Initialize platform in trng test #9493
Conversation
RonEld
force-pushed
the
add_platform_initialization_in_trng_test
branch
from
20ad736 to
7dfe3e4
Compare
|
@RonEld, thank you for your changes. |
|
Note:
|
|
@RonEld this function should not be called in the test, but in mbed OS. We need the test to make sure mbed OS will work. Please move the call to a platform specific initialization code |
|
@dannybenor Although I agree with you, this is the design of the function, and of Mbed OS design. |
|
More information in IOTSSL-1576 |
|
@bulislaw need your input here. We have functionality in mbedOS that uses crypto. Adding a new target should not brake it. Adding the initialization to the test is not helping. If the function mbedtls_platform_terminate() is required for some targets, code should not work for any target if the function is not called. |
|
In current design, modules in Mbed OS, that use Mbed TLS \ crypto, should call |
|
@liatvindzberg @erezlandau FYI |
This is in discussion in ARMmbed/mbed-crypto#24 . IMHO, once PSA will be fully integrated within Mbed OS,
For PSA point of view, |
|
That's a breaking change isn't it? As in current use of TLS/crypto won't work without this change? Generally speaking, my personal opinion is, that we shouldn't initialise modules globally unless they are used by the OS itself. In this case user is well aware that he/she will need TLS/crypto so they should initialise it. That being said, it's a breaking change, is there a way for us to hide it in existing calls so that we are backward compatible? Could public API initialise the modules if they weren't initialised before? |
|
I wouldn't say it's a breaking change. but a bug fix.
As mentioned, I don't think it's a breaking change, but a bug fix, and we are backwards compatible. The NRF52480 didn't work before on this test, since the Cryptocell library porting was introduced in #6794 |
|
This "simple" fix seems to be difficult to understand the implications. @RonEld Where is this captured (any docs) that these 2 functions need to be invoked when crypto used ? How we can proceed further? @ARMmbed/mbed-os-crypto Please review |
|
@0xc0170 As mentioned in previous comment, it is described in https://os.mbed.com/docs/mbed-os/v5.11/porting/hardware-accelerated-crypto.html#mbed-tls-platform-context |
|
Also in the function description: https://github.com/ARMmbed/mbed-os/blob/master/features/mbedtls/inc/mbedtls/platform.h#L335 |
There was a problem hiding this comment.
The implications of this fix:
- The test will pass for every properly functioning and integrated TRNG
- The test won't catch that some part of the OS uses the TRNG but does not call
mbedtls_platform_setup()before. - We can't see yet how this affects future plans (see mbedtls_platform_setup and psa_crypto_init mbed-crypto#24)
If we are unhappy with the fix we have two other options:
- Leave it as it is and have correct implementations fail the test suite.
- Move
mbedtls_platform_setup()back to Mbed OS boot.
This fix is a clear improvement to option 1 and I can see why we don't want option 2.
That being said this test does not catch that a part of the OS uses TRNG but does not call mbedtls_platform_setup(). This failure can potentially be silent and still catastrophic for security. Optimally we should identify every part of the OS that uses TRNG and add a test for that module that makes sure that the platform initialisation has been done where it is needed.
I am approving since this fix is a clear improvement, but it would be best to cover the gaps in the test suite. If that is out of scope for this PR, then we should raise an issue about it. (My approval is conditional on fixing the gap or raising an issue for it.)
|
Thanks @yanesca ! @dannybenor Do you agree with the above statement about options and approval for this PR? |
|
O do not agree with adding the call to the test. |
|
From what you are saying, you also do not agree of having |
|
Note: Having the initialization done at boot time, causing the hw acceleration engine to always be "on", might have side effects of high power consumption. see #9372 for example. |
At the moment we're moving the crypto APIs from Mbed TLS to PSA. We haven't completed that work yet, and it's still in transition. When we have completed that work, I'd expect users of only Crypto APIs to not need to call cc: @Patater |
|
@RonEld Can you talk to @dannybenor to resolve this please? We shall find a path forward or close this PR |
|
@RonEld This PR can be enhanced to make sure all uses of crypto in mbed OS will work, not only this test. |
Test run: FAILEDSummary: 1 of 1 test jobs failed Failed test jobs:
|
|
Unittest failures are related, please review |
|
I have fixed failures in unittests. Once CI completes successfully, I will squash the commits to dcc194f |
|
CI started |
Add calls to `mbedtls_platform_setup()` and `mbedtls_platform_terminate()` to the trng greentea test, to initialize the hardware acceleration engines, in some platforms.
Add calls to `mbedtls_platform_setup()` and `mbedtls_platform_teardown()` to all modules and tests using Mbed TLS.
Use a singleton Mutex in platforms_alt functions, to be shared with the trng function, to save RAM. Rename `platform_alt.c` to `platform_alt.cpp` as the mutex is in a `singletonPtr` template class.
|
@0xc0170 Do you want me to squash the CI fixes, or is there a need for reviewing them before? |
|
As soon as CI finishes, the log could be cleaned. Let us know once done |
Test run: SUCCESSSummary: 12 of 12 test jobs passed |
|
@RonEld This shall be ready for integration, do you want to squash and we rerun ci? |
RonEld
force-pushed
the
add_platform_initialization_in_trng_test
branch
from
a70a563 to
77f9faf
Compare
|
@0xc0170 done |
|
CI restarted |
Test run: FAILEDSummary: 1 of 12 test jobs failed Failed test jobs:
|
|
I restarted CI to get new results |
|
@RonEld all green, reviewed, this shall be now ready for integration |
Description
Add calls to
mbedtls_platform_setup()andmbedtls_platform_terminate()to the trng greentea test, toinitialize the hardware acceleration engines, in some platforms.
However, this involves hal test including Mbed TLS API, which I am not sure is architecturally correct. On the other hand,
mbedtls_platform_setup()is intended for initializing the HW acceleration engines, where needed.This should fix IOTPART-6810
@ashok-rao Could you please check that this resolves the issue you encountered on LAIRD BL654, and if it does, please return the usage of Cryptocell in that library?
Pull request type
Reviewers
@ARMmbed/mbed-os-crypto