Musca B1: Add ADAC support for musca b1 platform
Signed-off-by: Maulik Patel <maulik.patel@arm.com>
Signed-off-by: Mathias Brossard <mathias.brossard@arm.com>
Change-Id: I01899f0fd15065380f84a6b4ad8be474cee0f068
diff --git a/psa-adac/core/src/adac_certificate.c b/psa-adac/core/src/adac_certificate.c
index ba405dc..f077d0f 100644
--- a/psa-adac/core/src/adac_certificate.c
+++ b/psa-adac/core/src/adac_certificate.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2022 Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2023 Arm Limited. All rights reserved.
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -64,7 +64,7 @@
} else {
size_t exts_size = ROUND_TO_WORD(h_crt->extensions_bytes);
if ((body_size + exts_size) != crt_size) {
- // Inconsistent size
+ /* Inconsistent size */
r = PSA_ERROR_INVALID_ARGUMENT;
}
}
@@ -109,10 +109,10 @@
size_t body_size = 0;
if ((crt == NULL) || (key == NULL) || (crt_size <= 0UL) || (key_size <= 0UL)) {
- PSA_ADAC_LOG_ERR("crt", "Invalid arguments\n");
+ PSA_ADAC_LOG_ERR("crt", "Invalid arguments\r\n");
r = PSA_ERROR_INVALID_ARGUMENT;
} else if ((h_crt->key_type != key_type) || (h_crt->signature_type != key_type)) {
- PSA_ADAC_LOG_ERR("crt", "Types mismatch\n");
+ PSA_ADAC_LOG_ERR("crt", "Types mismatch\r\n");
r = PSA_ERROR_NOT_SUPPORTED;
} else if ((h_crt->key_type == ECDSA_P256_SHA256) && (h_crt->signature_type == ECDSA_P256_SHA256)) {
#ifdef PSA_ADAC_EC_P256
@@ -186,7 +186,7 @@
ext_hash = s_crt->extensions_hash;
hash_size = sizeof(s_crt->extensions_hash);
hash_algo = EDDSA_ED25519_HASH_ALGORITHM;
- // TODO
+ /* TODO */
#endif
r = PSA_ERROR_NOT_SUPPORTED;
} else if ((h_crt->key_type == ED_448_SHAKE256) && (h_crt->signature_type == ED_448_SHAKE256)) {
@@ -201,7 +201,7 @@
ext_hash = s_crt->extensions_hash;
hash_size = sizeof(s_crt->extensions_hash);
hash_algo = EDDSA_ED448_HASH_ALGORITHM;
- // TODO
+ /* TODO */
#endif
r = PSA_ERROR_NOT_SUPPORTED;
} else if ((h_crt->key_type == SM_SM2_SM3) && (h_crt->signature_type == SM_SM2_SM3)) {
@@ -216,7 +216,7 @@
ext_hash = s_crt->extensions_hash;
hash_size = sizeof(s_crt->extensions_hash);
hash_algo = SM2_SM3_HASH_ALGORITHM;
- // TODO
+ /* TODO */
#endif
r = PSA_ERROR_NOT_SUPPORTED;
} else if ((h_crt->key_type == CMAC_AES) && (h_crt->signature_type == CMAC_AES)) {
@@ -250,7 +250,7 @@
r = PSA_ERROR_NOT_SUPPORTED;
#endif
} else {
- PSA_ADAC_LOG_ERR("crt", "Unsupported certificate type\n");
+ PSA_ADAC_LOG_ERR("crt", "Unsupported certificate type\r\n");
r = PSA_ERROR_NOT_SUPPORTED;
}
@@ -258,25 +258,25 @@
size_t exts_size = ROUND_TO_WORD(h_crt->extensions_bytes);
if (exts_size > 0UL) {
if ((body_size + exts_size) != crt_size) {
- // Inconsistent size
+ /* Inconsistent size */
r = PSA_ERROR_INVALID_ARGUMENT;
} else {
r = psa_adac_certificate_verify_extensions(ext, exts_size, hash_algo, key_type,
key, key_size, ext_hash, hash_size);
if (r != PSA_SUCCESS) {
- // Hash does not match
+ /* Hash does not match */
}
}
} else {
- // TODO: Check all zeros
+ /* TODO: Check all zeros */
}
}
if (PSA_SUCCESS == r) {
- PSA_ADAC_LOG_TRACE("crt", "Starting signature verification (%d)\n", sig_size);
+ PSA_ADAC_LOG_TRACE("crt", "Starting signature verification (%d)\r\n", sig_size);
r = psa_adac_verify_signature(key_type, key, key_size, hash_algo, (const uint8_t **) &crt, &tbs_size, 1,
sig_algo, sig, sig_size);
- PSA_ADAC_LOG_DEBUG("crt", "Signature verification: %s\n", (r == PSA_SUCCESS) ? "success" : "failure");
+ PSA_ADAC_LOG_DEBUG("crt", "Signature verification: %s\r\n", (r == PSA_SUCCESS) ? "success" : "failure");
}
return r;
diff --git a/psa-adac/core/src/adac_token.c b/psa-adac/core/src/adac_token.c
index e5c1df0..a2205a9 100755
--- a/psa-adac/core/src/adac_token.c
+++ b/psa-adac/core/src/adac_token.c
@@ -1,16 +1,16 @@
/*
- * Copyright (c) 2020 Arm Limited. All rights reserved.
+ * Copyright (c) 2020-2023 Arm Limited. All rights reserved.
