Merge pull request ARMmbed#82 from ARMmbed/new_sotp

FEATURE: Added SOTP

Author: bogdanm

.mbedignore

@@ -3,7 +3,14 @@ mbed-os/rtos/*
 mbed-os/events/*
 mbed-os/features/FEATURE_LWIP/*
 mbed-os/features/FEATURE_BLE/*
-mbed-os/features/FEATURE_COMMON_PAL/*
+mbed-os/features/FEATURE_COMMON_PAL/mbed-client-randlib/*
+mbed-os/features/FEATURE_COMMON_PAL/mbed-coap/*
+mbed-os/features/FEATURE_COMMON_PAL/nanostack-hal-mbed-cmsis-rtos/*
+mbed-os/features/FEATURE_COMMON_PAL/sal-stack-nanostack-eventloop/*
+mbed-os/features/FEATURE_COMMON_PAL/mbed-trace/source/*
+mbed-os/features/FEATURE_COMMON_PAL/mbed-trace/test/*
+mbed-os/features/FEATURE_COMMON_PAL/nanostack-libservice/source/*
+mbed-os/features/FEATURE_COMMON_PAL/nanostack-libservice/test/*
 mbed-os/features/FEATURE_UVISOR/*
 mbed-os/features/nanostack/*
 mbed-os/features/netsocket/*
@@ -26,4 +33,26 @@ update-client-hub/modules/pal-filesystem/*
 update-client-hub/modules/pal-target-specific/*
 update-client-hub/modules/source-http/*
 update-client-hub/modules/source-manager/*
-update-client-hub/modules/common/source/arm_uc_scheduler.c
+update-client-hub/modules/common/source/arm_uc_scheduler.c
+mbed-client-pal/Test/*
+mbed-client-pal/Utils/*
+mbed-client-pal/Examples/*
+mbed-client-pal/Source/PAL-Impl/pal_init.c
+mbed-client-pal/Source/PAL-Impl/Modules/Crypto/*
+mbed-client-pal/Source/PAL-Impl/Modules/Networking/*
+mbed-client-pal/Source/PAL-Impl/Modules/RTOS/*
+mbed-client-pal/Source/PAL-Impl/Modules/TLS/*
+mbed-client-pal/Source/PAL-Impl/Modules/Update/*
+mbed-client-pal/Source/PAL-Impl/Modules/Storage/FileSystem/*
+mbed-client-pal/Source/Port/Reference-Impl/Lib_Specific/*
+mbed-client-pal/Source/Port/Reference-Impl/OS_Specific/FreeRTOS/*
+mbed-client-pal/Source/Port/Reference-Impl/OS_Specific/Linux/*
+mbed-client-pal/Source/Port/Reference-Impl/OS_Specific/mbedOS/Networking/*
+mbed-client-pal/Source/Port/Reference-Impl/OS_Specific/mbedOS/RTOS/*
+mbed-client-pal/Source/Port/Reference-Impl/OS_Specific/mbedOS/Update/*
+mbed-client-pal/Source/Port/Reference-Impl/OS_Specific/mbedOS/Storage/FileSystem/*
+mbed-client-esfs/Test/*
+mbed-client-esfs/Tools/*
+mbed-client-esfs/source/esfs.c
+mbed-client-esfs/source/esfs_file_name.c
+mbed-client-esfs/source/esfs_performance.c

mbed-client-esfs.lib

@@ -0,0 +1 @@
+https://github.com/ARMmbed/mbed-client-esfs/#2b1c9bf3752307eb32eea6f502aede7b086e7649

mbed-client-pal.lib

@@ -0,0 +1 @@
+https://github.com/ARMmbed/mbed-client-pal/#874ed03ef1be14a25191f3abb0fb566ffa4c3961

mbed_app.json

@@ -8,7 +8,10 @@
         "MAX_BOOT_RETRIES=3",
         "ARM_UC_USE_PAL_CRYPTO=0",
         "Mutex=PlatformMutex",
-        "ARM_UC_USE_PAL_BLOCKDEVICE"
+        "ARM_UC_USE_PAL_BLOCKDEVICE=1",
+        "PAL_USE_INTERNAL_FLASH=1",
+        "PAL_THREAD_SAFETY=0",
+        "ARM_UC_USE_SOTP=1"
     ],
     "config": {
         "firmware_metadata_header_address": {

