Merge pull request #15 from AlessandroA/minor_fixes

Minor improvements to the app

Author: AlessandroA

.gitignore

@@ -1,8 +1,16 @@
+# Misc hidden files
 .DS_Store
-.build
-gdb.script
 *.sw*
+
+# mbed files and folders
+.build
+BUILD
+mbed-os
+mbed-os/*
 mbed_settings.py*
-/mbed-os/
-/firmware.*
-/debug.elf
+.mbed
+
+# Custom Makefile temp files
+gdb.script
+firmware.*
+debug.elf

README.md

@@ -12,19 +12,19 @@ This number can only be written by one box, but read by all boxes.
 
 This demo contains three secure boxes:
 
-1. The secure number vault. This box stores one number that can only be written to by client A, but read by everyone.
+1. The secure number vault. This box stores one number that can only be written to by Client A, but read by everyone.
 1. Client A, which attempts to write (and succeeds) and read the secure number.
 1. Client B, which attempts to write (but fails) and read the secure number.
 
-The insecure box 0 also attempts to write (but fails) and read the secure number.
+As usual, all the code/data that is not protected by a secure box ends up in the public box (also known as box 0), which is visible by all other boxes and, hence, insecure. The public box also attempts to write (but fails) and read the secure number.
 
 Supported devices:
 
 | Target | Toolchain | Baud rate |
 |--------|-----------|-----------|
 | `K64F` | `GCC_ARM` | 9600      |
 
-Latest release: [mbed-os-5.3.0](https://github.com/ARMmbed/mbed-os-example-uvisor/releases/tag/mbed-os-5.3.0). Tested with [mbed-cli v1.0.0](https://github.com/ARMmbed/mbed-cli/releases/tag/1.0.0).
+Latest release: [mbed-os-5.3.x](https://github.com/ARMmbed/mbed-os-example-uvisor/releases/tag/latest). Tested with [mbed-cli v1.0.0](https://github.com/ARMmbed/mbed-cli/releases/tag/1.0.0).
 
 ## Quickstart
 
@@ -45,18 +45,16 @@ $ screen /dev/tty.usbmodem1422 9600
 You will see an output similar to the following one:
 
 ```
-**** uVisor secure number store example *****
-Trusted client a has box id 2
-2: Wrote '0xfffffed4'
-1: Read '0xfffffed4'
-1: Permission denied. This client cannot write the secure number '0xfffffe0c'
-0: Read '0xfffffed4'
-0: Permission denied. This client cannot write the secure number '0x00000019'
-2: Read '0xfffffed4'
-2: Wrote '0xfffffda8'
-2: Read '0xfffffda8'
-1: Permission denied. This client cannot write the secure number '0xfffffc18'
-2: Wrote '0xfffffc7c'
+***** uVisor secure number store example *****
+vault   : Only client_a can write into the vault
+vault   : All clients can read the vault
+client_b: Attempt to write  0xFFFFFED4 (denied)
+client_a: Attempt to read : 0x00000000 (granted)
+client_a: Attempt to write  0xFFFFFE0C (granted)
+public  : Attempt to read : 0xFFFFFE0C (granted)
+public  : Attempt to write  0x00000019 (denied)
+client_b: Attempt to read : 0xFFFFFE0C (granted)
+client_a: Attempt to read : 0xFFFFFE0C (granted)
 ...
 ```
 

mbed_app.json

@@ -1,6 +1,6 @@
 {
     "target_overrides": {
-        "K64F": {
+        "*": {
             "target.features_add": ["UVISOR"],
             "target.extra_labels_add": ["UVISOR_SUPPORTED"]
         }

source/client_a.cpp

@@ -22,27 +22,28 @@
 
 struct box_context {
     uint32_t number;
-    RawSerial * pc;
 };
 
 static const UvisorBoxAclItem acl[] = {
 };
 
 static void client_a_main(const void *);
 
-/* Box configuration */
+/* Box configuration
+ * This box has a smaller interrupt and main thread stack sizes as we do nothing
+ * special in them. */
 UVISOR_BOX_NAMESPACE("client_a");
-UVISOR_BOX_HEAPSIZE(8192);
-UVISOR_BOX_MAIN(client_a_main, osPriorityNormal, UVISOR_BOX_STACK_SIZE);
-UVISOR_BOX_CONFIG(secure_number_client_a, acl, UVISOR_BOX_STACK_SIZE, box_context);
+UVISOR_BOX_HEAPSIZE(3072);
+UVISOR_BOX_MAIN(client_a_main, osPriorityNormal, 512);
+UVISOR_BOX_CONFIG(secure_number_client_a, acl, 512, box_context);
 
 static uint32_t get_a_number()
 {
     /* Such random. Many secure. Much bits. Wow. */
     return (uvisor_ctx->number -= 500UL);
 }
 