* SPDX-License-Identifier: BSD-3-Clause
*/
-#include <psa_adac_config.h>
-
-#include <psa_adac.h>
-#include <psa_adac_crypto_api.h>
-#include <psa_adac_cryptosystems.h>
-#include <psa_adac_debug.h>
-
#include <stdlib.h>
+#include "psa_adac_config.h"
+
+#include "psa_adac.h"
+#include "psa_adac_crypto_api.h"
+#include "psa_adac_cryptosystems.h"
+#include "psa_adac_debug.h"
+
psa_status_t psa_adac_token_verify_info(uint8_t token[], size_t token_size, uint8_t **sig, size_t *sig_size,
size_t *tbs_size, size_t *body_size, psa_algorithm_t *hash_algo,
@@ -89,7 +89,7 @@
#endif
} else if (header->signature_type == ED_25519_SHA512) {
#ifdef PSA_ADAC_ED25519
- // TODO
+ /* TODO */
token_ed255_t *_token = (token_ed255_t *) token;
_body_size = sizeof(token_ed255_t);
_tbs_size = offsetof(token_ed255_t, signature);
@@ -104,7 +104,7 @@
#endif
} else if (header->signature_type == ED_448_SHAKE256) {
#ifdef PSA_ADAC_ED448
- // TODO
+ /* TODO */
token_ed448_t *_token = (token_ed448_t *) token;
_body_size = sizeof(token_ed448_t);
_tbs_size = offsetof(token_ed448_t, signature);
@@ -119,7 +119,7 @@
#endif
} else if (header->signature_type == SM_SM2_SM3) {
#ifdef PSA_ADAC_SM2
- // TODO
+ /* TODO */
token_sm2sm3_t *_token = (token_sm2sm3_t *) token;
_body_size = sizeof(token_sm2sm3_t);
_tbs_size = offsetof(token_sm2sm3_t, signature);
@@ -170,16 +170,16 @@
if (PSA_SUCCESS == ret) {
size_t exts_size = ROUND_TO_WORD(header->extensions_bytes);
if ((_body_size + exts_size) != token_size) {
- PSA_ADAC_LOG_ERR("token", "Size inconsistency %zu + %zu != %zu\n", _body_size, exts_size, token_size);
+ PSA_ADAC_LOG_ERR("token", "Size inconsistency %zu + %zu != %zu\r\n", _body_size, exts_size, token_size);
ret = PSA_ERROR_INVALID_ARGUMENT;
} else {
if (exts_size > 0UL) {
- // FIXME: PSA_ALG_CMAC
+ /* FIXME: PSA_ALG_CMAC */
if (psa_adac_hash_verify(_hash_algo, exts, exts_size, ext_hash, ext_hash_size) != PSA_SUCCESS) {
- PSA_ADAC_LOG_ERR("token", "Token extension hash does not match\n");
+ PSA_ADAC_LOG_ERR("token", "Token extension hash does not match\r\n");
ret = PSA_ERROR_INVALID_SIGNATURE;
} else {
- // FIXME: Check for 0s
+ /* FIXME: Check for 0s */
}
}
}
@@ -210,7 +210,7 @@
&body_size, &hash_algo, &sig_algo);
if (ret != PSA_SUCCESS) {
- PSA_ADAC_LOG_ERR("token", "Unsupported token signature format\n");
+ PSA_ADAC_LOG_ERR("token", "Unsupported token signature format\r\n");
} else {
const uint8_t *parts[2] = {(uint8_t *) token, challenge};
size_t part_sizes[2] = {tbs_size, challenge_size};
@@ -218,7 +218,7 @@
sig_algo, sig, sig_size);
}
- PSA_ADAC_LOG_DEBUG("token", "Signature verification (%d): %s\n", ret, (ret == PSA_SUCCESS) ? "success" : "failure");
+ PSA_ADAC_LOG_DEBUG("token", "Signature verification (%d): %s\r\n", ret, (ret == PSA_SUCCESS) ? "success" : "failure");
return ret;
}
diff --git a/psa-adac/sda/src/psa_adac_sda.c b/psa-adac/sda/src/psa_adac_sda.c
index 996db70..d7786cc 100644
--- a/psa-adac/sda/src/psa_adac_sda.c
+++ b/psa-adac/sda/src/psa_adac_sda.c
@@ -61,7 +61,7 @@
response_packet_t *authentication_discovery(authentication_context_t *auth_ctx, request_packet_t *request) {
(void) authenticator_request_packet_release(auth_ctx, request);
- PSA_ADAC_LOG_DEBUG("auth", "Discovery\n");
+ PSA_ADAC_LOG_DEBUG("auth", "Discovery\r\n");
size_t max = 0;
response_packet_t *r = authenticator_response_packet_lock(auth_ctx, &max);
@@ -79,10 +79,10 @@
response_packet_t *authentication_start(authentication_context_t *auth_ctx, request_packet_t *request) {
(void) authenticator_request_packet_release(auth_ctx, request);
- PSA_ADAC_LOG_DEBUG("auth", "Starting authentication\n");
+ PSA_ADAC_LOG_DEBUG("auth", "Starting authentication\r\n");
auth_ctx->state = AUTH_CHALLENGE;
- PSA_ADAC_LOG_DEBUG("auth", "Generating challenge (%d)\n", CHALLENGE_SIZE);
+ PSA_ADAC_LOG_DEBUG("auth", "Generating challenge (%d)\r\n", CHALLENGE_SIZE);
auth_ctx->challenge.format_version.major = 0x01;
auth_ctx->challenge.format_version.minor = 0x00;
auth_ctx->challenge._reserved = 0x00;
@@ -166,11 +166,11 @@
psa_status_t certificate_check(authentication_context_t *ctx, uint8_t *crt, size_t crt_size, int is_root) {
psa_status_t r = psa_adac_certificate_check(crt, crt_size, &(ctx->rotpk_ctx), &(ctx->context), is_root);
if (PSA_SUCCESS != r) {
- PSA_ADAC_LOG_ERR("auth", "Error validating %s\n", is_root ? "root certificate" : "certificate");
+ PSA_ADAC_LOG_ERR("auth", "Error validating %s\r\n", is_root ? "root certificate" : "certificate");
} else {
r = psa_adac_platform_check_certificate(crt, crt_size);
if (PSA_SUCCESS != r) {
- PSA_ADAC_LOG_ERR("auth", "Certificate rejected by platform\n");
+ PSA_ADAC_LOG_ERR("auth", "Certificate rejected by platform\r\n");
}
}
@@ -183,13 +183,13 @@
