Direct access rot rebased (ARMmbed#158)

* Add direct root access functions for getting
  RoT from kvstore.
* Use naming consistent with cloud client configs
* Change configs to use kvstore

Author: LiyouZhou

Jenkinsfile

@@ -179,7 +179,7 @@ def bootloaderBuildStep(stepName,
 def build_test_config = [
   "K64F": [
     "mbed_app.json",
-    "configs/internal_flash_nvstore.json",
+    "configs/internal_flash_kvstore.json",
     "configs/internal_flash_fake_rot.json"],
   "NUCLEO_F429ZI": ["mbed_app.json"],
   "UBLOX_EVK_ODIN_W2": ["mbed_app.json"],

configs/block_device_fake_rot.json

@@ -5,13 +5,12 @@
     ],
     "target_overrides": {
         "*": {
-            "target.features_remove"               : ["LWIP", "STORAGE"],
             "platform.stdio-baud-rate"             : 115200,
             "platform.stdio-flush-at-exit"         : false,
             "update-client.firmware-header-version": "2",
             "target.components_add"                : ["SD"],
             "sd.CRC_ENABLED"                       : 0,
-            "mbed-bootloader.use-nvstore-rot"      : 0,
+            "mbed-bootloader.use-kvstore-rot"      : 0,
             "update-client.storage-address"        : "(1024*1024*64)",
             "update-client.storage-size"           : "(1024*1024*2)",
             "update-client.storage-locations"      : 1

configs/internal_flash_fake_rot.json

@@ -7,7 +7,7 @@
             "platform.stdio-baud-rate": 115200,
             "platform.stdio-flush-at-exit": false,
             "update-client.firmware-header-version": "2",
-            "mbed-bootloader.use-nvstore-rot": 0
+            "mbed-bootloader.use-kvstore-rot": 0
         },
         "K64F": {
             "update-client.application-details"        : "( 40*1024)",

configs/internal_flash_nvstore.json renamed to configs/internal_flash_kvstore.json

@@ -9,10 +9,8 @@
             "update-client.firmware-header-version": "2"
         },
         "K64F": {
-            "nvstore.area_1_address"                   : "( 32*1024)",
-            "nvstore.area_1_size"                      : "(  4*1024)",
-            "nvstore.area_2_address"                   : "( 36*1024)",
-            "nvstore.area_2_size"                      : "(  4*1024)",
+            "storage_filesystem.internal_base_address" : "(FLASH_START_ADDRESS+32*1024)",
+            "storage_filesystem.rbp_internal_size"     : "(2*4*1024)",
             "update-client.application-details"        : "( 40*1024)",
             "mbed-bootloader.application-start-address": "( 41*1024)",
             "mbed-bootloader.max-application-size"     : "(MBED_CONF_UPDATE_CLIENT_STORAGE_ADDRESS-MBED_CONF_MBED_BOOTLOADER_APPLICATION_START_ADDRESS)",

configs/test_configs/header_separate_after_app.json

@@ -12,7 +12,7 @@
             "update-client.storage-locations": 1,
             "update-client.firmware-header-version": "2",
             "sd.CRC_ENABLED": 0,
-            "mbed-bootloader.use-nvstore-rot": 0
+            "mbed-bootloader.use-kvstore-rot": 0
         },
         "K64F": {
             "update-client.application-details"        : "(FLASH_START_ADDRESS+1020*1024)",

configs/test_configs/header_separate_before_app.json

@@ -12,7 +12,7 @@
             "update-client.storage-locations": 1,
             "update-client.firmware-header-version": "2",
             "sd.CRC_ENABLED": 0,
-            "mbed-bootloader.use-nvstore-rot": 0
+            "mbed-bootloader.use-kvstore-rot": 0
         },
         "K64F": {
             "update-client.application-details"        : "(FLASH_START_ADDRESS+32*1024)",

configs/test_configs/power_cut_test.json

@@ -13,7 +13,7 @@
             "update-client.storage-locations": 1,
             "update-client.firmware-header-version": "2",
             "sd.CRC_ENABLED": 0,
-            "mbed-bootloader.use-nvstore-rot": 0
+            "mbed-bootloader.use-kvstore-rot": 0
         },
         "K64F": {
             "update-client.application-details"        : "128*1024",

mbed-os.lib

@@ -1 +1 @@
-https://github.com/ARMmbed/mbed-os/#6a0a86538c0b9b2bfcc4583b1e2b7fea8f4e71e9
+https://github.com/ARMmbed/mbed-os/#41ecde9c30842a9f2f93a7b1542ea414709a90cb

