Add initial uvisor release library

Author: meriac

features/FEATURE_UVISOR/AUTHORS.txt

@@ -0,0 +1,12 @@
+   519	Milosch Meriac
+   420	Alessandro Angelino
+    16	Niklas Hauser
+    15	Jaeden Amero
+     3	Hugo Vincent
+     3	JaredCJR
+     3	Jim Huang
+     2	tonyyanxuan
+     1	Aksel Skauge Mellbye
+     1	Irit Arkin
+     1	Nathan Chong
+     1	ccli8

features/FEATURE_UVISOR/VERSION.txt

@@ -0,0 +1 @@
+v0.9.14-alpha

features/FEATURE_UVISOR/includes/uvisor-lib/rtx/process_malloc.h

@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2016, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef __RTX_PROCESS_MALLOC_H__
+#define __RTX_PROCESS_MALLOC_H__
+
+#include "secure_allocator.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Allocate memory on the process heap. */
+void * malloc_p(size_t size);
+/* Reallocate memory on the process heap. */
+void * realloc_p(void * ptr, size_t size);
+/* Free memory on the process heap. */
+void free_p(void * ptr);
+
+#ifdef __cplusplus
+}   /* extern "C" */
+#endif
+
+#endif  /* __RTX_PROCESS_MALLOC_H__ */

features/FEATURE_UVISOR/includes/uvisor-lib/rtx/rtx_box_index.h

@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2016, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef __RTX_BOX_INDEX_H__
+#define __RTX_BOX_INDEX_H__
+
+#include "cmsis_os.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct
+{
+    /* The uvisor box index must be placed at the beginning */
+    UvisorBoxIndex index;
+
+    /* Id of the mutex */
+    osMutexId mutex_id;
+    /* Pointer to the data of the mutex */
+    osMutexDef_t mutex;
+    /* Internal data of the mutex */
+    int32_t mutex_data[4];
+} RtxBoxIndex;
+
+#ifdef __cplusplus
+}   /* extern "C" */
+#endif
+
+#endif  /* __RTX_BOX_INDEX_H__ */

features/FEATURE_UVISOR/includes/uvisor-lib/rtx/secure_allocator.h

@@ -0,0 +1,88 @@
+/*
+ * Copyright (c) 2016, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef __SECURE_ALLOCATOR_H__
+#define __SECURE_ALLOCATOR_H__
+
+#include <stdint.h>
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** Contains the allocator data and backing page table. */
+typedef void * SecureAllocator;
+
+/** Create an allocator in-place in an existing pool without using pages.
+ * Use this to turn statically allocated memory into a heap.
+ * Or allocate a large piece of memory and then turn that into a heap.
+ *
+ * @param mem   Pointer to the origin of the memory pool
+ * @param bytes Length of the memory pool in bytes
+ * @returns the allocator or `NULL` on failure
+ */
+SecureAllocator secure_allocator_create_with_pool(
+    void * mem,
+    size_t bytes);
+
+/** Create an allocator using pages from the page heap.
+ * Use this to request secure dynamic memory for your process.
+ * Note that this memory is not guaranteed to be consecutive, therefore you
+ * must specify the maximum allocation size that you plan to use in this
+ * allocator. This function will then compute the number and size of required
+ * pages and request them from the secure page heap.
+ *
+ * @param total_size          The minimal total size of the heap
+ * @param maximum_malloc_size The largest size to be allocated in one chunk
+ * @returns the allocator or `NULL` on failure (out of memory,
+ *          maximum malloc size cannot be fulfilled)
+ */
+SecureAllocator secure_allocator_create_with_pages(
+    size_t total_size,
+    size_t maximum_malloc_size);
+
+/** Destroy the allocator and free the backing pages.
+ * An attempt to destroy a memory-pool backed allocator will fail and return
+ * with an error code.
+ *
+ * @retval 0  Allocator successfully destroyed.
+ * @retval -1 Allocator is static (memory-pool), or freeing memory pages failed.
+ */
+int secure_allocator_destroy(
+    SecureAllocator allocator);
+
+/** Drop-in for `malloc`. */
+void * secure_malloc(
+    SecureAllocator allocator,
+    size_t size);
+
+/** Drop-in for `realloc`. */
+void * secure_realloc(
+    SecureAllocator allocator,
+    void * ptr,
+    size_t size);
+
+/** Drop-in for `free`. */
+void secure_free(
+    SecureAllocator allocator,
+    void * ptr);
+
+#ifdef __cplusplus
+}   /* extern "C" */
+#endif
+
+#endif  /* __SECURE_ALLOCATOR_H__ */