/* Check format version before reading any other fields. */
if (header->format_version.major != ADAC_CERT_MAJOR) {
- PSA_ADAC_LOG_ERR("auth", "Unsupported certificate major version\n");
+ PSA_ADAC_LOG_ERR("auth", "Unsupported certificate major version\r\n");
return r;
}
if (header->role == ADAC_CRT_ROLE_ROOT) {
if ((auth_ctx->state != AUTH_CHALLENGE) && (auth_ctx->state != AUTH_ROT_META)) {
- PSA_ADAC_LOG_ERR("auth", "State inconsistent with receiving a root certificate\n");
+ PSA_ADAC_LOG_ERR("auth", "State inconsistent with receiving a root certificate\r\n");
} else if (PSA_SUCCESS == certificate_check(auth_ctx, crt, crt_size, 1)) {
auth_ctx->state = AUTH_ROOT;
@@ -203,7 +203,7 @@
}
} else if ((header->role == ADAC_CRT_ROLE_INT) || (header->role == ADAC_CRT_ROLE_LEAF)) {
if ((auth_ctx->state != AUTH_ROOT) && (auth_ctx->state != AUTH_CHAIN)) {
- PSA_ADAC_LOG_ERR("auth", "State inconsistent with receiving an intermediate or leaf certificate\n");
+ PSA_ADAC_LOG_ERR("auth", "State inconsistent with receiving an intermediate or leaf certificate\r\n");
} else if (PSA_SUCCESS == certificate_check(auth_ctx, crt, crt_size, 0)) {
auth_ctx->state = (header->role == ADAC_CRT_ROLE_INT) ? AUTH_CHAIN : AUTH_LEAF;
r = ADAC_NEED_MORE_DATA;
@@ -215,11 +215,11 @@
r = ADAC_FAILURE; /* [misra-c2012-15.7] */
}
} else {
- PSA_ADAC_LOG_ERR("auth_crt", "Inconsistent certificate role\n");
+ PSA_ADAC_LOG_ERR("auth_crt", "Inconsistent certificate role\r\n");
}
if (r == ADAC_FAILURE) {
- PSA_ADAC_LOG_ERR("auth_crt", "Authentication failure\n");
+ PSA_ADAC_LOG_ERR("auth_crt", "Authentication failure\r\n");
auth_ctx->state = AUTH_FAILURE;
}
return r;
@@ -237,25 +237,25 @@
/* Check format version before reading any other fields. */
if (header->format_version.major != ADAC_TOKEN_MAJOR) {
- PSA_ADAC_LOG_ERR("auth", "Unsupported token major version\n");
+ PSA_ADAC_LOG_ERR("auth", "Unsupported token major version\r\n");
return r;
}
if ((auth_ctx->state != AUTH_ROOT) && (auth_ctx->state != AUTH_LEAF)) {
- PSA_ADAC_LOG_ERR("auth", "State inconsistent with receiving a token\n");
+ PSA_ADAC_LOG_ERR("auth", "State inconsistent with receiving a token\r\n");
} else if (PSA_SUCCESS != psa_adac_token_verify_info(token, token_size, &sig, &sig_size, &tbs_size,
&body_size, &hash_algo, &sig_algo)) {
- PSA_ADAC_LOG_ERR("auth", "Error checking token\n");
+ PSA_ADAC_LOG_ERR("auth", "Error checking token\r\n");
} else if (PSA_SUCCESS != psa_adac_platform_check_token(token, token_size)) {
- PSA_ADAC_LOG_ERR("auth", "Token rejected by platform\n");
+ PSA_ADAC_LOG_ERR("auth", "Token rejected by platform\r\n");
} else if (PSA_SUCCESS !=
psa_adac_verify_token_signature(token, token_size, auth_ctx->challenge.challenge_vector,
sizeof(auth_ctx->challenge.challenge_vector),
auth_ctx->context.key_type, auth_ctx->context.content,
auth_ctx->context.size)) {
- PSA_ADAC_LOG_ERR("auth", "Invalid token signature\n");
+ PSA_ADAC_LOG_ERR("auth", "Invalid token signature\r\n");
} else {
- PSA_ADAC_LOG_INFO("auth", "Authentication successful\n");
+ PSA_ADAC_LOG_INFO("auth", "Authentication successful\r\n");
for (size_t i = 0; i < sizeof(auth_ctx->permissions_mask); i++) {
auth_ctx->permissions_mask[i] &= header->requested_permissions[i];
}
@@ -274,38 +274,38 @@
}
response_packet_t *authentication_response(authentication_context_t *auth_ctx, request_packet_t *request) {
- PSA_ADAC_LOG_DEBUG("auth", "Received Authentication Response (%d)\n", request->data_count * 4);
+ PSA_ADAC_LOG_DEBUG("auth", "Received Authentication Response (%d)\r\n", request->data_count * 4);
psa_tlv_t *fragment = (psa_tlv_t *) &request->data;
psa_status_t r = ADAC_FAILURE;
if (((request->data_count * 4) < sizeof(psa_tlv_t))
|| (((request->data_count * 4) - sizeof(psa_tlv_t)) < fragment->length_in_bytes)) {
auth_ctx->state = AUTH_FAILURE;
- PSA_ADAC_LOG_DEBUG("auth", "Request size too small\n");
+ PSA_ADAC_LOG_DEBUG("auth", "Request size too small\r\n");
} else if (fragment->type_id == PSA_BINARY_CRT) { /* TODO: Add support for RoT Metadata fragment */
if ((auth_ctx->state != AUTH_CHALLENGE) && (auth_ctx->state != AUTH_ROT_META) &&
(auth_ctx->state != AUTH_ROOT) && (auth_ctx->state != AUTH_CHAIN)) {
auth_ctx->state = AUTH_FAILURE;
- PSA_ADAC_LOG_DEBUG("auth", "State inconsistent with receiving a certificate\n");
+ PSA_ADAC_LOG_DEBUG("auth", "State inconsistent with receiving a certificate\r\n");
} else if (fragment->length_in_bytes <= sizeof(certificate_header_t)) {
auth_ctx->state = AUTH_FAILURE;
- PSA_ADAC_LOG_DEBUG("auth", "Size inconsistent with certificate\n");
+ PSA_ADAC_LOG_DEBUG("auth", "Size inconsistent with certificate\r\n");
} else {
- PSA_ADAC_LOG_TRACE("auth", "Received a certificate\n");
