@@ -8,7 +8,7 @@ stub components are added to provide a starting point for an
implementation. The capsule update service provider is integrated
into the se-proxy/common deployment.
-Upstream-Status: Pending
+Upstream-Status: Inappropriate [Trusted-Services Design needs to be followed]
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Julian Hall <julian.hall@arm.com>
Change-Id: I0d4049bb4de5af7ca80806403301692507085d28
similarity index 80%
rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch
rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Fix-in-AEAD-for-psa-arch-test-254.patch
@@ -1,23 +1,29 @@
-From 1923e1f4dbd8f912701c2870822fa4b61eb6082d Mon Sep 17 00:00:00 2001
+From 834d5184902341414eb147204eeda8b0ff01f38c Mon Sep 17 00:00:00 2001
From: Satish Kumar <satish.kumar01@arm.com>
Date: Mon, 14 Feb 2022 08:22:25 +0000
-Subject: [PATCH 2/8] Fixes in AEAD for psa-arch test 54 and 58.
+Subject: [PATCH 2/8] Fix in AEAD for psa-arch test 254
-Upstream-Status: Pending [Not submitted to upstream yet]
+PSA crypto test 254 fails at checkpoint 6.
+Fix output arguments in various crypto AEAD functions
+to match crypto service implementation in TF-M. AEAD API's
+in TF-M start expecting output size as an argument.
+
+Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/31176]
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
---
- .../crypto/client/caller/packed-c/crypto_caller_aead.h | 1 +
- components/service/crypto/include/psa/crypto_sizes.h | 2 +-
- .../crypto/provider/extension/aead/aead_provider.c | 8 ++++++--
- .../extension/aead/serializer/aead_provider_serializer.h | 1 +
- .../packed-c/packedc_aead_provider_serializer.c | 2 ++
- protocols/service/crypto/packed-c/aead.h | 1 +
- 6 files changed, 12 insertions(+), 3 deletions(-)
+ .../crypto/client/caller/packed-c/crypto_caller_aead.h | 1 +
+ components/service/crypto/include/psa/crypto_sizes.h | 2 +-
+ .../crypto/provider/extension/aead/aead_provider.c | 10 ++++++++--
+ .../aead/serializer/aead_provider_serializer.h | 1 +
+ .../packed-c/packedc_aead_provider_serializer.c | 2 ++
+ protocols/service/crypto/packed-c/aead.h | 1 +
+ 6 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h b/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h
-index bf39762b0..27ffbc66e 100644
+index 417189e..236d3e2 100644
--- a/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h
+++ b/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h
@@ -314,6 +314,7 @@ static inline psa_status_t crypto_caller_aead_update(struct service_client *cont
@@ -29,7 +35,7 @@ index bf39762b0..27ffbc66e 100644
/* Mandatory input data parameter */
diff --git a/components/service/crypto/include/psa/crypto_sizes.h b/components/service/crypto/include/psa/crypto_sizes.h
-index 30aa102da..130d27295 100644
+index 30aa102..130d272 100644
--- a/components/service/crypto/include/psa/crypto_sizes.h
+++ b/components/service/crypto/include/psa/crypto_sizes.h
@@ -351,7 +351,7 @@
@@ -42,7 +48,7 @@ index 30aa102da..130d27295 100644
/** A sufficient output buffer size for psa_aead_update().
