Use shared Serial object

Although this is not ideal from a security perspective, for this example
we want to share the Serial object to make sure that the app log does
not get messed up by multiple threads trying to write to the serial
port.

For this purpose, we explicitly instantiated a `shared_pc` Serial
object, instead of silently using `printf` as-is.

Author: AlessandroA

source/client_a.cpp

@@ -22,7 +22,6 @@
 
 struct box_context {
     uint32_t number;
-    RawSerial * pc;
 };
 
 static const UvisorBoxAclItem acl[] = {
@@ -56,8 +55,8 @@ static void box_async_runner(void)
         while (1) {
             uint32_t ret;
             int status = rpc_fncall_wait(result, UVISOR_WAIT_FOREVER, &ret);
-            uvisor_ctx->pc->printf("client_a: Attempt to write  0x%08X (%s)\r\n",
-                                  (unsigned int) number, (ret == 0) ? "granted" : "denied");
+            shared_pc.printf("client_a: Attempt to write  0x%08X (%s)\r\n",
+                             (unsigned int) number, (ret == 0) ? "granted" : "denied");
             /* FIXME: Add better error handling. */
             if (!status) {
                 break;
@@ -73,21 +72,14 @@ static void box_sync_runner(void)
     while (1) {
         /* Synchronous access to the number. */
         const uint32_t number = secure_number_get_number();
-        uvisor_ctx->pc->printf("client_a: Attempt to read : 0x%08X (granted)\r\n", (unsigned int) number);
+        shared_pc.printf("client_a: Attempt to read : 0x%08X (granted)\r\n", (unsigned int) number);
 
         Thread::wait(7000);
     }
 }
 
 static void client_a_main(const void *)
 {
-    /* Allocate serial port to ensure that code in this secure box won't touch
-     * the handle in the default security context when printing. */
-    uvisor_ctx->pc = new RawSerial(USBTX, USBRX);
-    if (!uvisor_ctx->pc) {
-        return;
-    }
-
     /* Create new threads. */
     /* Note: The stack must be at least 1kB since threads will use printf. */
     Thread sync(osPriorityNormal, 1024, NULL);

source/client_b.cpp

@@ -22,7 +22,6 @@
 
 struct box_context {
     uint32_t number;
-    RawSerial * pc;
 };
 
 static const UvisorBoxAclItem acl[] = {
@@ -45,13 +44,6 @@ static uint32_t get_a_number()
 
 static void client_b_main(const void *)
 {
-    /* Allocate serial port to ensure that code in this secure box won't touch
-     * the handle in the default security context when printing. */
-    uvisor_ctx->pc = new RawSerial(USBTX, USBRX);
-    if (!uvisor_ctx->pc) {
-        return;
-    }
-
     /* The entire box code runs in its main thread. */
     while (1) {
         uvisor_rpc_result_t result;
@@ -65,16 +57,16 @@ static void client_b_main(const void *)
         while (1) {
             uint32_t ret;
             int status = rpc_fncall_wait(result, UVISOR_WAIT_FOREVER, &ret);
-            uvisor_ctx->pc->printf("client_b: Attempt to write  0x%08X (%s)\r\n",
-                                   (unsigned int) number, (ret == 0) ? "granted" : "denied");
+            shared_pc.printf("client_b: Attempt to write  0x%08X (%s)\r\n",
+                             (unsigned int) number, (ret == 0) ? "granted" : "denied");
             if (!status) {
                 break;
             }
         }
 
         /* Synchronous access to the number. */
         number = secure_number_get_number();
-        uvisor_ctx->pc->printf("client_b: Attempt to read : 0x%08X (granted)\r\n", (unsigned int) number);
+        shared_pc.printf("client_b: Attempt to read : 0x%08X (granted)\r\n", (unsigned int) number);
 
         Thread::wait(3000);
     }

source/main-hw.h

@@ -21,6 +21,8 @@ extern DigitalOut led_red;
 extern DigitalOut led_green;
 extern DigitalOut led_blue;
 
+extern Serial shared_pc;
+
 #if defined(TARGET_K64F)
 
 #define LED_ON  false

source/main.cpp

@@ -32,6 +32,8 @@ DigitalOut led_red(LED1);
 DigitalOut led_green(LED2);
 DigitalOut led_blue(LED3);
 
+Serial shared_pc(USBTX, USBRX);
+
 static uint32_t get_a_number()
 {
     static uint32_t number = 425;
@@ -53,8 +55,8 @@ static void main_async_runner(void)
             /* TODO typesafe return codes */
             uint32_t ret;
             status = rpc_fncall_wait(result, UVISOR_WAIT_FOREVER, &ret);
-            printf("public  : Attempt to write  0x%08X (%s)\r\n",
-                   (unsigned int) number, (ret == 0) ? "granted" : "denied");
+            shared_pc.printf("public  : Attempt to write  0x%08X (%s)\r\n",
+                             (unsigned int) number, (ret == 0) ? "granted" : "denied");
             if (!status) {
                 break;
             }
@@ -69,15 +71,15 @@ static void main_sync_runner(void)
     while (1) {
         /* Synchronous access to the number. */
         const uint32_t number = secure_number_get_number();
-        printf("public  : Attempt to read : 0x%08X (granted)\r\n", (unsigned int) number);
+        shared_pc.printf("public  : Attempt to read : 0x%08X (granted)\r\n", (unsigned int) number);
 
         Thread::wait(11000);
     }
 }
 
 int main(void)
 {
-    printf("\r\n***** uVisor secure number store example *****\r\n");
+    shared_pc.printf("\r\n***** uVisor secure number store example *****\r\n");
     led_red = LED_OFF;
     led_blue = LED_OFF;
     led_green = LED_OFF;

source/secure_number.cpp

@@ -24,7 +24,6 @@ struct box_context {
     int trusted_id;
     int previous_box_caller;
     int caller_id;
-    RawSerial * pc;
 };
 
 static const UvisorBoxAclItem acl[] = {
@@ -103,13 +102,6 @@ static int set_number(uint32_t number)
 
 static void number_store_main(const void *)
 {
-    /* Allocate serial port to ensure that code in this secure box won't touch
-     * the handle in the default security context when printing. */
-    uvisor_ctx->pc = new RawSerial(USBTX, USBRX);
-    if (!uvisor_ctx->pc) {
-        return;
-    }
-
     /* Today we only allow client a to write to the number. */
     uvisor_ctx->trusted_id = -1;
 
@@ -119,16 +111,16 @@ static void number_store_main(const void *)
         (TFN_Ptr) set_number
     };
 
-    uvisor_ctx->pc->printf("vault   : Only client_a can write into the vault\r\n");
-    uvisor_ctx->pc->printf("vault   : All clients can read the vault\r\n");
+    shared_pc.printf("vault   : Only client_a can write into the vault\r\n");
+    shared_pc.printf("vault   : All clients can read the vault\r\n");
     while (1) {
         int status;
 
         /* NOTE: This serializes all access to the number store! */
         status = rpc_fncall_waitfor(my_fn_array, 2, &uvisor_ctx->caller_id, UVISOR_WAIT_FOREVER);
 
         if (status) {
-            uvisor_ctx->pc->printf("Failure is not an option.\r\n");
+            shared_pc.printf("Failure is not an option.\r\n");
             uvisor_error(USER_NOT_ALLOWED);
         }
     }