+ PSA_ADAC_LOG_TRACE("auth", "Received a certificate\r\n");
r = authentication_crt(auth_ctx, fragment->value, fragment->length_in_bytes);
}
} else if (fragment->type_id == PSA_BINARY_TOKEN) {
if ((auth_ctx->state != AUTH_ROOT) && (auth_ctx->state != AUTH_LEAF)) {
- PSA_ADAC_LOG_DEBUG("auth", "State inconsistent with receiving a token\n");
+ PSA_ADAC_LOG_DEBUG("auth", "State inconsistent with receiving a token\r\n");
} else if (fragment->length_in_bytes <= sizeof(token_header_t)) {
auth_ctx->state = AUTH_FAILURE;
- PSA_ADAC_LOG_DEBUG("auth", "Size inconsistent with token\n");
+ PSA_ADAC_LOG_DEBUG("auth", "Size inconsistent with token\r\n");
} else {
- PSA_ADAC_LOG_TRACE("auth", "Received a token\n");
+ PSA_ADAC_LOG_TRACE("auth", "Received a token\r\n");
r = authentication_token(auth_ctx, fragment->value, fragment->length_in_bytes);
}
} else {
- PSA_ADAC_LOG_WARN("auth", "Received neither a certificate nor a token\n");
+ PSA_ADAC_LOG_WARN("auth", "Received neither a certificate nor a token\r\n");
}
(void) authenticator_request_packet_release(auth_ctx, request);
@@ -353,14 +353,14 @@
int done = 0;
request_packet_t *request;
- PSA_ADAC_LOG_INFO("auth", "Starting authentication loop\n");
+ PSA_ADAC_LOG_INFO("auth", "Starting authentication loop\r\n");
while (done == 0) {
request = authenticator_request_packet_receive(auth_ctx);
if (NULL == request) {
break;
}
- PSA_ADAC_LOG_DEBUG("auth", "Receiving request %x\n", request->command);
+ PSA_ADAC_LOG_DEBUG("auth", "Receiving request %x\r\n", request->command);
int ret;
response_packet_t *response;
@@ -382,7 +382,7 @@
/* Send success status but otherwise do nothing. */
case ADAC_LOCK_DEBUG_CMD:
- PSA_ADAC_LOG_DEBUG("auth", "Lock debug\n");
+ PSA_ADAC_LOG_DEBUG("auth", "Lock debug\r\n");
(void) authenticator_request_packet_release(auth_ctx, request);
psa_adac_platform_lock();
response = authenticator_response_packet_build(auth_ctx, ADAC_SUCCESS, NULL, 0);
@@ -391,7 +391,7 @@
/* Send success status and terminate command loop. */
case ADAC_RESUME_BOOT_CMD:
- PSA_ADAC_LOG_DEBUG("auth", "Resuming \"boot\"\n");
+ PSA_ADAC_LOG_DEBUG("auth", "Resuming \"boot\"\r\n");
(void) authenticator_request_packet_release(auth_ctx, request);
response = authenticator_response_packet_build(auth_ctx, ADAC_SUCCESS, NULL, 0);
ret = authenticator_send_response(auth_ctx, response);
@@ -405,7 +405,7 @@
break;
default:
- PSA_ADAC_LOG_ERR("auth", "Unknown command: %04x\n", request->command);
+ PSA_ADAC_LOG_ERR("auth", "Unknown command: %04x\r\n", request->command);
(void) authenticator_request_packet_release(auth_ctx, request);
response = authenticator_response_packet_build(auth_ctx, ADAC_INVALID_COMMAND, NULL, 0);
ret = authenticator_send_response(auth_ctx, response);
@@ -413,7 +413,7 @@
}
if (ret != 0) {
- PSA_ADAC_LOG_ERR("auth", "Error sending response: %04x\n", ret);
+ PSA_ADAC_LOG_ERR("auth", "Error sending response: %04x\r\n", ret);
}
if ((auth_ctx->state == AUTH_SUCCESS) || (auth_ctx->state == AUTH_FAILURE)) {
@@ -421,7 +421,7 @@
}
}
- PSA_ADAC_LOG_INFO("auth", "Ending authentication loop\n");
+ PSA_ADAC_LOG_INFO("auth", "Ending authentication loop\r\n");
return done;
}
diff --git a/target/trusted-firmware-m/platform/arm/corstone1000/corstone1000.c b/target/trusted-firmware-m/platform/arm/corstone1000/corstone1000.c
index ea59f4c..fc13ef4 100644
--- a/target/trusted-firmware-m/platform/arm/corstone1000/corstone1000.c
+++ b/target/trusted-firmware-m/platform/arm/corstone1000/corstone1000.c
@@ -59,12 +59,12 @@
int ret = psa_adac_to_tfm_apply_permissions(permissions_mask);
if (ret) {
- PSA_ADAC_LOG_INFO("platform", "psa_adac_to_tfm_apply_permissions failed\n\r");
+ PSA_ADAC_LOG_INFO("platform", "psa_adac_to_tfm_apply_permissions failed\r\n");
return ret;
}
PSA_ADAC_LOG_INFO("platform",
- "\n\rPlatform unlcoked for the secure debug %s\n");
+ "\n\rPlatform unlcoked for the secure debug %s\r\n");
return ret;
}
diff --git a/target/trusted-firmware-m/platform/arm/musca_b1/CMakeLists.txt b/target/trusted-firmware-m/platform/arm/musca_b1/CMakeLists.txt
new file mode 100644
index 0000000..8385bd1
--- /dev/null
+++ b/target/trusted-firmware-m/platform/arm/musca_b1/CMakeLists.txt
@@ -0,0 +1,25 @@
+#
+# Copyright (c) 2023 Arm Limited. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+target_sources(${PROJECT_NAME}
+ PRIVATE
+ ${CMAKE_CURRENT_SOURCE_DIR}/psa_adac_platform.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/discovery.c
+ ${PSA_ADAC_ROOT}/transport_layer/transports/static_buffer_msg.c
+ ${PSA_ADAC_ROOT}/transport_layer/transports/memory_window.c
+)
+
+target_include_directories(${PROJECT_NAME}
+ PUBLIC
+ ${CMAKE_CURRENT_SOURCE_DIR}/include
+ PRIVATE
+ ${CMAKE_CURRENT_SOURCE_DIR}
