Do Not Review, Do Not Merge: Do Not Review, Do Not Merge: Prototype for single file PSA/Legacy Mbed TLS configs #116
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-crypto_types.h: Added definition of mbedtls_svc_key_id_t needed for NS build TLS/DTLS APIs -crypto_values.h: Added lots of functions for mbedtls_svc_key_id_t needed for NS build TLS/DTLS APIs Add missing function for TLS/DTLS usage in crypto_extra.h. This needs to go upstream, but most likely containing more functions. Signed-off-by: Frank Audun Kvamtrø <[email protected]> Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit 08bb0ce) (cherry picked from commit c93707c) Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit 7466755) Signed-off-by: Markus Swarowsky <[email protected]>
Adjust CRYPTO_HW_ACCELERATOR build scripts to also support nrf_security. Signed-off-by: Sebastian Bøe <[email protected]> Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit c136210) (cherry picked from commit 3834117) Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit 2bdad64) Signed-off-by: Markus Swarowsky <[email protected]> Change-Id: Ied8e378ef55fe398ea4e45f65b3c270e9e9cd030 Signed-off-by: Markus Swarowsky <[email protected]>
…nce. Add an option to send the log output from the secure firmware on a UART instance that would be shared with the non-secure application. This option is added where the number of UART instances is limited and the application only cares about the receiving the TF-M log on fatal errors. To allow this option to be enabled the log is disabled in the boot process before the non-secure application is started. It is enabled again when an unrecoverable exception has occurred in the secure firmware. NCSDK-18595 Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit 19403a8) Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit 54af7a2) Signed-off-by: Markus Swarowsky <[email protected]> Change-Id: I65e33f48bd7c6334d04b528c28e8b2d4a3331d0d Signed-off-by: Markus Swarowsky <[email protected]>
…RT0 instance Add support for selecting which UART instance to use as the secure UART instance. The supported options are UART0 and UART1. Add support for the secure UART instance being shared with the non-secure application. The UART instance is configured as non-secure after it has been uninitialized, and configured as secure when it is initialized again on a fatal error. NCSDK-18595 Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit b2346e8) Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit 97224b0) Signed-off-by: Markus Swarowsky <[email protected]> Change-Id: I2da826ec4817143ece52baeceaab14999f0d2d96 Signed-off-by: Markus Swarowsky <[email protected]>
Check if the required configuration has been set in the configuration header instead of suddenly setting it outside of the configuration header. If the configuration is missing this definition this could lead to an inconsistent configuration. This is a noup commit because this definition has been removed in another upstream commit 7e80490 and this is not easily backported. Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit 4be04d6) Signed-off-by: Markus Swarowsky <[email protected]> Change-Id: Iea8daa284033611c76dd8102a3cd9bbec99ffcbf Signed-off-by: Markus Swarowsky <[email protected]>
Add platform default UART control definition. For platforms that wishes to use a UART configuration different from the default CMSIS control value the default valuse need to be supplied in the call to set control. This makes it possible for a platform to set for example Hardware Flow Contol configuration. Having support for Hardware Flow Control is useful for running the TF-M regression tests reliably. Upstream PR: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/20374 Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit f16b472) Signed-off-by: Markus Swarowsky <[email protected]> Change-Id: I64ea2f1f261624c82037d3e85231234427978c7e Signed-off-by: Markus Swarowsky <[email protected]>
Add driver support for hardware flow control. Leave it as default off. Upstream PR: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/20375 Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit ab8140d) Signed-off-by: Markus Swarowsky <[email protected]> Change-Id: I86aa7a19270ad6cd9d852c73101c9de1941f364c Signed-off-by: Markus Swarowsky <[email protected]>
Replaces usage of mbedtls_hkdf with PSA Crypto API. Noup: This is essentially the same functionality as in change I41ea9cb2af6627aa7ed3a8454898d16d4b5d6306 from upstream, that can't be cleanly cherry-picked since the code has been refactored. Signed-off-by: Vidar Lillebø <[email protected]> (cherry picked from commit 2ff3fdd) Signed-off-by: Markus Swarowsky <[email protected]> Change-Id: Ib4bcea3f9b7ea2676b612a20b226a8ae6118bb9b Signed-off-by: Markus Swarowsky <[email protected]>
