PSA SPM

* Intorduce PSA-SPM to mbed-os
* Add SPM tests (for PSA targets)
* Add PSA PRoT internal storage Secure implementation
* Integrate SPM into the boot proccess
* PSA manifest data generator
* Introduce PSA targets skeleton to mbed-os
* Add artifact delivery to the tools

Author: Oren Cohen

.gitignore

@@ -94,3 +94,6 @@ log
 
 # Icetea related file
 test_suite.json
+
+# default delivery dir
+DELIVERY/

TESTS/mbed_hal/spm/main.cpp

@@ -0,0 +1,163 @@
+/* mbed Microcontroller Library
+ * Copyright (c) 2017 ARM Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "utest/utest.h"
+#include "unity/unity.h"
+#include "greentea-client/test_env.h"
+#include "cmsis.h"
+#include "spm_api.h"
+#include <stdlib.h>
+
+using namespace utest::v1;
+
+#if !defined(COMPONENT_PSA_SRV_IPC)
+#error [NOT_SUPPORTED] Test supported only on PSA targets
+#endif
+
+#if !defined ( __GNUC__ )
+#error [NOT_SUPPORTED] this test is supported on GCC only
+#endif
+
+extern "C" {
+#define HARDFAULT_IRQn   ((IRQn_Type)-13)
+#define EXC_RETURN_RETURN_STACK_MSK ((uint32_t)(0x00000004))
+#define PC_INDEX_IN_STACK_FRAME 6
+
+volatile uint32_t fault_occurred;
+uint32_t real_hard_fault_handler;
+
+__attribute__ ((always_inline)) __STATIC_INLINE uint32_t __get_LR(void)
+{
+    register uint32_t result;
+
+    __ASM volatile ("MOV %0, LR\n" : "=r" (result));
+    return result;
+}
+
+// This function is required as we need a symbol/address
+// to jump to from fault handler.
+void do_nothing(void)
+{
+    __NOP();
+}
+
+// Test exception handler
+static void hard_fault_handler_test()
+{
+    fault_occurred++;
+    // LR is set EXC_RETURN
+    // lowest bits identify PSP vs MSP stack used for stacking
+    uint32_t lr = __get_LR();
+    uint32_t sp;
+
+    if (lr & EXC_RETURN_RETURN_STACK_MSK) {
+        sp = __get_PSP();
+    } else {
+        sp = __get_MSP();
+    }
+
+    // Overwrite return address.
+    // Fake return to a our special function since current
+    // instruction under test will always fail due to memory protection
+    ((uint32_t *)sp)[PC_INDEX_IN_STACK_FRAME] = (uint32_t)do_nothing;
+}
+
+// Using naked function as it will not be executed from beginning to the end.
+// The execution flow expected to be interrupted by exception and we will
+// return to other function.
+// compiler will not produce prolog and epilog code for naked function
+// and thus will preserve stack in un-corrupted state
+__attribute__((naked)) void call_mem(uint32_t addr)
+{
+    // Only first instruction will be executed in positive flow,
+    // since exception will be generated for invalid memory access.
+    // Other instructions are for calling do_nothing function according to AAPCS.
+    __ASM(
+    "LDR     r1, [r0]\n"
+    "BX      lr\n"
+    );
+}
+}
+
+static void test_memory(uint32_t addr, uint32_t expected_fatal_count)
+{
+    call_mem(addr);
+    // Although call_mem is a "naked" function, it is called using AAPCS.
+    // Thus we can assume LR will point to next instruction, and caller save registers are backed up
+    TEST_ASSERT_EQUAL(expected_fatal_count, fault_occurred);
+}
+
+static void secure_ram_fault_test(void)
+{
+    test_memory(PSA_SECURE_RAM_START, 1);
+}
+
+static void secure_flash_fault_test(void)
+{
+    test_memory(PSA_SECURE_ROM_START, 1);
+}
+
+static void non_secure_ram_fault_test(void)
+{
+    test_memory(PSA_NON_SECURE_RAM_START, 0);
+}
+
+static void non_secure_flash_fault_test(void)
+{
+    test_memory(PSA_NON_SECURE_ROM_START, 0);
+}
+
+utest::v1::status_t fault_override_setup(const Case *const source, const size_t index_of_case)
+{
+    // Save old hard fault handler and replace it with a new one
+    // NOTE: only works when VTOR is set to RAM
+    real_hard_fault_handler = NVIC_GetVector(HARDFAULT_IRQn);
+    NVIC_SetVector(HARDFAULT_IRQn, (uint32_t)&hard_fault_handler_test);
+    fault_occurred = 0;
+
+    return greentea_case_setup_handler(source, index_of_case);
+}
+
+utest::v1::status_t fault_override_teardown(const Case *const source, const size_t passed, const size_t failed,
+                                       const failure_t reason)
+{
+    // Restore real hard fault handler
+    NVIC_SetVector(HARDFAULT_IRQn, real_hard_fault_handler);
+
+    return greentea_case_teardown_handler(source, passed, failed, reason);
+}
+
+Case cases[] = {
+    Case("SPM - Access secure RAM",       fault_override_setup, secure_ram_fault_test, fault_override_teardown),
+    Case("SPM - Access secure Flash",     fault_override_setup, secure_flash_fault_test, fault_override_teardown),
+    Case("SPM - Access non-secure RAM",   fault_override_setup, non_secure_ram_fault_test, fault_override_teardown),
+    Case("SPM - Access non-secure Flash", fault_override_setup, non_secure_flash_fault_test, fault_override_teardown),
+};
+
+utest::v1::status_t greentea_test_setup(const size_t number_of_cases)
+{
+#ifndef NO_GREENTEA
+    GREENTEA_SETUP(20, "default_auto");
+#endif
+    return greentea_test_setup_handler(number_of_cases);
+}
+
+Specification specification(greentea_test_setup, cases, greentea_test_teardown_handler);
+
+int main()
+{
+    Harness::run(specification);
+}