*
diff --git a/components/service/crypto/provider/extension/aead/aead_provider.c b/components/service/crypto/provider/extension/aead/aead_provider.c
-index b73d88d32..6a0f96c3c 100644
+index b73d88d..510cffa 100644
--- a/components/service/crypto/provider/extension/aead/aead_provider.c
+++ b/components/service/crypto/provider/extension/aead/aead_provider.c
@@ -283,10 +283,11 @@ static rpc_status_t aead_update_handler(void *context, struct rpc_request *req)
@@ -58,22 +64,24 @@ index b73d88d32..6a0f96c3c 100644
if (rpc_status == RPC_SUCCESS) {
-@@ -300,9 +301,12 @@ static rpc_status_t aead_update_handler(void *context, struct rpc_request *req)
+@@ -300,9 +301,14 @@ static rpc_status_t aead_update_handler(void *context, struct rpc_request *req)
if (crypto_context) {
size_t output_len = 0;
- size_t output_size = PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(input_len);
+ size_t output_size = PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(24);
++ /* Always allocate maximum size to be more robust to implementations of psa_aead_update() */
uint8_t *output = malloc(output_size);
+ if (recv_output_size < output_size) {
+ output_size = recv_output_size;
+ }
++
if (output) {
psa_status = psa_aead_update(&crypto_context->op.aead,
diff --git a/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h b/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h
-index be76d2bc6..590973048 100644
+index be76d2b..5909730 100644
--- a/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h
+++ b/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h
@@ -51,6 +51,7 @@ struct aead_provider_serializer {
@@ -85,7 +93,7 @@ index be76d2bc6..590973048 100644
rpc_status_t (*serialize_aead_update_resp)(struct rpc_buffer *resp_buf,
diff --git a/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c b/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c
-index 8f8c3c7f2..922a7b651 100644
+index 8f8c3c7..922a7b6 100644
--- a/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c
+++ b/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c
@@ -192,6 +192,7 @@ static rpc_status_t deserialize_aead_update_ad_req(const struct rpc_buffer *req_
@@ -105,7 +113,7 @@ index 8f8c3c7f2..922a7b651 100644
tlv_const_iterator_begin(&req_iter,
(uint8_t*)req_buf->data + expected_fixed_len,
diff --git a/protocols/service/crypto/packed-c/aead.h b/protocols/service/crypto/packed-c/aead.h
-index 0be266b52..435fd3b52 100644
+index 0be266b..435fd3b 100644
--- a/protocols/service/crypto/packed-c/aead.h
+++ b/protocols/service/crypto/packed-c/aead.h
@@ -98,6 +98,7 @@ enum
new file mode 100644
@@ -0,0 +1,31 @@
+From 372d6e9e5827486841ffe15a1b050569fff762b6 Mon Sep 17 00:00:00 2001
+From: Bence Balogh <bence.balogh@arm.com>
+Date: Wed, 10 Apr 2024 09:17:39 +0200
+Subject: [PATCH 5/8] Fix psa-api-crypto-test no 243
+
+Enable MbedTLS ECP DP SECP521R1 ECC algorithm to pass
+PSA-API tests's `psa-api-crypto-test` number 243 as it is
+required for Corstone-1000.
+
+Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/31177/1]
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
+---
+ platform/providers/arm/corstone1000/platform.cmake | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake
+index d944acf..e811c25 100644
+--- a/platform/providers/arm/corstone1000/platform.cmake
++++ b/platform/providers/arm/corstone1000/platform.cmake
+@@ -14,6 +14,7 @@ target_compile_definitions(${TGT} PRIVATE
+ SMM_VARIABLE_INDEX_STORAGE_UID=0x787
+ PLAT_RSS_COMMS_PAYLOAD_MAX_SIZE=0x2080
+ COMMS_MHU_MSG_SIZE=0x3500
++ MBEDTLS_ECP_DP_SECP521R1_ENABLED
+ )
+
+ get_property(_platform_driver_dependencies TARGET ${TGT}
+--
+2.25.1
+
deleted file mode 100644
@@ -1,28 +0,0 @@
-From a7818585e1113aabf310a94eea802ff79234b0db Mon Sep 17 00:00:00 2001
-From: Bence Balogh <bence.balogh@arm.com>
-Date: Wed, 10 Apr 2024 09:17:39 +0200
-Subject: [PATCH 5/8] plat: corstone1000: add compile definitions for
- ECP_DP_SECP512R1
-
-Corstone1000 runs PSA-API tests which requires this ECC algorithm.
-Without setting this, corstone1000 fails psa-api-crypto-test no 243.
-
-Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
-Upstream-Status: Pending
----
- platform/providers/arm/corstone1000/platform.cmake | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake
-index 663226740..83350f788 100644
---- a/platform/providers/arm/corstone1000/platform.cmake
-+++ b/platform/providers/arm/corstone1000/platform.cmake
-@@ -26,3 +26,5 @@ get_property(_platform_driver_dependencies TARGET ${TGT}
- if ("mhu" IN_LIST _platform_driver_dependencies)
- include(${TS_ROOT}/platform/drivers/arm/mhu_driver/mhu_v2_x/driver.cmake)
- endif()
-+
-+add_compile_definitions(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-2.25.1
-
similarity index 68%
rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Change-RSS_COMMS-cmake-variables-to-cahce-vars.patch
rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Make-RSS-and-MHU-sizes-compile-time-definitions-user.patch
@@ -1,19 +1,22 @@
-From e8b577d02d1d4ed2492bb0b6c3a5bb7d2656f13a Mon Sep 17 00:00:00 2001
+From 6e7e3f2f1cb96eb1c895e8573fae8c141e9b64c8 Mon Sep 17 00:00:00 2001
From: Bence Balogh <bence.balogh@arm.com>
Date: Fri, 17 May 2024 13:21:07 +0200
-Subject: [PATCH] Change RSS_COMMS cmake variables to cahce vars
+Subject: [PATCH] Make RSS and MHU sizes compile-time definitions
+ user-configurable
-This way they can be set externally as well for the corstone1000
-platform.
