Merge pull request ARMmbed#13594 from moshe-shahar/psa-gen-rot

adbridge · web-flow · commit ad973f2f142d · 2020-09-11T15:46:35.000+01:00
PSA - Generate root of trust before accessing kvstore
diff --git a/platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/its_ps/main.cpp b/platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/its_ps/main.cpp
@@ -36,7 +36,6 @@
 #include "KVStore.h"
 #include "kv_config.h"
 #include "psa_storage_common_impl.h"
-#include "DeviceKey.h"
 
 using namespace utest::v1;
 using namespace mbed;
@@ -219,9 +218,6 @@ utest::v1::status_t case_its_setup_handler(const Case *const source, const size_
         status = psa_ps_reset();
         TEST_ASSERT_EQUAL(PSA_SUCCESS, status);
     }
-#if DEVICEKEY_ENABLED
-    DeviceKey::get_instance().generate_root_of_trust();
-#endif
     return greentea_case_setup_handler(source, index_of_case);
 }
 
diff --git a/platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/storage/its/pits_impl.cpp b/platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/storage/its/pits_impl.cpp
@@ -23,6 +23,7 @@
 #include "pits_impl.h"
 #include "mbed_error.h"
 #include "mbed_toolchain.h"
+#include "DeviceKey.h"
 
 using namespace mbed;
 
@@ -71,6 +72,10 @@ static void its_init(void)
         error("Failed getting kvstore instance\n");
     }
 
+#if DEVICEKEY_ENABLED
+    DeviceKey::get_instance().generate_root_of_trust();
+#endif
+
     psa_storage_handle_version(kvstore, ITS_VERSION_KEY, &version, its_version_migrate);
     initialized = true;
 }
diff --git a/platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/storage/ps/protected_storage.cpp b/platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/storage/ps/protected_storage.cpp
@@ -24,6 +24,7 @@
 #include "psa_storage_common_impl.h"
 #include "mbed_error.h"
 #include "mbed_toolchain.h"
+#include "DeviceKey.h"
 
 using namespace mbed;
 
@@ -69,6 +70,10 @@ static void ps_init(void)
         error("Failed getting kvstore instance\n");
     }
 
+#if DEVICEKEY_ENABLED
+    DeviceKey::get_instance().generate_root_of_trust();
+#endif
+
     psa_storage_handle_version(kvstore, PS_VERSION_KEY, &version, ps_version_migrate);
     initialized = true;
 }
@@ -149,7 +154,7 @@ psa_status_t psa_ps_remove(psa_storage_uid_t uid)
 
 extern "C" psa_status_t psa_ps_reset()
 {
-    // Do not call its_init here to avoid version check before reset
+    // Do not call ps_init here to avoid version check before reset
     int ret = kv_init_storage_config();
     if (ret) {
         // Can only happen due to system misconfiguration.
@@ -165,7 +170,12 @@ extern "C" psa_status_t psa_ps_reset()
         error("Failed getting kvstore instance\n");
     }
 
-    return psa_storage_reset_impl(kvstore);
+    psa_status_t psa_status = psa_storage_reset_impl(kvstore);
+    if (psa_status == PSA_SUCCESS) {
+        // force reinitialize to generate ROT and write version
+        initialized = false;
+    }
+    return psa_status;
 }
 
 #ifdef   __cplusplus