TESTS/psa/prot_internal_storage/COMPONENT_SPE/psa_setup.c

@@ -0,0 +1,78 @@
+/* Copyright (c) 2017 ARM Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/***********************************************************************************************************************
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * THIS FILE IS AN AUTO-GENERATED FILE - DO NOT MODIFY IT.
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ **********************************************************************************************************************/
+
+#include "spm_panic.h"
+#include "spm_internal.h"
+#include "handles_manager.h"
+#include "cmsis.h"
+#include "psa_test_its_reset_partition.h"
+#include "psa_its_partition.h"
+ 
+ 
+spm_partition_t g_partitions[2] = {
+    {
+        .partition_id = TEST_ITS_RESET_ID,
+        .thread_id = 0,
+        .flags_rot_srv = TEST_ITS_RESET_WAIT_ANY_SID_MSK,
+        .flags_interrupts = 0,
+        .rot_services = NULL,
+        .rot_services_count = TEST_ITS_RESET_ROT_SRV_COUNT,
+        .extern_sids = NULL,
+        .extern_sids_count = TEST_ITS_RESET_EXT_ROT_SRV_COUNT,
+        .irq_mapper = NULL,
+    },
+    {
+        .partition_id = ITS_ID,
+        .thread_id = 0,
+        .flags_rot_srv = ITS_WAIT_ANY_SID_MSK,
+        .flags_interrupts = 0,
+        .rot_services = NULL,
+        .rot_services_count = ITS_ROT_SRV_COUNT,
+        .extern_sids = NULL,
+        .extern_sids_count = ITS_EXT_ROT_SRV_COUNT,
+        .irq_mapper = NULL,
+    },
+};
+
+/* Check all the defined memory regions for overlapping. */
+
+/* A list of all the memory regions. */
+const mem_region_t *mem_regions = NULL;
+
+const uint32_t mem_region_count = 0;
+
+// forward declaration of partition initializers
+void test_its_reset_init(spm_partition_t *partition);
+void its_init(spm_partition_t *partition);
+ 
+uint32_t init_partitions(spm_partition_t **partitions)
+{
+    if (NULL == partitions) {
+        SPM_PANIC("partitions is NULL!\n");
+    }
+
+    test_its_reset_init(&(g_partitions[0]));
+    its_init(&(g_partitions[1]));
+ 
+    *partitions = g_partitions;
+    return 2;
+}
+