+Replace the hardcoded RSS and MHU compile definitions values with CMake
+cache variables that users can configure to change the size of the RSS
+communication payload and the MHU message.
+Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/31178/1]
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
-Upstream-Status: Pending
+Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
---
platform/providers/arm/corstone1000/platform.cmake | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake
-index 16139c80e..82ac14f0b 100644
+index e811c25..8997155 100644
--- a/platform/providers/arm/corstone1000/platform.cmake
+++ b/platform/providers/arm/corstone1000/platform.cmake
@@ -9,11 +9,13 @@
@@ -29,9 +32,9 @@ index 16139c80e..82ac14f0b 100644
- COMMS_MHU_MSG_SIZE=0x3500
+ PLAT_RSS_COMMS_PAYLOAD_MAX_SIZE=${PLAT_RSS_COMMS_PAYLOAD_MAX_SIZE}
+ COMMS_MHU_MSG_SIZE=${COMMS_MHU_MSG_SIZE}
+ MBEDTLS_ECP_DP_SECP521R1_ENABLED
)
- get_property(_platform_driver_dependencies TARGET ${TGT}
--
2.25.1
similarity index 98%
rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-Align-PSA-Crypto-structs-with-TF-Mv2.1.patch
rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-Align-PSA-Crypto-with-TF-Mv2.1.patch
@@ -1,9 +1,9 @@
From 3bb579379bcfe32ae0b81f721b370afcb58e9693 Mon Sep 17 00:00:00 2001
From: Bence Balogh <bence.balogh@arm.com>
Date: Wed, 10 Jul 2024 11:07:09 +0200
-Subject: [PATCH] Align PSA Crypto structs with TF-Mv2.1
+Subject: [PATCH] Align PSA Crypto with TF-Mv2.1
-The files were updated using the TF-Mv2.1 release (0c4c99b) commit.
+Update following files using the TF-Mv2.1 release (0c4c99b) commit.
* crypto_sid.h
This is derived from TF-M's tfm_crypto_defs.h file. The crypto function
@@ -21,7 +21,7 @@ The psa_client_key_attributes_s struct had to be aligned with the
psa_key_attributes_s struct in TF-M. (psa_crypto.c)
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
-Upstream-Status: Pending
+Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/31179/1]
---
.../service/common/include/psa/crypto_sid.h | 168 +++++-------------
.../backend/psa_ipc/crypto_ipc_backend.h | 9 +-
@@ -3,10 +3,10 @@ FILESEXTRAPATHS:prepend:corstone1000 := "${THISDIR}/corstone1000:"
COMPATIBLE_MACHINE:corstone1000 = "corstone1000"
SRC_URI:append:corstone1000 = " \
file://0001-Add-stub-capsule-update-service-components.patch \
- file://0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch \
+ file://0002-Fix-in-AEAD-for-psa-arch-test-254.patch \
file://0003-FMP-Support-in-Corstone1000.patch \
file://0004-smm_gateway-GetNextVariableName-Fix.patch \
- file://0005-plat-corstone1000-add-compile-definitions-for-ECP_DP.patch \
+ file://0005-Fix-psa-api-crypto-test-no-243.patch \
file://0006-plat-corstone1000-Use-the-stateless-platform-service.patch \
file://0007-plat-corstone1000-Initialize-capsule-update-provider.patch \
file://0008-plat-corstone1000-add-client_id-for-FMP-service.patch \
@@ -19,8 +19,8 @@ SRC_URI:append:corstone1000 = " \
file://0015-Add-timestamp-validation-for-uefi-variables.patch \
file://0016-Isolate-common-uefi-variable-authentication-steps.patch \
file://0017-Implement-Private-Authenticated-Variable-verificatio.patch \
- file://0018-Change-RSS_COMMS-cmake-variables-to-cahce-vars.patch \
- file://0019-Align-PSA-Crypto-structs-with-TF-Mv2.1.patch \
+ file://0018-Make-RSS-and-MHU-sizes-compile-time-definitions-user.patch \
+ file://0019-Align-PSA-Crypto-with-TF-Mv2.1.patch \
"
# The patches above introduce errors with GCC 14.1, silence them for now