Skip to content

Commit

Permalink
[OIS] PSA protected storage support
Browse files Browse the repository at this point in the history
Add KV store class base on PSA Protected Storage.
Rename OpenIoTSDKConfig to KVBlockDeviceStore.
Build system adaptation to support various storage type.
Change KV manager and Configuration manager to support various
storage type.
Add CONFIG_CHIP_OPEN_IOT_SDK_USE_PSA_PS Cmake flag to enable PSA PS
support.
Initialize the KV store manager during CHIP stack setup.

Signed-off-by: ATmobica <[email protected]>
  • Loading branch information
ATmobica committed Jan 27, 2023
1 parent 16c65c2 commit 20b8702
Show file tree
Hide file tree
Showing 15 changed files with 1,170 additions and 243 deletions.
1 change: 1 addition & 0 deletions config/openiotsdk/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -191,6 +191,7 @@ chip_gn_arg_bool ("chip_progress_logging" CONFIG_CHIP_PROGRESS_L
chip_gn_arg_bool ("chip_automation_logging" CONFIG_CHIP_AUTOMATION_LOGGING)
chip_gn_arg_bool ("chip_error_logging" CONFIG_CHIP_ERROR_LOGGING)
chip_gn_arg_bool ("chip_openiotsdk_use_tfm" TFM_SUPPORT)
chip_gn_arg_bool ("chip_openiotsdk_use_psa_ps" CONFIG_CHIP_OPEN_IOT_SDK_USE_PSA_PS)
if (TARGET cmsis-rtos-api)
chip_gn_arg_string("target_os" "cmsis-rtos")
endif()
Expand Down
6 changes: 6 additions & 0 deletions config/openiotsdk/cmake/chip.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,12 @@ set(CONFIG_CHIP_PROGRESS_LOGGING YES CACHE BOOL "Enable logging at progress leve
set(CONFIG_CHIP_AUTOMATION_LOGGING YES CACHE BOOL "Enable logging at automation level")
set(CONFIG_CHIP_ERROR_LOGGING YES CACHE BOOL "Enable logging at error level")

set(CONFIG_CHIP_OPEN_IOT_SDK_USE_PSA_PS NO CACHE BOOL "Enable using PSA Protected Storage")

if(CONFIG_CHIP_OPEN_IOT_SDK_USE_PSA_PS AND NOT TFM_SUPPORT)
message( FATAL_ERROR "You can not use PSA Protected Storage without TF-M support" )
endif()

