Add entropy inject to spm

Author: mohammad1603

components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/psa_crypto_spm.c

@@ -917,7 +917,30 @@ psa_status_t psa_generate_random( uint8_t *output,
     return( ( psa_status_t ) err_call );
 }
 
+#if defined(MBEDTLS_ENTROPY_NV_SEED)
+/****************************************************************/
+/* PSA_ENTROPY_INJECT */
+/****************************************************************/
+
+psa_status_t mbedtls_psa_inject_entropy( const unsigned char *seed,
+                                         size_t seed_size )
+{
+    psa_error_t err_call;
+    psa_handle_t handle = PSA_NULL_HANDLE;
+    psa_invec_t in_vec = { seed, seed_size };
+
+    handle = psa_connect( PSA_ENTROPY_ID, MINOR_VER );
+    if( handle <= 0 )
+        return ( PSA_ERROR_COMMUNICATION_FAILURE );
+
+    err_call = psa_call( handle, &in_vec, 1, NULL, 0 );
+    psa_close( handle );
+    if( err_call < 0 )
+        err_call = ( psa_error_t ) PSA_ERROR_COMMUNICATION_FAILURE;
 
+    return( ( psa_status_t ) err_call );
+}
+#endif
 /****************************************************************/
 /* PSA Generator */
 /****************************************************************/

components/TARGET_PSA/services/crypto/COMPONENT_SPE/crypto_spe.h

@@ -58,6 +58,7 @@ extern "C" {
 #define mbedtls_psa_crypto_free  mbedtls_psa_sec_crypto_free
 #define psa_key_derivation  psa_sec_key_derivation
 #define psa_generator_abort  psa_sec_generator_abort
+#define mbedtls_psa_inject_entropy  mbedtls_psa_sec_inject_entropy
 
 #include "crypto.h"
 

components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c

@@ -8,6 +8,7 @@
 #include "crypto_spe.h"
 #include "crypto_platform_spe.h"
 #include "psa_psa_f_partition.h"
+#include "mbedtls/entropy.h"
 
 #if defined(MBEDTLS_PLATFORM_C)
 #include "mbedtls/platform.h"
@@ -1114,6 +1115,57 @@ static void psa_key_management_operation( void )
     psa_reply( msg.handle, status );
 }
 
+#if defined(MBEDTLS_ENTROPY_NV_SEED)
+static void psa_entropy_operation( void )
+{
+    psa_msg_t msg = { 0 };
+    psa_status_t status = PSA_SUCCESS;
+    psa_get( PSA_ENTROPY_INJECT, &msg );
+
+    switch ( msg.type )
+    {
+        case PSA_IPC_CONNECT:
+        {
+            break; /* do nothing */
+        }
+        case PSA_IPC_CALL:
+        {
+            uint32_t bytes_read;
+            size_t seed_size = msg.in_size[0];
+            if( MBEDTLS_ENTROPY_MAX_SEED_SIZE < seed_size )
+            {
+                status = PSA_ERROR_INVALID_ARGUMENT;
+                break;
+            }
+            unsigned char *seed = mbedtls_calloc( 1, seed_size );
+            if( seed == NULL )
+            {
+                status = PSA_ERROR_INSUFFICIENT_MEMORY;
+                break;
+            }
+            bytes_read = psa_read( msg.handle, 0, seed, seed_size );
+            if( bytes_read != seed_size )
+            {
+                SPM_PANIC("SPM read length mismatch");
+            }
+            status = mbedtls_psa_inject_entropy( seed, seed_size );
+            mbedtls_free( seed );
+            break;
+        }
+        case PSA_IPC_DISCONNECT:
+        {
+            break; /* do nothing */
+        }
+        default:
+        {
+            status = PSA_ERROR_NOT_SUPPORTED;
+            break;
+        }
+    }
+    psa_reply( msg.handle, status );
+}
+#endif
+
 static void psa_rng_operation( void )
 {
     psa_msg_t msg = { 0 };
@@ -1378,5 +1430,11 @@ void part_main(void *ptr)
         {
             psa_crypto_generator_operations( );
         }
+#if defined(MBEDTLS_ENTROPY_NV_SEED)
+        if( signals & PSA_ENTROPY_INJECT )
+        {
+            psa_entropy_operation( );
+        }
+#endif /* MBEDTLS_ENTROPY_NV_SEED */
     }
 }

components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_psa_f_partition.c

