This patch updates the implication of using flash when running
ITS and SST regression test. The tests create WRITE_ONCE test assets
during the test execution. This means that when the test runs again
the test asset creation fails as the WRITE_ONCE assts cannot be created
again.

Also, if there is latent data in the flash which is not compatible with
the SST FS data, the tests will work correctly. This means that the flash
needs to be erased before running the tests.

Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: I201bd6299cb59fdf53fac3d68025c41966283605

Fix attest_get_option_flags crashing when it is called with
NULL challenge->ptr (i.e initial_attest_get_token_size
set challenge.ptr=NULL before calling  attest_create_token which
call attest_get_option_flags)

Change-Id: I34fc21ba35802432a041bdb4925c6298106de146
Signed-off-by: Michel Jaouen <michel.jaouen@st.com>

There is an access violation risk by using 'while' loop to set
'outlen' in 4 'outvec' case. Use for loop to limit the cycles.

Change-Id: I983082c24b89b6ca21014b5b9e25007ba2cd1968
Signed-off-by: Ken Liu <ken.liu@arm.com>

This patch adds a command to the build-instructions
in order help guide new users checking out the
dependencies for the first time.

Change-Id: I7409231138de063621a2323cb002a9b67facfb46
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>

This documentation patch is updating the software requirements
and build instructions for the 1.0 release

* Removed win and msys2 from supported build enviroments.
* Added a note and guidance for compiling with ARMCLANG 6.10.0
* Added references between build-instructions and requirements
  to improve user experiences

Change-Id: I20c70b9be208eb11b3810bf1e0dc43a4321e1229
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>

Updates the Crypto service documentation to reflect changes to the
code.

Change-Id: I5412348d9c1437a78c685cfa2f0a2f3bcea1ab62
Signed-off-by: Jamie Fox <jamie.fox@arm.com>

Remove an out-dated comment about the limitations
that attestation service is not able to sign the token.
This limitation was removed a long ago, comment was left
in the code accidentally.

Change-Id: I3f6e15fa1a62123820970587ecb2dce8d5680c26
Signed-off-by: Tamas Ban <tamas.ban@arm.com>

Fixes some uses of old error types in sst_read_object that caused a
build failure when SST_ENCRYPTION was set to off.

Change-Id: Ic67c68654916da96fcdb40aa9510ed6003d4a81c
Signed-off-by: Jamie Fox <jamie.fox@arm.com>

Removes override for SST_RAM_FS=ON for Musca-A, as the board is able to
run with the RAM FS off.

Change-Id: I3b60b0be2855a1a7e98c06c5ed69a220bd157b4b
Signed-off-by: Jamie Fox <jamie.fox@arm.com>

This patch introduces a colection of minor issues:
* Fixed whitespace
* Fixed table formatting
* Fixed link references
* Updated version references in text

Change-Id: I1ff8ac4eec956467506f488df84c95fd4f3df7a0
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>

This patch updates the Protected Storage integration
guide in line with the PSA 1.0 api header.

Change-Id: I99a405cf9d43c87b33869322117581b7cf27318d
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>

This patch removes all documentes listed under the
path '/lib/ext' from the Sphynx build TOC and adds
the patch to exclusion list.

Change-Id: I7852b030b946d68b359c31ce4a785920a07f4ff5
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>

This patch introduces a trivial versioning scheme in place for the
upcoming v1.0 release. A more grand scheme encoding the git information,
toolchain information, and other environment parameters will be discussed
and rolled out in future.

Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: I4fea7df4f008ea3709071e5c414200ae17ac9687

Kevin Peng authored Mar 03, 2020 and Jamie Fox committed Mar 12, 2020

SST calls ITS APIs as its backend filesystem.
So it's impossible to build SST without ITS.
This patch forces to enable ITS when SST is enabled.

Change-Id: I09866c2d96c2b3b64e7c32b556d32ed078098636
Signed-off-by: Kevin Peng <kevin.peng@arm.com>

SHA-1 is considered to a weak message digest, so this patch changes it
to disabled by default. Makes corresponding updates to the tests.

Change-Id: Idfb7f1b33d46b9ba553a327e4ed83320e728870b
Signed-off-by: Jamie Fox <jamie.fox@arm.com>

Sergei Trofimov authored Mar 09, 2020 and Tamas Ban committed Mar 12, 2020

- Replace not-existing security level value with an existing one.
- Add validation for the number of arguments for the script.