# Add CHIP sources
add_subdirectory(${OPEN_IOT_SDK_CONFIG} ./chip_build)

Expand Down
21 changes: 21 additions & 0 deletions docs/examples/openiotsdk_examples.md
Original file line number Diff line number Diff line change
Expand Up @@ -164,6 +164,27 @@ You can also provide the own version of Matter example by setting
set(TFM_NS_APP_VERSION "0.0.1")
```
### Trusted Firmware-M Protected Storage
There is an option to add
[TF-M Protected Storage Service](https://tf-m-user-guide.trustedfirmware.org/integration_guide/services/tfm_ps_integration_guide.html)
support for `key-value` storage component in Matter examples. You need to set
`CONFIG_CHIP_OPEN_IOT_SDK_USE_PSA_PS` variable inside main application
`CMakeLists.txt` fi
```
set(CONFIG_CHIP_OPEN_IOT_SDK_USE_PSA_PS YES)
```
This option causes `key-value` objects will be stored in a secure part of flash
memory and the Protected Storage Service takes care of their encryption and
authentication.
**NOTE**
The `TF-M Protected Storage` option requires enabling
[TF-M](#trusted-firmware-m) support.
## Building
You build using a vscode task or call the script directly from the command line.
Expand Down
1 change: 1 addition & 0 deletions examples/lock-app/openiotsdk/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ set(APP_TARGET chip-openiotsdk-lock-app-example_ns)
set(TFM_SUPPORT YES)
set(TFM_PROJECT_CONFIG_HEADER_FILE "${CMAKE_CURRENT_SOURCE_DIR}/tf-m-config/TfmProjectConfig.h")
set(TFM_NS_APP_VERSION "0.0.1")
set(CONFIG_CHIP_OPEN_IOT_SDK_USE_PSA_PS YES)

# Toolchain files need to exist before first call to project
include(toolchain)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,10 @@
* 0x0026_0000 Secure image secondary slot (384 KB)
* 0x002C_0000 Non-secure image secondary slot (2 MB)
* 0x004C_0000 Scratch area (2 MB)
* 0x006C_0000 Protected Storage Area (20 KB)
* 0x006C_5000 Internal Trusted Storage Area (16 KB)
* 0x006C_9000 OTP / NV counters area (8 KB)
* 0x006C_B000 Unused
* 0x006C_0000 Protected Storage Area (64 KB)
* 0x006D_0000 Internal Trusted Storage Area (64 KB)
* 0x006E_0000 OTP / NV counters area (8 KB)
* 0x006E_2000 Unused
*
* Flash layout on AN552 with BL2 (single image boot):
*
Expand All @@ -44,10 +44,10 @@
* 0x0026_0000 Secure image secondary (384 KB)
* 0x002C_0000 Non-secure image secondary (384 KB)
* 0x004C_0000 Scratch area (2 MB)
* 0x006C_0000 Protected Storage Area (20 KB)
* 0x006C_5000 Internal Trusted Storage Area (16 KB)
* 0x006C_9000 OTP / NV counters area (8 KB)
* 0x006C_B000 Unused
* 0x006C_0000 Protected Storage Area (64 KB)
* 0x006D_0000 Internal Trusted Storage Area (64 KB)
* 0x006E_0000 OTP / NV counters area (8 KB)
* 0x006E_2000 Unused
*/

/* This header file is included from linker scatter file as well, where only a
Expand Down Expand Up @@ -143,11 +143,11 @@

/* Protected Storage (PS) Service definitions */
#define FLASH_PS_AREA_OFFSET (FLASH_AREA_SCRATCH_OFFSET + FLASH_AREA_SCRATCH_SIZE)
#define FLASH_PS_AREA_SIZE (0x5000) /* 20 KB */
#define FLASH_PS_AREA_SIZE (0x10000) /* 64 KB */

/* Internal Trusted Storage (ITS) Service definitions */
#define FLASH_ITS_AREA_OFFSET (FLASH_PS_AREA_OFFSET + FLASH_PS_AREA_SIZE)
#define FLASH_ITS_AREA_SIZE (0x4000) /* 16 KB */
#define FLASH_ITS_AREA_SIZE (0x10000) /* 64 KB */

/* OTP_definitions */
#define FLASH_OTP_NV_COUNTERS_AREA_OFFSET (FLASH_ITS_AREA_OFFSET + FLASH_ITS_AREA_SIZE)
Expand Down
41 changes: 36 additions & 5 deletions src/platform/openiotsdk/BUILD.gn
