crypto_key_derivation.c | 10 ++++++++++ .../partitions/crypto/crypto_key_management.c | 18 ++++++++++++++++++ secure_fw/partitions/crypto/crypto_mac.c | 6 ++++++ 6 files changed, 55 insertions(+) diff --git a/secure_fw/partitions/crypto/crypto_aead.c b/secure_fw/partitions/crypto/crypto_aead.c index 7681bb5ef..7952f9f14 100644 --- a/secure_fw/partitions/crypto/crypto_aead.c +++ b/secure_fw/partitions/crypto/crypto_aead.c @@ -94,6 +94,9 @@ psa_status_t tfm_crypto_aead_interface(psa_invec in_vec[], if ((sid == TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID) || (sid == TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID)) { p_handle = out_vec[0].base; + if (out_vec[0].base == NULL || out_vec[0].len < sizeof(uint32_t)) { + return PSA_ERROR_PROGRAMMER_ERROR; + } *p_handle = iov->op_handle; status = tfm_crypto_operation_alloc(TFM_CRYPTO_AEAD_OPERATION, out_vec[0].base, @@ -113,6 +116,9 @@ psa_status_t tfm_crypto_aead_interface(psa_invec in_vec[], * if lookup fails. */ p_handle = out_vec[0].base; + if (out_vec[0].base == NULL || out_vec[0].len < sizeof(uint32_t)) { + return PSA_ERROR_PROGRAMMER_ERROR; + } *p_handle = iov->op_handle; } } diff --git a/secure_fw/partitions/crypto/crypto_cipher.c b/secure_fw/partitions/crypto/crypto_cipher.c index 2af4fccd6..d307c5150 100644 --- a/secure_fw/partitions/crypto/crypto_cipher.c +++ b/secure_fw/partitions/crypto/crypto_cipher.c @@ -75,6 +75,9 @@ psa_status_t tfm_crypto_cipher_interface(psa_invec in_vec[], if ((sid == TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID) || (sid == TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID)) { p_handle = out_vec[0].base; + if (out_vec[0].base == NULL || out_vec[0].len < sizeof(uint32_t)) { + return PSA_ERROR_PROGRAMMER_ERROR; + } *p_handle = iov->op_handle; status = tfm_crypto_operation_alloc(TFM_CRYPTO_CIPHER_OPERATION, out_vec[0].base, @@ -92,6 +95,9 @@ psa_status_t tfm_crypto_cipher_interface(psa_invec in_vec[], * override the original handle value in client, after lookup fails. */ p_handle = out_vec[0].base; + if (out_vec[0].base == NULL || out_vec[0].len < sizeof(uint32_t)) { + return PSA_ERROR_PROGRAMMER_ERROR; + } *p_handle = iov->op_handle; } } diff --git a/secure_fw/partitions/crypto/crypto_hash.c b/secure_fw/partitions/crypto/crypto_hash.c index d993fefea..4972efa65 100644 --- a/secure_fw/partitions/crypto/crypto_hash.c +++ b/secure_fw/partitions/crypto/crypto_hash.c @@ -64,6 +64,9 @@ psa_status_t tfm_crypto_hash_interface(psa_invec in_vec[], if (sid == TFM_CRYPTO_HASH_SETUP_SID) { p_handle = out_vec[0].base; + if (out_vec[0].base == NULL || out_vec[0].len < sizeof(uint32_t)) { + return PSA_ERROR_PROGRAMMER_ERROR; + } *p_handle = iov->op_handle; status = tfm_crypto_operation_alloc(TFM_CRYPTO_HASH_OPERATION, out_vec[0].base, @@ -82,6 +85,9 @@ psa_status_t tfm_crypto_hash_interface(psa_invec in_vec[], * override the original handle value in client, after lookup fails. */ p_handle = out_vec[0].base; + if (out_vec[0].base == NULL || out_vec[0].len < sizeof(uint32_t)) { + return PSA_ERROR_PROGRAMMER_ERROR; + } *p_handle = iov->op_handle; } } @@ -150,6 +156,9 @@ psa_status_t tfm_crypto_hash_interface(psa_invec in_vec[], { psa_hash_operation_t *target_operation = NULL; p_handle = out_vec[0].base; + if (out_vec[0].base == NULL || out_vec[0].len < sizeof(uint32_t) || in_vec[1].base == NULL) { + return PSA_ERROR_PROGRAMMER_ERROR; + } *p_handle = *((uint32_t *)in_vec[1].base); /* Allocate the target operation context in the secure world */ diff --git a/secure_fw/partitions/crypto/crypto_key_derivation.c b/secure_fw/partitions/crypto/crypto_key_derivation.c index 2dc29ecb9..1cf94c8e4 100644 --- a/secure_fw/partitions/crypto/crypto_key_derivation.c +++ b/secure_fw/partitions/crypto/crypto_key_derivation.c @@ -115,7 +115,13 @@ psa_status_t tfm_crypto_key_derivation_interface(psa_invec in_vec[], { psa_key_id_t *key_handle = out_vec[0].base; psa_key_attributes_t srv_key_attr; + if (out_vec[0].base == NULL || out_vec[0].len < sizeof(psa_key_id_t)) { + return PSA_ERROR_PROGRAMMER_ERROR; + } + if (in_vec[1].base == NULL || out_vec[0].len > sizeof(psa_key_attributes_t)) { + return PSA_ERROR_PROGRAMMER_ERROR; + } memcpy(&srv_key_attr, in_vec[1].base, in_vec[1].len); tfm_crypto_library_get_library_key_id_set_owner(encoded_key->owner, &srv_key_attr); @@ -128,7 +134,11 @@ psa_status_t tfm_crypto_key_derivation_interface(psa_invec in_vec[], case TFM_CRYPTO_KEY_DERIVATION_ABORT_SID: { p_handle = out_vec[0].base; + if (out_vec[0].base == NULL || out_vec[0].len < sizeof(iov->op_handle)) { + return PSA_ERROR_PROGRAMMER_ERROR; + } *p_handle = iov->op_handle; + if (status != PSA_SUCCESS) { /* * If lookup() failed to find out a valid operation, it is not diff --git a/secure_fw/partitions/crypto/crypto_key_management.c b/secure_fw/partitions/crypto/crypto_key_management.c index d9bfafc15..7b85e7726 100644 --- a/secure_fw/partitions/crypto/crypto_key_management.c +++ b/secure_fw/partitions/crypto/crypto_key_management.c @@ -39,6 +39,9 @@ psa_status_t tfm_crypto_key_management_interface(psa_invec in_vec[], case TFM_CRYPTO_IMPORT_KEY_SID: case TFM_CRYPTO_COPY_KEY_SID: case TFM_CRYPTO_GENERATE_KEY_SID: + if (in_vec[1].base == NULL || in_vec[1].len > sizeof(psa_key_attributes_t)) { + return PSA_ERROR_PROGRAMMER_ERROR; + } memcpy(&srv_key_attr, in_vec[1].base, in_vec[1].len); tfm_crypto_library_get_library_key_id_set_owner(encoded_key->owner, &srv_key_attr); break; @@ -52,6 +55,9 @@ psa_status_t tfm_crypto_key_management_interface(psa_invec in_vec[], const uint8_t *data = in_vec[2].base; size_t data_length = in_vec[2].len; psa_key_id_t *key_id = out_vec[0].base; + if (out_vec[0].base == NULL || out_vec[0].len < sizeof(psa_key_id_t)) { + return PSA_ERROR_PROGRAMMER_ERROR; + } status = psa_import_key(&srv_key_attr, data, data_length, &library_key); @@ -62,6 +68,9 @@ psa_status_t tfm_crypto_key_management_interface(psa_invec in_vec[], case TFM_CRYPTO_OPEN_KEY_SID: { psa_key_id_t *key_id = out_vec[0].base; + if (out_vec[0].base == NULL || out_vec[0].len < sizeof(psa_key_id_t)) { + return PSA_ERROR_PROGRAMMER_ERROR; + } status = psa_open_key(library_key, &library_key); *key_id = CRYPTO_LIBRARY_GET_KEY_ID(library_key); @@ -89,6 +98,9 @@ psa_status_t tfm_crypto_key_management_interface(psa_invec in_vec[], * only the client view of it, i.e. without the owner field at the * end of the structure */ + if (out_vec[0].base == NULL || out_vec[0].len > sizeof(psa_key_attributes_t)) { + return PSA_ERROR_PROGRAMMER_ERROR; + } memcpy(key_attributes, &srv_key_attr, out_vec[0].len); } break; @@ -125,6 +137,9 @@ psa_status_t tfm_crypto_key_management_interface(psa_invec in_vec[], { psa_key_id_t *target_key_id = out_vec[0].base; tfm_crypto_library_key_id_t target_key = tfm_crypto_library_key_id_init_default(); + if (out_vec[0].base == NULL || out_vec[0].len < sizeof(psa_key_id_t)) { + return PSA_ERROR_PROGRAMMER_ERROR; + } status = psa_copy_key(library_key, &srv_key_attr, @@ -139,6 +154,9 @@ psa_status_t tfm_crypto_key_management_interface(psa_invec in_vec[], case TFM_CRYPTO_GENERATE_KEY_SID: { psa_key_id_t *key_handle = out_vec[0].base; + if (out_vec[0].base == NULL || out_vec[0].len < sizeof(psa_key_id_t)) { + return PSA_ERROR_PROGRAMMER_ERROR; + } status = psa_generate_key(&srv_key_attr, &library_key); if (status != PSA_SUCCESS) { diff --git a/secure_fw/partitions/crypto/crypto_mac.c b/secure_fw/partitions/crypto/crypto_mac.c index 4fe85a15f..301473223 100644 --- a/secure_fw/partitions/crypto/crypto_mac.c +++ b/secure_fw/partitions/crypto/crypto_mac.c @@ -71,6 +71,9 @@ psa_status_t tfm_crypto_mac_interface(psa_invec in_vec[], if ((sid == TFM_CRYPTO_MAC_SIGN_SETUP_SID) || (sid == TFM_CRYPTO_MAC_VERIFY_SETUP_SID)) { p_handle = out_vec[0].base; + if (out_vec[0].base == NULL || out_vec[0].len < sizeof(uint32_t)) { + return PSA_ERROR_PROGRAMMER_ERROR; + } *p_handle = iov->op_handle; status = tfm_crypto_operation_alloc(TFM_CRYPTO_MAC_OPERATION, out_vec[0].base, @@ -89,6 +92,9 @@ psa_status_t tfm_crypto_mac_interface(psa_invec in_vec[], * override the original handle value in client, after lookup fails. */ p_handle = out_vec[0].base; + if (out_vec[0].base == NULL || out_vec[0].len < sizeof(uint32_t)) { + return PSA_ERROR_PROGRAMMER_ERROR; + } *p_handle = iov->op_handle; } } From 8d6d4cf22c43902dfe914867bcecc544bf758bf0 Mon Sep 17 00:00:00 2001 From: Antonio de Angelis Date: Thu, 3 Oct 2024 10:31:33 +0100 Subject: [PATCH 44/73] [nrf fromtree] CC3XX: Relax assert condition in aead_crypt for input Assert on the validity of the input buffer only if the input_length is different than 0. Calls with non-NULL input and input_length == 0 are fairly normal, especially when used only for authentication purposes. Signed-off-by: Antonio de Angelis Change-Id: I733341179dcbd04c3862050b1105474dd7322e77 (cherry picked from commit 75bbe3fc02405cd01404432801cc61437a841c16) Signed-off-by: Tomi Fontanilles --- .../cc312/cc312-rom/psa_driver_api/src/cc3xx_psa_aead.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/platform/ext/accelerator/cc312/cc312-rom/psa_driver_api/src/cc3xx_psa_aead.c b/platform/ext/accelerator/cc312/cc312-rom/psa_driver_api/src/cc3xx_psa_aead.c index 29423a89d..c07058853 100644 --- a/platform/ext/accelerator/cc312/cc312-rom/psa_driver_api/src/cc3xx_psa_aead.c +++ b/platform/ext/accelerator/cc312/cc312-rom/psa_driver_api/src/cc3xx_psa_aead.c @@ -70,7 +70,9 @@ static psa_status_t aead_crypt( CC3XX_ASSERT(key_buffer != NULL); CC3XX_ASSERT(nonce != NULL); CC3XX_ASSERT(!additional_data_length ^ (additional_data != NULL)); - CC3XX_ASSERT(input != NULL); + if (input_length != 0) { + CC3XX_ASSERT(input != NULL); + } CC3XX_ASSERT(!output_size ^ (output != NULL)); CC3XX_ASSERT(output_length != NULL); From c0b29c006d66317e75daa834aa096cb15e601b2a Mon Sep 17 00:00:00 2001 From: Nicola Mazzucato Date: Fri, 16 Aug 2024 20:38:30 +0100 Subject: [PATCH 45/73] [nrf fromtree] tfm_spe_mailbox: Validate vectors from NSPE A few checks are missing from the mailbox message parameters: - NULL checks on vector pointers - maximum number of input vectors Add such checks and move the related copy to local vectors in a separate function. Note that proper validation of the psa vectors on whether the given addresses are valid is performed in the subsequent 'spm_associate_call_params' when processing the call. Signed-off-by: Nicola Mazzucato Change-Id: Ife09a48ca9d8547ada3ac099cc1eb2b0c9cf3f17 (cherry picked from commit 25f2408e06b4cdc6dc9b073c979f7fc18994e445) (cherry picked from commit 12a4c5342965b4d3010496452169a5ec64825711) Signed-off-by: Tomi Fontanilles --- .../ns_agent_mailbox/tfm_spe_mailbox.c | 79 +++++++++++++------ 1 file changed, 54 insertions(+), 25 deletions(-) diff --git a/secure_fw/partitions/ns_agent_mailbox/tfm_spe_mailbox.c b/secure_fw/partitions/ns_agent_mailbox/tfm_spe_mailbox.c index a6069a6f6..5470e2793 100644 --- a/secure_fw/partitions/ns_agent_mailbox/tfm_spe_mailbox.c +++ b/secure_fw/partitions/ns_agent_mailbox/tfm_spe_mailbox.c @@ -174,6 +174,54 @@ __STATIC_INLINE int32_t check_mailbox_msg(const struct mailbox_msg_t *msg) return MAILBOX_SUCCESS; } +static int local_copy_vects(const struct psa_client_params_t *params, + uint32_t idx, + uint32_t *control) +{ + size_t in_len, out_len; + + if ((params->psa_call_params.out_vec == NULL) || + (params->psa_call_params.in_vec == NULL)) { + return MAILBOX_INVAL_PARAMS; + } + + in_len = params->psa_call_params.in_len; + out_len = params->psa_call_params.out_len; + + if ((in_len > PSA_MAX_IOVEC) || + (out_len > PSA_MAX_IOVEC) || + ((in_len + out_len) > PSA_MAX_IOVEC)) { + return MAILBOX_INVAL_PARAMS; + } + + for (unsigned int i = 0; i < PSA_MAX_IOVEC; i++) { + if (i < params->psa_call_params.in_len) { + vectors[idx].in_vec[i] = params->psa_call_params.in_vec[i]; + } else { + vectors[idx].in_vec[i].base = 0; + vectors[idx].in_vec[i].len = 0; + } + } + + for (unsigned int i = 0; i < PSA_MAX_IOVEC; i++) { + if (i < params->psa_call_params.out_len) { + vectors[idx].out_vec[i] = params->psa_call_params.out_vec[i]; + } else { + vectors[idx].out_vec[i].base = 0; + vectors[idx].out_vec[i].len = 0; + } + } + + *control = PARAM_SET_NS_INVEC(*control); + *control = PARAM_SET_NS_OUTVEC(*control); + + vectors[idx].out_len = params->psa_call_params.out_len; + vectors[idx].original_out_vec = params->psa_call_params.out_vec; + + vectors[idx].in_use = true; + return MAILBOX_SUCCESS; +} + /* Passes the request from the mailbox message into SPM. * idx indicates the slot used to use for any immediate reply. * If it queues the reply immediately, updates reply_slots accordingly. @@ -191,6 +239,7 @@ static int32_t tfm_mailbox_dispatch(const struct mailbox_msg_t *msg_ptr, psa_status_t psa_ret = PSA_ERROR_GENERIC_ERROR; mailbox_msg_handle_t *mb_msg_handle = &spe_mailbox_queue.queue[idx].msg_handle; + int ret; #if CONFIG_TFM_SPM_BACKEND_IPC == 1 /* Assume asynchronous. Set to synchronous when an error happens. */ @@ -214,33 +263,13 @@ static int32_t tfm_mailbox_dispatch(const struct mailbox_msg_t *msg_ptr, break; case MAILBOX_PSA_CALL: - /* TODO check vector validity before use */ - /* Make local copy of invecs and outvecs */ - vectors[idx].in_use = true; - vectors[idx].out_len = params->psa_call_params.out_len; - vectors[idx].original_out_vec = params->psa_call_params.out_vec; - for (int i = 0; i < PSA_MAX_IOVEC; i++) { - if (i < params->psa_call_params.in_len) { - vectors[idx].in_vec[i] = params->psa_call_params.in_vec[i]; - } else { - vectors[idx].in_vec[i].base = 0; - vectors[idx].in_vec[i].len = 0; - } - } - - control = PARAM_SET_NS_INVEC(control); - - for (int i = 0; i < PSA_MAX_IOVEC; i++) { - if (i < params->psa_call_params.out_len) { - vectors[idx].out_vec[i] = params->psa_call_params.out_vec[i]; - } else { - vectors[idx].out_vec[i].base = 0; - vectors[idx].out_vec[i].len = 0; - } + ret = local_copy_vects(params, idx, &control); + if (ret != MAILBOX_SUCCESS) { + sync = true; + psa_ret = PSA_ERROR_INVALID_ARGUMENT; + break; } - control = PARAM_SET_NS_OUTVEC(control); - if (tfm_multi_core_hal_client_id_translate(CLIENT_ID_OWNER_MAGIC, msg_ptr->client_id, &client_id) != SPM_SUCCESS) { From 0568896c9becca90acd89c2bdb6a5c0a5e74188a Mon Sep 17 00:00:00 2001 From: Nicola Mazzucato Date: Tue, 27 Aug 2024 11:29:02 +0100 Subject: [PATCH 46/73] [nrf fromtree] tfm_spe_mailbox: Do not write-back on input vectors checks failure If the validation of the vector parameters fails, the outvec are written back regardless. This may cause an out-of-bound write from the address that was previously stored in original_out_vec and the length that could go passed the local out_vec. Note that this fix requires: `tfm_spe_mailbox: Validate vectors from NSPE` Prior to this change and the one above, it is possible to craft a couple of mailbox messages to first write in vectors[1].in_vec a target value, then a second message with: - a out_vec.len to go past out_vec[0], 6 for example - a target address for a PSA-ROT private storage, `ps_crypto_iv_buf` for example. Signed-off-by: Nicola Mazzucato Change-Id: Iadff8d6ba8160c1b757e6a1a9622473781b2027c (cherry picked from commit 5ae0a02e847335f4e35ae6aa0b68b80280794776) (cherry picked from commit 22e8e89c8f56ed65297cb728eb9471e0c7892074) Signed-off-by: Tomi Fontanilles --- secure_fw/partitions/ns_agent_mailbox/tfm_spe_mailbox.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/secure_fw/partitions/ns_agent_mailbox/tfm_spe_mailbox.c b/secure_fw/partitions/ns_agent_mailbox/tfm_spe_mailbox.c index 5470e2793..f0205be3c 100644 --- a/secure_fw/partitions/ns_agent_mailbox/tfm_spe_mailbox.c +++ b/secure_fw/partitions/ns_agent_mailbox/tfm_spe_mailbox.c @@ -144,13 +144,14 @@ static void mailbox_direct_reply(uint8_t idx, uint32_t result) uint32_t ret_result = result; /* Copy outvec lengths back if necessary */ - if (vectors[idx].in_use) { + if ((vectors[idx].in_use) && (result == PSA_SUCCESS)) { for (int i = 0; i < vectors[idx].out_len; i++) { vectors[idx].original_out_vec[i].len = vectors[idx].out_vec[i].len; } - vectors[idx].in_use = false; } + vectors[idx].in_use = false; + /* Get reply address */ reply_ptr = get_nspe_reply_addr(idx); spm_memcpy(&reply_ptr->return_val, &ret_result, From 2a18ee436aaa396404701bcb673e06335e258a35 Mon Sep 17 00:00:00 2001 From: Nicola Mazzucato Date: Wed, 18 Sep 2024 16:32:14 +0100 Subject: [PATCH 47/73] [nrf fromtree] TFMV-8: Fix unchecked user-supplied pointer via mailbox message Security Advisory TFMV-8 is documented: "Unchecked user-supplied pointer via mailbox messages may cause write of arbitrary address". Please check the advisory document for further details. Signed-off-by: Nicola Mazzucato Change-Id: Ieb72bbe046e4d909aab4728902fa5da61ab9bf0c (cherry picked from commit a691e2f5eb10d5dd59c5d0ac04a27ea3f803f801) (cherry picked from commit 15afe61d1194f74c20205724140697ea11069089) Signed-off-by: Tomi Fontanilles --- docs/security/security_advisories/index.rst | 7 +- ...pointers_mailbox_vectors_vulnerability.rst | 69 +++++++++++++++++++ 2 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 docs/security/security_advisories/user_pointers_mailbox_vectors_vulnerability.rst diff --git a/docs/security/security_advisories/index.rst b/docs/security/security_advisories/index.rst index c7829cedf..23145e774 100644 --- a/docs/security/security_advisories/index.rst +++ b/docs/security/security_advisories/index.rst @@ -13,6 +13,7 @@ Security Advisories fwu_write_vulnerability cc3xx_partial_tag_compare_on_chacha20_poly1305 debug_log_vulnerability + user_pointers_mailbox_vectors_vulnerability +------------+-----------------------------------------------------------------+ | ID | Title | @@ -36,6 +37,9 @@ Security Advisories +------------+-----------------------------------------------------------------+ | |TFMV-7| | ARoT can access PRoT data via debug logging functionality | +------------+-----------------------------------------------------------------+ +| |TFMV-8| | Unchecked user-supplied pointer via mailbox messages may cause | +| | write of arbitrary address | ++------------+-----------------------------------------------------------------+ .. |TFMV-1| replace:: :doc:`TFMV-1 ` .. |TFMV-2| replace:: :doc:`TFMV-2 ` @@ -44,7 +48,8 @@ Security Advisories .. |TFMV-5| replace:: :doc:`TFMV-5 ` .. |TFMV-6| replace:: :doc:`TFMV-6 ` .. |TFMV-7| replace:: :doc:`TFMV-7 ` +.. |TFMV-8| replace:: :doc:`TFMV-8 ` -------------- -*Copyright (c) 2020-2023, Arm Limited. All rights reserved.* +*Copyright (c) 2020-2024, Arm Limited. All rights reserved.* diff --git a/docs/security/security_advisories/user_pointers_mailbox_vectors_vulnerability.rst b/docs/security/security_advisories/user_pointers_mailbox_vectors_vulnerability.rst new file mode 100644 index 000000000..1fe12a357 --- /dev/null +++ b/docs/security/security_advisories/user_pointers_mailbox_vectors_vulnerability.rst @@ -0,0 +1,69 @@ +Advisory TFMV-8 +=============== + ++-----------------+------------------------------------------------------------+ +| Title | Unchecked user-supplied pointer via mailbox messages may | +| | cause write of arbitrary address. | ++=================+============================================================+ +| CVE ID | `CVE-2024-45746`_ | ++-----------------+------------------------------------------------------------+ +| Public | October 02, 2024 | +| Disclosure Date | | ++-----------------+------------------------------------------------------------+ +| Versions | All version from TF-Mv1.6.0 up to TF-Mv2.1.0 inclusive | +| Affected | | ++-----------------+------------------------------------------------------------+ +| Configurations | Platforms with standard mailbox dispatcher | +| | ``tfm_spe_mailbox``. | ++-----------------+------------------------------------------------------------+ +| Impact | The mailbox message could contain arbitrary pointers which,| +| | in case of psa_call failure, would lead to write to a | +| | user-specified adddress in memory. | ++-----------------+------------------------------------------------------------+ +| Fix Version | 5ae0a02e8 TF-M v2.1.1 | ++-----------------+------------------------------------------------------------+ +| Credit | Infineon Technologies AG, in collaboration with: Tobias | +| | Scharnowski, Simon Wörner and Johannes Willbold from | +| | fuzzware.io. | ++-----------------+------------------------------------------------------------+ + +Background +---------- + +The psa_call message through the mailbox contains input/output vectors along +with their respective lengths. This message is provided by a NSPE client. +SPE takes the message and pass it to the mailbox dispatcher (tfm_spe_mailbox), +which handles the message by performing a copy of the i/o vectors into local +arrays. When either the client_id translation or the psa_call fails, the +dispatcher replies immediately to the client. At that moment, the outvec is +written back for its given length, which may not have been sanitized beforehand, +resulting in arbitrary access of memory if the provided length goes beyond the +legit vector size. + +Impact +------ + +When the dispatcher in tfm_spe_mailbox is used, a user through mailbox could +write into arbitrary address by first placing the malicious data into the local +vectors with a bad message, then subsequently sending a psa_call with an invalid +vector length. If both calls fail, the reply routine in tfm_spe_mailbox could +take the injected data and write it into a desired location specified by the +invalid length. +Note that the above sequence would require sending the two mesages through two +different mailbox slots. + +Mitigation +---------- + +Ensure that the outvec is written back only when the psa operation is +successful. Any errors ahead of replying must be taken as a hint to avoid such +write-back since they may be due to wrong supplied user-data in the vectors +(pointers, length etc). +To achieve the above, proper sanitization of input data must also be performed +and related errors propagated to the reply subroutine. + +.. _CVE-2024-45746: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45746 + +--------------------- + +*Copyright (c) 2024, Arm Limited. All rights reserved.* From 7bc4668a6fb91d2c36b7a2cfa333724283d18221 Mon Sep 17 00:00:00 2001 From: Nicola Mazzucato Date: Thu, 3 Oct 2024 09:22:16 +0100 Subject: [PATCH 48/73] [nrf fromtree] tfm_spe_mailbox: Use local vars for local_copy_vects Minor tidy-up to use local in_vec and out_vec in local_copy_vects. Signed-off-by: Nicola Mazzucato Suggested-by: Chris Brand Change-Id: I7179d668e42b27a1d18ccf727008cc47e549a7ef (cherry picked from commit 64b6ea548bca14131e78bf9499ceecd3f7506206) (cherry picked from commit a2cead6a9ef4438154c054f6a77e614fdf7174c1) Signed-off-by: Tomi Fontanilles --- secure_fw/partitions/ns_agent_mailbox/tfm_spe_mailbox.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/secure_fw/partitions/ns_agent_mailbox/tfm_spe_mailbox.c b/secure_fw/partitions/ns_agent_mailbox/tfm_spe_mailbox.c index f0205be3c..97e9f19e6 100644 --- a/secure_fw/partitions/ns_agent_mailbox/tfm_spe_mailbox.c +++ b/secure_fw/partitions/ns_agent_mailbox/tfm_spe_mailbox.c @@ -196,7 +196,7 @@ static int local_copy_vects(const struct psa_client_params_t *params, } for (unsigned int i = 0; i < PSA_MAX_IOVEC; i++) { - if (i < params->psa_call_params.in_len) { + if (i < in_len) { vectors[idx].in_vec[i] = params->psa_call_params.in_vec[i]; } else { vectors[idx].in_vec[i].base = 0; @@ -205,7 +205,7 @@ static int local_copy_vects(const struct psa_client_params_t *params, } for (unsigned int i = 0; i < PSA_MAX_IOVEC; i++) { - if (i < params->psa_call_params.out_len) { + if (i < out_len) { vectors[idx].out_vec[i] = params->psa_call_params.out_vec[i]; } else { vectors[idx].out_vec[i].base = 0; @@ -216,7 +216,7 @@ static int local_copy_vects(const struct psa_client_params_t *params, *control = PARAM_SET_NS_INVEC(*control); *control = PARAM_SET_NS_OUTVEC(*control); - vectors[idx].out_len = params->psa_call_params.out_len; + vectors[idx].out_len = out_len; vectors[idx].original_out_vec = params->psa_call_params.out_vec; vectors[idx].in_use = true; From 23a04745f62e42e5d0e0e8b801e4feb60c63dc1d Mon Sep 17 00:00:00 2001 From: Bohdan Hunko Date: Wed, 2 Oct 2024 15:39:12 +0300 Subject: [PATCH 49/73] [nrf fromtree] Crypto: Additional checks for writes to avoid out-of-bound access Fix some checks, add some more missed checks. With that, add missing brackets. Change-Id: Ie642abf61bd4789cc5d51ba66efe2e852b6659fa Signed-off-by: Bohdan Hunko (cherry picked from commit 62b1300557c588124a0c617a82cf397407d6676d) Signed-off-by: Tomi Fontanilles --- secure_fw/partitions/crypto/crypto_aead.c | 4 ++-- secure_fw/partitions/crypto/crypto_cipher.c | 4 ++-- secure_fw/partitions/crypto/crypto_hash.c | 7 ++++--- .../partitions/crypto/crypto_key_derivation.c | 15 ++++++++++++--- .../partitions/crypto/crypto_key_management.c | 12 ++++++------ secure_fw/partitions/crypto/crypto_mac.c | 4 ++-- 6 files changed, 28 insertions(+), 18 deletions(-) diff --git a/secure_fw/partitions/crypto/crypto_aead.c b/secure_fw/partitions/crypto/crypto_aead.c index 7952f9f14..db57d1906 100644 --- a/secure_fw/partitions/crypto/crypto_aead.c +++ b/secure_fw/partitions/crypto/crypto_aead.c @@ -94,7 +94,7 @@ psa_status_t tfm_crypto_aead_interface(psa_invec in_vec[], if ((sid == TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID) || (sid == TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID)) { p_handle = out_vec[0].base; - if (out_vec[0].base == NULL || out_vec[0].len < sizeof(uint32_t)) { + if ((out_vec[0].base == NULL) || (out_vec[0].len < sizeof(uint32_t))) { return PSA_ERROR_PROGRAMMER_ERROR; } *p_handle = iov->op_handle; @@ -116,7 +116,7 @@ psa_status_t tfm_crypto_aead_interface(psa_invec in_vec[], * if lookup fails. */ p_handle = out_vec[0].base; - if (out_vec[0].base == NULL || out_vec[0].len < sizeof(uint32_t)) { + if ((out_vec[0].base == NULL) || (out_vec[0].len < sizeof(uint32_t))) { return PSA_ERROR_PROGRAMMER_ERROR; } *p_handle = iov->op_handle; diff --git a/secure_fw/partitions/crypto/crypto_cipher.c b/secure_fw/partitions/crypto/crypto_cipher.c index d307c5150..bca6d89c9 100644 --- a/secure_fw/partitions/crypto/crypto_cipher.c +++ b/secure_fw/partitions/crypto/crypto_cipher.c @@ -75,7 +75,7 @@ psa_status_t tfm_crypto_cipher_interface(psa_invec in_vec[], if ((sid == TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID) || (sid == TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID)) { p_handle = out_vec[0].base; - if (out_vec[0].base == NULL || out_vec[0].len < sizeof(uint32_t)) { + if ((out_vec[0].base == NULL) || (out_vec[0].len < sizeof(uint32_t))) { return PSA_ERROR_PROGRAMMER_ERROR; } *p_handle = iov->op_handle; @@ -95,7 +95,7 @@ psa_status_t tfm_crypto_cipher_interface(psa_invec in_vec[], * override the original handle value in client, after lookup fails. */ p_handle = out_vec[0].base; - if (out_vec[0].base == NULL || out_vec[0].len < sizeof(uint32_t)) { + if ((out_vec[0].base == NULL) || (out_vec[0].len < sizeof(uint32_t))) { return PSA_ERROR_PROGRAMMER_ERROR; } *p_handle = iov->op_handle; diff --git a/secure_fw/partitions/crypto/crypto_hash.c b/secure_fw/partitions/crypto/crypto_hash.c index 4972efa65..e494c561a 100644 --- a/secure_fw/partitions/crypto/crypto_hash.c +++ b/secure_fw/partitions/crypto/crypto_hash.c @@ -64,7 +64,7 @@ psa_status_t tfm_crypto_hash_interface(psa_invec in_vec[], if (sid == TFM_CRYPTO_HASH_SETUP_SID) { p_handle = out_vec[0].base; - if (out_vec[0].base == NULL || out_vec[0].len < sizeof(uint32_t)) { + if ((out_vec[0].base == NULL) || (out_vec[0].len < sizeof(uint32_t))) { return PSA_ERROR_PROGRAMMER_ERROR; } *p_handle = iov->op_handle; @@ -85,7 +85,7 @@ psa_status_t tfm_crypto_hash_interface(psa_invec in_vec[], * override the original handle value in client, after lookup fails. */ p_handle = out_vec[0].base; - if (out_vec[0].base == NULL || out_vec[0].len < sizeof(uint32_t)) { + if ((out_vec[0].base == NULL) || (out_vec[0].len < sizeof(uint32_t))) { return PSA_ERROR_PROGRAMMER_ERROR; } *p_handle = iov->op_handle; @@ -156,7 +156,8 @@ psa_status_t tfm_crypto_hash_interface(psa_invec in_vec[], { psa_hash_operation_t *target_operation = NULL; p_handle = out_vec[0].base; - if (out_vec[0].base == NULL || out_vec[0].len < sizeof(uint32_t) || in_vec[1].base == NULL) { + if ((out_vec[0].base == NULL) || (out_vec[0].len < sizeof(uint32_t)) || + (in_vec[1].base == NULL) || (in_vec[1].len < sizeof(uint32_t))) { return PSA_ERROR_PROGRAMMER_ERROR; } *p_handle = *((uint32_t *)in_vec[1].base); diff --git a/secure_fw/partitions/crypto/crypto_key_derivation.c b/secure_fw/partitions/crypto/crypto_key_derivation.c index 1cf94c8e4..3462113f1 100644 --- a/secure_fw/partitions/crypto/crypto_key_derivation.c +++ b/secure_fw/partitions/crypto/crypto_key_derivation.c @@ -51,6 +51,11 @@ psa_status_t tfm_crypto_key_derivation_interface(psa_invec in_vec[], if (sid == TFM_CRYPTO_KEY_DERIVATION_SETUP_SID) { p_handle = out_vec[0].base; + + if ((out_vec[0].base == NULL) || (out_vec[0].len < sizeof(*p_handle))) { + return PSA_ERROR_PROGRAMMER_ERROR; + } + *p_handle = iov->op_handle; status = tfm_crypto_operation_alloc(TFM_CRYPTO_KEY_DERIVATION_OPERATION, out_vec[0].base, @@ -80,6 +85,10 @@ psa_status_t tfm_crypto_key_derivation_interface(psa_invec in_vec[], { size_t *capacity = out_vec[0].base; + if ((out_vec[0].base == NULL) || (out_vec[0].len != sizeof(*capacity))) { + return PSA_ERROR_PROGRAMMER_ERROR; + } + return psa_key_derivation_get_capacity(operation, capacity); } case TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID: @@ -115,11 +124,11 @@ psa_status_t tfm_crypto_key_derivation_interface(psa_invec in_vec[], { psa_key_id_t *key_handle = out_vec[0].base; psa_key_attributes_t srv_key_attr; - if (out_vec[0].base == NULL || out_vec[0].len < sizeof(psa_key_id_t)) { + if ((out_vec[0].base == NULL) || (out_vec[0].len < sizeof(psa_key_id_t))) { return PSA_ERROR_PROGRAMMER_ERROR; } - if (in_vec[1].base == NULL || out_vec[0].len > sizeof(psa_key_attributes_t)) { + if ((in_vec[1].base == NULL) || (in_vec[1].len != (sizeof(srv_key_attr) - sizeof(mbedtls_key_owner_id_t)))) { return PSA_ERROR_PROGRAMMER_ERROR; } memcpy(&srv_key_attr, in_vec[1].base, in_vec[1].len); @@ -134,7 +143,7 @@ psa_status_t tfm_crypto_key_derivation_interface(psa_invec in_vec[], case TFM_CRYPTO_KEY_DERIVATION_ABORT_SID: { p_handle = out_vec[0].base; - if (out_vec[0].base == NULL || out_vec[0].len < sizeof(iov->op_handle)) { + if ((out_vec[0].base == NULL) || (out_vec[0].len < sizeof(iov->op_handle))) { return PSA_ERROR_PROGRAMMER_ERROR; } *p_handle = iov->op_handle; diff --git a/secure_fw/partitions/crypto/crypto_key_management.c b/secure_fw/partitions/crypto/crypto_key_management.c index 7b85e7726..95a85dae7 100644 --- a/secure_fw/partitions/crypto/crypto_key_management.c +++ b/secure_fw/partitions/crypto/crypto_key_management.c @@ -39,7 +39,7 @@ psa_status_t tfm_crypto_key_management_interface(psa_invec in_vec[], case TFM_CRYPTO_IMPORT_KEY_SID: case TFM_CRYPTO_COPY_KEY_SID: case TFM_CRYPTO_GENERATE_KEY_SID: - if (in_vec[1].base == NULL || in_vec[1].len > sizeof(psa_key_attributes_t)) { + if ((in_vec[1].base == NULL) || (in_vec[1].len != (sizeof(srv_key_attr) - sizeof(mbedtls_key_owner_id_t)))) { return PSA_ERROR_PROGRAMMER_ERROR; } memcpy(&srv_key_attr, in_vec[1].base, in_vec[1].len); @@ -55,7 +55,7 @@ psa_status_t tfm_crypto_key_management_interface(psa_invec in_vec[], const uint8_t *data = in_vec[2].base; size_t data_length = in_vec[2].len; psa_key_id_t *key_id = out_vec[0].base; - if (out_vec[0].base == NULL || out_vec[0].len < sizeof(psa_key_id_t)) { + if ((out_vec[0].base == NULL) || (out_vec[0].len < sizeof(psa_key_id_t))) { return PSA_ERROR_PROGRAMMER_ERROR; } @@ -68,7 +68,7 @@ psa_status_t tfm_crypto_key_management_interface(psa_invec in_vec[], case TFM_CRYPTO_OPEN_KEY_SID: { psa_key_id_t *key_id = out_vec[0].base; - if (out_vec[0].base == NULL || out_vec[0].len < sizeof(psa_key_id_t)) { + if ((out_vec[0].base == NULL) || (out_vec[0].len < sizeof(psa_key_id_t))) { return PSA_ERROR_PROGRAMMER_ERROR; } @@ -98,7 +98,7 @@ psa_status_t tfm_crypto_key_management_interface(psa_invec in_vec[], * only the client view of it, i.e. without the owner field at the * end of the structure */ - if (out_vec[0].base == NULL || out_vec[0].len > sizeof(psa_key_attributes_t)) { + if ((out_vec[0].base == NULL) || (out_vec[0].len > sizeof(psa_key_attributes_t))) { return PSA_ERROR_PROGRAMMER_ERROR; } memcpy(key_attributes, &srv_key_attr, out_vec[0].len); @@ -137,7 +137,7 @@ psa_status_t tfm_crypto_key_management_interface(psa_invec in_vec[], { psa_key_id_t *target_key_id = out_vec[0].base; tfm_crypto_library_key_id_t target_key = tfm_crypto_library_key_id_init_default(); - if (out_vec[0].base == NULL || out_vec[0].len < sizeof(psa_key_id_t)) { + if ((out_vec[0].base == NULL) || (out_vec[0].len < sizeof(psa_key_id_t))) { return PSA_ERROR_PROGRAMMER_ERROR; } @@ -154,7 +154,7 @@ psa_status_t tfm_crypto_key_management_interface(psa_invec in_vec[], case TFM_CRYPTO_GENERATE_KEY_SID: { psa_key_id_t *key_handle = out_vec[0].base; - if (out_vec[0].base == NULL || out_vec[0].len < sizeof(psa_key_id_t)) { + if ((out_vec[0].base == NULL) || (out_vec[0].len < sizeof(psa_key_id_t))) { return PSA_ERROR_PROGRAMMER_ERROR; } diff --git a/secure_fw/partitions/crypto/crypto_mac.c b/secure_fw/partitions/crypto/crypto_mac.c index 301473223..bb8571de8 100644 --- a/secure_fw/partitions/crypto/crypto_mac.c +++ b/secure_fw/partitions/crypto/crypto_mac.c @@ -71,7 +71,7 @@ psa_status_t tfm_crypto_mac_interface(psa_invec in_vec[], if ((sid == TFM_CRYPTO_MAC_SIGN_SETUP_SID) || (sid == TFM_CRYPTO_MAC_VERIFY_SETUP_SID)) { p_handle = out_vec[0].base; - if (out_vec[0].base == NULL || out_vec[0].len < sizeof(uint32_t)) { + if ((out_vec[0].base == NULL) || (out_vec[0].len < sizeof(uint32_t))) { return PSA_ERROR_PROGRAMMER_ERROR; } *p_handle = iov->op_handle; @@ -92,7 +92,7 @@ psa_status_t tfm_crypto_mac_interface(psa_invec in_vec[], * override the original handle value in client, after lookup fails. */ p_handle = out_vec[0].base; - if (out_vec[0].base == NULL || out_vec[0].len < sizeof(uint32_t)) { + if ((out_vec[0].base == NULL) || (out_vec[0].len < sizeof(uint32_t))) { return PSA_ERROR_PROGRAMMER_ERROR; } *p_handle = iov->op_handle; From c94446c134a7afc3015a1fd90570cdbfc0de52a1 Mon Sep 17 00:00:00 2001 From: Antonio de Angelis Date: Tue, 1 Oct 2024 09:37:23 +0100 Subject: [PATCH 50/73] [nrf fromtree] Crypto: Enforce MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS on Mbed TLS config The TF-M Crypto service is configured by default not to enable the memory mapped IOVEC, hence keep the MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS on to avoid unnecessary copying of parameters back and forth. Signed-off-by: Antonio de Angelis Change-Id: Ia267cad1a248b29d96efdf5f5acfcf92b743de97 (cherry picked from commit 89b9c4889c60b547f8646f55d69c09d3660fe7f7) Signed-off-by: Tomi Fontanilles --- .../tfm_mbedcrypto_config_default.h | 20 +++++++++++++++++++ .../tfm_mbedcrypto_config_profile_large.h | 20 +++++++++++++++++++ .../tfm_mbedcrypto_config_profile_medium.h | 20 +++++++++++++++++++ .../tfm_mbedcrypto_config_profile_small.h | 20 +++++++++++++++++++ 4 files changed, 80 insertions(+) diff --git a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_default.h b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_default.h index 85c94032b..d64f8dc6d 100644 --- a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_default.h +++ b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_default.h @@ -198,6 +198,26 @@ */ #define MBEDTLS_PK_RSA_ALT_SUPPORT +/** + * \def MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS + * + * Assume all buffers passed to PSA functions are owned exclusively by the + * PSA function and are not stored in shared memory. + * + * This option may be enabled if all buffers passed to any PSA function reside + * in memory that is accessible only to the PSA function during its execution. + * + * This option MUST be disabled whenever buffer arguments are in memory shared + * with an untrusted party, for example where arguments to PSA calls are passed + * across a trust boundary. + * + * \note Enabling this option reduces memory usage and code size. + * + * \note Enabling this option causes overlap of input and output buffers + * not to be supported by PSA functions. + */ +#define MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS + /** * \def MBEDTLS_PSA_CRYPTO_CONFIG * diff --git a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_large.h b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_large.h index 10ffeaa3d..9722269f6 100644 --- a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_large.h +++ b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_large.h @@ -199,6 +199,26 @@ */ #define MBEDTLS_PK_RSA_ALT_SUPPORT +/** + * \def MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS + * + * Assume all buffers passed to PSA functions are owned exclusively by the + * PSA function and are not stored in shared memory. + * + * This option may be enabled if all buffers passed to any PSA function reside + * in memory that is accessible only to the PSA function during its execution. + * + * This option MUST be disabled whenever buffer arguments are in memory shared + * with an untrusted party, for example where arguments to PSA calls are passed + * across a trust boundary. + * + * \note Enabling this option reduces memory usage and code size. + * + * \note Enabling this option causes overlap of input and output buffers + * not to be supported by PSA functions. + */ +#define MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS + /** * \def MBEDTLS_PSA_CRYPTO_CONFIG * diff --git a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_medium.h b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_medium.h index 61ed556c9..8c517a2af 100644 --- a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_medium.h +++ b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_medium.h @@ -192,6 +192,26 @@ */ #define MBEDTLS_SHA256_SMALLER +/** + * \def MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS + * + * Assume all buffers passed to PSA functions are owned exclusively by the + * PSA function and are not stored in shared memory. + * + * This option may be enabled if all buffers passed to any PSA function reside + * in memory that is accessible only to the PSA function during its execution. + * + * This option MUST be disabled whenever buffer arguments are in memory shared + * with an untrusted party, for example where arguments to PSA calls are passed + * across a trust boundary. + * + * \note Enabling this option reduces memory usage and code size. + * + * \note Enabling this option causes overlap of input and output buffers + * not to be supported by PSA functions. + */ +#define MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS + /** * \def MBEDTLS_PSA_CRYPTO_CONFIG * diff --git a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small.h b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small.h index ffb8113d9..848600816 100644 --- a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small.h +++ b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small.h @@ -181,6 +181,26 @@ */ #define MBEDTLS_SHA256_SMALLER +/** + * \def MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS + * + * Assume all buffers passed to PSA functions are owned exclusively by the + * PSA function and are not stored in shared memory. + * + * This option may be enabled if all buffers passed to any PSA function reside + * in memory that is accessible only to the PSA function during its execution. + * + * This option MUST be disabled whenever buffer arguments are in memory shared + * with an untrusted party, for example where arguments to PSA calls are passed + * across a trust boundary. + * + * \note Enabling this option reduces memory usage and code size. + * + * \note Enabling this option causes overlap of input and output buffers + * not to be supported by PSA functions. + */ +#define MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS + /** * \def MBEDTLS_PSA_CRYPTO_CONFIG * From 60a00fccc44c58a758f6b044b36b037fae64010c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mikolai=20G=C3=BCtschow?= Date: Wed, 9 Oct 2024 18:31:01 +0200 Subject: [PATCH 51/73] [nrf fromtree] cc3xx/low-level/pka: wait for sw reset to be done before proceeding MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit nRF52840's CRYPTOCELL implementation of cc310 was dead-locking otherwise on the first PKA operation Signed-off-by: Mikolai Gütschow Change-Id: Ifdc75aa1d2a0c71c8fbce5917375216388f55f68 (cherry picked from commit 974bc101e0b20f5e1cb137262004d4ce8f121273) Signed-off-by: Tomi Fontanilles --- platform/ext/accelerator/cc312/cc312-rom/cc3xx_pka.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/platform/ext/accelerator/cc312/cc312-rom/cc3xx_pka.c b/platform/ext/accelerator/cc312/cc312-rom/cc3xx_pka.c index bfbc7e97f..e89a446de 100644 --- a/platform/ext/accelerator/cc312/cc312-rom/cc3xx_pka.c +++ b/platform/ext/accelerator/cc312/cc312-rom/cc3xx_pka.c @@ -162,6 +162,9 @@ static void pka_init_from_state(void) P_CC3XX->misc.pka_clk_enable = 1; P_CC3XX->pka.pka_sw_reset = 1; + /* Wait for SW reset to complete before proceeding */ + while(!P_CC3XX->pka.pka_done) {} + /* The TRM says that this register is a byte-size, but it is in fact a * bit-size. */ From 4eff7c839503a7e75a10b1dbe12caa07454bd5f4 Mon Sep 17 00:00:00 2001 From: Bohdan Hunko Date: Wed, 9 Oct 2024 17:30:44 +0300 Subject: [PATCH 52/73] [nrf fromtree] tfm_spe_mailbox: Fix NULL pointer checks in/out vectors can be NULL as long as size is 0. Change-Id: Ie4c03b01224260001600b94aa22886f6d8cd62e7 Signed-off-by: Bohdan Hunko (cherry picked from commit 7da71fd05445a3503dbe20e751070aed837539d0) Signed-off-by: Tomi Fontanilles --- .../partitions/ns_agent_mailbox/tfm_spe_mailbox.