Change-Id: Iec30435a05ceebd6117f507daad0482ecc3814a6
Signed-off-by: Sergei Trofimov <sergei.trofimov@arm.com>

Correct "psa_ff_test_manifest_list.yaml" to
"tfm_psa_ff_test_manifest_list.yaml" in tfm_build_instruction.rst file.

Change-Id: Ib5cf303e4ef8da0fae62e8c1d0aa991ba4afde43
Signed-off-by: Shawn Shan <shawn.shan@arm.com>

To keep macro align with psa-arch-tests. Changes:
    PSA_API_TEST_SECURE_STORAGE
        -->PSA_API_TEST_PROTECTED_STORAGE
    PSA_API_TEST_ATTESTATION
        -->PSA_API_TEST_INITIAL_ATTESTATION

Change-Id: Icf3d0434cc863fe38704fddff37982754edeae75
Signed-off-by: Karl Zhang <karl.zhang@linaro.org>

This patch increases stack size for internal trusted
storage service.
This is the minimum stack size for running all the regression
tests for different configurations with SST_RAM_FS disabled on
Musca-b1.
And also removes the force setting of SST_RAM_FS for Musca-b1.

Change-Id: Ib73e1bed5bd9108681d650859ea87b200a0ae2e5
Signed-off-by: Kevin Peng <kevin.peng@arm.com>

Dávid Vincze authored Feb 10, 2020 and Tamas Ban committed Mar 11, 2020

The TLV iterator can find the first required TLV in the image manifest.
Since there is only one security counter TLV there is no need to
continue the search and the surrounding loop can be removed.

Change-Id: I2ce04291537e853036b880cfe650c3bb8aa3e846
Signed-off-by: David Vincze <david.vincze@arm.com>

Replace all "\" with "/" in path names to keep #include lines
consistent, whether the files were generated on windows or linux.

Signed-off-by: TTornblom <thomas.tornblom@iar.com>
Change-Id: Iae59f91515056e8318a247a681a5cd7118749660

Rather than modifying the PDL code to allow a single call to set the
required access, make multiple calls from TFM. This makes the PDL
patch smaller.

Change-Id: I8486ee3ae8dcaa4b896311d9fbb7f4a2b829386d
Signed-off-by: Chris Brand <chris.brand@cypress.com>

Any customer sensitive data stored in device needs to be destroyed
upon switching to RMA state.

Erase 0x101c0000 to 0x101cffff area that holds Secure STorage (SST) and
internal trusted storage (ITS) partitions, as well as NV counters
and scratch area.

Erase 0x10050000 to 0x1016ffff (non-secure image primary partition).

The psoc64 policy also erases eFuses containing Unique Device Secret
(UDS) and SECURE_HASH2 area.

Signed-off-by: Andrei Narkevitch <ainh@cypress.com>
Change-Id: I10b4646dd8fd152cab5a5b2709700e91fe78572f

---- Problem ----
MBEDTLS_USER_CONFIG_FILE setting was not picked up when
build MBedCrypto library.

Like MBEDTLS_CONFIG_FILE, MBEDTLS_USER_CONFIG_FILE alone is
not enough, including PATH is also needed to find the file.

---- Solution ----
Passing FILE & PATH information through MBEDCRYPTO_C_FLAGS
to BuildMbedCrypto.cmake

Change-Id: If5820e82df5a72b4cfa60fb1872a7add9204d686
Signed-off-by: Alamy Liu <alamy.liu@cypress.com>

Remove protection from the secondary secure image to support
upgrading it.
Re-purpose SMPU1 to cover just the ITS part of flash.
Re-purpose SMPU2 to cover just the NV Counters in flash.
Re-purpose SMPU3 to cover just the SST part of flash.
This also removes protection from the unused space in flash.

Change-Id: Id9517b85db426b760069d7133651bd362d21eba9
Signed-off-by: Chris Brand <chris.brand@cypress.com>

To facilitate changes in SMPU confguration, move the ITS,
SST, NV counters, and scratch space locations in flash.

Change-Id: I46aa397386cbb70587359db63af3461b7595391c
Signed-off-by: Chris Brand <chris.brand@cypress.com>

The PSoC64 has a hardware fix such that the executable SRAM
region is no longer needed, so delete it.