Original file line number Diff line number Diff line change
Expand Up @@ -22,14 +22,32 @@ assert(chip_device_platform == "openiotsdk")
declare_args() {
# Add Trusted Firmware-M (TF-M) support
chip_openiotsdk_use_tfm = false

# By default use flash block device storage
chip_openiotsdk_use_psa_ps = false
}

buildconfig_header("openiotsdk_buildconfig") {
header = "OpenIoTSDKConfig.h"
header_dir = "ois"

if (chip_openiotsdk_use_psa_ps) {
_chip_openiotsdk_kv_store_config_include =
"<platform/" + chip_device_platform + "/KVPsaPsStore.h>"
_chip_openiotsdk_persisted_storage_key_type = "uint64_t"
} else {
_chip_openiotsdk_kv_store_config_include =
"<platform/" + chip_device_platform + "/KVBlockDeviceStore.h>"
_chip_openiotsdk_persisted_storage_key_type = "const char *"
}

defines = [
"CHIP_OPEN_IOT_SDK_KV_STORE_CONFIG_INCLUDE=${_chip_openiotsdk_kv_store_config_include}",
"CHIP_CONFIG_PERSISTED_STORAGE_KEY_TYPE=${_chip_openiotsdk_persisted_storage_key_type}",
]

if (chip_openiotsdk_use_tfm) {
defines = [ "CHIP_OPEN_IOT_SDK_USE_TFM=1" ]
defines += [ "CHIP_OPEN_IOT_SDK_USE_TFM=1" ]
}
}

Expand All @@ -54,14 +72,27 @@ static_library("openiotsdk") {
"NetworkCommissioningEthernetDriver.cpp",
"OpenIoTSDKArchUtils.c",
"OpenIoTSDKArchUtils.h",
"OpenIoTSDKConfig.cpp",
"OpenIoTSDKConfig.h",
"OpenIoTSDKConfig.h",
"OpenIoTSDKPort.h",
"PlatformManagerImpl.cpp",
"PlatformManagerImpl.h",
"SystemPlatformConfig.h",
"SystemTimeSupport.cpp",
]

public_deps = [ "${chip_root}/src/platform:platform_base" ]
public_deps = [
":openiotsdk_buildconfig",
"${chip_root}/src/platform:platform_base",
]

if (chip_openiotsdk_use_psa_ps) {
sources += [
"KVPsaPsStore.cpp",
"KVPsaPsStore.h",
]
} else {
sources += [
"KVBlockDeviceStore.cpp",
"KVBlockDeviceStore.h",
]
}
}
2 changes: 2 additions & 0 deletions src/platform/openiotsdk/CHIPPlatformConfig.h
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@

#include <stdint.h>

#include <ois/OpenIoTSDKConfig.h>

// ==================== General Platform Adaptations ====================

#define CHIP_CONFIG_EXPECTED_LOW_PROCESSING_TIME 10
Expand Down
34 changes: 18 additions & 16 deletions src/platform/openiotsdk/ConfigurationManagerImpl.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -49,8 +49,10 @@ CHIP_ERROR ConfigurationManagerImpl::Init()
{
CHIP_ERROR err;

KVStoreConfig::Init();

// Initialize the generic implementation base class.
err = Internal::GenericConfigurationManagerImpl<OpenIoTSDKConfig>::Init();
err = Internal::GenericConfigurationManagerImpl<KVStoreConfig>::Init();
SuccessOrExit(err);

exit:
Expand All @@ -69,7 +71,7 @@ void ConfigurationManagerImpl::InitiateFactoryReset(void)

CHIP_ERROR ConfigurationManagerImpl::ReadPersistedStorageValue(::chip::Platform::PersistedStorage::Key key, uint32_t & value)
{
CHIP_ERROR err = ReadConfigValue(key, value);
CHIP_ERROR err = KVStoreConfig::ReadConfigValueCounter(key, value);
if (err == CHIP_DEVICE_ERROR_CONFIG_NOT_FOUND)
{
err = CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND;
Expand All @@ -79,73 +81,73 @@ CHIP_ERROR ConfigurationManagerImpl::ReadPersistedStorageValue(::chip::Platform:

CHIP_ERROR ConfigurationManagerImpl::WritePersistedStorageValue(::chip::Platform::PersistedStorage::Key key, uint32_t value)
{
return OpenIoTSDKConfig::WriteCounter(key, value);
return KVStoreConfig::WriteConfigValueCounter(key, value);
}

CHIP_ERROR ConfigurationManagerImpl::ReadConfigValue(Key key, bool & val)
{
return OpenIoTSDKConfig::ReadConfigValue(key, val);