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/secure_fw/partitions/ns_agent_mailbox/tfm_spe_mailbox.c b/secure_fw/partitions/ns_agent_mailbox/tfm_spe_mailbox.c index 97e9f19e6..c15286eb4 100644 --- a/secure_fw/partitions/ns_agent_mailbox/tfm_spe_mailbox.c +++ b/secure_fw/partitions/ns_agent_mailbox/tfm_spe_mailbox.c @@ -181,14 +181,14 @@ static int local_copy_vects(const struct psa_client_params_t *params, { size_t in_len, out_len; - if ((params->psa_call_params.out_vec == NULL) || - (params->psa_call_params.in_vec == NULL)) { - return MAILBOX_INVAL_PARAMS; - } - in_len = params->psa_call_params.in_len; out_len = params->psa_call_params.out_len; + if (((params->psa_call_params.out_vec == NULL) && (out_len != 0)) || + ((params->psa_call_params.in_vec == NULL) && (in_len != 0))) { + return MAILBOX_INVAL_PARAMS; + } + if ((in_len > PSA_MAX_IOVEC) || (out_len > PSA_MAX_IOVEC) || ((in_len + out_len) > PSA_MAX_IOVEC)) { From 899f0f54e76d41d70fac538f8a2d2cf171294a3b Mon Sep 17 00:00:00 2001 From: Antonio de Angelis Date: Wed, 16 Oct 2024 19:15:25 +0100 Subject: [PATCH 53/73] [nrf fromtree] Crypto: Add option to enforce ABI compatibility Some integration decide to enforce ABI compatibility between the client interfaces and the crypto service interfaces for PSA Crypto API. In this case the structures have the same layout hence make sure that the service performs the appropriate checks on parameters. Enable this through the CRYPTO_LIBRARY_ABI_COMPAT option during TF-M Crypto service build. Signed-off-by: Antonio de Angelis Change-Id: I056831f7fcd74d9c45010aa1d79ad10418c1f1f3 (cherry picked from commit 471c127e77557e73582851528ca9b688abd97fcb) Signed-off-by: Tomi Fontanilles --- config/config_base.h | 10 ++++++++++ config/profile/config_profile_large.h | 10 ++++++++++ config/profile/config_profile_medium.h | 10 ++++++++++ config/profile/config_profile_medium_arotless.h | 10 ++++++++++ config/profile/config_profile_small.h | 10 ++++++++++ secure_fw/partitions/crypto/Kconfig.comp | 10 ++++++++++ secure_fw/partitions/crypto/crypto_key_derivation.c | 3 ++- secure_fw/partitions/crypto/crypto_key_management.c | 3 ++- secure_fw/partitions/crypto/crypto_library.h | 13 +++++++++++++ 9 files changed, 77 insertions(+), 2 deletions(-) diff --git a/config/config_base.h b/config/config_base.h index ac96b743a..22fafc9a0 100644 --- a/config/config_base.h +++ b/config/config_base.h @@ -111,6 +111,16 @@ #define CRYPTO_SINGLE_PART_FUNCS_DISABLED 0 #endif +/* + * The service assumes that the client interface and internal + * interface towards the library that provides the PSA Crypto + * core component maintain the same ABI. This is not the default + * when using the Mbed TLS reference implementation + */ +#ifndef CRYPTO_LIBRARY_ABI_COMPAT +#define CRYPTO_LIBRARY_ABI_COMPAT (0) +#endif + /* The stack size of the Crypto Secure Partition */ #ifndef CRYPTO_STACK_SIZE #define CRYPTO_STACK_SIZE 0x1B00 diff --git a/config/profile/config_profile_large.h b/config/profile/config_profile_large.h index 948b0407f..8c965d945 100644 --- a/config/profile/config_profile_large.h +++ b/config/profile/config_profile_large.h @@ -32,6 +32,16 @@ /* Crypto Partition Configs */ +/* + * The service assumes that the client interface and internal + * interface towards the library that provides the PSA Crypto + * core component maintain the same ABI. This is not the default + * when using the Mbed TLS reference implementation + */ +#ifndef CRYPTO_LIBRARY_ABI_COMPAT +#define CRYPTO_LIBRARY_ABI_COMPAT (0) +#endif + /* * Heap size for the crypto backend * CRYPTO_ENGINE_BUF_SIZE needs to be >8KB for EC signing by attest module. diff --git a/config/profile/config_profile_medium.h b/config/profile/config_profile_medium.h index 4787c627f..8ca9da136 100644 --- a/config/profile/config_profile_medium.h +++ b/config/profile/config_profile_medium.h @@ -108,6 +108,16 @@ #define CRYPTO_SINGLE_PART_FUNCS_DISABLED 0 #endif +/* + * The service assumes that the client interface and internal + * interface towards the library that provides the PSA Crypto + * core component maintain the same ABI. This is not the default + * when using the Mbed TLS reference implementation + */ +#ifndef CRYPTO_LIBRARY_ABI_COMPAT +#define CRYPTO_LIBRARY_ABI_COMPAT (0) +#endif + /* The stack size of the Crypto Secure Partition */ #ifndef CRYPTO_STACK_SIZE #define CRYPTO_STACK_SIZE 0x1B00 diff --git a/config/profile/config_profile_medium_arotless.h b/config/profile/config_profile_medium_arotless.h index 77be11f6a..0ea13e102 100644 --- a/config/profile/config_profile_medium_arotless.h +++ b/config/profile/config_profile_medium_arotless.h @@ -108,6 +108,16 @@ #define CRYPTO_SINGLE_PART_FUNCS_DISABLED 0 #endif +/* + * The service assumes that the client interface and internal + * interface towards the library that provides the PSA Crypto + * core component maintain the same ABI. This is not the default + * when using the Mbed TLS reference implementation + */ +#ifndef CRYPTO_LIBRARY_ABI_COMPAT +#define CRYPTO_LIBRARY_ABI_COMPAT (0) +#endif + /* The stack size of the Crypto Secure Partition */ #ifndef CRYPTO_STACK_SIZE #define CRYPTO_STACK_SIZE 0x1B00 diff --git a/config/profile/config_profile_small.h b/config/profile/config_profile_small.h index 7ebc130ae..914ce8008 100644 --- a/config/profile/config_profile_small.h +++ b/config/profile/config_profile_small.h @@ -105,6 +105,16 @@ #define CRYPTO_SINGLE_PART_FUNCS_DISABLED 1 #endif +/* + * The service assumes that the client interface and internal + * interface towards the library that provides the PSA Crypto + * core component maintain the same ABI. This is not the default + * when using the Mbed TLS reference implementation + */ +#ifndef CRYPTO_LIBRARY_ABI_COMPAT +#define CRYPTO_LIBRARY_ABI_COMPAT (0) +#endif + /* The stack size of the Crypto Secure Partition */ #ifndef CRYPTO_STACK_SIZE #define CRYPTO_STACK_SIZE 0x1B00 diff --git a/secure_fw/partitions/crypto/Kconfig.comp b/secure_fw/partitions/crypto/Kconfig.comp index 6ec20387e..0d07de65f 100644 --- a/secure_fw/partitions/crypto/Kconfig.comp +++ b/secure_fw/partitions/crypto/Kconfig.comp @@ -8,6 +8,16 @@ menu "Crypto component options" depends on TFM_PARTITION_CRYPTO +config CRYPTO_LIBRARY_ABI_COMPAT + bool "The interfaces towards PSA Crypto in the service and towards the service are the same" + default n + help + The crypto service acts as a layer between a client and towards a library that provides + PSA Crypto APIs through the implementation of a PSA Crypto core component. With this option + set, the crypto service assumes that the ABI of the internal interface is the same as the + client interface. This is not the default case when using the headers provided by the Mbed + TLS reference implementation + config CRYPTO_STACK_SIZE hex "Stack size" default 0x1B00 diff --git a/secure_fw/partitions/crypto/crypto_key_derivation.c b/secure_fw/partitions/crypto/crypto_key_derivation.c index 3462113f1..747d596a8 100644 --- a/secure_fw/partitions/crypto/crypto_key_derivation.c +++ b/secure_fw/partitions/crypto/crypto_key_derivation.c @@ -128,7 +128,8 @@ psa_status_t tfm_crypto_key_derivation_interface(psa_invec in_vec[], return PSA_ERROR_PROGRAMMER_ERROR; } - if ((in_vec[1].base == NULL) || (in_vec[1].len != (sizeof(srv_key_attr) - sizeof(mbedtls_key_owner_id_t)))) { + if ((in_vec[1].base == NULL) || + (in_vec[1].len != (sizeof(srv_key_attr) - TFM_CRYPTO_KEY_ATTR_OFFSET_CLIENT_SERVER))) { return PSA_ERROR_PROGRAMMER_ERROR; } memcpy(&srv_key_attr, in_vec[1].base, in_vec[1].len); diff --git a/secure_fw/partitions/crypto/crypto_key_management.c b/secure_fw/partitions/crypto/crypto_key_management.c index 95a85dae7..ed733e99d 100644 --- a/secure_fw/partitions/crypto/crypto_key_management.c +++ b/secure_fw/partitions/crypto/crypto_key_management.c @@ -39,7 +39,8 @@ psa_status_t tfm_crypto_key_management_interface(psa_invec in_vec[], case TFM_CRYPTO_IMPORT_KEY_SID: case TFM_CRYPTO_COPY_KEY_SID: case TFM_CRYPTO_GENERATE_KEY_SID: - if ((in_vec[1].base == NULL) || (in_vec[1].len != (sizeof(srv_key_attr) - sizeof(mbedtls_key_owner_id_t)))) { + if ((in_vec[1].base == NULL) || + (in_vec[1].len != (sizeof(srv_key_attr) - TFM_CRYPTO_KEY_ATTR_OFFSET_CLIENT_SERVER))) { return PSA_ERROR_PROGRAMMER_ERROR; } memcpy(&srv_key_attr, in_vec[1].base, in_vec[1].len); diff --git a/secure_fw/partitions/crypto/crypto_library.h b/secure_fw/partitions/crypto/crypto_library.h index 69704811d..e3058210f 100644 --- a/secure_fw/partitions/crypto/crypto_library.h +++ b/secure_fw/partitions/crypto/crypto_library.h @@ -24,6 +24,19 @@ extern "C" { #include "psa/crypto.h" +/** + * @brief Some integration might decide to enforce the same ABI on client and + * service interfaces to PSA Crypto defining the \a CRYPTO_LIBRARY_ABI_COMPAT + * In this case the size of the structure describing the key attributes + * is the same both in client and server views. The semantics remain + * unchanged + */ +#if defined(CRYPTO_LIBRARY_ABI_COMPAT) && (CRYPTO_LIBRARY_ABI_COMPAT == 1) +#define TFM_CRYPTO_KEY_ATTR_OFFSET_CLIENT_SERVER (0) +#else +#define TFM_CRYPTO_KEY_ATTR_OFFSET_CLIENT_SERVER (sizeof(mbedtls_key_owner_id_t)) +#endif /* CRYPTO_LIBRARY_ABI_COMPAT */ + /** * @brief This macro extracts the key ID from the library encoded key passed as parameter * From a4058573874370dab044c6db0633e347c6e68737 Mon Sep 17 00:00:00 2001 From: Markus Lassila Date: Fri, 18 Oct 2024 11:35:34 +0300 Subject: [PATCH 54/73] Revert "[nrf noup] platform: nordic_nrf: add support for nrf54l15dk" This reverts commit d76200476c9b6c137a6e5fc400264134ae589708. --- .../nordic_nrf/common/core/CMakeLists.txt | 3 +- .../nordic_nrf/common/core/nrfx_config.h | 2 +- .../services/src/tfm_platform_hal_ioctl.c | 2 +- .../nordic_nrf/common/core/startup_nrf54l15.c | 3 ++ .../nordic_nrf/common/core/target_cfg.c | 38 ++++++++++--------- .../nordic_nrf/common/core/target_cfg.h | 4 +- .../nordic_nrf/common/nrf54l15/cpuarch.cmake | 2 +- .../ns/CMakeLists.txt | 31 +++++++++++++++ .../ns/cpuarch_ns.cmake | 10 +++++ .../tfm_peripherals_config.h | 34 +++++++++++++++++ 10 files changed, 106 insertions(+), 23 deletions(-) create mode 100644 platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/CMakeLists.txt create mode 100644 platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/cpuarch_ns.cmake create mode 100644 platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tfm_peripherals_config.h diff --git a/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt b/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt index d7cb7dc1c..066143c4f 100644 --- a/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt +++ b/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt @@ -24,7 +24,7 @@ endif() # At the time of writing there is no systematic way to identify which # NVM technology is used by the SoC from the Kconfig, so we just # hardcode this information here instead. -if(NRF_SOC_VARIANT STREQUAL nrf54l15 OR (PSA_API_TEST_TARGET STREQUAL nrf54l15)) +if((NRF_SOC_VARIANT STREQUAL nrf54l15) OR (target STREQUAL nrf54l15) OR (PSA_API_TEST_TARGET STREQUAL nrf54l15)) # Maybe we only need to check one of these options but these # variables keep changing so we check both to be future proof set(HAS_RRAMC 1) @@ -274,3 +274,4 @@ install(DIRECTORY native_drivers install(FILES ${PLATFORM_DIR}/ext/common/gcc/tfm_common_ns.ld DESTINATION ${INSTALL_PLATFORM_NS_DIR}/linker_scripts) + diff --git a/platform/ext/target/nordic_nrf/common/core/nrfx_config.h b/platform/ext/target/nordic_nrf/common/core/nrfx_config.h index dbaf8fbf0..f76e49cdd 100644 --- a/platform/ext/target/nordic_nrf/common/core/nrfx_config.h +++ b/platform/ext/target/nordic_nrf/common/core/nrfx_config.h @@ -100,7 +100,7 @@ #include #elif defined(NRF91_SERIES) #include -#elif defined(NRF54L15_XXAA) +#elif defined(NRF54L15_ENGA_XXAA) #include #else #error "Unknown device." diff --git a/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c b/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c index ae909ca5b..8cfa2ecda 100644 --- a/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c +++ b/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c @@ -103,7 +103,7 @@ tfm_platform_hal_read_service(const psa_invec *in_vec, static bool valid_mcu_select(uint32_t mcu) { switch (mcu) { -#if defined(NRF54L15_XXAA) +#if defined(NRF54L15_ENGA_XXAA) case NRF_GPIO_PIN_SEL_GPIO: case NRF_GPIO_PIN_SEL_VPR: case NRF_GPIO_PIN_SEL_GRTC: diff --git a/platform/ext/target/nordic_nrf/common/core/startup_nrf54l15.c b/platform/ext/target/nordic_nrf/common/core/startup_nrf54l15.c index b940ae8c3..aa81ab1b1 100644 --- a/platform/ext/target/nordic_nrf/common/core/startup_nrf54l15.c +++ b/platform/ext/target/nordic_nrf/common/core/startup_nrf54l15.c @@ -21,6 +21,9 @@ * Git SHA: 2b7495b8535bdcb306dac29b9ded4cfb679d7e5c */ +// TODO: NCSDK-25033: Support interrupt handling in TF-M. The IRQs +// below correspond to nrf53, not nrf54L. + /* * Define __VECTOR_TABLE_ATTRIBUTE (which can be provided by cmsis.h) * before including cmsis.h because TF-M's linker script diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.c b/platform/ext/target/nordic_nrf/common/core/target_cfg.c index d65988e4a..f9f7fc742 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.c +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.c @@ -15,6 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ + #include "target_cfg.h" #include "region_defs.h" #include "tfm_plat_defs.h" @@ -65,15 +66,14 @@ #define PIN_XL1 0 #define PIN_XL2 1 #endif - -#ifdef NRF54L15_XXAA +#ifdef NRF54L15_ENGA_XXAA /* On nRF54L15 XL1 and XL2 are(P1.00) and XL2(P1.01) */ #define PIN_XL1 32 #define PIN_XL2 33 /* During TF-M system initialization we invoke a function that comes * from Zephyr. This function does not have a header file so we - * declare its prototype here. + * declare it's prototype here. */ int nordicsemi_nrf54l_init(void); #endif @@ -833,7 +833,7 @@ enum tfm_plat_err_t init_debug(void) } #endif -#elif defined(NRF91_SERIES) || defined(NRF54L15_XXAA) +#elif defined(NRF91_SERIES) || defined(NRF54L15_ENGA_XXAA) #if !defined(DAUTH_CHIP_DEFAULT) #error "Debug access on this platform can only be configured by programming the corresponding registers in UICR." @@ -939,7 +939,7 @@ void sau_and_idau_cfg(void) * (53/91) and new (54++) platforms. New platforms have a proper SAU * and IDAU, whereas old platforms do not. */ -#ifdef NRF54L15_XXAA +#ifdef NRF54L15_ENGA_XXAA /* * This SAU configuration aligns with ARM's RSS implementation of * sau_and_idau_cfg when possible. @@ -1230,7 +1230,7 @@ static void dppi_channel_configuration(void) enum tfm_plat_err_t spu_periph_init_cfg(void) { /* Peripheral configuration */ -#ifdef NRF54L15_XXAA +#ifdef NRF54L15_ENGA_XXAA /* Configure features to be non-secure */ /* @@ -1259,17 +1259,21 @@ enum tfm_plat_err_t spu_periph_init_cfg(void) /* Configure TF-M's UART peripheral to be secure */ #if NRF_SECURE_UART_INSTANCE == 00 uint32_t uart_periph_start = tfm_peripheral_uarte00.periph_start; -#elif NRF_SECURE_UART_INSTANCE == 20 +#endif +#if NRF_SECURE_UART_INSTANCE == 20 uint32_t uart_periph_start = tfm_peripheral_uarte20.periph_start; -#elif NRF_SECURE_UART_INSTANCE == 21 +#endif +#if NRF_SECURE_UART_INSTANCE == 21 uint32_t uart_periph_start = tfm_peripheral_uarte21.periph_start; -#elif NRF_SECURE_UART_INSTANCE == 22 +#endif +#if NRF_SECURE_UART_INSTANCE == 22 uint32_t uart_periph_start = tfm_peripheral_uarte22.periph_start; -#elif NRF_SECURE_UART_INSTANCE == 30 +#endif +#if NRF_SECURE_UART_INSTANCE == 30 uint32_t uart_periph_start = tfm_peripheral_uarte30.periph_start; #endif spu_peripheral_config_secure(uart_periph_start, SPU_LOCK_CONF_LOCKED); -#endif /* SECURE_UART1 */ +#endif /* Configure the CTRL-AP mailbox interface to be secure as it is used by the secure ADAC service */ spu_peripheral_config_secure(NRF_CTRLAP_S_BASE, SPU_LOCK_CONF_LOCKED); @@ -1301,7 +1305,7 @@ enum tfm_plat_err_t spu_periph_init_cfg(void) * have the same security configuration. */ spu_peripheral_config_secure(NRF_REGULATORS_S_BASE, SPU_LOCK_CONF_LOCKED); -#else /* NRF54L15_XXAA */ +#else static const uint32_t target_peripherals[] = { /* The following peripherals share ID: * - FPU (FPU cannot be configured in NRF91 series, it's always NS) @@ -1478,7 +1482,7 @@ static const uint32_t target_peripherals[] = { spu_peripheral_config_non_secure(target_peripherals[i], SPU_LOCK_CONF_UNLOCKED); } -#endif /* NRF54L15_XXAA */ +#endif /* NRF54L15_ENGA_XXAA */ /* DPPI channel configuration */ dppi_channel_configuration(); @@ -1536,8 +1540,8 @@ static const uint32_t target_peripherals[] = { #ifdef NRF53_SERIES nrf_gpio_pin_control_select(PIN_XL1, NRF_GPIO_PIN_SEL_PERIPHERAL); nrf_gpio_pin_control_select(PIN_XL2, NRF_GPIO_PIN_SEL_PERIPHERAL); -#endif /* NRF53_SERIES */ -#ifdef NRF54L15_XXAA +#endif /* CONFIG_SOC_ENABLE_LFXO */ +#ifdef NRF54L15_ENGA_XXAA /* NRF54L has a different define */ nrf_gpio_pin_control_select(PIN_XL1, NRF_GPIO_PIN_SEL_GPIO); nrf_gpio_pin_control_select(PIN_XL2, NRF_GPIO_PIN_SEL_GPIO); @@ -1593,10 +1597,10 @@ static const uint32_t target_peripherals[] = { } #endif /* RRAMC_PRESENT */ -#ifdef NRF54L15_XXAA +#ifdef NRF54L15_ENGA_XXAA /* SOC configuration from Zephyr's soc.c. */ int soc_err = nordicsemi_nrf54l_init(); - if (soc_err) { + if(soc_err) { return soc_err; } #endif diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.h b/platform/ext/target/nordic_nrf/common/core/target_cfg.h index 08cebecce..aea09bece 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.h +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.h @@ -54,7 +54,7 @@ /* Only UART20 and UART30 are supported for TF-M tests, which are the * Non-secure applications build via the TF-M build system */ -#ifdef NRF54L15_XXAA +#ifdef NRF54L15_ENGA_XXAA #if NRF_SECURE_UART_INSTANCE == 20 #define NS_DRIVER_STDIO Driver_USART30 #else @@ -62,7 +62,7 @@ #endif #else #define NS_DRIVER_STDIO Driver_USART0 -#endif /* NRF54L15_XXAA */ +#endif /** * \brief Store the addresses of memory regions diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/cpuarch.cmake b/platform/ext/target/nordic_nrf/common/nrf54l15/cpuarch.cmake index e9fc59b84..18c7fa920 100644 --- a/platform/ext/target/nordic_nrf/common/nrf54l15/cpuarch.cmake +++ b/platform/ext/target/nordic_nrf/common/nrf54l15/cpuarch.cmake @@ -15,7 +15,7 @@ set(TFM_SYSTEM_ARCHITECTURE armv8-m.main) set(CONFIG_TFM_FP_ARCH "fpv5-sp-d16") add_compile_definitions( - NRF54L15_XXAA + NRF54L15_ENGA_XXAA # Required by nrf.h NRF_APPLICATION # SKIP configuring the SAU from the MDK as it does not fit TF-M's needs NRF_SKIP_SAU_CONFIGURATION diff --git a/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/CMakeLists.txt b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/CMakeLists.txt new file mode 100644 index 000000000..5cd4273e4 --- /dev/null +++ b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/CMakeLists.txt @@ -0,0 +1,31 @@ +#------------------------------------------------------------------------------- +# Copyright (c) 2023, Arm Limited. All rights reserved. +# +# SPDX-License-Identifier: BSD-3-Clause +# +#------------------------------------------------------------------------------- + +cmake_policy(SET CMP0076 NEW) +set(CMAKE_CURRENT_SOURCE_DIR ${CMAKE_CURRENT_LIST_DIR}) +set(NRF_BOARD_SELECTED True) + +add_library(platform_ns STATIC) + +# Get the value of HAL_NORDIC_PATH +include(${CMAKE_CURRENT_LIST_DIR}/common/core/config_nordic_nrf_spe.cmake) +add_subdirectory(${CMAKE_CURRENT_LIST_DIR}/common/nrf54l15 nrf54l15) + +target_include_directories(platform_ns + PUBLIC + ${CMAKE_CURRENT_LIST_DIR} +) + +target_link_libraries(platform_ns + PUBLIC + platform_region_defs +) + +target_include_directories(platform_region_defs + INTERFACE + ${CMAKE_CURRENT_LIST_DIR}/common/nrf54l15/partition +) diff --git a/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/cpuarch_ns.cmake b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/cpuarch_ns.cmake new file mode 100644 index 000000000..25f91fb54 --- /dev/null +++ b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/cpuarch_ns.cmake @@ -0,0 +1,10 @@ +#------------------------------------------------------------------------------- +# Copyright (c) 2023, Nordic Semiconductor ASA. +# +# SPDX-License-Identifier: BSD-3-Clause +#------------------------------------------------------------------------------- + +set(PLATFORM_DIR ${CMAKE_CURRENT_LIST_DIR}) +set(PLATFORM_PATH ${CMAKE_CURRENT_LIST_DIR}) + +include(${CMAKE_CURRENT_LIST_DIR}/common/nrf54l15/cpuarch.cmake) diff --git a/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tfm_peripherals_config.h b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tfm_peripherals_config.h new file mode 100644 index 000000000..bc3301087 --- /dev/null +++ b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tfm_peripherals_config.h @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2021, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ + +#ifndef TFM_PERIPHERALS_CONFIG_H__ +#define TFM_PERIPHERALS_CONFIG_H__ + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef SECURE_UART30 +#define TFM_PERIPHERAL_UARTE30_SECURE 1 +#endiff + +#if TFM_PARTITION_SLIH_TEST || TFM_PARTITION_FLIH_TEST +#define TFM_PERIPHERAL_TIMER00_SECURE 1 +#endif + + +#if defined(NRF54L15_ENGA_XXAA) + #include +#else + #error "Unknown device." +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* TFM_PERIPHERAL_CONFIG_H__ */ From d452cc56e879d0b933edec1317b57e6f8828e973 Mon Sep 17 00:00:00 2001 From: Markus Lassila Date: Fri, 18 Oct 2024 11:35:44 +0300 Subject: [PATCH 55/73] Revert "WIP: TF-M: Fixing deprecated autoconf.h includes" This reverts commit abc21271e995e6c100abecb0ede577119f509b01. --- .../target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c | 2 +- platform/ext/target/nordic_nrf/common/core/target_cfg.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c b/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c index 2f10bcf6e..18c3aef32 100644 --- a/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c +++ b/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c @@ -24,7 +24,7 @@ #include -#include +#include #if defined(NRF_NVMC_S) #include diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.c b/platform/ext/target/nordic_nrf/common/core/target_cfg.c index f9f7fc742..a0d9d6aec 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.c +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.c @@ -24,7 +24,7 @@ #include "region.h" #include "array.h" -#include +#include #include #include From 21d2dee194e6e1971fd7112776d5849bd6ecaa09 Mon Sep 17 00:00:00 2001 From: Markus Lassila Date: Fri, 18 Oct 2024 11:35:54 +0300 Subject: [PATCH 56/73] Revert "WIP: Adding the previous methodology of using base addresses" This reverts commit 6d6229ad0f637e5aa40bca961399ae481e76c68e. --- .../nordic_nrf/common/core/target_cfg.c | 142 ++++++------------ 1 file changed, 48 insertions(+), 94 deletions(-) diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.c b/platform/ext/target/nordic_nrf/common/core/target_cfg.c index a0d9d6aec..8bee1d8b6 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.c +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.c @@ -1306,28 +1306,25 @@ enum tfm_plat_err_t spu_periph_init_cfg(void) */ spu_peripheral_config_secure(NRF_REGULATORS_S_BASE, SPU_LOCK_CONF_LOCKED); #else -static const uint32_t target_peripherals[] = { +static const uint8_t target_peripherals[] = { /* The following peripherals share ID: * - FPU (FPU cannot be configured in NRF91 series, it's always NS) * - DCNF (On 53, but not 91) */ #ifndef NRF91_SERIES - //NRFX_PERIPHERAL_ID_GET(NRF_FPU), - NRF_FPU_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_FPU), #endif /* The following peripherals share ID: * - REGULATORS * - OSCILLATORS */ - //NRFX_PERIPHERAL_ID_GET(NRF_REGULATORS), - NRF_REGULATORS_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_REGULATORS), /* The following peripherals share ID: * - CLOCK * - POWER * - RESET (On 53, but not 91) */ - //NRFX_PERIPHERAL_ID_GET(NRF_CLOCK), - NRF_CLOCK_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_CLOCK), /* The following peripherals share ID: (referred to as Serial-Box) * - SPIMx * - SPISx @@ -1340,142 +1337,99 @@ static const uint32_t target_peripherals[] = { * The UART Driver will configure it as non-secure when it uninitializes. */ #if !(defined(SECURE_UART1) && NRF_SECURE_UART_INSTANCE == 0) - //NRFX_PERIPHERAL_ID_GET(NRF_SPIM0), - NRF_SPIM0_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_SPIM0), #endif #if !(defined(SECURE_UART1) && NRF_SECURE_UART_INSTANCE == 1) /* UART1 is a secure peripheral, so we need to leave Serial-Box 1 as Secure */ - //NRFX_PERIPHERAL_ID_GET(NRF_SPIM1), - NRF_SPIM1_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_SPIM1), #endif - //NRFX_PERIPHERAL_ID_GET(NRF_SPIM2), - //NRFX_PERIPHERAL_ID_GET(NRF_SPIM3), - NRF_SPIM2_S_BASE, - NRF_SPIM3_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_SPIM2), + NRFX_PERIPHERAL_ID_GET(NRF_SPIM3), + #ifdef NRF_SPIM4 - //NRFX_PERIPHERAL_ID_GET(NRF_SPIM4), - NRF_SPIM4_S_BASE, -#endif - //NRFX_PERIPHERAL_ID_GET(NRF_SAADC), - //NRFX_PERIPHERAL_ID_GET(NRF_TIMER0), - //NRFX_PERIPHERAL_ID_GET(NRF_TIMER1), - //NRFX_PERIPHERAL_ID_GET(NRF_TIMER2), - //NRFX_PERIPHERAL_ID_GET(NRF_RTC0), - //NRFX_PERIPHERAL_ID_GET(NRF_RTC1), - //NRFX_PERIPHERAL_ID_GET(NRF_DPPIC), - NRF_SAADC_S_BASE, - NRF_TIMER0_S_BASE, - NRF_TIMER1_S_BASE, - NRF_TIMER2_S_BASE, - NRF_RTC0_S_BASE, - NRF_RTC1_S_BASE, - NRF_DPPIC_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_SPIM4), +#endif + NRFX_PERIPHERAL_ID_GET(NRF_SAADC), + NRFX_PERIPHERAL_ID_GET(NRF_TIMER0), + NRFX_PERIPHERAL_ID_GET(NRF_TIMER1), + NRFX_PERIPHERAL_ID_GET(NRF_TIMER2), + NRFX_PERIPHERAL_ID_GET(NRF_RTC0), + NRFX_PERIPHERAL_ID_GET(NRF_RTC1), + NRFX_PERIPHERAL_ID_GET(NRF_DPPIC), #ifndef PSA_API_TEST_IPC #ifdef NRF_WDT0 /* WDT0 is used as a secure peripheral in PSA FF tests */ - //NRFX_PERIPHERAL_ID_GET(NRF_WDT0), - NRF_WDT0_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_WDT0), #endif #ifdef NRF_WDT - //NRFX_PERIPHERAL_ID_GET(NRF_WDT), - NRF_WDT_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_WDT), #endif #endif /* PSA_API_TEST_IPC */ #ifdef NRF_WDT1 - //NRFX_PERIPHERAL_ID_GET(NRF_WDT1), - NRF_WDT1_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_WDT1), #endif /* The following peripherals share ID: * - COMP * - LPCOMP */ #ifdef NRF_COMP - //NRFX_PERIPHERAL_ID_GET(NRF_COMP), - NRF_COMP_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_COMP), #endif - //NRFX_PERIPHERAL_ID_GET(NRF_EGU0), - //NRFX_PERIPHERAL_ID_GET(NRF_EGU1), - //NRFX_PERIPHERAL_ID_GET(NRF_EGU2), - //NRFX_PERIPHERAL_ID_GET(NRF_EGU3), - //NRFX_PERIPHERAL_ID_GET(NRF_EGU4), - NRF_EGU0_S_BASE, - NRF_EGU1_S_BASE, - NRF_EGU2_S_BASE, - NRF_EGU3_S_BASE, - NRF_EGU4_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_EGU0), + NRFX_PERIPHERAL_ID_GET(NRF_EGU1), + NRFX_PERIPHERAL_ID_GET(NRF_EGU2), + NRFX_PERIPHERAL_ID_GET(NRF_EGU3), + NRFX_PERIPHERAL_ID_GET(NRF_EGU4), #ifndef PSA_API_TEST_IPC /* EGU5 is used as a secure peripheral in PSA FF tests */ - //NRFX_PERIPHERAL_ID_GET(NRF_EGU5), - NRF_EGU5_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_EGU5), #endif - //NRFX_PERIPHERAL_ID_GET(NRF_PWM0), - //NRFX_PERIPHERAL_ID_GET(NRF_PWM1), - //NRFX_PERIPHERAL_ID_GET(NRF_PWM2), - //NRFX_PERIPHERAL_ID_GET(NRF_PWM3), - NRF_PWM0_S_BASE, - NRF_PWM1_S_BASE, - NRF_PWM2_S_BASE, - NRF_PWM3_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_PWM0), + NRFX_PERIPHERAL_ID_GET(NRF_PWM1), + NRFX_PERIPHERAL_ID_GET(NRF_PWM2), + NRFX_PERIPHERAL_ID_GET(NRF_PWM3), #ifdef NRF_PDM - //NRFX_PERIPHERAL_ID_GET(NRF_PDM), - NRF_PDM_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_PDM), #endif #ifdef NRF_PDM0 - //NRFX_PERIPHERAL_ID_GET(NRF_PDM0), - NRF_PDM0_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_PDM0), #endif #ifdef NRF_I2S - //NRFX_PERIPHERAL_ID_GET(NRF_I2S), - NRF_I2S_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_I2S), #endif #ifdef NRF_I2S0 - //NRFX_PERIPHERAL_ID_GET(NRF_I2S0), - NRF_I2S0_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_I2S0), #endif - //NRFX_PERIPHERAL_ID_GET(NRF_IPC), - NRF_IPC_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_IPC), #ifndef SECURE_QSPI #ifdef NRF_QSPI - //NRFX_PERIPHERAL_ID_GET(NRF_QSPI), - NRF_QSPI_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_QSPI), #endif #endif #ifdef NRF_NFCT - //NRFX_PERIPHERAL_ID_GET(NRF_NFCT), - NRF_NFCT_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_NFCT), #endif #ifdef NRF_MUTEX - //NRFX_PERIPHERAL_ID_GET(NRF_MUTEX), - NRF_MUTEX_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_MUTEX), #endif #ifdef NRF_QDEC0 - //NRFX_PERIPHERAL_ID_GET(NRF_QDEC0), - NRF_QDEC0_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_QDEC0), #endif #ifdef NRF_QDEC1 - //NRFX_PERIPHERAL_ID_GET(NRF_QDEC1), - NRF_QDEC1_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_QDEC1), #endif #ifdef NRF_USBD - //NRFX_PERIPHERAL_ID_GET(NRF_USBD), - NRF_USBD_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_USBD), #endif #ifdef NRF_USBREGULATOR - //NRFX_PERIPHERAL_ID_GET(NRF_USBREGULATOR), - NRF_USBREGULATOR_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_USBREGULATOR), #endif /* NRF_USBREGULATOR */ - //NRFX_PERIPHERAL_ID_GET(NRF_NVMC), - //NRFX_PERIPHERAL_ID_GET(NRF_P0), - NRF_NVMC_S_BASE, - NRF_P0_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_NVMC), + NRFX_PERIPHERAL_ID_GET(NRF_P0), #ifdef NRF_P1 - //NRFX_PERIPHERAL_ID_GET(NRF_P1), - NRF_P1_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_P1), #endif /*NRF_P1 */ -#if defined(NRF91_SERIES) || defined(NRF53_SERIES) - //NRFX_PERIPHERAL_ID_GET(NRF_VMC), - NRF_VMC_S_BASE -#endif + NRFX_PERIPHERAL_ID_GET(NRF_VMC), }; for (int i = 0; i < ARRAY_SIZE(target_peripherals); i++) { From e32cfdd04b8bbe9264d05bf69fc7c9ff12c0b031 Mon Sep 17 00:00:00 2001 From: Markus Lassila Date: Fri, 18 Oct 2024 11:36:05 +0300 Subject: [PATCH 57/73] Revert "WIP: Fixing the last remaining issues for L15" This reverts commit ccb7244d762f3e0d444377d05cd0f5675ddb68a9. --- .../nordic_nrf/common/core/native_drivers/spu.h | 13 ------------- .../core/services/src/tfm_platform_hal_ioctl.c | 1 + .../ext/target/nordic_nrf/common/core/target_cfg.c | 10 +++++----- secure_fw/partitions/crypto/CMakeLists.txt | 4 ++-- 4 files changed, 8 insertions(+), 20 deletions(-) diff --git a/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.h b/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.h index 59f53b7ba..da7f9fc1f 100644 --- a/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.h +++ b/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.h @@ -256,17 +256,4 @@ uint32_t mpc_events_get(void); */ void mpc_clear_events(void); -/** - * Return the SPU instance that can be used to configure the - * peripheral at the given base address. - */ -static inline NRF_SPU_Type * spu_instance_from_peripheral_addr(uint32_t peripheral_addr) -{ - /* See the SPU chapter in the IPS for how this is calculated */ - - uint32_t apb_bus_number = peripheral_addr & 0x00FC0000; - - return (NRF_SPU_Type *)(0x50000000 | apb_bus_number); -} - #endif diff --git a/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c b/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c index 8cfa2ecda..87a9c4c27 100644 --- a/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c +++ b/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c @@ -107,6 +107,7 @@ static bool valid_mcu_select(uint32_t mcu) case NRF_GPIO_PIN_SEL_GPIO: case NRF_GPIO_PIN_SEL_VPR: case NRF_GPIO_PIN_SEL_GRTC: + case NRF_GPIO_PIN_SEL_TND: #else case NRF_GPIO_PIN_SEL_APP: case NRF_GPIO_PIN_SEL_NETWORK: diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.c b/platform/ext/target/nordic_nrf/common/core/target_cfg.c index 8bee1d8b6..dcdd211c7 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.c +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.c @@ -1338,8 +1338,7 @@ static const uint8_t target_peripherals[] = { */ #if !(defined(SECURE_UART1) && NRF_SECURE_UART_INSTANCE == 0) NRFX_PERIPHERAL_ID_GET(NRF_SPIM0), -#endif -#if !(defined(SECURE_UART1) && NRF_SECURE_UART_INSTANCE == 1) +#ifndef SECURE_UART1 /* UART1 is a secure peripheral, so we need to leave Serial-Box 1 as Secure */ NRFX_PERIPHERAL_ID_GET(NRF_SPIM1), #endif @@ -1423,12 +1422,12 @@ static const uint8_t target_peripherals[] = { #endif #ifdef NRF_USBREGULATOR NRFX_PERIPHERAL_ID_GET(NRF_USBREGULATOR), -#endif /* NRF_USBREGULATOR */ +#endif NRFX_PERIPHERAL_ID_GET(NRF_NVMC), NRFX_PERIPHERAL_ID_GET(NRF_P0), #ifdef NRF_P1 NRFX_PERIPHERAL_ID_GET(NRF_P1), -#endif /*NRF_P1 */ +#endif NRFX_PERIPHERAL_ID_GET(NRF_VMC), }; @@ -1436,7 +1435,7 @@ static const uint8_t target_peripherals[] = { spu_peripheral_config_non_secure(target_peripherals[i], SPU_LOCK_CONF_UNLOCKED); } -#endif /* NRF54L15_ENGA_XXAA */ +#endif /* Moonlight */ /* DPPI channel configuration */ dppi_channel_configuration(); @@ -1495,6 +1494,7 @@ static const uint8_t target_peripherals[] = { nrf_gpio_pin_control_select(PIN_XL1, NRF_GPIO_PIN_SEL_PERIPHERAL); nrf_gpio_pin_control_select(PIN_XL2, NRF_GPIO_PIN_SEL_PERIPHERAL); #endif /* CONFIG_SOC_ENABLE_LFXO */ +#endif #ifdef NRF54L15_ENGA_XXAA /* NRF54L has a different define */ nrf_gpio_pin_control_select(PIN_XL1, NRF_GPIO_PIN_SEL_GPIO); diff --git a/secure_fw/partitions/crypto/CMakeLists.txt b/secure_fw/partitions/crypto/CMakeLists.txt index e4a8d5702..e48ae69c3 100644 --- a/secure_fw/partitions/crypto/CMakeLists.txt +++ b/secure_fw/partitions/crypto/CMakeLists.txt @@ -195,8 +195,8 @@ if(NOT TARGET ${MBEDTLS_TARGET_PREFIX}mbedcrypto) Hint: The command might be `cd ${MBEDCRYPTO_PATH} && git apply ${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/*.patch`") endif() -target_include_directories(psa_crypto_library_config - INTERFACE +target_include_directories(${MBEDTLS_TARGET_PREFIX}mbedcrypto + PUBLIC ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_SOURCE_DIR}/psa_driver_api ) From db92ba9afbd0f6b4be52aad43b7aeabd265b1703 Mon Sep 17 00:00:00 2001 From: Markus Lassila Date: Fri, 18 Oct 2024 11:36:13 +0300 Subject: [PATCH 58/73] Revert "[nrf fromtree] platform: nordic_nrf: APPROTECT to lock debugging" This reverts commit 9573717cc8c078326fceb2869fe029e98615723b. --- .../nordic_nrf/common/core/target_cfg.c | 28 +------------------ 1 file changed, 1 insertion(+), 27 deletions(-) diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.c b/platform/ext/target/nordic_nrf/common/core/target_cfg.c index dcdd211c7..b2b1f1dff 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.c +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.c @@ -807,33 +807,7 @@ enum tfm_plat_err_t system_reset_cfg(void) enum tfm_plat_err_t init_debug(void) { -#if defined(NRF_APPROTECT) || defined(NRF_SECURE_APPROTECT) - -#if !defined(DAUTH_CHIP_DEFAULT) -#error "Debug access controlled by NRF_APPROTECT and NRF_SECURE_APPROTECT." -#endif - -#if defined(NRF_APPROTECT) - /* For nRF53 and nRF91x1 already active. For nRF9160, active in the next boot.*/ - if (nrfx_nvmc_word_writable_check((uint32_t)&NRF_UICR_S->APPROTECT, - UICR_APPROTECT_PALL_Protected)) { - nrfx_nvmc_word_write((uint32_t)&NRF_UICR_S->APPROTECT, UICR_APPROTECT_PALL_Protected); - } else { - return TFM_PLAT_ERR_SYSTEM_ERR; - } -#endif -#if defined(NRF_SECURE_APPROTECT) - /* For nRF53 and nRF91x1 already active. For nRF9160, active in the next boot. */ - if (nrfx_nvmc_word_writable_check((uint32_t)&NRF_UICR_S->SECUREAPPROTECT, - UICR_SECUREAPPROTECT_PALL_Protected)) { - nrfx_nvmc_word_write((uint32_t)&NRF_UICR_S->SECUREAPPROTECT, - UICR_SECUREAPPROTECT_PALL_Protected); - } else { - return TFM_PLAT_ERR_SYSTEM_ERR; - } -#endif - -#elif defined(NRF91_SERIES) || defined(NRF54L15_ENGA_XXAA) +#if defined(NRF91_SERIES) || defined(NRF54L15_ENGA_XXAA) #if !defined(DAUTH_CHIP_DEFAULT) #error "Debug access on this platform can only be configured by programming the corresponding registers in UICR." From ef2bb10d53d18d15876637376c1d09afcf543d75 Mon Sep 17 00:00:00 2001 From: Markus Lassila Date: Fri, 18 Oct 2024 11:36:24 +0300 Subject: [PATCH 59/73] Revert "[nrf noup] platform: nordic_nrf: Add support for nRF54L" This reverts commit e0b56869797d4a036c50203311e45c8bd17a0862. --- platform/ext/common/gcc/tfm_common_s.ld | 9 - .../nordic_nrf/common/core/CMakeLists.txt | 10 +- .../common/core/cmsis_drivers/Driver_Flash.c | 59 -- .../common/core/cmsis_drivers/Driver_USART.c | 21 +- .../target/nordic_nrf/common/core/faults.c | 94 +-- .../common/core/native_drivers/spu.c | 146 +--- .../common/core/native_drivers/spu.h | 82 +- .../common/core/nrf_exception_info.c | 43 +- .../common/core/nrf_exception_info.h | 10 - .../nordic_nrf/common/core/nrfx_config.h | 14 +- .../services/src/tfm_platform_hal_ioctl.c | 7 - .../target/nordic_nrf/common/core/startup.h | 9 - .../nordic_nrf/common/core/startup_nrf54l15.c | 419 ---------- .../nordic_nrf/common/core/target_cfg.c | 767 +++--------------- .../nordic_nrf/common/core/target_cfg.h | 26 +- .../common/core/tfm_hal_isolation.c | 7 - .../core/tfm_hal_its_encryption_cracen.c | 233 ------ .../nordic_nrf/common/nrf54l15/CMakeLists.txt | 51 -- .../nordic_nrf/common/nrf54l15/config.cmake | 14 - .../nordic_nrf/common/nrf54l15/cpuarch.cmake | 23 - .../nordic_nrf/common/nrf54l15/mmio_defs.h | 100 --- .../nrfx_config_nrf54l15_application.h | 74 -- .../common/nrf54l15/ns/CMakeLists.txt | 29 - .../common/nrf54l15/partition/flash_layout.h | 23 - .../common/nrf54l15/partition/region_defs.h | 23 - .../tests/psa_arch_tests_config.cmake | 9 - .../common/nrf54l15/tfm_interrupts.c | 320 -------- .../tfm_peripherals_config_nrf54l15.h | 24 - .../common/nrf54l15/tfm_peripherals_def.h | 124 --- .../ns/CMakeLists.txt | 31 - .../ns/cpuarch_ns.cmake | 10 - .../tests/psa_arch_tests_config.cmake | 8 - .../tests/tfm_tests_config.cmake | 8 - .../tfm_peripherals_config.h | 34 - .../crypto/ps_crypto_interface.c | 4 + 35 files changed, 209 insertions(+), 2656 deletions(-) delete mode 100644 platform/ext/target/nordic_nrf/common/core/startup_nrf54l15.c delete mode 100644 platform/ext/target/nordic_nrf/common/core/tfm_hal_its_encryption_cracen.c delete mode 100644 platform/ext/target/nordic_nrf/common/nrf54l15/CMakeLists.txt delete mode 100644 platform/ext/target/nordic_nrf/common/nrf54l15/config.cmake delete mode 100644 platform/ext/target/nordic_nrf/common/nrf54l15/cpuarch.cmake delete mode 100644 platform/ext/target/nordic_nrf/common/nrf54l15/mmio_defs.h delete mode 100644 platform/ext/target/nordic_nrf/common/nrf54l15/nrfx_config_nrf54l15_application.h delete mode 100644 platform/ext/target/nordic_nrf/common/nrf54l15/ns/CMakeLists.txt delete mode 100644 platform/ext/target/nordic_nrf/common/nrf54l15/partition/flash_layout.h delete mode 100755 platform/ext/target/nordic_nrf/common/nrf54l15/partition/region_defs.h delete mode 100644 platform/ext/target/nordic_nrf/common/nrf54l15/tests/psa_arch_tests_config.cmake delete mode 100644 platform/ext/target/nordic_nrf/common/nrf54l15/tfm_interrupts.c delete mode 100644 platform/ext/target/nordic_nrf/common/nrf54l15/tfm_peripherals_config_nrf54l15.h delete mode 100644 platform/ext/target/nordic_nrf/common/nrf54l15/tfm_peripherals_def.h delete mode 100644 platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/CMakeLists.txt delete mode 100644 platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/cpuarch_ns.cmake delete mode 100644 platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tests/psa_arch_tests_config.cmake delete mode 100644 platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tests/tfm_tests_config.cmake delete mode 100644 platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tfm_peripherals_config.h diff --git a/platform/ext/common/gcc/tfm_common_s.ld b/platform/ext/common/gcc/tfm_common_s.ld index 7026e752c..67c96a9a7 100644 --- a/platform/ext/common/gcc/tfm_common_s.ld +++ b/platform/ext/common/gcc/tfm_common_s.ld @@ -286,15 +286,6 @@ SECTIONS . = ALIGN(TFM_LINKER_PT_RO_ALIGNMENT); Image$$PT_RO_END$$Base = .; -#if defined(CONFIG_PSA_NEED_CRACEN_KMU_DRIVER) - .nrf_kmu_reserved_push_area S_DATA_START (NOLOAD): - { - __nrf_kmu_reserved_push_area = .; - *(.nrf_kmu_reserved_push_area) - __nrf_kmu_reserved_push_area_end = .; - } > RAM -#endif /* CONFIG_PSA_NEED_CRACEN_KMU_DRIVER */ - /**** Base address of secure data area */ .tfm_secure_data_start : { diff --git a/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt b/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt index 066143c4f..194c277f5 100644 --- a/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt +++ b/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt @@ -24,14 +24,12 @@ endif() # At the time of writing there is no systematic way to identify which # NVM technology is used by the SoC from the Kconfig, so we just # hardcode this information here instead. -if((NRF_SOC_VARIANT STREQUAL nrf54l15) OR (target STREQUAL nrf54l15) OR (PSA_API_TEST_TARGET STREQUAL nrf54l15)) +if((NRF_SOC_VARIANT STREQUAL nrf54l15) OR (target STREQUAL nrf54l15)) # Maybe we only need to check one of these options but these # variables keep changing so we check both to be future proof set(HAS_RRAMC 1) - set(HAS_CRACEN 1) else() set(HAS_NVMC 1) - set(HAS_CRACEN 0) endif() #========================= Platform dependencies ===============================# @@ -79,7 +77,7 @@ target_include_directories(platform_s ) set(nvm_sources - $<$:${CMAKE_CURRENT_SOURCE_DIR}/cmsis_drivers/Driver_Flash.c> + ${CMAKE_CURRENT_SOURCE_DIR}/cmsis_drivers/Driver_Flash.c ) if(HAS_RRAMC) @@ -103,8 +101,7 @@ target_sources(platform_s $<$:${CMAKE_CURRENT_SOURCE_DIR}/nrf_exception_info.c> $<$,$>:${CMAKE_CURRENT_SOURCE_DIR}/plat_test.c> $<$:${CMAKE_CURRENT_SOURCE_DIR}/pal_plat_test.c> - $<$,$>:${CMAKE_CURRENT_SOURCE_DIR}/tfm_hal_its_encryption.c> - $<$,$>:${CMAKE_CURRENT_SOURCE_DIR}/tfm_hal_its_encryption_cracen.c> + $<$:${CMAKE_CURRENT_SOURCE_DIR}/tfm_hal_its_encryption.c> ) if (NRF_HW_INIT_RESET_ON_BOOT) @@ -274,4 +271,3 @@ install(DIRECTORY native_drivers install(FILES ${PLATFORM_DIR}/ext/common/gcc/tfm_common_ns.ld DESTINATION ${INSTALL_PLATFORM_NS_DIR}/linker_scripts) - diff --git a/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c b/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c index 18c3aef32..7e1d6c228 100644 --- a/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c +++ b/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c @@ -24,19 +24,8 @@ #include -#include - #if defined(NRF_NVMC_S) #include -#elif defined(NRF_RRAMC_S) -#include - -#if CONFIG_NRF_RRAM_WRITE_BUFFER_SIZE > 0 -#define WRITE_BUFFER_SIZE CONFIG_NRF_RRAM_WRITE_BUFFER_SIZE -#else -#define WRITE_BUFFER_SIZE 0 -#endif - #else #error "Unrecognized platform" #endif @@ -98,30 +87,6 @@ static int32_t ARM_Flash_Initialize(ARM_Flash_SignalEvent_t cb_event) ARG_UNUSED(cb_event); -#ifdef RRAMC_PRESENT - nrfx_rramc_config_t config = NRFX_RRAMC_DEFAULT_CONFIG(WRITE_BUFFER_SIZE); - - config.mode_write = true; - -#if CONFIG_NRF_RRAM_READYNEXT_TIMEOUT_VALUE > 0 - config.preload_timeout_enable = true; - config.preload_timeout = CONFIG_NRF_RRAM_READYNEXT_TIMEOUT_VALUE; -#else - config.preload_timeout_enable = false; - config.preload_timeout = 0; -#endif - - /* Don't use an event handler until it's understood whether we - * want it or not - */ - nrfx_rramc_evt_handler_t handler = NULL; - - nrfx_err_t err = nrfx_rramc_init(&config, handler); - - if(err != NRFX_SUCCESS && err != NRFX_ERROR_ALREADY) { - return err; - } -#endif /* RRAMC_PRESENT */ return ARM_DRIVER_OK; } @@ -162,42 +127,18 @@ static int32_t ARM_Flash_ProgramData(uint32_t addr, const void *data, return ARM_DRIVER_ERROR_PARAMETER; } -#ifdef NRF_NVMC_S nrfx_nvmc_words_write(addr, data, cnt); -#else - nrfx_rramc_words_write(addr, data, cnt); - - /* At time of writing, the Zephyr driver commits writes, but the - * nrfx driver does not, so we commit here using the HAL to align - * Zephyr and TF-M behaviour. - * - * Not committing may cause data loss and/or high power - * consumption. - */ - nrf_rramc_task_trigger(NRF_RRAMC, NRF_RRAMC_TASK_COMMIT_WRITEBUF); -#endif return cnt; } static int32_t ARM_Flash_EraseSector(uint32_t addr) { -#ifdef NRF_NVMC_S nrfx_err_t err_code = nrfx_nvmc_page_erase(addr); if (err_code != NRFX_SUCCESS) { return ARM_DRIVER_ERROR_PARAMETER; } -#else - for (uint32_t *erase_word_ptr = (uint32_t *)addr; - (uint32_t)erase_word_ptr < addr + FLASH_AREA_IMAGE_SECTOR_SIZE; erase_word_ptr++) { - if(*erase_word_ptr != 0xFFFFFFFFU) { - nrfx_rramc_word_write((uint32_t)erase_word_ptr, 0xFFFFFFFFU); - } - } - - nrf_rramc_task_trigger(NRF_RRAMC, NRF_RRAMC_TASK_COMMIT_WRITEBUF); -#endif return ARM_DRIVER_OK; } diff --git a/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_USART.c b/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_USART.c index db99c0bb7..8e3a352b4 100644 --- a/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_USART.c +++ b/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_USART.c @@ -28,7 +28,8 @@ #define ARRAY_SIZE(arr) (sizeof(arr)/sizeof(arr[0])) #endif -#if !