Conditional inclusion of secure services: Storage, Crypto, Attestation
Open, HighPublic

Description

CMSIS-pack concept is based on software components and we have described each secure service as a single component that is user selectable. This requires conditional inclusion of a secure service based on preprocessor definitions.

TF-M already supports this for secure services Audit Logging (#ifdef TFM_PARTITION_AUDIT_LOG) and Platform (#ifdef TFM_PARTITION_PLATFORM) and also for all test services (#ifdef TFM_PARTITION_TEST_...).

We suggest to add this also to secure services Storage (#ifdef TFM_PARTITION_STORAGE), Crypto (#ifdef TFM_PARTITION_CRYPTO) and Attestation (#ifdef TFM_PARTITION_INITIAL_ATTESTATION).

This would affect the following modules:
./secure_fw/services/tfm_partition_defs.inc
./secure_fw/services/tfm_service_list.inc
./secure_fw/services/tfm_spm_db.inc
./secure_fw/ns_callable/tfm_veneers.c
./interface/include/tfm_veneers.h

RobertRostohar triaged this task as High priority.
RobertRostohar added a project: Restricted Project.Oct 4 2019, 12:01 PM