Align existing partitions to work with TF-M

- ITS
- Crypto
- Platform

Author: Michael Schwarcz

components/TARGET_PSA/inc/psa/lifecycle.h

@@ -62,6 +62,11 @@ uint32_t psa_security_lifecycle_state(void);
 psa_status_t mbed_psa_reboot_and_request_new_security_state(uint32_t new_state);
 
 
+/** \brief Resets the system
+ *
+ */
+void psa_system_reset();
+
 #ifdef   __cplusplus
 }
 #endif

components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/psa_crypto_spm.c

@@ -24,9 +24,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include "psa_crypto_srv_ifs.h"
-
 #include "psa/client.h"
-
 #include "crypto.h"
 #include "crypto_platform_spe.h"
 

components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c

@@ -1,10 +1,15 @@
 // ---------------------------------- Includes ---------------------------------
-#include "psa/service.h"
-#include "psa/client.h"
-#include <stdint.h>
-#include <string.h>
 
 
+#include "psa/client.h"
+#include "psa/service.h"
+#if defined(TARGET_TFM)
+#define SPM_PANIC(format, ...) \
+{ \
+    while(1){}; \
+}
+#endif
+
 #define PSA_CRYPTO_SECURE 1
 #include "crypto_spe.h"
 #include "crypto_platform_spe.h"
@@ -446,7 +451,11 @@ static void psa_hash_operation(void)
                 case PSA_HASH_CLONE_BEGIN: {
                     size_t index = 0;
 
+#if defined(TARGET_MBED_SPM)
                     status = reserve_hash_clone(psa_identity(msg.handle), msg.rhandle, &index);
+#else
+                    status = reserve_hash_clone(msg.client_id, msg.rhandle, &index);
+#endif
                     if (status == PSA_SUCCESS) {
                         psa_write(msg.handle, 0, &index, sizeof(index));
                     }
@@ -462,7 +471,11 @@ static void psa_hash_operation(void)
                         SPM_PANIC("SPM read length mismatch");
                     }
 
+#if defined(TARGET_MBED_SPM)
                     status = get_hash_clone(index, psa_identity(msg.handle), &hash_clone);
+#else
+                    status = get_hash_clone(index, msg.client_id, &hash_clone);
+#endif
                     if (status == PSA_SUCCESS) {
                         status = psa_hash_clone(hash_clone->source_operation, msg.rhandle);
                         release_hash_clone(hash_clone);
@@ -1488,7 +1501,12 @@ void psa_crypto_generator_operations(void)
 void crypto_main(void *ptr)
 {
     while (1) {
-        uint32_t signals = psa_wait_any(PSA_BLOCK);
+        uint32_t signals = 0;
+#if defined(TARGET_MBED_SPM)
+        signals = psa_wait_any(PSA_BLOCK);
+#else
+        signals = psa_wait(CRYPTO_SRV_WAIT_ANY_SID_MSK, PSA_BLOCK);
+#endif
         if (signals & PSA_CRYPTO_INIT) {
             psa_crypto_init_operation();
         }

components/TARGET_PSA/services/platform/COMPONENT_PSA_SRV_EMUL/platform_emul.c

@@ -28,3 +28,8 @@ psa_status_t mbed_psa_reboot_and_request_new_security_state(uint32_t new_state)
 {
     return psa_platfrom_lifecycle_change_request_impl(new_state);
 }
+
+void psa_system_reset(void)
+{
+    psa_system_reset_impl();
+}

components/TARGET_PSA/services/platform/COMPONENT_PSA_SRV_IMPL/platform_srv_impl.c

@@ -18,6 +18,8 @@
 #include "psa/lifecycle.h"
 #include "psa/internal_trusted_storage.h"
 #include "platform_srv_impl.h"
+#include "mbed_toolchain.h"
+#include "cmsis.h"
 
 #ifndef MBED_CONF_LIFECYCLE_STATE
 #define MBED_CONF_LIFECYCLE_STATE PSA_LIFECYCLE_ASSEMBLY_AND_TEST
@@ -38,3 +40,9 @@ psa_status_t psa_platfrom_lifecycle_change_request_impl(uint32_t state)
     }
     return PSA_LIFECYCLE_ERROR;
 }
+
+MBED_WEAK void psa_system_reset_impl(void)
+{
+    /* Reset the system */
+    NVIC_SystemReset();
+}

components/TARGET_PSA/services/platform/COMPONENT_PSA_SRV_IMPL/platform_srv_impl.h

@@ -22,5 +22,6 @@
 
 psa_status_t psa_platfrom_lifecycle_get_impl(uint32_t *lc_state);
 psa_status_t psa_platfrom_lifecycle_change_request_impl(uint32_t lc_state);
+void psa_system_reset_impl(void);
 
 #endif // __PLATFROM_SRV_IMPL_H__

components/TARGET_PSA/services/platform/COMPONENT_PSA_SRV_IPC/platform_ipc.c

@@ -18,6 +18,7 @@
 #include "psa_platform_ifs.h"
 #include "psa/lifecycle.h"
 #include "psa/client.h"
+#include "mbed_toolchain.h"
 
 uint32_t psa_security_lifecycle_state(void)
 {
@@ -56,3 +57,12 @@ psa_status_t mbed_psa_reboot_and_request_new_security_state(uint32_t new_state)
     return status;
 }
 