(DOMAIN_NS == 1U) && defined(CONFIG_TFM_LOG_SHARE_UART) && (defined(NRF_SPU) || defined(NRF_SPU00)) +// TODO: NCSDK-22597: Support configuring peripherals as secure +#if !(DOMAIN_NS == 1U) && defined(CONFIG_TFM_LOG_SHARE_UART) && defined(NRF_SPU) #define SPU_CONFIGURE_UART #include #endif @@ -39,8 +40,7 @@ #define ARM_USART_DRV_VERSION ARM_DRIVER_VERSION_MAJOR_MINOR(2, 2) -#if RTE_USART0 || RTE_USART1 || RTE_USART2 || RTE_USART3 || \ - RTE_UART00 || RTE_USART20 || RTE_UART21 || RTE_UART22 || RTE_USART30 +#if RTE_USART0 || RTE_USART1 || RTE_USART2 || RTE_USART3 || RTE_USART20 || RTE_USART22 #define PSEL_DISCONNECTED 0xFFFFFFFFUL @@ -439,24 +439,13 @@ DRIVER_USART(2); DRIVER_USART(3); #endif -#if RTE_USART00 -DRIVER_USART(00); -#endif - +// TODO: NCSDK-25009: Support choosing an instance for TF-M #if RTE_USART20 DRIVER_USART(20); #endif -#if RTE_USART21 -DRIVER_USART(21); -#endif - #if RTE_USART22 DRIVER_USART(22); #endif -#if RTE_USART30 -DRIVER_USART(30); -#endif - -#endif /* RTE_USART0 || RTE_USART1 || RTE_USART2 || RTE_USART3 || RTE_USART20 || RTE_USART22 */ +#endif /* RTE_USART0 || RTE_USART1 || etc. */ diff --git a/platform/ext/target/nordic_nrf/common/core/faults.c b/platform/ext/target/nordic_nrf/common/core/faults.c index 4cdffd8d7..3d847a7af 100644 --- a/platform/ext/target/nordic_nrf/common/core/faults.c +++ b/platform/ext/target/nordic_nrf/common/core/faults.c @@ -22,7 +22,7 @@ void SPU_Handler(void) /* Clear SPU interrupt flag and pending SPU IRQ */ spu_clear_events(); - NVIC_ClearPendingIRQ((SCB->ICSR & SCB_ICSR_VECTACTIVE_Msk) - NVIC_USER_IRQ_OFFSET); + NVIC_ClearPendingIRQ(SPU_IRQn); tfm_core_panic(); } @@ -36,95 +36,3 @@ __attribute__((naked)) void SPU_IRQHandler(void) "B . \n" ); } - -#ifdef NRF_SPU00 -__attribute__((naked)) void SPU00_IRQHandler(void) -{ - EXCEPTION_INFO(); - - __ASM volatile( - "BL SPU_Handler \n" - "B . \n" - ); -} -#endif - -#ifdef NRF_SPU10 -__attribute__((naked)) void SPU10_IRQHandler(void) -{ - EXCEPTION_INFO(); - - __ASM volatile( - "BL SPU_Handler \n" - "B . \n" - ); -} -#endif - -#ifdef NRF_SPU20 -__attribute__((naked)) void SPU20_IRQHandler(void) -{ - EXCEPTION_INFO(); - - __ASM volatile( - "BL SPU_Handler \n" - "B . \n" - ); -} -#endif - -#ifdef NRF_SPU30 -__attribute__((naked)) void SPU30_IRQHandler(void) -{ - EXCEPTION_INFO(); - - __ASM volatile( - "BL SPU_Handler \n" - "B . \n" - ); -} -#endif - -#ifdef NRF_MPC00 -__attribute__((naked)) void MPC_Handler(void) -{ - EXCEPTION_INFO(); - -#ifdef TFM_EXCEPTION_INFO_DUMP - nrf_exception_info_store_context(); -#endif - - /* Clear MPC interrupt flag and pending MPC IRQ */ - mpc_clear_events(); - - NVIC_ClearPendingIRQ(MPC00_IRQn); - - tfm_core_panic(); - - __ASM volatile( - "B . \n" - ); -} - -void MPC00_IRQHandler(void) -{ - /* Address 0xFFFFFFFE is used by TF-M as a return address in some cases - * (e.g., THRD_GENERAL_EXIT). This causes the debugger to access this - * address when analyzing stack frames upon hitting a breakpoint in TF-M. - * Attempting to access this address triggers the MPC MEMACCERR event, - * disrupting debugging. To prevent this, we ignore events from this address. - * Note that this does not affect exception information in MPC_Handler, - * except for scratch registers (R0-R3). - **/ - if( nrf_mpc_event_check(NRF_MPC00, NRF_MPC_EVENT_MEMACCERR)){ - if(NRF_MPC00->MEMACCERR.ADDRESS == 0xFFFFFFFE) - { - mpc_clear_events(); - NVIC_ClearPendingIRQ(MPC00_IRQn); - return; - } - } - - MPC_Handler(); -} -#endif diff --git a/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.c b/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.c index 3d93de8b6..5bf8e97f8 100644 --- a/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.c +++ b/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.c @@ -16,14 +16,8 @@ #include "spu.h" #include "region_defs.h" -#include "array.h" /* Platform-specific configuration */ -#if NRF_SPU_HAS_MEMORY - -#define DEVICE_FLASH_BASE_ADDRESS FLASH_BASE_ADDRESS -#define DEVICE_SRAM_BASE_ADDRESS SRAM_BASE_ADDRESS - #define FLASH_SECURE_ATTRIBUTION_REGION_SIZE SPU_FLASH_REGION_SIZE #define SRAM_SECURE_ATTRIBUTION_REGION_SIZE SPU_SRAM_REGION_SIZE @@ -35,6 +29,9 @@ #define NUM_SRAM_SECURE_ATTRIBUTION_REGIONS \ (TOTAL_RAM_SIZE / SRAM_SECURE_ATTRIBUTION_REGION_SIZE) +#define DEVICE_FLASH_BASE_ADDRESS FLASH_BASE_ADDRESS +#define DEVICE_SRAM_BASE_ADDRESS SRAM_BASE_ADDRESS + /* Convenience macros for SPU Non-Secure Callable (NCS) attribution */ /* @@ -59,24 +56,37 @@ */ #define FLASH_NSC_SIZE_REG(size) ((31 - __builtin_clz(size)) - 4) -#if defined(REGION_PCD_SRAM_ADDRESS) -static bool spu_region_is_sram_region_in_address_range(uint8_t region_id, uint32_t start_address, uint32_t end_address) + +void spu_enable_interrupts(void) { - size_t start_id = (start_address - DEVICE_SRAM_BASE_ADDRESS) / SRAM_SECURE_ATTRIBUTION_REGION_SIZE; - size_t end_id = (end_address - DEVICE_SRAM_BASE_ADDRESS) / SRAM_SECURE_ATTRIBUTION_REGION_SIZE; - return region_id >= start_id && region_id <= end_id; + nrf_spu_int_enable(NRF_SPU, + NRF_SPU_INT_FLASHACCERR_MASK | + NRF_SPU_INT_RAMACCERR_MASK | + NRF_SPU_INT_PERIPHACCERR_MASK); } -#endif -static bool spu_region_is_pcd_region(NRF_SPU_Type * p_reg, uint8_t region_id) +uint32_t spu_events_get(void) { - bool is_pcd = false; + uint32_t events = 0; -#ifdef PM_PCD_SRAM_ADDRESS - is_pcd = is_pcd || spu_region_is_sram_region_in_address_range(region_id, PM_PCD_SRAM_ADDRESS, PM_PCD_SRAM_END_ADDRESS); -#endif + if (nrf_spu_event_check(NRF_SPU, NRF_SPU_EVENT_RAMACCERR)) { + events |= SPU_EVENT_RAMACCERR; + } + if (nrf_spu_event_check(NRF_SPU, NRF_SPU_EVENT_FLASHACCERR)) { + events |= SPU_EVENT_FLASHACCERR; + } + if (nrf_spu_event_check(NRF_SPU, NRF_SPU_EVENT_PERIPHACCERR)) { + events |= SPU_EVENT_PERIPHACCERR; + } - return is_pcd; + return events; +} + +void spu_clear_events(void) +{ + nrf_spu_event_clear(NRF_SPU, NRF_SPU_EVENT_RAMACCERR); + nrf_spu_event_clear(NRF_SPU, NRF_SPU_EVENT_FLASHACCERR); + nrf_spu_event_clear(NRF_SPU, NRF_SPU_EVENT_PERIPHACCERR); } #if defined(REGION_MCUBOOT_ADDRESS) || defined(REGION_B0_ADDRESS) || defined(REGION_S0_ADDRESS) || defined(REGION_S1_ADDRESS) @@ -88,6 +98,15 @@ static bool spu_region_is_flash_region_in_address_range(uint8_t region_id, uint3 } #endif +#if defined(REGION_PCD_SRAM_ADDRESS) +static bool spu_region_is_sram_region_in_address_range(uint8_t region_id, uint32_t start_address, uint32_t end_address) +{ + size_t start_id = (start_address - DEVICE_SRAM_BASE_ADDRESS) / SRAM_SECURE_ATTRIBUTION_REGION_SIZE; + size_t end_id = (end_address - DEVICE_SRAM_BASE_ADDRESS) / SRAM_SECURE_ATTRIBUTION_REGION_SIZE; + return region_id >= start_id && region_id <= end_id; +} +#endif + static bool spu_region_is_bootloader_region(NRF_SPU_Type * p_reg, uint8_t region_id) { bool is_bootloader = false; @@ -108,98 +127,17 @@ static bool spu_region_is_bootloader_region(NRF_SPU_Type * p_reg, uint8_t region return is_bootloader; } -#endif /* NRF_SPU_HAS_MEMORY */ - -void spu_enable_interrupts(void) -{ - uint32_t mask = 0; - -#if NRF_SPU_HAS_MEMORY - mask |= NRF_SPU_INT_RAMACCERR_MASK; - mask |= NRF_SPU_INT_FLASHACCERR_MASK; -#endif - - mask |= NRF_SPU_INT_PERIPHACCERR_MASK; - - for(int i = 0; i < ARRAY_SIZE(spu_instances); i++) { - nrf_spu_int_enable(spu_instances[i], mask); - } -} - -uint32_t spu_events_get(void) -{ - uint32_t events = 0; - - for(int i = 0; i < ARRAY_SIZE(spu_instances); i++) { - if(nrf_spu_event_check(spu_instances[i], NRF_SPU_EVENT_PERIPHACCERR)){ - events |= SPU_EVENT_PERIPHACCERR; - } -#if NRF_SPU_HAS_MEMORY - if (nrf_spu_event_check(spu_instances[i], NRF_SPU_EVENT_RAMACCERR)) { - events |= SPU_EVENT_RAMACCERR; - } - if (nrf_spu_event_check(spu_instances[i], NRF_SPU_EVENT_FLASHACCERR)) { - events |= SPU_EVENT_FLASHACCERR; - } -#endif /* NRF_SPU_HAS_MEMORY */ - } - - return events; -} - -#ifdef MPC_PRESENT -void mpc_enable_interrupts(void) -{ - uint32_t mask = NRF_MPC_INT_MEMACCERR_MASK; - nrf_mpc_int_enable(NRF_MPC00, mask); -} - -uint32_t mpc_events_get(void) -{ - uint32_t events = 0; - - if (nrf_mpc_event_check(NRF_MPC00, NRF_MPC_EVENT_MEMACCERR)){ - events |= MPC_EVENT_MEMACCERR; - } - - return events; -} - -void mpc_clear_events() +static bool spu_region_is_pcd_region(NRF_SPU_Type * p_reg, uint8_t region_id) { - nrf_mpc_event_clear(NRF_MPC00, NRF_MPC_EVENT_MEMACCERR); -} -#endif /* MPC_PRESENT */ + bool is_pcd = false; -void spu_clear_events(void) -{ - for(int i = 0; i < ARRAY_SIZE(spu_instances); i++) { -#if NRF_SPU_HAS_MEMORY - nrf_spu_event_clear(spu_instances[i], NRF_SPU_EVENT_RAMACCERR); - nrf_spu_event_clear(spu_instances[i], NRF_SPU_EVENT_FLASHACCERR); +#ifdef PM_PCD_SRAM_ADDRESS + is_pcd = is_pcd || spu_region_is_sram_region_in_address_range(region_id, PM_PCD_SRAM_ADDRESS, PM_PCD_SRAM_END_ADDRESS); #endif - nrf_spu_event_clear(spu_instances[i], NRF_SPU_EVENT_PERIPHACCERR); - } -} - -#ifdef SPU_PERIPHACCERR_ADDRESS_ADDRESS_Msk -uint32_t spu_get_peri_addr(void) { - uint32_t addr = 0; - for(int i = 0; i < ARRAY_SIZE(spu_instances); i++) { - if(spu_instances[i]->EVENTS_PERIPHACCERR){ - /* Only the lower 16 bits of the address are captured into the register. The upper - * 16 bits correspond to the upper 16 bits of the SPU's base address. - */ - addr = spu_instances[i]->PERIPHACCERR.ADDRESS | ((uint32_t)spu_instances[i] & 0xFFFF0000); - } - } - - return addr; + return is_pcd; } -#endif -#if NRF_SPU_HAS_MEMORY void spu_regions_reset_unlocked_secure(void) { for (size_t i = 0; i < NUM_FLASH_SECURE_ATTRIBUTION_REGIONS ; i++) { diff --git a/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.h b/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.h index da7f9fc1f..2cb75739f 100644 --- a/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.h +++ b/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.h @@ -20,36 +20,14 @@ #include #include #include -#include #include -#ifdef MPC_PRESENT -#include -#endif #define SPU_LOCK_CONF_LOCKED true #define SPU_LOCK_CONF_UNLOCKED false #define SPU_SECURE_ATTR_SECURE true #define SPU_SECURE_ATTR_NONSECURE false -__attribute__((unused)) static NRF_SPU_Type * spu_instances[] = { -#ifdef NRF_SPU - NRF_SPU, -#endif -#ifdef NRF_SPU00 - NRF_SPU00, -#endif -#ifdef NRF_SPU10 - NRF_SPU10, -#endif -#ifdef NRF_SPU20 - NRF_SPU20, -#endif -#ifdef NRF_SPU30 - NRF_SPU30, -#endif -}; - /** * \brief SPU interrupt enabling * @@ -62,7 +40,6 @@ enum spu_events { SPU_EVENT_RAMACCERR = 1 << 0, SPU_EVENT_FLASHACCERR = 1 << 1, SPU_EVENT_PERIPHACCERR= 1 << 2, - MPC_EVENT_MEMACCERR = 1 << 3 }; /** @@ -145,10 +122,45 @@ void spu_peripheral_config_secure(const uint32_t periph_base_address, bool perip void spu_peripheral_config_non_secure(const uint32_t periph_base_address, bool periph_lock); /** - * /brief Retrieve the address of the transaction that triggered PERIPHACCERR. + * Configure DPPI channels to be accessible from Non-Secure domain. * + * \param channels_mask Bitmask with channels configuration. + * \param lock_conf Variable indicating whether to lock DPPI channel security + * + * \note all channels are configured as Non-Secure + */ +static inline void spu_dppi_config_non_secure(uint32_t channels_mask, bool lock_conf) +{ + nrf_spu_dppi_config_set(NRF_SPU, 0, channels_mask, lock_conf); +} + +/** + * Configure GPIO pins to be accessible from Non-Secure domain. + * + * \param port_number GPIO Port number + * \param gpio_mask Bitmask with gpio configuration. + * \param lock_conf Variable indicating whether to lock GPIO port security + * + * \note all pins are configured as Non-Secure + */ +static inline void spu_gpio_config_non_secure(uint8_t port_number, uint32_t gpio_mask, + bool lock_conf) +{ + nrf_spu_gpio_config_set(NRF_SPU, port_number, gpio_mask, lock_conf); +} + +/** + * Return the SPU instance that can be used to configure the + * peripheral at the given base address. */ -uint32_t spu_get_peri_addr(void); +static inline NRF_SPU_Type * spu_instance_from_peripheral_addr(uint32_t peripheral_addr) +{ + /* See the SPU chapter in the IPS for how this is calculated */ + + uint32_t apb_bus_number = peripheral_addr & 0x00FC0000; + + return (NRF_SPU_Type *)(0x50000000 | apb_bus_number); +} /** * \brief Return base address of a Flash SPU regions @@ -236,24 +248,4 @@ uint32_t spu_regions_sram_get_last_id(void); */ uint32_t spu_regions_sram_get_region_size(void); -/** - * \brief MPC interrupt enabling - * - * Enable security violations outside the Cortex-M33 - * to trigger SPU interrupts. - */ -void mpc_enable_interrupts(void); - -/** - * \brief Retrieve bitmask of MPC events. - */ -uint32_t mpc_events_get(void); - -/** - * \brief MPC event clearing - * - * Clear MPC event registers - */ -void mpc_clear_events(void); - #endif diff --git a/platform/ext/target/nordic_nrf/common/core/nrf_exception_info.c b/platform/ext/target/nordic_nrf/common/core/nrf_exception_info.c index a5df17e8e..16ac5a5d1 100644 --- a/platform/ext/target/nordic_nrf/common/core/nrf_exception_info.c +++ b/platform/ext/target/nordic_nrf/common/core/nrf_exception_info.c @@ -11,60 +11,29 @@ static struct nrf_exception_info nrf_exc_info; -static void dump_exception_info(struct nrf_exception_info *ctx) +static void spu_dump_context(struct nrf_exception_info *ctx) { - SPMLOG_ERRMSG("Platform Exception:\r\n"); + SPMLOG_ERRMSG("Platform Exception: SPU Fault\r\n"); /* Report which type of violation occured */ if (ctx->events & SPU_EVENT_RAMACCERR) { - SPMLOG_DBGMSG(" SPU.RAMACCERR\r\n"); + SPMLOG_DBGMSG(" RAMACCERR\r\n"); } if (ctx->events & SPU_EVENT_PERIPHACCERR) { - SPMLOG_DBGMSG(" SPU.PERIPHACCERR\r\n"); - SPMLOG_DBGMSGVAL(" Target addr: ", ctx->periphaccerr.address); + SPMLOG_DBGMSG(" PERIPHACCERR\r\n"); } if (ctx->events & SPU_EVENT_FLASHACCERR) { - SPMLOG_DBGMSG(" SPU.FLASHACCERR\r\n"); + SPMLOG_DBGMSG(" FLASHACCERR\r\n"); } - -#if MPC_PRESENT - if (ctx->events & MPC_EVENT_MEMACCERR) { - SPMLOG_DBGMSG(" MPC.MEMACCERR\r\n"); - SPMLOG_DBGMSGVAL(" Target addr: ", ctx->memaccerr.address); - SPMLOG_DBGMSGVAL(" Access information: ", ctx->memaccerr.info); - SPMLOG_DBGMSGVAL(" Owner id: ", ctx->memaccerr.info & 0xf); - SPMLOG_DBGMSGVAL(" Masterport: ", (ctx->memaccerr.info & 0x1f0) >> 4); - SPMLOG_DBGMSGVAL(" Read: ", (ctx->memaccerr.info >> 12) & 1); - SPMLOG_DBGMSGVAL(" Write: ", (ctx->memaccerr.info >> 13) & 1); - SPMLOG_DBGMSGVAL(" Execute: ", (ctx->memaccerr.info >> 14) & 1); - SPMLOG_DBGMSGVAL(" Secure: ", (ctx->memaccerr.info >> 15) & 1); - SPMLOG_DBGMSGVAL(" Error source: ", (ctx->memaccerr.info >> 16) & 1); - } -#endif } void nrf_exception_info_store_context(void) { nrf_exc_info.events = spu_events_get(); -#ifdef SPU_PERIPHACCERR_ADDRESS_ADDRESS_Msk - if (nrf_exc_info.events & SPU_EVENT_PERIPHACCERR){ - nrf_exc_info.periphaccerr.address = spu_get_peri_addr(); - } -#endif - -#ifdef MPC_PRESENT - nrf_exc_info.events |= mpc_events_get(); - if (nrf_exc_info.events & MPC_EVENT_MEMACCERR) - { - nrf_exc_info.memaccerr.address = NRF_MPC00->MEMACCERR.ADDRESS; - nrf_exc_info.memaccerr.info = NRF_MPC00->MEMACCERR.INFO; - } -#endif - - dump_exception_info(&nrf_exc_info); + spu_dump_context(&nrf_exc_info); } void nrf_exception_info_get_context(struct nrf_exception_info *ctx) diff --git a/platform/ext/target/nordic_nrf/common/core/nrf_exception_info.h b/platform/ext/target/nordic_nrf/common/core/nrf_exception_info.h index 04b2eb8ba..7f297c800 100644 --- a/platform/ext/target/nordic_nrf/common/core/nrf_exception_info.h +++ b/platform/ext/target/nordic_nrf/common/core/nrf_exception_info.h @@ -11,16 +11,6 @@ struct nrf_exception_info { uint32_t events; - union{ - struct { - uint32_t address; - } periphaccerr; - - struct { - uint32_t address; - uint32_t info; - } memaccerr; - }; }; void nrf_exception_info_store_context(void); diff --git a/platform/ext/target/nordic_nrf/common/core/nrfx_config.h b/platform/ext/target/nordic_nrf/common/core/nrfx_config.h index f76e49cdd..dadddeb97 100644 --- a/platform/ext/target/nordic_nrf/common/core/nrfx_config.h +++ b/platform/ext/target/nordic_nrf/common/core/nrfx_config.h @@ -48,8 +48,7 @@ #endif /* RTE_FLASH0 */ -#if RTE_USART0 || RTE_USART1 || RTE_USART2 || RTE_USART3 || \ - RTE_USART00 || RTE_USART20 || RTE_USART21 || RTE_USART22 || RTE_USART30 +#if RTE_USART0 || RTE_USART1 || RTE_USART2 || RTE_USART3 || RTE_USART20 || RTE_USART22 #define NRFX_UARTE_ENABLED 1 #endif #if RTE_USART0 @@ -65,22 +64,13 @@ #define NRFX_UARTE3_ENABLED 1 #endif -/* 54L15 has different UART instances */ -#if RTE_USART00 -#define NRFX_UARTE00_ENABLED 1 -#endif +// TODO: NCSDK-25009: Moonlight: Make it possible to use different UARTS with TF-M #if RTE_USART20 #define NRFX_UARTE20_ENABLED 1 #endif -#if RTE_USART21 -#define NRFX_UARTE21_ENABLED 1 -#endif #if RTE_USART22 #define NRFX_UARTE22_ENABLED 1 #endif -#if RTE_USART30 -#define NRFX_UARTE30_ENABLED 1 -#endif /* * For chips with TrustZone support, MDK provides CMSIS-Core peripheral diff --git a/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c b/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c index 87a9c4c27..9b0a4b4a4 100644 --- a/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c +++ b/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c @@ -103,17 +103,10 @@ tfm_platform_hal_read_service(const psa_invec *in_vec, static bool valid_mcu_select(uint32_t mcu) { switch (mcu) { -#if defined(NRF54L15_ENGA_XXAA) - case NRF_GPIO_PIN_SEL_GPIO: - case NRF_GPIO_PIN_SEL_VPR: - case NRF_GPIO_PIN_SEL_GRTC: - case NRF_GPIO_PIN_SEL_TND: -#else case NRF_GPIO_PIN_SEL_APP: case NRF_GPIO_PIN_SEL_NETWORK: case NRF_GPIO_PIN_SEL_PERIPHERAL: case NRF_GPIO_PIN_SEL_TND: -#endif return true; default: return false; diff --git a/platform/ext/target/nordic_nrf/common/core/startup.h b/platform/ext/target/nordic_nrf/common/core/startup.h index 4b3f738b0..bb1295886 100644 --- a/platform/ext/target/nordic_nrf/common/core/startup.h +++ b/platform/ext/target/nordic_nrf/common/core/startup.h @@ -36,15 +36,6 @@ __NO_RETURN void SecureFault_Handler(void); void SPU_IRQHandler(void); -void SPU00_IRQHandler(void); -void SPU10_IRQHandler(void); -void SPU20_IRQHandler(void); -void SPU30_IRQHandler(void); - -void MPC00_IRQHandler(void); - -void CRACEN_IRQHandler(void); - /* * The default irq handler is used as a backup in case of * misconfiguration. diff --git a/platform/ext/target/nordic_nrf/common/core/startup_nrf54l15.c b/platform/ext/target/nordic_nrf/common/core/startup_nrf54l15.c deleted file mode 100644 index aa81ab1b1..000000000 --- a/platform/ext/target/nordic_nrf/common/core/startup_nrf54l15.c +++ /dev/null @@ -1,419 +0,0 @@ -/* - * Copyright (c) 2022 Arm Limited. All rights reserved. - * - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an AS IS BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - * This file is derivative of CMSIS V5.9.0 startup_ARMCM33.c - * Git SHA: 2b7495b8535bdcb306dac29b9ded4cfb679d7e5c - */ - -// TODO: NCSDK-25033: Support interrupt handling in TF-M. The IRQs -// below correspond to nrf53, not nrf54L. - -/* - * Define __VECTOR_TABLE_ATTRIBUTE (which can be provided by cmsis.h) - * before including cmsis.h because TF-M's linker script - * tfm_common_s.ld assumes the vector table section is called .vectors - * while cmsis.h will sometimes (e.g. when cmsis is provided by nrfx) - * default to using the name .isr_vector. - */ -#define __VECTOR_TABLE_ATTRIBUTE __attribute__((used, section(".vectors"))) - -#include "cmsis.h" -#include "startup.h" -#include "exception_info.h" - -__NO_RETURN __attribute__((naked)) void default_tfm_IRQHandler(void) { - EXCEPTION_INFO(); - - __ASM volatile( - "BL default_irq_handler \n" - "B . \n" - ); -} - -DEFAULT_IRQ_HANDLER(NMI_Handler) -DEFAULT_IRQ_HANDLER(HardFault_Handler) -DEFAULT_IRQ_HANDLER(MemManage_Handler) -DEFAULT_IRQ_HANDLER(BusFault_Handler) -DEFAULT_IRQ_HANDLER(UsageFault_Handler) -DEFAULT_IRQ_HANDLER(SecureFault_Handler) -DEFAULT_IRQ_HANDLER(SVC_Handler) -DEFAULT_IRQ_HANDLER(DebugMon_Handler) -DEFAULT_IRQ_HANDLER(PendSV_Handler) -DEFAULT_IRQ_HANDLER(SysTick_Handler) - -DEFAULT_IRQ_HANDLER(SWI00_IRQHandler) -DEFAULT_IRQ_HANDLER(SWI01_IRQHandler) -DEFAULT_IRQ_HANDLER(SWI02_IRQHandler) -DEFAULT_IRQ_HANDLER(SWI03_IRQHandler) -DEFAULT_IRQ_HANDLER(AAR00_CCM00_IRQHandler) -DEFAULT_IRQ_HANDLER(ECB00_IRQHandler) -DEFAULT_IRQ_HANDLER(SERIAL00_IRQHandler) -DEFAULT_IRQ_HANDLER(RRAMC_IRQHandler) -DEFAULT_IRQ_HANDLER(VPR00_IRQHandler) -DEFAULT_IRQ_HANDLER(CTRLAP_IRQHandler) -DEFAULT_IRQ_HANDLER(CM33SS_IRQHandler) -DEFAULT_IRQ_HANDLER(TIMER00_IRQHandler) -DEFAULT_IRQ_HANDLER(TIMER10_IRQHandler) -DEFAULT_IRQ_HANDLER(RTC10_IRQHandler) -DEFAULT_IRQ_HANDLER(EGU10_IRQHandler) -DEFAULT_IRQ_HANDLER(AAR10_CCM10_IRQHandler) -DEFAULT_IRQ_HANDLER(ECB10_IRQHandler) -DEFAULT_IRQ_HANDLER(RADIO_0_IRQHandler) -DEFAULT_IRQ_HANDLER(RADIO_1_IRQHandler) -DEFAULT_IRQ_HANDLER(SERIAL20_IRQHandler) -DEFAULT_IRQ_HANDLER(SERIAL21_IRQHandler) -DEFAULT_IRQ_HANDLER(SERIAL22_IRQHandler) -DEFAULT_IRQ_HANDLER(EGU20_IRQHandler) -DEFAULT_IRQ_HANDLER(TIMER20_IRQHandler) -DEFAULT_IRQ_HANDLER(TIMER21_IRQHandler) -DEFAULT_IRQ_HANDLER(TIMER22_IRQHandler) -DEFAULT_IRQ_HANDLER(TIMER23_IRQHandler) -DEFAULT_IRQ_HANDLER(TIMER24_IRQHandler) -DEFAULT_IRQ_HANDLER(PWM20_IRQHandler) -DEFAULT_IRQ_HANDLER(PWM21_IRQHandler) -DEFAULT_IRQ_HANDLER(PWM22_IRQHandler) -DEFAULT_IRQ_HANDLER(SAADC_IRQHandler) -DEFAULT_IRQ_HANDLER(NFCT_IRQHandler) -DEFAULT_IRQ_HANDLER(TEMP_IRQHandler) -DEFAULT_IRQ_HANDLER(GPIOTE20_1_IRQHandler) -DEFAULT_IRQ_HANDLER(TAMPC_IRQHandler) -DEFAULT_IRQ_HANDLER(I2S20_IRQHandler) -DEFAULT_IRQ_HANDLER(QDEC20_IRQHandler) -DEFAULT_IRQ_HANDLER(QDEC21_IRQHandler) -DEFAULT_IRQ_HANDLER(GRTC_0_IRQHandler) -DEFAULT_IRQ_HANDLER(GRTC_1_IRQHandler) -DEFAULT_IRQ_HANDLER(GRTC_2_IRQHandler) -DEFAULT_IRQ_HANDLER(GRTC_3_IRQHandler) -DEFAULT_IRQ_HANDLER(SERIAL30_IRQHandler) -DEFAULT_IRQ_HANDLER(RTC30_IRQHandler) -DEFAULT_IRQ_HANDLER(COMP_LPCOMP_IRQHandler) -DEFAULT_IRQ_HANDLER(WDT30_IRQHandler) -DEFAULT_IRQ_HANDLER(WDT31_IRQHandler) -DEFAULT_IRQ_HANDLER(GPIOTE30_1_IRQHandler) -DEFAULT_IRQ_HANDLER(CLOCK_POWER_IRQHandler) - -#if defined(DOMAIN_NS) || defined(BL2) -DEFAULT_IRQ_HANDLER(MPC00_IRQHandler) -DEFAULT_IRQ_HANDLER(SPU00_IRQHandler) -DEFAULT_IRQ_HANDLER(SPU10_IRQHandler) -DEFAULT_IRQ_HANDLER(SPU20_IRQHandler) -DEFAULT_IRQ_HANDLER(SPU30_IRQHandler) -DEFAULT_IRQ_HANDLER(CRACEN_IRQHandler) -#endif - -#if defined ( __GNUC__ ) -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wpedantic" -#endif - -const VECTOR_TABLE_Type __VECTOR_TABLE[] __VECTOR_TABLE_ATTRIBUTE = { - (VECTOR_TABLE_Type)(&__INITIAL_SP), /* Initial Stack Pointer */ -/* Exceptions */ - Reset_Handler, - NMI_Handler, - HardFault_Handler, - MemManage_Handler, /* MPU Fault Handler */ - BusFault_Handler, - UsageFault_Handler, - SecureFault_Handler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - SVC_Handler, - DebugMon_Handler, - default_tfm_IRQHandler, - PendSV_Handler, - SysTick_Handler, -/* Device specific interrupt handlers */ - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - SWI00_IRQHandler, - SWI01_IRQHandler, - SWI02_IRQHandler, - SWI03_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - SPU00_IRQHandler, - MPC00_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - AAR00_CCM00_IRQHandler, - ECB00_IRQHandler, - CRACEN_IRQHandler, - default_tfm_IRQHandler, - SERIAL00_IRQHandler, - RRAMC_IRQHandler, - VPR00_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - CTRLAP_IRQHandler, - CM33SS_IRQHandler, - default_tfm_IRQHandler, - TIMER00_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - SPU10_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - TIMER10_IRQHandler, - RTC10_IRQHandler, - EGU10_IRQHandler, - AAR10_CCM10_IRQHandler, - ECB10_IRQHandler, - RADIO_0_IRQHandler, - RADIO_1_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - SPU20_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - SERIAL20_IRQHandler, - SERIAL21_IRQHandler, - SERIAL22_IRQHandler, - EGU20_IRQHandler, - TIMER20_IRQHandler, - TIMER21_IRQHandler, - TIMER22_IRQHandler, - TIMER23_IRQHandler, - TIMER24_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - PWM20_IRQHandler, - PWM21_IRQHandler, - PWM22_IRQHandler, - SAADC_IRQHandler, - NFCT_IRQHandler, - TEMP_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - GPIOTE20_1_IRQHandler, - TAMPC_IRQHandler, - I2S20_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - QDEC20_IRQHandler, - QDEC21_IRQHandler, - GRTC_0_IRQHandler, - GRTC_1_IRQHandler, - GRTC_2_IRQHandler, - GRTC_3_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - SPU30_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - SERIAL30_IRQHandler, - RTC30_IRQHandler, - COMP_LPCOMP_IRQHandler, - default_tfm_IRQHandler, - WDT30_IRQHandler, - WDT31_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - default_tfm_IRQHandler, - GPIOTE30_1_IRQHandler, - CLOCK_POWER_IRQHandler, -}; - -#if defined ( __GNUC__ ) -#pragma GCC diagnostic pop -#endif diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.c b/platform/ext/target/nordic_nrf/common/core/target_cfg.c index b2b1f1dff..d6a0c9872 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.c +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.c @@ -20,7 +20,6 @@ #include "region_defs.h" #include "tfm_plat_defs.h" #include "tfm_peripherals_config.h" -#include "utilities.h" #include "region.h" #include "array.h" @@ -28,56 +27,19 @@ #include #include - -#include -#include - -#ifdef RRAMC_PRESENT -#include -#include - -#if CONFIG_NRF_RRAM_WRITE_BUFFER_SIZE > 0 -#define WRITE_BUFFER_SIZE CONFIG_NRF_RRAM_WRITE_BUFFER_SIZE -#else -#define WRITE_BUFFER_SIZE 0 -#endif - -#endif - -#define SPU_ADDRESS_REGION (0x50000000) -#define GET_SPU_SLAVE_INDEX(periph) ((periph.periph_start & 0x0003F000) >> 12) -#define GET_SPU_INSTANCE(periph) ((NRF_SPU_Type*)(SPU_ADDRESS_REGION | (periph.periph_start & 0x00FC0000))) - - -#ifdef CACHE_PRESENT -#include -#endif - -#ifdef NVMC_PRESENT #include #include -#endif - -#ifdef MPC_PRESENT -#include -#endif +#include +#include -#ifdef NRF53_SERIES #define PIN_XL1 0 #define PIN_XL2 1 -#endif -#ifdef NRF54L15_ENGA_XXAA -/* On nRF54L15 XL1 and XL2 are(P1.00) and XL2(P1.01) */ -#define PIN_XL1 32 -#define PIN_XL2 33 -/* During TF-M system initialization we invoke a function that comes - * from Zephyr. This function does not have a header file so we - * declare it's prototype here. - */ -int nordicsemi_nrf54l_init(void); +#if !(defined(NRF91_SERIES) || defined(NRF53_SERIES)) +#error "Invalid configuration" #endif + #if TFM_PERIPHERAL_DCNF_SECURE struct platform_data_t tfm_peripheral_dcnf = { NRF_DCNF_S_BASE, @@ -134,48 +96,6 @@ struct platform_data_t tfm_peripheral_spim0 = { }; #endif -#if TFM_PERIPHERAL_SPIM00_SECURE -struct platform_data_t tfm_peripheral_spim00 = { - NRF_SPIM00_S_BASE, - NRF_SPIM00_S_BASE + (sizeof(NRF_SPIM_Type) - 1), -}; -#endif - -#if TFM_PERIPHERAL_SPIM20_SECURE -struct platform_data_t tfm_peripheral_spim20 = { - NRF_SPIM20_S_BASE, - NRF_SPIM20_S_BASE + (sizeof(NRF_SPIM_Type) - 1), -}; -#endif - -#if TFM_PERIPHERAL_SPIM22_SECURE -struct platform_data_t tfm_peripheral_spim21 = { - NRF_SPIM21_S_BASE, - NRF_SPIM21_S_BASE + (sizeof(NRF_SPIM_Type) - 1), -}; -#endif - -#if TFM_PERIPHERAL_SPIM22_SECURE -struct platform_data_t tfm_peripheral_spim22 = { - NRF_SPIM22_S_BASE, - NRF_SPIM22_S_BASE + (sizeof(NRF_SPIM_Type) - 1), -}; -#endif - -#if TFM_PERIPHERAL_SPIM23_SECURE -struct platform_data_t tfm_peripheral_spim23 = { - NRF_SPIM23_S_BASE, - NRF_SPIM23_S_BASE + (sizeof(NRF_SPIM_Type) - 1), -}; -#endif - -#if TFM_PERIPHERAL_SPIM30_SECURE -struct platform_data_t tfm_peripheral_spim30 = { - NRF_SPIM30_S_BASE, - NRF_SPIM30_S_BASE + (sizeof(NRF_SPIM_Type) - 1), -}; -#endif - #if TFM_PERIPHERAL_SPIS0_SECURE struct platform_data_t tfm_peripheral_spis0 = { NRF_SPIS0_S_BASE, @@ -316,41 +236,6 @@ struct platform_data_t tfm_peripheral_uarte3 = { }; #endif -#if TFM_PERIPHERAL_UARTE00_SECURE -struct platform_data_t tfm_peripheral_uarte00 = { - NRF_UARTE00_S_BASE, - NRF_UARTE00_S_BASE + (sizeof(NRF_UARTE_Type) - 1), -}; -#endif - -#if TFM_PERIPHERAL_UARTE20_SECURE -struct platform_data_t tfm_peripheral_uarte20 = { - NRF_UARTE20_S_BASE, - NRF_UARTE20_S_BASE + (sizeof(NRF_UARTE_Type) - 1), -}; -#endif - -#if TFM_PERIPHERAL_UARTE21_SECURE -struct platform_data_t tfm_peripheral_uarte21 = { - NRF_UARTE21_S_BASE, - NRF_UARTE21_S_BASE + (sizeof(NRF_UARTE_Type) - 1), -}; -#endif - -#if TFM_PERIPHERAL_UARTE22_SECURE -struct platform_data_t tfm_peripheral_uarte22 = { - NRF_UARTE22_S_BASE, - NRF_UARTE22_S_BASE + (sizeof(NRF_UARTE_Type) - 1), -}; -#endif - -#if TFM_PERIPHERAL_UARTE30_SECURE -struct platform_data_t tfm_peripheral_uarte30 = { - NRF_UARTE30_S_BASE, - NRF_UARTE30_S_BASE + (sizeof(NRF_UARTE_Type) - 1), -}; -#endif - #if TFM_PERIPHERAL_SAADC_SECURE struct platform_data_t tfm_peripheral_saadc = { NRF_SAADC_S_BASE, @@ -365,55 +250,6 @@ struct platform_data_t tfm_peripheral_timer0 = { }; #endif -#if TFM_PERIPHERAL_TIMER00_SECURE -struct platform_data_t tfm_peripheral_timer00 = { - NRF_TIMER00_S_BASE, - NRF_TIMER00_S_BASE + (sizeof(NRF_TIMER_Type) - 1), -}; -#endif - -#if TFM_PERIPHERAL_TIMER10_SECURE -struct platform_data_t tfm_peripheral_timer10 = { - NRF_TIMER10_S_BASE, - NRF_TIMER10_S_BASE + (sizeof(NRF_TIMER_Type) - 1), -}; -#endif - -#if TFM_PERIPHERAL_TIMER20_SECURE -struct platform_data_t tfm_peripheral_timer20 = { - NRF_TIMER20_S_BASE, - NRF_TIMER20_S_BASE + (sizeof(NRF_TIMER_Type) - 1), -}; -#endif - -#if TFM_PERIPHERAL_TIMER21_SECURE -struct platform_data_t tfm_peripheral_timer21 = { - NRF_TIMER21_S_BASE, - NRF_TIMER21_S_BASE + (sizeof(NRF_TIMER_Type) - 1), -}; -#endif - -#if TFM_PERIPHERAL_TIMER22_SECURE -struct platform_data_t tfm_peripheral_timer22 = { - NRF_TIMER22_S_BASE, - NRF_TIMER22_S_BASE + (sizeof(NRF_TIMER_Type) - 1), -}; -#endif - -#if TFM_PERIPHERAL_TIMER23_SECURE -struct platform_data_t tfm_peripheral_timer23 = { - NRF_TIMER23_S_BASE, - NRF_TIMER23_S_BASE + (sizeof(NRF_TIMER_Type) - 1), -}; -#endif - -#if TFM_PERIPHERAL_TIMER24_SECURE -struct platform_data_t tfm_peripheral_timer24 = { - NRF_TIMER24_S_BASE, - NRF_TIMER24_S_BASE + (sizeof(NRF_TIMER_Type) - 1), -}; -#endif - #if TFM_PERIPHERAL_TIMER1_SECURE struct platform_data_t tfm_peripheral_timer1 = { NRF_TIMER1_S_BASE, @@ -526,20 +362,6 @@ struct platform_data_t tfm_peripheral_egu5 = { }; #endif -#if TFM_PERIPHERAL_EGU10_SECURE -struct platform_data_t tfm_peripheral_egu10 = { - NRF_EGU10_S_BASE, - NRF_EGU10_S_BASE + (sizeof(NRF_EGU_Type) - 1), -}; -#endif - -#if TFM_PERIPHERAL_EGU20_SECURE -struct platform_data_t tfm_peripheral_egu20 = { - NRF_EGU20_S_BASE, - NRF_EGU20_S_BASE + (sizeof(NRF_EGU_Type) - 1), -}; -#endif - #if TFM_PERIPHERAL_PWM0_SECURE struct platform_data_t tfm_peripheral_pwm0 = { NRF_PWM0_S_BASE, @@ -568,27 +390,6 @@ struct platform_data_t tfm_peripheral_pwm3 = { }; #endif -#if TFM_PERIPHERAL_PWM20_SECURE -struct platform_data_t tfm_peripheral_pwm20 = { - NRF_PWM20_S_BASE, - NRF_PWM20_S_BASE + (sizeof(NRF_PWM_Type) - 1), -}; -#endif - -#if TFM_PERIPHERAL_PWM21_SECURE -struct platform_data_t tfm_peripheral_pwm21 = { - NRF_PWM21_S_BASE, - NRF_PWM21_S_BASE + (sizeof(NRF_PWM_Type) - 1), -}; -#endif - -#if TFM_PERIPHERAL_PWM22_SECURE -struct platform_data_t tfm_peripheral_pwm22 = { - NRF_PWM22_S_BASE, - NRF_PWM22_S_BASE + (sizeof(NRF_PWM_Type) - 1), -}; -#endif - #if TFM_PERIPHERAL_PDM0_SECURE struct platform_data_t tfm_peripheral_pdm0 = { NRF_PDM0_S_BASE, @@ -807,7 +608,33 @@ enum tfm_plat_err_t system_reset_cfg(void) enum tfm_plat_err_t init_debug(void) { -#if defined(NRF91_SERIES) || defined(NRF54L15_ENGA_XXAA) +#if defined(NRF_APPROTECT) || defined(NRF_SECURE_APPROTECT) + +#if !defined(DAUTH_CHIP_DEFAULT) +#error "Debug access controlled by NRF_APPROTECT and NRF_SECURE_APPROTECT." +#endif + +#if defined(NRF_APPROTECT) + /* For nRF53 and nRF91x1 already active. For nRF9160, active in the next boot.*/ + if (nrfx_nvmc_word_writable_check((uint32_t)&NRF_UICR_S->APPROTECT, + UICR_APPROTECT_PALL_Protected)) { + nrfx_nvmc_word_write((uint32_t)&NRF_UICR_S->APPROTECT, UICR_APPROTECT_PALL_Protected); + } else { + return TFM_PLAT_ERR_SYSTEM_ERR; + } +#endif +#if defined(NRF_SECURE_APPROTECT) + /* For nRF53 and nRF91x1 already active. For nRF9160, active in the next boot. */ + if (nrfx_nvmc_word_writable_check((uint32_t)&NRF_UICR_S->SECUREAPPROTECT, + UICR_SECUREAPPROTECT_PALL_Protected)) { + nrfx_nvmc_word_write((uint32_t)&NRF_UICR_S->SECUREAPPROTECT, + UICR_SECUREAPPROTECT_PALL_Protected); + } else { + return TFM_PLAT_ERR_SYSTEM_ERR; + } +#endif + +#elif defined(NRF91_SERIES) #if !defined(DAUTH_CHIP_DEFAULT) #error "Debug access on this platform can only be configured by programming the corresponding registers in UICR." @@ -838,17 +665,11 @@ enum tfm_plat_err_t init_debug(void) NRF_CTRLAP->SECUREAPPROTECT.LOCK = CTRLAPPERI_SECUREAPPROTECT_LOCK_LOCK_Locked << CTRLAPPERI_SECUREAPPROTECT_LOCK_LOCK_Msk; -#else -#error "Unrecognized platform" - #endif return TFM_PLAT_ERR_SUCCESS; } -#define NRF_UARTE_INSTANCE(id) NRF_UARTE ## id -#define NRF_UARTE_INSTANCE_GET(id) NRF_UARTE_INSTANCE(id) - /*----------------- NVIC interrupt target state to NS configuration ----------*/ enum tfm_plat_err_t nvic_interrupt_target_state_cfg(void) { @@ -857,21 +678,17 @@ enum tfm_plat_err_t nvic_interrupt_target_state_cfg(void) NVIC->ITNS[i] = 0xFFFFFFFF; } - /* Make sure that the SPU instance(s) are targeted to S state */ - for(int i = 0; i < ARRAY_SIZE(spu_instances); i++) { - NVIC_ClearTargetState(NRFX_IRQ_NUMBER_GET(spu_instances[i])); - } - -#ifdef NRF_CRACEN - NVIC_ClearTargetState(NRFX_IRQ_NUMBER_GET(NRF_CRACEN)); -#endif -#ifdef NRF_MPC00 - NVIC_ClearTargetState(MPC00_IRQn); -#endif + /* Make sure that the SPU is targeted to S state */ + NVIC_ClearTargetState(NRFX_IRQ_NUMBER_GET(NRF_SPU)); #ifdef SECURE_UART1 - /* IRQ for the selected secure UART has to target S state */ - NVIC_ClearTargetState(NRFX_IRQ_NUMBER_GET(NRF_UARTE_INSTANCE_GET(NRF_SECURE_UART_INSTANCE))); +#if NRF_SECURE_UART_INSTANCE == 0 + /* UARTE0 is a secure peripheral, so its IRQ has to target S state */ + NVIC_ClearTargetState(NRFX_IRQ_NUMBER_GET(NRF_UARTE0)); +#elif NRF_SECURE_UART_INSTANCE == 1 + /* UARTE1 is a secure peripheral, so its IRQ has to target S state */ + NVIC_ClearTargetState(NRFX_IRQ_NUMBER_GET(NRF_UARTE1)); +#endif #endif return TFM_PLAT_ERR_SUCCESS; @@ -883,23 +700,8 @@ enum tfm_plat_err_t nvic_interrupt_enable(void) /* SPU interrupt enabling */ spu_enable_interrupts(); - for(int i = 0; i < ARRAY_SIZE(spu_instances); i++) { - NVIC_ClearPendingIRQ(NRFX_IRQ_NUMBER_GET(spu_instances[i])); - NVIC_EnableIRQ(NRFX_IRQ_NUMBER_GET(spu_instances[i])); - } - -#ifdef MPC_PRESENT - mpc_clear_events(); - /* MPC interrupt enabling */ - mpc_enable_interrupts(); - - NVIC_ClearPendingIRQ(NRFX_IRQ_NUMBER_GET(NRF_MPC00)); - NVIC_EnableIRQ(NRFX_IRQ_NUMBER_GET(NRF_MPC00)); -#endif - - /* The CRACEN driver configures the NVIC for CRACEN and is - * therefore omitted here. - */ + NVIC_ClearPendingIRQ(NRFX_IRQ_NUMBER_GET(NRF_SPU)); + NVIC_EnableIRQ(NRFX_IRQ_NUMBER_GET(NRF_SPU)); return TFM_PLAT_ERR_SUCCESS; } @@ -908,61 +710,13 @@ enum tfm_plat_err_t nvic_interrupt_enable(void) void sau_and_idau_cfg(void) { - /* - * SAU and IDAU configuration is very different between old - * (53/91) and new (54++) platforms. New platforms have a proper SAU - * and IDAU, whereas old platforms do not. - */ -#ifdef NRF54L15_ENGA_XXAA - /* - * This SAU configuration aligns with ARM's RSS implementation of - * sau_and_idau_cfg when possible. - */ - - /* Enables SAU */ - TZ_SAU_Enable(); - - /* Configures SAU regions to be non-secure */ - - /* Note that this SAU configuration assumes that there is only one - * secure NVM partition and one non-secure NVM partition. Meaning, - * memory_regions.non_secure_partition_limit is at the end of - * NVM. - */ - - /* Configure the end of NVM, and the FICR, to be non-secure using - a single region. Note that the FICR is placed after the - non-secure NVM and before the UICR.