Include the PSA config file in TF_M PSA interface header. This is a noup commit because it is and adapted change based on upstream commit that contains other changes that would cause merge conflicts. An additional PR was made to upstream to improve the way the config header is included. Upstream commit: 34a0ffd Upstream PR: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/21759 Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit 86fdfb9) Signed-off-by: Markus Swarowsky <[email protected]> Change-Id: I048f4174486a911bd1451de5a244446601608d29 Signed-off-by: Markus Swarowsky <[email protected]>
…ader included The PSA header only includes the configuration header when MBEDTLS_PSA_CRYPTO_CONFIG_FILE is given on the command line. If the configuration file has not been included assume that the maximum hash size is the maximum possible instead of the minimal possible. This is consistent with how PSA_VENDOR_ECC_MAX_CURVE_BITS is defined. Change-Id: I4c137a947ca0dbdbddf7eaac74e6ce59ae988224 Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit 779cfe0) (cherry picked from commit ccab64f) Signed-off-by: Markus Swarowsky <[email protected]>
Unify common code between nrf startup files. Signed-off-by: Sebastian Bøe <[email protected]> (cherry picked from commit cca1de1) Signed-off-by: Markus Swarowsky <[email protected]> Change-Id: I78be920afe68f2a9d930605617b654cbf12af5d4 Signed-off-by: Markus Swarowsky <[email protected]>
Currently we are generating dozens of default IRQ Handlers that each just spin. In sum, 256 bytes of IRQ handlers that do nothing. In this patch we save these bytes by using the alias attribute. Now there is only one default IRQ handler placed in flash and all the default IRQ handlers alias to it. I tried to place the duplicated default_tfm_IRQHandler in the common startup.c, but it did not work. I am not certain, but I think this is due to a problem with the way we link in TF-M. Signed-off-by: Sebastian Bøe <[email protected]> (cherry picked from commit 3dcb0c3) Signed-off-by: Markus Swarowsky <[email protected]>
The current default IRQ handler will hang forever. It is bad practice to hang forever in production. Instead we now print the exception information and then panic. Which will either reboot or hang forever depending on the configuration. It is bad practice to for the default IRQ handler to be triggered at all and it should indicate a configuration error. Signed-off-by: Sebastian Bøe <[email protected]> (cherry picked from commit 49627ca) Signed-off-by: Markus Swarowsky <[email protected]>
There is a build system bug where the wrong IRQ handler is used for the SPU. trusted-firmware-m/platform/ext/target/nordic_nrf/common/core/faults.c defines the symbol SPU_IRQHandler. And the intention is for this to be used. But the linker never checks faults.c for undefined symbols because it already has a weak symbol for SPU_IRQHandler from the startup file to satisfy itself. For the weak symbol to work properly faults.c needs to be linked into the build either because it provides some symbol that is undefined, or through the use of --whole-archive as Zephyr does. Until TF-M uses --whole-archive, weak symbols will not work as intended. Signed-off-by: Sebastian Bøe <[email protected]> (cherry picked from commit b2580be) Signed-off-by: Markus Swarowsky <[email protected]>
Default IRQ handlers will usually be overriden as they are weak. But due to the way TF-M links it's binary (doesn't use whole-archive), weak doesn't always work. So we explicitly ifdef out some IRQ handlers that we know will be overridden by non-weak symbols anyway to be safe. Signed-off-by: Sebastian Bøe <[email protected]> (cherry picked from commit 5fa2863) Signed-off-by: Markus Swarowsky <[email protected]>
Fix a bug in the startup file where the ifdef was incorrectly negated. Also add declarations for when the default irq handler is not used. Signed-off-by: Sebastian Bøe <[email protected]> (cherry picked from commit 26d6cb4) Signed-off-by: Markus Swarowsky <[email protected]>
unify target configuration for nrf53, nrf91, and laird. Combining these three source files into a single file makes it easier to make changes as patches don't need to be applied three times. Change-Id: I3c0db861b8db9981552b689e298b525918afff36 Signed-off-by: Sebastian Bøe <[email protected]> (cherry picked from commit 652bcb4) Signed-off-by: Markus Swarowsky <[email protected]>
Rewrite the SPU functions to make it more clear what the permissions will be and thereby prevent accidental priviledge elevation. Signed-off-by: Sebastian Bøe <[email protected]> Change-Id: I3c0db861b8db9981552b699e298b525918afff36 (cherry picked from commit 64f3141) Signed-off-by: Markus Swarowsky <[email protected]>
