App housekeeping + Add support for DISCO_F429ZI and EFM32GG_STK3700

README.md

@@ -20,9 +20,11 @@ As usual, all the code/data that is not protected by a secure box ends up in the
 
 Supported devices:
 
-| Target | Toolchain | Baud rate |
-|--------|-----------|-----------|
-| `K64F` | `GCC_ARM` | 9600      |
+| Target            | Toolchain | Baud rate |
+|-------------------|-----------|-----------|
+| `K64F`            | `GCC_ARM` | 9600      |
+| `DISCO_F429ZI`    | `GCC_ARM` | 9600      |
+| `EFM32GG_STK3700` | `GCC_ARM` | 9600      |
 
 Latest release: [mbed-os-5.4.x](https://github.com/ARMmbed/mbed-os-example-uvisor/releases/tag/latest). Tested with [mbed-cli v1.0.0](https://github.com/ARMmbed/mbed-cli/releases/tag/1.0.0).
 

mbed-os.lib

@@ -1 +1 @@
-https://github.com/ARMmbed/mbed-os/#fc1836545dcc2fc86f03b01292b62bf2089f67c3
+https://github.com/ARMmbed/mbed-os/#92fbf2a9b3988d430482fc25a6077f2462e2a634

source/client_a.cpp

@@ -33,15 +33,11 @@ static void client_a_main(const void *);
  * This box has a smaller interrupt and main thread stack sizes as we do nothing
  * special in them. */
 UVISOR_BOX_NAMESPACE("client_a");
-UVISOR_BOX_HEAPSIZE(3072);
+UVISOR_BOX_HEAPSIZE(4096);
 UVISOR_BOX_MAIN(client_a_main, osPriorityNormal, 768);
 UVISOR_BOX_CONFIG(secure_number_client_a, acl, 512, box_context);
 
-/* FIXME: The guard is needed for backwards-compatibility reasons. Remove it
- *        when mbed OS is updated. */
-#ifdef __uvisor_ctx
 #define uvisor_ctx ((box_context *) __uvisor_ctx)
-#endif
 
 static uint32_t get_a_number()
 {
@@ -71,7 +67,7 @@ static void box_async_runner(void)
             }
         }
 
-        Thread::wait(5000);
+        Thread::wait(7000);
     }
 }
 
@@ -88,6 +84,8 @@ static void box_sync_runner(void)
 
 static void client_a_main(const void *)
 {
+    Thread::wait(1000);
+
     /* Create new threads. */
     /* Note: The stack must be at least 1kB since threads will use printf. */
     Thread sync(osPriorityNormal, 1024, NULL);

source/client_b.cpp

@@ -38,11 +38,7 @@ UVISOR_BOX_HEAPSIZE(3072);
 UVISOR_BOX_MAIN(client_b_main, osPriorityNormal, 1024);
 UVISOR_BOX_CONFIG(secure_number_client_b, acl, 512, box_context);
 
-/* FIXME: The guard is needed for backwards-compatibility reasons. Remove it
- *        when mbed OS is updated. */
-#ifdef __uvisor_ctx
 #define uvisor_ctx ((box_context *) __uvisor_ctx)
-#endif
 
 static uint32_t get_a_number()
 {
@@ -52,6 +48,8 @@ static uint32_t get_a_number()
 
 static void client_b_main(const void *)
 {
+    Thread::wait(2000);
+
     /* The entire box code runs in its main thread. */
     while (1) {
         uvisor_rpc_result_t result;
@@ -76,6 +74,6 @@ static void client_b_main(const void *)
         number = secure_number_get_number();
         shared_pc.printf("client_b: Attempt to read : 0x%08X (granted)\r\n", (unsigned int) number);
 
-        Thread::wait(3000);
+        Thread::wait(7000);
     }
 }

source/main-hw.h

@@ -25,8 +25,13 @@ extern Serial shared_pc;
 
 #if defined(TARGET_K64F)
 
-#define LED_ON  false
-#define LED_OFF true
+#define MAIN_LED           LED1
+#define SECURE_LED         LED2
+#define LED_ON             false
+#define LED_OFF            true
+#define SECURE_SWITCH      SW2
+#define SECURE_SWITCH_PULL PullUp
+#define SHARED_SERIAL_BAUD 9600
 
 #define MAIN_ACL(acl_list_name) \
     static const UvisorBoxAclItem acl_list_name[] = {     \
@@ -47,6 +52,58 @@ extern Serial shared_pc;
         {SPI0,   sizeof(*SPI0),   UVISOR_TACLDEF_PERIPH}, \
     }
 