+ ${PSA_ADAC_MBEDTLS_INCLUDE}
+ ${PSA_ADAC_ROOT}/transport_layer/transports
+)
+
+install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/include/psa_adac_platform.h
+ DESTINATION ${PSA_ADAC_INSTALL_PATH}/include
+)
diff --git a/target/trusted-firmware-m/platform/arm/musca_b1/config.cmake b/target/trusted-firmware-m/platform/arm/musca_b1/config.cmake
new file mode 100644
index 0000000..e42fe79
--- /dev/null
+++ b/target/trusted-firmware-m/platform/arm/musca_b1/config.cmake
@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2023 Arm Limited. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+set(ARM_SYSTEM_PROCESSOR cortex-m33)
+set(ARM_SYSTEM_ARCHITECTURE armv8-m.main)
+set(ARM_SYSTEM_DSP OFF)
+
+set(PSA_ADAC_EC_P256 ON CACHE BOOL "Enable support for ECDSA P-256")
+set(PSA_ADAC_EC_P521 OFF CACHE BOOL "Enable support for ECDSA P-521")
+set(PSA_ADAC_HW_CRYPTO OFF CACHE BOOL "Support for hardware cryptography")
+
+set(PSA_ADAC_USE_CRYPTOCELL On)
diff --git a/target/trusted-firmware-m/platform/arm/musca_b1/discovery.c b/target/trusted-firmware-m/platform/arm/musca_b1/discovery.c
new file mode 100644
index 0000000..a3e60b9
--- /dev/null
+++ b/target/trusted-firmware-m/platform/arm/musca_b1/discovery.c
@@ -0,0 +1,119 @@
+/*
+ * Copyright (c) 2023 Arm Limited. All rights reserved.
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include "psa_adac.h"
+#include "psa_adac_config.h"
+
+#include <stddef.h>
+#include <stdint.h>
+
+#ifdef PSA_ADAC_EC_P256
+#define EC_P256_CNT 1
+#define EC_P256_VAL ECDSA_P256_SHA256,
+#else
+#define EC_P256_CNT 0
+#define EC_P256_VAL
+#endif
+
+#ifdef PSA_ADAC_EC_P521
+#define EC_P521_CNT 1
+#define EC_P521_VAL ECDSA_P521_SHA512,
+#else
+#define EC_P521_CNT 0
+#define EC_P521_VAL
+#endif
+
+#ifdef PSA_ADAC_RSA3072
+#define RSA3072_CNT 1
+#define RSA3072_VAL RSA_3072_SHA256,
+#else
+#define RSA3072_CNT 0
+#define RSA3072_VAL
+#endif
+
+
+#ifdef PSA_ADAC_RSA4096
+#define RSA4096_CNT 1
+#define RSA4096_VAL RSA_4096_SHA256,
+#else
+#define RSA4096_CNT 0
+#define RSA4096_VAL
+#endif
+
+#ifdef PSA_ADAC_ED25519
+#define ED25519_CNT 1
+#define ED25519_VAL ED_25519_SHA512,
+#else
+#define ED25519_CNT 0
+#define ED25519_VAL
+#endif
+
+#ifdef PSA_ADAC_ED448
+#define ED448_CNT 1
+#define ED448_VAL ED_448_SHAKE256,
+#else
+#define ED448_CNT 0
+#define ED448_VAL
+#endif
+
+#ifdef PSA_ADAC_SM2SM3
+#define SM2SM3_CNT 1
+#define SM2SM3_VAL SM_SM2_SM3,
+#else
+#define SM2SM3_CNT 0
+#define SM2SM3_VAL
+#endif
+
+#ifdef PSA_ADAC_HMAC
+#define HMAC_CNT 1
+#define HMAC_VAL CMAC_AES,
+#else
+#define HMAC_CNT 0
+#define HMAC_VAL
+#endif
+
+#ifdef PSA_ADAC_CMAC
+#define CMAC_CNT 1
+#define CMAC_VAL HMAC_SHA256,
+#else
+#define CMAC_CNT 0
+#define CMAC_VAL
+#endif
+
+#define CRYPTO_CNT EC_P256_CNT + EC_P521_CNT + RSA3072_CNT + RSA4096_CNT + \
+ ED25519_CNT + ED448_CNT + SM2SM3_CNT + HMAC_CNT + CMAC_CNT
+#define CRYPTO_VALS EC_P256_VAL EC_P521_VAL RSA3072_VAL RSA4096_VAL \
+ ED25519_VAL ED448_VAL SM2SM3_VAL HMAC_VAL CMAC_VAL
+
+uint8_t discovery_template[] = {
+ /* @+00 (12 bytes) psa_auth_version: 1.0 */
+ 0x00, 0x00, 0x01, 0x00, 0x02, 0x00, 0x00, 0x00,
+ 0x01, 0x00, 0x00, 0x00,
+ /* @+12 (12 bytes) vendor_id: {0x04, 0x3B} => 0x023B ("ARM Ltd.") */
+ 0x00, 0x00, 0x02, 0x00, 0x02, 0x00, 0x00, 0x00,
+ 0x04, 0x3B, 0x00, 0x00,
+ /* @+24 (12 bytes) soc_class: [0x00, 0x00, 0x00, 0x00] */
+ 0x00, 0x00, 0x03, 0x00, 0x04, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ /* @+36 (24 bytes) soc_id: [0x00] * 16 */
+ 0x00, 0x00, 0x04, 0x00, 0x10, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ /* @+60 (12 bytes) psa_lifecycle: PSA_LIFECYCLE_SECURED */
+ 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, 0x00, 0x00,
+ 0x00, 0x30, 0x00, 0x00,
+ /* @+72 (12 bytes) token_formats: [{0x00, 0x02} (token_psa_debug)] */
+ 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00,
+ 0x00, 0x02, 0x00, 0x00,
+ /* @+84 (12 bytes) cert_formats: [{0x01, 0x02} (cert_psa_debug)] */
+ 0x00, 0x00, 0x01, 0x01, 0x02, 0x00, 0x00, 0x00,
+ 0x01, 0x02, 0x00, 0x00,
+ /* @+96 (8 + X bytes) cryptosystems: [...] */
+ 0x00, 0x00, 0x02, 0x01, CRYPTO_CNT, 0x00, 0x00, 0x00, CRYPTO_VALS
+ /* Maximum padding */
+ 0x00, 0x00, 0x00
+};
+
+size_t discovery_template_len = sizeof(discovery_template) - (sizeof(discovery_template) % 4);
diff --git a/target/trusted-firmware-m/platform/arm/musca_b1/include/platform/msg_interface.h b/target/trusted-firmware-m/platform/arm/musca_b1/include/platform/msg_interface.h
new file mode 100644
index 0000000..57a1f32
--- /dev/null
+++ b/target/trusted-firmware-m/platform/arm/musca_b1/include/platform/msg_interface.h
@@ -0,0 +1,64 @@
+/*
+ * Copyright (c) 2020-2023 Arm Limited. All rights reserved.
