WIP Replace Mbed PSA with TF-M PSA #12954
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Make PSA targets pick up files under TARGET_MBED_PSA_SRV. We'll be moving the Mbed implementation of PSA to TARGET_MBED_PSA_SRV folders soon. Targets that expect to use TF-M for their PSA implementation do not have MBED_PSA_SRV labels added to them. XXX not sure if this is correct
XXX verify that running the importer again results in no changes, and all files go to the correct places TF-M provides its own PSA headers for TF-M targets. Single v7-M targets need to get PSA crypto from Mbed Crypto. Note that we don't yet move crypto_struct.h to its new location. This is to avoid breaking v8-M targets for the time being. When TF-M provies the PSA implementation on v8-M, we will add crypto_struct.h to the correct place. Likewise, none of the PSA-implementing source is moved out of COMPONENT_PSA_SRV_IMPL yet, as still must not be built for PSA NS targets. When PSA NS targets switch to using TF-M provided implementations rather than MBED_PSA_SRV, we can take the source out of COMPONENT_PSA_SRV_IMPL. Signed-off-by: Jaeden Amero <[email protected]>
Signed-off-by: Jaeden Amero <[email protected]>
These changes switch to TF-M as the sole PSA implementation for v8-M and dual core targets, with TF-M running on the secure side and Mbed OS running on the non-secure side. Single core v7-M targets will continue to have PSA implemented via PSA emulation, implemented by Mbed OS. Move or remove many PSA-implementing files, as PSA will be provided by TF-M on non-single-v7-M targets. Delete any files that are not relevant for PSA emulation mode. - Remove imported TF-M SPM - Remove Mbed SPM and tests - Remove Mbed-implemented PSA services and tests - Remove PSA_SRV_IMPL, PSA_SRV_IPC, PSA_SRV_EMUL and NSPE. - Replace PSA_SRV_EMUL and PSA_SRV_IMPL with MBED_PSA_SRV - Remove any files autogenerated by "tools/psa/generate_partition_code.py", which no longer exists. Add new feature `PSA` to support PSA in Mbed OS. Add the document supporting_psa_in_mbed-os.md which describes how to add PSA support for a target in Mbed 6. Move the Mbed OS implementation of PSA services for v7-M targets (which employ PSA emulation, and don't yet use TF-M) to features/FEATURE_PSA/TARGET_MBED_PSA_SRV. Update the `requires` attribute in TESTS/configs/baremetal.json to avoid breaking baremetal testing builds. Update .astyleignore to match new directory structure Create the following generic PSA targets: * `PSA_Target` (Root level PSA target) * `PSA_V7_M_NSPE` (Single v7-M NSPE generic target) * `PSA_V7_M_SPE` (Single v7-M SPE generic target) * `PSA_DUAL_V7_M_NSPE` (Dual v7-M NSPE generic target) * `PSA_DUAL_V7_M_SPE` (Dual v7-M SPE generic target) * `PSA_V8_M_NSPE` (v8-M NSPE generic target) * `PSA_V8_M_SPE` (v8-M SPE generic target) Flatten MUSCA_NS and private MUSCA targets into public MUSCA targets. Signed-off-by: Devaraj Ranganna <[email protected]> Signed-off-by: Jaeden Amero <[email protected]>
Add a script to parse `targets.json` to identify PSA targets and ensure mandatory parameters are configured correctly for all PSA targets. Signed-off-by: Devaraj Ranganna <[email protected]>
Import the latest image signing scripts from TF-M version TF-Mv1.0-85-g3b7cc95a042c. Signed-off-by: Devaraj Ranganna <[email protected]>
Add a stubbed PSA Client API implementation for application compatibility. The interface is non-functional, but provides sane error codes.
Mbed Crypto 3.0.1 ships with TF-M. To make Mbed TLS 2.22.0 compatible with Mbed Crypto 3.0.1, changes are needed in psa_util.h (which abstracts some portions of the PSA Crypto API for use with TLS) to deal with new ECC curve define changes.
Use instead the general TF-M v8-M virtual NVIC: features/FEATURE_PSA/TARGET_TFM/TARGET_TFM_V8M/src/cmsis_nvic_virtual.c
|
Closing in favor of #12955 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary of changes
Replace the Mbed implementation of PSA with the implementation from TrustedFirmware-M (TF-M).
This is still a work in progress. As noted in commits with XXX, there are a few things to tidy up before this becomes ready. We'd also like to do more thorough testing, hence raising this PR early.
Impact of changes
Migration actions required
How targets enable PSA has changed. Please refer to features/FEATURE_PSA/supporting_psa_in_mbed-os.md for updated instructions on adding PSA to your target as a new target porting person.
Documentation
Porting guide updates for PSA at features/FEATURE_PSA/supporting_psa_in_mbed-os.md
Pull request type
Test results
Reviewers
@Devran01 @jainvikas8