+#elif defined(TARGET_EFM32GG_STK3700)
+
+#define MAIN_LED           LED1
+#define SECURE_LED         LED2
+#define LED_ON             true
+#define LED_OFF            false
+#define SECURE_SWITCH      SW0
+#define SECURE_SWITCH_PULL PullUp
+#define SHARED_SERIAL_BAUD 115200
+
+#define MAIN_ACL(acl_list_name) \
+    static const UvisorBoxAclItem acl_list_name[] = {     \
+        {CMU,                 sizeof(*CMU),    UVISOR_TACLDEF_PERIPH}, \
+        {MSC,                 sizeof(*MSC),    UVISOR_TACLDEF_PERIPH}, \
+        {GPIO,                sizeof(*GPIO),   UVISOR_TACLDEF_PERIPH}, \
+        {TIMER0,              sizeof(*TIMER0), UVISOR_TACLDEF_PERIPH}, \
+        {UART0,               sizeof(*UART0),  UVISOR_TACLDEF_PERIPH}, \
+        {(void *) 0x0FE08000, 0x1000,          UVISOR_TACLDEF_PERIPH}, \
+        {(void *) 0x42000000, 0x2000000,       UVISOR_TACLDEF_PERIPH}, \
+    }
+
+#elif defined(TARGET_DISCO_F429ZI)
+
+#define MAIN_LED           LED1
+#define SECURE_LED         LED2
+#define LED_ON             true
+#define LED_OFF            false
+#define SECURE_SWITCH      USER_BUTTON
+#define SECURE_SWITCH_PULL PullDown
+#define SHARED_SERIAL_BAUD 9600
+
+#define MAIN_ACL(acl_list_name) \
+    static const UvisorBoxAclItem acl_list_name[] = {     \
+        {GPIOA,               sizeof(*GPIOA),  UVISOR_TACLDEF_PERIPH}, \
+        {GPIOB,               sizeof(*GPIOB),  UVISOR_TACLDEF_PERIPH}, \
+        {GPIOC,               sizeof(*GPIOC),  UVISOR_TACLDEF_PERIPH}, \
+        {GPIOD,               sizeof(*GPIOD),  UVISOR_TACLDEF_PERIPH}, \
+        {GPIOE,               sizeof(*GPIOE),  UVISOR_TACLDEF_PERIPH}, \
+        {RTC,                 sizeof(*RTC),    UVISOR_TACLDEF_PERIPH}, \
+        {TIM5,                sizeof(*TIM5),   UVISOR_TACLDEF_PERIPH}, \
+        {USART1,              sizeof(*USART1), UVISOR_TACLDEF_PERIPH}, \
+        {I2C1,                sizeof(*I2C1),   UVISOR_TACLDEF_PERIPH}, \
+        {SPI1,                sizeof(*SPI1),   UVISOR_TACLDEF_PERIPH}, \
+        {RCC,                 sizeof(*RCC),    UVISOR_TACLDEF_PERIPH}, \
+        {FLASH,               sizeof(*FLASH),  UVISOR_TACLDEF_PERIPH}, \
+        {PWR,                 sizeof(*PWR),    UVISOR_TACLDEF_PERIPH}, \
+        {EXTI,                sizeof(*EXTI),   UVISOR_TACLDEF_PERIPH}, \
+        {GPIOG,               sizeof(*GPIOG),  UVISOR_TACLDEF_PERIPH}, \
+        {SYSCFG,              sizeof(*SYSCFG), UVISOR_TACLDEF_PERIPH}, \
+        {(void *) 0x42000000, 0x01000000,      UVISOR_TACLDEF_PERIPH}, \
+    }
+
 #else /* Target-specific settings */
 
 #error "Unsupported target. Checkout the README.md file for the list of supported targets for this app."

source/main.cpp

@@ -26,13 +26,19 @@
 MAIN_ACL(g_main_acl);
 /* Enable uVisor. */
 UVISOR_SET_MODE_ACL(UVISOR_ENABLED, g_main_acl);
-UVISOR_SET_PAGE_HEAP(8 * 1024, 5);
+UVISOR_SET_PAGE_HEAP(1 * 1024, 1);
+
+/* Targets with an ARMv7-M MPU needs this space adjustment to prevent a runtime
+ * memory overflow error. The code below has been output directly by uVisor. */
+#if defined(TARGET_EFM32GG_STK3700) || defined(TARGET_DISCO_F429ZI)
+uint8_t __attribute__((section(".keep.uvisor.bss.boxes"), aligned(32))) __boxes_overhead[8064];
+#endif
 
