Basic handling of TAMPC #163
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This reverts commit 5d32c3e. Signed-off-by: Jimmy Brisson <[email protected]>
This reverts commit c813480. Signed-off-by: Jimmy Brisson <[email protected]>
This reverts commit 756ee21. Signed-off-by: Jimmy Brisson <[email protected]>
… interrupts" This reverts commit 783e228. Signed-off-by: Jimmy Brisson <[email protected]>
…ctivity" This reverts commit 7106adb. Signed-off-by: Jimmy Brisson <[email protected]>
…ructs" This reverts commit ac6de68. Signed-off-by: Jimmy Brisson <[email protected]>
…pheral" This reverts commit b362d2d. Signed-off-by: Jimmy Brisson <[email protected]>
…sabled" This reverts commit 0febe1e. Signed-off-by: Jimmy Brisson <[email protected]>
This reverts commit 54c0446. Signed-off-by: Jimmy Brisson <[email protected]>
This reverts commit f87a0a9. Signed-off-by: Jimmy Brisson <[email protected]>
This reverts commit a1ab8df. Signed-off-by: Jimmy Brisson <[email protected]>
This reverts commit a81a322. Signed-off-by: Jimmy Brisson <[email protected]>
Trusted Firmware-M v1.6.0
This file is modified from upstream to directly include the version. We have decided to do it manually so that it is easier to test a PR, as we won't have to have a tag for that PR. Further, this message might create a merge conflict which would inform future version updaters to correct the version in this file. Signed-off-by: Jimmy Brisson <[email protected]>
This reverts commit a04206a.
Update to TFM 1.6.0
Add the non-secure API IOCTL functions for the nordic platform to the set of source files exported in the install folder. In the case where this is built by an external build system instead of the platform_ns library then this source file needs to be included in the non-secure application and its build system. Change-Id: Icd0312bdc3e583f5eb32cde589e2bc3c9a67ffdc Signed-off-by: Joakim Andersson <[email protected]>
…install Add the non-secure API IOCTL functions for the Laird Connectivity platform to the set of source files exported in the install folder. In the case where this is built by an external build system instead of the platform_ns library then this source file needs to be included in the non-secure application and its build system. Change-Id: I53dfdf48446270f2079d0f710125e9a68db577f7 Signed-off-by: Joakim Andersson <[email protected]>
Make the last target_sources(tfm_ns...) conditional to NS=TRUE. The current setup is causing bulid issues for musca_s1 since: c51505f661 modules: tfm: Exclude non-secure TF-M application from build Fails with: CMake Error at platform/ext/target/arm/musca_s1/CMakeLists.txt:179: Cannot specify sources for target "tfm_ns" which is not built by this project. NOTE: Temporary fix for zephyr fork of trusted-firmware-m, this commit is not needed in upstream TF-M. This commit should be reverted in the next upmerge. Signed-off-by: Fabio Baltieri <[email protected]>
Add the psa_call_pack and psa_interface_svc to the unprivilleged part of the image. When isolation level >1 is used the PSA application RoT partitions (such as PS) run in unprivilleged mode and they need to be able to access these functions when accessing any other RoT services (such as ITS). Signed-off-by: Georgios Vasilakis <[email protected]> Change-Id: Id82e8fadd1822930162b7bb8b1f434891c5f20d2 (cherry picked from commit 5fd79dc)
This forces DWARF version 4 output so that zephyr debugging and usage still works with the pyelftools library which does not currently support v5. Signed-off-by: Jamie McCrae <[email protected]>
…alls Currently S calls are able to return PSA_ERROR_PROGRAMMER_ERROR for malformed packet parameters, but NS calls will just stay in the error handler causing a halt or reboot of device, i.e. this is a very easy Denial-Of-Service attack. Make sure that the SPM return the error code to NS in this case without halting the whole device. This patch will not be sent upstream since the library model is being deprecated and fixes are no longer accepted. Signed-off-by: Antonio de Angelis <[email protected]> Change-Id: I557ce35ccce0354421ccd9b2140684a1d833bf0e Signed-off-by: Joakim Andersson <[email protected]>
Use nrfx to define IRQ instead of nRF MDK IRQn definitions. This makes the code more future proof for for future releases of the hal_nordic repository. Change-Id: Ib059a9266aca3098753e8d24335fc3d9edf56a36 Signed-off-by: Joakim Andersson <[email protected]>
Fix interrupt support for serial box 0 on nrf5340 SoC. Mispelled variable name caused compilation error. Change-Id: Idaea5c7eb797c1b9338cfc49e997ac2b8af978c2 Signed-off-by: Joakim Andersson <[email protected]>
mbedTLS upstream code contains a warning about const
variable set but unused. Just ignore it to avoid Zephyr
tests to fail.
zephyr/modules/crypto/mbedtls/library/aes.c:307:23: warning:
'RT0' defined but not used [-Wunused-const-variable=]
307 | static const uint32_t RT0[256] = { RT };
| ^~~
zephyr/modules/crypto/mbedtls/library/aes.c:200:28: warning:
'RSb' defined but not used [-Wunused-const-variable=]
200 | static const unsigned char RSb[256] =
Fixes #51025 (on Zephyr)
Signed-off-by: Flavio Ceolin <[email protected]>
This reverts commit 887798f.