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef __MSG_INTERFACE_H__
+#define __MSG_INTERFACE_H__
+
+#include "psa_adac.h"
+#include "platform/platform.h"
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+#if defined(PSA_ADAC_AUTHENTICATOR_IMPLICIT_TRANSPORT)
+
+int msg_interface_init(void *ctx, uint8_t buffer[], size_t size);
+int msg_interface_free(void *ctx);
+
+request_packet_t *request_packet_lock(size_t *max_data_size);
+response_packet_t *response_packet_lock(size_t *max_data_size);
+int response_packet_release(response_packet_t *packet);
+int request_packet_release(request_packet_t *packet);
+
+request_packet_t *request_packet_receive();
+response_packet_t *response_packet_build(uint16_t status, uint8_t *data, size_t data_size);
+int response_packet_send(response_packet_t *packet);
+
+#else
+
+#error "Explicit Transport API Currently not defined"
+
+/* This is a very early draft */
+
+typedef int (*msg_interface_init_t)(void *ctx, uint8_t buffer[], size_t size);
+typedef int (*msg_interface_free_t)(void *ctx);
+
+/* Target */
+typedef request_packet_t *(*request_packet_receive_t)(void *ctx);
+typedef int (*request_packet_release_t)(void *ctx, request_packet_t * packet);
+typedef response_packet_t *(*response_packet_lock_t)(void *ctx, size_t *max_data_size);
+typedef response_packet_t *(*response_packet_build_t)(void *ctx, uint16_t status, uint8_t *data, size_t data_size);
+typedef int (*response_packet_send_t)(void *ctx, response_packet_t *packet);
+
+typedef struct {
+ msg_interface_init_t msg_interface_init;
+ msg_interface_free_t msg_interface_free;
+ request_packet_receive_t request_packet_receive;
+ request_packet_release_t request_packet_release;
+ response_packet_lock_t response_packet_lock;
+ response_packet_build_t response_packet_build;
+ response_packet_send_t response_packet_send;
+ response_packet_release_t response_packet_release;
+} target_msg_interface_t;
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __MSG_INTERFACE_H__ */
diff --git a/target/trusted-firmware-m/platform/arm/musca_b1/include/platform/platform.h b/target/trusted-firmware-m/platform/arm/musca_b1/include/platform/platform.h
new file mode 100644
index 0000000..2883b63
--- /dev/null
+++ b/target/trusted-firmware-m/platform/arm/musca_b1/include/platform/platform.h
@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2023 Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef __PLATFORM_H__
+#define __PLATFORM_H__
+
+#include <stdint.h>
+#include <stddef.h>
+#include "psa_adac.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifdef PSA_ADAC_PLATFORM_CONFIG_FILE
+#include PSA_ADAC_PLATFORM_CONFIG_FILE
+#else
+#include "psa_adac_platform.h"
+#endif
+
+#ifndef PSA_ADAC_PLATFORM_BANNER
+#define PSA_ADAC_PLATFORM_BANNER "PSA ADAC "
+#endif
+
+void platform_init(void);
+adac_status_t psa_adac_change_life_cycle_state(uint8_t *input, size_t input_size);
+void psa_adac_platform_lock(void);
+int psa_adac_platform_check_token(uint8_t *token, size_t token_size);
+int psa_adac_platform_check_certificate(uint8_t *crt, size_t crt_size);
+void psa_adac_platform_init(void);
+int psa_adac_detect_debug_request(void);
+void psa_adac_acknowledge_debug_request(void);
+int psa_adac_apply_permissions(uint8_t permissions_mask[16]);
+
+/**
+ * \brief This function is called on response to the discovery command from the
+ * debug host. It returns information about the target and set of all
+ * response fragments format supported by the debug target.
+ *
+ * \param[out] reply Pointer to \p reply buffer.
+ * \param[in] reply_size Size of the \p reply buffer in bytes.
+ *
+ * \retval Returns size of actual populated reply buffer.
+ */
+size_t psa_adac_platform_discovery(uint8_t *reply, size_t reply_size);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __PLATFORM_H__ */
diff --git a/target/trusted-firmware-m/platform/arm/musca_b1/include/psa_adac_platform.h b/target/trusted-firmware-m/platform/arm/musca_b1/include/psa_adac_platform.h
new file mode 100644
index 0000000..009b291
--- /dev/null
+++ b/target/trusted-firmware-m/platform/arm/musca_b1/include/psa_adac_platform.h
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2020-2023 Arm Limited. All rights reserved.