@@ -1,4 +1,6 @@
-/* Copyright (c) 2017 ARM Limited
+/* Copyright (c) 2017-2018 ARM Limited
+ *
+ * SPDX-License-Identifier: Apache-2.0
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -26,6 +28,7 @@
 #include "spm_internal.h"
 #include "psa_psa_f_partition.h"
 #include "psa_psa_f_ifs.h"
+#include "psa_its_ifs.h"
 
 
 /* Threads stacks */
@@ -168,8 +171,27 @@ spm_rot_service_t psa_f_rot_services[PSA_F_ROT_SRV_COUNT] = {
             .tail = NULL
         }
     },
+    {
+        .sid = PSA_ENTROPY_ID,
+        .mask = PSA_ENTROPY_INJECT,
+        .partition = NULL,
+        .min_version = 1,
+        .min_version_policy = PSA_MINOR_VERSION_POLICY_STRICT,
+        .allow_nspe = true,
+        .queue = {
+            .head = NULL,
+            .tail = NULL
+        }
+    },
 };
 
+/* External SIDs used by PSA_F */
+const uint32_t psa_f_external_sids[4] = {
+    PSA_ITS_GET,
+    PSA_ITS_SET,
+    PSA_ITS_INFO,
+    PSA_ITS_REMOVE,
+};
 
 static osRtxMutex_t psa_f_mutex = {0};
 static const osMutexAttr_t psa_f_mutex_attr = {

components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_psa_f_partition.h

@@ -1,4 +1,6 @@
-/* Copyright (c) 2017 ARM Limited
+/* Copyright (c) 2017-2018 ARM Limited
+ *
+ * SPDX-License-Identifier: Apache-2.0
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -24,8 +26,8 @@
 
 #define PSA_F_ID 35
 
-#define PSA_F_ROT_SRV_COUNT (10UL)
-#define PSA_F_EXT_ROT_SRV_COUNT (0UL)
+#define PSA_F_ROT_SRV_COUNT (11UL)
+#define PSA_F_EXT_ROT_SRV_COUNT (4UL)
 
 /* PSA_F event flags */
 #define PSA_F_RESERVED1_POS (1UL)
@@ -56,6 +58,8 @@
 #define PSA_CRYPTO_FREE (1UL << PSA_CRYPTO_FREE_POS)
 #define PSA_GENERATOR_POS (13UL)
 #define PSA_GENERATOR (1UL << PSA_GENERATOR_POS)
+#define PSA_ENTROPY_INJECT_POS (14UL)
+#define PSA_ENTROPY_INJECT (1UL << PSA_ENTROPY_INJECT_POS)
 
 #define PSA_F_WAIT_ANY_SID_MSK (\
     PSA_CRYPTO_INIT | \
@@ -67,7 +71,8 @@
     PSA_KEY_MNG | \
     PSA_RNG | \
     PSA_CRYPTO_FREE | \
-    PSA_GENERATOR)
+    PSA_GENERATOR | \
+    PSA_ENTROPY_INJECT)
 
 /*
 #define PSA_F_WAIT_ANY_MSK (\

components/TARGET_PSA/services/crypto/crypto_partition_psa.json

@@ -86,8 +86,22 @@
       "non_secure_clients": true,
       "minor_version": 1,
       "minor_policy": "STRICT"
+    },
+    {
+      "name": "PSA_ENTROPY_ID",
+      "identifier": "0x00000F0A",
+      "signal": "PSA_ENTROPY_INJECT",
+      "non_secure_clients": true,
+      "minor_version": 1,
+      "minor_policy": "STRICT"
     }
   ],
+  "extern_sids": [
+    "PSA_ITS_GET",
+    "PSA_ITS_SET",
+    "PSA_ITS_INFO",
+    "PSA_ITS_REMOVE"
+  ],
   "source_files": [
     "COMPONENT_SPE/psa_crypto_partition.c"
   ]

components/TARGET_PSA/services/crypto/psa_psa_f_ifs.h

@@ -1,4 +1,6 @@
-/* Copyright (c) 2017 ARM Limited
+/* Copyright (c) 2017-2018 ARM Limited
+ *
+ * SPDX-License-Identifier: Apache-2.0
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -32,5 +34,6 @@
 #define PSA_RNG_ID 0x00000F07
 #define PSA_CRYPTO_FREE_ID 0x00000F08
 #define PSA_GENERATOR_ID 0x00000F09
+#define PSA_ENTROPY_ID 0x00000F0A
 