features/FEATURE_UVISOR/includes/uvisor/api/inc/benchmark.h

@@ -0,0 +1,27 @@
+/*
+ * Copyright (c) 2013-2015, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef __UVISOR_API_BENCHMARK_H__
+#define __UVISOR_API_BENCHMARK_H__
+
+#include "api/inc/uvisor_exports.h"
+#include <stdint.h>
+
+UVISOR_EXTERN void uvisor_benchmark_configure(void);
+UVISOR_EXTERN void uvisor_benchmark_start(void);
+UVISOR_EXTERN uint32_t uvisor_benchmark_stop(void);
+
+#endif /* __UVISOR_API_BENCHMARK_H__ */

features/FEATURE_UVISOR/includes/uvisor/api/inc/box_config.h

@@ -0,0 +1,140 @@
+/*
+ * Copyright (c) 2013-2016, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef __UVISOR_API_BOX_CONFIG_H__
+#define __UVISOR_API_BOX_CONFIG_H__
+
+#include "api/inc/uvisor_exports.h"
+#include <stddef.h>
+#include <stdint.h>
+
+UVISOR_EXTERN const uint32_t __uvisor_mode;
+
+#define UVISOR_DISABLED   0
+#define UVISOR_PERMISSIVE 1
+#define UVISOR_ENABLED    2
+
+#define UVISOR_SET_MODE(mode) \
+    UVISOR_SET_MODE_ACL_COUNT(mode, NULL, 0)
+
+#define UVISOR_SET_MODE_ACL(mode, acl_list) \
+    UVISOR_SET_MODE_ACL_COUNT(mode, acl_list, UVISOR_ARRAY_COUNT(acl_list))
+
+#define UVISOR_SET_MODE_ACL_COUNT(mode, acl_list, acl_list_count) \
+    uint8_t __attribute__((section(".keep.uvisor.bss.boxes"), aligned(32))) __reserved_stack[UVISOR_STACK_BAND_SIZE]; \
+    \
+    UVISOR_EXTERN const uint32_t __uvisor_mode = (mode); \
+    \
+    static const __attribute__((section(".keep.uvisor.cfgtbl"), aligned(4))) UvisorBoxConfig main_cfg = { \
+        UVISOR_BOX_MAGIC, \
+        UVISOR_BOX_VERSION, \
+        0, \
+        sizeof(RtxBoxIndex), \
+        0, \
+        0, \
+        NULL, \
+        acl_list, \
+        acl_list_count \
+    }; \
+    \
+    extern const __attribute__((section(".keep.uvisor.cfgtbl_ptr_first"), aligned(4))) void * const main_cfg_ptr = &main_cfg;
+
+/* this macro selects an overloaded macro (variable number of arguments) */
+#define __UVISOR_BOX_MACRO(_1, _2, _3, _4, NAME, ...) NAME
+
+#define __UVISOR_BOX_CONFIG(box_name, acl_list, acl_list_count, stack_size, context_size) \
+    \
+    uint8_t __attribute__((section(".keep.uvisor.bss.boxes"), aligned(32))) \
+        box_name ## _reserved[ \
+            UVISOR_STACK_SIZE_ROUND( \
+                ( \
+                    (UVISOR_MIN_STACK(stack_size) + \
+                    (context_size) + \
+                    (__uvisor_box_heapsize) + \
+                    sizeof(RtxBoxIndex) \
+                ) \
+            * 8) \
+        / 6)]; \
+    \
+    static const __attribute__((section(".keep.uvisor.cfgtbl"), aligned(4))) UvisorBoxConfig box_name ## _cfg = { \
+        UVISOR_BOX_MAGIC, \
+        UVISOR_BOX_VERSION, \
+        UVISOR_MIN_STACK(stack_size), \
+        sizeof(RtxBoxIndex), \
+        context_size, \
+        __uvisor_box_heapsize, \
+        __uvisor_box_namespace, \
+        acl_list, \
+        acl_list_count \
+    }; \
+    \
+    extern const __attribute__((section(".keep.uvisor.cfgtbl_ptr"), aligned(4))) void * const box_name ## _cfg_ptr = &box_name ## _cfg;
+
+#define __UVISOR_BOX_CONFIG_NOCONTEXT(box_name, acl_list, stack_size) \
