pal: new mfg data processing flow

[KRKNWK-18440] Signed-off-by: Krzysztof Taborowski <[email protected]> config: move mfg configs to kconfig [KRKNWK-18440] Signed-off-by: Krzysztof Taborowski <[email protected]> pal: fix mfg module for sample tbd Signed-off-by: Krzysztof Taborowski <[email protected]> pal: fix dut build tbd Signed-off-by: Krzysztof Taborowski <[email protected]> tlv: fix flash write add test to parser Signed-off-by: Robert Gałat <[email protected]> mfg: fix on_dev_cert on_dev_cert use tlv to store mfg Signed-off-by: Robert Gałat <[email protected]> pal: add description review Signed-off-by: Krzysztof Taborowski <[email protected]> pal: fix minor name issues review Signed-off-by: Krzysztof Taborowski <[email protected]> pal: fix version check in mfg fix condition Signed-off-by: Krzysztof Taborowski <[email protected]> tests: fix partition manager issues in tests rerevert - to be squashed Signed-off-by: Krzysztof Taborowski <[email protected]> tests: fix pal validation tests psa storage isn't properly initlized in this test so it will fail on deinitlizaing Signed-off-by: Krzysztof Taborowski <[email protected]> mfg: review mfg_storage finding fix fix findings Signed-off-by: Robert Gałat <[email protected]> samples: add test config with no secure key storage [KRKNWK-19108] Signed-off-by: Krzysztof Taborowski <[email protected]> pal: fix version check fix typo Signed-off-by: Krzysztof Taborowski <[email protected]> pal: refactor mfg version get review Signed-off-by: Krzysztof Taborowski <[email protected]>
nrfconnect · Sep 4, 2024 · e772e20 · e772e20
1 parent 2aed5b4
commit e772e20
Show file tree

Hide file tree

Showing 46 changed files with 2,757 additions and 771 deletions.
diff --git a/Kconfig b/Kconfig
@@ -11,6 +11,8 @@ menuconfig SIDEWALK
 if SIDEWALK
 
 # General
+config MAIN_STACK_SIZE
+	default 2048
 
 config SIDEWALK_SUBGHZ_SUPPORT
 	bool "Enable Sub-GHz link type support in Sidewalk libraries"
@@ -84,8 +86,8 @@ config SIDEWALK_THREAD_PRIORITY
 
 config SIDEWALK_HEAP_SIZE
 	int "Heap size for Sidewalk utils"
-	default 1024 if SIDEWALK_ACE_OSAL_ZEPHYR
-	default 0
+	default 5120 if SIDEWALK_ACE_OSAL_ZEPHYR
+	default 4096
 	help
 	  Set the heap size for dynamic memory alocation in Sidewalk.
 
@@ -211,6 +213,20 @@ config SIDEWALK_ON_DEV_CERT
 	bool "Enable Sidewalk on device certification"
 	depends on SHELL
 
+config DEPRECATED_SIDEWALK_MFG_STORAGE
+	bool "Enable previous implementation of manufacturing module [DEPREACATED]"
+	imply FLASH
+	help
+	  Previous Sidewalk manufacturing storage module
+	  This implementation is DEPRECATED
+
+config SIDEWALK_MFG_STORAGE_SUPPORT_HEX_v7
+	bool "Enable support for old Sidewalk manufaturing hex format"
+	help
+	  Sidewalk manifactuing module uses version 8, with tlv format
+	  Old fromats - version7 and before, are based on memory offsets
+	  and will be supported after enablig this configuration
+
 config SIDEWALK_CRYPTO_PSA_KEY_STORAGE
 	bool "Enable psa crypto storage for persistent Sidewalk keys [EXPERIMENTAL]"
 	default SIDEWALK
@@ -224,3 +240,7 @@ rsource "Kconfig.dependencies"
 rsource "utils/Kconfig"
 
 endif # SIDEWALK
+
+config SIDEWALK_MFG_PARSER_MAX_ELEMENT_SIZE
+	int "Max size of element in MFG"
+	default 64
diff --git a/Kconfig.dependencies b/Kconfig.dependencies
@@ -115,26 +115,23 @@ config SIDEWALK_LOG
 	help
 	  Sidewalk log module
 
