feat(psa): add interface with RSE for retrieving entropy

Add the AP/RSS interface for reading the entropy. And update the document for the API. Change-Id: I61492d6b5d824a01ffeadc92f9d41ca841ba3367 Signed-off-by: Leo Yan <leo.yan@arm.com> Signed-off-by: Icen Zeyada <Icen.Zeyada2@arm.com>
2025-04-07 21:33:54 +00:00 · 2025-01-31 10:07:51 +00:00 · 2025-01-31 10:07:51 +00:00 · 1147a470c2
commit 1147a470c2
parent 8a41106c83
4 changed files with 53 additions and 0 deletions
--- a/docs/design_documents/rse.rst
+++ b/docs/design_documents/rse.rst
@ -781,6 +781,21 @@ Arm CCA platform:
 - ``ROTPK for secure firmware.``
 - ``ROTPK for non-secure firmware.``

+Get entropy API
+^^^^^^^^^^^^^^^
+
+AP/RSE interface for reading the entropy is as follows.
+
+Defined here:
+
+- ``include/lib/psa/rse_platform_api.h``
+
+.. code-block:: c
+
+    psa_status_t rse_platform_get_entropy(uint8_t *data, size_t data_size)
+
+Through this service, we can read an entropy generated from RSE.
+
 References
 ----------

--- a/include/lib/psa/rse_crypto_defs.h
+++ b/include/lib/psa/rse_crypto_defs.h
@ -11,6 +11,9 @@
 /* Declares types that encode errors, algorithms, key types, policies, etc. */
 #include "psa/crypto_types.h"

+/* Value identifying random number generating API */
+#define RSE_CRYPTO_GENERATE_RANDOM_SID		(uint16_t)(0x100)
+
 /*
 * Value identifying export public key function API, used to dispatch the request
 * to the corresponding API implementation in the Crypto service backend.
--- a/include/lib/psa/rse_platform_api.h
+++ b/include/lib/psa/rse_platform_api.h
@ -59,6 +59,18 @@ rse_platform_nv_counter_read(uint32_t counter_id,
 psa_status_t
 rse_platform_key_read(enum rse_key_id_builtin_t key, uint8_t *data,
 		size_t data_size, size_t *data_length);
+
+/*
+ * Gets the entropy.
+ *
+ * data		Buffer where the entropy data is to be written.
+ * data_size	Size of the data buffer in bytes.
+ *
+ * PSA_SUCCESS if the entropy is generated successfully. Otherwise,
+ *	it returns a PSA_ERROR.
+ */
+psa_status_t
+rse_platform_get_entropy(uint8_t *data, size_t data_size);
 #endif

 #endif /* RSE_PLATFORM_API_H */
--- a/lib/psa/rse_platform.c
+++ b/lib/psa/rse_platform.c
@ -70,4 +70,27 @@ rse_platform_key_read(enum rse_key_id_builtin_t key, uint8_t *data,

 	return status;
 }
+
+psa_status_t
+rse_platform_get_entropy(uint8_t *data, size_t data_size)
+{
+	psa_status_t status;
+
+	struct rse_crypto_pack_iovec iov = {
+		.function_id = RSE_CRYPTO_GENERATE_RANDOM_SID,
+	};
+
+	psa_invec in_vec[] = {
+		{.base = &iov, .len = sizeof(struct rse_crypto_pack_iovec)},
+	};
+	psa_outvec out_vec[] = {
+		{.base = data, .len = data_size}
+	};
+
+	status = psa_call(RSE_CRYPTO_HANDLE, PSA_IPC_CALL,
+			  in_vec, IOVEC_LEN(in_vec),
+			  out_vec, IOVEC_LEN(out_vec));
+
+	return status;
+}
 #endif