When using TF-M with upstream MbedTLS, the upstream project generates a warning about const variables being set but not unused. This warning causes CI to fail in some downstream consumers of TF-M (Zephyr in this case). Add `-Wno-unused-const-variable` avoids this warning. Author: Flavio Ceolin <[email protected]> Signed-off-by: Kevin Townsend <[email protected]> Change-Id: I106d0d8598a6d075e3824202038fc37e0c5a9861 (cherry picked from commit 21266a0) Signed-off-by: Joakim Andersson <[email protected]>
This reverts commit 13abde2. Signed-off-by: Joakim Andersson <[email protected]>
…on nrf53" This reverts commit cf34a76. Signed-off-by: Joakim Andersson <[email protected]>
…DK IRQn" This reverts commit 36de288. Signed-off-by: Joakim Andersson <[email protected]>
!fixup [nrf noup] platform: nordic_nrf: Add support for 54l Add an PSA/Cracen implementation for ITS encryption. Ref: NCSDK-26678 Signed-off-by: Markus Swarowsky <[email protected]> diff --git a/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt b/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt index 43c7b76..19e2aee 100644 Signed-off-by: Markus Swarowsky <[email protected]> --- a/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt +++ b/platform/ext/target/nordic_nrf/common/core/CMakeLists.txt @@ -26,8 +26,10 @@ if((NRF_SOC_VARIANT STREQUAL nrf54l15) OR (target STREQUAL nrf54l15)) # Maybe we only need to check one of these options but these # variables keep changing so we check both to be future proof set(HAS_RRAMC 1) + set(HAS_CRACEN 1) else() set(HAS_NVMC 1) + set(HAS_CRACEN 0) endif() #========================= Platform dependencies ===============================# @@ -99,7 +101,8 @@ target_sources(platform_s $<$<BOOL:${TFM_EXCEPTION_INFO_DUMP}>:${CMAKE_CURRENT_SOURCE_DIR}/nrf_exception_info.c> $<$<OR:$<BOOL:${TFM_S_REG_TEST}>,$<BOOL:${TFM_NS_REG_TEST}>>:${CMAKE_CURRENT_SOURCE_DIR}/plat_test.c> $<$<BOOL:${TEST_PSA_API}>:${CMAKE_CURRENT_SOURCE_DIR}/pal_plat_test.c> - $<$<BOOL:${ITS_ENCRYPTION}>:${CMAKE_CURRENT_SOURCE_DIR}/tfm_hal_its_encryption.c> + $<$<AND:$<BOOL:${ITS_ENCRYPTION}>,$<NOT:${HAS_CRACEN}>>:${CMAKE_CURRENT_SOURCE_DIR}/tfm_hal_its_encryption.c> + $<$<AND:$<BOOL:${ITS_ENCRYPTION}>,$<BOOL:${HAS_CRACEN}>>:${CMAKE_CURRENT_SOURCE_DIR}/tfm_hal_its_encryption_cracen.c> ) if (NRF_HW_INIT_RESET_ON_BOOT) diff --git a/platform/ext/target/nordic_nrf/common/core/tfm_hal_its_encryption_cracen.c b/platform/ext/target/nordic_nrf/common/core/tfm_hal_its_encryption_cracen.c new file mode 100644 index 000000000..bbcbb97 --- /dev/null +++ b/platform/ext/target/nordic_nrf/common/core/tfm_hal_its_encryption_cracen.c @@ -0,0 +1,273 @@ +/* + * Copyright (c) 2023 Nordic Semiconductor ASA. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <stdint.h> +#include <string.h> + +#include "config_tfm.h" +#include "platform/include/tfm_hal_its_encryption.h" +#include "platform/include/tfm_hal_its.h" +#include "psa/crypto.h" +#include "tfm_crypto_defs.h" + +#define CHACHA20_KEY_SIZE 32 +#define TFM_ITS_AEAD_ALG PSA_ALG_CHACHA20_POLY1305 + +#define ITS_ENCRYPTION_SUCCESS 0 + +#define HUK_KMU_SLOT 2 +#define HUK_KMU_SIZE_BITS 128 + +/* Global encryption counter which resets per boot. The counter ensures that + * the nonce will not be identical for consecutive file writes during the same + * boot. + */ +static uint32_t g_enc_counter; + +/* The global nonce seed which is fetched once in every boot. The seed is used + * as part of the nonce and allows the platforms to diversify their nonces + * across resets. Note that the way that this seed is generated is platform + * specific, so the diversification is optional. + */ +static uint8_t g_enc_nonce_seed[TFM_ITS_ENC_NONCE_LENGTH - + sizeof(g_enc_counter)]; + +/* TFM_ITS_ENC_NONCE_LENGTH is configurable but this implementation expects + * the seed to be 8 bytes and the nonce length to be 12. + */ +#if TFM_ITS_ENC_NONCE_LENGTH != 12 +#error "This implementation only supports a ITS nonce of size 12" +#endif + +/* + * This implementation doesn't use monotonic counters, but therfore a 64 bit + * seed combined with a counter, that gets reset on each reboot. + * This still has the risk of getting a collision