Move CMake code for adding a startup file into common code. This improves portability. Signed-off-by: Sebastian Bøe <[email protected]> (cherry picked from commit 7815216) Signed-off-by: Markus Swarowsky <[email protected]>
The MDK for nRF9120 used in the nRF9161 target doesn't define the Secure FPU as it doesn't exist, but for other platforms like the 9160 it has a dummy define, with an UNUSED field in the type. The long plan is to get this fixed in the MDK but until then, to make the nrfxlib 3.1.0 update possible this tempfix is applied. Ref: NCSDK-23046 Signed-off-by: Markus Swarowsky <[email protected]> Change-Id: I44042ee9aada99c59a5930440306bb6c40ae4880 (cherry picked from commit 6ad9c58) Signed-off-by: Markus Swarowsky <[email protected]>
-Adds encryption and authentication support for ITS files -Encryption is optional and is enabled using a CMake variable -The encryption implementation is platform dependent, the signatures of the APIs are provided in this change Change-Id: Ifd3a67ac2274fa8d7ceec19482f7cec01b2cac54 Signed-off-by: Markus Swarowsky <[email protected]> (cherry picked from commit 7de096f) Signed-off-by: Markus Swarowsky <[email protected]>
The TFM_ITS_ENCRYPTED define (and friends) are the same for all nrf platforms so put the CMake code in the common CMakeLists.txt file. This improves portability. Change-Id: Ifedb4eb6119aa9a50dd5444a07fb0d4ee3ab4303 (cherry picked from commit d49a3e4) Signed-off-by: Markus Swarowsky <[email protected]>
Disabling Second-level Interrupt handling tests to run the first-level tests as default on nordic platforms. Change-Id: I6547d942e892f78dfa954f4aed2398807eafa1df Signed-off-by: Markus Swarowsky <[email protected]> (cherry picked from commit a3e5318) Signed-off-by: Markus Swarowsky <[email protected]>
Move NRF_NS_STORAGE define to a common CMake file. This improves portability. Signed-off-by: Markus Swarowsky <[email protected]> Change-Id: I1fc57f58b507222a0927a9688d56c55549d5dcfa (cherry picked from commit 2f9e785) Signed-off-by: Markus Swarowsky <[email protected]>
Move NRF_NS_SECONDARY define to common CMake. This improves portability. Change-Id: Ie6dfff1b89cedfbc4bec93088c7d6f6e190a6f69 Signed-off-by: Markus Swarowsky <[email protected]> (cherry picked from commit eb5162f) Signed-off-by: Markus Swarowsky <[email protected]>
The wrong CMake define for enabling encryption in ITS was used. Change-Id: I9e3b0e363e6588272167ef84f6ca1769ff7687d5 Signed-off-by: Markus Swarowsky <[email protected]> (cherry picked from commit 6e2de43) Signed-off-by: Markus Swarowsky <[email protected]>
The design of the ITS encryption was changed during the review process but the graphic in the doc was not updated to the final design. So update the graphic now. Change-Id: I97c9ece25743bdd1eae05557d5e027b8128b4a90 Signed-off-by: Markus Swarowsky <[email protected]> (cherry picked from commit d1c6dd1) Signed-off-by: Markus Swarowsky <[email protected]>
This fixes an erroneous attempt to configure the FPU peripheral in NRF91 series. The FPU is not configurable in NRF91 series and it is always non-secure. This caused a failed assertion in the initialzation since the FPU present field is not set for the SPU configuration. This change configures the FPU only in NRF53 series devices which have a configurable FPU. Ref: NCSDK-23619 Upstream PR: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/23470 Signed-off-by: Georgios Vasilakis <[email protected]> Change-Id: Ia00e0e620ab51850e6ee8b382e5d03a245b6db0c
Updated nrfx_uarte driver requires missing atomic macros: - nrfx_atomic_t - NRFX_ATOMIC_FETCH_* Signed-off-by: Nikodem Kastelik <[email protected]> (cherry picked from commit 33c0f47)
Use the pinctrl method to define the UART pins for the nordic platform UART driver. This makes it easier to assign the UART pins from devicetree information which is used in out-of-tree board support. Change-Id: I8f18b730d705214670438b85c58032c6f32fff1c Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit 70abd66) Signed-off-by: Joakim Andersson <[email protected]>
Remove the unused nrf_board.h header. LED and Button are not in use anywhere. Change-Id: Id331ff7780202a0c0f77d1b50b92c03ee51f4b19 Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit 42283f9) Signed-off-by: Joakim Andersson <[email protected]>
… for nrf9161 DK Add missing DEFAULT_UART_CONTROL for nrf9161 DK. Change-Id: I8dac4527d5c4904829933e837a6161c91bee2945 Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit 6089a1e) Signed-off-by: Joakim Andersson <[email protected]>