-config SIDEWALK_GENERATE_VERSION_MINIMAL
-	bool
-	default SIDEWALK
-	help
-	  Generate minimal information of application version (sidewalk, zephyr, nrf).
-	  In order to generate full version report from all modules set this config to `N`.
-
 config SIDEWALK_MFG_STORAGE
 	bool
-	default SIDEWALK
+	default SIDEWALK && !DEPRECATED_SIDEWALK_MFG_STORAGE
 	imply FLASH
+	imply FPROTECT
+	imply SIDEWALK_TLV
+	imply SIDEWALK_TLV_FLASH
+	imply SIDEWALK_TLV_RAM
 	help
 	  Sidewalk manufacturing storage module
+	  Supports: tlv parser, secure key storage and memory protection
 
-config SIDEWALK_MFG_STORAGE_WRITE
+config SIDEWALK_MFG_STORAGE_DIAGNOSTIC
 	bool
-	default SIDEWALK_ON_DEV_CERT
-	depends on SIDEWALK_MFG_STORAGE
+	depends on SIDEWALK_MFG_STORAGE || DEPRECATED_SIDEWALK_MFG_STORAGE
 	help
-	  Enable write functionality to mfg storage
+	  Enable mfg storage diagnostic functionalities
 
 config SIDEWALK_STORAGE
 	bool

diff --git a/samples/sid_end_device/sample.yaml b/samples/sid_end_device/sample.yaml
@@ -60,3 +60,10 @@ tests:
     extra_args:
       OVERLAY_CONFIG="overlay-dut.conf"
     tags: Sidewalk cli
+
+  sample.sidewalk.dut.no_secure:
+    extra_args:
+      OVERLAY_CONFIG="overlay-dut.conf"
+    extra_configs:
+      - CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE=n
+    tags: Sidewalk cli no_secure
diff --git a/samples/sid_end_device/src/cli/app_dut.c b/samples/sid_end_device/src/cli/app_dut.c
@@ -31,7 +31,7 @@ static uint32_t dut_ctx_get_uint32(void *ctx)
 void dut_event_init(sidewalk_ctx_t *sid, void *ctx)
 {
 	sid->config.link_mask = dut_ctx_get_uint32(ctx);
-	if (app_mfg_cfg_is_valid()) {
+	if (app_mfg_cfg_is_empty()) {
 		LOG_ERR("The mfg.hex version mismatch");
 		LOG_ERR("Check if the file has been generated and flashed properly");
 		LOG_ERR("START ADDRESS: 0x%08x", APP_MFG_CFG_FLASH_START);

diff --git a/samples/sid_end_device/src/sidewalk_events.c b/samples/sid_end_device/src/sidewalk_events.c
@@ -86,7 +86,7 @@ void sidewalk_event_platform_init(sidewalk_ctx_t *sid, void *ctx)
 		LOG_ERR("Sidewalk Platform Init err:  %d (%s)", (int)e, SID_ERROR_T_STR(e));
 		return;
 	}
-	if (app_mfg_cfg_is_valid()) {
+	if (app_mfg_cfg_is_empty()) {
 		LOG_ERR("The mfg.hex version mismatch");
 		LOG_ERR("Check if the file has been generated and flashed properly");
 		LOG_ERR("START ADDRESS: 0x%08x", APP_MFG_CFG_FLASH_START);
@@ -101,7 +101,7 @@ void sidewalk_event_autostart(sidewalk_ctx_t *sid, void *ctx)
 		LOG_INF("Sidewlak is already running");
 		return;
 	}
-	if (app_mfg_cfg_is_valid()) {
+	if (app_mfg_cfg_is_empty()) {
 		LOG_ERR("The mfg.hex version mismatch");
 		LOG_ERR("Check if the file has been generated and flashed properly");
 		LOG_ERR("START ADDRESS: 0x%08x", APP_MFG_CFG_FLASH_START);

diff --git a/subsys/sal/common/sid_on_dev_cert/sid_on_dev_cert.c b/subsys/sal/common/sid_on_dev_cert/sid_on_dev_cert.c
@@ -25,7 +25,6 @@
 