on the seed resulting in + * nonce's beeing the same after a reboot. + * It would still need 3.3x10^9 resets to get a collision with a probability of + * 0.25. + */ +enum tfm_hal_status_t tfm_hal_its_aead_generate_nonce(uint8_t *nonce, + const size_t nonce_size) +{ + if(nonce == NULL){ + return TFM_HAL_ERROR_INVALID_INPUT; + } + + if(nonce_size < sizeof(g_enc_nonce_seed) + sizeof(g_enc_counter)){ + return TFM_HAL_ERROR_INVALID_INPUT; + } + + /* To avoid wrap-around of the g_enc_counter and subsequent re-use of the + * nonce we check the counter value for its max value + */ + if(g_enc_counter == UINT32_MAX) { + return TFM_HAL_ERROR_GENERIC; + } + + /* psa_generate_random is not using any key/its functions wo we can use it here*/ + if (g_enc_counter == 0) { + psa_status_t status = psa_generate_random(g_enc_nonce_seed, sizeof(g_enc_nonce_seed)); + if (status != PSA_SUCCESS) { + return TFM_HAL_ERROR_GENERIC; + } + } + + memcpy(nonce, g_enc_nonce_seed, sizeof(g_enc_nonce_seed)); + memcpy(nonce + sizeof(g_enc_nonce_seed), + &g_enc_counter, + sizeof(g_enc_counter)); + + g_enc_counter++; + + return TFM_HAL_SUCCESS; +} + +static bool ctx_is_valid(struct tfm_hal_its_auth_crypt_ctx *ctx) +{ + bool ret; + + if (ctx == NULL) { + return false; + } + + ret = (ctx->deriv_label == NULL && ctx->deriv_label_size != 0) || + (ctx->aad == NULL && ctx->add_size != 0) || + (ctx->nonce == NULL && ctx->nonce_size != 0); + + return !ret; +} + +/* + * The cracen driver code doesn't use any persistent keys so no calls to its + * therefore the PSA API's can be used directly. + */ +psa_status_t tfm_hal_its_get_aead(struct tfm_hal_its_auth_crypt_ctx *ctx, + uint8_t *plaintext, + const size_t plaintext_size, + uint8_t *ciphertext, + const size_t ciphertext_size, + uint8_t *tag, + const size_t tag_size, + bool encrypt) +{ + psa_status_t status; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_derivation_operation_t op = PSA_KEY_DERIVATION_OPERATION_INIT; + psa_key_id_t key; + size_t ciphertext_length; + size_t tag_length = PSA_AEAD_TAG_LENGTH(PSA_KEY_TYPE_CHACHA20, + PSA_BYTES_TO_BITS(CHACHA20_KEY_SIZE), + TFM_ITS_AEAD_ALG); + + if (!ctx_is_valid(ctx) || tag == NULL) { + return TFM_HAL_ERROR_INVALID_INPUT; + } + + if(tag_size < tag_length){ + return TFM_HAL_ERROR_INVALID_INPUT; + } + + if (ciphertext_size < PSA_AEAD_ENCRYPT_OUTPUT_SIZE(PSA_KEY_TYPE_CHACHA20, + TFM_ITS_AEAD_ALG, + plaintext_size)){ + return TFM_HAL_ERROR_INVALID_INPUT; + } + + /* Set the key attributes for the key */ + psa_set_key_usage_flags(&attributes, (PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT)); + psa_set_key_algorithm(&attributes, TFM_ITS_AEAD_ALG); + psa_set_key_type(&attributes, PSA_KEY_TYPE_CHACHA20); + psa_set_key_bits(&attributes, PSA_BYTES_TO_BITS(CHACHA20_KEY_SIZE)); + + status = psa_key_derivation_setup(&op, PSA_ALG_SP800_108_COUNTER_CMAC); + if (status != PSA_SUCCESS) { + return status; + } + + /* Set up a key derivation operation with HUK */ + status = psa_key_derivation_input_key(&op, PSA_KEY_DERIVATION_INPUT_SECRET, + TFM_BUILTIN_KEY_ID_HUK); + if (status != PSA_SUCCESS) { + goto err_release_op; + } + + /* Supply the PS key label as an input to the key derivation */ + status = psa_key_derivation_input_bytes(&op, PSA_KEY_DERIVATION_INPUT_LABEL, + ctx->deriv_label, + ctx->deriv_label_size); + if (status != PSA_SUCCESS) { + goto err_release_op; + } + + /* Create the storage key from the key derivation operation */ + status = psa_key_derivation_output_key(&attributes, &op, &key); + if (status != PSA_SUCCESS) { + goto err_release_op; + } + + /* Free resources associated with the key derivation operation */ + status = psa_key_derivation_abort(&op); + if (status != PSA_SUCCESS) { + goto err_release_key; + } + + if (encrypt) { + status = psa_aead_encrypt(key, + TFM_ITS_AEAD_ALG, + ctx->nonce, + ctx->nonce_size, + ctx->aad, + ctx->add_size, + plaintext, + plaintext_size, + ciphertext, + ciphertext_size, + &ciphertext_length); + } else { + status = psa_aead_decrypt(key, + TFM_ITS_AEAD_ALG, + ctx->nonce, + ctx->nonce_size, + ctx->aad, + ctx->add_size, + ciphertext, + ciphertext_size, + plaintext, + plaintext_size, + &ciphertext_length); + } + if(status != PSA_SUCCESS){ + goto err_release_key; + } + + /* copy tag from ciphertext buffer to tag buffer */ + memcpy(tag, ciphertext + ciphertext_length - tag_length, tag_length); + +err_release_key: + (void)psa_destroy_key(key); + + return status; + +err_release_op: + (void)psa_key_derivation_abort(&op); + + return PSA_ERROR_GENERIC_ERROR; +} + +enum tfm_hal_status_t tfm_hal_its_aead_encrypt(struct tfm_hal_its_auth_crypt_ctx *ctx, + const uint8_t *plaintext, + const size_t plaintext_size, + uint8_t *ciphertext, + const size_t ciphertext_size, + uint8_t *tag, + const size_t tag_size) +{ + psa_status_t status = tfm_hal_its_get_aead(ctx, + plaintext, + plaintext_size, + ciphertext, + ciphertext_size, + tag, + tag_size, + true); + if (status != PSA_SUCCESS) { + return TFM_HAL_ERROR_GENERIC; + } + + return TFM_HAL_SUCCESS; +} + +enum tfm_hal_status_t tfm_hal_its_aead_decrypt(struct tfm_hal_its_auth_crypt_ctx *ctx, + const uint8_t *ciphertext, + const size_t ciphertext_size, + uint8_t *tag, + const size_t tag_size, + uint8_t *plaintext, + const size_t plaintext_size) +{ + psa_status_t status = tfm_hal_its_get_aead(ctx, + ciphertext, + ciphertext_size, + plaintext, + plaintext_size, + tag, + tag_size, + false); + + return TFM_HAL_SUCCESS; +} +
fixup! [nrf noup] platform: nordic_nrf: Add support for 54l This allows select which UART instance is used for TF-M Ref: NCSDK-25009 Signed-off-by: Markus Swarowsky <[email protected]> diff --git a/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_USART.c b/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_USART.c index d69a84f..f2ffaf1 100644 Signed-off-by: Markus Swarowsky <[email protected]> --- a/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_USART.c +++ b/platform/ext/target/nordic_nrf/common/core/cmsis_drivers/Driver_USART.c @@ -40,7 +40,8 @@ #define ARM_USART_DRV_VERSION ARM_DRIVER_VERSION_MAJOR_MINOR(2, 2) -#if RTE_USART0 || RTE_USART1 || RTE_USART2 || RTE_USART3 || RTE_USART20 || RTE_USART30 +#if RTE_USART0 || RTE_USART1 || RTE_USART2 || RTE_USART3 || \ + RTE_UART00 || RTE_USART20 || RTE_UART21 || RTE_UART22 || RTE_USART30 #define PSEL_DISCONNECTED 0xFFFFFFFFUL @@ -439,11 +440,22 @@ DRIVER_USART(2); DRIVER_USART(3); #endif -// TODO: NCSDK-25009: Support choosing an instance for TF-M +#if RTE_USART00 +DRIVER_USART(00); +#endif + #if RTE_USART20 DRIVER_USART(20); #endif +#if RTE_USART21 +DRIVER_USART(21); +#endif + +#if RTE_USART22 +DRIVER_USART(22); +#endif + #if RTE_USART30 DRIVER_USART(30); #endif diff --git a/platform/ext/target/nordic_nrf/common/core/nrfx_config.h b/platform/ext/target/nordic_nrf/common/core/nrfx_config.h index 1bbe75f..f76e49c 100644 --- a/platform/ext/target/nordic_nrf/common/core/nrfx_config.h +++ b/platform/ext/target/nordic_nrf/common/core/nrfx_config.h @@ -48,7 +48,8 @@ #endif /* RTE_FLASH0 */ -#if RTE_USART0 || RTE_USART1 || RTE_USART2 || RTE_USART3 || RTE_USART20 || RTE_USART30 +#if RTE_USART0 || RTE_USART1 || RTE_USART2 || RTE_USART3 || \ + RTE_USART00 || RTE_USART20 || RTE_USART21 || RTE_USART22 || RTE_USART30 #define NRFX_UARTE_ENABLED 1 #endif #if RTE_USART0 @@ -64,10 +65,19 @@ #define NRFX_UARTE3_ENABLED 1 #endif -// TODO: NCSDK-25009: Moonlight: Make it possible to use different UARTS with TF-M +/* 54L15 has different UART instances */ +#if RTE_USART00 +#define NRFX_UARTE00_ENABLED 1 +#endif #if RTE_USART20 #define NRFX_UARTE20_ENABLED 1 #endif +#if RTE_USART21 +#define NRFX_UARTE21_ENABLED 1 +#endif +#if RTE_USART22 +#define NRFX_UARTE22_ENABLED 1 +#endif #if RTE_USART30 #define NRFX_UARTE30_ENABLED 1 #endif diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.c b/platform/ext/target/nordic_nrf/common/core/target_cfg.c index f4b8c53..fa1a8ed 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.c +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.c @@ -44,6 +44,11 @@ #endif +#define SPU_ADDRESS_REGION (0x50000000) +#define GET_SPU_SLAVE_INDEX(periph) ((periph.periph_start & 0x0003F000) >> 12) +#define GET_SPU_INSTANCE(periph) ((NRF_SPU_Type*)(SPU_ADDRESS_REGION | (periph.periph_start & 0x00FC0000))) + + #ifdef CACHE_PRESENT #include <hal/nrf_cache.h> #endif @@ -263,6 +268,34 @@ struct platform_data_t