Fix build of BL 5340 DVK. This broke after the changes in: e4d4842 Change-Id: I5ca66b6d929cc9a02f39f98607c487af9be206f3 Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit ab3ad73) Signed-off-by: Joakim Andersson <[email protected]>
…l regression Fix regression since target_cfg.c was refactored to a common file for nrf91 and nrf53. The I2S and PDM peripheral are not configured as non-secure peripherals. Change-Id: Ibc2c0caa0694458f2b0071976a7494a0d23f529b Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit 3bd6fb8)
…um profile Disable the cipher crypto module in small, medium and mediuam-arotless profile. There is no algorithm for this module enabled in the mbedcrypto configuration header for these profiles. Upstream PR: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/24688 Change-Id: Ief1d38a984824c0e746ecbf9b1fe1a8483dba91b Signed-off-by: Joakim Andersson <[email protected]>
… and keys checks Add missing PSA defined algorithms and keys checks. The checks only covered supported algorithms in mbedtls. However mbedtls supports accelerated PSA crypto support through the psa crypto driver wrappers, which can support additional algorithms and key types. Upstream PR: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/24685 Change-Id: Ic609d7ac58b7341316d0a071e5229ea9980fafab Signed-off-by: Joakim Andersson <[email protected]>
…o context
Add an API, `tfm_exception_info_get_context()`, which can be used to
retrieve exception info from the exception_info module.
This option is added allow for platform specific handling logic -- for
example, saving the exception info to a non-volatile storage medium
for postmortem analysis.
Change Highlights:
* Moved `struct exception_info_t` from `exception_info.c` to
`exception_info.h`
* Defined `tfm_exception_info_get_context()` which exposes access to
the static scope `exception_info` struct from exception_info.h
Upstream PR:
https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/24335
Signed-off-by: Chris Coleman <[email protected]>
Change-Id: I635ef2cc79bf5221300064a3a2813d504f62d46a
Signed-off-by: Joakim Andersson <[email protected]>
…ters Change exception handler to use system registers instead of handler provided information to provide active exception information to the exception information handler. This frees up one register argument to the store and dump function. Upstream PR: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/24876 Change-Id: I70a29438fd5ac0bad6945588c5ae7431cd66d060 Signed-off-by: Joakim Andersson <[email protected]>
…ormation Store the callee saved registers in the exception information logging. We store the current exception frame, which has the registers of the caller saved registers when the exception occurs, but the callee saved register information is lost during the exception handling. This provides us with an incomplete picture of the state at the time the exception occurred. Upstream PR: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/24877 Change-Id: I3d15f9eccf1aa8c2c1b99e75e38229ab82420f36 Signed-off-by: Joakim Andersson <[email protected]>
Move the SPU fault handling to only dump fault information on UART when TFM_EXCEPTION_INFO_DUMP is enabled. Store the exception info for later retrieval as the SPU handler clears the events. Upstream PR: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/24878 Change-Id: I3da12c30dc845e81e8725c687aefb498c82c90d7 Signed-off-by: Joakim Andersson <[email protected]>
Signed-off-by: Brian Quach <[email protected]> Change-Id: If3a43ebf1627f1929d52580dc2cf8f25cf241af4 (cherry picked from commit c3b795f) Signed-off-by: Joakim Andersson <[email protected]>
Unify the target configuration header, the target configuration source has already been unified. Upstream PR: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/25014 Signed-off-by: Joakim Andersson <[email protected]>
…ation Refactor peripheral SPU configuration to use peripheral ID instead of address. Remove helper function that is only used once. Refactor peripheral SPU init configuration to be a loop over an array of peripheral IDs. This is done to save flash-usage of this function. Upstream PR: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/25015 Signed-off-by: Joakim Andersson <[email protected]>
…bled Fix TF-M building of the NS application with floating point enabled. This is needed in order to run the TF-M regression tests. NOUP: This does not have an upstream PR as this problem does not exits in the main branch after the TF-M split NS build feature merge. This commit should therefore just be reverted on next TF-M sync. Signed-off-by: Joakim Andersson <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
-Note that additional config file for TF-M is just commented out in a WIP commit
-Fixes minor build issue on ECP size