 DigitalOut led_red(LED1);
 DigitalOut led_green(LED2);
 DigitalOut led_blue(LED3);
 
-Serial shared_pc(USBTX, USBRX);
+Serial shared_pc(USBTX, USBRX, SHARED_SERIAL_BAUD);
 
 static uint32_t get_a_number()
 {
@@ -62,7 +68,7 @@ static void main_async_runner(void)
             }
         }
 
-        Thread::wait(13000);
+        Thread::wait(7000);
     }
 }
 
@@ -73,7 +79,7 @@ static void main_sync_runner(void)
         const uint32_t number = secure_number_get_number();
         shared_pc.printf("public  : Attempt to read : 0x%08X (granted)\r\n", (unsigned int) number);
 
-        Thread::wait(11000);
+        Thread::wait(7000);
     }
 }
 

source/secure_number.cpp

@@ -36,14 +36,10 @@ static int set_number(uint32_t number);
 /* Box configuration */
 UVISOR_BOX_NAMESPACE(NULL);
 UVISOR_BOX_HEAPSIZE(3072);
-UVISOR_BOX_MAIN(number_store_main, osPriorityNormal, UVISOR_BOX_STACK_SIZE);
-UVISOR_BOX_CONFIG(box_number_store, acl, UVISOR_BOX_STACK_SIZE, box_context);
+UVISOR_BOX_MAIN(number_store_main, osPriorityNormal, 1024);
+UVISOR_BOX_CONFIG(box_number_store, acl, 512, box_context);
 
-/* FIXME: The guard is needed for backwards-compatibility reasons. Remove it
- *        when mbed OS is updated. */
-#ifdef __uvisor_ctx
 #define uvisor_ctx ((box_context *) __uvisor_ctx)
-#endif
 
 /* Gateways */
 UVISOR_BOX_RPC_GATEWAY_SYNC (box_number_store, secure_number_get_number, get_number, uint32_t, void);

source/secure_number.h

@@ -14,15 +14,14 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-#ifndef SECURE_NUMBER_H
-#define SECURE_NUMBER_H
+#ifndef __SECURE_NUMBER_H__
+#define __SECURE_NUMBER_H__
 
 #include "uvisor-lib/uvisor-lib.h"
 #include <stdint.h>
 
-
 UVISOR_EXTERN uint32_t (*secure_number_get_number)(void);
 
 UVISOR_EXTERN uvisor_rpc_result_t (*secure_number_set_number)(uint32_t number);
 
-#endif  /* SECURE_NUMBER_H */
+#endif  /* __SECURE_NUMBER_H__ */

test/filters.json

@@ -1,6 +1,6 @@
 {
     "blacklist" : [ {
-        "platforms" : ["EFM32GG_STK3700", "DISCO_F429ZI"]
+        "platforms" : []
         }
     ]
 }

test/log.txt

@@ -1,13 +1,12 @@
-
-***** uVisor secure number store example *****
-vault   : Only client_a can write into the vault
-vault   : All clients can read the vault
-client_b: Attempt to write  0xFFFFFED4 (denied)
-client_a: Attempt to read : 0x00000000 (granted)
-client_a: Attempt to write  0xFFFFFE0C (granted)
-public  : Attempt to read : 0xFFFFFE0C (granted)
-public  : Attempt to write  0x00000019 (denied)
-client_b: Attempt to read : 0xFFFFFE0C (granted)
-client_a: Attempt to read : 0xFFFFFE0C (granted)
-client_a: Attempt to write  0xFFFFFC18 (granted)
-public  : Attempt to read : 0xFFFFFC18 (granted)
+
+***** uVisor secure number store example *****
+vault   : Only client_a can write into the vault
+vault   : All clients can read the vault
+public  : Attempt to read : 0x00000000 (granted)
+public  : Attempt to write  0x00000019 (denied)
+client_a: Attempt to read : 0x00000000 (granted)
+client_a: Attempt to write  0xFFFFFE0C (granted)
+client_b: Attempt to write  0xFFFFFED4 (denied)
+public  : Attempt to read : 0xFFFFFE0C (granted)
+client_b: Attempt to read : 0xFFFFFE0C (granted)
+public  : Attempt to write  0xFFFFFE89 (denied)