Skip to content

PSA: PSoC 6 Correct TRNG behaviour #10025

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 11, 2019
Merged

PSA: PSoC 6 Correct TRNG behaviour #10025

merged 1 commit into from
Mar 11, 2019
+4 −2

Conversation

orenc17
Copy link
Contributor

@orenc17 orenc17 commented Mar 10, 2019

Description

On PSA targets the TRNG should be accessible from the secure-side only.
By removing NVSEED and restricting TRNG to secure-core we achieve that requirement.

Relevant tests passed

Pull request type

[ ] Fix
[X] Refactor
[ ] Target update
[ ] Functionality change
[ ] Docs update
[ ] Test update
[ ] Breaking change

Reviewers

Release Notes

@ARMmbed/team-cypress @ARMmbed/mbed-os-psa

PSoC 6 Correct TRNG behaviour
d6863d8 
* Remove NVSEED from M0_PSA
* Disable TRNG support for PSA M4
@NirSonnenschein NirSonnenschein requested a review from a user March 10, 2019 15:45
@NirSonnenschein
Copy link
Contributor

starting CI pending reviews

@NirSonnenschein NirSonnenschein requested review from a team March 10, 2019 16:03
alzix
alzix reviewed Mar 10, 2019
View reviewed changes
Copy link
Contributor

@alzix alzix left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removing an API from compilation is not sufficient from security perspective.
Is the peripheral accessible from cm4?

@orenc17
Copy link
Contributor Author

orenc17 commented Mar 10, 2019
edited
Loading

I'm not removing the API, I'm letting the HRNG API take over

In PSoC 6 boards the crypto block is assigned to the m0+ core, access from the m4 core will result in Hardfault

@mbed-ci
Copy link

mbed-ci commented Mar 10, 2019

Test run: SUCCESS

Summary: 13 of 13 test jobs passed
Build number : 1
Build artifacts

@ghost ghost added the PM_ACCEPTED label Mar 11, 2019
alzix
alzix reviewed Mar 11, 2019
View reviewed changes
targets/targets.json
@@ -8067,7 +8066,7 @@
"inherits": ["NSPE_Target", "CY8CKIT_062_WIFI_BT"],
"extra_labels_add": ["PSA", "MBED_SPM"],
"components_add": ["SPM_MAILBOX", "FLASHIAP"],
"device_has_remove": ["TRNG", "CRC"],
Copy link
Contributor

@alzix alzix Mar 11, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TRNG must be restored
it is device_has_remove

alzix
alzix approved these changes Mar 11, 2019
View reviewed changes
Copy link
Contributor

@alzix alzix left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@0xc0170
Copy link
Contributor

0xc0170 commented Mar 11, 2019

@ARMmbed/team-cypress Review please, we would like to integrate this PR soon

@NirSonnenschein
Copy link
Contributor

Hi @0xc0170 : as this doesn't directly modify any cypress code Oren says he added cypress so they are aware of the change. will provide more details here shortly

@OlegKapshii
Copy link

For me, removing TRNG device from CM4_PSA target (as it was before) looks more logical, than a simple NV_SEED disabling. If there are no TRNG device - than nobody can work with it. If only one feature that needs TRNG is disabled, somebody can try to work with TRNG via another feature. In case anybody tries to work with TRNG (HW PSoC6 block) from CM4, it causes a CM4 HardFault.
But I am not enough familiar with the feature/system internals. If it is ok for ARM, than it is ok for me.

@orenc17
Copy link
Contributor Author

orenc17 commented Mar 11, 2019

@0xc0170 this PR doesn't actually change any of the Cypress code.
@ARMmbed/team-cypress The change is needed due to the nature of the PSA target with memory protection scheme.

if a user will try to access the TRNG from the M4 core on a PSA target, the user will get into HardFault.
that is why we enable the HRNG API which calls psa_crypto over SPM, access the TRNG on the M0+ core and return the random data.

the HRNG API relies on the platform having TRNG macro, that is why we add #if !(defined(TARGET_PSA) && defined(COMPONENT_NSPE)) to disable the access to the real TRNG from the M4 core.

@orenc17
Copy link
Contributor Author

orenc17 commented Mar 11, 2019

@OlegKapshii defining NVSEED basically sets it as the only entropy source, which is causing the issue
it masks the TRNG functionality

@OlegKapshii
Copy link

Now I understand. LGTM

@0xc0170 0xc0170 merged commit e0c7e08 into ARMmbed:master Mar 11, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alzix alzix alzix approved these changes

@0xc0170 0xc0170 0xc0170 approved these changes

@NirSonnenschein NirSonnenschein NirSonnenschein approved these changes

Assignees
No one assigned
Labels
release-version: 5.12.0-rc2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@orenc17 @NirSonnenschein @mbed-ci @0xc0170 @OlegKapshii @alzix