power_cut_test/test_mbed_app.json

@@ -9,7 +9,9 @@
         "ARM_UC_USE_PAL_CRYPTO=0",
         "BOOTLOADER_POWER_CUT_TEST=1",
         "Mutex=PlatformMutex",
-        "ARM_UC_USE_PAL_BLOCKDEVICE"
+        "ARM_UC_USE_PAL_BLOCKDEVICE=1",
+        "PAL_USE_INTERNAL_FLASH=1",
+        "PAL_THREAD_SAFETY=0"
     ],
     "config": {
         "firmware_metadata_header_address": {

source/example_insecure_rot.c

@@ -16,6 +16,8 @@
 // limitations under the License.
 // ----------------------------------------------------------------------------
 
+#if !defined(ARM_UC_USE_SOTP) || ARM_UC_USE_SOTP == 0
+
 #include <inttypes.h>
 #include <stddef.h>
 
@@ -51,3 +53,5 @@ int8_t mbed_cloud_client_get_rot_128bit(uint8_t *key_buf, uint32_t length)
 
     return 0;
 }
+
+#endif // #if !defined(ARM_UC_USE_SOTP) || ARM_UC_USE_SOTP == 0

source/sotp_rot.c

@@ -0,0 +1,82 @@
+// ----------------------------------------------------------------------------
+// Copyright 2016-2017 ARM Ltd.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------
+
+#if defined(ARM_UC_USE_SOTP) && ARM_UC_USE_SOTP == 1
+
+#include <inttypes.h>
+#include <stddef.h>
+#include <string.h>
+#include "pal.h"
+#include "sotp.h"
+
+#define DEVICE_KEY_SIZE_IN_BYTES (128/8)
+
+/* We can get the RoT from SOTP using either sotp_probe (when ARM_UC_SOTP_PROBE_ONLY is defined to 1)
+ * or the "regular" sotp_get function (when ARM_UC_SOTP_PROBE_ONLY is not defined or is defined to 0)
+ */
+#if defined(ARM_UC_SOTP_PROBE_ONLY) && ARM_UC_SOTP_PROBE_ONLY == 1
+#define SOTP_GET_FUNCTION sotp_probe
+#else
+#define SOTP_GET_FUNCTION sotp_get
+#endif
+
+/**
+ * @brief Function to get the device root of trust
+ * @details The device root of trust should be a 128 bit value. It should never leave the device.
+ *          It should be unique to the device. It should have enough entropy to avoid contentional
+ *          entropy attacks. The porter should implement the following device signature to provide
+ *          device root of trust on different platforms.
+ *
+ * @param key_buf buffer to be filled with the device root of trust.
+ * @param length  length of the buffer provided to make sure no overflow occurs.
+ *
+ * @return 0 on success, non-zero on failure.
+ */
+
+int8_t mbed_cloud_client_get_rot_128bit(uint8_t *key_buf, uint32_t length)
+{
+    static bool initialized = false;
+    uint32_t rot[DEVICE_KEY_SIZE_IN_BYTES / sizeof(uint32_t)];
+    uint16_t actual_len_bytes = 0;
+    sotp_result_e status = SOTP_NOT_FOUND;
+
+    if (length < DEVICE_KEY_SIZE_IN_BYTES || key_buf == NULL)
+    {
+        return -1;
+    }
+
+    if (!initialized)
+    {
+#if !defined(ARM_UC_SOTP_PROBE_ONLY) || ARM_UC_SOTP_PROBE_ONLY == 0 // sotp_probe doesn't need sotp_init()
+        if (pal_internalFlashInit() != PAL_SUCCESS)
+        {
+            return -1;
+        }
+#endif
+        initialized = true;
+    }
+    status = SOTP_GET_FUNCTION(SOTP_TYPE_ROT, DEVICE_KEY_SIZE_IN_BYTES, rot, &actual_len_bytes);
+    if (status != SOTP_SUCCESS || actual_len_bytes != DEVICE_KEY_SIZE_IN_BYTES)
+    {
+        return -1;
+    }
+    memcpy(key_buf, rot, DEVICE_KEY_SIZE_IN_BYTES);
+    return 0;
+}
+
+#endif // #if defined(ARM_UC_USE_SOTP) && ARM_UC_USE_SOTP == 1