 #endif // PSA_PSA_F_PARTITION_ROT_SERVICES_H

components/TARGET_PSA/spm/COMPONENT_SPE/psa_setup.c

@@ -25,32 +25,33 @@
 #include "spm_internal.h"
 #include "handles_manager.h"
 #include "cmsis.h"
-#include "psa_psa_f_partition.h"
 #include "psa_its_partition.h"
+#include "psa_psa_f_partition.h"
 
+extern const uint32_t psa_f_external_sids[4];
 
 __attribute__((weak))
 spm_partition_t g_partitions[2] = {
     {
-        .partition_id = PSA_F_ID,
+        .partition_id = ITS_ID,
         .thread_id = 0,
-        .flags_rot_srv = PSA_F_WAIT_ANY_SID_MSK,
+        .flags_rot_srv = ITS_WAIT_ANY_SID_MSK,
         .flags_interrupts = 0,
         .rot_services = NULL,
-        .rot_services_count = PSA_F_ROT_SRV_COUNT,
+        .rot_services_count = ITS_ROT_SRV_COUNT,
         .extern_sids = NULL,
-        .extern_sids_count = PSA_F_EXT_ROT_SRV_COUNT,
+        .extern_sids_count = ITS_EXT_ROT_SRV_COUNT,
         .irq_mapper = NULL,
     },
     {
-        .partition_id = ITS_ID,
+        .partition_id = PSA_F_ID,
         .thread_id = 0,
-        .flags_rot_srv = ITS_WAIT_ANY_SID_MSK,
+        .flags_rot_srv = PSA_F_WAIT_ANY_SID_MSK,
         .flags_interrupts = 0,
         .rot_services = NULL,
-        .rot_services_count = ITS_ROT_SRV_COUNT,
-        .extern_sids = NULL,
-        .extern_sids_count = ITS_EXT_ROT_SRV_COUNT,
+        .rot_services_count = PSA_F_ROT_SRV_COUNT,
+        .extern_sids = psa_f_external_sids,
+        .extern_sids_count = PSA_F_EXT_ROT_SRV_COUNT,
         .irq_mapper = NULL,
     },
 };
@@ -65,8 +66,8 @@ __attribute__((weak))
 const uint32_t mem_region_count = 0;
 
 // forward declaration of partition initializers
-void psa_f_init(spm_partition_t *partition);
 void its_init(spm_partition_t *partition);
+void psa_f_init(spm_partition_t *partition);
 
 __attribute__((weak))
 uint32_t init_partitions(spm_partition_t **partitions)
@@ -75,8 +76,8 @@ uint32_t init_partitions(spm_partition_t **partitions)
         SPM_PANIC("partitions is NULL!\n");
     }
 
-    psa_f_init(&(g_partitions[0]));
-    its_init(&(g_partitions[1]));
+    its_init(&(g_partitions[0]));
+    psa_f_init(&(g_partitions[1]));
 
     *partitions = g_partitions;
     return 2;

targets/targets.json

@@ -7461,7 +7461,7 @@
         "inherits": ["SPE_Target", "FUTURE_SEQUANA_M0"],
         "components_add": ["SPM_MAILBOX", "FLASHIAP"],
         "extra_labels_add": ["PSA"],
-        "macros_add": ["PSOC6_DYNSRM_DISABLE=1", "MBEDTLS_PSA_CRYPTO_SPM"],
+        "macros_add": ["PSOC6_DYNSRM_DISABLE=1", "MBEDTLS_PSA_CRYPTO_SPM", "MBEDTLS_PSA_HAS_ITS_IO", "MBEDTLS_ENTROPY_NV_SEED", "MBEDTLS_PLATFORM_NV_SEED_READ_MACRO=mbed_default_seed_read", "MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO=mbed_default_seed_write", "MBEDTLS_PSA_CRYPTO_C" ],
         "deliver_to_target": "FUTURE_SEQUANA_PSA",
         "overrides": {
             "secure-rom-start": "0x10000000",