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef __PSA_ADAC_PLATFORM_H__
+#define __PSA_ADAC_PLATFORM_H__
+
+#include "psa_adac_config.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define PSA_ADAC_PLATFORM_BANNER "PSA ADAC: Musca-B1 TF-M"
+#define LED_R 0x04 /* LED RED (PA2) */
+#define LED_G 0x08 /* LED GREEN (PA3) */
+#define LED_B 0x10 /* LED BLUE (PA4) */
+
+#define MUSCA_B1_SRAM_S_BASE (0x30000000UL) /*!< (Secure Internal SRAM) Base Address */
+#define MUSCA_B1_SRAM_S_SIZE (0x2000) /*!< (Secure Internal SRAM) Size = 8 KiB */
+#define SDM_MEMORY_WINDOW_BASE MUSCA_B1_SRAM_S_BASE
+#define SDM_MEMORY_WINDOW_SIZE MUSCA_B1_SRAM_S_SIZE
+#define PSA_ADAC_TRANSPORT_OWN_MEMORY
+#define PSA_ADAC_AUTHENTICATOR_IMPLICIT_TRANSPORT
+
+/*
+ * From tf-m to psa-adac.
+ * Call to this function will wait for host debugger to initiate the
+ * secure debug connection and will perform the secure debug authentication
+ * process.
+ */
+int tfm_to_psa_adac_musca_b1_secure_debug(uint8_t *secure_debug_rotpk, uint32_t len);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __PSA_ADAC_PLATFORM_H__ */
diff --git a/target/trusted-firmware-m/platform/arm/musca_b1/psa_adac_platform.c b/target/trusted-firmware-m/platform/arm/musca_b1/psa_adac_platform.c
new file mode 100644
index 0000000..71e3719
--- /dev/null
+++ b/target/trusted-firmware-m/platform/arm/musca_b1/psa_adac_platform.c
@@ -0,0 +1,127 @@
+/*
+ * Copyright (c) 2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "psa_adac_config.h"
+#include "psa_adac_debug.h"
+#include "psa_adac_sda.h"
+#include "platform/platform.h"
+#include "platform/msg_interface.h"
+#include <string.h>
+
+#define ROTPK_ANCHOR_ALG PSA_ALG_SHA_256
+
+extern uint8_t discovery_template[];
+extern size_t discovery_template_len;
+
+static uint8_t buffer[512];
+static uint8_t messages[512];
+static uint8_t *rotpk_anchors[1];
+static size_t rotpk_anchors_size[1];
+static uint8_t rotpk_anchors_type[] = {
+ ECDSA_P256_SHA256,
+};
+static size_t rotpk_anchors_length = sizeof(rotpk_anchors) / sizeof(uint8_t *);
+
+void psa_adac_platform_init(void)
+{
+ /* TODO: Code me */
+}
+
+size_t psa_adac_platform_discovery(uint8_t *reply, size_t reply_size)
+{
+ if (reply_size >= discovery_template_len) {
+ memcpy(reply, discovery_template, discovery_template_len);
+ return discovery_template_len;
+ }
+ return 0;
+}
+
+void psa_adac_platform_lock(void)
+{
+ /* TODO: Code me */
+}
+
+adac_status_t psa_adac_change_life_cycle_state(uint8_t *input, size_t input_size)
+{
+ /* TODO: Code me */
+ /* LCS change is platform specific and is NOT implemented */
+ /* Ignore return value and send UNSUPPORTED status for now */
+ return ADAC_UNSUPPORTED;
+}
+
+int psa_adac_platform_check_token(uint8_t *token, size_t token_size)
+{
+ /* TODO: Code me */
+ return 0;
+}
+
+int psa_adac_platform_check_certificate(uint8_t *crt, size_t crt_size)
+{
+ /* TODO: Code me */
+ return 0;
+}
+
+int psa_adac_apply_permissions(uint8_t permissions_mask[16])
+{
+ int ret = crypto_hw_apply_debug_permissions(permissions_mask);
+ if (ret) {
+ PSA_ADAC_LOG_ERR("platform", "psa_adac_to_tfm_apply_permissions "
+ "failed\r\n");
+ return ret;
+ }
+
+ PSA_ADAC_LOG_INFO("platform",
+ "\r\nPlatform unlocked for the secure debug %s\r\n");
+ return ret;
+}
+
+int tfm_to_psa_adac_musca_b1_secure_debug(uint8_t *secure_debug_roptpk, uint32_t len)
+{
+ authentication_context_t auth_ctx;
+ int ret = -1;
+
+ if (psa_adac_detect_debug_request()) {
+ PSA_ADAC_LOG_INFO("main", "%s:%d Connection establised\r\n",
+ __func__, __LINE__);
+
+ msg_interface_init(NULL, messages, sizeof(messages));
+
+ psa_adac_init();
+ psa_adac_acknowledge_debug_request();
+
+ rotpk_anchors[0] = secure_debug_roptpk;
+ rotpk_anchors_size[0] = len;
+ authentication_context_init(&auth_ctx, buffer, sizeof(buffer),
+ ROTPK_ANCHOR_ALG,
+ rotpk_anchors, rotpk_anchors_size,
+ rotpk_anchors_type,
+ rotpk_anchors_length);
+#ifndef PSA_ADAC_QUIET
+ PSA_ADAC_LOG_INFO("main", "Starting authentication.\r\n");
+#endif
+ authentication_handle(&auth_ctx);
+
+ PSA_ADAC_LOG_INFO("main", "\r\n\r\n\r\nAuthentication is a %s\r\n\r\n",
+ auth_ctx.state == AUTH_SUCCESS ? "success" : "failure");
+
+ if (auth_ctx.state == AUTH_SUCCESS) {
+ ret = 0;
+ }
+
+ msg_interface_free(NULL);
+ } else {
+ PSA_ADAC_LOG_INFO("main", "%s:%d No secure debug connection.\r\n",
+ __func__, __LINE__);
+ }
+
+ return ret;
+}
+
+void platform_init(void)
+{
+ /* TODO: Code me */
+}
diff --git a/template_hal_files/target_name.c b/template_hal_files/target_name.c
index 3c15010..74b401b 100644
--- a/template_hal_files/target_name.c
+++ b/template_hal_files/target_name.c
@@ -17,11 +17,13 @@
size_t psa_adac_platform_discovery(uint8_t *reply, size_t reply_size)
{
/* TODO: Code me */
+ return 0;
}
adac_status_t psa_adac_change_life_cycle_state(uint8_t *input, size_t input_size)
{
/* TODO: Code me */
+ return ADAC_UNSUPPORTED;
}
void psa_adac_platform_lock(void)
@@ -32,16 +34,19 @@
int psa_adac_platform_check_token(uint8_t *token, size_t token_size)
{
/* TODO: Code me */
+ return 0;
}
int psa_adac_platform_check_certificate(uint8_t *crt, size_t crt_size)
{
/* TODO: Code me */
+ return 0;
}
int psa_adac_apply_permissions(uint8_t permissions_mask[16])
{
/* TODO: Code me */
+ return 0;
}
void platform_init(void)
diff --git a/transport_layer/transports/memory_window.c b/transport_layer/transports/memory_window.c
new file mode 100644
index 0000000..07e1162
--- /dev/null
+++ b/transport_layer/transports/memory_window.c
@@ -0,0 +1,116 @@
+/*
+ * Copyright (c) 2020-2023 Arm Limited. All rights reserved.
