DeviceKey Root of Trust generation refactored.

[tymoteuszblochmobica]

Root of Trust is no longer automatically and silently created.

Summary of changes

Removed automatic creation of the Root Of Trust when DeviceKey::generate_derived_key(...) API is used.
User must generate or inject the key before first use of DeviceKey API.

Impact of changes

DeviceKey is not automatically generated anymore. This might impact test application which expect the key to be present, but do not explicitly generate it.

Migration actions required

Application developers must be aware that if their device does not have Root of Trust permanently injected, which is usually true in development phase, they must generate a key before first use of DeviceKey API. Two options exist for key generation:

• Generate a key using TRNG sources by calling DeviceKey::device_generate_root_of_trust()
• Inject a secure key by calling DeviceKey::device_inject_root_of_trust(...) in case the device does not have a TRNG available.

Documentation

ARMmbed/mbed-os-5-docs#1244

Release notes

---

Pull request type

[] Patch update (Bug fix / Target update / Docs update / Test update / Refactor)
[] Feature update (New feature / Functionality change / New API)
[x] Major update (Breaking change E.g. Return code change / API behaviour change)

---

Test results

[] No Tests required for this change (E.g docs only update)
[] Covered by existing mbed-os tests (Greentea or Unittest)
[x] Tests / results supplied as part of this PR

---

Reviewers

@SeppoTakalo
@michalpasztamobica
@Jammu Kekkonen
@teetak01
@janne Kiiskila

[ciarmcom]

@tymoteuszblochmobica, thank you for your changes.
@SeppoTakalo @michalpasztamobica @ARMmbed/mbed-os-storage @ARMmbed/mbed-os-maintainers please review.

[Teemu]

Uhh I guess you meant @teetak01

[SeppoTakalo]

@yogpan01 and @JammuKekkonen This is now the change we talked about. This basically breaks existing client test applications which assume RoT to be autogenerated, and therefore should only be pushed to Mbed OS 6.0.

Please review and comment. To properly get this working, the new API has to be adopted in client test applications.

[SeppoTakalo]

I know I proposed this name, but I'm starting to wonder.. is there and extra "device" in the DeviceKey::device_do_something...

Maybe the DeviceKey::generate_root_of_trust() should be enough.

[tymoteuszblochmobica]

Renamed

[SeppoTakalo]

Change looks good. Just minor change requested.

This need OK from client team before merge.

[SeppoTakalo]

Error code needs to be recorded from here as well. The injection phase can fail as rell, so

ret = device_inject_root_of_trust(key_buff, actual_size);

[tymoteuszblochmobica]

Changed

[VeijoPesonen]

Once the issues mentioned by Seppo have been addressed this looks ok from my point of view.

Pull request has been modified.

[SeppoTakalo]

Looks OK.

This now needs Client teams to approve, so once @teetak01 and @yogpan01 say OK, this is good to go in.

CI tests can be started already.

[JammuKekkonen]

Should be changed to public api. Seems like it could/should also be static.

[VeijoPesonen]

Writing a unit test for this wouldn't hurt.

[tymoteuszblochmobica]

It is now changed to public.

static DeviceKey &get_instance()
{
// Use this implementation of singleton (Meyer's) rather than the one that allocates
// the instance on the heap, as it ensures destruction at program end (preventing warnings
// from memory checking tools, such as valgrind).
static DeviceKey instance;
return instance;
}

[0xc0170]

CI started

[mbed-ci]

Test run: FAILED

Summary: 1 of 11 test jobs failed
Build number : 1
Build artifacts

Failed test jobs:

• jenkins-ci/mbed-os-ci_greentea-test

[tymoteuszblochmobica]

Rest of failing tests updated.
@0xc0170 could You restart ?

[mbed-ci]

Test run: FAILED

Summary: 1 of 4 test jobs failed
Build number : 4
Build artifacts

Failed test jobs:

• jenkins-ci/mbed-os-ci_build-IAR

[mbed-ci]

Test run: SUCCESS

Summary: 8 of 8 test jobs passed
Build number : 5
Build artifacts

[0xc0170]

@tymoteuszblochmobica I added breaking change label. Can you update the release notes (no migration needed ?) ?

Also:

Possible Cloud Client.
Tests for CC will be added separately.

Is not saying much to a user, what real impact is there?

[SeppoTakalo]

@0xc0170 I updated the PR header, that should be now OK for release notes. Or do we need to add a separate title for that?