*/ - SAU->RNR = 0; - SAU->RBAR = (memory_regions.non_secure_partition_base - & SAU_RBAR_BADDR_Msk); - SAU->RLAR = (NRF_UICR_S_BASE & SAU_RLAR_LADDR_Msk) | SAU_RLAR_ENABLE_Msk; - - /* Leave SAU region 1 disabled until we find a use for it */ - - /* Configures veneers region to be non-secure callable */ - SAU->RNR = 2; - SAU->RBAR = (memory_regions.veneer_base & SAU_RBAR_BADDR_Msk); - SAU->RLAR = (memory_regions.veneer_limit & SAU_RLAR_LADDR_Msk) - | SAU_RLAR_ENABLE_Msk | SAU_RLAR_NSC_Msk; - - /* Configures SAU region 3 to cover both the end of SRAM and - * regions above it as shown in the "Example memory map" in the - * "Product Specification" */ - SAU->RNR = 3; - SAU->RBAR = (NS_DATA_START & SAU_RBAR_BADDR_Msk); - SAU->RLAR = (0xFFFFFFFFul & SAU_RLAR_LADDR_Msk) | SAU_RLAR_ENABLE_Msk; - -#else /* IDAU (SPU) is always enabled. SAU is non-existent. * Allow SPU to have precedence over (non-existing) ARMv8-M SAU. */ TZ_SAU_Disable(); SAU->CTRL |= SAU_CTRL_ALLNS_Msk; -#endif } -#if NRF_SPU_HAS_MEMORY enum tfm_plat_err_t spu_init_cfg(void) { /* @@ -1041,264 +795,29 @@ enum tfm_plat_err_t spu_init_cfg(void) return TFM_PLAT_ERR_SUCCESS; } -#endif /* NRF_SPU_HAS_MEMORY */ - - -#ifdef MPC_PRESENT -struct mpc_region_override { - nrf_mpc_override_config_t config; - nrf_owner_t owner_id; - uintptr_t start_address; - size_t endaddr; - uint32_t perm; - uint32_t permmask; - size_t index; -}; - -static void mpc_configure_override(NRF_MPC_Type *mpc, struct mpc_region_override *override) -{ - nrf_mpc_override_startaddr_set(mpc, override->index, override->start_address); - nrf_mpc_override_endaddr_set(mpc, override->index, override->endaddr); - nrf_mpc_override_perm_set(mpc, override->index, override->perm); - nrf_mpc_override_permmask_set(mpc, override->index, override->permmask); - nrf_mpc_override_ownerid_set(mpc, override->index, override->owner_id); - nrf_mpc_override_config_set(mpc, override->index, &override->config); -} - -/* - * Configure the override struct with reasonable defaults. This includes: - * - * Use a slave number of 0 to avoid redirecting bus transactions from - * one slave to another. - * - * Lock the override to prevent the code that follows from tampering - * with the configuration. - * - * Enable the override so it takes effect. - * - * Indicate that secdom is not enabled as this driver is not used on - * platforms with secdom. - */ -static void init_mpc_region_override(struct mpc_region_override * override) -{ - *override = (struct mpc_region_override){ - .config = - (nrf_mpc_override_config_t){ - .slave_number = 0, - .lock = true, - .enable = true, - .secdom_enable = false, - .secure_mask = true, - }, - .perm = 0, /* 0 for non-secure */ - .owner_id = 0, - }; - - override->permmask = MPC_OVERRIDE_PERM_SECATTR_Msk; -} - -enum tfm_plat_err_t nrf_mpc_init_cfg(void) -{ - /* On 54l the NRF_MPC00->REGION[]'s are fixed in HW and the - * OVERRIDE indexes (that are useful to us) start at 0 and end - * (inclusive) at 4. - * - * Note that the MPC regions configure all volatile and non-volatile memory as secure, so we only - * need to explicitly OVERRIDE the non-secure addresses to permit non-secure access. - * - * Explicitly configuring memory as secure is not necessary. - * - * The last OVERRIDE in 54L is fixed in HW and exists to prevent - * other bus masters than the KMU from accessing CRACEN protected RAM. - * - * Note that we must take care not to configure an OVERRIDE that - * affects an active bus transaction. - * - * Note that we don't configure the NSC region to be NS because - * from the MPC's perspective it is secure. NSC is only configurable from the SAU. - * - * Note that OVERRIDE[n].MASTERPORT has a reasonable reset value - * so it is left unconfigured. - * - * Note that there are two owners in 54L. KMU with owner ID 1, and everything else with owner ID 0. - */ - - uint32_t index = 0; - /* - * Configure the non-secure partition of the non-volatile - * memory. This MPC region is intended to cover both the - * non-secure partition in the NVM and also the FICR. The FICR - * starts after the NVM and ends just before the UICR. - */ - { - struct mpc_region_override override; - - init_mpc_region_override(&override); - - override.start_address = memory_regions.non_secure_partition_base; - override.endaddr = NRF_UICR_S_BASE; - override.index = index++; - - mpc_configure_override(NRF_MPC00, &override); - } - - /* Configure the non-secure partition of the volatile memory */ - { - struct mpc_region_override override; - - init_mpc_region_override(&override); - - override.start_address = NS_DATA_START; - override.endaddr = 1 + NS_DATA_LIMIT; - override.index = index++; - - mpc_configure_override(NRF_MPC00, &override); - } - - if(index > 4) { - /* Used more overrides than are available */ - tfm_core_panic(); - } - - /* Lock and disable any unused MPC overrides to prevent malicious configuration */ - while(index <= 4) { - struct mpc_region_override override; - - init_mpc_region_override(&override); - - override.config.enable = false; - - override.index = index++; - - mpc_configure_override(NRF_MPC00, &override); - } - - return TFM_PLAT_ERR_SUCCESS; -} - -#endif /* MPC_PRESENT */ - -static void dppi_channel_configuration(void) -{ - /* The SPU HW and corresponding NRFX HAL API have two different - * API's for DPPI security configuration. The defines - * NRF_SPU_HAS_OWNERSHIP and NRF_SPU_HAS_MEMORY identify which of the two API's - * are present. - * - * TFM_PERIPHERAL_DPPI_CHANNEL_MASK_SECURE is configurable, but - * usually defaults to 0, which results in all DPPI channels being - * non-secure. - */ -#if NRF_SPU_HAS_MEMORY - /* There is only one dppi_id */ - uint8_t dppi_id = 0; - nrf_spu_dppi_config_set(NRF_SPU, dppi_id, TFM_PERIPHERAL_DPPI_CHANNEL_MASK_SECURE, - SPU_LOCK_CONF_LOCKED); -#else - /* TODO_NRF54L15: Use the nrf_spu_feature API to configure DPPI - channels according to a user-controllable config similar to - TFM_PERIPHERAL_DPPI_CHANNEL_MASK_SECURE. */ -#endif -} enum tfm_plat_err_t spu_periph_init_cfg(void) { /* Peripheral configuration */ -#ifdef NRF54L15_ENGA_XXAA - /* Configure features to be non-secure */ - - /* - * Due to MLT-7600, many SPU HW reset values are wrong. The docs - * generally features being non-secure when coming out of HW - * reset, but the HW has a good mix of both. - * - * When configuring NRF_SPU 0 will indicate non-secure and 1 will - * indicate secure. - * - * Most of the chip should be non-secure so to simplify and be - * consistent, we memset the entire memory map of each SPU - * peripheral to 0. - * - * Just after memsetting to 0 we explicitly configure the - * peripherals that should be secure back to secure again. - */ - // TODO: NCSDK-22597: Evaluate if it is safe to memset everything - // in NRF_SPU to 0. - memset(NRF_SPU00, 0, sizeof(NRF_SPU_Type)); - memset(NRF_SPU10, 0, sizeof(NRF_SPU_Type)); - memset(NRF_SPU20, 0, sizeof(NRF_SPU_Type)); - memset(NRF_SPU30, 0, sizeof(NRF_SPU_Type)); - -#if SECURE_UART1 - /* Configure TF-M's UART peripheral to be secure */ -#if NRF_SECURE_UART_INSTANCE == 00 - uint32_t uart_periph_start = tfm_peripheral_uarte00.periph_start; -#endif -#if NRF_SECURE_UART_INSTANCE == 20 - uint32_t uart_periph_start = tfm_peripheral_uarte20.periph_start; -#endif -#if NRF_SECURE_UART_INSTANCE == 21 - uint32_t uart_periph_start = tfm_peripheral_uarte21.periph_start; -#endif -#if NRF_SECURE_UART_INSTANCE == 22 - uint32_t uart_periph_start = tfm_peripheral_uarte22.periph_start; -#endif -#if NRF_SECURE_UART_INSTANCE == 30 - uint32_t uart_periph_start = tfm_peripheral_uarte30.periph_start; -#endif - spu_peripheral_config_secure(uart_periph_start, SPU_LOCK_CONF_LOCKED); -#endif - - /* Configure the CTRL-AP mailbox interface to be secure as it is used by the secure ADAC service */ - spu_peripheral_config_secure(NRF_CTRLAP_S_BASE, SPU_LOCK_CONF_LOCKED); - - /* Configure NRF_MEMCONF to be secure as it could otherwise be used to corrupt secure RAM. */ - spu_peripheral_config_secure(NRF_MEMCONF_S_BASE, SPU_LOCK_CONF_LOCKED); - - /* Configure trace to be secure, as the security implications of non-secure trace are not understood */ - spu_peripheral_config_secure(NRF_TAD_S_BASE, SPU_LOCK_CONF_LOCKED); - - /* Configure these HW features, which are not in the MDK, to be - * secure, as the security implications of them being non-secure - * are not understood - */ - uint32_t base_addresses[4] = { - 0x50056000, - 0x5008C000, - 0x500E6000, - 0x5010F000 - }; - for(int i = 0; i < 4; i++) { - spu_peripheral_config_secure(base_addresses[i], SPU_LOCK_CONF_LOCKED); - } - - /* Configure NRF_REGULATORS, and NRF_OSCILLATORS to be secure as NRF_REGULATORS.POFCON is needed - * to prevent glitches when the power supply is attacked. - * - * NB: Note that NRF_OSCILLATORS and NRF_REGULATORS have the same base address and must therefore - * have the same security configuration. - */ - spu_peripheral_config_secure(NRF_REGULATORS_S_BASE, SPU_LOCK_CONF_LOCKED); -#else -static const uint8_t target_peripherals[] = { +static const uint32_t target_peripherals[] = { /* The following peripherals share ID: * - FPU (FPU cannot be configured in NRF91 series, it's always NS) * - DCNF (On 53, but not 91) */ #ifndef NRF91_SERIES - NRFX_PERIPHERAL_ID_GET(NRF_FPU), + NRF_FPU_S_BASE, #endif /* The following peripherals share ID: * - REGULATORS * - OSCILLATORS */ - NRFX_PERIPHERAL_ID_GET(NRF_REGULATORS), + NRF_REGULATORS_S_BASE, /* The following peripherals share ID: * - CLOCK * - POWER * - RESET (On 53, but not 91) */ - NRFX_PERIPHERAL_ID_GET(NRF_CLOCK), + NRF_CLOCK_S_BASE, /* The following peripherals share ID: (referred to as Serial-Box) * - SPIMx * - SPISx @@ -1311,168 +830,124 @@ static const uint8_t target_peripherals[] = { * The UART Driver will configure it as non-secure when it uninitializes. */ #if !(defined(SECURE_UART1) && NRF_SECURE_UART_INSTANCE == 0) - NRFX_PERIPHERAL_ID_GET(NRF_SPIM0), -#ifndef SECURE_UART1 - /* UART1 is a secure peripheral, so we need to leave Serial-Box 1 as Secure */ - NRFX_PERIPHERAL_ID_GET(NRF_SPIM1), + spu_peripheral_config_non_secure((uint32_t)NRF_SPIM0, false); #endif - NRFX_PERIPHERAL_ID_GET(NRF_SPIM2), - NRFX_PERIPHERAL_ID_GET(NRF_SPIM3), + /* When UART1 is a secure peripheral we need to leave Serial-Box 1 as Secure */ +#if !(defined(SECURE_UART1) && NRF_SECURE_UART_INSTANCE == 1) + spu_peripheral_config_non_secure((uint32_t)NRF_SPIM1, false); +#endif + NRF_SPIM2_S_BASE, + NRF_SPIM3_S_BASE, #ifdef NRF_SPIM4 - NRFX_PERIPHERAL_ID_GET(NRF_SPIM4), -#endif - NRFX_PERIPHERAL_ID_GET(NRF_SAADC), - NRFX_PERIPHERAL_ID_GET(NRF_TIMER0), - NRFX_PERIPHERAL_ID_GET(NRF_TIMER1), - NRFX_PERIPHERAL_ID_GET(NRF_TIMER2), - NRFX_PERIPHERAL_ID_GET(NRF_RTC0), - NRFX_PERIPHERAL_ID_GET(NRF_RTC1), - NRFX_PERIPHERAL_ID_GET(NRF_DPPIC), + NRF_SPIM4_S_BASE, +#endif + NRF_SAADC_S_BASE, + NRF_TIMER0_S_BASE, + NRF_TIMER1_S_BASE, + NRF_TIMER2_S_BASE, + NRF_RTC0_S_BASE, + NRF_RTC1_S_BASE, + NRF_DPPIC_S_BASE, #ifndef PSA_API_TEST_IPC #ifdef NRF_WDT0 /* WDT0 is used as a secure peripheral in PSA FF tests */ - NRFX_PERIPHERAL_ID_GET(NRF_WDT0), + NRF_WDT0_S_BASE, #endif #ifdef NRF_WDT - NRFX_PERIPHERAL_ID_GET(NRF_WDT), + NRF_WDT_S_BASE, #endif #endif /* PSA_API_TEST_IPC */ #ifdef NRF_WDT1 - NRFX_PERIPHERAL_ID_GET(NRF_WDT1), + NRF_WDT1_S_BASE, #endif /* The following peripherals share ID: * - COMP * - LPCOMP */ #ifdef NRF_COMP - NRFX_PERIPHERAL_ID_GET(NRF_COMP), + NRF_COMP_S_BASE, #endif - NRFX_PERIPHERAL_ID_GET(NRF_EGU0), - NRFX_PERIPHERAL_ID_GET(NRF_EGU1), - NRFX_PERIPHERAL_ID_GET(NRF_EGU2), - NRFX_PERIPHERAL_ID_GET(NRF_EGU3), - NRFX_PERIPHERAL_ID_GET(NRF_EGU4), + NRF_EGU0_S_BASE, + NRF_EGU1_S_BASE, + NRF_EGU2_S_BASE, + NRF_EGU3_S_BASE, + NRF_EGU4_S_BASE, #ifndef PSA_API_TEST_IPC /* EGU5 is used as a secure peripheral in PSA FF tests */ - NRFX_PERIPHERAL_ID_GET(NRF_EGU5), + NRF_EGU5_S_BASE, #endif - NRFX_PERIPHERAL_ID_GET(NRF_PWM0), - NRFX_PERIPHERAL_ID_GET(NRF_PWM1), - NRFX_PERIPHERAL_ID_GET(NRF_PWM2), - NRFX_PERIPHERAL_ID_GET(NRF_PWM3), + NRF_PWM0_S_BASE, + NRF_PWM1_S_BASE, + NRF_PWM2_S_BASE, + NRF_PWM3_S_BASE, #ifdef NRF_PDM - NRFX_PERIPHERAL_ID_GET(NRF_PDM), + NRF_PDM_S_BASE, #endif #ifdef NRF_PDM0 - NRFX_PERIPHERAL_ID_GET(NRF_PDM0), + NRF_PDM0_S_BASE, #endif #ifdef NRF_I2S - NRFX_PERIPHERAL_ID_GET(NRF_I2S), + NRF_I2S_S_BASE, #endif #ifdef NRF_I2S0 - NRFX_PERIPHERAL_ID_GET(NRF_I2S0), + NRF_I2S0_S_BASE, #endif - NRFX_PERIPHERAL_ID_GET(NRF_IPC), + NRF_IPC_S_BASE, #ifndef SECURE_QSPI #ifdef NRF_QSPI - NRFX_PERIPHERAL_ID_GET(NRF_QSPI), + NRF_QSPI_S_BASE, #endif #endif #ifdef NRF_NFCT - NRFX_PERIPHERAL_ID_GET(NRF_NFCT), + NRF_NFCT_S_BASE, #endif #ifdef NRF_MUTEX - NRFX_PERIPHERAL_ID_GET(NRF_MUTEX), + NRF_MUTEX_S_BASE, #endif #ifdef NRF_QDEC0 - NRFX_PERIPHERAL_ID_GET(NRF_QDEC0), + NRF_QDEC0_S_BASE, #endif #ifdef NRF_QDEC1 - NRFX_PERIPHERAL_ID_GET(NRF_QDEC1), + NRF_QDEC1_S_BASE, #endif #ifdef NRF_USBD - NRFX_PERIPHERAL_ID_GET(NRF_USBD), + NRF_USBD_S_BASE, #endif #ifdef NRF_USBREGULATOR - NRFX_PERIPHERAL_ID_GET(NRF_USBREGULATOR), + NRF_USBREGULATOR_S_BASE, #endif - NRFX_PERIPHERAL_ID_GET(NRF_NVMC), - NRFX_PERIPHERAL_ID_GET(NRF_P0), + NRF_NVMC_S_BASE, + NRF_P0_S_BASE, #ifdef NRF_P1 - NRFX_PERIPHERAL_ID_GET(NRF_P1), + NRF_P1_S_BASE, #endif - NRFX_PERIPHERAL_ID_GET(NRF_VMC), }; for (int i = 0; i < ARRAY_SIZE(target_peripherals); i++) { spu_peripheral_config_non_secure(target_peripherals[i], SPU_LOCK_CONF_UNLOCKED); } -#endif /* Moonlight */ - /* DPPI channel configuration */ - dppi_channel_configuration(); + spu_dppi_config_non_secure(TFM_PERIPHERAL_DPPI_CHANNEL_MASK_SECURE, SPU_LOCK_CONF_LOCKED); /* GPIO pin configuration */ - uint32_t secure_pins[] = { - TFM_PERIPHERAL_GPIO0_PIN_MASK_SECURE, + spu_gpio_config_non_secure(0, TFM_PERIPHERAL_GPIO0_PIN_MASK_SECURE, SPU_LOCK_CONF_LOCKED); #ifdef TFM_PERIPHERAL_GPIO1_PIN_MASK_SECURE - TFM_PERIPHERAL_GPIO1_PIN_MASK_SECURE, -#endif -#ifdef TFM_PERIPHERAL_GPIO2_PIN_MASK_SECURE - TFM_PERIPHERAL_GPIO2_PIN_MASK_SECURE, -#endif - }; - - /* Note that there are two different API's for SPU configuration */ -#if NRF_SPU_HAS_MEMORY - - for(int port = 0; port < ARRAY_SIZE(secure_pins); port++){ - nrf_spu_gpio_config_set(NRF_SPU, port, secure_pins[port], SPU_LOCK_CONF_LOCKED); - } - -#elif NRF_SPU_HAS_PERIPHERAL_ACCESS - - for(int port = 0; port < ARRAY_SIZE(secure_pins); port++) { - for (int pin = 0; pin < 32; pin++) { - if (secure_pins[port] & (1 << pin)) { - bool enable = true; // secure - - /* - * Unfortunately, NRF_P0 is not configured by NRF_SPU00, etc. - * so it is a bit convoluted to find the SPU instance for port x. - */ - uint32_t gpio_port_addr[2] = { - NRF_P0_S_BASE, - NRF_P1_S_BASE, - }; - - NRF_SPU_Type * spu_instance = spu_instance_from_peripheral_addr(gpio_port_addr[port]); - - nrf_spu_feature_secattr_set(spu_instance, NRF_SPU_FEATURE_GPIO_PIN, port, pin, enable); - nrf_spu_feature_lock_enable(spu_instance, NRF_SPU_FEATURE_GPIO_PIN, port, pin); - } - } - } -#else -#error "Expected either NRF_SPU_HAS_MEMORY or NRF_SPU_HAS_PERIPHERAL_ACCESS to be true" + spu_gpio_config_non_secure(1, TFM_PERIPHERAL_GPIO1_PIN_MASK_SECURE, SPU_LOCK_CONF_LOCKED); #endif +#ifdef NRF53_SERIES /* Configure properly the XL1 and XL2 pins so that the low-frequency crystal * oscillator (LFXO) can be used. * This configuration can be done only from secure code, as otherwise those * register fields are not accessible. That's why it is placed here. */ -#ifdef NRF53_SERIES +#if defined(CONFIG_SOC_ENABLE_LFXO) && CONFIG_SOC_ENABLE_LFXO == 1 +/* CONFIG_SOC_ENABLE_LFXO doesn't exist for 54L15 target, might be changed in future */ nrf_gpio_pin_control_select(PIN_XL1, NRF_GPIO_PIN_SEL_PERIPHERAL); nrf_gpio_pin_control_select(PIN_XL2, NRF_GPIO_PIN_SEL_PERIPHERAL); #endif /* CONFIG_SOC_ENABLE_LFXO */ -#endif -#ifdef NRF54L15_ENGA_XXAA - /* NRF54L has a different define */ - nrf_gpio_pin_control_select(PIN_XL1, NRF_GPIO_PIN_SEL_GPIO); - nrf_gpio_pin_control_select(PIN_XL2, NRF_GPIO_PIN_SEL_GPIO); #endif /* @@ -1488,52 +963,9 @@ static const uint8_t target_peripherals[] = { #if defined(NVMC_FEATURE_CACHE_PRESENT) // From MDK nrfx_nvmc_icache_enable(); #elif defined(CACHE_PRESENT) // From MDK - -#ifdef NRF_CACHE - nrf_cache_enable(NRF_CACHE); -#endif -#ifdef NRF_ICACHE - nrf_cache_enable(NRF_ICACHE); -#endif -#ifdef NRF_DCACHE - nrf_cache_enable(NRF_DCACHE); + NRF_CACHE->ENABLE = CACHE_ENABLE_ENABLE_Enabled; #endif -#endif - -#ifdef RRAMC_PRESENT - nrfx_rramc_config_t config = NRFX_RRAMC_DEFAULT_CONFIG(WRITE_BUFFER_SIZE); - - config.mode_write = true; - -#if CONFIG_NRF_RRAM_READYNEXT_TIMEOUT_VALUE > 0 - config.preload_timeout_enable = true; - config.preload_timeout = CONFIG_NRF_RRAM_READYNEXT_TIMEOUT_VALUE; -#else - config.preload_timeout_enable = false; - config.preload_timeout = 0; -#endif - - /* Don't use an event handler until it's understood whether we - * want it or not - */ - nrfx_rramc_evt_handler_t handler = NULL; - - nrfx_err_t err = nrfx_rramc_init(&config, handler); - if(err != NRFX_SUCCESS && err != NRFX_ERROR_ALREADY) { - return err; - } -#endif /* RRAMC_PRESENT */ - -#ifdef NRF54L15_ENGA_XXAA - /* SOC configuration from Zephyr's soc.c. */ - int soc_err = nordicsemi_nrf54l_init(); - if(soc_err) { - return soc_err; - } -#endif - -#if NRF_SPU_HAS_MEMORY /* Enforce that the nRF5340 Network MCU is in the Non-Secure * domain. Non-secure is the HW reset value for the network core * so configuring this should not be necessary, but we want to @@ -1542,7 +974,6 @@ static const uint8_t target_peripherals[] = { * it doesn't get changed by accident. */ nrf_spu_extdomain_set(NRF_SPU, 0, false, true); -#endif return TFM_PLAT_ERR_SUCCESS; } diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.h b/platform/ext/target/nordic_nrf/common/core/target_cfg.h index aea09bece..0081c03d2 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.h +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.h @@ -35,31 +35,20 @@ #include "tfm_plat_defs.h" #include "region_defs.h" -#if NRF_SECURE_UART_INSTANCE == 0 +// TODO: NCSDK-25009: Support configuring which UART is used by TF-M on nrf54L + +#ifndef NRF_SECURE_UART_INSTANCE +#define TFM_DRIVER_STDIO Driver_USART1 +#elif NRF_SECURE_UART_INSTANCE == 0 #define TFM_DRIVER_STDIO Driver_USART0 #elif NRF_SECURE_UART_INSTANCE == 1 #define TFM_DRIVER_STDIO Driver_USART1 -#elif NRF_SECURE_UART_INSTANCE == 00 -#define TFM_DRIVER_STDIO Driver_USART00 -#elif NRF_SECURE_UART_INSTANCE == 20 -#define TFM_DRIVER_STDIO Driver_USART20 -#elif NRF_SECURE_UART_INSTANCE == 21 -#define TFM_DRIVER_STDIO Driver_USART21 #elif NRF_SECURE_UART_INSTANCE == 22 #define TFM_DRIVER_STDIO Driver_USART22 -#elif NRF_SECURE_UART_INSTANCE == 30 -#define TFM_DRIVER_STDIO Driver_USART30 #endif -/* Only UART20 and UART30 are supported for TF-M tests, which are the - * Non-secure applications build via the TF-M build system - */ #ifdef NRF54L15_ENGA_XXAA -#if NRF_SECURE_UART_INSTANCE == 20 -#define NS_DRIVER_STDIO Driver_USART30 -#else #define NS_DRIVER_STDIO Driver_USART20 -#endif #else #define NS_DRIVER_STDIO Driver_USART0 #endif @@ -113,6 +102,11 @@ enum tfm_plat_err_t spu_init_cfg(void); */ enum tfm_plat_err_t spu_periph_init_cfg(void); +/** + * \brief Clears SPU interrupt. + */ +void spu_clear_irq(void); + /** * \brief Configures memory permissions via the MPC. * diff --git a/platform/ext/target/nordic_nrf/common/core/tfm_hal_isolation.c b/platform/ext/target/nordic_nrf/common/core/tfm_hal_isolation.c index 33b1d0376..e9a01daf5 100644 --- a/platform/ext/target/nordic_nrf/common/core/tfm_hal_isolation.c +++ b/platform/ext/target/nordic_nrf/common/core/tfm_hal_isolation.c @@ -50,16 +50,9 @@ enum tfm_hal_status_t tfm_hal_set_up_static_boundaries( /* Set up isolation boundaries between SPE and NSPE */ sau_and_idau_cfg(); -#if NRF_SPU_HAS_MEMORY if (spu_init_cfg() != TFM_PLAT_ERR_SUCCESS) { return TFM_HAL_ERROR_GENERIC; } -#else - /* If the SPU doesn't configure MEMORY on this platform then the NRF_MPC does */ - if (nrf_mpc_init_cfg() != TFM_PLAT_ERR_SUCCESS) { - return TFM_HAL_ERROR_GENERIC; - } -#endif if (spu_periph_init_cfg() != TFM_PLAT_ERR_SUCCESS) { return TFM_HAL_ERROR_GENERIC; diff --git a/platform/ext/target/nordic_nrf/common/core/tfm_hal_its_encryption_cracen.c b/platform/ext/target/nordic_nrf/common/core/tfm_hal_its_encryption_cracen.c deleted file mode 100644 index 3f2420ce5..000000000 --- a/platform/ext/target/nordic_nrf/common/core/tfm_hal_its_encryption_cracen.c +++ /dev/null @@ -1,233 +0,0 @@ -/* - * Copyright (c) 2023 Nordic Semiconductor ASA. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include - -#include "config_tfm.h" -#include "platform/include/tfm_hal_its_encryption.h" -#include "platform/include/tfm_hal_its.h" - -typedef uint64_t psa_drv_slot_number_t; -#include -#include - - -#define CHACHA20_KEY_SIZE 32 -#define TFM_ITS_AEAD_ALG PSA_ALG_CHACHA20_POLY1305 - - -/* Global encryption counter which resets per boot. The counter ensures that - * the nonce will not be identical for consecutive file writes during the same - * boot. - */ -static uint32_t g_enc_counter; - -/* The global nonce seed which is fetched once in every boot. The seed is used - * as part of the nonce and allows the platforms to diversify their nonces - * across resets. Note that the way that this seed is generated is platform - * specific, so the diversification is optional. - */ -static uint8_t g_enc_nonce_seed[TFM_ITS_ENC_NONCE_LENGTH - - sizeof(g_enc_counter)]; - -/* TFM_ITS_ENC_NONCE_LENGTH is configurable but this implementation expects - * the seed to be 8 bytes and the nonce length to be 12. - */ -#if TFM_ITS_ENC_NONCE_LENGTH != 12 -#error "This implementation only supports a ITS nonce of size 12" -#endif - -/* - * This implementation doesn't use monotonic counters, but therfore a 64 bit - * seed combined with a counter, that gets reset on each reboot. - * This still has the risk of getting a collision on the seed resulting in - * nonce's beeing the same after a reboot. - * It would still need 3.3x10^9 resets to get a collision with a probability of - * 0.25. - */ -enum tfm_hal_status_t tfm_hal_its_aead_generate_nonce(uint8_t *nonce, - const size_t nonce_size) -{ - if(nonce == NULL){ - return TFM_HAL_ERROR_INVALID_INPUT; - } - - if(nonce_size < sizeof(g_enc_nonce_seed) + sizeof(g_enc_counter)){ - return TFM_HAL_ERROR_INVALID_INPUT; - } - - /* To avoid wrap-around of the g_enc_counter and subsequent re-use of the - * nonce we check the counter value for its max value - */ - if(g_enc_counter == UINT32_MAX) { - return TFM_HAL_ERROR_GENERIC; - } - - if (g_enc_counter == 0) { - psa_status_t status = cracen_get_random(NULL, g_enc_nonce_seed, sizeof(g_enc_nonce_seed)); - if (status != PSA_SUCCESS) { - return TFM_HAL_ERROR_GENERIC; - } - } - - memcpy(nonce, g_enc_nonce_seed, sizeof(g_enc_nonce_seed)); - memcpy(nonce + sizeof(g_enc_nonce_seed), - &g_enc_counter, - sizeof(g_enc_counter)); - - g_enc_counter++; - - return TFM_HAL_SUCCESS; -} - -static bool ctx_is_valid(struct tfm_hal_its_auth_crypt_ctx *ctx) -{ - bool ret; - - if (ctx == NULL) { - return false; - } - - ret = (ctx->deriv_label == NULL && ctx->deriv_label_size != 0) || - (ctx->aad == NULL && ctx->add_size != 0) || - (ctx->nonce == NULL && ctx->nonce_size != 0); - - return !ret; -} - -psa_status_t tfm_hal_its_get_aead(struct tfm_hal_its_auth_crypt_ctx *ctx, - const uint8_t *input, - const size_t input_size, - uint8_t *output, - const size_t output_size, - uint8_t *tag, - const size_t tag_size, - bool encrypt) -{ - psa_status_t status; - uint8_t key_out[CHACHA20_KEY_SIZE]; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - cracen_aead_operation_t operation = {0}; - size_t out_length; - size_t tag_length = PSA_AEAD_TAG_LENGTH(PSA_KEY_TYPE_CHACHA20, - PSA_BYTES_TO_BITS(CHACHA20_KEY_SIZE), - TFM_ITS_AEAD_ALG); - - if (!ctx_is_valid(ctx) || tag == NULL) { - return TFM_HAL_ERROR_INVALID_INPUT; - } - - if(tag_size < tag_length){ - return TFM_HAL_ERROR_INVALID_INPUT; - } - - if (encrypt && (output_size < PSA_AEAD_UPDATE_OUTPUT_SIZE(PSA_KEY_TYPE_CHACHA20, - TFM_ITS_AEAD_ALG, - input_size))){ - return TFM_HAL_ERROR_INVALID_INPUT; - } - - status = hw_unique_key_derive_key(HUK_KEYSLOT_MKEK, NULL, 0, ctx->deriv_label, ctx->deriv_label_size, key_out, sizeof(key_out)); - if (status != HW_UNIQUE_KEY_SUCCESS) { - return TFM_HAL_ERROR_GENERIC; - } - - psa_set_key_usage_flags(&attributes, (PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT)); - psa_set_key_algorithm(&attributes, TFM_ITS_AEAD_ALG); - psa_set_key_type(&attributes, PSA_KEY_TYPE_CHACHA20); - psa_set_key_bits(&attributes, PSA_BYTES_TO_BITS(CHACHA20_KEY_SIZE)); - - if (encrypt) { - status = cracen_aead_encrypt_setup(&operation, &attributes, key_out, sizeof(key_out), TFM_ITS_AEAD_ALG); - } else { - status = cracen_aead_decrypt_setup(&operation, &attributes, key_out, sizeof(key_out), TFM_ITS_AEAD_ALG); - } - - if (status != PSA_SUCCESS) { - return status; - } - - status = cracen_aead_set_nonce(&operation, ctx->nonce, ctx->nonce_size); - if (status != PSA_SUCCESS) { - return status; - } - - status = cracen_aead_update_ad(&operation, ctx->aad, ctx->add_size); - if (status != PSA_SUCCESS) { - return status; - } - - status = cracen_aead_update(&operation, input, input_size, output, output_size, &out_length); - if (status != PSA_SUCCESS) { - return status; - } - - if (encrypt) { - status = cracen_aead_finish(&operation, output + out_length, output_size - out_length, &out_length, tag, tag_size, &tag_length); - } else { - status = cracen_aead_verify(&operation, output + out_length, output_size - out_length, &out_length , tag, tag_size); - } - - return status; -} - -enum tfm_hal_status_t tfm_hal_its_aead_encrypt(struct tfm_hal_its_auth_crypt_ctx *ctx, - const uint8_t *plaintext, - const size_t plaintext_size, - uint8_t *ciphertext, - const size_t ciphertext_size, - uint8_t *tag, - const size_t tag_size) -{ - psa_status_t status = tfm_hal_its_get_aead(ctx, - plaintext, - plaintext_size, - ciphertext, - ciphertext_size, - tag, - tag_size, - true); - if (status != PSA_SUCCESS) { - return TFM_HAL_ERROR_GENERIC; - } - - return TFM_HAL_SUCCESS; -} - -enum tfm_hal_status_t tfm_hal_its_aead_decrypt(struct tfm_hal_its_auth_crypt_ctx *ctx, - const uint8_t *ciphertext, - const size_t ciphertext_size, - uint8_t *tag, - const size_t tag_size, - uint8_t *plaintext, - const size_t plaintext_size) -{ - psa_status_t status = tfm_hal_its_get_aead(ctx, - ciphertext, - ciphertext_size, - plaintext, - plaintext_size, - tag, - tag_size, - false); - - if (status != PSA_SUCCESS) { - return TFM_HAL_ERROR_GENERIC; - } - - return TFM_HAL_SUCCESS; -} diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/CMakeLists.txt b/platform/ext/target/nordic_nrf/common/nrf54l15/CMakeLists.txt deleted file mode 100644 index e093190b3..000000000 --- a/platform/ext/target/nordic_nrf/common/nrf54l15/CMakeLists.txt +++ /dev/null @@ -1,51 +0,0 @@ -#------------------------------------------------------------------------------- -# Copyright (c) 2020-2022, Arm Limited. All rights reserved. -# Copyright (c) 2020, Nordic Semiconductor ASA. -# -# SPDX-License-Identifier: BSD-3-Clause -# -#------------------------------------------------------------------------------- - -cmake_policy(SET CMP0076 NEW) -set(CMAKE_CURRENT_SOURCE_DIR ${CMAKE_CURRENT_LIST_DIR}) - -set(target nrf54l15) -add_subdirectory(../core nrf_common) - -#========================= Platform Secure ====================================# - -target_include_directories(platform_s - PUBLIC - . -) - -target_sources(platform_s - PRIVATE - ${HAL_NORDIC_PATH}/nrfx/mdk/system_nrf54l.c -) - -target_compile_definitions(platform_s - PUBLIC - NRF_SKIP_FICR_NS_COPY_TO_RAM -) - -#========================= tfm_spm ============================================# - -target_sources(tfm_spm - PRIVATE - $<$,$>:${CMAKE_CURRENT_SOURCE_DIR}/tfm_interrupts.c> -) - -#========================= Files for building NS side platform ================# - -install(FILES nrfx_config_nrf54l15_application.h - ns/CMakeLists.txt - config.cmake - cpuarch.cmake - DESTINATION ${INSTALL_PLATFORM_NS_DIR}/common/nrf54l15 -) - -install(DIRECTORY partition - tests - DESTINATION ${INSTALL_PLATFORM_NS_DIR}/common/nrf54l15 -) diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/config.cmake b/platform/ext/target/nordic_nrf/common/nrf54l15/config.cmake deleted file mode 100644 index f81eafb02..000000000 --- a/platform/ext/target/nordic_nrf/common/nrf54l15/config.cmake +++ /dev/null @@ -1,14 +0,0 @@ -#------------------------------------------------------------------------------- -# Copyright (c) 2020, Nordic Semiconductor ASA. -# Copyright (c) 2020-2023, Arm Limited. All rights reserved. -# -# SPDX-License-Identifier: BSD-3-Clause -# -#------------------------------------------------------------------------------- - -include(${PLATFORM_PATH}/common/core/config.cmake) - -set(SECURE_UART30 ON CACHE BOOL "Enable secure UART") -set(NRF_NS_STORAGE OFF CACHE BOOL "Enable non-secure storage partition") -set(BL2 OFF CACHE BOOL "Whether to build BL2") -set(NRF_NS_SECONDARY OFF CACHE BOOL "Enable non-secure secondary partition") diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/cpuarch.cmake b/platform/ext/target/nordic_nrf/common/nrf54l15/cpuarch.cmake deleted file mode 100644 index 18c7fa920..000000000 --- a/platform/ext/target/nordic_nrf/common/nrf54l15/cpuarch.cmake +++ /dev/null @@ -1,23 +0,0 @@ -# -# Copyright (c) 2023, Nordic Semiconductor ASA. -# -# SPDX-License-Identifier: BSD-3-Clause -# - -# cpuarch.cmake is used to set things that related to the platform that are both -# immutable and global, which is to say they should apply to any kind of project -# that uses this platform. In practice this is normally compiler definitions and -# variables related to hardware. - -# Set architecture and CPU -set(TFM_SYSTEM_PROCESSOR cortex-m33) -set(TFM_SYSTEM_ARCHITECTURE armv8-m.main) -set(CONFIG_TFM_FP_ARCH "fpv5-sp-d16") - -add_compile_definitions( - NRF54L15_ENGA_XXAA # Required by nrf.h - NRF_APPLICATION - # SKIP configuring the SAU from the MDK as it does not fit TF-M's needs - NRF_SKIP_SAU_CONFIGURATION - NRF_SKIP_FICR_NS_COPY_TO_RAM -) diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/mmio_defs.h b/platform/ext/target/nordic_nrf/common/nrf54l15/mmio_defs.h deleted file mode 100644 index ab6e099e8..000000000 --- a/platform/ext/target/nordic_nrf/common/nrf54l15/mmio_defs.h +++ /dev/null @@ -1,100 +0,0 @@ -/* - * Copyright (c) 2024 Nordic Semiconductor ASA - * - * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause - * - */ - -#ifndef __MMIO_DEFS_H__ -#define __MMIO_DEFS_H__ - -#ifdef __cplusplus -extern "C" { -#endif - -#include "handle_attr.h" -#include "tfm_peripherals_config.h" -#include "tfm_peripherals_def.h" -#include - -/* Allowed named MMIO of this platform */ -const uintptr_t partition_named_mmio_list[] = { -#if TFM_PERIPHERAL_TIMER00_SECURE - (uintptr_t)TFM_PERIPHERAL_TIMER00, -#endif -#if TFM_PERIPHERAL_TIMER10_SECURE - (uintptr_t)TFM_PERIPHERAL_TIMER10, -#endif -#if TFM_PERIPHERAL_TIMER20_SECURE - (uintptr_t)TFM_PERIPHERAL_TIMER20, -#endif -#if TFM_PERIPHERAL_TIMER21_SECURE - (uintptr_t)TFM_PERIPHERAL_TIMER21, -#endif -#if TFM_PERIPHERAL_TIMER22_SECURE - (uintptr_t)TFM_PERIPHERAL_TIMER22, -#endif -#if TFM_PERIPHERAL_TIMER23_SECURE - (uintptr_t)TFM_PERIPHERAL_TIMER23, -#endif -#if TFM_PERIPHERAL_TIMER24_SECURE - (uintptr_t)TFM_PERIPHERAL_TIMER24, -#endif -#if TFM_PERIPHERAL_SPIM00_SECURE - (uintptr_t)TFM_PERIPHERAL_SPIM00, -#endif -#if TFM_PERIPHERAL_SPIM20_SECURE - (uintptr_t)TFM_PERIPHERAL_SPIM20, -#endif -#if TFM_PERIPHERAL_SPIM21_SECURE - (uintptr_t)TFM_PERIPHERAL_SPIM21, -#endif -#if TFM_PERIPHERAL_SPIM22_SECURE - (uintptr_t)TFM_PERIPHERAL_SPIM22, -#endif -#if TFM_PERIPHERAL_SPIM23_SECURE - (uintptr_t)TFM_PERIPHERAL_SPIM23, -#endif -#if TFM_PERIPHERAL_SPIM30_SECURE - (uintptr_t)TFM_PERIPHERAL_SPIM30, -#endif -#if TFM_PERIPHERAL_EGU10_SECURE - (uintptr_t)TFM_PERIPHERAL_EGU10, -#endif -#if TFM_PERIPHERAL_EGU20_SECURE - (uintptr_t)TFM_PERIPHERAL_EGU20, -#endif -#if TFM_PERIPHERAL_PWM20_SECURE - (uintptr_t)TFM_PERIPHERAL_PWM20, -#endif -#if TFM_PERIPHERAL_PWM21_SECURE - (uintptr_t)TFM_PERIPHERAL_PWM21, -#endif -#if TFM_PERIPHERAL_PWM22_SECURE - (uintptr_t)TFM_PERIPHERAL_PWM22, -#endif -#if TFM_PERIPHERAL_PWM20_SECURE - (uintptr_t)TFM_PERIPHERAL_PWM20, -#endif -#if TFM_PERIPHERAL_UARTE00_SECURE - (uintptr_t)TFM_PERIPHERAL_UARTE00, -#endif -#if TFM_PERIPHERAL_UARTE20_SECURE - (uintptr_t)TFM_PERIPHERAL_UARTE20, -#endif -#if TFM_PERIPHERAL_UARTE21_SECURE - (uintptr_t)TFM_PERIPHERAL_UARTE21, -#endif -#if TFM_PERIPHERAL_UARTE22_SECURE - (uintptr_t)TFM_PERIPHERAL_UARTE22, -#endif -#if TFM_PERIPHERAL_UARTE30_SECURE - (uintptr_t)TFM_PERIPHERAL_UARTE30, -#endif -}; - -#ifdef __cplusplus -} -#endif - -#endif /* __MMIO_DEFS_H__ */ diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/nrfx_config_nrf54l15_application.h b/platform/ext/target/nordic_nrf/common/nrf54l15/nrfx_config_nrf54l15_application.h deleted file mode 100644 index 814f022b4..000000000 --- a/platform/ext/target/nordic_nrf/common/nrf54l15/nrfx_config_nrf54l15_application.h +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright (c) 2024 Nordic Semiconductor ASA - * - * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause - */ - -#ifndef NRFX_CONFIG_NRF54L15_APPLICATION_H__ -#define NRFX_CONFIG_NRF54L15_APPLICATION_H__ - -#ifndef NRFX_CONFIG_H__ -#error "This file should not be included directly. Include nrfx_config.h instead." -#endif - -/** - * @brief NRFX_DEFAULT_IRQ_PRIORITY - * - * Integer value. Minimum: 0 Maximum: 7 - */ -#ifndef NRFX_DEFAULT_IRQ_PRIORITY -#define NRFX_DEFAULT_IRQ_PRIORITY 7 -#endif - -/** - * @brief NRFX_UARTE_DEFAULT_CONFIG_IRQ_PRIORITY - * - * Integer value. Minimum: 0 Maximum: 7 - */ -#ifndef NRFX_UARTE_DEFAULT_CONFIG_IRQ_PRIORITY -#define NRFX_UARTE_DEFAULT_CONFIG_IRQ_PRIORITY NRFX_DEFAULT_IRQ_PRIORITY -#endif - -/** - * @brief NRFX_RRAMC_ENABLED - * - * Boolean. Accepted values: 0 and 1. - */ -#ifndef NRFX_RRAMC_ENABLED -#define NRFX_RRAMC_ENABLED 0 -#endif - -/** - * @brief NRFX_RRAMC_DEFAULT_CONFIG_IRQ_PRIORITY - * - * Integer value. Minimum: 0. Maximum: 7. - */ -#ifndef NRFX_RRAMC_DEFAULT_CONFIG_IRQ_PRIORITY -#define NRFX_RRAMC_DEFAULT_CONFIG_IRQ_PRIORITY NRFX_DEFAULT_IRQ_PRIORITY -#endif - -/** - * @brief NRFX_RRAMC_CONFIG_LOG_ENABLED - * - * Boolean. Accepted values: 0 and 1. - */ -#ifndef NRFX_RRAMC_CONFIG_LOG_ENABLED -#define NRFX_RRAMC_CONFIG_LOG_ENABLED 0 -#endif - -/** - * @brief NRFX_RRAMC_CONFIG_LOG_LEVEL - * - * Integer value. - * Supported values: - * - Off = 0 - * - Error = 1 - * - Warning = 2 - * - Info = 3 - * - Debug = 4 - */ -#ifndef NRFX_RRAMC_CONFIG_LOG_LEVEL -#define NRFX_RRAMC_CONFIG_LOG_LEVEL 3 -#endif - -#endif // NRFX_CONFIG_NRF54L15_APPLICATION_H__ diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/ns/CMakeLists.txt b/platform/ext/target/nordic_nrf/common/nrf54l15/ns/CMakeLists.txt deleted file mode 100644 index 94c6d7725..000000000 --- a/platform/ext/target/nordic_nrf/common/nrf54l15/ns/CMakeLists.txt +++ /dev/null @@ -1,29 +0,0 @@ -#------------------------------------------------------------------------------- -# Copyright (c) 2023, Arm Limited. All rights reserved. -# -# SPDX-License-Identifier: BSD-3-Clause -# -#------------------------------------------------------------------------------- - -cmake_policy(SET CMP0076 NEW) -set(CMAKE_CURRENT_SOURCE_DIR ${CMAKE_CURRENT_LIST_DIR}) - -set(target nrf54l15) -add_subdirectory(${CMAKE_CURRENT_LIST_DIR}/../core nrf_common) - -target_include_directories(platform_ns - PUBLIC - ${CMAKE_CURRENT_LIST_DIR} -) - -target_sources(platform_ns - PRIVATE - ${HAL_NORDIC_PATH}/nrfx/mdk/system_nrf54l.c -) - -target_compile_definitions(platform_ns - PUBLIC - NRF_TRUSTZONE_NONSECURE - NRF_SKIP_CLOCK_CONFIGURATION - DOMAIN_NS=1 -) diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/partition/flash_layout.h b/platform/ext/target/nordic_nrf/common/nrf54l15/partition/flash_layout.h deleted file mode 100644 index 08b90647e..000000000 --- a/platform/ext/target/nordic_nrf/common/nrf54l15/partition/flash_layout.h +++ /dev/null @@ -1,23 +0,0 @@ -/* - * Copyright (c) 2018-2022 Arm Limited. All rights reserved. - * Copyright (c) 2020 Nordic Semiconductor ASA. All rights reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef __FLASH_LAYOUT_H__ -#define __FLASH_LAYOUT_H__ - -#error "not supported yet" - -#endif /* __FLASH_LAYOUT_H__ */ diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/partition/region_defs.h b/platform/ext/target/nordic_nrf/common/nrf54l15/partition/region_defs.h deleted file mode 100755 index 212106c96..000000000 --- a/platform/ext/target/nordic_nrf/common/nrf54l15/partition/region_defs.h +++ /dev/null @@ -1,23 +0,0 @@ -/* - * Copyright (c) 2017-2022 Arm Limited. All rights reserved. - * Copyright (c) 2020 Nordic Semiconductor ASA. All rights reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef __REGION_DEFS_H__ -#define __REGION_DEFS_H__ - -#include "flash_layout.h" - -#endif /* __REGION_DEFS_H__ */ diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/tests/psa_arch_tests_config.cmake b/platform/ext/target/nordic_nrf/common/nrf54l15/tests/psa_arch_tests_config.cmake deleted file mode 100644 index 88586c115..000000000 --- a/platform/ext/target/nordic_nrf/common/nrf54l15/tests/psa_arch_tests_config.cmake +++ /dev/null @@ -1,9 +0,0 @@ -#------------------------------------------------------------------------------- -# Copyright (c) 2023, Arm Limited. All rights reserved. -# -# SPDX-License-Identifier: BSD-3-Clause -# -#------------------------------------------------------------------------------- - -# Platform-specific configurations -set(PSA_API_TEST_TARGET "nrf54l15") diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/tfm_interrupts.c b/platform/ext/target/nordic_nrf/common/nrf54l15/tfm_interrupts.c deleted file mode 100644 index b3bca1bfc..000000000 --- a/platform/ext/target/nordic_nrf/common/nrf54l15/tfm_interrupts.c +++ /dev/null @@ -1,320 +0,0 @@ -/* - * Copyright (c) 2024 Nordic Semiconductor ASA - * - * SPDX-License-Identifier: BSD-3-Clause - * - */ - -#include - -#include "cmsis.h" -#include "spm.h" -#include "tfm_hal_interrupt.h" -#include "tfm_peripherals_def.h" -#include "tfm_peripherals_config.h" -#include "load/interrupt_defs.h" -#include "interrupt.h" - -static enum tfm_hal_status_t irq_init(struct irq_t *irq, IRQn_Type irqn, - void * p_pt, - const struct irq_load_info_t *p_ildi) -{ - irq->p_ildi = p_ildi; - irq->p_pt = p_pt; - - NVIC_SetPriority(irqn, DEFAULT_IRQ_PRIORITY); - NVIC_ClearTargetState(irqn); - NVIC_DisableIRQ(irqn); - - return TFM_HAL_SUCCESS; -} - -#if TFM_PERIPHERAL_FPU_SECURE -static struct irq_t fpu_irq = {0}; - -void FPU_IRQHandler(void) -{ - spm_handle_interrupt(fpu_irq.p_pt, fpu_irq.p_ildi); -} - -enum tfm_hal_status_t tfm_fpu_irq_init(void *p_pt, - const struct irq_load_info_t *p_ildi) -{ - return irq_init(&fpu_irq, TFM_FPU_IRQ, p_pt, p_ildi); -} -#endif - -#if TFM_PERIPHERAL_TIMER00_SECURE -static struct irq_t timer00_irq = {0}; - -void TIMER00_IRQHandler(void) -{ - spm_handle_interrupt(timer00_irq.p_pt, timer00_irq.p_ildi); -} - -enum tfm_hal_status_t tfm_timer00_irq_init(void *p_pt, - const struct irq_load_info_t *p_ildi) -{ - return irq_init(&timer00_irq, TFM_TIMER00_IRQ, p_pt, p_ildi); -} -#endif - -#if TFM_PERIPHERAL_TIMER10_SECURE -static struct irq_t timer10_irq = {0}; - -void TIMER10_IRQHandler(void) -{ - spm_handle_interrupt(timer10_irq.p_pt, timer10_irq.p_ildi); -} - -enum tfm_hal_status_t tfm_timer10_irq_init(void *p_pt, - const struct irq_load_info_t *p_ildi) -{ - return irq_init(&timer10_irq, TFM_TIMER10_IRQ, p_pt, p_ildi); -} -#endif - -#if TFM_PERIPHERAL_TIMER20_SECURE -static struct irq_t timer20_irq = {0}; - -void TIMER20_IRQHandler(void) -{ - spm_handle_interrupt(timer20_irq.p_pt, timer20_irq.p_ildi); -} - -enum tfm_hal_status_t tfm_timer20_irq_init(void *p_pt, - const struct irq_load_info_t *p_ildi) -{ - return irq_init(&timer20_irq, TFM_TIMER20_IRQ, p_pt, p_ildi); -} -#endif - -#if TFM_PERIPHERAL_TIMER21_SECURE -static struct irq_t timer21_irq = {0}; - -void TIMER21_IRQHandler(void) -{ - spm_handle_interrupt(timer21_irq.p_pt, timer21_irq.p_ildi); -} - -enum tfm_hal_status_t tfm_timer21_irq_init(void *p_pt, - const struct irq_load_info_t *p_ildi) -{ - return irq_init(&timer21_irq, TFM_TIMER21_IRQ, p_pt, p_ildi); -} -#endif - -#if TFM_PERIPHERAL_TIMER22_SECURE -static struct irq_t timer22_irq = {0}; - -void TIMER22_IRQHandler(void) -{ - spm_handle_interrupt(timer22_irq.p_pt, timer22_irq.p_ildi); -} - -enum tfm_hal_status_t tfm_timer22_irq_init(void *p_pt, - const struct irq_load_info_t *p_ildi) -{ - return irq_init(&timer22_irq, TFM_TIMER22_IRQ, p_pt, p_ildi); -} -#endif - -#if TFM_PERIPHERAL_TIMER23_SECURE -static struct irq_t timer23_irq = {0}; - -void TIMER23_IRQHandler(void) -{ - spm_handle_interrupt(timer23_irq.p_pt, timer23_irq.p_ildi); -} - -enum tfm_hal_status_t tfm_timer23_irq_init(void *p_pt, - const struct irq_load_info_t *p_ildi) -{ - return irq_init(&timer23_irq, TFM_TIMER23_IRQ, p_pt, p_ildi); -} -#endif - -#if TFM_PERIPHERAL_TIMER24_SECURE -static struct irq_t timer24_irq = {0}; - -void TIMER24_IRQHandler(void) -{ - spm_handle_interrupt(timer24_irq.p_pt, timer24_irq.p_ildi); -} - -enum tfm_hal_status_t tfm_timer24_irq_init(void *p_pt, - const struct irq_load_info_t *p_ildi) -{ - return irq_init(&timer24_irq, TFM_TIMER24_IRQ, p_pt, p_ildi); -} -#endif - -/* By NRFX convention GPIOTE interrupt 1 targets secure, while 0 targets non-secure. */ -static struct irq_t gpiote20_1_irq = {0}; - -void GPIOTE20_1_IRQHandler(void) -{ - spm_handle_interrupt(gpiote20_1_irq.p_pt, gpiote20_1_irq.p_ildi); -} - -enum tfm_hal_status_t tfm_gpiote20_1_irq_init(void *p_pt, - const struct irq_load_info_t *p_ildi) -{ - return irq_init(&gpiote20_1_irq, TFM_GPIOTE20_1_IRQ, p_pt, p_ildi); -} - -/* By NRFX convention GPIOTE interrupt 1 targets secure, while 0 targets non-secure. */ -static struct irq_t gpiote30_1_irq = {0}; - -void GPIOTE30_1_IRQHandler(void) -{ - spm_handle_interrupt(gpiote30_1_irq.p_pt, gpiote30_1_irq.p_ildi); -} - -enum tfm_hal_status_t tfm_gpiote30_1_irq_init(void *p_pt, - const struct irq_load_info_t *p_ildi) -{ - return irq_init(&gpiote30_1_irq, TFM_GPIOTE30_1_IRQ, p_pt, p_ildi); -} - -#if TFM_PERIPHERAL_SPIM00_SECURE -static struct irq_t spim00_irq = {0}; - -void SPIM00_IRQHandler(void) -{ - spm_handle_interrupt(spim00_irq.p_pt, spim00_irq.p_ildi); -} - -enum tfm_hal_status_t tfm_spim00_irq_init(void *p_pt, - const struct irq_load_info_t *p_ildi) -{ - return irq_init(&spim00_irq, TFM_SPIM00_IRQ, p_pt, p_ildi); -} -#endif - -#if TFM_PERIPHERAL_SPIM22_SECURE -static struct irq_t spim22_irq = {0}; - -void SPIM22_IRQHandler(void) -{ - spm_handle_interrupt(spim22_irq.p_pt, spim22_irq.p_ildi); -} - -enum tfm_hal_status_t tfm_spim22_irq_init(void *p_pt, - const struct irq_load_info_t *p_ildi) -{ - return irq_init(&spim22_irq, TFM_SPIM22_IRQ, p_pt, p_ildi); -} -#endif - -#if TFM_PERIPHERAL_SPIM23_SECURE -static struct irq_t spim23_irq = {0}; - -void SPIM23_IRQHandler(void) -{ - spm_handle_interrupt(spim23_irq.p_pt, spim23_irq.p_ildi); -} - -enum tfm_hal_status_t tfm_spim23_irq_init(void *p_pt, - const struct irq_load_info_t *p_ildi) -{ - return irq_init(&spim23_irq, TFM_SPIM23_IRQ, p_pt, p_ildi); -} -#endif - -#if TFM_PERIPHERAL_SPIM30_SECURE -static struct irq_t spim30_irq = {0}; - -void SPIM30_IRQHandler(void) -{ - spm_handle_interrupt(spim30_irq.p_pt, spim30_irq.p_ildi); -} - -enum tfm_hal_status_t tfm_spim30_irq_init(void *p_pt, - const struct irq_load_info_t *p_ildi) -{ - return irq_init(&spim30_irq, TFM_SPIM30_IRQ, p_pt, p_ildi); -} -#endif - -#if TFM_PERIPHERAL_EGU10_SECURE -static struct irq_t egu10_irq = {0}; - -void EGU10_IRQHandler(void) -{ - spm_handle_interrupt(egu10_irq.p_pt, egu10_irq.p_ildi); -} - -enum tfm_hal_status_t tfm_egu10_irq_init(void *p_pt, - const struct irq_load_info_t *p_ildi) -{ - return irq_init(&egu10_irq, TFM_EGU10_IRQ, p_pt, p_ildi); -} -#endif - -#if TFM_PERIPHERAL_EGU20_SECURE -static struct irq_t egu20_irq = {0}; - -void EGU20_IRQHandler(void) -{ - spm_handle_interrupt(egu20_irq.p_pt, egu20_irq.p_ildi); -} - -enum tfm_hal_status_t tfm_egu20_irq_init(void *p_pt, - const struct irq_load_info_t *p_ildi) -{ - return irq_init(&egu20_irq, TFM_EGU20_IRQ, p_pt, p_ildi); -} -#endif - -#if TFM_PERIPHERAL_PWM20_SECURE -static struct irq_t pwm20_irq = {0}; - -void PWM20_IRQHandler(void) -{ - spm_handle_interrupt(pwm20_irq.p_pt, pwm20_irq.p_ildi); -} - -enum tfm_hal_status_t tfm_pwm20_irq_init(void *p_pt, - const struct irq_load_info_t *p_ildi) -{ - return irq_init(&pwm20_irq, TFM_PWM20_IRQ, p_pt, p_ildi); -} -#endif - -#if TFM_PERIPHERAL_PWM21_SECURE -static struct irq_t pwm21_irq = {0}; - -void PWM21_IRQHandler(void) -{ - spm_handle_interrupt(pwm21_irq.p_pt, pwm21_irq.p_ildi); -} - -enum tfm_hal_status_t tfm_pwm21_irq_init(void *p_pt, - const struct irq_load_info_t *p_ildi) -{ - return