mbed_app.json

@@ -13,29 +13,24 @@
             "update-client.storage-locations": 1,
             "update-client.firmware-header-version": "2",
             "target.components_add": ["SD"],
-            "sd.CRC_ENABLED": 0
+            "sd.CRC_ENABLED": 0,
+            "storage.storage_type": "FILESYSTEM"
         },
         "K64F": {
-            "nvstore.area_1_address"                   : "(FLASH_START_ADDRESS+32*1024)",
-            "nvstore.area_1_size"                      : "(4*1024)",
-            "nvstore.area_2_address"                   : "(FLASH_START_ADDRESS+36*1024)",
-            "nvstore.area_2_size"                      : "(4*1024)",
+            "storage_filesystem.internal_base_address" : "(FLASH_START_ADDRESS+32*1024)",
+            "storage_filesystem.rbp_internal_size"     : "(2*4*1024)",
             "update-client.application-details"        : "(FLASH_START_ADDRESS+40*1024)",
             "mbed-bootloader.application-start-address": "(FLASH_START_ADDRESS+41*1024)"
         },
         "K66F": {
-            "nvstore.area_1_address"                   : "(FLASH_START_ADDRESS+32*1024)",
-            "nvstore.area_1_size"                      : "(4*1024)",
-            "nvstore.area_2_address"                   : "(FLASH_START_ADDRESS+36*1024)",
-            "nvstore.area_2_size"                      : "(4*1024)",
+            "storage_filesystem.internal_base_address" : "(FLASH_START_ADDRESS+32*1024)",
+            "storage_filesystem.rbp_internal_size"     : "(2*4*1024)",
             "update-client.application-details"        : "(FLASH_START_ADDRESS+40*1024)",
             "mbed-bootloader.application-start-address": "(FLASH_START_ADDRESS+41*1024)"
         },
         "KW24D": {
-            "nvstore.area_1_address"                   : "(FLASH_START_ADDRESS+32*1024)",
-            "nvstore.area_1_size"                      : "(2*1024)",
-            "nvstore.area_2_address"                   : "(FLASH_START_ADDRESS+34*1024)",
-            "nvstore.area_2_size"                      : "(2*1024)",
+            "storage_filesystem.internal_base_address" : "(FLASH_START_ADDRESS+32*1024)",
+            "storage_filesystem.rbp_internal_size"     : "(2*2*1024)",
             "update-client.application-details"        : "(FLASH_START_ADDRESS+36*1024)",
             "mbed-bootloader.application-start-address": "(FLASH_START_ADDRESS+37*1024)",
             "sd.SPI_CS"                                : "PTC4",
@@ -44,34 +39,26 @@
             "sd.SPI_CLK"                               : "PTC5"
         },
         "NUCLEO_L476RG": {
-            "nvstore.area_1_address"                   : "(FLASH_START_ADDRESS+32*1024)",
-            "nvstore.area_1_size"                      : "(2*1024)",
-            "nvstore.area_2_address"                   : "(FLASH_START_ADDRESS+34*1024)",
-            "nvstore.area_2_size"                      : "(2*1024)",
+            "storage_filesystem.internal_base_address" : "(FLASH_START_ADDRESS+32*1024)",
+            "storage_filesystem.rbp_internal_size"     : "(2*2*1024)",
             "update-client.application-details"        : "(FLASH_START_ADDRESS+36*1024)",
             "mbed-bootloader.application-start-address": "(FLASH_START_ADDRESS+38*1024)"
         },
         "DISCO_L476VG": {
-            "nvstore.area_1_address"                   : "(FLASH_START_ADDRESS+32*1024)",
-            "nvstore.area_1_size"                      : "(2*1024)",
-            "nvstore.area_2_address"                   : "(FLASH_START_ADDRESS+34*1024)",
-            "nvstore.area_2_size"                      : "(2*1024)",
+            "storage_filesystem.internal_base_address" : "(FLASH_START_ADDRESS+32*1024)",
+            "storage_filesystem.rbp_internal_size"     : "(2*2*1024)",
             "update-client.application-details"        : "(FLASH_START_ADDRESS+36*1024)",
             "mbed-bootloader.application-start-address": "(FLASH_START_ADDRESS+38*1024)"
         },
         "DISCO_L475VG_IOT01A": {
-            "nvstore.area_1_address"                   : "(FLASH_START_ADDRESS+32*1024)",
-            "nvstore.area_1_size"                      : "(2*1024)",
-            "nvstore.area_2_address"                   : "(FLASH_START_ADDRESS+34*1024)",
-            "nvstore.area_2_size"                      : "(2*1024)",
+            "storage_filesystem.internal_base_address" : "(FLASH_START_ADDRESS+32*1024)",
+            "storage_filesystem.rbp_internal_size"     : "(2*2*1024)",
             "update-client.application-details"        : "(FLASH_START_ADDRESS+36*1024)",
             "mbed-bootloader.application-start-address": "(FLASH_START_ADDRESS+38*1024)"