return KVStoreConfig::ReadConfigValue(key, val);
}

CHIP_ERROR ConfigurationManagerImpl::ReadConfigValue(Key key, uint32_t & val)
{
return OpenIoTSDKConfig::ReadConfigValue(key, val);
return KVStoreConfig::ReadConfigValue(key, val);
}

CHIP_ERROR ConfigurationManagerImpl::ReadConfigValue(Key key, uint64_t & val)
{
return OpenIoTSDKConfig::ReadConfigValue(key, val);
return KVStoreConfig::ReadConfigValue(key, val);
}

CHIP_ERROR ConfigurationManagerImpl::ReadConfigValueStr(Key key, char * buf, size_t bufSize, size_t & outLen)
{
return OpenIoTSDKConfig::ReadConfigValueStr(key, buf, bufSize, outLen);
return KVStoreConfig::ReadConfigValueStr(key, buf, bufSize, outLen);
}

CHIP_ERROR ConfigurationManagerImpl::ReadConfigValueBin(Key key, uint8_t * buf, size_t bufSize, size_t & outLen)
{
return OpenIoTSDKConfig::ReadConfigValueBin(key, buf, bufSize, outLen);
return KVStoreConfig::ReadConfigValueBin(key, buf, bufSize, outLen);
}

CHIP_ERROR ConfigurationManagerImpl::WriteConfigValue(Key key, bool val)
{
return OpenIoTSDKConfig::WriteConfigValue(key, val);
return KVStoreConfig::WriteConfigValue(key, val);
}

CHIP_ERROR ConfigurationManagerImpl::WriteConfigValue(Key key, uint32_t val)
{
return OpenIoTSDKConfig::WriteConfigValue(key, val);
return KVStoreConfig::WriteConfigValue(key, val);
}

CHIP_ERROR ConfigurationManagerImpl::WriteConfigValue(Key key, uint64_t val)
{
return OpenIoTSDKConfig::WriteConfigValue(key, val);
return KVStoreConfig::WriteConfigValue(key, val);
}

CHIP_ERROR ConfigurationManagerImpl::WriteConfigValueStr(Key key, const char * str)
{
return OpenIoTSDKConfig::WriteConfigValueStr(key, str);
return KVStoreConfig::WriteConfigValueStr(key, str);
}

CHIP_ERROR ConfigurationManagerImpl::WriteConfigValueStr(Key key, const char * str, size_t strLen)
{
return OpenIoTSDKConfig::WriteConfigValueStr(key, str, strLen);
return KVStoreConfig::WriteConfigValueStr(key, str, strLen);
}

CHIP_ERROR ConfigurationManagerImpl::WriteConfigValueBin(Key key, const uint8_t * data, size_t dataLen)
{
return OpenIoTSDKConfig::WriteConfigValueBin(key, data, dataLen);
return KVStoreConfig::WriteConfigValueBin(key, data, dataLen);
}

void ConfigurationManagerImpl::RunConfigUnitTest(void)
{
OpenIoTSDKConfig::RunConfigUnitTest();
KVStoreConfig::RunConfigUnitTest();
}

void ConfigurationManagerImpl::DoFactoryReset(intptr_t arg)
{
ChipLogProgress(DeviceLayer, "Performing factory reset");
const CHIP_ERROR err = OpenIoTSDKConfig::FactoryResetConfig();
const CHIP_ERROR err = KVStoreConfig::FactoryResetConfig();
if (err != CHIP_NO_ERROR)
{
ChipLogError(DeviceLayer, "FactoryResetConfig() failed: %s", ErrorStr(err));
Expand Down
5 changes: 3 additions & 2 deletions src/platform/openiotsdk/ConfigurationManagerImpl.h
Original file line number Diff line number Diff line change
Expand Up @@ -25,15 +25,16 @@
#pragma once

#include <platform/internal/GenericConfigurationManagerImpl.h>
#include <platform/openiotsdk/OpenIoTSDKConfig.h>

#include CHIP_OPEN_IOT_SDK_KV_STORE_CONFIG_INCLUDE

namespace chip {
namespace DeviceLayer {

/**
* Concrete implementation of the ConfigurationManager singleton object for the Zephyr platform.
*/
class ConfigurationManagerImpl : public Internal::GenericConfigurationManagerImpl<Internal::OpenIoTSDKConfig>
class ConfigurationManagerImpl : public Internal::GenericConfigurationManagerImpl<KVStoreConfig>
{

public:
Expand Down
Loading

0 comments on commit 20b8702

Please sign in to comment.