irq_init(&pwm21_irq, TFM_PWM21_IRQ, p_pt, p_ildi); -} -#endif - -#if TFM_PERIPHERAL_PWM22_SECURE -static struct irq_t pwm22_irq = {0}; - -void PWM22_IRQHandler(void) -{ - spm_handle_interrupt(pwm22_irq.p_pt, pwm22_irq.p_ildi); -} - -enum tfm_hal_status_t tfm_pwm22_irq_init(void *p_pt, - const struct irq_load_info_t *p_ildi) -{ - return irq_init(&pwm22_irq, TFM_PWM22_IRQ, p_pt, p_ildi); -} -#endif - -#ifdef PSA_API_TEST_IPC -enum tfm_hal_status_t ff_test_uart_irq_init(void *p_pt, - const struct irq_load_info_t *p_ildi) -__attribute__((alias("tfm_egu10_irq_init"))); - -#endif diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/tfm_peripherals_config_nrf54l15.h b/platform/ext/target/nordic_nrf/common/nrf54l15/tfm_peripherals_config_nrf54l15.h deleted file mode 100644 index 12f3a003c..000000000 --- a/platform/ext/target/nordic_nrf/common/nrf54l15/tfm_peripherals_config_nrf54l15.h +++ /dev/null @@ -1,24 +0,0 @@ - -#ifndef TFM_PERIPHERAL_TIMER00_SECURE -#define TFM_PERIPHERAL_TIMER00_SECURE 0 -#endif - -#ifndef TFM_PERIPHERAL_UARTE00_SECURE -#define TFM_PERIPHERAL_UARTE00_SECURE 0 -#endif - -#ifndef TFM_PERIPHERAL_UARTE20_SECURE -#define TFM_PERIPHERAL_UARTE20_SECURE 0 -#endif - -#ifndef TFM_PERIPHERAL_UARTE21_SECURE -#define TFM_PERIPHERAL_UARTE21_SECURE 0 -#endif - -#ifndef TFM_PERIPHERAL_UARTE22_SECURE -#define TFM_PERIPHERAL_UARTE22_SECURE 0 -#endif - -#ifndef TFM_PERIPHERAL_UARTE30_SECURE -#define TFM_PERIPHERAL_UARTE30_SECURE 0 -#endif diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/tfm_peripherals_def.h b/platform/ext/target/nordic_nrf/common/nrf54l15/tfm_peripherals_def.h deleted file mode 100644 index 77227a3fb..000000000 --- a/platform/ext/target/nordic_nrf/common/nrf54l15/tfm_peripherals_def.h +++ /dev/null @@ -1,124 +0,0 @@ -/* - * Copyright (c) 2024 Nordic Semiconductor ASA - * - * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause - * - */ - -#ifndef __TFM_PERIPHERALS_DEF_H__ -#define __TFM_PERIPHERALS_DEF_H__ - -#ifdef __cplusplus -extern "C" { -#endif - -#include - -#define TFM_FPU_IRQ (NRFX_IRQ_NUMBER_GET(NRF_FPU)) -#define TFM_TIMER00_IRQ (NRFX_IRQ_NUMBER_GET(NRF_TIMER00)) -#define TFM_TIMER10_IRQ (NRFX_IRQ_NUMBER_GET(NRF_TIMER10)) -#define TFM_TIMER20_IRQ (NRFX_IRQ_NUMBER_GET(NRF_TIMER20)) -#define TFM_TIMER21_IRQ (NRFX_IRQ_NUMBER_GET(NRF_TIMER21)) -#define TFM_TIMER22_IRQ (NRFX_IRQ_NUMBER_GET(NRF_TIMER22)) -#define TFM_TIMER23_IRQ (NRFX_IRQ_NUMBER_GET(NRF_TIMER23)) -#define TFM_TIMER24_IRQ (NRFX_IRQ_NUMBER_GET(NRF_TIMER24)) -#define TFM_SPIM00_IRQ (NRFX_IRQ_NUMBER_GET(NRF_SPIM00)) -#define TFM_SPIM20_IRQ (NRFX_IRQ_NUMBER_GET(NRF_SPIM20)) -#define TFM_SPIM21_IRQ (NRFX_IRQ_NUMBER_GET(NRF_SPIM21)) -#define TFM_SPIM22_IRQ (NRFX_IRQ_NUMBER_GET(NRF_SPIM22)) -#define TFM_SPIM23_IRQ (NRFX_IRQ_NUMBER_GET(NRF_SPIM23)) -#define TFM_SPIM30_IRQ (NRFX_IRQ_NUMBER_GET(NRF_SPIM30)) -#define TFM_EGU10_IRQ (NRFX_IRQ_NUMBER_GET(NRF_EGU10)) -#define TFM_EGU20_IRQ (NRFX_IRQ_NUMBER_GET(NRF_EGU20)) -#define TFM_GPIOTE20_1_IRQ GPIOTE20_1_IRQn -#define TFM_GPIOTE30_1_IRQ GPIOTE30_1_IRQn -#define TFM_PWM20_IRQ (NRFX_IRQ_NUMBER_GET(NRF_PWM20)) -#define TFM_PWM21_IRQ (NRFX_IRQ_NUMBER_GET(NRF_PWM21)) -#define TFM_PWM22_IRQ (NRFX_IRQ_NUMBER_GET(NRF_PWM22)) - -extern struct platform_data_t tfm_peripheral_timer00; -extern struct platform_data_t tfm_peripheral_timer10; -extern struct platform_data_t tfm_peripheral_timer20; -extern struct platform_data_t tfm_peripheral_timer21; -extern struct platform_data_t tfm_peripheral_timer22; -extern struct platform_data_t tfm_peripheral_timer23; -extern struct platform_data_t tfm_peripheral_timer24; -extern struct platform_data_t tfm_peripheral_spim00; -extern struct platform_data_t tfm_peripheral_spim20; -extern struct platform_data_t tfm_peripheral_spim21; -extern struct platform_data_t tfm_peripheral_spim22; -extern struct platform_data_t tfm_peripheral_spim23; -extern struct platform_data_t tfm_peripheral_spim30; -extern struct platform_data_t tfm_peripheral_egu10; -extern struct platform_data_t tfm_peripheral_egu20; -extern struct platform_data_t tfm_peripheral_gpiote20; -extern struct platform_data_t tfm_peripheral_gpiote30; -extern struct platform_data_t tfm_peripheral_pwm20; -extern struct platform_data_t tfm_peripheral_pwm21; -extern struct platform_data_t tfm_peripheral_pwm22; - -#define TFM_PERIPHERAL_TIMER00 (&tfm_peripheral_timer00) -#define TFM_PERIPHERAL_TIMER10 (&tfm_peripheral_timer10) -#define TFM_PERIPHERAL_TIMER20 (&tfm_peripheral_timer20) -#define TFM_PERIPHERAL_TIMER21 (&tfm_peripheral_timer21) -#define TFM_PERIPHERAL_TIMER22 (&tfm_peripheral_timer22) -#define TFM_PERIPHERAL_TIMER23 (&tfm_peripheral_timer23) -#define TFM_PERIPHERAL_TIMER24 (&tfm_peripheral_timer24) -#define TFM_PERIPHERAL_SPIM00 (&tfm_peripheral_spim00) -#define TFM_PERIPHERAL_SPIM20 (&tfm_peripheral_spim20) -#define TFM_PERIPHERAL_SPIM21 (&tfm_peripheral_spim21) -#define TFM_PERIPHERAL_SPIM22 (&tfm_peripheral_spim22) -#define TFM_PERIPHERAL_SPIM23 (&tfm_peripheral_spim23) -#define TFM_PERIPHERAL_SPIM30 (&tfm_peripheral_spim30) -#define TFM_PERIPHERAL_EGU10 (&tfm_peripheral_egu10) -#define TFM_PERIPHERAL_EGU20 (&tfm_peripheral_egu20) -#define TFM_PERIPHERAL_GPIOTE20 (&tfm_peripheral_gpiote20) -#define TFM_PERIPHERAL_GPIOTE30 (&tfm_peripheral_gpiote30) -#define TFM_PERIPHERAL_PWM20 (&tfm_peripheral_pwm20) -#define TFM_PERIPHERAL_PWM21 (&tfm_peripheral_pwm21) -#define TFM_PERIPHERAL_PWM22 (&tfm_peripheral_pwm22) - -/* - * Quantized default IRQ priority, the value is: - * (Number of configurable priority) / 4: (1UL << __NVIC_PRIO_BITS) / 4 - */ -#define DEFAULT_IRQ_PRIORITY (1UL << (__NVIC_PRIO_BITS - 2)) - -extern struct platform_data_t tfm_peripheral_uarte00; -extern struct platform_data_t tfm_peripheral_uarte20; -extern struct platform_data_t tfm_peripheral_uarte21; -extern struct platform_data_t tfm_peripheral_uarte22; -extern struct platform_data_t tfm_peripheral_uarte30; - -#define TFM_PERIPHERAL_UARTE00 (&tfm_peripheral_uarte00) -#define TFM_PERIPHERAL_UARTE20 (&tfm_peripheral_uarte20) -#define TFM_PERIPHERAL_UARTE21 (&tfm_peripheral_uarte21) -#define TFM_PERIPHERAL_UARTE22 (&tfm_peripheral_uarte22) -#define TFM_PERIPHERAL_UARTE30 (&tfm_peripheral_uarte30) - -#define TFM_PERIPHERAL_STD_UART TFM_PERIPHERAL_UARTE30 - -extern struct platform_data_t tfm_peripheral_uarte00; -extern struct platform_data_t tfm_peripheral_uarte20; -extern struct platform_data_t tfm_peripheral_uarte21; -extern struct platform_data_t tfm_peripheral_uarte22; -extern struct platform_data_t tfm_peripheral_uarte30; - -#define TFM_PERIPHERAL_UARTE00 (&tfm_peripheral_uarte00) -#define TFM_PERIPHERAL_UARTE20 (&tfm_peripheral_uarte20) -#define TFM_PERIPHERAL_UARTE21 (&tfm_peripheral_uarte21) -#define TFM_PERIPHERAL_UARTE22 (&tfm_peripheral_uarte22) -#define TFM_PERIPHERAL_UARTE30 (&tfm_peripheral_uarte30) - -#define TFM_PERIPHERAL_STD_UART TFM_PERIPHERAL_UARTE30 - -#ifdef PSA_API_TEST_IPC -/* see other platforms when supporting this */ -#error "Not supported yet" -#endif - -#ifdef __cplusplus -} -#endif - -#endif /* __TFM_PERIPHERALS_DEF_H__ */ diff --git a/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/CMakeLists.txt b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/CMakeLists.txt deleted file mode 100644 index 5cd4273e4..000000000 --- a/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/CMakeLists.txt +++ /dev/null @@ -1,31 +0,0 @@ -#------------------------------------------------------------------------------- -# Copyright (c) 2023, Arm Limited. All rights reserved. -# -# SPDX-License-Identifier: BSD-3-Clause -# -#------------------------------------------------------------------------------- - -cmake_policy(SET CMP0076 NEW) -set(CMAKE_CURRENT_SOURCE_DIR ${CMAKE_CURRENT_LIST_DIR}) -set(NRF_BOARD_SELECTED True) - -add_library(platform_ns STATIC) - -# Get the value of HAL_NORDIC_PATH -include(${CMAKE_CURRENT_LIST_DIR}/common/core/config_nordic_nrf_spe.cmake) -add_subdirectory(${CMAKE_CURRENT_LIST_DIR}/common/nrf54l15 nrf54l15) - -target_include_directories(platform_ns - PUBLIC - ${CMAKE_CURRENT_LIST_DIR} -) - -target_link_libraries(platform_ns - PUBLIC - platform_region_defs -) - -target_include_directories(platform_region_defs - INTERFACE - ${CMAKE_CURRENT_LIST_DIR}/common/nrf54l15/partition -) diff --git a/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/cpuarch_ns.cmake b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/cpuarch_ns.cmake deleted file mode 100644 index 25f91fb54..000000000 --- a/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/cpuarch_ns.cmake +++ /dev/null @@ -1,10 +0,0 @@ -#------------------------------------------------------------------------------- -# Copyright (c) 2023, Nordic Semiconductor ASA. -# -# SPDX-License-Identifier: BSD-3-Clause -#------------------------------------------------------------------------------- - -set(PLATFORM_DIR ${CMAKE_CURRENT_LIST_DIR}) -set(PLATFORM_PATH ${CMAKE_CURRENT_LIST_DIR}) - -include(${CMAKE_CURRENT_LIST_DIR}/common/nrf54l15/cpuarch.cmake) diff --git a/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tests/psa_arch_tests_config.cmake b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tests/psa_arch_tests_config.cmake deleted file mode 100644 index 327e36c66..000000000 --- a/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tests/psa_arch_tests_config.cmake +++ /dev/null @@ -1,8 +0,0 @@ -#------------------------------------------------------------------------------- -# Copyright (c) 2023, Arm Limited. All rights reserved. -# -# SPDX-License-Identifier: BSD-3-Clause -# -#------------------------------------------------------------------------------- - -include(${PLATFORM_PATH}/common/nrf54l15/tests/psa_arch_tests_config.cmake) diff --git a/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tests/tfm_tests_config.cmake b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tests/tfm_tests_config.cmake deleted file mode 100644 index 619f1f92c..000000000 --- a/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tests/tfm_tests_config.cmake +++ /dev/null @@ -1,8 +0,0 @@ -#------------------------------------------------------------------------------- -# Copyright (c) 2023, Arm Limited. All rights reserved. -# -# SPDX-License-Identifier: BSD-3-Clause -# -#------------------------------------------------------------------------------- - -include(${PLATFORM_PATH}/common/core/tests/tfm_tests_config.cmake) diff --git a/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tfm_peripherals_config.h b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tfm_peripherals_config.h deleted file mode 100644 index bc3301087..000000000 --- a/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tfm_peripherals_config.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright (c) 2021, Arm Limited. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - * - */ - -#ifndef TFM_PERIPHERALS_CONFIG_H__ -#define TFM_PERIPHERALS_CONFIG_H__ - -#ifdef __cplusplus -extern "C" { -#endif - -#ifdef SECURE_UART30 -#define TFM_PERIPHERAL_UARTE30_SECURE 1 -#endiff - -#if TFM_PARTITION_SLIH_TEST || TFM_PARTITION_FLIH_TEST -#define TFM_PERIPHERAL_TIMER00_SECURE 1 -#endif - - -#if defined(NRF54L15_ENGA_XXAA) - #include -#else - #error "Unknown device." -#endif - -#ifdef __cplusplus -} -#endif - -#endif /* TFM_PERIPHERAL_CONFIG_H__ */ diff --git a/secure_fw/partitions/protected_storage/crypto/ps_crypto_interface.c b/secure_fw/partitions/protected_storage/crypto/ps_crypto_interface.c index 5b12275d0..f508ff455 100644 --- a/secure_fw/partitions/protected_storage/crypto/ps_crypto_interface.c +++ b/secure_fw/partitions/protected_storage/crypto/ps_crypto_interface.c @@ -18,6 +18,10 @@ #define PS_CRYPTO_AEAD_ALG PSA_ALG_GCM #endif +/* CMake can't handle round brackets for compile defines so PSA_ALG_HKDF(PSA_ALG_SHA_256) doesn't + * work, therefore we have to use a own defined for the C code where + * PSA_ALG_HKDF_PSA_ALG_SHA_256 gets translated to PSA_ALG_HKDF_PSA_ALG_SHA_256 + */ #if !defined(PS_CRYPTO_KDF_ALG) #define PS_CRYPTO_KDF_ALG PSA_ALG_HKDF(PSA_ALG_SHA_256) #endif From a347e925b922718b15060b6fcbde7ea00fc70977 Mon Sep 17 00:00:00 2001 From: Markus Lassila Date: Fri, 30 Aug 2024 10:14:49 +0300 Subject: [PATCH 60/73] [nrf fromtree] platform: nordic_nrf: Rework PCD memory locking PCD memory area used with nRF53 to be locked with TF-M, instead of bootloader. Change-Id: Ie9058cac2236ed1c4e179c740a4b903b5e676c23 Signed-off-by: Markus Lassila (cherry picked from commit 5d2562cc583f2f0c45a7fa41ec20354a275983f5) --- .../common/core/native_drivers/spu.c | 42 +++++-------------- .../nordic_nrf/common/core/target_cfg.c | 12 ++++++ 2 files changed, 22 insertions(+), 32 deletions(-) diff --git a/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.c b/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.c index 5bf8e97f8..f0654de16 100644 --- a/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.c +++ b/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.c @@ -98,46 +98,26 @@ static bool spu_region_is_flash_region_in_address_range(uint8_t region_id, uint3 } #endif -#if defined(REGION_PCD_SRAM_ADDRESS) -static bool spu_region_is_sram_region_in_address_range(uint8_t region_id, uint32_t start_address, uint32_t end_address) -{ - size_t start_id = (start_address - DEVICE_SRAM_BASE_ADDRESS) / SRAM_SECURE_ATTRIBUTION_REGION_SIZE; - size_t end_id = (end_address - DEVICE_SRAM_BASE_ADDRESS) / SRAM_SECURE_ATTRIBUTION_REGION_SIZE; - return region_id >= start_id && region_id <= end_id; -} -#endif - static bool spu_region_is_bootloader_region(NRF_SPU_Type * p_reg, uint8_t region_id) { bool is_bootloader = false; #ifdef REGION_MCUBOOT_ADDRESS - is_bootloader = is_bootloader || spu_region_is_flash_region_in_address_range(region_id, REGION_MCUBOOT_ADDRESS, REGION_MCUBOOT_END_ADDRESS); + is_bootloader = is_bootloader || spu_region_is_flash_region_in_address_range(region_id, REGION_MCUBOOT_ADDRESS, REGION_MCUBOOT_LIMIT); #endif #ifdef REGION_B0_ADDRESS - is_bootloader = is_bootloader || spu_region_is_flash_region_in_address_range(region_id, REGION_B0_ADDRESS, REGION_B0_END_ADDRESS); + is_bootloader = is_bootloader || spu_region_is_flash_region_in_address_range(region_id, REGION_B0_ADDRESS, REGION_B0_LIMIT); #endif #ifdef REGION_S0_ADDRESS - is_bootloader = is_bootloader || spu_region_is_flash_region_in_address_range(region_id, REGION_S0_ADDRESS, REGION_S0_END_ADDRESS); + is_bootloader = is_bootloader || spu_region_is_flash_region_in_address_range(region_id, REGION_S0_ADDRESS, REGION_S0_LIMIT); #endif #ifdef REGION_S1_ADDRESS - is_bootloader = is_bootloader || spu_region_is_flash_region_in_address_range(region_id, REGION_S1_ADDRESS, REGION_S1_END_ADDRESS); + is_bootloader = is_bootloader || spu_region_is_flash_region_in_address_range(region_id, REGION_S1_ADDRESS, REGION_S1_LIMIT); #endif return is_bootloader; } -static bool spu_region_is_pcd_region(NRF_SPU_Type * p_reg, uint8_t region_id) -{ - bool is_pcd = false; - -#ifdef PM_PCD_SRAM_ADDRESS - is_pcd = is_pcd || spu_region_is_sram_region_in_address_range(region_id, PM_PCD_SRAM_ADDRESS, PM_PCD_SRAM_END_ADDRESS); -#endif - - return is_pcd; -} - void spu_regions_reset_unlocked_secure(void) { for (size_t i = 0; i < NUM_FLASH_SECURE_ATTRIBUTION_REGIONS ; i++) { @@ -152,14 +132,12 @@ void spu_regions_reset_unlocked_secure(void) } for (size_t i = 0; i < NUM_SRAM_SECURE_ATTRIBUTION_REGIONS ; i++) { - if (!spu_region_is_pcd_region(NRF_SPU, i)) { - nrf_spu_ramregion_set(NRF_SPU, i, - SPU_SECURE_ATTR_SECURE, - NRF_SPU_MEM_PERM_READ - | NRF_SPU_MEM_PERM_WRITE - | NRF_SPU_MEM_PERM_EXECUTE, - SPU_LOCK_CONF_UNLOCKED); - } + nrf_spu_ramregion_set(NRF_SPU, i, + SPU_SECURE_ATTR_SECURE, + NRF_SPU_MEM_PERM_READ + | NRF_SPU_MEM_PERM_WRITE + | NRF_SPU_MEM_PERM_EXECUTE, + SPU_LOCK_CONF_UNLOCKED); } } diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.c b/platform/ext/target/nordic_nrf/common/core/target_cfg.c index d6a0c9872..7798456dd 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.c +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.c @@ -793,6 +793,18 @@ enum tfm_plat_err_t spu_init_cfg(void) SPU_SECURE_ATTR_NONSECURE, perm, SPU_LOCK_CONF_LOCKED); #endif /* NRF_NS_STORAGE_PARTITION_START */ +#ifdef REGION_PCD_SRAM_ADDRESS + /* Netcore needs PCD memory area to be non-secure. */ + perm = 0; + perm |= NRF_SPU_MEM_PERM_READ; + if (tfm_plat_provisioning_is_required()) { + perm |= NRF_SPU_MEM_PERM_WRITE; + } + + spu_regions_sram_config(REGION_PCD_SRAM_ADDRESS, REGION_PCD_SRAM_LIMIT, + SPU_SECURE_ATTR_NONSECURE, perm, SPU_LOCK_CONF_LOCKED); +#endif + return TFM_PLAT_ERR_SUCCESS; } From e1fd5b5ce6f45b7f3fc414359420f4ea5125fbe8 Mon Sep 17 00:00:00 2001 From: Markus Lassila Date: Tue, 15 Oct 2024 09:28:35 +0300 Subject: [PATCH 61/73] [nrf fromtree] platform: nordic_nrf: Add missing include Fix warning induced by missing include. Change-Id: I27a429dfbc8f1c2c926da2089bffd7e81363276a Signed-off-by: Markus Lassila (cherry picked from commit 21ff86ae2383b51cacf41de28d34eb5970640bef) --- platform/ext/target/nordic_nrf/common/core/target_cfg.c | 1 + 1 file changed, 1 insertion(+) diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.c b/platform/ext/target/nordic_nrf/common/core/target_cfg.c index 7798456dd..1332569bd 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.c +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.c @@ -20,6 +20,7 @@ #include "region_defs.h" #include "tfm_plat_defs.h" #include "tfm_peripherals_config.h" +#include "tfm_plat_provisioning.h" #include "region.h" #include "array.h" From e110a80498a317815fa49a121f58797f6e4916a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Fri, 16 Aug 2024 16:00:28 +0200 Subject: [PATCH 62/73] [nrf noup] platform: nordic_nrf: Add support for nRF54L MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add support for nRF54L Change-Id: I3df897232195a4f113db5a934a8da2504720db38 Signed-off-by: Sebastian Bøe Signed-off-by: Joakim Andersson Signed-off-by: Markus Swarowsky Signed-off-by: Georgios Vasilakis Signed-off-by: Vidar Lillebø Signed-off-by: Frank Audun Kvamtrø (cherry picked from commit e0b56869797d4a036c50203311e45c8bd17a0862) Signed-off-by: Markus Lassila --- platform/ext/common/gcc/tfm_common_s.ld | 9 + .../nordic_nrf/common/core/CMakeLists.txt | 10 +- .../common/core/cmsis_drivers/Driver_Flash.c | 59 ++ .../common/core/cmsis_drivers/Driver_USART.c | 21 +- .../target/nordic_nrf/common/core/faults.c | 94 ++- .../common/core/native_drivers/spu.c | 134 ++- .../common/core/native_drivers/spu.h | 82 +- .../common/core/nrf_exception_info.c | 43 +- .../common/core/nrf_exception_info.h | 10 + .../nordic_nrf/common/core/nrfx_config.h | 14 +- .../services/src/tfm_platform_hal_ioctl.c | 7 + .../target/nordic_nrf/common/core/startup.h | 9 + .../nordic_nrf/common/core/startup_nrf54l15.c | 419 ++++++++++ .../nordic_nrf/common/core/target_cfg.c | 767 +++++++++++++++--- .../nordic_nrf/common/core/target_cfg.h | 26 +- .../common/core/tfm_hal_isolation.c | 7 + .../core/tfm_hal_its_encryption_cracen.c | 233 ++++++ .../nordic_nrf/common/nrf54l15/CMakeLists.txt | 51 ++ .../nordic_nrf/common/nrf54l15/config.cmake | 14 + .../nordic_nrf/common/nrf54l15/cpuarch.cmake | 23 + .../nordic_nrf/common/nrf54l15/mmio_defs.h | 100 +++ .../nrfx_config_nrf54l15_application.h | 74 ++ .../common/nrf54l15/ns/CMakeLists.txt | 29 + .../common/nrf54l15/partition/flash_layout.h | 23 + .../common/nrf54l15/partition/region_defs.h | 23 + .../tests/psa_arch_tests_config.cmake | 9 + .../common/nrf54l15/tfm_interrupts.c | 320 ++++++++ .../tfm_peripherals_config_nrf54l15.h | 24 + .../common/nrf54l15/tfm_peripherals_def.h | 124 +++ .../ns/CMakeLists.txt | 31 + .../ns/cpuarch_ns.cmake | 10 + .../tests/psa_arch_tests_config.cmake | 8 + .../tests/tfm_tests_config.cmake | 8 + .../tfm_peripherals_config.h | 34 + .../crypto/ps_crypto_interface.c | 4 - 35 files changed, 2650 insertions(+), 203 deletions(-) create mode 100644 platform/ext/target/nordic_nrf/common/core/startup_nrf54l15.c create mode 100644 platform/ext/target/nordic_nrf/common/core/tfm_hal_its_encryption_cracen.c create mode 100644 platform/ext/target/nordic_nrf/common/nrf54l15/CMakeLists.txt create mode 100644 platform/ext/target/nordic_nrf/common/nrf54l15/config.cmake create mode 100644 platform/ext/target/nordic_nrf/common/nrf54l15/cpuarch.cmake create mode 100644 platform/ext/target/nordic_nrf/common/nrf54l15/mmio_defs.h create mode 100644 platform/ext/target/nordic_nrf/common/nrf54l15/nrfx_config_nrf54l15_application.h create mode 100644 platform/ext/target/nordic_nrf/common/nrf54l15/ns/CMakeLists.txt create mode 100644 platform/ext/target/nordic_nrf/common/nrf54l15/partition/flash_layout.h create mode 100755 platform/ext/target/nordic_nrf/common/nrf54l15/partition/region_defs.h create mode 100644 platform/ext/target/nordic_nrf/common/nrf54l15/tests/psa_arch_tests_config.cmake create mode 100644 platform/ext/target/nordic_nrf/common/nrf54l15/tfm_interrupts.c create mode 100644 platform/ext/target/nordic_nrf/common/nrf54l15/tfm_peripherals_config_nrf54l15.h create mode 100644 platform/ext/target/nordic_nrf/common/nrf54l15/tfm_peripherals_def.h create mode 100644 platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/CMakeLists.txt create mode 100644 platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/cpuarch_ns.cmake create mode 100644 platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tests/psa_arch_tests_config.cmake create mode 100644 platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tests/tfm_tests_config.cmake create mode 100644 platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tfm_peripherals_config.h diff --git a/platform/ext/common/gcc/tfm_common_s.ld b/platform/ext/common/gcc/tfm_common_s.ld index 67c96a9a7..7026e752c 100644 --- a/platform/ext/common/gcc/tfm_common_s.ld +++ b/platform/ext/common/gcc/tfm_common_s.ld @@ -286,6 +286,15 @@ SECTIONS . = ALIGN(TFM_LINKER_PT_RO_ALIGNMENT); Image$$PT_RO_END$$Base = .; +#if defined(CONFIG_PSA_NEED_CRACEN_KMU_DRIVER) + .nrf_kmu_reserved_push_area S_DATA_START (NOLOAD): + { + __nrf_kmu_reserved_push_area = .; + *(.nrf_kmu_reserved_push_area) + __nrf_kmu_reserved_push_area_end = .; + } > RAM +#endif /* CONFIG_PSA_NEED_CRACEN_KMU_DRIVER */ + /**** Base address of secure data area */ .tfm_secure_data_start : { diff --git a/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt b/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt index 194c277f5..066143c4f 100644 --- a/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt +++ b/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt @@ -24,12 +24,14 @@ endif() # At the time of writing there is no systematic way to identify which # NVM technology is used by the SoC from the Kconfig, so we just # hardcode this information here instead. -if((NRF_SOC_VARIANT STREQUAL nrf54l15) OR (target STREQUAL nrf54l15)) +if((NRF_SOC_VARIANT STREQUAL nrf54l15) OR (target STREQUAL nrf54l15) OR (PSA_API_TEST_TARGET STREQUAL nrf54l15)) # Maybe we only need to check one of these options but these # variables keep changing so we check both to be future proof set(HAS_RRAMC 1) + set(HAS_CRACEN 1) else() set(HAS_NVMC 1) + set(HAS_CRACEN 0) endif() #========================= Platform dependencies ===============================# @@ -77,7 +79,7 @@ target_include_directories(platform_s ) set(nvm_sources - ${CMAKE_CURRENT_SOURCE_DIR}/cmsis_drivers/Driver_Flash.c + $<$:${CMAKE_CURRENT_SOURCE_DIR}/cmsis_drivers/Driver_Flash.c> ) if(HAS_RRAMC) @@ -101,7 +103,8 @@ target_sources(platform_s $<$:${CMAKE_CURRENT_SOURCE_DIR}/nrf_exception_info.c> $<$,$>:${CMAKE_CURRENT_SOURCE_DIR}/plat_test.c> $<$:${CMAKE_CURRENT_SOURCE_DIR}/pal_plat_test.c> - $<$:${CMAKE_CURRENT_SOURCE_DIR}/tfm_hal_its_encryption.c> + $<$,$>:${CMAKE_CURRENT_SOURCE_DIR}/tfm_hal_its_encryption.c> + $<$,$>:${CMAKE_CURRENT_SOURCE_DIR}/tfm_hal_its_encryption_cracen.c> ) if (NRF_HW_INIT_RESET_ON_BOOT) @@ -271,3 +274,4 @@ install(DIRECTORY native_drivers install(FILES ${PLATFORM_DIR}/ext/common/gcc/tfm_common_ns.ld DESTINATION ${INSTALL_PLATFORM_NS_DIR}/linker_scripts) + diff --git a/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c b/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c index 7e1d6c228..18c3aef32 100644 --- a/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c +++ b/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c @@ -24,8 +24,19 @@ #include +#include + #if defined(NRF_NVMC_S) #include +#elif defined(NRF_RRAMC_S) +#include + +#if CONFIG_NRF_RRAM_WRITE_BUFFER_SIZE > 0 +#define WRITE_BUFFER_SIZE CONFIG_NRF_RRAM_WRITE_BUFFER_SIZE +#else +#define WRITE_BUFFER_SIZE 0 +#endif + #else #error "Unrecognized platform" #endif @@ -87,6 +98,30 @@ static int32_t ARM_Flash_Initialize(ARM_Flash_SignalEvent_t cb_event) ARG_UNUSED(cb_event); +#ifdef RRAMC_PRESENT + nrfx_rramc_config_t config = NRFX_RRAMC_DEFAULT_CONFIG(WRITE_BUFFER_SIZE); + + config.mode_write = true; + +#if CONFIG_NRF_RRAM_READYNEXT_TIMEOUT_VALUE > 0 + config.preload_timeout_enable = true; + config.preload_timeout = CONFIG_NRF_RRAM_READYNEXT_TIMEOUT_VALUE; +#else + config.preload_timeout_enable = false; + config.preload_timeout = 0; +#endif + + /* Don't use an event handler until it's understood whether we + * want it or not + */ + nrfx_rramc_evt_handler_t handler = NULL; + + nrfx_err_t err = nrfx_rramc_init(&config, handler); + + if(err != NRFX_SUCCESS && err != NRFX_ERROR_ALREADY) { + return err; + } +#endif /* RRAMC_PRESENT */ return ARM_DRIVER_OK; } @@ -127,18 +162,42 @@ static int32_t ARM_Flash_ProgramData(uint32_t addr, const void *data, return ARM_DRIVER_ERROR_PARAMETER; } +#ifdef NRF_NVMC_S nrfx_nvmc_words_write(addr, data, cnt); +#else + nrfx_rramc_words_write(addr, data, cnt); + + /* At time of writing, the Zephyr driver commits writes, but the + * nrfx driver does not, so we commit here using the HAL to align + * Zephyr and TF-M behaviour. + * + * Not committing may cause data loss and/or high power + * consumption. + */ + nrf_rramc_task_trigger(NRF_RRAMC, NRF_RRAMC_TASK_COMMIT_WRITEBUF); +#endif return cnt; } static int32_t ARM_Flash_EraseSector(uint32_t addr) { +#ifdef NRF_NVMC_S nrfx_err_t err_code = nrfx_nvmc_page_erase(addr); if (err_code != NRFX_SUCCESS) { return ARM_DRIVER_ERROR_PARAMETER; } +#else + for (uint32_t *erase_word_ptr = (uint32_t *)addr; + (uint32_t)erase_word_ptr < addr + FLASH_AREA_IMAGE_SECTOR_SIZE; erase_word_ptr++) { + if(*erase_word_ptr != 0xFFFFFFFFU) { + nrfx_rramc_word_write((uint32_t)erase_word_ptr, 0xFFFFFFFFU); + } + } + + nrf_rramc_task_trigger(NRF_RRAMC, NRF_RRAMC_TASK_COMMIT_WRITEBUF); +#endif return ARM_DRIVER_OK; } diff --git a/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_USART.c b/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_USART.c index 8e3a352b4..db99c0bb7 100644 --- a/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_USART.c +++ b/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_USART.c @@ -28,8 +28,7 @@ #define ARRAY_SIZE(arr) (sizeof(arr)/sizeof(arr[0])) #endif -// TODO: NCSDK-22597: Support configuring peripherals as secure -#if !(DOMAIN_NS == 1U) && defined(CONFIG_TFM_LOG_SHARE_UART) && defined(NRF_SPU) +#if !(DOMAIN_NS == 1U) && defined(CONFIG_TFM_LOG_SHARE_UART) && (defined(NRF_SPU) || defined(NRF_SPU00)) #define SPU_CONFIGURE_UART #include #endif @@ -40,7 +39,8 @@ #define ARM_USART_DRV_VERSION ARM_DRIVER_VERSION_MAJOR_MINOR(2, 2) -#if RTE_USART0 || RTE_USART1 || RTE_USART2 || RTE_USART3 || RTE_USART20 || RTE_USART22 +#if RTE_USART0 || RTE_USART1 || RTE_USART2 || RTE_USART3 || \ + RTE_UART00 || RTE_USART20 || RTE_UART21 || RTE_UART22 || RTE_USART30 #define PSEL_DISCONNECTED 0xFFFFFFFFUL @@ -439,13 +439,24 @@ DRIVER_USART(2); DRIVER_USART(3); #endif -// TODO: NCSDK-25009: Support choosing an instance for TF-M +#if RTE_USART00 +DRIVER_USART(00); +#endif + #if RTE_USART20 DRIVER_USART(20); #endif +#if RTE_USART21 +DRIVER_USART(21); +#endif + #if RTE_USART22 DRIVER_USART(22); #endif -#endif /* RTE_USART0 || RTE_USART1 || etc. */ +#if RTE_USART30 +DRIVER_USART(30); +#endif + +#endif /* RTE_USART0 || RTE_USART1 || RTE_USART2 || RTE_USART3 || RTE_USART20 || RTE_USART22 */ diff --git a/platform/ext/target/nordic_nrf/common/core/faults.c b/platform/ext/target/nordic_nrf/common/core/faults.c index 3d847a7af..4cdffd8d7 100644 --- a/platform/ext/target/nordic_nrf/common/core/faults.c +++ b/platform/ext/target/nordic_nrf/common/core/faults.c @@ -22,7 +22,7 @@ void SPU_Handler(void) /* Clear SPU interrupt flag and pending SPU IRQ */ spu_clear_events(); - NVIC_ClearPendingIRQ(SPU_IRQn); + NVIC_ClearPendingIRQ((SCB->ICSR & SCB_ICSR_VECTACTIVE_Msk) - NVIC_USER_IRQ_OFFSET); tfm_core_panic(); } @@ -36,3 +36,95 @@ __attribute__((naked)) void SPU_IRQHandler(void) "B . \n" ); } + +#ifdef NRF_SPU00 +__attribute__((naked)) void SPU00_IRQHandler(void) +{ + EXCEPTION_INFO(); + + __ASM volatile( + "BL SPU_Handler \n" + "B . \n" + ); +} +#endif + +#ifdef NRF_SPU10 +__attribute__((naked)) void SPU10_IRQHandler(void) +{ + EXCEPTION_INFO(); + + __ASM volatile( + "BL SPU_Handler \n" + "B . \n" + ); +} +#endif + +#ifdef NRF_SPU20 +__attribute__((naked)) void SPU20_IRQHandler(void) +{ + EXCEPTION_INFO(); + + __ASM volatile( + "BL SPU_Handler \n" + "B . \n" + ); +} +#endif + +#ifdef NRF_SPU30 +__attribute__((naked)) void SPU30_IRQHandler(void) +{ + EXCEPTION_INFO(); + + __ASM volatile( + "BL SPU_Handler \n" + "B . \n" + ); +} +#endif + +#ifdef NRF_MPC00 +__attribute__((naked)) void MPC_Handler(void) +{ + EXCEPTION_INFO(); + +#ifdef TFM_EXCEPTION_INFO_DUMP + nrf_exception_info_store_context(); +#endif + + /* Clear MPC interrupt flag and pending MPC IRQ */ + mpc_clear_events(); + + NVIC_ClearPendingIRQ(MPC00_IRQn); + + tfm_core_panic(); + + __ASM volatile( + "B . \n" + ); +} + +void MPC00_IRQHandler(void) +{ + /* Address 0xFFFFFFFE is used by TF-M as a return address in some cases + * (e.g., THRD_GENERAL_EXIT). This causes the debugger to access this + * address when analyzing stack frames upon hitting a breakpoint in TF-M. + * Attempting to access this address triggers the MPC MEMACCERR event, + * disrupting debugging. To prevent this, we ignore events from this address. + * Note that this does not affect exception information in MPC_Handler, + * except for scratch registers (R0-R3). + **/ + if( nrf_mpc_event_check(NRF_MPC00, NRF_MPC_EVENT_MEMACCERR)){ + if(NRF_MPC00->MEMACCERR.ADDRESS == 0xFFFFFFFE) + { + mpc_clear_events(); + NVIC_ClearPendingIRQ(MPC00_IRQn); + return; + } + } + + MPC_Handler(); +} +#endif diff --git a/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.c b/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.c index f0654de16..8190ad00f 100644 --- a/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.c +++ b/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.c @@ -16,8 +16,14 @@ #include "spu.h" #include "region_defs.h" +#include "array.h" /* Platform-specific configuration */ +#if NRF_SPU_HAS_MEMORY + +#define DEVICE_FLASH_BASE_ADDRESS FLASH_BASE_ADDRESS +#define DEVICE_SRAM_BASE_ADDRESS SRAM_BASE_ADDRESS + #define FLASH_SECURE_ATTRIBUTION_REGION_SIZE SPU_FLASH_REGION_SIZE #define SRAM_SECURE_ATTRIBUTION_REGION_SIZE SPU_SRAM_REGION_SIZE @@ -29,9 +35,6 @@ #define NUM_SRAM_SECURE_ATTRIBUTION_REGIONS \ (TOTAL_RAM_SIZE / SRAM_SECURE_ATTRIBUTION_REGION_SIZE) -#define DEVICE_FLASH_BASE_ADDRESS FLASH_BASE_ADDRESS -#define DEVICE_SRAM_BASE_ADDRESS SRAM_BASE_ADDRESS - /* Convenience macros for SPU Non-Secure Callable (NCS) attribution */ /* @@ -56,39 +59,6 @@ */ #define FLASH_NSC_SIZE_REG(size) ((31 - __builtin_clz(size)) - 4) - -void spu_enable_interrupts(void) -{ - nrf_spu_int_enable(NRF_SPU, - NRF_SPU_INT_FLASHACCERR_MASK | - NRF_SPU_INT_RAMACCERR_MASK | - NRF_SPU_INT_PERIPHACCERR_MASK); -} - -uint32_t spu_events_get(void) -{ - uint32_t events = 0; - - if (nrf_spu_event_check(NRF_SPU, NRF_SPU_EVENT_RAMACCERR)) { - events |= SPU_EVENT_RAMACCERR; - } - if (nrf_spu_event_check(NRF_SPU, NRF_SPU_EVENT_FLASHACCERR)) { - events |= SPU_EVENT_FLASHACCERR; - } - if (nrf_spu_event_check(NRF_SPU, NRF_SPU_EVENT_PERIPHACCERR)) { - events |= SPU_EVENT_PERIPHACCERR; - } - - return events; -} - -void spu_clear_events(void) -{ - nrf_spu_event_clear(NRF_SPU, NRF_SPU_EVENT_RAMACCERR); - nrf_spu_event_clear(NRF_SPU, NRF_SPU_EVENT_FLASHACCERR); - nrf_spu_event_clear(NRF_SPU, NRF_SPU_EVENT_PERIPHACCERR); -} - #if defined(REGION_MCUBOOT_ADDRESS) || defined(REGION_B0_ADDRESS) || defined(REGION_S0_ADDRESS) || defined(REGION_S1_ADDRESS) static bool spu_region_is_flash_region_in_address_range(uint8_t region_id, uint32_t start_address, uint32_t end_address) { @@ -118,6 +88,98 @@ static bool spu_region_is_bootloader_region(NRF_SPU_Type * p_reg, uint8_t region return is_bootloader; } +#endif /* NRF_SPU_HAS_MEMORY */ + +void spu_enable_interrupts(void) +{ + uint32_t mask = 0; + +#if NRF_SPU_HAS_MEMORY + mask |= NRF_SPU_INT_RAMACCERR_MASK; + mask |= NRF_SPU_INT_FLASHACCERR_MASK; +#endif + + mask |= NRF_SPU_INT_PERIPHACCERR_MASK; + + for(int i = 0; i < ARRAY_SIZE(spu_instances); i++) { + nrf_spu_int_enable(spu_instances[i], mask); + } +} + +uint32_t spu_events_get(void) +{ + uint32_t events = 0; + + for(int i = 0; i < ARRAY_SIZE(spu_instances); i++) { + if(nrf_spu_event_check(spu_instances[i], NRF_SPU_EVENT_PERIPHACCERR)){ + events |= SPU_EVENT_PERIPHACCERR; + } +#if NRF_SPU_HAS_MEMORY + if (nrf_spu_event_check(spu_instances[i], NRF_SPU_EVENT_RAMACCERR)) { + events |= SPU_EVENT_RAMACCERR; + } + if (nrf_spu_event_check(spu_instances[i], NRF_SPU_EVENT_FLASHACCERR)) { + events |= SPU_EVENT_FLASHACCERR; + } +#endif /* NRF_SPU_HAS_MEMORY */ + } + + return events; +} + +#ifdef MPC_PRESENT +void mpc_enable_interrupts(void) +{ + uint32_t mask = NRF_MPC_INT_MEMACCERR_MASK; + nrf_mpc_int_enable(NRF_MPC00, mask); +} + +uint32_t mpc_events_get(void) +{ + uint32_t events = 0; + + if (nrf_mpc_event_check(NRF_MPC00, NRF_MPC_EVENT_MEMACCERR)){ + events |= MPC_EVENT_MEMACCERR; + } + + return events; +} + +void mpc_clear_events() +{ + nrf_mpc_event_clear(NRF_MPC00, NRF_MPC_EVENT_MEMACCERR); +} +#endif /* MPC_PRESENT */ + +void spu_clear_events(void) +{ + for(int i = 0; i < ARRAY_SIZE(spu_instances); i++) { +#if NRF_SPU_HAS_MEMORY + nrf_spu_event_clear(spu_instances[i], NRF_SPU_EVENT_RAMACCERR); + nrf_spu_event_clear(spu_instances[i], NRF_SPU_EVENT_FLASHACCERR); +#endif + nrf_spu_event_clear(spu_instances[i], NRF_SPU_EVENT_PERIPHACCERR); + } +} + +#ifdef SPU_PERIPHACCERR_ADDRESS_ADDRESS_Msk +uint32_t spu_get_peri_addr(void) { + uint32_t addr = 0; + + for(int i = 0; i < ARRAY_SIZE(spu_instances); i++) { + if(spu_instances[i]->EVENTS_PERIPHACCERR){ + /* Only the lower 16 bits of the address are captured into the register. The upper + * 16 bits correspond to the upper 16 bits of the SPU's base address. + */ + addr = spu_instances[i]->PERIPHACCERR.ADDRESS | ((uint32_t)spu_instances[i] & 0xFFFF0000); + } + } + + return addr; +} +#endif + +#if NRF_SPU_HAS_MEMORY void spu_regions_reset_unlocked_secure(void) { for (size_t i = 0; i < NUM_FLASH_SECURE_ATTRIBUTION_REGIONS ; i++) { diff --git a/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.h b/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.h index 2cb75739f..da7f9fc1f 100644 --- a/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.h +++ b/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.h @@ -20,14 +20,36 @@ #include #include #include +#include #include +#ifdef MPC_PRESENT +#include +#endif #define SPU_LOCK_CONF_LOCKED true #define SPU_LOCK_CONF_UNLOCKED false #define SPU_SECURE_ATTR_SECURE true #define SPU_SECURE_ATTR_NONSECURE false +__attribute__((unused)) static NRF_SPU_Type * spu_instances[] = { +#ifdef NRF_SPU + NRF_SPU, +#endif +#ifdef NRF_SPU00 + NRF_SPU00, +#endif +#ifdef NRF_SPU10 + NRF_SPU10, +#endif +#ifdef NRF_SPU20 + NRF_SPU20, +#endif +#ifdef NRF_SPU30 + NRF_SPU30, +#endif +}; + /** * \brief SPU interrupt enabling * @@ -40,6 +62,7 @@ enum spu_events { SPU_EVENT_RAMACCERR = 1 << 0, SPU_EVENT_FLASHACCERR = 1 << 1, SPU_EVENT_PERIPHACCERR= 1 << 2, + MPC_EVENT_MEMACCERR = 1 << 3 }; /** @@ -122,45 +145,10 @@ void spu_peripheral_config_secure(const uint32_t periph_base_address, bool perip void spu_peripheral_config_non_secure(const uint32_t periph_base_address, bool periph_lock); /** - * Configure DPPI channels to be accessible from Non-Secure domain. + * /brief Retrieve the address of the transaction that triggered PERIPHACCERR. * - * \param channels_mask Bitmask with channels configuration. - * \param lock_conf Variable indicating whether to lock DPPI channel security - * - * \note all channels are configured as Non-Secure - */ -static inline void spu_dppi_config_non_secure(uint32_t channels_mask, bool lock_conf) -{ - nrf_spu_dppi_config_set(NRF_SPU, 0, channels_mask, lock_conf); -} - -/** - * Configure GPIO pins to be accessible from Non-Secure domain. - * - * \param port_number GPIO Port number - * \param gpio_mask Bitmask with gpio configuration. - * \param lock_conf Variable indicating whether to lock GPIO port security - * - * \note all pins are configured as Non-Secure - */ -static inline void spu_gpio_config_non_secure(uint8_t port_number, uint32_t gpio_mask, - bool lock_conf) -{ - nrf_spu_gpio_config_set(NRF_SPU, port_number, gpio_mask, lock_conf); -} - -/** - * Return the SPU instance that can be used to configure the - * peripheral at the given base address. */ -static inline NRF_SPU_Type * spu_instance_from_peripheral_addr(uint32_t peripheral_addr) -{ - /* See the SPU chapter in the IPS for how this is calculated */ - - uint32_t apb_bus_number = peripheral_addr & 0x00FC0000; - - return (NRF_SPU_Type *)(0x50000000 | apb_bus_number); -} +uint32_t spu_get_peri_addr(void); /** * \brief Return base address of a Flash SPU regions @@ -248,4 +236,24 @@ uint32_t spu_regions_sram_get_last_id(void); */ uint32_t spu_regions_sram_get_region_size(void); +/** + * \brief MPC interrupt enabling + * + * Enable security violations outside the Cortex-M33 + * to trigger SPU interrupts. + */ +void mpc_enable_interrupts(void); + +/** + * \brief Retrieve bitmask of MPC events. + */ +uint32_t mpc_events_get(void); + +/** + * \brief MPC event clearing + * + * Clear MPC event registers + */ +void mpc_clear_events(void); + #endif diff --git a/platform/ext/target/nordic_nrf/common/core/nrf_exception_info.c b/platform/ext/target/nordic_nrf/common/core/nrf_exception_info.c index 16ac5a5d1..a5df17e8e 100644 --- a/platform/ext/target/nordic_nrf/common/core/nrf_exception_info.c +++ b/platform/ext/target/nordic_nrf/common/core/nrf_exception_info.c @@ -11,29 +11,60 @@ static struct nrf_exception_info nrf_exc_info; -static void spu_dump_context(struct nrf_exception_info *ctx) +static void dump_exception_info(struct nrf_exception_info *ctx) { - SPMLOG_ERRMSG("Platform Exception: SPU Fault\r\n"); + SPMLOG_ERRMSG("Platform Exception:\r\n"); /* Report which type of violation occured */ if (ctx->events & SPU_EVENT_RAMACCERR) { - SPMLOG_DBGMSG(" RAMACCERR\r\n"); + SPMLOG_DBGMSG(" SPU.RAMACCERR\r\n"); } if (ctx->events & SPU_EVENT_PERIPHACCERR) { - SPMLOG_DBGMSG(" PERIPHACCERR\r\n"); + SPMLOG_DBGMSG(" SPU.PERIPHACCERR\r\n"); + SPMLOG_DBGMSGVAL(" Target addr: ", ctx->periphaccerr.address); } if (ctx->events & SPU_EVENT_FLASHACCERR) { - SPMLOG_DBGMSG(" FLASHACCERR\r\n"); + SPMLOG_DBGMSG(" SPU.FLASHACCERR\r\n"); } + +#if MPC_PRESENT + if (ctx->events & MPC_EVENT_MEMACCERR) { + SPMLOG_DBGMSG(" MPC.MEMACCERR\r\n"); + SPMLOG_DBGMSGVAL(" Target addr: ", ctx->memaccerr.address); + SPMLOG_DBGMSGVAL(" Access information: ", ctx->memaccerr.info); + SPMLOG_DBGMSGVAL(" Owner id: ", ctx->memaccerr.info & 0xf); + SPMLOG_DBGMSGVAL(" Masterport: ", (ctx->memaccerr.info & 0x1f0) >> 4); + SPMLOG_DBGMSGVAL(" Read: ", (ctx->memaccerr.info >> 12) & 1); + SPMLOG_DBGMSGVAL(" Write: ", (ctx->memaccerr.info >> 13) & 1); + SPMLOG_DBGMSGVAL(" Execute: ", (ctx->memaccerr.info >> 14) & 1); + SPMLOG_DBGMSGVAL(" Secure: ", (ctx->memaccerr.info >> 15) & 1); + SPMLOG_DBGMSGVAL(" Error source: ", (ctx->memaccerr.info >> 16) & 1); + } +#endif } void nrf_exception_info_store_context(void) { nrf_exc_info.events = spu_events_get(); - spu_dump_context(&nrf_exc_info); +#ifdef SPU_PERIPHACCERR_ADDRESS_ADDRESS_Msk + if (nrf_exc_info.events & SPU_EVENT_PERIPHACCERR){ + nrf_exc_info.periphaccerr.address = spu_get_peri_addr(); + } +#endif + +#ifdef MPC_PRESENT + nrf_exc_info.events |= mpc_events_get(); + if (nrf_exc_info.events & MPC_EVENT_MEMACCERR) + { + nrf_exc_info.memaccerr.address = NRF_MPC00->MEMACCERR.ADDRESS; + nrf_exc_info.memaccerr.info = NRF_MPC00->MEMACCERR.INFO; + } +#endif + + dump_exception_info(&nrf_exc_info); } void nrf_exception_info_get_context(struct nrf_exception_info *ctx) diff --git a/platform/ext/target/nordic_nrf/common/core/nrf_exception_info.h b/platform/ext/target/nordic_nrf/common/core/nrf_exception_info.h index 7f297c800..04b2eb8ba 100644 --- a/platform/ext/target/nordic_nrf/common/core/nrf_exception_info.h +++ b/platform/ext/target/nordic_nrf/common/core/nrf_exception_info.h @@ -11,6 +11,16 @@ struct nrf_exception_info { uint32_t events; + union{ + struct { + uint32_t address; + } periphaccerr; + + struct { + uint32_t address; + uint32_t info; + } memaccerr; + }; }; void nrf_exception_info_store_context(void); diff --git a/platform/ext/target/nordic_nrf/common/core/nrfx_config.h b/platform/ext/target/nordic_nrf/common/core/nrfx_config.h index dadddeb97..f76e49cdd 100644 --- a/platform/ext/target/nordic_nrf/common/core/nrfx_config.h +++ b/platform/ext/target/nordic_nrf/common/core/nrfx_config.h @@ -48,7 +48,8 @@ #endif /* RTE_FLASH0 */ -#if RTE_USART0 || RTE_USART1 || RTE_USART2 || RTE_USART3 || RTE_USART20 || RTE_USART22 +#if RTE_USART0 || RTE_USART1 || RTE_USART2 || RTE_USART3 || \ + RTE_USART00 || RTE_USART20 || RTE_USART21 || RTE_USART22 || RTE_USART30 #define NRFX_UARTE_ENABLED 1 #endif #if RTE_USART0 @@ -64,13 +65,22 @@ #define NRFX_UARTE3_ENABLED 1 #endif -// TODO: NCSDK-25009: Moonlight: Make it possible to use different UARTS with TF-M +/* 54L15 has different UART instances */ +#if