TESTS/psa/prot_internal_storage/its_reset/COMPONENT_PSA_SRV_IPC/test_pits.c

@@ -0,0 +1,20 @@
+#include "spm_client.h"
+#include "psa_prot_internal_storage.h"
+#include "test_pits.h"
+#include "psa_test_its_reset_ifs.h"
+
+psa_its_status_t test_psa_its_reset(void)
+{
+    psa_handle_t conn = psa_connect(TEST_PSA_ITS_RESET, 1);
+    if (conn <= PSA_NULL_HANDLE) {
+        return PSA_ITS_ERROR_STORAGE_FAILURE;
+    }
+
+    psa_error_t status = psa_call(conn, NULL, 0, NULL, 0);
+    if (status == PSA_DROP_CONNECTION) {
+        status = PSA_ITS_ERROR_STORAGE_FAILURE;
+    }
+
+    psa_close(conn);
+    return status;
+}

TESTS/psa/prot_internal_storage/its_reset/COMPONENT_SPE/psa_test_its_reset_partition.c

@@ -0,0 +1,97 @@
+/* Copyright (c) 2017 ARM Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/***********************************************************************************************************************
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * THIS FILE IS AN AUTO-GENERATED FILE - DO NOT MODIFY IT.
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ **********************************************************************************************************************/
+
+#include "cmsis.h"
+#include "mbed_toolchain.h" /* For using MBED_ALIGN macro */
+#include "rtx_os.h"
+#include "spm_panic.h"
+#include "spm_internal.h"
+#include "psa_test_its_reset_partition.h"
+#include "psa_test_its_reset_ifs.h"
+
+
+/* Threads stacks */
+MBED_ALIGN(8) uint8_t test_its_reset_thread_stack[1024] = {0};
+
+/* Threads control blocks */
+osRtxThread_t test_its_reset_thread_cb = {0};
+
+/* Thread attributes - for thread initialization */
+osThreadAttr_t test_its_reset_thread_attr = {
+    .name = "test_its_reset",
+    .attr_bits = 0,
+    .cb_mem = &test_its_reset_thread_cb,
+    .cb_size = sizeof(test_its_reset_thread_cb),
+    .stack_mem = test_its_reset_thread_stack,
+    .stack_size = 1024,
+    .priority = osPriorityNormal,
+    .tz_module = 0,
+    .reserved = 0
+    };
+
+spm_rot_service_t test_its_reset_rot_services[TEST_ITS_RESET_ROT_SRV_COUNT] = {
+    {
+        .sid = TEST_PSA_ITS_RESET,
+        .mask = TEST_PSA_ITS_RESET_MSK,
+        .partition = NULL,
+        .min_version = 1,
+        .min_version_policy = PSA_MINOR_VERSION_POLICY_RELAXED,
+        .allow_nspe = true,
+        .queue = {
+            .head = NULL,
+            .tail = NULL
+        }
+    },
+};
+
+
+static osRtxMutex_t test_its_reset_mutex = {0};
+static const osMutexAttr_t test_its_reset_mutex_attr = {
+    .name = "test_its_reset_mutex",
+    .attr_bits = osMutexRecursive | osMutexPrioInherit | osMutexRobust,
+    .cb_mem = &test_its_reset_mutex,
+    .cb_size = sizeof(test_its_reset_mutex),
+};
+
+
+extern void test_pits_entry(void *ptr);
+
+void test_its_reset_init(spm_partition_t *partition)
+{
+    if (NULL == partition) {
+        SPM_PANIC("partition is NULL!\n");
+    }
+
+    partition->mutex = osMutexNew(&test_its_reset_mutex_attr);
+    if (NULL == partition->mutex) {
+        SPM_PANIC("Failed to create mutex for secure partition test_its_reset!\n");
+    }
+
+    for (uint32_t i = 0; i < TEST_ITS_RESET_ROT_SRV_COUNT; ++i) {
+        test_its_reset_rot_services[i].partition = partition;
+    }
+    partition->rot_services = test_its_reset_rot_services;
+
+    partition->thread_id = osThreadNew(test_pits_entry, NULL, &test_its_reset_thread_attr);
+    if (NULL == partition->thread_id) {
+        SPM_PANIC("Failed to create start main thread of partition test_its_reset!\n");
+    }
+}