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include "psa_adac_config.h"
+#include "psa_adac.h"
+#include "psa_adac_debug.h"
+#include "platform/platform.h"
+#include "platform/msg_interface.h"
+#include "static_buffer_msg.h"
+
+#include <stddef.h>
+#include <stdio.h>
+
+#ifndef PSA_ADAC_AUTHENTICATOR_IMPLICIT_TRANSPORT
+#error "Unsupported environment"
+#endif
+
+#if !(defined(SDM_MEMORY_WINDOW_BASE) && defined(SDM_MEMORY_WINDOW_SIZE))
+#error "Memory window not configured"
+#endif
+
+/*
+ gdbserver start
+ reset -h
+ w32 0x30000000 0xFF00FF00
+ w32 0x30000004 0x00FF00FF
+ w32 0x30000008 0xFF00FF00
+ w32 0x3000000C 0x00FF00FF
+ */
+
+enum {
+ HOST_DONE = 0x12121212,
+ TARGET_DONE = 0xEFEFEFEF
+};
+
+static volatile uint32_t *const sdm_memory_window_base = (uint32_t *) (SDM_MEMORY_WINDOW_BASE);
+
+int psa_adac_detect_debug_request(void)
+{
+ PSA_ADAC_LOG_DEBUG("memw", "Waiting for debug request\r\n");
+ while (!(sdm_memory_window_base[0] == 0xFF00FF00 &&
+ sdm_memory_window_base[1] == 0x00FF00FF &&
+ sdm_memory_window_base[2] == 0xFF00FF00 &&
+ sdm_memory_window_base[3] == 0x00FF00FF)) {
+ sleep_ms(100);
+ };
+ return 1;
+}
+
+void psa_adac_acknowledge_debug_request(void)
+{
+ PSA_ADAC_LOG_DEBUG("memw", "Acknowledging request\r\n");
+ sdm_memory_window_base[0] = 0x00FF00FF;
+ sdm_memory_window_base[1] = 0xFF00FF00;
+ sdm_memory_window_base[2] = 0x00FF00FF;
+ sdm_memory_window_base[3] = 0xFF00FF00;
+}
+
+int msg_interface_init(void *ctx, uint8_t buffer[], size_t buffer_size)
+{
+ if (buffer_size > SDM_MEMORY_WINDOW_SIZE - 16) {
+ return -1;
+ }
+ sdm_memory_window_base[1] = buffer_size;
+ return psa_adac_static_buffer_msg_init(
+ (uint8_t *) (SDM_MEMORY_WINDOW_BASE + 16), SDM_MEMORY_WINDOW_SIZE - 16);
+}
+
+int msg_interface_free(void *ctx)
+{
+ return psa_adac_static_buffer_msg_release();
+}
+
+
+int request_packet_send(request_packet_t *packet)
+{
+ if (packet != NULL) {
+ /* TODO: Copy */
+ }
+ sdm_memory_window_base[0] = HOST_DONE;
+ return 0;
+}
+
+request_packet_t *request_packet_receive(response_packet_t *packet)
+{
+ size_t max = 0;
+ request_packet_t *r = request_packet_lock(&max);
+
+ while (sdm_memory_window_base[0] != HOST_DONE) {
+ /* Loop */
+ }
+ /* TODO: Check size consistency (max vs r->data_count * 4) */
+ return r;
+}
+
+int response_packet_send(response_packet_t *packet)
+{
+ if (packet != NULL) {
+ /* TODO: Copy */
+ }
+ sdm_memory_window_base[0] = TARGET_DONE;
+ return 0;
+}
+
+response_packet_t *response_packet_receive(void)
+{
+ size_t max = 0;
+ response_packet_t *r = response_packet_lock(&max);
+ while (sdm_memory_window_base[0] != TARGET_DONE) {
+ /* Loop */
+ }
+ /* TODO: Check size consistency (max vs r->data_count * 4) */
+ return r;
+}
diff --git a/transport_layer/transports/sdc-600/sdc-600.c b/transport_layer/transports/sdc-600/sdc-600.c
index 781d499..5d14dcf 100644
--- a/transport_layer/transports/sdc-600/sdc-600.c
+++ b/transport_layer/transports/sdc-600/sdc-600.c
@@ -32,15 +32,15 @@
switch (r) {
case ICPD_SUCCESS:
rc = 1;
- PSA_ADAC_LOG_INFO("sdc-600", "IComPortInit: Success\n");
+ PSA_ADAC_LOG_INFO("sdc-600", "IComPortInit: Success\r\n");
break;
case ICPD_DEBUGGER_NOT_CONNECTED:
- PSA_ADAC_LOG_INFO("sdc-600", "IComPortInit: Debugger not connected\n");
+ PSA_ADAC_LOG_INFO("sdc-600", "IComPortInit: Debugger not connected\r\n");
break;
case ICPD_FAIL:
- PSA_ADAC_LOG_INFO("sdc-600", "IComPortInit: Failure\n");
+ PSA_ADAC_LOG_INFO("sdc-600", "IComPortInit: Failure\r\n");
}
return rc;