-static void box_async_runner(const void *)
+static void box_async_runner(void)
 {
     while (1) {
         uvisor_rpc_result_t result;
@@ -56,11 +57,8 @@ static void box_async_runner(const void *)
         while (1) {
             uint32_t ret;
             int status = rpc_fncall_wait(result, UVISOR_WAIT_FOREVER, &ret);
-            uvisor_ctx->pc->printf("%c: %s '0x%08x'\r\n",
-                                   (char) uvisor_box_id_self() + '0',
-                                   (ret == 0) ? "Wrote" :
-                                                "Permission denied. This client cannot write the secure number",
-                                   (unsigned int) number);
+            shared_pc.printf("client_a: Attempt to write  0x%08X (%s)\r\n",
+                             (unsigned int) number, (ret == 0) ? "granted" : "denied");
             /* FIXME: Add better error handling. */
             if (!status) {
                 break;
@@ -71,27 +69,29 @@ static void box_async_runner(const void *)
     }
 }
 
-static void box_sync_runner(const void *)
+static void box_sync_runner(void)
 {
     while (1) {
         /* Synchronous access to the number. */
         const uint32_t number = secure_number_get_number();
-        uvisor_ctx->pc->printf("%c: Read '0x%08x'\r\n", (char) uvisor_box_id_self() + '0', (unsigned int) number);
+        shared_pc.printf("client_a: Attempt to read : 0x%08X (granted)\r\n", (unsigned int) number);
 
         Thread::wait(7000);
     }
 }
 
 static void client_a_main(const void *)
 {
-    /* Allocate serial port to ensure that code in this secure box won't touch
-     * the handle in the default security context when printing. */
-    uvisor_ctx->pc = new RawSerial(USBTX, USBRX);
-    if (!uvisor_ctx->pc) {
-        return;
-    }
+    /* Create new threads. */
+    /* Note: The stack must be at least 1kB since threads will use printf. */
+    Thread sync(osPriorityNormal, 1024, NULL);
+    sync.start(box_sync_runner);
+    Thread async(osPriorityNormal, 1024, NULL);
+    async.start(box_async_runner);
 
-    srand(uvisor_box_id_self());
-    new Thread(box_sync_runner, NULL);
-    new Thread(box_async_runner, NULL);
+    size_t count = 0;
+    while (1) {
+        /* Spin forever. */
+        ++count;
+    }
 }

source/client_b.cpp

@@ -22,7 +22,6 @@
 
 struct box_context {
     uint32_t number;
-    RawSerial * pc;
 };
 
 static const UvisorBoxAclItem acl[] = {
@@ -31,11 +30,13 @@ static const UvisorBoxAclItem acl[] = {
 
 static void client_b_main(const void *);
 
-/* Box configuration */
+/* Box configuration
+ * This box has a smaller interrupt stack size as we do nothing special in it.
+ * The main thread uses printf so it needs at least 1kB of stack. */
 UVISOR_BOX_NAMESPACE("client_b");
-UVISOR_BOX_HEAPSIZE(8192);
-UVISOR_BOX_MAIN(client_b_main, osPriorityNormal, UVISOR_BOX_STACK_SIZE);
-UVISOR_BOX_CONFIG(secure_number_client_b, acl, UVISOR_BOX_STACK_SIZE, box_context);
+UVISOR_BOX_HEAPSIZE(3072);
+UVISOR_BOX_MAIN(client_b_main, osPriorityNormal, 1024);
+UVISOR_BOX_CONFIG(secure_number_client_b, acl, 512, box_context);
 
 static uint32_t get_a_number()
 {
@@ -45,13 +46,6 @@ static uint32_t get_a_number()
 
 static void client_b_main(const void *)
 {
-    /* Allocate serial port to ensure that code in this secure box won't touch
-     * the handle in the default security context when printing. */
-    uvisor_ctx->pc = new RawSerial(USBTX, USBRX);
-    if (!uvisor_ctx->pc) {
-        return;
-    }
-
     /* The entire box code runs in its main thread. */
     while (1) {
         uvisor_rpc_result_t result;
@@ -65,19 +59,16 @@ static void client_b_main(const void *)
         while (1) {
             uint32_t ret;
             int status = rpc_fncall_wait(result, UVISOR_WAIT_FOREVER, &ret);
-            uvisor_ctx->pc->printf("%c: %s '0x%08x'\r\n",
-                                   (char) uvisor_box_id_self() + '0',
-                                   (ret == 0) ? "Wrote" :
-                                                "Permission denied. This client cannot write the secure number",
-                                   (unsigned int) number);
+            shared_pc.printf("client_b: Attempt to write  0x%08X (%s)\r\n",
+                             (unsigned int) number, (ret == 0) ? "granted" : "denied");
             if (!status) {
                 break;
             }
         }
 
         /* Synchronous access to the number. */
         number = secure_number_get_number();
-        uvisor_ctx->pc->printf("%c: Read '0x%08x'\r\n", (char) uvisor_box_id_self() + '0', (unsigned int) number);
+        shared_pc.printf("client_b: Attempt to read : 0x%08X (granted)\r\n", (unsigned int) number);
 