RTE_USART00 +#define NRFX_UARTE00_ENABLED 1 +#endif #if RTE_USART20 #define NRFX_UARTE20_ENABLED 1 #endif +#if RTE_USART21 +#define NRFX_UARTE21_ENABLED 1 +#endif #if RTE_USART22 #define NRFX_UARTE22_ENABLED 1 #endif +#if RTE_USART30 +#define NRFX_UARTE30_ENABLED 1 +#endif /* * For chips with TrustZone support, MDK provides CMSIS-Core peripheral diff --git a/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c b/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c index 9b0a4b4a4..87a9c4c27 100644 --- a/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c +++ b/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c @@ -103,10 +103,17 @@ tfm_platform_hal_read_service(const psa_invec *in_vec, static bool valid_mcu_select(uint32_t mcu) { switch (mcu) { +#if defined(NRF54L15_ENGA_XXAA) + case NRF_GPIO_PIN_SEL_GPIO: + case NRF_GPIO_PIN_SEL_VPR: + case NRF_GPIO_PIN_SEL_GRTC: + case NRF_GPIO_PIN_SEL_TND: +#else case NRF_GPIO_PIN_SEL_APP: case NRF_GPIO_PIN_SEL_NETWORK: case NRF_GPIO_PIN_SEL_PERIPHERAL: case NRF_GPIO_PIN_SEL_TND: +#endif return true; default: return false; diff --git a/platform/ext/target/nordic_nrf/common/core/startup.h b/platform/ext/target/nordic_nrf/common/core/startup.h index bb1295886..4b3f738b0 100644 --- a/platform/ext/target/nordic_nrf/common/core/startup.h +++ b/platform/ext/target/nordic_nrf/common/core/startup.h @@ -36,6 +36,15 @@ __NO_RETURN void SecureFault_Handler(void); void SPU_IRQHandler(void); +void SPU00_IRQHandler(void); +void SPU10_IRQHandler(void); +void SPU20_IRQHandler(void); +void SPU30_IRQHandler(void); + +void MPC00_IRQHandler(void); + +void CRACEN_IRQHandler(void); + /* * The default irq handler is used as a backup in case of * misconfiguration. diff --git a/platform/ext/target/nordic_nrf/common/core/startup_nrf54l15.c b/platform/ext/target/nordic_nrf/common/core/startup_nrf54l15.c new file mode 100644 index 000000000..aa81ab1b1 --- /dev/null +++ b/platform/ext/target/nordic_nrf/common/core/startup_nrf54l15.c @@ -0,0 +1,419 @@ +/* + * Copyright (c) 2022 Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an AS IS BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* + * This file is derivative of CMSIS V5.9.0 startup_ARMCM33.c + * Git SHA: 2b7495b8535bdcb306dac29b9ded4cfb679d7e5c + */ + +// TODO: NCSDK-25033: Support interrupt handling in TF-M. The IRQs +// below correspond to nrf53, not nrf54L. + +/* + * Define __VECTOR_TABLE_ATTRIBUTE (which can be provided by cmsis.h) + * before including cmsis.h because TF-M's linker script + * tfm_common_s.ld assumes the vector table section is called .vectors + * while cmsis.h will sometimes (e.g. when cmsis is provided by nrfx) + * default to using the name .isr_vector. + */ +#define __VECTOR_TABLE_ATTRIBUTE __attribute__((used, section(".vectors"))) + +#include "cmsis.h" +#include "startup.h" +#include "exception_info.h" + +__NO_RETURN __attribute__((naked)) void default_tfm_IRQHandler(void) { + EXCEPTION_INFO(); + + __ASM volatile( + "BL default_irq_handler \n" + "B . \n" + ); +} + +DEFAULT_IRQ_HANDLER(NMI_Handler) +DEFAULT_IRQ_HANDLER(HardFault_Handler) +DEFAULT_IRQ_HANDLER(MemManage_Handler) +DEFAULT_IRQ_HANDLER(BusFault_Handler) +DEFAULT_IRQ_HANDLER(UsageFault_Handler) +DEFAULT_IRQ_HANDLER(SecureFault_Handler) +DEFAULT_IRQ_HANDLER(SVC_Handler) +DEFAULT_IRQ_HANDLER(DebugMon_Handler) +DEFAULT_IRQ_HANDLER(PendSV_Handler) +DEFAULT_IRQ_HANDLER(SysTick_Handler) + +DEFAULT_IRQ_HANDLER(SWI00_IRQHandler) +DEFAULT_IRQ_HANDLER(SWI01_IRQHandler) +DEFAULT_IRQ_HANDLER(SWI02_IRQHandler) +DEFAULT_IRQ_HANDLER(SWI03_IRQHandler) +DEFAULT_IRQ_HANDLER(AAR00_CCM00_IRQHandler) +DEFAULT_IRQ_HANDLER(ECB00_IRQHandler) +DEFAULT_IRQ_HANDLER(SERIAL00_IRQHandler) +DEFAULT_IRQ_HANDLER(RRAMC_IRQHandler) +DEFAULT_IRQ_HANDLER(VPR00_IRQHandler) +DEFAULT_IRQ_HANDLER(CTRLAP_IRQHandler) +DEFAULT_IRQ_HANDLER(CM33SS_IRQHandler) +DEFAULT_IRQ_HANDLER(TIMER00_IRQHandler) +DEFAULT_IRQ_HANDLER(TIMER10_IRQHandler) +DEFAULT_IRQ_HANDLER(RTC10_IRQHandler) +DEFAULT_IRQ_HANDLER(EGU10_IRQHandler) +DEFAULT_IRQ_HANDLER(AAR10_CCM10_IRQHandler) +DEFAULT_IRQ_HANDLER(ECB10_IRQHandler) +DEFAULT_IRQ_HANDLER(RADIO_0_IRQHandler) +DEFAULT_IRQ_HANDLER(RADIO_1_IRQHandler) +DEFAULT_IRQ_HANDLER(SERIAL20_IRQHandler) +DEFAULT_IRQ_HANDLER(SERIAL21_IRQHandler) +DEFAULT_IRQ_HANDLER(SERIAL22_IRQHandler) +DEFAULT_IRQ_HANDLER(EGU20_IRQHandler) +DEFAULT_IRQ_HANDLER(TIMER20_IRQHandler) +DEFAULT_IRQ_HANDLER(TIMER21_IRQHandler) +DEFAULT_IRQ_HANDLER(TIMER22_IRQHandler) +DEFAULT_IRQ_HANDLER(TIMER23_IRQHandler) +DEFAULT_IRQ_HANDLER(TIMER24_IRQHandler) +DEFAULT_IRQ_HANDLER(PWM20_IRQHandler) +DEFAULT_IRQ_HANDLER(PWM21_IRQHandler) +DEFAULT_IRQ_HANDLER(PWM22_IRQHandler) +DEFAULT_IRQ_HANDLER(SAADC_IRQHandler) +DEFAULT_IRQ_HANDLER(NFCT_IRQHandler) +DEFAULT_IRQ_HANDLER(TEMP_IRQHandler) +DEFAULT_IRQ_HANDLER(GPIOTE20_1_IRQHandler) +DEFAULT_IRQ_HANDLER(TAMPC_IRQHandler) +DEFAULT_IRQ_HANDLER(I2S20_IRQHandler) +DEFAULT_IRQ_HANDLER(QDEC20_IRQHandler) +DEFAULT_IRQ_HANDLER(QDEC21_IRQHandler) +DEFAULT_IRQ_HANDLER(GRTC_0_IRQHandler) +DEFAULT_IRQ_HANDLER(GRTC_1_IRQHandler) +DEFAULT_IRQ_HANDLER(GRTC_2_IRQHandler) +DEFAULT_IRQ_HANDLER(GRTC_3_IRQHandler) +DEFAULT_IRQ_HANDLER(SERIAL30_IRQHandler) +DEFAULT_IRQ_HANDLER(RTC30_IRQHandler) +DEFAULT_IRQ_HANDLER(COMP_LPCOMP_IRQHandler) +DEFAULT_IRQ_HANDLER(WDT30_IRQHandler) +DEFAULT_IRQ_HANDLER(WDT31_IRQHandler) +DEFAULT_IRQ_HANDLER(GPIOTE30_1_IRQHandler) +DEFAULT_IRQ_HANDLER(CLOCK_POWER_IRQHandler) + +#if defined(DOMAIN_NS) || defined(BL2) +DEFAULT_IRQ_HANDLER(MPC00_IRQHandler) +DEFAULT_IRQ_HANDLER(SPU00_IRQHandler) +DEFAULT_IRQ_HANDLER(SPU10_IRQHandler) +DEFAULT_IRQ_HANDLER(SPU20_IRQHandler) +DEFAULT_IRQ_HANDLER(SPU30_IRQHandler) +DEFAULT_IRQ_HANDLER(CRACEN_IRQHandler) +#endif + +#if defined ( __GNUC__ ) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wpedantic" +#endif + +const VECTOR_TABLE_Type __VECTOR_TABLE[] __VECTOR_TABLE_ATTRIBUTE = { + (VECTOR_TABLE_Type)(&__INITIAL_SP), /* Initial Stack Pointer */ +/* Exceptions */ + Reset_Handler, + NMI_Handler, + HardFault_Handler, + MemManage_Handler, /* MPU Fault Handler */ + BusFault_Handler, + UsageFault_Handler, + SecureFault_Handler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + SVC_Handler, + DebugMon_Handler, + default_tfm_IRQHandler, + PendSV_Handler, + SysTick_Handler, +/* Device specific interrupt handlers */ + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + SWI00_IRQHandler, + SWI01_IRQHandler, + SWI02_IRQHandler, + SWI03_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + SPU00_IRQHandler, + MPC00_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + AAR00_CCM00_IRQHandler, + ECB00_IRQHandler, + CRACEN_IRQHandler, + default_tfm_IRQHandler, + SERIAL00_IRQHandler, + RRAMC_IRQHandler, + VPR00_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + CTRLAP_IRQHandler, + CM33SS_IRQHandler, + default_tfm_IRQHandler, + TIMER00_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + SPU10_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + TIMER10_IRQHandler, + RTC10_IRQHandler, + EGU10_IRQHandler, + AAR10_CCM10_IRQHandler, + ECB10_IRQHandler, + RADIO_0_IRQHandler, + RADIO_1_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + SPU20_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + SERIAL20_IRQHandler, + SERIAL21_IRQHandler, + SERIAL22_IRQHandler, + EGU20_IRQHandler, + TIMER20_IRQHandler, + TIMER21_IRQHandler, + TIMER22_IRQHandler, + TIMER23_IRQHandler, + TIMER24_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + PWM20_IRQHandler, + PWM21_IRQHandler, + PWM22_IRQHandler, + SAADC_IRQHandler, + NFCT_IRQHandler, + TEMP_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + GPIOTE20_1_IRQHandler, + TAMPC_IRQHandler, + I2S20_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + QDEC20_IRQHandler, + QDEC21_IRQHandler, + GRTC_0_IRQHandler, + GRTC_1_IRQHandler, + GRTC_2_IRQHandler, + GRTC_3_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + SPU30_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + SERIAL30_IRQHandler, + RTC30_IRQHandler, + COMP_LPCOMP_IRQHandler, + default_tfm_IRQHandler, + WDT30_IRQHandler, + WDT31_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + default_tfm_IRQHandler, + GPIOTE30_1_IRQHandler, + CLOCK_POWER_IRQHandler, +}; + +#if defined ( __GNUC__ ) +#pragma GCC diagnostic pop +#endif diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.c b/platform/ext/target/nordic_nrf/common/core/target_cfg.c index 1332569bd..8c150cf5d 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.c +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.c @@ -21,6 +21,7 @@ #include "tfm_plat_defs.h" #include "tfm_peripherals_config.h" #include "tfm_plat_provisioning.h" +#include "utilities.h" #include "region.h" #include "array.h" @@ -28,18 +29,55 @@ #include #include -#include -#include + #include #include +#ifdef RRAMC_PRESENT +#include +#include + +#if CONFIG_NRF_RRAM_WRITE_BUFFER_SIZE > 0 +#define WRITE_BUFFER_SIZE CONFIG_NRF_RRAM_WRITE_BUFFER_SIZE +#else +#define WRITE_BUFFER_SIZE 0 +#endif + +#endif + +#define SPU_ADDRESS_REGION (0x50000000) +#define GET_SPU_SLAVE_INDEX(periph) ((periph.periph_start & 0x0003F000) >> 12) +#define GET_SPU_INSTANCE(periph) ((NRF_SPU_Type*)(SPU_ADDRESS_REGION | (periph.periph_start & 0x00FC0000))) + + +#ifdef CACHE_PRESENT +#include +#endif + +#ifdef NVMC_PRESENT +#include +#include +#endif + +#ifdef MPC_PRESENT +#include +#endif + +#ifdef NRF53_SERIES #define PIN_XL1 0 #define PIN_XL2 1 - -#if !(defined(NRF91_SERIES) || defined(NRF53_SERIES)) -#error "Invalid configuration" #endif +#ifdef NRF54L15_ENGA_XXAA +/* On nRF54L15 XL1 and XL2 are(P1.00) and XL2(P1.01) */ +#define PIN_XL1 32 +#define PIN_XL2 33 +/* During TF-M system initialization we invoke a function that comes + * from Zephyr. This function does not have a header file so we + * declare it's prototype here. + */ +int nordicsemi_nrf54l_init(void); +#endif #if TFM_PERIPHERAL_DCNF_SECURE struct platform_data_t tfm_peripheral_dcnf = { @@ -97,6 +135,48 @@ struct platform_data_t tfm_peripheral_spim0 = { }; #endif +#if TFM_PERIPHERAL_SPIM00_SECURE +struct platform_data_t tfm_peripheral_spim00 = { + NRF_SPIM00_S_BASE, + NRF_SPIM00_S_BASE + (sizeof(NRF_SPIM_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_SPIM20_SECURE +struct platform_data_t tfm_peripheral_spim20 = { + NRF_SPIM20_S_BASE, + NRF_SPIM20_S_BASE + (sizeof(NRF_SPIM_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_SPIM22_SECURE +struct platform_data_t tfm_peripheral_spim21 = { + NRF_SPIM21_S_BASE, + NRF_SPIM21_S_BASE + (sizeof(NRF_SPIM_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_SPIM22_SECURE +struct platform_data_t tfm_peripheral_spim22 = { + NRF_SPIM22_S_BASE, + NRF_SPIM22_S_BASE + (sizeof(NRF_SPIM_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_SPIM23_SECURE +struct platform_data_t tfm_peripheral_spim23 = { + NRF_SPIM23_S_BASE, + NRF_SPIM23_S_BASE + (sizeof(NRF_SPIM_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_SPIM30_SECURE +struct platform_data_t tfm_peripheral_spim30 = { + NRF_SPIM30_S_BASE, + NRF_SPIM30_S_BASE + (sizeof(NRF_SPIM_Type) - 1), +}; +#endif + #if TFM_PERIPHERAL_SPIS0_SECURE struct platform_data_t tfm_peripheral_spis0 = { NRF_SPIS0_S_BASE, @@ -237,6 +317,41 @@ struct platform_data_t tfm_peripheral_uarte3 = { }; #endif +#if TFM_PERIPHERAL_UARTE00_SECURE +struct platform_data_t tfm_peripheral_uarte00 = { + NRF_UARTE00_S_BASE, + NRF_UARTE00_S_BASE + (sizeof(NRF_UARTE_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_UARTE20_SECURE +struct platform_data_t tfm_peripheral_uarte20 = { + NRF_UARTE20_S_BASE, + NRF_UARTE20_S_BASE + (sizeof(NRF_UARTE_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_UARTE21_SECURE +struct platform_data_t tfm_peripheral_uarte21 = { + NRF_UARTE21_S_BASE, + NRF_UARTE21_S_BASE + (sizeof(NRF_UARTE_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_UARTE22_SECURE +struct platform_data_t tfm_peripheral_uarte22 = { + NRF_UARTE22_S_BASE, + NRF_UARTE22_S_BASE + (sizeof(NRF_UARTE_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_UARTE30_SECURE +struct platform_data_t tfm_peripheral_uarte30 = { + NRF_UARTE30_S_BASE, + NRF_UARTE30_S_BASE + (sizeof(NRF_UARTE_Type) - 1), +}; +#endif + #if TFM_PERIPHERAL_SAADC_SECURE struct platform_data_t tfm_peripheral_saadc = { NRF_SAADC_S_BASE, @@ -251,6 +366,55 @@ struct platform_data_t tfm_peripheral_timer0 = { }; #endif +#if TFM_PERIPHERAL_TIMER00_SECURE +struct platform_data_t tfm_peripheral_timer00 = { + NRF_TIMER00_S_BASE, + NRF_TIMER00_S_BASE + (sizeof(NRF_TIMER_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_TIMER10_SECURE +struct platform_data_t tfm_peripheral_timer10 = { + NRF_TIMER10_S_BASE, + NRF_TIMER10_S_BASE + (sizeof(NRF_TIMER_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_TIMER20_SECURE +struct platform_data_t tfm_peripheral_timer20 = { + NRF_TIMER20_S_BASE, + NRF_TIMER20_S_BASE + (sizeof(NRF_TIMER_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_TIMER21_SECURE +struct platform_data_t tfm_peripheral_timer21 = { + NRF_TIMER21_S_BASE, + NRF_TIMER21_S_BASE + (sizeof(NRF_TIMER_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_TIMER22_SECURE +struct platform_data_t tfm_peripheral_timer22 = { + NRF_TIMER22_S_BASE, + NRF_TIMER22_S_BASE + (sizeof(NRF_TIMER_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_TIMER23_SECURE +struct platform_data_t tfm_peripheral_timer23 = { + NRF_TIMER23_S_BASE, + NRF_TIMER23_S_BASE + (sizeof(NRF_TIMER_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_TIMER24_SECURE +struct platform_data_t tfm_peripheral_timer24 = { + NRF_TIMER24_S_BASE, + NRF_TIMER24_S_BASE + (sizeof(NRF_TIMER_Type) - 1), +}; +#endif + #if TFM_PERIPHERAL_TIMER1_SECURE struct platform_data_t tfm_peripheral_timer1 = { NRF_TIMER1_S_BASE, @@ -363,6 +527,20 @@ struct platform_data_t tfm_peripheral_egu5 = { }; #endif +#if TFM_PERIPHERAL_EGU10_SECURE +struct platform_data_t tfm_peripheral_egu10 = { + NRF_EGU10_S_BASE, + NRF_EGU10_S_BASE + (sizeof(NRF_EGU_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_EGU20_SECURE +struct platform_data_t tfm_peripheral_egu20 = { + NRF_EGU20_S_BASE, + NRF_EGU20_S_BASE + (sizeof(NRF_EGU_Type) - 1), +}; +#endif + #if TFM_PERIPHERAL_PWM0_SECURE struct platform_data_t tfm_peripheral_pwm0 = { NRF_PWM0_S_BASE, @@ -391,6 +569,27 @@ struct platform_data_t tfm_peripheral_pwm3 = { }; #endif +#if TFM_PERIPHERAL_PWM20_SECURE +struct platform_data_t tfm_peripheral_pwm20 = { + NRF_PWM20_S_BASE, + NRF_PWM20_S_BASE + (sizeof(NRF_PWM_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_PWM21_SECURE +struct platform_data_t tfm_peripheral_pwm21 = { + NRF_PWM21_S_BASE, + NRF_PWM21_S_BASE + (sizeof(NRF_PWM_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_PWM22_SECURE +struct platform_data_t tfm_peripheral_pwm22 = { + NRF_PWM22_S_BASE, + NRF_PWM22_S_BASE + (sizeof(NRF_PWM_Type) - 1), +}; +#endif + #if TFM_PERIPHERAL_PDM0_SECURE struct platform_data_t tfm_peripheral_pdm0 = { NRF_PDM0_S_BASE, @@ -609,33 +808,7 @@ enum tfm_plat_err_t system_reset_cfg(void) enum tfm_plat_err_t init_debug(void) { -#if defined(NRF_APPROTECT) || defined(NRF_SECURE_APPROTECT) - -#if !defined(DAUTH_CHIP_DEFAULT) -#error "Debug access controlled by NRF_APPROTECT and NRF_SECURE_APPROTECT." -#endif - -#if defined(NRF_APPROTECT) - /* For nRF53 and nRF91x1 already active. For nRF9160, active in the next boot.*/ - if (nrfx_nvmc_word_writable_check((uint32_t)&NRF_UICR_S->APPROTECT, - UICR_APPROTECT_PALL_Protected)) { - nrfx_nvmc_word_write((uint32_t)&NRF_UICR_S->APPROTECT, UICR_APPROTECT_PALL_Protected); - } else { - return TFM_PLAT_ERR_SYSTEM_ERR; - } -#endif -#if defined(NRF_SECURE_APPROTECT) - /* For nRF53 and nRF91x1 already active. For nRF9160, active in the next boot. */ - if (nrfx_nvmc_word_writable_check((uint32_t)&NRF_UICR_S->SECUREAPPROTECT, - UICR_SECUREAPPROTECT_PALL_Protected)) { - nrfx_nvmc_word_write((uint32_t)&NRF_UICR_S->SECUREAPPROTECT, - UICR_SECUREAPPROTECT_PALL_Protected); - } else { - return TFM_PLAT_ERR_SYSTEM_ERR; - } -#endif - -#elif defined(NRF91_SERIES) +#if defined(NRF91_SERIES) || defined(NRF54L15_ENGA_XXAA) #if !defined(DAUTH_CHIP_DEFAULT) #error "Debug access on this platform can only be configured by programming the corresponding registers in UICR." @@ -666,11 +839,17 @@ enum tfm_plat_err_t init_debug(void) NRF_CTRLAP->SECUREAPPROTECT.LOCK = CTRLAPPERI_SECUREAPPROTECT_LOCK_LOCK_Locked << CTRLAPPERI_SECUREAPPROTECT_LOCK_LOCK_Msk; +#else +#error "Unrecognized platform" + #endif return TFM_PLAT_ERR_SUCCESS; } +#define NRF_UARTE_INSTANCE(id) NRF_UARTE ## id +#define NRF_UARTE_INSTANCE_GET(id) NRF_UARTE_INSTANCE(id) + /*----------------- NVIC interrupt target state to NS configuration ----------*/ enum tfm_plat_err_t nvic_interrupt_target_state_cfg(void) { @@ -679,17 +858,21 @@ enum tfm_plat_err_t nvic_interrupt_target_state_cfg(void) NVIC->ITNS[i] = 0xFFFFFFFF; } - /* Make sure that the SPU is targeted to S state */ - NVIC_ClearTargetState(NRFX_IRQ_NUMBER_GET(NRF_SPU)); + /* Make sure that the SPU instance(s) are targeted to S state */ + for(int i = 0; i < ARRAY_SIZE(spu_instances); i++) { + NVIC_ClearTargetState(NRFX_IRQ_NUMBER_GET(spu_instances[i])); + } -#ifdef SECURE_UART1 -#if NRF_SECURE_UART_INSTANCE == 0 - /* UARTE0 is a secure peripheral, so its IRQ has to target S state */ - NVIC_ClearTargetState(NRFX_IRQ_NUMBER_GET(NRF_UARTE0)); -#elif NRF_SECURE_UART_INSTANCE == 1 - /* UARTE1 is a secure peripheral, so its IRQ has to target S state */ - NVIC_ClearTargetState(NRFX_IRQ_NUMBER_GET(NRF_UARTE1)); +#ifdef NRF_CRACEN + NVIC_ClearTargetState(NRFX_IRQ_NUMBER_GET(NRF_CRACEN)); #endif +#ifdef NRF_MPC00 + NVIC_ClearTargetState(MPC00_IRQn); +#endif + +#ifdef SECURE_UART1 + /* IRQ for the selected secure UART has to target S state */ + NVIC_ClearTargetState(NRFX_IRQ_NUMBER_GET(NRF_UARTE_INSTANCE_GET(NRF_SECURE_UART_INSTANCE))); #endif return TFM_PLAT_ERR_SUCCESS; @@ -701,8 +884,23 @@ enum tfm_plat_err_t nvic_interrupt_enable(void) /* SPU interrupt enabling */ spu_enable_interrupts(); - NVIC_ClearPendingIRQ(NRFX_IRQ_NUMBER_GET(NRF_SPU)); - NVIC_EnableIRQ(NRFX_IRQ_NUMBER_GET(NRF_SPU)); + for(int i = 0; i < ARRAY_SIZE(spu_instances); i++) { + NVIC_ClearPendingIRQ(NRFX_IRQ_NUMBER_GET(spu_instances[i])); + NVIC_EnableIRQ(NRFX_IRQ_NUMBER_GET(spu_instances[i])); + } + +#ifdef MPC_PRESENT + mpc_clear_events(); + /* MPC interrupt enabling */ + mpc_enable_interrupts(); + + NVIC_ClearPendingIRQ(NRFX_IRQ_NUMBER_GET(NRF_MPC00)); + NVIC_EnableIRQ(NRFX_IRQ_NUMBER_GET(NRF_MPC00)); +#endif + + /* The CRACEN driver configures the NVIC for CRACEN and is + * therefore omitted here. + */ return TFM_PLAT_ERR_SUCCESS; } @@ -711,13 +909,61 @@ enum tfm_plat_err_t nvic_interrupt_enable(void) void sau_and_idau_cfg(void) { + /* + * SAU and IDAU configuration is very different between old + * (53/91) and new (54++) platforms. New platforms have a proper SAU + * and IDAU, whereas old platforms do not. + */ +#ifdef NRF54L15_ENGA_XXAA + /* + * This SAU configuration aligns with ARM's RSS implementation of + * sau_and_idau_cfg when possible. + */ + + /* Enables SAU */ + TZ_SAU_Enable(); + + /* Configures SAU regions to be non-secure */ + + /* Note that this SAU configuration assumes that there is only one + * secure NVM partition and one non-secure NVM partition. Meaning, + * memory_regions.non_secure_partition_limit is at the end of + * NVM. + */ + + /* Configure the end of NVM, and the FICR, to be non-secure using + a single region. Note that the FICR is placed after the + non-secure NVM and before the UICR.*/ + SAU->RNR = 0; + SAU->RBAR = (memory_regions.non_secure_partition_base + & SAU_RBAR_BADDR_Msk); + SAU->RLAR = (NRF_UICR_S_BASE & SAU_RLAR_LADDR_Msk) | SAU_RLAR_ENABLE_Msk; + + /* Leave SAU region 1 disabled until we find a use for it */ + + /* Configures veneers region to be non-secure callable */ + SAU->RNR = 2; + SAU->RBAR = (memory_regions.veneer_base & SAU_RBAR_BADDR_Msk); + SAU->RLAR = (memory_regions.veneer_limit & SAU_RLAR_LADDR_Msk) + | SAU_RLAR_ENABLE_Msk | SAU_RLAR_NSC_Msk; + + /* Configures SAU region 3 to cover both the end of SRAM and + * regions above it as shown in the "Example memory map" in the + * "Product Specification" */ + SAU->RNR = 3; + SAU->RBAR = (NS_DATA_START & SAU_RBAR_BADDR_Msk); + SAU->RLAR = (0xFFFFFFFFul & SAU_RLAR_LADDR_Msk) | SAU_RLAR_ENABLE_Msk; + +#else /* IDAU (SPU) is always enabled. SAU is non-existent. * Allow SPU to have precedence over (non-existing) ARMv8-M SAU. */ TZ_SAU_Disable(); SAU->CTRL |= SAU_CTRL_ALLNS_Msk; +#endif } +#if NRF_SPU_HAS_MEMORY enum tfm_plat_err_t spu_init_cfg(void) { /* @@ -808,29 +1054,264 @@ enum tfm_plat_err_t spu_init_cfg(void) return TFM_PLAT_ERR_SUCCESS; } +#endif /* NRF_SPU_HAS_MEMORY */ + + +#ifdef MPC_PRESENT +struct mpc_region_override { + nrf_mpc_override_config_t config; + nrf_owner_t owner_id; + uintptr_t start_address; + size_t endaddr; + uint32_t perm; + uint32_t permmask; + size_t index; +}; + +static void mpc_configure_override(NRF_MPC_Type *mpc, struct mpc_region_override *override) +{ + nrf_mpc_override_startaddr_set(mpc, override->index, override->start_address); + nrf_mpc_override_endaddr_set(mpc, override->index, override->endaddr); + nrf_mpc_override_perm_set(mpc, override->index, override->perm); + nrf_mpc_override_permmask_set(mpc, override->index, override->permmask); + nrf_mpc_override_ownerid_set(mpc, override->index, override->owner_id); + nrf_mpc_override_config_set(mpc, override->index, &override->config); +} + +/* + * Configure the override struct with reasonable defaults. This includes: + * + * Use a slave number of 0 to avoid redirecting bus transactions from + * one slave to another. + * + * Lock the override to prevent the code that follows from tampering + * with the configuration. + * + * Enable the override so it takes effect. + * + * Indicate that secdom is not enabled as this driver is not used on + * platforms with secdom. + */ +static void init_mpc_region_override(struct mpc_region_override * override) +{ + *override = (struct mpc_region_override){ + .config = + (nrf_mpc_override_config_t){ + .slave_number = 0, + .lock = true, + .enable = true, + .secdom_enable = false, + .secure_mask = true, + }, + .perm = 0, /* 0 for non-secure */ + .owner_id = 0, + }; + + override->permmask = MPC_OVERRIDE_PERM_SECATTR_Msk; +} + +enum tfm_plat_err_t nrf_mpc_init_cfg(void) +{ + /* On 54l the NRF_MPC00->REGION[]'s are fixed in HW and the + * OVERRIDE indexes (that are useful to us) start at 0 and end + * (inclusive) at 4. + * + * Note that the MPC regions configure all volatile and non-volatile memory as secure, so we only + * need to explicitly OVERRIDE the non-secure addresses to permit non-secure access. + * + * Explicitly configuring memory as secure is not necessary. + * + * The last OVERRIDE in 54L is fixed in HW and exists to prevent + * other bus masters than the KMU from accessing CRACEN protected RAM. + * + * Note that we must take care not to configure an OVERRIDE that + * affects an active bus transaction. + * + * Note that we don't configure the NSC region to be NS because + * from the MPC's perspective it is secure. NSC is only configurable from the SAU. + * + * Note that OVERRIDE[n].MASTERPORT has a reasonable reset value + * so it is left unconfigured. + * + * Note that there are two owners in 54L. KMU with owner ID 1, and everything else with owner ID 0. + */ + + uint32_t index = 0; + /* + * Configure the non-secure partition of the non-volatile + * memory. This MPC region is intended to cover both the + * non-secure partition in the NVM and also the FICR. The FICR + * starts after the NVM and ends just before the UICR. + */ + { + struct mpc_region_override override; + + init_mpc_region_override(&override); + + override.start_address = memory_regions.non_secure_partition_base; + override.endaddr = NRF_UICR_S_BASE; + override.index = index++; + + mpc_configure_override(NRF_MPC00, &override); + } + + /* Configure the non-secure partition of the volatile memory */ + { + struct mpc_region_override override; + + init_mpc_region_override(&override); + + override.start_address = NS_DATA_START; + override.endaddr = 1 + NS_DATA_LIMIT; + override.index = index++; + + mpc_configure_override(NRF_MPC00, &override); + } + + if(index > 4) { + /* Used more overrides than are available */ + tfm_core_panic(); + } + + /* Lock and disable any unused MPC overrides to prevent malicious configuration */ + while(index <= 4) { + struct mpc_region_override override; + + init_mpc_region_override(&override); + + override.config.enable = false; + + override.index = index++; + + mpc_configure_override(NRF_MPC00, &override); + } + + return TFM_PLAT_ERR_SUCCESS; +} + +#endif /* MPC_PRESENT */ + +static void dppi_channel_configuration(void) +{ + /* The SPU HW and corresponding NRFX HAL API have two different + * API's for DPPI security configuration. The defines + * NRF_SPU_HAS_OWNERSHIP and NRF_SPU_HAS_MEMORY identify which of the two API's + * are present. + * + * TFM_PERIPHERAL_DPPI_CHANNEL_MASK_SECURE is configurable, but + * usually defaults to 0, which results in all DPPI channels being + * non-secure. + */ +#if NRF_SPU_HAS_MEMORY + /* There is only one dppi_id */ + uint8_t dppi_id = 0; + nrf_spu_dppi_config_set(NRF_SPU, dppi_id, TFM_PERIPHERAL_DPPI_CHANNEL_MASK_SECURE, + SPU_LOCK_CONF_LOCKED); +#else + /* TODO_NRF54L15: Use the nrf_spu_feature API to configure DPPI + channels according to a user-controllable config similar to + TFM_PERIPHERAL_DPPI_CHANNEL_MASK_SECURE. */ +#endif +} enum tfm_plat_err_t spu_periph_init_cfg(void) { /* Peripheral configuration */ -static const uint32_t target_peripherals[] = { +#ifdef NRF54L15_ENGA_XXAA + /* Configure features to be non-secure */ + + /* + * Due to MLT-7600, many SPU HW reset values are wrong. The docs + * generally features being non-secure when coming out of HW + * reset, but the HW has a good mix of both. + * + * When configuring NRF_SPU 0 will indicate non-secure and 1 will + * indicate secure. + * + * Most of the chip should be non-secure so to simplify and be + * consistent, we memset the entire memory map of each SPU + * peripheral to 0. + * + * Just after memsetting to 0 we explicitly configure the + * peripherals that should be secure back to secure again. + */ + // TODO: NCSDK-22597: Evaluate if it is safe to memset everything + // in NRF_SPU to 0. + memset(NRF_SPU00, 0, sizeof(NRF_SPU_Type)); + memset(NRF_SPU10, 0, sizeof(NRF_SPU_Type)); + memset(NRF_SPU20, 0, sizeof(NRF_SPU_Type)); + memset(NRF_SPU30, 0, sizeof(NRF_SPU_Type)); + +#if SECURE_UART1 + /* Configure TF-M's UART peripheral to be secure */ +#if NRF_SECURE_UART_INSTANCE == 00 + uint32_t uart_periph_start = tfm_peripheral_uarte00.periph_start; +#endif +#if NRF_SECURE_UART_INSTANCE == 20 + uint32_t uart_periph_start = tfm_peripheral_uarte20.periph_start; +#endif +#if NRF_SECURE_UART_INSTANCE == 21 + uint32_t uart_periph_start = tfm_peripheral_uarte21.periph_start; +#endif +#if NRF_SECURE_UART_INSTANCE == 22 + uint32_t uart_periph_start = tfm_peripheral_uarte22.periph_start; +#endif +#if NRF_SECURE_UART_INSTANCE == 30 + uint32_t uart_periph_start = tfm_peripheral_uarte30.periph_start; +#endif + spu_peripheral_config_secure(uart_periph_start, SPU_LOCK_CONF_LOCKED); +#endif + + /* Configure the CTRL-AP mailbox interface to be secure as it is used by the secure ADAC service */ + spu_peripheral_config_secure(NRF_CTRLAP_S_BASE, SPU_LOCK_CONF_LOCKED); + + /* Configure NRF_MEMCONF to be secure as it could otherwise be used to corrupt secure RAM. */ + spu_peripheral_config_secure(NRF_MEMCONF_S_BASE, SPU_LOCK_CONF_LOCKED); + + /* Configure trace to be secure, as the security implications of non-secure trace are not understood */ + spu_peripheral_config_secure(NRF_TAD_S_BASE, SPU_LOCK_CONF_LOCKED); + + /* Configure these HW features, which are not in the MDK, to be + * secure, as the security implications of them being non-secure + * are not understood + */ + uint32_t base_addresses[4] = { + 0x50056000, + 0x5008C000, + 0x500E6000, + 0x5010F000 + }; + for(int i = 0; i < 4; i++) { + spu_peripheral_config_secure(base_addresses[i], SPU_LOCK_CONF_LOCKED); + } + + /* Configure NRF_REGULATORS, and NRF_OSCILLATORS to be secure as NRF_REGULATORS.POFCON is needed + * to prevent glitches when the power supply is attacked. + * + * NB: Note that NRF_OSCILLATORS and NRF_REGULATORS have the same base address and must therefore + * have the same security configuration. + */ + spu_peripheral_config_secure(NRF_REGULATORS_S_BASE, SPU_LOCK_CONF_LOCKED); +#else +static const uint8_t target_peripherals[] = { /* The following peripherals share ID: * - FPU (FPU cannot be configured in NRF91 series, it's always NS) * - DCNF (On 53, but not 91) */ #ifndef NRF91_SERIES - NRF_FPU_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_FPU), #endif /* The following peripherals share ID: * - REGULATORS * - OSCILLATORS */ - NRF_REGULATORS_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_REGULATORS), /* The following peripherals share ID: * - CLOCK * - POWER * - RESET (On 53, but not 91) */ - NRF_CLOCK_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_CLOCK), /* The following peripherals share ID: (referred to as Serial-Box) * - SPIMx * - SPISx @@ -843,124 +1324,168 @@ static const uint32_t target_peripherals[] = { * The UART Driver will configure it as non-secure when it uninitializes. */ #if !(defined(SECURE_UART1) && NRF_SECURE_UART_INSTANCE == 0) - spu_peripheral_config_non_secure((uint32_t)NRF_SPIM0, false); + NRFX_PERIPHERAL_ID_GET(NRF_SPIM0), +#ifndef SECURE_UART1 + /* UART1 is a secure peripheral, so we need to leave Serial-Box 1 as Secure */ + NRFX_PERIPHERAL_ID_GET(NRF_SPIM1), #endif + NRFX_PERIPHERAL_ID_GET(NRF_SPIM2), + NRFX_PERIPHERAL_ID_GET(NRF_SPIM3), - /* When UART1 is a secure peripheral we need to leave Serial-Box 1 as Secure */ -#if !(defined(SECURE_UART1) && NRF_SECURE_UART_INSTANCE == 1) - spu_peripheral_config_non_secure((uint32_t)NRF_SPIM1, false); -#endif - NRF_SPIM2_S_BASE, - NRF_SPIM3_S_BASE, #ifdef NRF_SPIM4 - NRF_SPIM4_S_BASE, -#endif - NRF_SAADC_S_BASE, - NRF_TIMER0_S_BASE, - NRF_TIMER1_S_BASE, - NRF_TIMER2_S_BASE, - NRF_RTC0_S_BASE, - NRF_RTC1_S_BASE, - NRF_DPPIC_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_SPIM4), +#endif + NRFX_PERIPHERAL_ID_GET(NRF_SAADC), + NRFX_PERIPHERAL_ID_GET(NRF_TIMER0), + NRFX_PERIPHERAL_ID_GET(NRF_TIMER1), + NRFX_PERIPHERAL_ID_GET(NRF_TIMER2), + NRFX_PERIPHERAL_ID_GET(NRF_RTC0), + NRFX_PERIPHERAL_ID_GET(NRF_RTC1), + NRFX_PERIPHERAL_ID_GET(NRF_DPPIC), #ifndef PSA_API_TEST_IPC #ifdef NRF_WDT0 /* WDT0 is used as a secure peripheral in PSA FF tests */ - NRF_WDT0_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_WDT0), #endif #ifdef NRF_WDT - NRF_WDT_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_WDT), #endif #endif /* PSA_API_TEST_IPC */ #ifdef NRF_WDT1 - NRF_WDT1_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_WDT1), #endif /* The following peripherals share ID: * - COMP * - LPCOMP */ #ifdef NRF_COMP - NRF_COMP_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_COMP), #endif - NRF_EGU0_S_BASE, - NRF_EGU1_S_BASE, - NRF_EGU2_S_BASE, - NRF_EGU3_S_BASE, - NRF_EGU4_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_EGU0), + NRFX_PERIPHERAL_ID_GET(NRF_EGU1), + NRFX_PERIPHERAL_ID_GET(NRF_EGU2), + NRFX_PERIPHERAL_ID_GET(NRF_EGU3), + NRFX_PERIPHERAL_ID_GET(NRF_EGU4), #ifndef PSA_API_TEST_IPC /* EGU5 is used as a secure peripheral in PSA FF tests */ - NRF_EGU5_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_EGU5), #endif - NRF_PWM0_S_BASE, - NRF_PWM1_S_BASE, - NRF_PWM2_S_BASE, - NRF_PWM3_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_PWM0), + NRFX_PERIPHERAL_ID_GET(NRF_PWM1), + NRFX_PERIPHERAL_ID_GET(NRF_PWM2), + NRFX_PERIPHERAL_ID_GET(NRF_PWM3), #ifdef NRF_PDM - NRF_PDM_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_PDM), #endif #ifdef NRF_PDM0 - NRF_PDM0_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_PDM0), #endif #ifdef NRF_I2S - NRF_I2S_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_I2S), #endif #ifdef NRF_I2S0 - NRF_I2S0_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_I2S0), #endif - NRF_IPC_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_IPC), #ifndef SECURE_QSPI #ifdef NRF_QSPI - NRF_QSPI_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_QSPI), #endif #endif #ifdef NRF_NFCT - NRF_NFCT_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_NFCT), #endif #ifdef NRF_MUTEX - NRF_MUTEX_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_MUTEX), #endif #ifdef NRF_QDEC0 - NRF_QDEC0_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_QDEC0), #endif #ifdef NRF_QDEC1 - NRF_QDEC1_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_QDEC1), #endif #ifdef NRF_USBD - NRF_USBD_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_USBD), #endif #ifdef NRF_USBREGULATOR - NRF_USBREGULATOR_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_USBREGULATOR), #endif - NRF_NVMC_S_BASE, - NRF_P0_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_NVMC), + NRFX_PERIPHERAL_ID_GET(NRF_P0), #ifdef NRF_P1 - NRF_P1_S_BASE, + NRFX_PERIPHERAL_ID_GET(NRF_P1), #endif + NRFX_PERIPHERAL_ID_GET(NRF_VMC), }; for (int i = 0; i < ARRAY_SIZE(target_peripherals); i++) { spu_peripheral_config_non_secure(target_peripherals[i], SPU_LOCK_CONF_UNLOCKED); } +#endif /* Moonlight */ + /* DPPI channel configuration */ - spu_dppi_config_non_secure(TFM_PERIPHERAL_DPPI_CHANNEL_MASK_SECURE, SPU_LOCK_CONF_LOCKED); + dppi_channel_configuration(); /* GPIO pin configuration */ - spu_gpio_config_non_secure(0, TFM_PERIPHERAL_GPIO0_PIN_MASK_SECURE, SPU_LOCK_CONF_LOCKED); + uint32_t secure_pins[] = { + TFM_PERIPHERAL_GPIO0_PIN_MASK_SECURE, #ifdef TFM_PERIPHERAL_GPIO1_PIN_MASK_SECURE - spu_gpio_config_non_secure(1, TFM_PERIPHERAL_GPIO1_PIN_MASK_SECURE, SPU_LOCK_CONF_LOCKED); + TFM_PERIPHERAL_GPIO1_PIN_MASK_SECURE, +#endif +#ifdef TFM_PERIPHERAL_GPIO2_PIN_MASK_SECURE + TFM_PERIPHERAL_GPIO2_PIN_MASK_SECURE, +#endif + }; + + /* Note that there are two different API's for SPU configuration */ +#if NRF_SPU_HAS_MEMORY + + for(int port = 0; port < ARRAY_SIZE(secure_pins); port++){ + nrf_spu_gpio_config_set(NRF_SPU, port, secure_pins[port], SPU_LOCK_CONF_LOCKED); + } + +#elif NRF_SPU_HAS_PERIPHERAL_ACCESS + + for(int port = 0; port < ARRAY_SIZE(secure_pins); port++) { + for (int pin = 0; pin < 32; pin++) { + if (secure_pins[port] & (1 << pin)) { + bool enable = true; // secure + + /* + * Unfortunately, NRF_P0 is not configured by NRF_SPU00, etc. + * so it is a bit convoluted to find the SPU instance for port x. + */ + uint32_t gpio_port_addr[2] = { + NRF_P0_S_BASE, + NRF_P1_S_BASE, + }; + + NRF_SPU_Type * spu_instance = spu_instance_from_peripheral_addr(gpio_port_addr[port]); + + nrf_spu_feature_secattr_set(spu_instance, NRF_SPU_FEATURE_GPIO_PIN, port, pin, enable); + nrf_spu_feature_lock_enable(spu_instance, NRF_SPU_FEATURE_GPIO_PIN, port, pin); + } + } + } +#else +#error "Expected either NRF_SPU_HAS_MEMORY or NRF_SPU_HAS_PERIPHERAL_ACCESS to be true" #endif -#ifdef NRF53_SERIES /* Configure properly the XL1 and XL2 pins so that the low-frequency crystal * oscillator (LFXO) can be used. * This configuration can be done only from secure code, as otherwise those * register fields are not accessible. That's why it is placed here. */ -#if defined(CONFIG_SOC_ENABLE_LFXO) && CONFIG_SOC_ENABLE_LFXO == 1 -/* CONFIG_SOC_ENABLE_LFXO doesn't exist for 54L15 target, might be changed in future */ +#ifdef NRF53_SERIES nrf_gpio_pin_control_select(PIN_XL1, NRF_GPIO_PIN_SEL_PERIPHERAL); nrf_gpio_pin_control_select(PIN_XL2, NRF_GPIO_PIN_SEL_PERIPHERAL); #endif /* CONFIG_SOC_ENABLE_LFXO */ +#endif +#ifdef NRF54L15_ENGA_XXAA + /* NRF54L has a different define */ + nrf_gpio_pin_control_select(PIN_XL1, NRF_GPIO_PIN_SEL_GPIO); + nrf_gpio_pin_control_select(PIN_XL2, NRF_GPIO_PIN_SEL_GPIO); #endif /* @@ -976,9 +1501,52 @@ static const uint32_t target_peripherals[] = { #if defined(NVMC_FEATURE_CACHE_PRESENT) // From MDK nrfx_nvmc_icache_enable(); #elif defined(CACHE_PRESENT) // From MDK - NRF_CACHE->ENABLE = CACHE_ENABLE_ENABLE_Enabled; + +#ifdef NRF_CACHE + nrf_cache_enable(NRF_CACHE); +#endif +#ifdef NRF_ICACHE + nrf_cache_enable(NRF_ICACHE); +#endif +#ifdef NRF_DCACHE + nrf_cache_enable(NRF_DCACHE); #endif +#endif + +#ifdef RRAMC_PRESENT + nrfx_rramc_config_t config = NRFX_RRAMC_DEFAULT_CONFIG(WRITE_BUFFER_SIZE); + + config.mode_write = true; + +#if CONFIG_NRF_RRAM_READYNEXT_TIMEOUT_VALUE > 0 + config.preload_timeout_enable = true; + config.preload_timeout = CONFIG_NRF_RRAM_READYNEXT_TIMEOUT_VALUE; +#else + config.preload_timeout_enable = false; + config.preload_timeout = 0; +#endif + + /* Don't use an event handler until it's understood whether we + * want it or not + */ + nrfx_rramc_evt_handler_t handler = NULL; + + nrfx_err_t err = nrfx_rramc_init(&config, handler); + if(err != NRFX_SUCCESS && err != NRFX_ERROR_ALREADY) { + return err; + } +#endif /* RRAMC_PRESENT */ + +#ifdef NRF54L15_ENGA_XXAA + /* SOC configuration from Zephyr's soc.c. */ + int soc_err = nordicsemi_nrf54l_init(); + if(soc_err) { + return soc_err; + } +#endif + +#if NRF_SPU_HAS_MEMORY /* Enforce that the nRF5340 Network MCU is in the Non-Secure * domain. Non-secure is the HW reset value for the network core * so configuring this should not be necessary, but we want to @@ -987,6 +1555,7 @@ static const uint32_t target_peripherals[] = { * it doesn't get changed by accident. */ nrf_spu_extdomain_set(NRF_SPU, 0, false, true); +#endif return TFM_PLAT_ERR_SUCCESS; } diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.h b/platform/ext/target/nordic_nrf/common/core/target_cfg.h index 0081c03d2..aea09bece 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.h +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.h @@ -35,20 +35,31 @@ #include "tfm_plat_defs.h" #include "region_defs.h" -// TODO: NCSDK-25009: Support configuring which UART is used by TF-M on nrf54L - -#ifndef NRF_SECURE_UART_INSTANCE -#define TFM_DRIVER_STDIO Driver_USART1 -#elif NRF_SECURE_UART_INSTANCE == 0 +#if NRF_SECURE_UART_INSTANCE == 0 #define TFM_DRIVER_STDIO Driver_USART0 #elif NRF_SECURE_UART_INSTANCE == 1 #define TFM_DRIVER_STDIO Driver_USART1 +#elif NRF_SECURE_UART_INSTANCE == 00 +#define TFM_DRIVER_STDIO Driver_USART00 +#elif NRF_SECURE_UART_INSTANCE == 20 +#define TFM_DRIVER_STDIO Driver_USART20 +#elif NRF_SECURE_UART_INSTANCE == 21 +#define TFM_DRIVER_STDIO Driver_USART21 #elif NRF_SECURE_UART_INSTANCE == 22 #define TFM_DRIVER_STDIO Driver_USART22 +#elif NRF_SECURE_UART_INSTANCE == 30 +#define TFM_DRIVER_STDIO Driver_USART30 #endif +/* Only UART20 and UART30 are supported for TF-M tests, which are the + * Non-secure applications build via the TF-M build system + */ #ifdef NRF54L15_ENGA_XXAA +#if NRF_SECURE_UART_INSTANCE == 20 +#define NS_DRIVER_STDIO Driver_USART30 +#else #define NS_DRIVER_STDIO Driver_USART20 +#endif #else #define NS_DRIVER_STDIO Driver_USART0 #endif @@ -102,11 +113,6 @@ enum tfm_plat_err_t spu_init_cfg(void); */ enum tfm_plat_err_t spu_periph_init_cfg(void); -/** - * \brief Clears SPU interrupt. - */ -void spu_clear_irq(void); - /** * \brief Configures memory permissions via the MPC. * diff --git a/platform/ext/target/nordic_nrf/common/core/tfm_hal_isolation.c b/platform/ext/target/nordic_nrf/common/core/tfm_hal_isolation.c index e9a01daf5..33b1d0376 100644 --- a/platform/ext/target/nordic_nrf/common/core/tfm_hal_isolation.c +++ b/platform/ext/target/nordic_nrf/common/core/tfm_hal_isolation.c @@ -50,9 +50,16 @@ enum tfm_hal_status_t tfm_hal_set_up_static_boundaries( /* Set up isolation boundaries between SPE and NSPE */ sau_and_idau_cfg(); +#if NRF_SPU_HAS_MEMORY if (spu_init_cfg() != TFM_PLAT_ERR_SUCCESS) { return TFM_HAL_ERROR_GENERIC; } +#else + /* If the SPU doesn't configure MEMORY on this platform then the NRF_MPC does */ + if (nrf_mpc_init_cfg() != TFM_PLAT_ERR_SUCCESS) { + return TFM_HAL_ERROR_GENERIC; + } +#endif if (spu_periph_init_cfg() != TFM_PLAT_ERR_SUCCESS) { return TFM_HAL_ERROR_GENERIC; diff --git a/platform/ext/target/nordic_nrf/common/core/tfm_hal_its_encryption_cracen.c b/platform/ext/target/nordic_nrf/common/core/tfm_hal_its_encryption_cracen.c new file mode 100644 index 000000000..3f2420ce5 --- /dev/null +++ b/platform/ext/target/nordic_nrf/common/core/tfm_hal_its_encryption_cracen.c @@ -0,0 +1,233 @@ +/* + * Copyright (c) 2023 Nordic Semiconductor ASA. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include + +#include "config_tfm.h" +#include "platform/include/tfm_hal_its_encryption.h" +#include "platform/include/tfm_hal_its.h" + +typedef uint64_t psa_drv_slot_number_t; +#include +#include + + +#define CHACHA20_KEY_SIZE 32 +#define TFM_ITS_AEAD_ALG PSA_ALG_CHACHA20_POLY1305 + + +/* Global encryption counter which resets per boot. The counter ensures that + * the nonce will not be identical for consecutive file writes during the same + * boot. + */ +static uint32_t g_enc_counter; + +/* The global nonce seed which is fetched once in every boot. The seed is used + * as part of the nonce and allows the platforms to diversify their nonces + * across resets. Note that the way that this seed is generated is platform + * specific, so the diversification is optional. + */ +static uint8_t g_enc_nonce_seed[TFM_ITS_ENC_NONCE_LENGTH - + sizeof(g_enc_counter)]; + +/* TFM_ITS_ENC_NONCE_LENGTH is configurable but this implementation expects + * the seed to be 8 bytes and the nonce length to be 12. + */ +#if TFM_ITS_ENC_NONCE_LENGTH != 12 +#error "This implementation only supports a ITS nonce of size 12" +#endif + +/* + * This implementation doesn't use monotonic counters, but therfore a 64 bit + * seed combined with a counter, that gets reset on each reboot. + * This still has the risk of getting a collision on the seed resulting in + * nonce's beeing the same after a reboot. + * It would still need 3.3x10^9 resets to get a collision with a probability of + * 0.25. + */ +enum tfm_hal_status_t tfm_hal_its_aead_generate_nonce(uint8_t *nonce, + const size_t nonce_size) +{ + if(nonce == NULL){ + return TFM_HAL_ERROR_INVALID_INPUT; + } + + if(nonce_size < sizeof(g_enc_nonce_seed) + sizeof(g_enc_counter)){ + return TFM_HAL_ERROR_INVALID_INPUT; + } + + /* To avoid wrap-around of the g_enc_counter and subsequent re-use of the + * nonce we check the counter value for its max value + */ + if(g_enc_counter == UINT32_MAX) { + return TFM_HAL_ERROR_GENERIC; + } + + if (g_enc_counter == 0) { + psa_status_t status = cracen_get_random(NULL, g_enc_nonce_seed, sizeof(g_enc_nonce_seed)); + if (status != PSA_SUCCESS) { + return TFM_HAL_ERROR_GENERIC; + } + } + + memcpy(nonce, g_enc_nonce_seed, sizeof(g_enc_nonce_seed)); + memcpy(nonce + sizeof(g_enc_nonce_seed), + &g_enc_counter, + sizeof(g_enc_counter)); + + g_enc_counter++; + + return TFM_HAL_SUCCESS; +} + +static bool ctx_is_valid(struct tfm_hal_its_auth_crypt_ctx *ctx) +{ + bool ret; + + if (ctx == NULL) { + return false; + } + + ret = (ctx->deriv_label == NULL && ctx->deriv_label_size != 0) || + (ctx->aad == NULL && ctx->add_size != 0) || + (ctx->nonce == NULL && ctx->nonce_size != 0); + + return !ret; +} + +psa_status_t tfm_hal_its_get_aead(struct tfm_hal_its_auth_crypt_ctx *ctx, + const uint8_t *input, + const size_t input_size, + uint8_t *output, + const size_t output_size, + uint8_t *tag, + const size_t tag_size, + bool encrypt) +{ + psa_status_t status; + uint8_t key_out[CHACHA20_KEY_SIZE]; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + cracen_aead_operation_t operation = {0}; + size_t out_length; + size_t tag_length = PSA_AEAD_TAG_LENGTH(PSA_KEY_TYPE_CHACHA20, + PSA_BYTES_TO_BITS(CHACHA20_KEY_SIZE), + TFM_ITS_AEAD_ALG); + + if (!ctx_is_valid(ctx) || tag == NULL) { + return TFM_HAL_ERROR_INVALID_INPUT; + } + + if(tag_size < tag_length){ + return TFM_HAL_ERROR_INVALID_INPUT; + } + + if (encrypt && (output_size < PSA_AEAD_UPDATE_OUTPUT_SIZE(PSA_KEY_TYPE_CHACHA20, + TFM_ITS_AEAD_ALG, + input_size))){ + return TFM_HAL_ERROR_INVALID_INPUT; + } + + status = hw_unique_key_derive_key(HUK_KEYSLOT_MKEK, NULL, 0, ctx->deriv_label, ctx->deriv_label_size, key_out, sizeof(key_out)); + if (status != HW_UNIQUE_KEY_SUCCESS) { + return TFM_HAL_ERROR_GENERIC; + } + + psa_set_key_usage_flags(&attributes, (PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT)); + psa_set_key_algorithm(&attributes, TFM_ITS_AEAD_ALG); + psa_set_key_type(&attributes, PSA_KEY_TYPE_CHACHA20); + psa_set_key_bits(&attributes, PSA_BYTES_TO_BITS(CHACHA20_KEY_SIZE)); + + if (encrypt) { + status = cracen_aead_encrypt_setup(&operation, &attributes, key_out, sizeof(key_out), TFM_ITS_AEAD_ALG); + } else { + status = cracen_aead_decrypt_setup(&operation, &attributes, key_out, sizeof(key_out), TFM_ITS_AEAD_ALG); + } + + if (status != PSA_SUCCESS) { + return status; + } + + status = cracen_aead_set_nonce(&operation, ctx->nonce, ctx->nonce_size); + if (status != PSA_SUCCESS) { + return status; + } + + status = cracen_aead_update_ad(&operation, ctx->aad, ctx->add_size); + if (status != PSA_SUCCESS) { + return status; + } + + status = cracen_aead_update(&operation, input, input_size, output, output_size, &out_length); + if (status != PSA_SUCCESS) { + return status; + } + + if (encrypt) { + status = cracen_aead_finish(&operation, output + out_length, output_size - out_length, &out_length, tag, tag_size, &tag_length); + } else { + status = cracen_aead_verify(&operation, output + out_length, output_size - out_length, &out_length , tag, tag_size); + } + + return status; +} + +enum tfm_hal_status_t tfm_hal_its_aead_encrypt(struct tfm_hal_its_auth_crypt_ctx *ctx, + const uint8_t *plaintext, + const size_t plaintext_size, + uint8_t *ciphertext, + const size_t ciphertext_size, + uint8_t *tag, + const size_t tag_size) +{ + psa_status_t status = tfm_hal_its_get_aead(ctx, + plaintext, + plaintext_size, + ciphertext, + ciphertext_size, + tag, + tag_size, + true); + if (status != PSA_SUCCESS) { + return TFM_HAL_ERROR_GENERIC; + } + + return TFM_HAL_SUCCESS; +} + +enum tfm_hal_status_t tfm_hal_its_aead_decrypt(struct tfm_hal_its_auth_crypt_ctx *ctx, + const uint8_t *ciphertext, + const size_t ciphertext_size, + uint8_t *tag, + const size_t tag_size, + uint8_t *plaintext, + const size_t plaintext_size) +{ + psa_status_t status = tfm_hal_its_get_aead(ctx, + ciphertext, + ciphertext_size, + plaintext, + plaintext_size, + tag, + tag_size, + false); + + if (status != PSA_SUCCESS) { + return TFM_HAL_ERROR_GENERIC; + } + + return TFM_HAL_SUCCESS; +} diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/CMakeLists.txt b/platform/ext/target/nordic_nrf/common/nrf54l15/CMakeLists.txt new file mode 100644 index 000000000..e093190b3 --- /dev/null +++ b/platform/ext/target/nordic_nrf/common/nrf54l15/CMakeLists.txt @@ -0,0 +1,51 @@ +#------------------------------------------------------------------------------- +# Copyright (c) 2020-2022, Arm Limited. All rights reserved. +# Copyright (c) 2020, Nordic Semiconductor ASA. +# +# SPDX-License-Identifier: BSD-3-Clause +# +#------------------------------------------------------------------------------- + +cmake_policy(SET CMP0076 NEW) +set(CMAKE_CURRENT_SOURCE_DIR ${CMAKE_CURRENT_LIST_DIR}) + +set(target nrf54l15) +add_subdirectory(../core nrf_common) + +#========================= Platform Secure ====================================# + +target_include_directories(platform_s + PUBLIC + . +) + +target_sources(platform_s + PRIVATE + ${HAL_NORDIC_PATH}/nrfx/mdk/system_nrf54l.c +) + +target_compile_definitions(platform_s + PUBLIC + NRF_SKIP_FICR_NS_COPY_TO_RAM +) + +#========================= tfm_spm ============================================# + +target_sources(tfm_spm + PRIVATE + $<$,$>:${CMAKE_CURRENT_SOURCE_DIR}/tfm_interrupts.c> +) + +#========================= Files for building NS side platform ================# + +install(FILES nrfx_config_nrf54l15_application.h + ns/CMakeLists.txt + config.cmake + cpuarch.cmake + DESTINATION ${INSTALL_PLATFORM_NS_DIR}/common/nrf54l15 +) + +install(DIRECTORY partition + tests + DESTINATION ${INSTALL_PLATFORM_NS_DIR}/common/nrf54l15 +) diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/config.cmake b/platform/ext/target/nordic_nrf/common/nrf54l15/config.cmake new file mode 100644 index 000000000..f81eafb02 --- /dev/null +++ b/platform/ext/target/nordic_nrf/common/nrf54l15/config.cmake @@ -0,0 +1,14 @@ +#------------------------------------------------------------------------------- +# Copyright (c) 2020, Nordic Semiconductor ASA. +# Copyright (c) 2020-2023, Arm Limited. All rights reserved. +# +# SPDX-License-Identifier: BSD-3-Clause +# +#------------------------------------------------------------------------------- + +include(${PLATFORM_PATH}/common/core/config.cmake) + +set(SECURE_UART30 ON CACHE BOOL "Enable secure UART") +set(NRF_NS_STORAGE OFF CACHE BOOL "Enable non-secure storage partition") +set(BL2 OFF CACHE BOOL "Whether to build BL2") +set(NRF_NS_SECONDARY OFF CACHE BOOL "Enable non-secure secondary partition") diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/cpuarch.cmake b/platform/ext/target/nordic_nrf/common/nrf54l15/cpuarch.cmake new file mode 100644 index 000000000..18c7fa920 --- /dev/null +++ b/platform/ext/target/nordic_nrf/common/nrf54l15/cpuarch.cmake @@ -0,0 +1,23 @@ +# +# Copyright (c) 2023, Nordic Semiconductor ASA. +# +# SPDX-License-Identifier: BSD-3-Clause +# + +# cpuarch.cmake is used to set things that related to the platform that are both +# immutable and global, which is to say they should apply to any kind of project +# that uses this platform. In practice this is normally compiler definitions and +# variables related to hardware. + +# Set architecture and CPU +set(TFM_SYSTEM_PROCESSOR cortex-m33) +set(TFM_SYSTEM_ARCHITECTURE armv8-m.main) +set(CONFIG_TFM_FP_ARCH "fpv5-sp-d16") + +add_compile_definitions( + NRF54L15_ENGA_XXAA # Required by nrf.h + NRF_APPLICATION + # SKIP configuring the SAU from the MDK as it does not fit TF-M's needs + NRF_SKIP_SAU_CONFIGURATION + NRF_SKIP_FICR_NS_COPY_TO_RAM +) diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/mmio_defs.h b/platform/ext/target/nordic_nrf/common/nrf54l15/mmio_defs.h new file mode 100644 index 000000000..ab6e099e8 --- /dev/null +++ b/platform/ext/target/nordic_nrf/common/nrf54l15/mmio_defs.h @@ -0,0 +1,100 @@ +/* + * Copyright (c) 2024 Nordic Semiconductor ASA + * + * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause + * + */ + +#ifndef __MMIO_DEFS_H__ +#define __MMIO_DEFS_H__ + +#ifdef __cplusplus +extern "C" { +#endif + +#include "handle_attr.h" +#include "tfm_peripherals_config.h" +#include "tfm_peripherals_def.h" +#include + +/* Allowed named MMIO of this platform */ +const uintptr_t partition_named_mmio_list[] = { +#if TFM_PERIPHERAL_TIMER00_SECURE + (uintptr_t)TFM_PERIPHERAL_TIMER00, +#endif +#if TFM_PERIPHERAL_TIMER10_SECURE + (uintptr_t)TFM_PERIPHERAL_TIMER10, +#endif +#if TFM_PERIPHERAL_TIMER20_SECURE + (uintptr_t)TFM_PERIPHERAL_TIMER20, +#endif +#if TFM_PERIPHERAL_TIMER21_SECURE + (uintptr_t)TFM_PERIPHERAL_TIMER21, +#endif +#if TFM_PERIPHERAL_TIMER22_SECURE + (uintptr_t)TFM_PERIPHERAL_TIMER22, +#endif +#if TFM_PERIPHERAL_TIMER23_SECURE + (uintptr_t)TFM_PERIPHERAL_TIMER23, +#endif +#if TFM_PERIPHERAL_TIMER24_SECURE + (uintptr_t)TFM_PERIPHERAL_TIMER24, +#endif +#if TFM_PERIPHERAL_SPIM00_SECURE + (uintptr_t)TFM_PERIPHERAL_SPIM00, +#endif +#if TFM_PERIPHERAL_SPIM20_SECURE + (uintptr_t)TFM_PERIPHERAL_SPIM20, +#endif +#if TFM_PERIPHERAL_SPIM21_SECURE + (uintptr_t)TFM_PERIPHERAL_SPIM21, +#endif +#if TFM_PERIPHERAL_SPIM22_SECURE + (uintptr_t)TFM_PERIPHERAL_SPIM22, +#endif +#if TFM_PERIPHERAL_SPIM23_SECURE + (uintptr_t)TFM_PERIPHERAL_SPIM23, +#endif +#if TFM_PERIPHERAL_SPIM30_SECURE + (uintptr_t)TFM_PERIPHERAL_SPIM30, +#endif +#if TFM_PERIPHERAL_EGU10_SECURE + (uintptr_t)TFM_PERIPHERAL_EGU10, +#endif +#if TFM_PERIPHERAL_EGU20_SECURE + (uintptr_t)TFM_PERIPHERAL_EGU20, +#endif +#if TFM_PERIPHERAL_PWM20_SECURE + (uintptr_t)TFM_PERIPHERAL_PWM20, +#endif +#if TFM_PERIPHERAL_PWM21_SECURE + (uintptr_t)TFM_PERIPHERAL_PWM21, +#endif +#if TFM_PERIPHERAL_PWM22_SECURE + (uintptr_t)TFM_PERIPHERAL_PWM22, +#endif +#if TFM_PERIPHERAL_PWM20_SECURE + (uintptr_t)TFM_PERIPHERAL_PWM20, +#endif +#if TFM_PERIPHERAL_UARTE00_SECURE + (uintptr_t)TFM_PERIPHERAL_UARTE00, +#endif +#if TFM_PERIPHERAL_UARTE20_SECURE + (uintptr_t)TFM_PERIPHERAL_UARTE20, +#endif +#if TFM_PERIPHERAL_UARTE21_SECURE + (uintptr_t)TFM_PERIPHERAL_UARTE21, +#endif +#if TFM_PERIPHERAL_UARTE22_SECURE + (uintptr_t)TFM_PERIPHERAL_UARTE22, +#endif +#if TFM_PERIPHERAL_UARTE30_SECURE + (uintptr_t)TFM_PERIPHERAL_UARTE30, +#endif +}; + +#ifdef __cplusplus +} +#endif + +#endif /* __MMIO_DEFS_H__ */ diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/nrfx_config_nrf54l15_application.h b/platform/ext/target/nordic_nrf/common/nrf54l15/nrfx_config_nrf54l15_application.h new file mode 100644 index 000000000..814f022b4 --- /dev/null +++ b/platform/ext/target/nordic_nrf/common/nrf54l15/nrfx_config_nrf54l15_application.h @@ -0,0 +1,74 @@ +/* + * Copyright (c) 2024 Nordic Semiconductor ASA + * + * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause + */ + +#ifndef NRFX_CONFIG_NRF54L15_APPLICATION_H__ +#define NRFX_CONFIG_NRF54L15_APPLICATION_H__ + +#ifndef NRFX_CONFIG_H__ +#error "This file should not be included directly. Include nrfx_config.h instead." +#endif + +/** + * @brief NRFX_DEFAULT_IRQ_PRIORITY + * + * Integer value. Minimum: 0 Maximum: 7 + */ +#ifndef NRFX_DEFAULT_IRQ_PRIORITY +#define NRFX_DEFAULT_IRQ_PRIORITY 7 +#endif + +/** + * @brief NRFX_UARTE_DEFAULT_CONFIG_IRQ_PRIORITY + * + * Integer value. Minimum: 0 Maximum: 7 + */ +#ifndef NRFX_UARTE_DEFAULT_CONFIG_IRQ_PRIORITY +#define NRFX_UARTE_DEFAULT_CONFIG_IRQ_PRIORITY NRFX_DEFAULT_IRQ_PRIORITY +#endif + +/** + * @brief NRFX_RRAMC_ENABLED + * + * Boolean. Accepted values: 0 and 1. + */ +#ifndef NRFX_RRAMC_ENABLED +#define NRFX_RRAMC_ENABLED 0 +#endif + +/** + * @brief NRFX_RRAMC_DEFAULT_CONFIG_IRQ_PRIORITY + * + * Integer value. Minimum: 0. Maximum: 7. + */ +#ifndef NRFX_RRAMC_DEFAULT_CONFIG_IRQ_PRIORITY +#define NRFX_RRAMC_DEFAULT_CONFIG_IRQ_PRIORITY NRFX_DEFAULT_IRQ_PRIORITY +#endif + +/** + * @brief NRFX_RRAMC_CONFIG_LOG_ENABLED + * + * Boolean. Accepted values: 0 and 1. + */ +#ifndef NRFX_RRAMC_CONFIG_LOG_ENABLED +#define NRFX_RRAMC_CONFIG_LOG_ENABLED 0 +#endif + +/** + * @brief NRFX_RRAMC_CONFIG_LOG_LEVEL + * + * Integer value. + * Supported values: + * - Off = 0 + * - Error = 1 + * - Warning = 2 + * - Info = 3 + * - Debug = 4 + */ +#ifndef NRFX_RRAMC_CONFIG_LOG_LEVEL +#define NRFX_RRAMC_CONFIG_LOG_LEVEL 3 +#endif + +#endif // NRFX_CONFIG_NRF54L15_APPLICATION_H__ diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/ns/CMakeLists.txt b/platform/ext/target/nordic_nrf/common/nrf54l15/ns/CMakeLists.txt new file mode 100644 index 000000000..94c6d7725 --- /dev/null +++ b/platform/ext/target/nordic_nrf/common/nrf54l15/ns/CMakeLists.txt @@ -0,0 +1,29 @@ +#------------------------------------------------------------------------------- +# Copyright (c) 2023, Arm Limited. All rights reserved. +# +# SPDX-License-Identifier: BSD-3-Clause +# +#------------------------------------------------------------------------------- + +cmake_policy(SET CMP0076 NEW) +set(CMAKE_CURRENT_SOURCE_DIR ${CMAKE_CURRENT_LIST_DIR}) + +set(target nrf54l15) +add_subdirectory(${CMAKE_CURRENT_LIST_DIR}/../core nrf_common) + +target_include_directories(platform_ns + PUBLIC + ${CMAKE_CURRENT_LIST_DIR} +) + +target_sources(platform_ns + PRIVATE + ${HAL_NORDIC_PATH}/nrfx/mdk/system_nrf54l.c +) + +target_compile_definitions(platform_ns + PUBLIC + NRF_TRUSTZONE_NONSECURE + NRF_SKIP_CLOCK_CONFIGURATION + DOMAIN_NS=1 +) diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/partition/flash_layout.h b/platform/ext/target/nordic_nrf/common/nrf54l15/partition/flash_layout.h new file mode 100644 index 000000000..08b90647e --- /dev/null +++ b/platform/ext/target/nordic_nrf/common/nrf54l15/partition/flash_layout.h @@ -0,0 +1,23 @@ +/* + * Copyright (c) 2018-2022 Arm Limited. All rights reserved. + * Copyright (c) 2020 Nordic Semiconductor ASA. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __FLASH_LAYOUT_H__ +#define __FLASH_LAYOUT_H__ + +#error "not supported yet" + +#endif /* __FLASH_LAYOUT_H__ */ diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/partition/region_defs.h b/platform/ext/target/nordic_nrf/common/nrf54l15/partition/region_defs.h new file mode 100755 index 000000000..212106c96 --- /dev/null +++ b/platform/ext/target/nordic_nrf/common/nrf54l15/partition/region_defs.h @@ -0,0 +1,23 @@ +/* + * Copyright (c) 2017-2022 Arm Limited. All rights reserved. + * Copyright (c) 2020 Nordic Semiconductor ASA. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __REGION_DEFS_H__ +#define __REGION_DEFS_H__ + +#include "flash_layout.h" + +#endif /* __REGION_DEFS_H__ */ diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/tests/psa_arch_tests_config.cmake b/platform/ext/target/nordic_nrf/common/nrf54l15/tests/psa_arch_tests_config.cmake new file mode 100644 index 000000000..88586c115 --- /dev/null +++ b/platform/ext/target/nordic_nrf/common/nrf54l15/tests/psa_arch_tests_config.cmake @@ -0,0 +1,9 @@ +#------------------------------------------------------------------------------- +# Copyright (c) 2023, Arm Limited. All rights reserved. +# +# SPDX-License-Identifier: BSD-3-Clause +# +#------------------------------------------------------------------------------- + +# Platform-specific configurations +set(PSA_API_TEST_TARGET "nrf54l15") diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/tfm_interrupts.c b/platform/ext/target/nordic_nrf/common/nrf54l15/tfm_interrupts.c new file mode 100644 index 000000000..b3bca1bfc --- /dev/null +++ b/platform/ext/target/nordic_nrf/common/nrf54l15/tfm_interrupts.c @@ -0,0 +1,320 @@ +/* + * Copyright (c) 2024 Nordic Semiconductor ASA + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ + +#include + +#include "cmsis.h" +#include "spm.h" +#include "tfm_hal_interrupt.h" +#include "tfm_peripherals_def.h" +#include "tfm_peripherals_config.h" +#include "load/interrupt_defs.h" +#include "interrupt.h" + +static enum tfm_hal_status_t irq_init(struct irq_t *irq, IRQn_Type irqn, + void * p_pt, + const struct irq_load_info_t *p_ildi) +{ + irq->p_ildi = p_ildi; + irq->p_pt = p_pt; + + NVIC_SetPriority(irqn, DEFAULT_IRQ_PRIORITY); + NVIC_ClearTargetState(irqn); + NVIC_DisableIRQ(irqn); + + return TFM_HAL_SUCCESS; +} + +#if TFM_PERIPHERAL_FPU_SECURE +static struct irq_t fpu_irq = {0}; + +void FPU_IRQHandler(void) +{ + spm_handle_interrupt(fpu_irq.p_pt, fpu_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_fpu_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&fpu_irq, TFM_FPU_IRQ, p_pt, p_ildi); +} +#endif + +#if TFM_PERIPHERAL_TIMER00_SECURE +static struct irq_t timer00_irq = {0}; + +void TIMER00_IRQHandler(void) +{ + spm_handle_interrupt(timer00_irq.p_pt, timer00_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_timer00_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&timer00_irq, TFM_TIMER00_IRQ, p_pt, p_ildi); +} +#endif + +#if TFM_PERIPHERAL_TIMER10_SECURE +static struct irq_t timer10_irq = {0}; + +void TIMER10_IRQHandler(void) +{ + spm_handle_interrupt(timer10_irq.p_pt, timer10_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_timer10_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&timer10_irq, TFM_TIMER10_IRQ, p_pt, p_ildi); +} +#endif + +#if TFM_PERIPHERAL_TIMER20_SECURE +static struct irq_t timer20_irq = {0}; + +void TIMER20_IRQHandler(void) +{ + spm_handle_interrupt(timer20_irq.p_pt, timer20_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_timer20_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&timer20_irq, TFM_TIMER20_IRQ, p_pt, p_ildi); +} +#endif + +#if TFM_PERIPHERAL_TIMER21_SECURE +static struct irq_t timer21_irq = {0}; + +void TIMER21_IRQHandler(void) +{ + spm_handle_interrupt(timer21_irq.p_pt, timer21_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_timer21_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&timer21_irq, TFM_TIMER21_IRQ, p_pt, p_ildi); +} +#endif + +#if TFM_PERIPHERAL_TIMER22_SECURE +static struct irq_t timer22_irq = {0}; + +void TIMER22_IRQHandler(void) +{ + spm_handle_interrupt(timer22_irq.p_pt, timer22_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_timer22_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&timer22_irq, TFM_TIMER22_IRQ, p_pt, p_ildi); +} +#endif + +#if TFM_PERIPHERAL_TIMER23_SECURE +static struct irq_t timer23_irq = {0}; + +void TIMER23_IRQHandler(void) +{ + spm_handle_interrupt(timer23_irq.p_pt, timer23_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_timer23_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&timer23_irq, TFM_TIMER23_IRQ, p_pt, p_ildi); +} +#endif + +#if TFM_PERIPHERAL_TIMER24_SECURE +static struct irq_t timer24_irq = {0}; + +void TIMER24_IRQHandler(void) +{ + spm_handle_interrupt(timer24_irq.p_pt, timer24_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_timer24_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&timer24_irq, TFM_TIMER24_IRQ, p_pt, p_ildi); +} +#endif + +/* By NRFX convention GPIOTE interrupt 1 targets secure, while 0 targets non-secure. */ +static struct irq_t gpiote20_1_irq = {0}; + +void GPIOTE20_1_IRQHandler(void) +{ + spm_handle_interrupt(gpiote20_1_irq.p_pt, gpiote20_1_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_gpiote20_1_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&gpiote20_1_irq, TFM_GPIOTE20_1_IRQ, p_pt, p_ildi); +} + +/* By NRFX convention GPIOTE interrupt 1 targets secure, while 0 targets non-secure. */ +static struct irq_t gpiote30_1_irq = {0}; + +void GPIOTE30_1_IRQHandler(void) +{ + spm_handle_interrupt(gpiote30_1_irq.p_pt, gpiote30_1_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_gpiote30_1_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&gpiote30_1_irq, TFM_GPIOTE30_1_IRQ, p_pt, p_ildi); +} + +#if TFM_PERIPHERAL_SPIM00_SECURE +static struct irq_t spim00_irq = {0}; + +void SPIM00_IRQHandler(void) +{ + spm_handle_interrupt(spim00_irq.p_pt, spim00_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_spim00_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&spim00_irq, TFM_SPIM00_IRQ, p_pt, p_ildi); +} +#endif + +#if TFM_PERIPHERAL_SPIM22_SECURE +static struct irq_t spim22_irq = {0}; + +void SPIM22_IRQHandler(void) +{ + spm_handle_interrupt(spim22_irq.p_pt, spim22_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_spim22_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&spim22_irq, TFM_SPIM22_IRQ, p_pt, p_ildi); +} +#endif + +#if TFM_PERIPHERAL_SPIM23_SECURE +static struct irq_t spim23_irq = {0}; + +void SPIM23_IRQHandler(void) +{ + spm_handle_interrupt(spim23_irq.p_pt, spim23_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_spim23_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&spim23_irq, TFM_SPIM23_IRQ, p_pt, p_ildi); +} +#endif + +#if TFM_PERIPHERAL_SPIM30_SECURE +static struct irq_t spim30_irq = {0}; + +void SPIM30_IRQHandler(void) +{ + spm_handle_interrupt(spim30_irq.p_pt, spim30_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_spim30_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&spim30_irq, TFM_SPIM30_IRQ, p_pt, p_ildi); +} +#endif + +#if TFM_PERIPHERAL_EGU10_SECURE +static struct irq_t egu10_irq = {0}; + +void EGU10_IRQHandler(void) +{ + spm_handle_interrupt(egu10_irq.p_pt, egu10_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_egu10_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&egu10_irq, TFM_EGU10_IRQ, p_pt, p_ildi); +} +#endif + +#if TFM_PERIPHERAL_EGU20_SECURE +static struct irq_t egu20_irq = {0}; + +void EGU20_IRQHandler(void) +{ + spm_handle_interrupt(egu20_irq.p_pt, egu20_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_egu20_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&egu20_irq, TFM_EGU20_IRQ, p_pt, p_ildi); +} +#endif + +#if TFM_PERIPHERAL_PWM20_SECURE +static struct irq_t pwm20_irq = {0}; + +void PWM20_IRQHandler(void) +{ + spm_handle_interrupt(pwm20_irq.p_pt, pwm20_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_pwm20_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&pwm20_irq, TFM_PWM20_IRQ, p_pt, p_ildi); +} +#endif + +#if TFM_PERIPHERAL_PWM21_SECURE +static struct irq_t pwm21_irq = {0}; + +void PWM21_IRQHandler(void) +{ + spm_handle_interrupt(pwm21_irq.p_pt, pwm21_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_pwm21_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&pwm21_irq, TFM_PWM21_IRQ, p_pt, p_ildi); +} +#endif + +#if TFM_PERIPHERAL_PWM22_SECURE +static struct irq_t pwm22_irq = {0}; + +void PWM22_IRQHandler(void) +{ + spm_handle_interrupt(pwm22_irq.p_pt, pwm22_irq.p_ildi); +} + +enum tfm_hal_status_t tfm_pwm22_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +{ + return irq_init(&pwm22_irq, TFM_PWM22_IRQ, p_pt, p_ildi); +} +#endif + +#ifdef PSA_API_TEST_IPC +enum tfm_hal_status_t ff_test_uart_irq_init(void *p_pt, + const struct irq_load_info_t *p_ildi) +__attribute__((alias("tfm_egu10_irq_init"))); + +#endif diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/tfm_peripherals_config_nrf54l15.h b/platform/ext/target/nordic_nrf/common/nrf54l15/tfm_peripherals_config_nrf54l15.h new file mode 100644 index 000000000..12f3a003c --- /dev/null +++ b/platform/ext/target/nordic_nrf/common/nrf54l15/tfm_peripherals_config_nrf54l15.h @@ -0,0 +1,24 @@ + +#ifndef TFM_PERIPHERAL_TIMER00_SECURE +#define TFM_PERIPHERAL_TIMER00_SECURE 0 +#endif + +#ifndef TFM_PERIPHERAL_UARTE00_SECURE +#define TFM_PERIPHERAL_UARTE00_SECURE 0 +#endif + +#ifndef TFM_PERIPHERAL_UARTE20_SECURE +#define TFM_PERIPHERAL_UARTE20_SECURE 0 +#endif + +#ifndef TFM_PERIPHERAL_UARTE21_SECURE +#define TFM_PERIPHERAL_UARTE21_SECURE 0 +#endif + +#ifndef TFM_PERIPHERAL_UARTE22_SECURE +#define TFM_PERIPHERAL_UARTE22_SECURE 0 +#endif + +#ifndef TFM_PERIPHERAL_UARTE30_SECURE +#define TFM_PERIPHERAL_UARTE30_SECURE 0 +#endif diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/tfm_peripherals_def.h b/platform/ext/target/nordic_nrf/common/nrf54l15/tfm_peripherals_def.h new file mode 100644 index 000000000..77227a3fb --- /dev/null +++ b/platform/ext/target/nordic_nrf/common/nrf54l15/tfm_peripherals_def.h @@ -0,0 +1,124 @@ +/* + * Copyright (c) 2024 Nordic Semiconductor ASA + * + * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause + * + */ + +#ifndef __TFM_PERIPHERALS_DEF_H__ +#define __TFM_PERIPHERALS_DEF_H__ + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +#define TFM_FPU_IRQ (NRFX_IRQ_NUMBER_GET(NRF_FPU)) +#define TFM_TIMER00_IRQ (NRFX_IRQ_NUMBER_GET(NRF_TIMER00)) +#define TFM_TIMER10_IRQ (NRFX_IRQ_NUMBER_GET(NRF_TIMER10)) +#define TFM_TIMER20_IRQ (NRFX_IRQ_NUMBER_GET(NRF_TIMER20)) +#define TFM_TIMER21_IRQ (NRFX_IRQ_NUMBER_GET(NRF_TIMER21)) +#define TFM_TIMER22_IRQ (NRFX_IRQ_NUMBER_GET(NRF_TIMER22)) +#define TFM_TIMER23_IRQ (NRFX_IRQ_NUMBER_GET(NRF_TIMER23)) +#define TFM_TIMER24_IRQ (NRFX_IRQ_NUMBER_GET(NRF_TIMER24)) +#define TFM_SPIM00_IRQ (NRFX_IRQ_NUMBER_GET(NRF_SPIM00)) +#define TFM_SPIM20_IRQ (NRFX_IRQ_NUMBER_GET(NRF_SPIM20)) +#define TFM_SPIM21_IRQ (NRFX_IRQ_NUMBER_GET(NRF_SPIM21)) +#define TFM_SPIM22_IRQ (NRFX_IRQ_NUMBER_GET(NRF_SPIM22)) +#define TFM_SPIM23_IRQ (NRFX_IRQ_NUMBER_GET(NRF_SPIM23)) +#define TFM_SPIM30_IRQ (NRFX_IRQ_NUMBER_GET(NRF_SPIM30)) +#define TFM_EGU10_IRQ (NRFX_IRQ_NUMBER_GET(NRF_EGU10)) +#define TFM_EGU20_IRQ (NRFX_IRQ_NUMBER_GET(NRF_EGU20)) +#define TFM_GPIOTE20_1_IRQ GPIOTE20_1_IRQn +#define TFM_GPIOTE30_1_IRQ GPIOTE30_1_IRQn +#define TFM_PWM20_IRQ (NRFX_IRQ_NUMBER_GET(NRF_PWM20)) +#define TFM_PWM21_IRQ (NRFX_IRQ_NUMBER_GET(NRF_PWM21)) +#define TFM_PWM22_IRQ (NRFX_IRQ_NUMBER_GET(NRF_PWM22)) + +extern struct platform_data_t tfm_peripheral_timer00; +extern struct platform_data_t tfm_peripheral_timer10; +extern struct platform_data_t tfm_peripheral_timer20; +extern struct platform_data_t tfm_peripheral_timer21; +extern struct platform_data_t tfm_peripheral_timer22; +extern struct platform_data_t tfm_peripheral_timer23; +extern struct platform_data_t tfm_peripheral_timer24; +extern struct platform_data_t tfm_peripheral_spim00; +extern struct platform_data_t tfm_peripheral_spim20; +extern struct platform_data_t tfm_peripheral_spim21; +extern struct platform_data_t tfm_peripheral_spim22; +extern struct platform_data_t tfm_peripheral_spim23; +extern struct platform_data_t tfm_peripheral_spim30; +extern struct platform_data_t tfm_peripheral_egu10; +extern struct platform_data_t tfm_peripheral_egu20; +extern struct platform_data_t tfm_peripheral_gpiote20; +extern struct platform_data_t tfm_peripheral_gpiote30; +extern struct platform_data_t tfm_peripheral_pwm20; +extern struct platform_data_t tfm_peripheral_pwm21; +extern struct platform_data_t tfm_peripheral_pwm22; + +#define TFM_PERIPHERAL_TIMER00 (&tfm_peripheral_timer00) +#define TFM_PERIPHERAL_TIMER10 (&tfm_peripheral_timer10) +#define TFM_PERIPHERAL_TIMER20 (&tfm_peripheral_timer20) +#define TFM_PERIPHERAL_TIMER21 (&tfm_peripheral_timer21) +#define TFM_PERIPHERAL_TIMER22 (&tfm_peripheral_timer22) +#define TFM_PERIPHERAL_TIMER23 (&tfm_peripheral_timer23) +#define TFM_PERIPHERAL_TIMER24 (&tfm_peripheral_timer24) +#define TFM_PERIPHERAL_SPIM00 (&tfm_peripheral_spim00) +#define TFM_PERIPHERAL_SPIM20 (&tfm_peripheral_spim20) +#define TFM_PERIPHERAL_SPIM21 (&tfm_peripheral_spim21) +#define TFM_PERIPHERAL_SPIM22 (&tfm_peripheral_spim22) +#define TFM_PERIPHERAL_SPIM23 (&tfm_peripheral_spim23) +#define TFM_PERIPHERAL_SPIM30 (&tfm_peripheral_spim30) +#define TFM_PERIPHERAL_EGU10 (&tfm_peripheral_egu10) +#define TFM_PERIPHERAL_EGU20 (&tfm_peripheral_egu20) +#define TFM_PERIPHERAL_GPIOTE20 (&tfm_peripheral_gpiote20) +#define TFM_PERIPHERAL_GPIOTE30 (&tfm_peripheral_gpiote30) +#define TFM_PERIPHERAL_PWM20 (&tfm_peripheral_pwm20) +#define TFM_PERIPHERAL_PWM21 (&tfm_peripheral_pwm21) +#define TFM_PERIPHERAL_PWM22 (&tfm_peripheral_pwm22) + +/* + * Quantized default IRQ priority, the value is: + * (Number of configurable priority) / 4: (1UL << __NVIC_PRIO_BITS) / 4 + */ +#define DEFAULT_IRQ_PRIORITY (1UL << (__NVIC_PRIO_BITS - 2)) + +extern struct platform_data_t tfm_peripheral_uarte00; +extern struct platform_data_t tfm_peripheral_uarte20; +extern struct platform_data_t tfm_peripheral_uarte21; +extern struct platform_data_t tfm_peripheral_uarte22; +extern struct platform_data_t tfm_peripheral_uarte30; + +#define TFM_PERIPHERAL_UARTE00 (&tfm_peripheral_uarte00) +#define TFM_PERIPHERAL_UARTE20 (&tfm_peripheral_uarte20) +#define TFM_PERIPHERAL_UARTE21 (&tfm_peripheral_uarte21) +#define TFM_PERIPHERAL_UARTE22 (&tfm_peripheral_uarte22) +#define TFM_PERIPHERAL_UARTE30 (&tfm_peripheral_uarte30) + +#define TFM_PERIPHERAL_STD_UART TFM_PERIPHERAL_UARTE30 + +extern struct platform_data_t tfm_peripheral_uarte00; +extern struct platform_data_t tfm_peripheral_uarte20; +extern struct platform_data_t tfm_peripheral_uarte21; +extern struct platform_data_t tfm_peripheral_uarte22; +extern struct platform_data_t tfm_peripheral_uarte30; + +#define TFM_PERIPHERAL_UARTE00 (&tfm_peripheral_uarte00) +#define TFM_PERIPHERAL_UARTE20 (&tfm_peripheral_uarte20) +#define TFM_PERIPHERAL_UARTE21 (&tfm_peripheral_uarte21) +#define TFM_PERIPHERAL_UARTE22 (&tfm_peripheral_uarte22) +#define TFM_PERIPHERAL_UARTE30 (&tfm_peripheral_uarte30) + +#define TFM_PERIPHERAL_STD_UART TFM_PERIPHERAL_UARTE30 + +#ifdef PSA_API_TEST_IPC +/* see other platforms when supporting this */ +#error "Not supported yet" +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* __TFM_PERIPHERALS_DEF_H__ */ diff --git a/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/CMakeLists.txt b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/CMakeLists.txt new file mode 100644 index 000000000..5cd4273e4 --- /dev/null +++ b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/CMakeLists.txt @@ -0,0 +1,31 @@ +#------------------------------------------------------------------------------- +# Copyright (c) 2023, Arm Limited. All rights reserved. +# +# SPDX-License-Identifier: BSD-3-Clause +# +#------------------------------------------------------------------------------- + +cmake_policy(SET CMP0076 NEW) +set(CMAKE_CURRENT_SOURCE_DIR ${CMAKE_CURRENT_LIST_DIR}) +set(NRF_BOARD_SELECTED True) + +add_library(platform_ns STATIC) + +# Get the value of HAL_NORDIC_PATH +include(${CMAKE_CURRENT_LIST_DIR}/common/core/config_nordic_nrf_spe.cmake) +add_subdirectory(${CMAKE_CURRENT_LIST_DIR}/common/nrf54l15 nrf54l15) + +target_include_directories(platform_ns + PUBLIC + ${CMAKE_CURRENT_LIST_DIR} +) + +target_link_libraries(platform_ns + PUBLIC + platform_region_defs +) + +target_include_directories(platform_region_defs + INTERFACE + ${CMAKE_CURRENT_LIST_DIR}/common/nrf54l15/partition +) diff --git a/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/cpuarch_ns.cmake b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/cpuarch_ns.cmake new file mode 100644 index 000000000..25f91fb54 --- /dev/null +++ b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/cpuarch_ns.cmake @@ -0,0 +1,10 @@ +#------------------------------------------------------------------------------- +# Copyright (c) 2023, Nordic Semiconductor ASA. +# +# SPDX-License-Identifier: BSD-3-Clause +#------------------------------------------------------------------------------- + +set(PLATFORM_DIR ${CMAKE_CURRENT_LIST_DIR}) +set(PLATFORM_PATH ${CMAKE_CURRENT_LIST_DIR}) + +include(${CMAKE_CURRENT_LIST_DIR}/common/nrf54l15/cpuarch.cmake) diff --git a/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tests/psa_arch_tests_config.cmake b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tests/psa_arch_tests_config.cmake new file mode 100644 index 000000000..327e36c66 --- /dev/null +++ b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tests/psa_arch_tests_config.cmake @@ -0,0 +1,8 @@ +#------------------------------------------------------------------------------- +# Copyright (c) 2023, Arm Limited. All rights reserved. +# +# SPDX-License-Identifier: BSD-3-Clause +# +#------------------------------------------------------------------------------- + +include(${PLATFORM_PATH}/common/nrf54l15/tests/psa_arch_tests_config.cmake) diff --git a/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tests/tfm_tests_config.cmake b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tests/tfm_tests_config.cmake new file mode 100644 index 000000000..619f1f92c --- /dev/null +++ b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tests/tfm_tests_config.cmake @@ -0,0 +1,8 @@ +#------------------------------------------------------------------------------- +# Copyright (c) 2023, Arm Limited. All rights reserved. +# +# SPDX-License-Identifier: BSD-3-Clause +# +#------------------------------------------------------------------------------- + +include(${PLATFORM_PATH}/common/core/tests/tfm_tests_config.cmake) diff --git a/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tfm_peripherals_config.h b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tfm_peripherals_config.h new file mode 100644 index 000000000..bc3301087 --- /dev/null +++ b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tfm_peripherals_config.h @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2021, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ + +#ifndef TFM_PERIPHERALS_CONFIG_H__ +#define TFM_PERIPHERALS_CONFIG_H__ + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef SECURE_UART30 +#define TFM_PERIPHERAL_UARTE30_SECURE 1 +#endiff + +#if TFM_PARTITION_SLIH_TEST || TFM_PARTITION_FLIH_TEST +#define TFM_PERIPHERAL_TIMER00_SECURE 1 +#endif + + +#if defined(NRF54L15_ENGA_XXAA) + #include +#else + #error "Unknown device." +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* TFM_PERIPHERAL_CONFIG_H__ */ diff --git a/secure_fw/partitions/protected_storage/crypto/ps_crypto_interface.c b/secure_fw/partitions/protected_storage/crypto/ps_crypto_interface.c index f508ff455..5b12275d0 100644 --- a/secure_fw/partitions/protected_storage/crypto/ps_crypto_interface.c +++ b/secure_fw/partitions/protected_storage/crypto/ps_crypto_interface.c @@ -18,10 +18,6 @@ #define PS_CRYPTO_AEAD_ALG PSA_ALG_GCM #endif -/* CMake can't handle round brackets for compile defines so PSA_ALG_HKDF(PSA_ALG_SHA_256) doesn't - * work, therefore we have to use a own defined for the C code where - * PSA_ALG_HKDF_PSA_ALG_SHA_256 gets translated to PSA_ALG_HKDF_PSA_ALG_SHA_256 - */ #if !defined(PS_CRYPTO_KDF_ALG) #define PS_CRYPTO_KDF_ALG PSA_ALG_HKDF(PSA_ALG_SHA_256) #endif From 7f5065fb1ad93c753bc3e36b58675ed771ace11b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Tue, 1 Oct 2024 15:44:14 +0200 Subject: [PATCH 63/73] [nrf fromtree] platform: nordic_nrf: APPROTECT to lock debugging MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit NRF_APPROTECT and NRF_SECURE_APPROTECT to take precedence over other mechanisms when configuring debugging for TF-M. For nRF53 and nRF91x1 the actual locking of firmware is done elsewhere. This further locks the UICR. nRF9160 supports only hardware APPROTECT. This will lock the APPROTECT / SECUREAPPROTECT in the next boot, when the above settings are configured. Change-Id: I5e304be0f8a34c0016488d9ec09929bbcb38481f Signed-off-by: Markus Lassila Signed-off-by: Frank Audun Kvamtrø (cherry picked from commit 9573717cc8c078326fceb2869fe029e98615723b) Signed-off-by: Markus Lassila --- .../nordic_nrf/common/core/target_cfg.c | 28 ++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.c b/platform/ext/target/nordic_nrf/common/core/target_cfg.c index 8c150cf5d..ac8ca6193 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.c +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.c @@ -808,7 +808,33 @@ enum tfm_plat_err_t system_reset_cfg(void) enum tfm_plat_err_t init_debug(void) { -#if defined(NRF91_SERIES) || defined(NRF54L15_ENGA_XXAA) +#if defined(NRF_APPROTECT) || defined(NRF_SECURE_APPROTECT) + +#if !defined(DAUTH_CHIP_DEFAULT) +#error "Debug access controlled by NRF_APPROTECT and NRF_SECURE_APPROTECT." +#endif + +#if defined(NRF_APPROTECT) + /* For nRF53 and nRF91x1 already active. For nRF9160, active in the next boot.*/ + if (nrfx_nvmc_word_writable_check((uint32_t)&NRF_UICR_S->APPROTECT, + UICR_APPROTECT_PALL_Protected)) { + nrfx_nvmc_word_write((uint32_t)&NRF_UICR_S->APPROTECT, UICR_APPROTECT_PALL_Protected); + } else { + return TFM_PLAT_ERR_SYSTEM_ERR; + } +#endif +#if defined(NRF_SECURE_APPROTECT) + /* For nRF53 and nRF91x1 already active. For nRF9160, active in the next boot. */ + if (nrfx_nvmc_word_writable_check((uint32_t)&NRF_UICR_S->SECUREAPPROTECT, + UICR_SECUREAPPROTECT_PALL_Protected)) { + nrfx_nvmc_word_write((uint32_t)&NRF_UICR_S->SECUREAPPROTECT, + UICR_SECUREAPPROTECT_PALL_Protected); + } else { + return TFM_PLAT_ERR_SYSTEM_ERR; + } +#endif + +#elif defined(NRF91_SERIES) || defined(NRF54L15_ENGA_XXAA) #if !defined(DAUTH_CHIP_DEFAULT) #error "Debug access on this platform can only be configured by programming the corresponding registers in UICR." From f37d4c50e9cf759c66f6a5896dd776a4f62274cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Wed, 18 Sep 2024 12:17:43 +0200 Subject: [PATCH 64/73] WIP: Fixing the last remaining issues for L15 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit will be reworked Signed-off-by: Frank Audun Kvamtrø (cherry picked from commit ccb7244d762f3e0d444377d05cd0f5675ddb68a9) Signed-off-by: Markus Lassila --- .../nordic_nrf/common/core/native_drivers/spu.h | 13 +++++++++++++ .../core/services/src/tfm_platform_hal_ioctl.c | 1 - .../ext/target/nordic_nrf/common/core/target_cfg.c | 10 +++++----- secure_fw/partitions/crypto/CMakeLists.txt | 4 ++-- 4 files changed, 20 insertions(+), 8 deletions(-) diff --git a/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.h b/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.h index da7f9fc1f..59f53b7ba 100644 --- a/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.h +++ b/platform/ext/target/nordic_nrf/common/core/native_drivers/spu.h @@ -256,4 +256,17 @@ uint32_t mpc_events_get(void); */ void mpc_clear_events(void); +/** + * Return the SPU instance that can be used to configure the + * peripheral at the given base address. + */ +static inline NRF_SPU_Type * spu_instance_from_peripheral_addr(uint32_t peripheral_addr) +{ + /* See the SPU chapter in the IPS for how this is calculated */ + + uint32_t apb_bus_number = peripheral_addr & 0x00FC0000; + + return (NRF_SPU_Type *)(0x50000000 | apb_bus_number); +} + #endif diff --git a/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c b/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c index 87a9c4c27..8cfa2ecda 100644 --- a/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c +++ b/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c @@ -107,7 +107,6 @@ static bool valid_mcu_select(uint32_t mcu) case NRF_GPIO_PIN_SEL_GPIO: case NRF_GPIO_PIN_SEL_VPR: case NRF_GPIO_PIN_SEL_GRTC: - case NRF_GPIO_PIN_SEL_TND: #else case NRF_GPIO_PIN_SEL_APP: case NRF_GPIO_PIN_SEL_NETWORK: diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.c b/platform/ext/target/nordic_nrf/common/core/target_cfg.c index ac8ca6193..fccf31c26 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.c +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.c @@ -1351,7 +1351,8 @@ static const uint8_t target_peripherals[] = { */ #if !(defined(SECURE_UART1) && NRF_SECURE_UART_INSTANCE == 0) NRFX_PERIPHERAL_ID_GET(NRF_SPIM0), -#ifndef SECURE_UART1 +#endif +#if !(defined(SECURE_UART1) && NRF_SECURE_UART_INSTANCE == 1) /* UART1 is a secure peripheral, so we need to leave Serial-Box 1 as Secure */ NRFX_PERIPHERAL_ID_GET(NRF_SPIM1), #endif @@ -1435,12 +1436,12 @@ static const uint8_t target_peripherals[] = { #endif #ifdef NRF_USBREGULATOR NRFX_PERIPHERAL_ID_GET(NRF_USBREGULATOR), -#endif +#endif /* NRF_USBREGULATOR */ NRFX_PERIPHERAL_ID_GET(NRF_NVMC), NRFX_PERIPHERAL_ID_GET(NRF_P0), #ifdef NRF_P1 NRFX_PERIPHERAL_ID_GET(NRF_P1), -#endif +#endif /*NRF_P1 */ NRFX_PERIPHERAL_ID_GET(NRF_VMC), }; @@ -1448,7 +1449,7 @@ static const uint8_t target_peripherals[] = { spu_peripheral_config_non_secure(target_peripherals[i], SPU_LOCK_CONF_UNLOCKED); } -#endif /* Moonlight */ +#endif /* NRF54L15_ENGA_XXAA */ /* DPPI channel configuration */ dppi_channel_configuration(); @@ -1507,7 +1508,6 @@ static const uint8_t target_peripherals[] = { nrf_gpio_pin_control_select(PIN_XL1, NRF_GPIO_PIN_SEL_PERIPHERAL); nrf_gpio_pin_control_select(PIN_XL2, NRF_GPIO_PIN_SEL_PERIPHERAL); #endif /* CONFIG_SOC_ENABLE_LFXO */ -#endif #ifdef NRF54L15_ENGA_XXAA /* NRF54L has a different define */ nrf_gpio_pin_control_select(PIN_XL1, NRF_GPIO_PIN_SEL_GPIO); diff --git a/secure_fw/partitions/crypto/CMakeLists.txt b/secure_fw/partitions/crypto/CMakeLists.txt index e48ae69c3..e4a8d5702 100644 --- a/secure_fw/partitions/crypto/CMakeLists.txt +++ b/secure_fw/partitions/crypto/CMakeLists.txt @@ -195,8 +195,8 @@ if(NOT TARGET ${MBEDTLS_TARGET_PREFIX}mbedcrypto) Hint: The command might be `cd ${MBEDCRYPTO_PATH} && git apply ${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/*.patch`") endif() -target_include_directories(${MBEDTLS_TARGET_PREFIX}mbedcrypto - PUBLIC +target_include_directories(psa_crypto_library_config + INTERFACE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_SOURCE_DIR}/psa_driver_api ) From c6e7aa84570edbb3eb5a0429ddcfe47b0295fe57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Thu, 26 Sep 2024 09:50:11 +0200 Subject: [PATCH 65/73] WIP: Adding the previous methodology of using base addresses MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -The upstream code is using peripheral-ids, but is lacking the ability to resolve SPU entries for the peripheral. This WIP commit sets it back to the way it is in sdk-trusted-firmware-m prior to TF-M 2.1.0 Signed-off-by: Frank Audun Kvamtrø (cherry picked from commit 6d6229ad0f637e5aa40bca961399ae481e76c68e) Signed-off-by: Markus Lassila --- .../nordic_nrf/common/core/target_cfg.c | 142 ++++++++++++------ 1 file changed, 94 insertions(+), 48 deletions(-) diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.c b/platform/ext/target/nordic_nrf/common/core/target_cfg.c index fccf31c26..f62eb287e 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.c +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.c @@ -1319,25 +1319,28 @@ enum tfm_plat_err_t spu_periph_init_cfg(void) */ spu_peripheral_config_secure(NRF_REGULATORS_S_BASE, SPU_LOCK_CONF_LOCKED); #else -static const uint8_t target_peripherals[] = { +static const uint32_t target_peripherals[] = { /* The following peripherals share ID: * - FPU (FPU cannot be configured in NRF91 series, it's always NS) * - DCNF (On 53, but not 91) */ #ifndef NRF91_SERIES - NRFX_PERIPHERAL_ID_GET(NRF_FPU), + //NRFX_PERIPHERAL_ID_GET(NRF_FPU), + NRF_FPU_S_BASE, #endif /* The following peripherals share ID: * - REGULATORS * - OSCILLATORS */ - NRFX_PERIPHERAL_ID_GET(NRF_REGULATORS), + //NRFX_PERIPHERAL_ID_GET(NRF_REGULATORS), + NRF_REGULATORS_S_BASE, /* The following peripherals share ID: * - CLOCK * - POWER * - RESET (On 53, but not 91) */ - NRFX_PERIPHERAL_ID_GET(NRF_CLOCK), + //NRFX_PERIPHERAL_ID_GET(NRF_CLOCK), + NRF_CLOCK_S_BASE, /* The following peripherals share ID: (referred to as Serial-Box) * - SPIMx * - SPISx @@ -1350,99 +1353,142 @@ static const uint8_t target_peripherals[] = { * The UART Driver will configure it as non-secure when it uninitializes. */ #if !