tfm_peripheral_uarte3 = { }; #endif +#if TFM_PERIPHERAL_UARTE00_SECURE +struct platform_data_t tfm_peripheral_uarte00 = { + NRF_UARTE00_S_BASE, + NRF_UARTE00_S_BASE + (sizeof(NRF_UARTE_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_UARTE20_SECURE +struct platform_data_t tfm_peripheral_uarte20 = { + NRF_UARTE20_S_BASE, + NRF_UARTE20_S_BASE + (sizeof(NRF_UARTE_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_UARTE21_SECURE +struct platform_data_t tfm_peripheral_uarte21 = { + NRF_UARTE21_S_BASE, + NRF_UARTE21_S_BASE + (sizeof(NRF_UARTE_Type) - 1), +}; +#endif + +#if TFM_PERIPHERAL_UARTE22_SECURE +struct platform_data_t tfm_peripheral_uarte22 = { + NRF_UARTE22_S_BASE, + NRF_UARTE22_S_BASE + (sizeof(NRF_UARTE_Type) - 1), +}; +#endif + #if TFM_PERIPHERAL_UARTE30_SECURE struct platform_data_t tfm_peripheral_uarte30 = { NRF_UARTE30_S_BASE, @@ -1051,8 +1084,7 @@ enum tfm_plat_err_t spu_periph_init_cfg(void) } } - /* TODO: NCSDK-22597: Configure UART30 pins as secure */ - + /* TODO: NCSDK-22597: Make peripherals configurable */ for(uint8_t index = 0; index < ARRAY_SIZE(spu_instance->PERIPH); index++) { if(!nrf_spu_periph_perm_present_get(spu_instance, index)) { /* Peripheral is not present, nothing to configure */ @@ -1072,16 +1104,34 @@ enum tfm_plat_err_t spu_periph_init_cfg(void) } /* Note that we don't configure dmasec because it has no effect when secattr is non-secure */ - - /* nrf_spu_periph_perm_lock_enable TODO: NCSDK-25009: Lock it down without breaking TF-M UART */ } } - /* Configure TF-M's UART30 peripheral to be secure with secure DMA */ + /* Configure TF-M's UART peripheral to be secure with secure DMA */ +#if NRF_SECURE_UART_INSTANCE == 00 + uint32_t UART_SPU_SLAVE_INDEX = GET_SPU_SLAVE_INDEX(tfm_peripheral_uarte00); + NRF_SPU_Type * p_spu_instance = GET_SPU_INSTANCE(tfm_peripheral_uarte00); +#endif +#if NRF_SECURE_UART_INSTANCE == 20 + uint32_t UART_SPU_SLAVE_INDEX = GET_SPU_SLAVE_INDEX(tfm_peripheral_uarte20); + NRF_SPU_Type * p_spu_instance = GET_SPU_INSTANCE(tfm_peripheral_uarte20); +#endif +#if NRF_SECURE_UART_INSTANCE == 21 + uint32_t UART_SPU_SLAVE_INDEX = GET_SPU_SLAVE_INDEX(tfm_peripheral_uarte21); + NRF_SPU_Type * p_spu_instance = GET_SPU_INSTANCE(tfm_peripheral_uarte21); +#endif +#if NRF_SECURE_UART_INSTANCE == 22 + uint32_t UART_SPU_SLAVE_INDEX = GET_SPU_SLAVE_INDEX(tfm_peripheral_uarte22); + NRF_SPU_Type * p_spu_instance = GET_SPU_INSTANCE(tfm_peripheral_uarte22); +#endif +#if NRF_SECURE_UART_INSTANCE == 30 + uint32_t UART_SPU_SLAVE_INDEX = GET_SPU_SLAVE_INDEX(tfm_peripheral_uarte30); + NRF_SPU_Type * p_spu_instance = GET_SPU_INSTANCE(tfm_peripheral_uarte30); +#endif bool enable = true; /* true means secure */ - uint32_t UART30_SLAVE_INDEX = (NRF_UARTE30_S_BASE & 0x0003F000) >> 12; - nrf_spu_periph_perm_secattr_set(NRF_SPU30, UART30_SLAVE_INDEX, enable); - nrf_spu_periph_perm_dmasec_set(NRF_SPU30, UART30_SLAVE_INDEX, enable); + nrf_spu_periph_perm_secattr_set(p_spu_instance, UART_SPU_SLAVE_INDEX, enable); + nrf_spu_periph_perm_dmasec_set(p_spu_instance, UART_SPU_SLAVE_INDEX, enable); + nrf_spu_periph_perm_lock_enable(p_spu_instance,UART_SPU_SLAVE_INDEX); #else static const uint8_t target_peripherals[] = { @@ -1114,9 +1164,13 @@ static const uint8_t target_peripherals[] = { /* When UART0 is a secure peripheral we need to leave Serial-Box 0 as Secure. * The UART Driver will configure it as non-secure when it uninitializes. */ +#if defined(NRF54L15_ENGA_XXAA) + NRFX_PERIPHERAL_ID_GET(NRF_SPIM00), +#else #if !(defined(SECURE_UART1) && NRF_SECURE_UART_INSTANCE == 0) NRFX_PERIPHERAL_ID_GET(NRF_SPIM0), -#endif +#endif /* !(defined(SECURE_UART1) && NRF_SECURE_UART_INSTANCE == 0) */ +#endif /* NRF54L15_ENGA_XXAA */ /* When UART1 is a secure peripheral we need to leave Serial-Box 1 as Secure */ #if !(defined(SECURE_UART1) && NRF_SECURE_UART_INSTANCE == 1) @@ -1124,9 +1178,19 @@ static const uint8_t target_peripherals[] = { #endif NRFX_PERIPHERAL_ID_GET(NRF_SPIM2), NRFX_PERIPHERAL_ID_GET(NRF_SPIM3), - /* When UART30 is a secure peripheral we need to leave Serial-Box 30 as Secure */ -#if !