+MBED_NORETURN void psa_system_reset(void)
+{
+    psa_handle_t conn = psa_connect(PSA_PLATFORM_LC_SET, 1);
+    if (conn <= PSA_NULL_HANDLE) {
+        return;
+    }
+
+    psa_call(conn, NULL, 0, NULL, 0);
+}

components/TARGET_PSA/services/platform/COMPONENT_SPE/TARGET_MBED_SPM/psa_platform_partition.c

@@ -77,6 +77,18 @@ spm_rot_service_t platform_rot_services[PLATFORM_ROT_SRV_COUNT] = {
             .tail = NULL
         }
     },
+    {
+        .sid = PSA_PLATFORM_SYSTEM_RESET,
+        .mask = PSA_PLATFORM_SYSTEM_RESET_MSK,
+        .partition = NULL,
+        .min_version = 1,
+        .min_version_policy = PSA_MINOR_VERSION_POLICY_RELAXED,
+        .allow_nspe = true,
+        .queue = {
+            .head = NULL,
+            .tail = NULL
+        }
+    },
 };
 
 /* External SIDs used by PLATFORM */

components/TARGET_PSA/services/platform/COMPONENT_SPE/platform_partition.c

@@ -20,6 +20,13 @@
 #include "psa/internal_trusted_storage.h"
 #include "psa/service.h"
 
+#if defined(TARGET_TFM)
+#define SPM_PANIC(format, ...) \
+{ \
+    while(1){}; \
+}
+#endif
+
 typedef psa_status_t (*SignalHandler)(psa_msg_t *);
 
 static psa_status_t lifecycle_get(psa_msg_t *msg)
@@ -52,6 +59,12 @@ static psa_status_t lifecycle_change_request(psa_msg_t *msg)
 
 }
 
+static psa_status_t system_reset_request(psa_msg_t *msg)
+{
+    (void)msg;
+    psa_system_reset_impl();
+}
+
 static void message_handler(psa_msg_t *msg, SignalHandler handler)
 {
     psa_status_t status = PSA_SUCCESS;
@@ -77,7 +90,12 @@ void platform_partition_entry(void *ptr)
     uint32_t signals = 0;
     psa_msg_t msg = {0};
     while (1) {
+#if defined(TARGET_MBED_SPM)
         signals = psa_wait_any(PSA_BLOCK);
+#else
+        signals = psa_wait(PLATFORM_WAIT_ANY_SID_MSK, PSA_BLOCK);
+#endif
+
         if ((signals & PSA_PLATFORM_LC_GET_MSK) != 0) {
             psa_get(PSA_PLATFORM_LC_GET_MSK, &msg);
             message_handler(&msg, lifecycle_get);
@@ -86,5 +104,9 @@ void platform_partition_entry(void *ptr)
             psa_get(PSA_PLATFORM_LC_SET_MSK, &msg);
             message_handler(&msg, lifecycle_change_request);
         }
+        if ((signals & PSA_PLATFORM_SYSTEM_RESET_MSK) != 0) {
+            psa_get(PSA_PLATFORM_SYSTEM_RESET_MSK, &msg);
+            message_handler(&msg, system_reset_request);
+        }
     }
 }

components/TARGET_PSA/services/platform/COMPONENT_SPE/psa_platform_partition.h

@@ -28,7 +28,7 @@
 
 #define PLATFORM_ID 8
 
-#define PLATFORM_ROT_SRV_COUNT (2UL)
+#define PLATFORM_ROT_SRV_COUNT (3UL)
 #define PLATFORM_EXT_ROT_SRV_COUNT (1UL)
 
 /* PLATFORM event flags */
@@ -44,10 +44,13 @@
 #define PSA_PLATFORM_LC_GET_MSK (1UL << PSA_PLATFORM_LC_GET_MSK_POS)
 #define PSA_PLATFORM_LC_SET_MSK_POS (5UL)
 #define PSA_PLATFORM_LC_SET_MSK (1UL << PSA_PLATFORM_LC_SET_MSK_POS)
+#define PSA_PLATFORM_SYSTEM_RESET_MSK_POS (6UL)
+#define PSA_PLATFORM_SYSTEM_RESET_MSK (1UL << PSA_PLATFORM_SYSTEM_RESET_MSK_POS)
 
 #define PLATFORM_WAIT_ANY_SID_MSK (\
     PSA_PLATFORM_LC_GET_MSK | \
-    PSA_PLATFORM_LC_SET_MSK)
+    PSA_PLATFORM_LC_SET_MSK | \
+    PSA_PLATFORM_SYSTEM_RESET_MSK)
 
 
 #endif // PSA_PLATFORM_PARTITION_H

components/TARGET_PSA/services/platform/platform_psa.json

@@ -21,6 +21,14 @@
         "non_secure_clients": true,
         "minor_version": 1,
         "minor_policy": "RELAXED"
+      },
+      {
+        "name": "PSA_PLATFORM_SYSTEM_RESET",
+        "identifier": "0x00011002",
+        "signal": "PSA_PLATFORM_SYSTEM_RESET_MSK",
+        "non_secure_clients": true,
+        "minor_version": 1,
+        "minor_policy": "RELAXED"
       }
     ],
     "extern_sids": [

components/TARGET_PSA/services/platform/psa_platform_ifs.h

@@ -28,5 +28,6 @@
 
 #define PSA_PLATFORM_LC_GET 0x00011000
 #define PSA_PLATFORM_LC_SET 0x00011001
+#define PSA_PLATFORM_SYSTEM_RESET 0x00011002
 
 #endif // PSA_PLATFORM_PARTITION_ROT_SERVICES_H