(defined(SECURE_UART1) && NRF_SECURE_UART_INSTANCE == 0) - NRFX_PERIPHERAL_ID_GET(NRF_SPIM0), + //NRFX_PERIPHERAL_ID_GET(NRF_SPIM0), + NRF_SPIM0_S_BASE, #endif #if !(defined(SECURE_UART1) && NRF_SECURE_UART_INSTANCE == 1) /* UART1 is a secure peripheral, so we need to leave Serial-Box 1 as Secure */ - NRFX_PERIPHERAL_ID_GET(NRF_SPIM1), + //NRFX_PERIPHERAL_ID_GET(NRF_SPIM1), + NRF_SPIM1_S_BASE, #endif - NRFX_PERIPHERAL_ID_GET(NRF_SPIM2), - NRFX_PERIPHERAL_ID_GET(NRF_SPIM3), - + //NRFX_PERIPHERAL_ID_GET(NRF_SPIM2), + //NRFX_PERIPHERAL_ID_GET(NRF_SPIM3), + NRF_SPIM2_S_BASE, + NRF_SPIM3_S_BASE, #ifdef NRF_SPIM4 - NRFX_PERIPHERAL_ID_GET(NRF_SPIM4), -#endif - NRFX_PERIPHERAL_ID_GET(NRF_SAADC), - NRFX_PERIPHERAL_ID_GET(NRF_TIMER0), - NRFX_PERIPHERAL_ID_GET(NRF_TIMER1), - NRFX_PERIPHERAL_ID_GET(NRF_TIMER2), - NRFX_PERIPHERAL_ID_GET(NRF_RTC0), - NRFX_PERIPHERAL_ID_GET(NRF_RTC1), - NRFX_PERIPHERAL_ID_GET(NRF_DPPIC), + //NRFX_PERIPHERAL_ID_GET(NRF_SPIM4), + NRF_SPIM4_S_BASE, +#endif + //NRFX_PERIPHERAL_ID_GET(NRF_SAADC), + //NRFX_PERIPHERAL_ID_GET(NRF_TIMER0), + //NRFX_PERIPHERAL_ID_GET(NRF_TIMER1), + //NRFX_PERIPHERAL_ID_GET(NRF_TIMER2), + //NRFX_PERIPHERAL_ID_GET(NRF_RTC0), + //NRFX_PERIPHERAL_ID_GET(NRF_RTC1), + //NRFX_PERIPHERAL_ID_GET(NRF_DPPIC), + NRF_SAADC_S_BASE, + NRF_TIMER0_S_BASE, + NRF_TIMER1_S_BASE, + NRF_TIMER2_S_BASE, + NRF_RTC0_S_BASE, + NRF_RTC1_S_BASE, + NRF_DPPIC_S_BASE, #ifndef PSA_API_TEST_IPC #ifdef NRF_WDT0 /* WDT0 is used as a secure peripheral in PSA FF tests */ - NRFX_PERIPHERAL_ID_GET(NRF_WDT0), + //NRFX_PERIPHERAL_ID_GET(NRF_WDT0), + NRF_WDT0_S_BASE, #endif #ifdef NRF_WDT - NRFX_PERIPHERAL_ID_GET(NRF_WDT), + //NRFX_PERIPHERAL_ID_GET(NRF_WDT), + NRF_WDT_S_BASE, #endif #endif /* PSA_API_TEST_IPC */ #ifdef NRF_WDT1 - NRFX_PERIPHERAL_ID_GET(NRF_WDT1), + //NRFX_PERIPHERAL_ID_GET(NRF_WDT1), + NRF_WDT1_S_BASE, #endif /* The following peripherals share ID: * - COMP * - LPCOMP */ #ifdef NRF_COMP - NRFX_PERIPHERAL_ID_GET(NRF_COMP), + //NRFX_PERIPHERAL_ID_GET(NRF_COMP), + NRF_COMP_S_BASE, #endif - NRFX_PERIPHERAL_ID_GET(NRF_EGU0), - NRFX_PERIPHERAL_ID_GET(NRF_EGU1), - NRFX_PERIPHERAL_ID_GET(NRF_EGU2), - NRFX_PERIPHERAL_ID_GET(NRF_EGU3), - NRFX_PERIPHERAL_ID_GET(NRF_EGU4), + //NRFX_PERIPHERAL_ID_GET(NRF_EGU0), + //NRFX_PERIPHERAL_ID_GET(NRF_EGU1), + //NRFX_PERIPHERAL_ID_GET(NRF_EGU2), + //NRFX_PERIPHERAL_ID_GET(NRF_EGU3), + //NRFX_PERIPHERAL_ID_GET(NRF_EGU4), + NRF_EGU0_S_BASE, + NRF_EGU1_S_BASE, + NRF_EGU2_S_BASE, + NRF_EGU3_S_BASE, + NRF_EGU4_S_BASE, #ifndef PSA_API_TEST_IPC /* EGU5 is used as a secure peripheral in PSA FF tests */ - NRFX_PERIPHERAL_ID_GET(NRF_EGU5), + //NRFX_PERIPHERAL_ID_GET(NRF_EGU5), + NRF_EGU5_S_BASE, #endif - NRFX_PERIPHERAL_ID_GET(NRF_PWM0), - NRFX_PERIPHERAL_ID_GET(NRF_PWM1), - NRFX_PERIPHERAL_ID_GET(NRF_PWM2), - NRFX_PERIPHERAL_ID_GET(NRF_PWM3), + //NRFX_PERIPHERAL_ID_GET(NRF_PWM0), + //NRFX_PERIPHERAL_ID_GET(NRF_PWM1), + //NRFX_PERIPHERAL_ID_GET(NRF_PWM2), + //NRFX_PERIPHERAL_ID_GET(NRF_PWM3), + NRF_PWM0_S_BASE, + NRF_PWM1_S_BASE, + NRF_PWM2_S_BASE, + NRF_PWM3_S_BASE, #ifdef NRF_PDM - NRFX_PERIPHERAL_ID_GET(NRF_PDM), + //NRFX_PERIPHERAL_ID_GET(NRF_PDM), + NRF_PDM_S_BASE, #endif #ifdef NRF_PDM0 - NRFX_PERIPHERAL_ID_GET(NRF_PDM0), + //NRFX_PERIPHERAL_ID_GET(NRF_PDM0), + NRF_PDM0_S_BASE, #endif #ifdef NRF_I2S - NRFX_PERIPHERAL_ID_GET(NRF_I2S), + //NRFX_PERIPHERAL_ID_GET(NRF_I2S), + NRF_I2S_S_BASE, #endif #ifdef NRF_I2S0 - NRFX_PERIPHERAL_ID_GET(NRF_I2S0), + //NRFX_PERIPHERAL_ID_GET(NRF_I2S0), + NRF_I2S0_S_BASE, #endif - NRFX_PERIPHERAL_ID_GET(NRF_IPC), + //NRFX_PERIPHERAL_ID_GET(NRF_IPC), + NRF_IPC_S_BASE, #ifndef SECURE_QSPI #ifdef NRF_QSPI - NRFX_PERIPHERAL_ID_GET(NRF_QSPI), + //NRFX_PERIPHERAL_ID_GET(NRF_QSPI), + NRF_QSPI_S_BASE, #endif #endif #ifdef NRF_NFCT - NRFX_PERIPHERAL_ID_GET(NRF_NFCT), + //NRFX_PERIPHERAL_ID_GET(NRF_NFCT), + NRF_NFCT_S_BASE, #endif #ifdef NRF_MUTEX - NRFX_PERIPHERAL_ID_GET(NRF_MUTEX), + //NRFX_PERIPHERAL_ID_GET(NRF_MUTEX), + NRF_MUTEX_S_BASE, #endif #ifdef NRF_QDEC0 - NRFX_PERIPHERAL_ID_GET(NRF_QDEC0), + //NRFX_PERIPHERAL_ID_GET(NRF_QDEC0), + NRF_QDEC0_S_BASE, #endif #ifdef NRF_QDEC1 - NRFX_PERIPHERAL_ID_GET(NRF_QDEC1), + //NRFX_PERIPHERAL_ID_GET(NRF_QDEC1), + NRF_QDEC1_S_BASE, #endif #ifdef NRF_USBD - NRFX_PERIPHERAL_ID_GET(NRF_USBD), + //NRFX_PERIPHERAL_ID_GET(NRF_USBD), + NRF_USBD_S_BASE, #endif #ifdef NRF_USBREGULATOR - NRFX_PERIPHERAL_ID_GET(NRF_USBREGULATOR), + //NRFX_PERIPHERAL_ID_GET(NRF_USBREGULATOR), + NRF_USBREGULATOR_S_BASE, #endif /* NRF_USBREGULATOR */ - NRFX_PERIPHERAL_ID_GET(NRF_NVMC), - NRFX_PERIPHERAL_ID_GET(NRF_P0), + //NRFX_PERIPHERAL_ID_GET(NRF_NVMC), + //NRFX_PERIPHERAL_ID_GET(NRF_P0), + NRF_NVMC_S_BASE, + NRF_P0_S_BASE, #ifdef NRF_P1 - NRFX_PERIPHERAL_ID_GET(NRF_P1), + //NRFX_PERIPHERAL_ID_GET(NRF_P1), + NRF_P1_S_BASE, #endif /*NRF_P1 */ - NRFX_PERIPHERAL_ID_GET(NRF_VMC), +#if defined(NRF91_SERIES) || defined(NRF53_SERIES) + //NRFX_PERIPHERAL_ID_GET(NRF_VMC), + NRF_VMC_S_BASE +#endif }; for (int i = 0; i < ARRAY_SIZE(target_peripherals); i++) { From 02a851582cc77c2725d85997356407771d0146b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Thu, 5 Sep 2024 15:54:13 +0200 Subject: [PATCH 66/73] WIP: TF-M: Fixing deprecated autoconf.h includes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -This changes includes from autoconf.h to zephyr/autoconf.h as the former has been deprecated Signed-off-by: Frank Audun Kvamtrø (cherry picked from commit abc21271e995e6c100abecb0ede577119f509b01) Signed-off-by: Markus Lassila --- .../target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c | 2 +- platform/ext/target/nordic_nrf/common/core/target_cfg.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c b/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c index 18c3aef32..2f10bcf6e 100644 --- a/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c +++ b/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c @@ -24,7 +24,7 @@ #include -#include +#include #if defined(NRF_NVMC_S) #include diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.c b/platform/ext/target/nordic_nrf/common/core/target_cfg.c index f62eb287e..13b2f3dd7 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.c +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.c @@ -25,7 +25,7 @@ #include "region.h" #include "array.h" -#include +#include #include #include From 8c7fae3936da02b7db4f5c8aba174b252a2b326e Mon Sep 17 00:00:00 2001 From: Tomi Fontanilles Date: Tue, 24 Sep 2024 16:09:22 +0300 Subject: [PATCH 67/73] [nrf noup] platform: nordic_nrf: add support for nrf54l15dk And remove support for `nrf54l15pdk` at the same time. Occurences of `NRF54L15_ENGA_XXAA` are replaced by `NRF54L15_XXAA`. Files from the `nrf54l15dk_nrf54l15_cpuapp` directory that are unused are deleted. One of them, `tfm_peripherals_config.h`, even had a blatant syntax issue (`#endiff`). Signed-off-by: Tomi Fontanilles (cherry picked from commit d76200476c9b6c137a6e5fc400264134ae589708) Signed-off-by: Markus Lassila --- .../nordic_nrf/common/core/CMakeLists.txt | 3 +- .../nordic_nrf/common/core/nrfx_config.h | 2 +- .../services/src/tfm_platform_hal_ioctl.c | 2 +- .../nordic_nrf/common/core/startup_nrf54l15.c | 3 -- .../nordic_nrf/common/core/target_cfg.c | 38 +++++++++---------- .../nordic_nrf/common/core/target_cfg.h | 4 +- .../nordic_nrf/common/nrf54l15/cpuarch.cmake | 2 +- .../ns/CMakeLists.txt | 31 --------------- .../ns/cpuarch_ns.cmake | 10 ----- .../tfm_peripherals_config.h | 34 ----------------- 10 files changed, 23 insertions(+), 106 deletions(-) delete mode 100644 platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/CMakeLists.txt delete mode 100644 platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/cpuarch_ns.cmake delete mode 100644 platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tfm_peripherals_config.h diff --git a/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt b/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt index 066143c4f..d7cb7dc1c 100644 --- a/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt +++ b/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt @@ -24,7 +24,7 @@ endif() # At the time of writing there is no systematic way to identify which # NVM technology is used by the SoC from the Kconfig, so we just # hardcode this information here instead. -if((NRF_SOC_VARIANT STREQUAL nrf54l15) OR (target STREQUAL nrf54l15) OR (PSA_API_TEST_TARGET STREQUAL nrf54l15)) +if(NRF_SOC_VARIANT STREQUAL nrf54l15 OR (PSA_API_TEST_TARGET STREQUAL nrf54l15)) # Maybe we only need to check one of these options but these # variables keep changing so we check both to be future proof set(HAS_RRAMC 1) @@ -274,4 +274,3 @@ install(DIRECTORY native_drivers install(FILES ${PLATFORM_DIR}/ext/common/gcc/tfm_common_ns.ld DESTINATION ${INSTALL_PLATFORM_NS_DIR}/linker_scripts) - diff --git a/platform/ext/target/nordic_nrf/common/core/nrfx_config.h b/platform/ext/target/nordic_nrf/common/core/nrfx_config.h index f76e49cdd..dbaf8fbf0 100644 --- a/platform/ext/target/nordic_nrf/common/core/nrfx_config.h +++ b/platform/ext/target/nordic_nrf/common/core/nrfx_config.h @@ -100,7 +100,7 @@ #include #elif defined(NRF91_SERIES) #include -#elif defined(NRF54L15_ENGA_XXAA) +#elif defined(NRF54L15_XXAA) #include #else #error "Unknown device." diff --git a/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c b/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c index 8cfa2ecda..ae909ca5b 100644 --- a/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c +++ b/platform/ext/target/nordic_nrf/common/core/services/src/tfm_platform_hal_ioctl.c @@ -103,7 +103,7 @@ tfm_platform_hal_read_service(const psa_invec *in_vec, static bool valid_mcu_select(uint32_t mcu) { switch (mcu) { -#if defined(NRF54L15_ENGA_XXAA) +#if defined(NRF54L15_XXAA) case NRF_GPIO_PIN_SEL_GPIO: case NRF_GPIO_PIN_SEL_VPR: case NRF_GPIO_PIN_SEL_GRTC: diff --git a/platform/ext/target/nordic_nrf/common/core/startup_nrf54l15.c b/platform/ext/target/nordic_nrf/common/core/startup_nrf54l15.c index aa81ab1b1..b940ae8c3 100644 --- a/platform/ext/target/nordic_nrf/common/core/startup_nrf54l15.c +++ b/platform/ext/target/nordic_nrf/common/core/startup_nrf54l15.c @@ -21,9 +21,6 @@ * Git SHA: 2b7495b8535bdcb306dac29b9ded4cfb679d7e5c */ -// TODO: NCSDK-25033: Support interrupt handling in TF-M. The IRQs -// below correspond to nrf53, not nrf54L. - /* * Define __VECTOR_TABLE_ATTRIBUTE (which can be provided by cmsis.h) * before including cmsis.h because TF-M's linker script diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.c b/platform/ext/target/nordic_nrf/common/core/target_cfg.c index 13b2f3dd7..f6bf11249 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.c +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.c @@ -15,7 +15,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - #include "target_cfg.h" #include "region_defs.h" #include "tfm_plat_defs.h" @@ -67,14 +66,15 @@ #define PIN_XL1 0 #define PIN_XL2 1 #endif -#ifdef NRF54L15_ENGA_XXAA + +#ifdef NRF54L15_XXAA /* On nRF54L15 XL1 and XL2 are(P1.00) and XL2(P1.01) */ #define PIN_XL1 32 #define PIN_XL2 33 /* During TF-M system initialization we invoke a function that comes * from Zephyr. This function does not have a header file so we - * declare it's prototype here. + * declare its prototype here. */ int nordicsemi_nrf54l_init(void); #endif @@ -834,7 +834,7 @@ enum tfm_plat_err_t init_debug(void) } #endif -#elif defined(NRF91_SERIES) || defined(NRF54L15_ENGA_XXAA) +#elif defined(NRF91_SERIES) || defined(NRF54L15_XXAA) #if !defined(DAUTH_CHIP_DEFAULT) #error "Debug access on this platform can only be configured by programming the corresponding registers in UICR." @@ -940,7 +940,7 @@ void sau_and_idau_cfg(void) * (53/91) and new (54++) platforms. New platforms have a proper SAU * and IDAU, whereas old platforms do not. */ -#ifdef NRF54L15_ENGA_XXAA +#ifdef NRF54L15_XXAA /* * This SAU configuration aligns with ARM's RSS implementation of * sau_and_idau_cfg when possible. @@ -1243,7 +1243,7 @@ static void dppi_channel_configuration(void) enum tfm_plat_err_t spu_periph_init_cfg(void) { /* Peripheral configuration */ -#ifdef NRF54L15_ENGA_XXAA +#ifdef NRF54L15_XXAA /* Configure features to be non-secure */ /* @@ -1272,21 +1272,17 @@ enum tfm_plat_err_t spu_periph_init_cfg(void) /* Configure TF-M's UART peripheral to be secure */ #if NRF_SECURE_UART_INSTANCE == 00 uint32_t uart_periph_start = tfm_peripheral_uarte00.periph_start; -#endif -#if NRF_SECURE_UART_INSTANCE == 20 +#elif NRF_SECURE_UART_INSTANCE == 20 uint32_t uart_periph_start = tfm_peripheral_uarte20.periph_start; -#endif -#if NRF_SECURE_UART_INSTANCE == 21 +#elif NRF_SECURE_UART_INSTANCE == 21 uint32_t uart_periph_start = tfm_peripheral_uarte21.periph_start; -#endif -#if NRF_SECURE_UART_INSTANCE == 22 +#elif NRF_SECURE_UART_INSTANCE == 22 uint32_t uart_periph_start = tfm_peripheral_uarte22.periph_start; -#endif -#if NRF_SECURE_UART_INSTANCE == 30 +#elif NRF_SECURE_UART_INSTANCE == 30 uint32_t uart_periph_start = tfm_peripheral_uarte30.periph_start; #endif spu_peripheral_config_secure(uart_periph_start, SPU_LOCK_CONF_LOCKED); -#endif +#endif /* SECURE_UART1 */ /* Configure the CTRL-AP mailbox interface to be secure as it is used by the secure ADAC service */ spu_peripheral_config_secure(NRF_CTRLAP_S_BASE, SPU_LOCK_CONF_LOCKED); @@ -1318,7 +1314,7 @@ enum tfm_plat_err_t spu_periph_init_cfg(void) * have the same security configuration. */ spu_peripheral_config_secure(NRF_REGULATORS_S_BASE, SPU_LOCK_CONF_LOCKED); -#else +#else /* NRF54L15_XXAA */ static const uint32_t target_peripherals[] = { /* The following peripherals share ID: * - FPU (FPU cannot be configured in NRF91 series, it's always NS) @@ -1495,7 +1491,7 @@ static const uint32_t target_peripherals[] = { spu_peripheral_config_non_secure(target_peripherals[i], SPU_LOCK_CONF_UNLOCKED); } -#endif /* NRF54L15_ENGA_XXAA */ +#endif /* NRF54L15_XXAA */ /* DPPI channel configuration */ dppi_channel_configuration(); @@ -1553,8 +1549,8 @@ static const uint32_t target_peripherals[] = { #ifdef NRF53_SERIES nrf_gpio_pin_control_select(PIN_XL1, NRF_GPIO_PIN_SEL_PERIPHERAL); nrf_gpio_pin_control_select(PIN_XL2, NRF_GPIO_PIN_SEL_PERIPHERAL); -#endif /* CONFIG_SOC_ENABLE_LFXO */ -#ifdef NRF54L15_ENGA_XXAA +#endif /* NRF53_SERIES */ +#ifdef NRF54L15_XXAA /* NRF54L has a different define */ nrf_gpio_pin_control_select(PIN_XL1, NRF_GPIO_PIN_SEL_GPIO); nrf_gpio_pin_control_select(PIN_XL2, NRF_GPIO_PIN_SEL_GPIO); @@ -1610,10 +1606,10 @@ static const uint32_t target_peripherals[] = { } #endif /* RRAMC_PRESENT */ -#ifdef NRF54L15_ENGA_XXAA +#ifdef NRF54L15_XXAA /* SOC configuration from Zephyr's soc.c. */ int soc_err = nordicsemi_nrf54l_init(); - if(soc_err) { + if (soc_err) { return soc_err; } #endif diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.h b/platform/ext/target/nordic_nrf/common/core/target_cfg.h index aea09bece..08cebecce 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.h +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.h @@ -54,7 +54,7 @@ /* Only UART20 and UART30 are supported for TF-M tests, which are the * Non-secure applications build via the TF-M build system */ -#ifdef NRF54L15_ENGA_XXAA +#ifdef NRF54L15_XXAA #if NRF_SECURE_UART_INSTANCE == 20 #define NS_DRIVER_STDIO Driver_USART30 #else @@ -62,7 +62,7 @@ #endif #else #define NS_DRIVER_STDIO Driver_USART0 -#endif +#endif /* NRF54L15_XXAA */ /** * \brief Store the addresses of memory regions diff --git a/platform/ext/target/nordic_nrf/common/nrf54l15/cpuarch.cmake b/platform/ext/target/nordic_nrf/common/nrf54l15/cpuarch.cmake index 18c7fa920..e9fc59b84 100644 --- a/platform/ext/target/nordic_nrf/common/nrf54l15/cpuarch.cmake +++ b/platform/ext/target/nordic_nrf/common/nrf54l15/cpuarch.cmake @@ -15,7 +15,7 @@ set(TFM_SYSTEM_ARCHITECTURE armv8-m.main) set(CONFIG_TFM_FP_ARCH "fpv5-sp-d16") add_compile_definitions( - NRF54L15_ENGA_XXAA # Required by nrf.h + NRF54L15_XXAA NRF_APPLICATION # SKIP configuring the SAU from the MDK as it does not fit TF-M's needs NRF_SKIP_SAU_CONFIGURATION diff --git a/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/CMakeLists.txt b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/CMakeLists.txt deleted file mode 100644 index 5cd4273e4..000000000 --- a/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/CMakeLists.txt +++ /dev/null @@ -1,31 +0,0 @@ -#------------------------------------------------------------------------------- -# Copyright (c) 2023, Arm Limited. All rights reserved. -# -# SPDX-License-Identifier: BSD-3-Clause -# -#------------------------------------------------------------------------------- - -cmake_policy(SET CMP0076 NEW) -set(CMAKE_CURRENT_SOURCE_DIR ${CMAKE_CURRENT_LIST_DIR}) -set(NRF_BOARD_SELECTED True) - -add_library(platform_ns STATIC) - -# Get the value of HAL_NORDIC_PATH -include(${CMAKE_CURRENT_LIST_DIR}/common/core/config_nordic_nrf_spe.cmake) -add_subdirectory(${CMAKE_CURRENT_LIST_DIR}/common/nrf54l15 nrf54l15) - -target_include_directories(platform_ns - PUBLIC - ${CMAKE_CURRENT_LIST_DIR} -) - -target_link_libraries(platform_ns - PUBLIC - platform_region_defs -) - -target_include_directories(platform_region_defs - INTERFACE - ${CMAKE_CURRENT_LIST_DIR}/common/nrf54l15/partition -) diff --git a/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/cpuarch_ns.cmake b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/cpuarch_ns.cmake deleted file mode 100644 index 25f91fb54..000000000 --- a/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/ns/cpuarch_ns.cmake +++ /dev/null @@ -1,10 +0,0 @@ -#------------------------------------------------------------------------------- -# Copyright (c) 2023, Nordic Semiconductor ASA. -# -# SPDX-License-Identifier: BSD-3-Clause -#------------------------------------------------------------------------------- - -set(PLATFORM_DIR ${CMAKE_CURRENT_LIST_DIR}) -set(PLATFORM_PATH ${CMAKE_CURRENT_LIST_DIR}) - -include(${CMAKE_CURRENT_LIST_DIR}/common/nrf54l15/cpuarch.cmake) diff --git a/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tfm_peripherals_config.h b/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tfm_peripherals_config.h deleted file mode 100644 index bc3301087..000000000 --- a/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tfm_peripherals_config.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright (c) 2021, Arm Limited. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - * - */ - -#ifndef TFM_PERIPHERALS_CONFIG_H__ -#define TFM_PERIPHERALS_CONFIG_H__ - -#ifdef __cplusplus -extern "C" { -#endif - -#ifdef SECURE_UART30 -#define TFM_PERIPHERAL_UARTE30_SECURE 1 -#endiff - -#if TFM_PARTITION_SLIH_TEST || TFM_PARTITION_FLIH_TEST -#define TFM_PERIPHERAL_TIMER00_SECURE 1 -#endif - - -#if defined(NRF54L15_ENGA_XXAA) - #include -#else - #error "Unknown device." -#endif - -#ifdef __cplusplus -} -#endif - -#endif /* TFM_PERIPHERAL_CONFIG_H__ */ From 5ae4c7f39ca806d6ea9cc6eb395ea6b886e0d9fd Mon Sep 17 00:00:00 2001 From: Markus Lassila Date: Wed, 30 Oct 2024 10:36:00 +0200 Subject: [PATCH 68/73] [nrf noup] platform: nordic_nrf: nRF54L15 does not have UICR Do not attempt to lock the UICR.APPROTECT or UICR.SECUREAPPROTECT for nRF54L15. These registers do not exist. TF-M provisioning with nRF54L15 will still result in compilation failure. As it should at this point. Signed-off-by: Markus Lassila --- platform/ext/target/nordic_nrf/common/core/target_cfg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.c b/platform/ext/target/nordic_nrf/common/core/target_cfg.c index f6bf11249..b5c7b3746 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.c +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.c @@ -814,7 +814,7 @@ enum tfm_plat_err_t init_debug(void) #error "Debug access controlled by NRF_APPROTECT and NRF_SECURE_APPROTECT." #endif -#if defined(NRF_APPROTECT) +#if defined(NRF_APPROTECT) && !defined(NRF54L15_XXAA) /* For nRF53 and nRF91x1 already active. For nRF9160, active in the next boot.*/ if (nrfx_nvmc_word_writable_check((uint32_t)&NRF_UICR_S->APPROTECT, UICR_APPROTECT_PALL_Protected)) { @@ -823,7 +823,7 @@ enum tfm_plat_err_t init_debug(void) return TFM_PLAT_ERR_SYSTEM_ERR; } #endif -#if defined(NRF_SECURE_APPROTECT) +#if defined(NRF_SECURE_APPROTECT) && !defined(NRF54L15_XXAA) /* For nRF53 and nRF91x1 already active. For nRF9160, active in the next boot. */ if (nrfx_nvmc_word_writable_check((uint32_t)&NRF_UICR_S->SECUREAPPROTECT, UICR_SECUREAPPROTECT_PALL_Protected)) { From f911f7e7ecca4e5b1f95e8e9f873f8db775f50a8 Mon Sep 17 00:00:00 2001 From: Tomi Fontanilles Date: Fri, 1 Nov 2024 14:46:06 +0200 Subject: [PATCH 69/73] [nrf noup] platform: nordic_nrf: 54l15: do not "erase" the flash Not needed. Speeds up asset writing time and improves RRAM lifetime. Signed-off-by: Tomi Fontanilles --- .../common/core/cmsis_drivers/Driver_Flash.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c b/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c index 2f10bcf6e..1c648e747 100644 --- a/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c +++ b/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c @@ -189,14 +189,10 @@ static int32_t ARM_Flash_EraseSector(uint32_t addr) return ARM_DRIVER_ERROR_PARAMETER; } #else - for (uint32_t *erase_word_ptr = (uint32_t *)addr; - (uint32_t)erase_word_ptr < addr + FLASH_AREA_IMAGE_SECTOR_SIZE; erase_word_ptr++) { - if(*erase_word_ptr != 0xFFFFFFFFU) { - nrfx_rramc_word_write((uint32_t)erase_word_ptr, 0xFFFFFFFFU); - } - } - - nrf_rramc_task_trigger(NRF_RRAMC, NRF_RRAMC_TASK_COMMIT_WRITEBUF); + /* + * Erasure is not needed on RRAM. + * Save lifetime and execution time by not emulating a flash erase. + */ #endif return ARM_DRIVER_OK; From 910bdc90593c638633374e8ada71d34909e85d5a Mon Sep 17 00:00:00 2001 From: Tomi Fontanilles Date: Fri, 1 Nov 2024 14:53:45 +0200 Subject: [PATCH 70/73] [nrf noup] platform: nordic_nrf: 54l15: clean up RRAM write buffer size setting CONFIG_NRF_RRAM_WRITE_BUFFER_SIZE is not passed to TF-M, so it cannot be used. Moreover, it seems that it's not even defined on the NS image when using TF-M. As a bonus, do not run the COMMIT_WRITEBUF task when using unbuffered writing. Signed-off-by: Tomi Fontanilles --- .../nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c | 9 ++++----- platform/ext/target/nordic_nrf/common/core/target_cfg.c | 4 ---- 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c b/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c index 1c648e747..6584036ce 100644 --- a/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c +++ b/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c @@ -31,11 +31,7 @@ #elif defined(NRF_RRAMC_S) #include -#if CONFIG_NRF_RRAM_WRITE_BUFFER_SIZE > 0 -#define WRITE_BUFFER_SIZE CONFIG_NRF_RRAM_WRITE_BUFFER_SIZE -#else #define WRITE_BUFFER_SIZE 0 -#endif #else #error "Unrecognized platform" @@ -164,9 +160,10 @@ static int32_t ARM_Flash_ProgramData(uint32_t addr, const void *data, #ifdef NRF_NVMC_S nrfx_nvmc_words_write(addr, data, cnt); -#else +#else /* NRF_RRAMC_S */ nrfx_rramc_words_write(addr, data, cnt); +#if WRITE_BUFFER_SIZE != 0 /* At time of writing, the Zephyr driver commits writes, but the * nrfx driver does not, so we commit here using the HAL to align * Zephyr and TF-M behaviour. @@ -177,6 +174,8 @@ static int32_t ARM_Flash_ProgramData(uint32_t addr, const void *data, nrf_rramc_task_trigger(NRF_RRAMC, NRF_RRAMC_TASK_COMMIT_WRITEBUF); #endif +#endif /* NRF_NVMC_S */ + return cnt; } diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.c b/platform/ext/target/nordic_nrf/common/core/target_cfg.c index b5c7b3746..15abd0816 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.c +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.c @@ -36,11 +36,7 @@ #include #include -#if CONFIG_NRF_RRAM_WRITE_BUFFER_SIZE > 0 -#define WRITE_BUFFER_SIZE CONFIG_NRF_RRAM_WRITE_BUFFER_SIZE -#else #define WRITE_BUFFER_SIZE 0 -#endif #endif From 0ec0fe8d0f4a7967b57594c145c543cf7f922e0b Mon Sep 17 00:00:00 2001 From: Tomi Fontanilles Date: Wed, 6 Nov 2024 13:52:41 +0200 Subject: [PATCH 71/73] Revert "[nrf noup] platform: nordic_nrf: 54l15: clean up RRAM write buffer size setting" This reverts commit 9f9b4fc75e581f78488d6f1d96e6c40950f8415e. --- .../nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c | 9 +++++---- platform/ext/target/nordic_nrf/common/core/target_cfg.c | 4 ++++ 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c b/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c index 6584036ce..1c648e747 100644 --- a/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c +++ b/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c @@ -31,7 +31,11 @@ #elif defined(NRF_RRAMC_S) #include +#if CONFIG_NRF_RRAM_WRITE_BUFFER_SIZE > 0 +#define WRITE_BUFFER_SIZE CONFIG_NRF_RRAM_WRITE_BUFFER_SIZE +#else #define WRITE_BUFFER_SIZE 0 +#endif #else #error "Unrecognized platform" @@ -160,10 +164,9 @@ static int32_t ARM_Flash_ProgramData(uint32_t addr, const void *data, #ifdef NRF_NVMC_S nrfx_nvmc_words_write(addr, data, cnt); -#else /* NRF_RRAMC_S */ +#else nrfx_rramc_words_write(addr, data, cnt); -#if WRITE_BUFFER_SIZE != 0 /* At time of writing, the Zephyr driver commits writes, but the * nrfx driver does not, so we commit here using the HAL to align * Zephyr and TF-M behaviour. @@ -174,8 +177,6 @@ static int32_t ARM_Flash_ProgramData(uint32_t addr, const void *data, nrf_rramc_task_trigger(NRF_RRAMC, NRF_RRAMC_TASK_COMMIT_WRITEBUF); #endif -#endif /* NRF_NVMC_S */ - return cnt; } diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.c b/platform/ext/target/nordic_nrf/common/core/target_cfg.c index 15abd0816..b5c7b3746 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.c +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.c @@ -36,7 +36,11 @@ #include #include +#if CONFIG_NRF_RRAM_WRITE_BUFFER_SIZE > 0 +#define WRITE_BUFFER_SIZE CONFIG_NRF_RRAM_WRITE_BUFFER_SIZE +#else #define WRITE_BUFFER_SIZE 0 +#endif #endif From cc9a53fcda91d60ee67297beebbc4daf0fde4e13 Mon Sep 17 00:00:00 2001 From: Tomi Fontanilles Date: Wed, 6 Nov 2024 14:19:02 +0200 Subject: [PATCH 72/73] [nrf noup] platform: nordic_nrf: make RRAM writes unbuffered Temporarily set RRAMC.CONFIG.WRITEBUFSIZE to 0 to use unbuffered mode when writing to RRAM in TF-M. This is done to reduce the interrupt latency increases provoked when writing to RRAM. Do not set it permanently so that it remains CONFIG_NRF_RRAM_WRITE_BUFFER_SIZE for when the NS image code writes to RRAM. Signed-off-by: Tomi Fontanilles --- .../common/core/cmsis_drivers/Driver_Flash.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c b/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c index 1c648e747..77f92abbc 100644 --- a/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c +++ b/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_Flash.c @@ -165,16 +165,15 @@ static int32_t ARM_Flash_ProgramData(uint32_t addr, const void *data, #ifdef NRF_NVMC_S nrfx_nvmc_words_write(addr, data, cnt); #else + nrf_rramc_config_t rramc_config; + nrf_rramc_config_get(NRF_RRAMC, &rramc_config); + const nrf_rramc_config_t orig_rramc_config = rramc_config; + rramc_config.write_buff_size = 0; + nrf_rramc_config_set(NRF_RRAMC, &rramc_config); + nrfx_rramc_words_write(addr, data, cnt); - /* At time of writing, the Zephyr driver commits writes, but the - * nrfx driver does not, so we commit here using the HAL to align - * Zephyr and TF-M behaviour. - * - * Not committing may cause data loss and/or high power - * consumption. - */ - nrf_rramc_task_trigger(NRF_RRAMC, NRF_RRAMC_TASK_COMMIT_WRITEBUF); + nrf_rramc_config_set(NRF_RRAMC, &orig_rramc_config); #endif return cnt; From 55d44ca65c2bb9a3afb0b049a858a4110cc4dae6 Mon Sep 17 00:00:00 2001 From: Sigurd Hellesvik Date: Mon, 18 Nov 2024 13:21:32 +0100 Subject: [PATCH 73/73] [nrf noup] Attest+COSE: Draft to test upstream change https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/33713 Signed-off-by: Sigurd Hellesvik --- config/config_base.cmake | 1 + .../tfm_attestation_integration_guide.rst | 2 +- .../crypto_adapters/t_cose_psa_crypto.c | 17 +++++- lib/ext/t_cose/src/t_cose_crypto.h | 11 ++-- lib/ext/t_cose/src/t_cose_sign1_sign.c | 61 ++++++++++++++++++- .../t_cose/test/t_cose_make_test_messages.c | 17 +++++- lib/ext/t_cose/tfm_t_cose.cmake | 1 + .../partitions/initial_attestation/Kconfig | 8 +++ .../initial_attestation/attest_token_encode.c | 1 - 9 files changed, 105 insertions(+), 14 deletions(-) diff --git a/config/config_base.cmake b/config/config_base.cmake index 56b52ca77..13f675a02 100644 --- a/config/config_base.cmake +++ b/config/config_base.cmake @@ -146,6 +146,7 @@ set(SYMMETRIC_INITIAL_ATTESTATION OFF CACHE BOOL "Use symmetr set(ATTEST_INCLUDE_TEST_CODE OFF CACHE BOOL "Include minimal development tests in the initial attestation regression test suite") set(ATTEST_KEY_BITS 256 CACHE STRING "The size of the initial attestation key in bits") set(PSA_INITIAL_ATTEST_MAX_TOKEN_SIZE 0x250 CACHE STRING "The maximum possible size of a token") +set(ATTEST_SIGN_MESSAGE OFF CACHE BOOL "Sign message instead of hash") set(TFM_PARTITION_PLATFORM OFF CACHE BOOL "Enable Platform partition") diff --git a/docs/integration_guide/services/tfm_attestation_integration_guide.rst b/docs/integration_guide/services/tfm_attestation_integration_guide.rst index 5e9a126fa..2af01b068 100644 --- a/docs/integration_guide/services/tfm_attestation_integration_guide.rst +++ b/docs/integration_guide/services/tfm_attestation_integration_guide.rst @@ -412,7 +412,7 @@ device. System integrators might need to re-implement the following functions if they want to use initial attestation service with a different cryptographic library than Crypto service: -- ``t_cose_crypto_pub_key_sign()``: Calculates the signature over a hash value. +- ``t_cose_crypto_pub_key_sign()``: Calculates the signature over a value. - ``t_cose_crypto_get_ec_pub_key()``: Get the public key to create the key identifier. - ``t_cose_crypto_hash_start()``: Start a multipart hash operation. diff --git a/lib/ext/t_cose/crypto_adapters/t_cose_psa_crypto.c b/lib/ext/t_cose/crypto_adapters/t_cose_psa_crypto.c index 20ab764e3..d42a438c3 100644 --- a/lib/ext/t_cose/crypto_adapters/t_cose_psa_crypto.c +++ b/lib/ext/t_cose/crypto_adapters/t_cose_psa_crypto.c @@ -164,7 +164,7 @@ t_cose_crypto_pub_key_verify(int32_t cose_algorithm_id, enum t_cose_err_t t_cose_crypto_pub_key_sign(int32_t cose_algorithm_id, struct t_cose_key signing_key, - struct q_useful_buf_c hash_to_sign, + struct q_useful_buf_c to_sign, struct q_useful_buf signature_buffer, struct q_useful_buf_c *signature) { @@ -196,13 +196,24 @@ t_cose_crypto_pub_key_sign(int32_t cose_algorithm_id, /* It is assumed that this call is checking the signature_buffer * length and won't write off the end of it. */ + +#ifdef T_COSE_SIGN_MESSAGE + psa_result = psa_sign_message(signing_key_psa, + psa_alg_id, + to_sign.ptr, + to_sign.len, + signature_buffer.ptr, /* Sig buf */ + signature_buffer.len, /* Sig buf size */ + &signature_len); /* Sig length */ +#else psa_result = psa_sign_hash(signing_key_psa, psa_alg_id, - hash_to_sign.ptr, - hash_to_sign.len, + to_sign.ptr, + to_sign.len, signature_buffer.ptr, /* Sig buf */ signature_buffer.len, /* Sig buf size */ &signature_len); /* Sig length */ +#endif return_value = psa_status_to_t_cose_error_signing(psa_result); diff --git a/lib/ext/t_cose/src/t_cose_crypto.h b/lib/ext/t_cose/src/t_cose_crypto.h index d068fc206..1466ce0a3 100644 --- a/lib/ext/t_cose/src/t_cose_crypto.h +++ b/lib/ext/t_cose/src/t_cose_crypto.h @@ -155,10 +155,10 @@ t_cose_crypto_sig_size(int32_t cose_algorithm_id, struct t_cose_key signing_key, size_t *sig_size); - /** - * \brief Perform public key signing. Part of the t_cose crypto - * adaptation layer. + * \brief Perform public key signing of a payload. Can sign either + * a message or message hash. Part of the t_cose crypto adaptation + * layer. * * \param[in] cose_algorithm_id The algorithm to sign with. The IDs are * defined in [COSE (RFC 8152)] @@ -169,8 +169,7 @@ t_cose_crypto_sig_size(int32_t cose_algorithm_id, * locally (\c \#define) if the needed * one hasn't been registered. * \param[in] signing_key Indicates or contains key to sign with. - * \param[in] hash_to_sign The bytes to sign. Typically, a hash of - * a payload. + * \param[in] to_sign The bytes to sign. * \param[in] signature_buffer Pointer and length of buffer into which * the resulting signature is put. * \param[in] signature Pointer and length of the signature @@ -215,7 +214,7 @@ t_cose_crypto_sig_size(int32_t cose_algorithm_id, enum t_cose_err_t t_cose_crypto_pub_key_sign(int32_t cose_algorithm_id, struct t_cose_key signing_key, - struct q_useful_buf_c hash_to_sign, + struct q_useful_buf_c to_sign, struct q_useful_buf signature_buffer, struct q_useful_buf_c *signature); diff --git a/lib/ext/t_cose/src/t_cose_sign1_sign.c b/lib/ext/t_cose/src/t_cose_sign1_sign.c index de11a9a34..dfaf2ebd2 100644 --- a/lib/ext/t_cose/src/t_cose_sign1_sign.c +++ b/lib/ext/t_cose/src/t_cose_sign1_sign.c @@ -43,6 +43,18 @@ #error COSE algorithm identifier definitions are in error #endif +/** + * This is the size of the first part of the CBOR encoded TBS + * bytes. It is around 30 bytes. See create_tbs_hash(). + */ +#define T_COSE_SIZE_OF_TBS \ + 1 + /* For opening the array */ \ + sizeof(COSE_SIG_CONTEXT_STRING_SIGNATURE1) + /* "Signature1" */ \ + 2 + /* Overhead for encoding string */ \ + T_COSE_SIGN1_MAX_SIZE_PROTECTED_PARAMETERS + /* entire protected params */ \ + 1 + /* Empty bstr for absent external_aad */ \ + 220 /* The max CBOR length encoding for start of payload */ + #ifndef T_COSE_DISABLE_SHORT_CIRCUIT_SIGN /** @@ -323,14 +335,27 @@ t_cose_sign1_encode_signature(struct t_cose_sign1_sign_ctx *me, */ enum t_cose_err_t return_value; QCBORError cbor_err; + /* Pointer to useful_buf used for the signature*/ + struct q_useful_buf_c *tbs; +#ifndef T_COSE_SIGN_MESSAGE /* pointer and length of the completed tbs hash */ struct q_useful_buf_c tbs_hash; +#else + /* pointer and length of the completed tbs message */ + struct q_useful_buf_c tbs_message; + QCBOREncodeContext cbor_Sig_structure_ctx; + /* Pointer and length of the completed signature */ + QCBORError qcbor_result; + Q_USEFUL_BUF_MAKE_STACK_UB( buffer_for_tbs_message, T_COSE_SIZE_OF_TBS); +#endif /* Pointer and length of the completed signature */ struct q_useful_buf_c signature; /* Buffer for the actual signature */ Q_USEFUL_BUF_MAKE_STACK_UB( buffer_for_signature, T_COSE_MAX_SIG_SIZE); +#ifndef T_COSE_SIGN_MESSAGE /* Buffer for the tbs hash. */ Q_USEFUL_BUF_MAKE_STACK_UB( buffer_for_tbs_hash, T_COSE_CRYPTO_MAX_HASH_SIZE); +#endif struct q_useful_buf_c signed_payload; QCBOREncode_CloseBstrWrap(cbor_encode_ctx, &signed_payload); @@ -359,6 +384,7 @@ t_cose_sign1_encode_signature(struct t_cose_sign1_sign_ctx *me, &signature.len); } else { + #ifndef T_COSE_SIGN_MESSAGE /* Create the hash of the to-be-signed bytes. Inputs to the * hash are the protected parameters, the payload that is * getting signed, the cose signature alg from which the hash @@ -374,6 +400,7 @@ t_cose_sign1_encode_signature(struct t_cose_sign1_sign_ctx *me, if(return_value) { goto Done; } + #endif /* Compute the signature using public key crypto. The key and * algorithm ID are passed in to know how and what to sign @@ -388,9 +415,41 @@ t_cose_sign1_encode_signature(struct t_cose_sign1_sign_ctx *me, */ if(!(me->option_flags & T_COSE_OPT_SHORT_CIRCUIT_SIG)) { /* Normal, non-short-circuit signing */ + #ifdef T_COSE_SIGN_MESSAGE + QCBOREncode_Init(&cbor_Sig_structure_ctx, buffer_for_tbs_message); + QCBOREncode_OpenArray(&cbor_Sig_structure_ctx); + + /* context */ + QCBOREncode_AddSZString(&cbor_Sig_structure_ctx, COSE_SIG_CONTEXT_STRING_SIGNATURE1); + /* body_protected */ + QCBOREncode_AddBytes(&cbor_Sig_structure_ctx, me->protected_parameters); + + /* sign_protected is not used for COSE_Sign1 */ + + /* external_aad. There is none so an empty bstr */ + QCBOREncode_AddBytes(&cbor_Sig_structure_ctx, NULL_Q_USEFUL_BUF_C); + + /* payload */ + QCBOREncode_AddBytes(&cbor_Sig_structure_ctx, signed_payload); + + /* Close off the array */ + QCBOREncode_CloseArray(&cbor_Sig_structure_ctx); + + qcbor_result = QCBOREncode_Finish(&cbor_Sig_structure_ctx, &tbs_message); + if(qcbor_result) { + /* Mainly means that the protected_parameters were too big + * (which should never happen) */ + return_value = T_COSE_ERR_SIG_STRUCT; + goto Done; + } + + tbs = &tbs_message; + #else + tbs = &tbs_hash; + #endif return_value = t_cose_crypto_pub_key_sign(me->cose_algorithm_id, me->signing_key, - tbs_hash, + *tbs, buffer_for_signature, &signature); } else { diff --git a/lib/ext/t_cose/test/t_cose_make_test_messages.c b/lib/ext/t_cose/test/t_cose_make_test_messages.c index 89bb7847c..4a82597ab 100644 --- a/lib/ext/t_cose/test/t_cose_make_test_messages.c +++ b/lib/ext/t_cose/test/t_cose_make_test_messages.c @@ -475,14 +475,18 @@ t_cose_sign1_test_message_output_signature(struct t_cose_sign1_sign_ctx *me, */ enum t_cose_err_t return_value; QCBORError cbor_err; + /* Pointer to useful_buf used for the signature*/ + struct q_useful_buf_c *tbs; /* pointer and length of the completed tbs hash */ struct q_useful_buf_c tbs_hash; /* Pointer and length of the completed signature */ struct q_useful_buf_c signature; /* Buffer for the actual signature */ Q_USEFUL_BUF_MAKE_STACK_UB( buffer_for_signature, T_COSE_MAX_SIG_SIZE); +#ifndef T_COSE_SIGN_MESSAGE /* Buffer for the tbs hash. */ Q_USEFUL_BUF_MAKE_STACK_UB( buffer_for_tbs_hash, T_COSE_CRYPTO_MAX_HASH_SIZE); +#endif struct q_useful_buf_c signed_payload; QCBOREncode_CloseBstrWrap(cbor_encode_ctx, &signed_payload); @@ -501,6 +505,8 @@ t_cose_sign1_test_message_output_signature(struct t_cose_sign1_sign_ctx *me, goto Done; } + if(!(me->option_flags & T_COSE_OPT_SIGN_MESSAGE)) { +#ifndef T_COSE_SIGN_MESSAGE /* Create the hash of the to-be-signed bytes. Inputs to the hash * are the protected parameters, the payload that is getting signed, the * cose signature alg from which the hash alg is determined. The @@ -516,6 +522,7 @@ t_cose_sign1_test_message_output_signature(struct t_cose_sign1_sign_ctx *me, if(return_value != T_COSE_SUCCESS) { goto Done; } +#endif /* Compute the signature using public key crypto. The key selector * and algorithm ID are passed in to know how and what to sign @@ -529,11 +536,17 @@ t_cose_sign1_test_message_output_signature(struct t_cose_sign1_sign_ctx *me, */ if(!(me->option_flags & T_COSE_OPT_SHORT_CIRCUIT_SIG)) { /* Normal, non-short-circuit signing */ + if(!(me->option_flags & T_COSE_OPT_SIGN_MESSAGE)) { + tbs = &tbs_hash; + } else { + tbs = &(me->protected_parameters); + } return_value = t_cose_crypto_pub_key_sign(me->cose_algorithm_id, me->signing_key, - tbs_hash, + *tbs, buffer_for_signature, - &signature); + &signature, + me->option_flags); } else { #ifndef T_COSE_DISABLE_SHORT_CIRCUIT_SIGN return_value = short_circuit_sign(me->cose_algorithm_id, diff --git a/lib/ext/t_cose/tfm_t_cose.cmake b/lib/ext/t_cose/tfm_t_cose.cmake index 7c5e59e91..18db7593c 100644 --- a/lib/ext/t_cose/tfm_t_cose.cmake +++ b/lib/ext/t_cose/tfm_t_cose.cmake @@ -29,6 +29,7 @@ target_compile_definitions(tfm_t_cose_defs $<$:T_COSE_DISABLE_SIGN1> $<$>:T_COSE_DISABLE_MAC0> $<$>:T_COSE_DISABLE_SHORT_CIRCUIT_SIGN> + $<$:T_COSE_SIGN_MESSAGE> ) ############################### t_cose common ################################## diff --git a/secure_fw/partitions/initial_attestation/Kconfig b/secure_fw/partitions/initial_attestation/Kconfig index 6bf4ddb2f..92dc24870 100644 --- a/secure_fw/partitions/initial_attestation/Kconfig +++ b/secure_fw/partitions/initial_attestation/Kconfig @@ -32,6 +32,14 @@ config ATTEST_KEY_BITS help The size of the initial attestation key in bits +config ATTEST_SIGN_MESSAGE + bool "Sign message instead of hash" + default n + help + By default attestation calculates a hash of the payload and signs that. + Use this to instead sign the payload/message directly. + + config PSA_INITIAL_ATTEST_MAX_TOKEN_SIZE hex "The maximum possible size of a token" default 0x250 diff --git a/secure_fw/partitions/initial_attestation/attest_token_encode.c b/secure_fw/partitions/initial_attestation/attest_token_encode.c index f17d0a535..c950d1e7c 100644 --- a/secure_fw/partitions/initial_attestation/attest_token_encode.c +++ b/secure_fw/partitions/initial_attestation/attest_token_encode.c @@ -241,7 +241,6 @@ attest_token_encode_start(struct attest_token_encode_ctx *me, me->opt_flags = opt_flags; me->key_select = key_select; - if (opt_flags & TOKEN_OPT_SHORT_CIRCUIT_SIGN) { t_cose_options |= T_COSE_OPT_SHORT_CIRCUIT_SIG; } else {