(defined(SECURE_UART1) && NRF_SECURE_UART_INSTANCE == 30) - // TODO: NCSDK-25009: spu_peripheral_config_non_secure((uint32_t)NRF_SPIM30, false); + +/* For Moonlight if a UART instance is selected to be the secure instance leave it as secure */ +#if NRF_SECURE_UART_INSTANCE == 20 + NRFX_PERIPHERAL_ID_GET(NRF_SPIM20), +#endif +#if NRF_SECURE_UART_INSTANCE == 21 + NRFX_PERIPHERAL_ID_GET(NRF_SPIM21), +#endif +#if NRF_SECURE_UART_INSTANCE == 22 + NRFX_PERIPHERAL_ID_GET(NRF_SPIM22), +#endif +#if NRF_SECURE_UART_INSTANCE == 30 + NRFX_PERIPHERAL_ID_GET(NRF_SPIM30), #endif #ifdef NRF_SPIM4 diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.h b/platform/ext/target/nordic_nrf/common/core/target_cfg.h index e430737..afa0f67 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.h +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.h @@ -35,22 +35,22 @@ #include "tfm_plat_defs.h" #include "region_defs.h" -// TODO: NCSDK-25009: Support configuring which UART is used by TF-M on nrf54L - #if NRF_SECURE_UART_INSTANCE == 0 #define TFM_DRIVER_STDIO Driver_USART0 #elif NRF_SECURE_UART_INSTANCE == 1 #define TFM_DRIVER_STDIO Driver_USART1 +#elif NRF_SECURE_UART_INSTANCE == 00 +#define TFM_DRIVER_STDIO Driver_USART00 +#elif NRF_SECURE_UART_INSTANCE == 20 +#define TFM_DRIVER_STDIO Driver_USART20 +#elif NRF_SECURE_UART_INSTANCE == 21 +#define TFM_DRIVER_STDIO Driver_USART21 +#elif NRF_SECURE_UART_INSTANCE == 22 +#define TFM_DRIVER_STDIO Driver_USART22 #elif NRF_SECURE_UART_INSTANCE == 30 #define TFM_DRIVER_STDIO Driver_USART30 #endif -#ifdef NRF54L15_ENGA_XXAA -#define NS_DRIVER_STDIO Driver_USART20 -#else -#define NS_DRIVER_STDIO Driver_USART0 -#endif - /** * \brief Store the addresses of memory regions */
fixup! [nrf noup] platform: nordic_nrf: Add support for 54l Improve MPC configuration documentation. Signed-off-by: Sebastian Bøe <[email protected]> Change-Id: I191ca14ba8a6880217cc740a77ea2806af1e0d61 Signed-off-by: Markus Swarowsky <[email protected]> diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.c b/platform/ext/target/nordic_nrf/common/core/target_cfg.c index fa1a8ed..6692925 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.c +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.c @@ -963,10 +963,30 @@ enum tfm_plat_err_t nrf_mpc_init_cfg(void) /* On 54l the NRF_MPC00->REGION[]'s are fixed in HW and the * OVERRIDE indexes (that are useful to us) start at 0 and end * (inclusive) at 4. + * + * Note that the MPC regions configure all volatile and non-volatile memory as secure, so we only + * need to explicitly OVERRIDE the non-secure addresses to permit non-secure access. + * + * Explicitly configuring memory as secure is not necessary. + * + * The last OVERRIDE in 54L is fixed in HW and exists to prevent + * other bus masters than the KMU from accessing CRACEN protected RAM. + * + * Note that we must take care not to configure an OVERRIDE that + * affects an active bus transaction. + * + * Note that we don't configure the NSC region to be NS because + * from the MPC's perspective it is secure. NSC is only configurable from the SAU. + * + * Note that OVERRIDE[n].MASTERPORT has a reasonable reset value + * so it is left unconfigured. + * + * Note that there are two owners in 54L. KMU with owner ID 1, and everything else with owner ID 0. */ - uint32_t index = 0; - /* Configure the non-secure partition of the non-volatile + uint32_t index = 0; + /* + * Configure the non-secure partition of the non-volatile * memory. This MPC region is intended to cover both the * non-secure partition in the NVM and also the FICR. The FICR * starts after the NVM and ends just before the UICR. @@ -1001,13 +1021,8 @@ enum tfm_plat_err_t nrf_mpc_init_cfg(void) tfm_core_panic(); } - /* TODO: NCSDK-25050: Review configuration. Any other addresses we need to override? */ - /* Note that we don't configure the NSC region to be NS because it is secure */ - /* Note that OVERRIDE[n].MASTERPORT has a reasonable reset value - * so it is left unconfigured. - */ return TFM_PLAT_ERR_SUCCESS; }
fixup! [nrf noup] platform: nordic_nrf: Add support for 54l Lock and disable any unused MPC overrides to prevent malicious configuration. Signed-off-by: Sebastian Bøe <[email protected]> Change-Id: I1956f113012d6b67100d814a52d7ce1490663953