         },
         "NUCLEO_F411RE": {
-            "nvstore.area_1_address"                   : "(FLASH_START_ADDRESS+32*1024)",
-            "nvstore.area_1_size"                      : "(16*1024)",
-            "nvstore.area_2_address"                   : "(FLASH_START_ADDRESS+48*1024)",
-            "nvstore.area_2_size"                      : "(16*1024)",
+            "storage_filesystem.internal_base_address" : "(FLASH_START_ADDRESS+32*1024)",
+            "storage_filesystem.rbp_internal_size"     : "(2*16*1024)",
             "update-client.application-details"        : "(FLASH_START_ADDRESS+64*1024)",
             "mbed-bootloader.application-start-address": "(FLASH_START_ADDRESS+65*1024)",
             "sd.SPI_CS"                                : "PB_9",
@@ -80,18 +67,14 @@
             "sd.SPI_CLK"                               : "PC_7"
         },
         "NUCLEO_F429ZI": {
-            "nvstore.area_1_address"                   : "(FLASH_START_ADDRESS+32*1024)",
-            "nvstore.area_1_size"                      : "(16*1024)",
-            "nvstore.area_2_address"                   : "(FLASH_START_ADDRESS+48*1024)",
-            "nvstore.area_2_size"                      : "(16*1024)",
+            "storage_filesystem.internal_base_address" : "(FLASH_START_ADDRESS+32*1024)",
+            "storage_filesystem.rbp_internal_size"     : "(2*16*1024)",
             "update-client.application-details"        : "(FLASH_START_ADDRESS+64*1024)",
             "mbed-bootloader.application-start-address": "(FLASH_START_ADDRESS+65*1024)"
         },
         "NUCLEO_F207ZG": {
-            "nvstore.area_1_address"                   : "(FLASH_START_ADDRESS+32*1024)",
-            "nvstore.area_1_size"                      : "(16*1024)",
-            "nvstore.area_2_address"                   : "(FLASH_START_ADDRESS+48*1024)",
-            "nvstore.area_2_size"                      : "(16*1024)",
+            "storage_filesystem.internal_base_address" : "(FLASH_START_ADDRESS+32*1024)",
+            "storage_filesystem.rbp_internal_size"     : "(2*16*1024)",
             "update-client.application-details"        : "(FLASH_START_ADDRESS+64*1024)",
             "mbed-bootloader.application-start-address": "(FLASH_START_ADDRESS+65*1024)",
             "sd.SPI_MOSI"                              : "PC_12",
@@ -101,26 +84,20 @@
         },
         "UBLOX_EVK_ODIN_W2": {
             "target.device_has_remove": ["EMAC"],
-            "nvstore.area_1_address"                   : "(FLASH_START_ADDRESS+32*1024)",
-            "nvstore.area_1_size"                      : "(16*1024)",
-            "nvstore.area_2_address"                   : "(FLASH_START_ADDRESS+48*1024)",
-            "nvstore.area_2_size"                      : "(16*1024)",
+            "storage_filesystem.internal_base_address" : "(FLASH_START_ADDRESS+32*1024)",
+            "storage_filesystem.rbp_internal_size"     : "(2*16*1024)",
             "update-client.application-details"        : "(FLASH_START_ADDRESS+64*1024)",
             "mbed-bootloader.application-start-address": "(FLASH_START_ADDRESS+65*1024)"
         },
         "UBLOX_C030_U201": {
-            "nvstore.area_1_address"                   : "(FLASH_START_ADDRESS+32*1024)",
-            "nvstore.area_1_size"                      : "(16*1024)",
-            "nvstore.area_2_address"                   : "(FLASH_START_ADDRESS+48*1024)",
-            "nvstore.area_2_size"                      : "(16*1024)",
+            "storage_filesystem.internal_base_address" : "(FLASH_START_ADDRESS+32*1024)",
+            "storage_filesystem.rbp_internal_size"     : "(2*16*1024)",
             "update-client.application-details"        : "(FLASH_START_ADDRESS+64*1024)",
             "mbed-bootloader.application-start-address": "(FLASH_START_ADDRESS+65*1024)"
         },
         "NRF52840_DK": {
-            "nvstore.area_1_address"                   : "(FLASH_START_ADDRESS+1024*1016)",
-            "nvstore.area_1_size"                      : "(4*1024)",
-            "nvstore.area_2_address"                   : "(FLASH_START_ADDRESS+1024*1020)",
-            "nvstore.area_2_size"                      : "(4*1024)",
+            "storage_filesystem.internal_base_address" : "(FLASH_START_ADDRESS+1024*1016)",
+            "storage_filesystem.rbp_internal_size"     : "(2*4*1024)",
             "update-client.application-details"        : "(FLASH_START_ADDRESS+236*1024)",
             "mbed-bootloader.application-start-address": "(FLASH_START_ADDRESS+237*1024)",
             "target.OUTPUT_EXT"                        : "hex",