         Thread::wait(3000);
     }

source/main-hw.h

@@ -17,17 +17,16 @@
 #ifndef __UVISOR_HELLOWORLD_MAIN_HW_H__
 #define __UVISOR_HELLOWORLD_MAIN_HW_H__
 
-/* The vector containing the challenge is shared with the push-button ISR, so
- * that it can attempt to access it from an IRQ context. */
+extern DigitalOut led_red;
+extern DigitalOut led_green;
+extern DigitalOut led_blue;
 
-#define LED_ON  false
-#define LED_OFF true
+extern Serial shared_pc;
 
-#define MAIN_LED LED_BLUE
-#define HALT_LED LED_RED
+#if defined(TARGET_K64F)
 
-#define MAIN_BTN SW2
-#define MAIN_BTN_PUPD PullUp
+#define LED_ON  false
+#define LED_OFF true
 
 #define MAIN_ACL(acl_list_name) \
     static const UvisorBoxAclItem acl_list_name[] = {     \
@@ -48,8 +47,10 @@
         {SPI0,   sizeof(*SPI0),   UVISOR_TACLDEF_PERIPH}, \
     }
 
-extern DigitalOut led_red;
-extern DigitalOut led_green;
-extern DigitalOut led_blue;
+#else /* Target-specific settings */
+
+#error "Unsupported target. Checkout the README.md file for the list of supported targets for this app."
+
+#endif /* Target-specific settings */
 
 #endif /* __UVISOR_HELLOWORLD_MAIN_HW_H__ */

source/main.cpp

@@ -24,29 +24,23 @@
 
 /* Create ACLs for main box. */
 MAIN_ACL(g_main_acl);
-
-/* Register privleged system hooks. */
-UVISOR_EXTERN void SVC_Handler(void);
-UVISOR_EXTERN void PendSV_Handler(void);
-UVISOR_EXTERN void SysTick_Handler(void);
-extern "C" uint32_t rt_suspend(void);
-
-UVISOR_SET_PRIV_SYS_HOOKS(SVC_Handler, PendSV_Handler, SysTick_Handler, rt_suspend, __uvisor_semaphore_post);
-
 /* Enable uVisor. */
 UVISOR_SET_MODE_ACL(UVISOR_ENABLED, g_main_acl);
+UVISOR_SET_PAGE_HEAP(8 * 1024, 5);
 
 DigitalOut led_red(LED1);
 DigitalOut led_green(LED2);
 DigitalOut led_blue(LED3);
 
+Serial shared_pc(USBTX, USBRX);
+
 static uint32_t get_a_number()
 {
     static uint32_t number = 425;
     return (number -= 400UL);
 }
 
-static void main_async_runner(const void *)
+static void main_async_runner(void)
 {
     while (1) {
         uvisor_rpc_result_t result;
@@ -61,11 +55,8 @@ static void main_async_runner(const void *)
             /* TODO typesafe return codes */
             uint32_t ret;
             status = rpc_fncall_wait(result, UVISOR_WAIT_FOREVER, &ret);
-            printf("%c: %s '0x%08x'\r\n",
-                   (char) uvisor_box_id_self() + '0',
-                   (ret == 0) ? "Wrote" :
-                                "Permission denied. This client cannot write the secure number",
-                   (unsigned int) number);
+            shared_pc.printf("public  : Attempt to write  0x%08X (%s)\r\n",
+                             (unsigned int) number, (ret == 0) ? "granted" : "denied");
             if (!status) {
                 break;
             }
@@ -75,32 +66,33 @@ static void main_async_runner(const void *)
     }
 }
 
-static void main_sync_runner(const void *)
+static void main_sync_runner(void)
 {
     while (1) {
         /* Synchronous access to the number. */
         const uint32_t number = secure_number_get_number();
-        printf("%c: Read '0x%08x'\r\n", (char) uvisor_box_id_self() + '0', (unsigned int) number);
+        shared_pc.printf("public  : Attempt to read : 0x%08X (granted)\r\n", (unsigned int) number);
 
         Thread::wait(11000);
     }
 }
 
 int main(void)
 {
-    printf("\r\n***** uVisor secure number store example *****\r\n");
+    shared_pc.printf("\r\n***** uVisor secure number store example *****\r\n");
     led_red = LED_OFF;
     led_blue = LED_OFF;
     led_green = LED_OFF;
 
     /* Startup a few RPC runners. */
-    Thread sync(main_sync_runner, NULL);
-    Thread async(main_async_runner, NULL);
+    /* Note: The stack must be at least 1kB since threads will use printf. */
+    Thread sync(osPriorityNormal, 1024, NULL);
+    sync.start(main_sync_runner);
+    Thread async(osPriorityNormal, 1024, NULL);
+    async.start(main_async_runner);
 
     size_t count = 0;
-
-    while (1)
-    {
+    while (1) {
         /* Spin forever. */
         ++count;
     }