fixup! [nrf noup] platform: nordic_nrf: Add support for 54l Adds handling of MPC and SPC errors. Signed-off-by: Vidar Lillebø <[email protected]>
…e base addr Refactor spu_peripheral_config to use base addresses instead of IDs as future platforms will need the base address to identify which spu instance to use. Signed-off-by: Sebastian Bøe <[email protected]> Change-Id: Ife60d1e76adffeb62f5ad32e0a85da8cfa467203
…resses fixup! [nrf noup] platform: nordic_nrf: Add support for 54l Refactor spu_peripheral_config to use base addresses instead of IDs as future platforms will need the base address to identify which spu instance to use. Signed-off-by: Sebastian Bøe <[email protected]> Change-Id: Ife60d1e76adffeb62f5ad32e0a85da8cfa467203
…tances Add driver function. Signed-off-by: Sebastian Bøe <[email protected]> Change-Id: Ib1e442a54d599c4e42e74903d49920f24e9d8ec9
Port spu_peripheral_config to also support the new API. Signed-off-by: Sebastian Bøe <[email protected]> Change-Id: I1763874ce74ad39cbf0ef256ef8edc669038d226
fixup! [nrf noup] platform: nordic_nrf: Add support for 54l Configure pins as secure on 54L. Signed-off-by: Sebastian Bøe <[email protected]> Change-Id: Id50ef81807c5109c01ed6405376f3cfa882c66e0
fixup! [nrf noup] platform: nordic_nrf: Add support for 54l Delete dead code in target_cfg.c. It is redundant with the memset. Signed-off-by: Sebastian Bøe <[email protected]> Change-Id: I96ffb4002d70a08c827d47fe87ae938b57731f0c
fixup! [nrf noup] platform: nordic_nrf: Add support for 54l Refactor UART security configuration to use spu_peripheral_config_secure. Signed-off-by: Sebastian Bøe <[email protected]> Change-Id: I00d21c4401fa7c67d51eaf14804c992262c73710
fixup! [nrf noup] platform: nordic_nrf: Add support for 54l Configure misc. peripherals as Secure. See the code for which peripherals and why. Signed-off-by: Sebastian Bøe <[email protected]> Change-Id: I3cf4f42d5d3bc0aa4dc266e0c1d8035ad69372a1
fixup! [nrf noup] platform: nordic_nrf: Add support for 54l Due to dependencies problems between the ITS and crypto partitions refactoring the ITS encryption interface to use the HUK library and the cracen driver directly. Signed-off-by: Markus Swarowsky <[email protected]>
…ecure Dont configure the volatile memory controller as a non-secure peripheral (cherry picked from commit c670a6a) Change-Id: I2489defaf6deb89beba7447ba079ea3e5afebca5 Signed-off-by: Markus Rekdal <[email protected]>
Fix linking errors with psa_crypto_config observed in TFM test applications. To be reverted during the next TFM upmerge, as this isolated change is already part of a larger commit upstream. Signed-off-by: Robert Lubos <[email protected]>
!fixup [nrf noup] platform: nordic_nrf: Add support for 54l Change the implementation for cracen ITS encryption to match cryptocell. Signed-off-by: Markus Swarowsky <[email protected]> diff --git a/platform/ext/target/nordic_nrf/common/core/tfm_hal_its_encryption_cracen.c b/platform/ext/target/nordic_nrf/common/core/tfm_hal_its_encryption_cracen.c index f759016..8871bc2 100644 Signed-off-by: Markus Swarowsky <[email protected]> --- a/platform/ext/target/nordic_nrf/common/core/tfm_hal_its_encryption_cracen.c +++ b/platform/ext/target/nordic_nrf/common/core/tfm_hal_its_encryption_cracen.c @@ -110,10 +110,10 @@ static bool ctx_is_valid(struct tfm_hal_its_auth_crypt_ctx *ctx) } psa_status_t tfm_hal_its_get_aead(struct tfm_hal_its_auth_crypt_ctx *ctx, - const uint8_t *plaintext, - const size_t plaintext_size, - uint8_t *ciphertext, - const size_t ciphertext_size, + const uint8_t *input, + const size_t input_size, + uint8_t *output, + const size_t output_size, uint8_t *tag, const size_t tag_size, bool encrypt) @@ -121,7 +121,8 @@ psa_status_t tfm_hal_its_get_aead(struct tfm_hal_its_auth_crypt_ctx *ctx, psa_status_t status; uint8_t key_out[CHACHA20_KEY_SIZE]; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - size_t ciphertext_length; + cracen_aead_operation_t operation = {0}; + size_t out_length; size_t tag_length = PSA_AEAD_TAG_LENGTH(PSA_KEY_TYPE_CHACHA20, PSA_BYTES_TO_BITS(CHACHA20_KEY_SIZE), TFM_ITS_AEAD_ALG); @@ -134,13 +135,12 @@ psa_status_t tfm_hal_its_get_aead(struct