mbed_lib.json

@@ -38,10 +38,10 @@
             "value": 1,
             "macro_name": "SHOW_PROGRESS_BAR"
         },
-        "use-nvstore-rot": {
+        "use-kvstore-rot": {
             "help": "use nvstore implementation of the ROT to authenticate firmware headers",
             "value": 1,
-            "macro_name": "ARM_BOOTLOADER_USE_NVSTORE_ROT"
+            "macro_name": "ARM_BOOTLOADER_USE_KVSTORE_ROT"
         }
     },
     "macros": [

source/example_insecure_rot.c

@@ -16,7 +16,7 @@
 // limitations under the License.
 // ----------------------------------------------------------------------------
 
-#if !defined(ARM_BOOTLOADER_USE_NVSTORE_ROT) || ARM_BOOTLOADER_USE_NVSTORE_ROT == 0
+#if !defined(ARM_BOOTLOADER_USE_KVSTORE_ROT) || ARM_BOOTLOADER_USE_KVSTORE_ROT == 0
 
 #include <inttypes.h>
 #include <stddef.h>
@@ -52,4 +52,4 @@ int8_t mbed_cloud_client_get_rot_128bit(uint8_t *key_buf, uint32_t length)
     return 0;
 }
 
-#endif // #if !defined(ARM_BOOTLOADER_USE_NVSTORE_ROT) || ARM_BOOTLOADER_USE_NVSTORE_ROT == 0
+#endif // #if !defined(ARM_BOOTLOADER_USE_KVSTORE_ROT) || ARM_BOOTLOADER_USE_KVSTORE_ROT == 0

source/kvstore_rot.cpp

@@ -0,0 +1,72 @@
+// ----------------------------------------------------------------------------
+// Copyright 2019 ARM Ltd.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------
+
+#if defined(ARM_BOOTLOADER_USE_KVSTORE_ROT) && ARM_BOOTLOADER_USE_KVSTORE_ROT == 1
+
+#include <inttypes.h>
+#include <stddef.h>
+#include "DirectAccessDevicekey.h"
+
+#define DEVICE_KEY_SIZE_IN_BYTES (128/8)
+
+/**
+* @brief Function to get the device root of trust
+* @details The device root of trust should be a 128 bit value. It should never leave the device.
+*          It should be unique to the device. It should have enough entropy to avoid conventional
+*          entropy attacks. The porter should implement the following device signature to provide
+*          device root of trust on different platforms.
+*
+* @param key_buf buffer to be filled with the device root of trust.
+* @param length  length of the buffer provided to make sure no overflow occurs.
+*
+* @return 0 on success, non-zero on failure.
+*/
+extern "C" int8_t mbed_cloud_client_get_rot_128bit(uint8_t *key_buf, uint32_t length)
+{
+    int8_t error = 0;
+    uint32_t tdb_start_offset = 0;
+    uint32_t tdb_end_offset = 0;
+    size_t actual_len_bytes = 0;
+
+    // Check params
+    if (length < DEVICE_KEY_SIZE_IN_BYTES || key_buf == NULL) {
+        error = -1;
+    }
+
+    // Get TDB parameters
+    if (error == 0) {
+        error = get_expected_internal_TDBStore_position(&tdb_start_offset,
+                                                        &tdb_end_offset);
+    }
+
+    // Read ROT
+    if (error == 0) {
+        error = direct_access_to_devicekey(tdb_start_offset,
+                                           tdb_end_offset,
+                                           key_buf,
+                                           DEVICE_KEY_SIZE_IN_BYTES,
+                                           &actual_len_bytes);
+        if (actual_len_bytes != DEVICE_KEY_SIZE_IN_BYTES) {
+            error = -1;
+        }
+    }
+
+    return error;
+}
+
+#endif // #if defined(ARM_BOOTLOADER_USE_KVSTORE_ROT) && ARM_BOOTLOADER_USE_KVSTORE_ROT == 1