+    __UVISOR_BOX_CONFIG(box_name, acl_list, UVISOR_ARRAY_COUNT(acl_list), stack_size, 0) \
+
+#define __UVISOR_BOX_CONFIG_CONTEXT(box_name, acl_list, stack_size, context_type) \
+    __UVISOR_BOX_CONFIG(box_name, acl_list, UVISOR_ARRAY_COUNT(acl_list), stack_size, sizeof(context_type)) \
+    UVISOR_EXTERN context_type *const *const __uvisor_ps;
+
+#define __UVISOR_BOX_CONFIG_NOACL(box_name, stack_size, context_type) \
+    __UVISOR_BOX_CONFIG(box_name, NULL, 0, stack_size, sizeof(context_type)) \
+    UVISOR_EXTERN context_type *const *const __uvisor_ps;
+
+#define __UVISOR_BOX_CONFIG_NOACL_NOCONTEXT(box_name, stack_size) \
+    __UVISOR_BOX_CONFIG(box_name, NULL, 0, stack_size, 0)
+
+#define UVISOR_BOX_CONFIG_ACL(...) \
+    __UVISOR_BOX_MACRO(__VA_ARGS__, __UVISOR_BOX_CONFIG_CONTEXT, \
+                                    __UVISOR_BOX_CONFIG_NOCONTEXT, \
+                                    __UVISOR_BOX_CONFIG_NOACL_NOCONTEXT)(__VA_ARGS__)
+
+#define UVISOR_BOX_CONFIG_CTX(...) \
+    __UVISOR_BOX_MACRO(__VA_ARGS__, __UVISOR_BOX_CONFIG_CONTEXT, \
+                                    __UVISOR_BOX_CONFIG_NOACL, \
+                                    __UVISOR_BOX_CONFIG_NOACL_NOCONTEXT)(__VA_ARGS__)
+
+#define UVISOR_BOX_CONFIG(...) \
+    UVISOR_BOX_CONFIG_ACL(__VA_ARGS__)
+
+/* Use this macro before box defintion (for example, UVISOR_BOX_CONFIG) to
+ * define the name of your box. If you don't want a name, use this macro with
+ * box_namespace as NULL. */
+#define UVISOR_BOX_NAMESPACE(box_namespace) \
+    static const char *const __uvisor_box_namespace = box_namespace
+
+#define UVISOR_BOX_HEAPSIZE(heap_size) \
+    static const uint32_t __uvisor_box_heapsize = heap_size;
+
+#define uvisor_ctx (*__uvisor_ps)
+
+/* Return the numeric box ID of the current box. */
+UVISOR_EXTERN int uvisor_box_id_self(void);
+
+/* Return the numeric box ID of the box that is calling through the most recent
+ * secure gateway. Return -1 if there is no secure gateway calling box. */
+UVISOR_EXTERN int uvisor_box_id_caller(void);
+
+/* Copy the box namespace of the specified box ID to the memory provided by
+ * box_namespace. The box_namespace's length must be at least
+ * MAX_BOX_NAMESPACE_LENGTH bytes. Return how many bytes were copied into
+ * box_namespace. Return UVISOR_ERROR_INVALID_BOX_ID if the provided box ID is
+ * invalid. Return UVISOR_ERROR_BUFFER_TOO_SMALL if the provided box_namespace
+ * is too small to hold MAX_BOX_NAMESPACE_LENGTH bytes. Return
+ * UVISOR_ERROR_BOX_NAMESPACE_ANONYMOUS if the box is anonymous. */
+UVISOR_EXTERN int uvisor_box_namespace(int box_id, char *box_namespace, size_t length);
+
+#endif /* __UVISOR_API_BOX_CONFIG_H__ */

features/FEATURE_UVISOR/includes/uvisor/api/inc/context_exports.h

@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 2016, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef __UVISOR_CONTEX_EXPORTS_H__
+#define __UVISOR_CONTEX_EXPORTS_H__
+
+/** Maximum number of nested context switches.
+ *
+ * The same state stack is kept for all kinds of context switches that are bound
+ * to a function, for which uVisor keeps an internal state. */
+#define UVISOR_CONTEXT_MAX_DEPTH 16
+
+#endif /* __UVISOR_CONTEX_EXPORTS_H__ */