 #include <stdlib.h>
 #include <string.h>
-#include <sys/_stdint.h>
 
 #include <zephyr/kernel.h>
 #include <zephyr/sys/byteorder.h>
@@ -640,17 +639,7 @@ sid_error_t sid_on_dev_cert_verify_and_store(void)
 		goto exit;
 	}
 
-	/*
-     * First of all, we need to write the MFG version.
-     * This will determine the storage format: static offsets or TLV
-     */
-	uint32_t mfg_version;
-
-	if (sid_pal_mfg_store_is_tlv_support()) {
-		mfg_version = sid_htonl(SID_PAL_MFG_STORE_TLV_VERSION);
-	} else {
-		mfg_version = sid_htonl(SID_PAL_MFG_STORE_FIXED_OFFSETS_VERSION);
-	}
+	uint32_t mfg_version = sid_htonl(SID_PAL_MFG_STORE_TLV_VERSION);
 
 	result = sid_pal_mfg_store_write(SID_PAL_MFG_STORE_VERSION, (uint8_t *)&mfg_version,
 					 SID_PAL_MFG_STORE_VERSION_SIZE);
@@ -661,24 +650,23 @@ sid_error_t sid_on_dev_cert_verify_and_store(void)
 		goto exit;
 	}
 
-#ifdef CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE
-	memset(context->device_ed25519_prk, 0, SID_ODC_ED25519_PRK_SIZE);
-	memset(context->device_p256r1_prk, 0, SID_ODC_P256R1_PRK_SIZE);
-#endif /* CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE */
-
 	status = write_to_mfg_store(SID_PAL_MFG_STORE_SMSN, context->smsn, SID_ODC_SMSN_SIZE) &&
 		 write_to_mfg_store(SID_PAL_MFG_STORE_APID, context->apid,
 				    SID_PAL_MFG_STORE_APID_SIZE) &&
 		 write_to_mfg_store(SID_PAL_MFG_STORE_APP_PUB_ED25519, context->app_key,
 				    SID_ODC_ED25519_PUK_SIZE) &&
+#ifdef CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE
 		 write_to_mfg_store(SID_PAL_MFG_STORE_DEVICE_PRIV_ED25519,
 				    context->device_ed25519_prk, SID_ODC_ED25519_PRK_SIZE) &&
+#endif
 		 write_to_mfg_store(SID_PAL_MFG_STORE_DEVICE_PUB_ED25519,
 				    context->device_ed25519_puk, SID_ODC_ED25519_PUK_SIZE) &&
 		 write_to_mfg_store(SID_PAL_MFG_STORE_DEVICE_PUB_ED25519_SIGNATURE,
 				    context->device_ed25519_sig, SID_ODC_SIGNATURE_SIZE) &&
+#ifdef CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE
 		 write_to_mfg_store(SID_PAL_MFG_STORE_DEVICE_PRIV_P256R1,
 				    context->device_p256r1_prk, SID_ODC_P256R1_PRK_SIZE) &&
+#endif
 		 write_to_mfg_store(SID_PAL_MFG_STORE_DEVICE_PUB_P256R1, context->device_p256r1_puk,
 				    SID_ODC_P256R1_PUK_SIZE) &&
 		 write_to_mfg_store(SID_PAL_MFG_STORE_DEVICE_PUB_P256R1_SIGNATURE,

diff --git a/...s/sid_end_device/include/app_mfg_config.h → subsys/sal/sid_pal/include/app_mfg_config.h b/...s/sid_end_device/include/app_mfg_config.h → subsys/sal/sid_pal/include/app_mfg_config.h
@@ -18,7 +18,7 @@
 
 #define EMPTY_MFG_HEX_PARTITION (0xFFFFFFFF)
 