tfm_hal_its_auth_crypt_ctx *ctx, return TFM_HAL_ERROR_INVALID_INPUT; } - if (encrypt && (ciphertext_size < PSA_AEAD_ENCRYPT_OUTPUT_SIZE(PSA_KEY_TYPE_CHACHA20, + if (encrypt && (output_size < PSA_AEAD_ENCRYPT_OUTPUT_SIZE(PSA_KEY_TYPE_CHACHA20, TFM_ITS_AEAD_ALG, - plaintext_size))){ + input_size))){ return TFM_HAL_ERROR_INVALID_INPUT; } - status = hw_unique_key_derive_key(HUK_KEYSLOT_MKEK, NULL, 0, ctx->deriv_label, ctx->deriv_label_size, key_out, sizeof(key_out)); if (status != HW_UNIQUE_KEY_SUCCESS) { return TFM_HAL_ERROR_GENERIC; @@ -152,40 +152,35 @@ psa_status_t tfm_hal_its_get_aead(struct tfm_hal_its_auth_crypt_ctx *ctx, psa_set_key_bits(&attributes, PSA_BYTES_TO_BITS(CHACHA20_KEY_SIZE)); if (encrypt) { - status = cracen_aead_encrypt(&attributes, - key_out, - sizeof(key_out), - TFM_ITS_AEAD_ALG, - ctx->nonce, - ctx->nonce_size, - ctx->aad, - ctx->add_size, - plaintext, - plaintext_size, - ciphertext, - ciphertext_size, - &ciphertext_length); + status = cracen_aead_encrypt_setup(&operation, &attributes, key_out, sizeof(key_out), TFM_ITS_AEAD_ALG); } else { - status = cracen_aead_decrypt(&attributes, - key_out, - sizeof(key_out), - TFM_ITS_AEAD_ALG, - ctx->nonce, - ctx->nonce_size, - ctx->aad, - ctx->add_size, - plaintext, - plaintext_size, - ciphertext, - ciphertext_size, - &ciphertext_length); - } - if(status != PSA_SUCCESS){ + status = cracen_aead_decrypt_setup(&operation, &attributes, key_out, sizeof(key_out), TFM_ITS_AEAD_ALG); + } + + if (status != PSA_SUCCESS) { + return status; + } + + status = cracen_aead_set_nonce(&operation, ctx->nonce, ctx->nonce_size); + if (status != PSA_SUCCESS) { return status; } - /* copy tag from ciphertext buffer to tag buffer */ - memcpy(tag, ciphertext + ciphertext_length - tag_length, tag_length); + status = cracen_aead_update_ad(&operation, ctx->aad, ctx->add_size); + if (status != PSA_SUCCESS) { + return status; + } + + status = cracen_aead_update(&operation, input, input_size, output, output_size, &out_length); + if (status != PSA_SUCCESS) { + return status; + } + + if (encrypt) { + status = cracen_aead_finish(&operation, output + out_length, output_size - out_length, &out_length, tag, tag_size, &tag_length); + } else { + status = cracen_aead_verify(&operation, output + out_length, output_size - out_length, &out_length , tag, tag_size); + } return status; }
Version check depends on upstream's tagging scheme which differs from NCS's Signed-off-by: Vidar Lillebø <[email protected]>
Configure NRF_REGULATORS and NRF_OSCILLATORS as secure for security reasons. Also, invoke nordicsemi_nrf54l_init from TF-M as the non-secure image can no longer configure power or clocks. Signed-off-by: Sebastian Bøe <[email protected]> Change-Id: I9bc7f2b158c0ad9da0c434954c9619da5b70d754
fixup! [nrf noup] platform: nordic_nrf: Add support for 54l Remove TODO that has been addressed. VPR is configured to be non-secure when NRF_SPU is memset to 0. Signed-off-by: Sebastian Bøe <[email protected]> Change-Id: I8f1ee39a51f0d87855d2476b6337994cea5901f5
There are some hardware registers in Nordic platforms which are mapped as secure only. In order to allow the non-secure application to control these registers I added here a secure service which allows 32-bit writes to secure mapped memory. The writes are only allowed on addresses and masks defined in a header list. It is also possible to provide an allowed_values list in order to further limit the accepted values. Renamed: tfm_read_ranges.h -> tfm_platform_user_memory_ranges.h since now it can be used for both reads and writes. The list in the current platforms is empty and might be populated later. Signed-off-by: Georgios Vasilakis <[email protected]> Change-Id: Ifa31ba73ec07b216a7e987653255fcc6e9d3989c (cherry picked from commit 57b3342)
Add a custom section in the linker script for the CRACEN KMU driver use by nRF54L15. We need a buffer in a static memory location which wil be used by the KMU to perform push operations. It's a noup since the KMU is not supported fully upstream yet. Ref: NCSDK-25121 Signed-off-by: Georgios Vasilakis <[email protected]>
Signed-off-by: Vidar Lillebø <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.