Change-Id: I106aa32823606f06bda9f410899d8ab43602fbee
Signed-off-by: Chris Brand <chris.brand@cypress.com>

Add the lifecycle related macros and APIs and only return
PSA_LIFECYCLE_UNKNOWN to the caller. It will be implemented in the
future.

Change-Id: Ia3e327f88c559ac6611ddabf2fb9e8c5150619eb
Signed-off-by: Shawn Shan <shawn.shan@arm.com>

To align with ARMCLANG scatter file, add the TFM_UNPRIV_DATA region in
the GNUARM linker file. So that the MPU configure can work in isolation
level 1.

Change-Id: I55b7e9bddf90e895205355f13d33049d3f8f4380
Signed-off-by: Edison Ai <edison.ai@arm.com>

Setting CONFIG_TFM_ENABLE_MEMORY_PROTECT to "ON" to enable the memory
protection function for PSA FF test in isolation level 1 IPC model.

Change-Id: Ia6da845d40be5d25787bbe643bd1591655f85c7d
Signed-off-by: Edison Ai <edison.ai@arm.com>

Add a config macro "CONFIG_TFM_ENABLE_MEMORY_PROTECT" to control if the
memory protection function is enabled or not. The default value is "OFF"
and it is set to "ON" when the isolation level greater than 1.

Change-Id: I3e5495c97183e07a0f9b82ea4923ea20ee10071a
Signed-off-by: Edison Ai <edison.ai@arm.com>
Co-authored-by: Shawn Shan <shawn.shan@arm.com>

In isolation level 2, the MPU needs to be configured for the peripherals
which accessed by the APP RoT.
Add this function on AN521, MUSCA_A and MUSCA_B1 boards.

Change-Id: Ib1fe691171ea7506747bd85c2b75a7f148c6025f
Signed-off-by: Edison Ai <edison.ai@arm.com>

Change the return type of tfm_spm_hal_configure_default_isolation() from
"void" to "enum tfm_plat_err_t" to report errors to caller.

Change-Id: Iadfd82e546a5141f0db1624358f09111fd7530c1
Signed-off-by: Edison Ai <edison.ai@arm.com>

Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: Id14d6f06b80ef13b0644fa48fa1b405508f3842e

The psa_asymmetric_sign() and psa_asymmetric_verify(),although part
of 1.0 beta3 specification, were deprecated by mbed-crypto as part
of migrating towards PSA 1.0 specification. Reintroduce the
declarations to allow Apps to use these APIs.

Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: I453b7be8db2114863e689aa6d5fbda3101c98bfb

Jamie Fox authored Feb 20, 2020 and Soby Mathew committed Feb 24, 2020

Change-Id: Idec5ea38ddff91504db4266c2dbde278889ce6d6
Signed-off-by: Jamie Fox <jamie.fox@arm.com>

Jamie Fox authored Feb 20, 2020 and Soby Mathew committed Feb 24, 2020

Change-Id: I9967c52aaa4d531ec89642b0e8f2bc50b2da5cfe
Signed-off-by: Jamie Fox <jamie.fox@arm.com>

Jamie Fox authored Feb 19, 2020 and Soby Mathew committed Feb 24, 2020

Updates the SST crypto interface to use the PSA Crypto 1.0 APIs for key
derivation.

Change-Id: I23c51b52698889eb70bded8bef6b74b7a20e1bdd
Signed-off-by: Jamie Fox <jamie.fox@arm.com>

Antonio De Angelis authored Oct 14, 2019 and Soby Mathew committed Feb 24, 2020

This patch upgrades the Crypto service to be able
to use Mbed Crypto 3.0.1:

- Updates the PSA crypto headers to latest available in mbed-crypto
- Updates the service implementation
- Updates the test suites where needed
- Updates the SST and Attestation interfaces
  towards cryptographic functionalities
- Updates documentation to reflect updated
  requirements, and changes in the integration guide

This patch migrates the use of psa_asymmetric_sign() and
psa_asymmetric_verify() to the non-deprecated versions of
the API psa_sign_hash() and psa_verify_hash().

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: I7d8275def2336c1b5cfb8847b2842c305cfab116

Set 'SST_RAM_FS' to 'ON' on the MUSCA_B1 and MUSCA_A boards to use the
RAM as a default device to store the FS in secure storage service.

Change-Id: Ib7ffaf6217e63a18cfe724cdcab23d3ce26aee0c
Signed-off-by: Edison Ai <edison.ai@arm.com>