-static inline bool app_mfg_cfg_is_valid(void)
+static inline bool app_mfg_cfg_is_empty(void)
 {
 	return sid_pal_mfg_store_get_version() == EMPTY_MFG_HEX_PARTITION;
 }
diff --git a/subsys/sal/sid_pal/include/sid_crypto_keys.h b/subsys/sal/sid_pal/include/sid_crypto_keys.h
@@ -49,6 +49,8 @@ int sid_crypto_keys_new_import(psa_key_id_t id, uint8_t *data, size_t size);
  * @note key value under given key id will be overwritten.
  * 
  * @param id [in] Key id to generate new.
+ * @param puk [in] Buffer with raw key value.
+ * @param puk_size [in] Size of buffer with rew kay value.
  * @return 0 on success, or -errno on failure.
  */
 int sid_crypto_keys_new_generate(psa_key_id_t id, uint8_t *puk, size_t puk_size);

diff --git a/subsys/sal/sid_pal/include/sid_mfg_hex_parsers.h b/subsys/sal/sid_pal/include/sid_mfg_hex_parsers.h
@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2024 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+ */
+#include <tlv/tlv.h>
+#include <sid_pal_mfg_store_ifc.h>
+
+#define MFG_FLAGS_TYPE_ID SID_PAL_MFG_STORE_VALUE_MAX - 1
+struct mfg_flags {
+	uint8_t unused_bits : 6;
+	uint8_t keys_in_psa : 1;
+	uint8_t initialized : 1;
+	uint8_t unused[3];
+};
+
+#define MFG_HEADER_MAGIC "SID0"
+#define MFG_HEADER_MAGIC_SIZE sizeof(MFG_HEADER_MAGIC) - 1
+#define REPORTED_VERSION SID_PAL_MFG_STORE_TLV_VERSION
+
+#define INVALID_VERSION 0xFFFFFFFF
+struct mfg_header {
+	uint8_t magic_string[MFG_HEADER_MAGIC_SIZE];
+	uint8_t raw_version[SID_PAL_MFG_STORE_VERSION_SIZE];
+};
+
+/**
+ * @brief Parse content of the manufacturing partition v8, and write it as tlv.
+ * The TLV will replace raw manufacturing partition
+ * 
+ * @param tlv [IN/OUT] configuration for tlv
+ * @return int 0 on success, -ERRNO on error
+ */
+int parse_mfg_raw_tlv(tlv_ctx *tlv);
+
+/**
+ * @brief Parse content of the manufacturing partition v7, and write it as tlv.
+ * The TLV will replace raw manufacturing partition
+ * 
+ * @param tlv [IN/OUT] configuration for tlv
+ * @return int 0 on success, -ERRNO on error
+ */
+int parse_mfg_const_offsets(tlv_ctx *tlv);
diff --git a/subsys/sal/sid_pal/src/CMakeLists.txt b/subsys/sal/sid_pal/src/CMakeLists.txt
@@ -35,7 +35,9 @@ zephyr_library_sources_ifdef(CONFIG_SIDEWALK_LOGGING_SERVICE sid_ble_log_service
 zephyr_library_sources_ifdef(CONFIG_SIDEWALK_CRYPTO sid_crypto.c)
 zephyr_library_sources_ifdef(CONFIG_SIDEWALK_CRYPTO_PSA_KEY_STORAGE sid_crypto_keys.c)
 
-zephyr_library_sources_ifdef(CONFIG_SIDEWALK_MFG_STORAGE sid_mfg_storage.c)
+zephyr_library_sources_ifdef(CONFIG_SIDEWALK_MFG_STORAGE sid_mfg_storage.c sid_mfg_hex_v8.c)
+zephyr_library_sources_ifdef(CONFIG_SIDEWALK_MFG_STORAGE_SUPPORT_HEX_v7 sid_mfg_hex_v7.c)
+zephyr_library_sources_ifdef(CONFIG_DEPRECATED_SIDEWALK_MFG_STORAGE sid_mfg_storage_deprecated.c)
 
 zephyr_library_sources_ifdef(CONFIG_SIDEWALK_STORAGE sid_storage.c)