Change the name of these confs to be version agnostic,
we will later use these configs to enforce the mbedtls
minimum version
Change-Id: I1f665c2471877ecc833270c511749ff845046f10
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
The default mbedTLS configuration enables hash algorithms based on
the HASH_ALG or MBOOT_EL_HASH_ALG selected. However, the Arm ROTPK
is always embedded as a SHA256 hash in BL1 and BL2. In the future,
we may need to adjust this to use the HASH_ALG algorithm for
embedding the ROTPK hash.
As a temporary workaround, a separate mbedTLS configuration has
been created for Arm platforms to explicitly set SHA256 defines,
rather than relying on the default configuration. This adjustment
is reflected in the mbedTLS configuration file for the TC platform
as well as in the PSA Crypto configuration file.
Change-Id: Ib3128ce7b0fb5c0858624ecbc998d456968beddf
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Update the TC's platform test Makefile and related common definitions
to correspond to newer TF-M code (commit hash: 4ab7a20).
Change-Id: I6ef3effe194a780a0533f9c0c2eab9d0f4efc1fc
Signed-off-by: David Vincze <david.vincze@arm.com>
Simulated the utilization of an external RNG through the
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG configuration option in mbedTLS.
Consequently, an implementation of mbedtls_psa_external_get_random()
is provided. Given the absence of actual external RNG support,
we provide a mock implementation by utilizing the system counter to
fill the the buffer to provide a random number, specifically tailored
for the use exclusively within the TF-M testsuite.
While this method is not ideal for generating random numbers,
alternatives like the 'rand' library function are not feasible due to
lack of support in TF-A. Additionally, the architectural 'rand'
instruction is not viable, as it is only supported for platforms with
Armv8.5-a+ architecture as an optional feature.
mbedtls_psa_external_get_random() function comes into play during the
exportation of the public portion of the delegated attestation key.
This helps in using mbedTLS-3.4.1 for running the delegated attestation
tests on TC platform.
Change-Id: Ifcf4e3231aad93595e00c353a4b0c606c0ef9fc2
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Recently mbedtls_cofig.h was renamed to:
- mbedtls_config-2.h
- mbedtls_config-3.h
Modify the include order to resolve the
static check failure in the CI.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I424f1cde199397b8df780a9514f1042e601c6502
This patch adds Delegated Attestation and Measured Boot tests to the
plat/arm/board/tc platform.
The test suite can be activated by adding the build time option
`PLATFORM_TEST=1` to the make command. In this case the boot sequence is
not finished, plat_error_handler is called after the tests are run
(regardless of the test result.)
The actual test code is coming from the Trusted-Firmware-M project. Some
of the files of the tf-m-tests and tf-m-extras repo are linked to the
BL31 image.
Versions used for testing:
https://git.trustedfirmware.org/TF-M/tf-m-tests
614e8c358377e4146e8ee13d1246e59d01b4bf1b
https: //git.trustedfirmware.org/TF-M/tf-m-extras
3be9fdd557e6df449de93c2101973fb011699b3d
Change-Id: I98f0f5f760a39d2d7e0dd11d33663ddb75f0b6fc
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
