From 3ee108c5ad8a704f8483f5f4a1bd2d7397f00e42 Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Thu, 16 Jan 2025 21:47:43 +0100 Subject: [PATCH 1/4] Update trussed to remove clients-? features This patch updates trussed to remove the need for the clients-? feature and manage the endpoints in the runner instead. --- Cargo.lock | 9 +- Cargo.toml | 4 +- components/apps/Cargo.toml | 17 +-- components/apps/src/lib.rs | 216 +++++++++++++++++----------- components/boards/src/init.rs | 10 +- components/boards/src/lib.rs | 6 + components/boards/src/runtime.rs | 5 +- runners/embedded/src/bin/app-lpc.rs | 18 ++- runners/embedded/src/bin/app-nrf.rs | 11 +- runners/embedded/src/nk3xn/init.rs | 6 +- runners/usbip/Cargo.toml | 2 +- 11 files changed, 184 insertions(+), 120 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 910eacb0..08f2bb21 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -182,6 +182,7 @@ dependencies = [ "heapless-bytes", "hex", "if_chain", + "interchange", "littlefs2-core", "ndef-app", "opcard", @@ -1779,9 +1780,9 @@ dependencies = [ [[package]] name = "littlefs2-core" -version = "0.1.0" +version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "250ec1e3017a4540932dc8b33daca325cb6195cded097e1addd9111d9ea2c48f" +checksum = "9a81a4745d38b288b7583fe8ea3736897628df81f4d0f1d0314fa5a3af570de4" dependencies = [ "bitflags 2.6.0", "heapless-bytes", @@ -3196,7 +3197,7 @@ dependencies = [ [[package]] name = "trussed" version = "0.1.0" -source = "git+https://github.com/trussed-dev/trussed.git?rev=6bba8fde36d05c0227769eb63345744e87d84b2b#6bba8fde36d05c0227769eb63345744e87d84b2b" +source = "git+https://github.com/trussed-dev/trussed.git?rev=805fe7657e79e06b3220324481cd6325b94877d7#805fe7657e79e06b3220324481cd6325b94877d7" dependencies = [ "aes", "bitflags 2.6.0", @@ -3408,7 +3409,7 @@ dependencies = [ [[package]] name = "trussed-usbip" version = "0.0.1" -source = "git+https://github.com/trussed-dev/pc-usbip-runner.git?rev=4fe4e4e287dac1d92fcd4f97e8926497bfa9d7a9#4fe4e4e287dac1d92fcd4f97e8926497bfa9d7a9" +source = "git+https://github.com/trussed-dev/pc-usbip-runner.git?rev=a0e9b855809577f0067a93e08c716aa285b03700#a0e9b855809577f0067a93e08c716aa285b03700" dependencies = [ "apdu-dispatch", "ctaphid-dispatch", diff --git a/Cargo.toml b/Cargo.toml index 2038868f..86a89458 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -18,8 +18,8 @@ memory-regions = { path = "components/memory-regions" } # unreleased libraries p256-cortex-m4 = { git = "https://github.com/ycrypto/p256-cortex-m4.git", rev = "cdb31e12594b4dc1f045b860a885fdc94d96aee2" } -trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "6bba8fde36d05c0227769eb63345744e87d84b2b" } -trussed-usbip = { git = "https://github.com/trussed-dev/pc-usbip-runner.git", rev = "4fe4e4e287dac1d92fcd4f97e8926497bfa9d7a9" } +trussed = { git = "https://github.com/trussed-dev/trussed.git", rev = "805fe7657e79e06b3220324481cd6325b94877d7" } +trussed-usbip = { git = "https://github.com/trussed-dev/pc-usbip-runner.git", rev = "a0e9b855809577f0067a93e08c716aa285b03700" } # applications admin-app = { git = "https://github.com/Nitrokey/admin-app.git", tag = "v0.1.0-nitrokey.19" } diff --git a/components/apps/Cargo.toml b/components/apps/Cargo.toml index 830ebac5..d6441e8e 100644 --- a/components/apps/Cargo.toml +++ b/components/apps/Cargo.toml @@ -11,6 +11,7 @@ ctaphid-dispatch = "0.2" embedded-hal = "0.2.7" heapless = "0.7" heapless-bytes = "0.3" +interchange = "0.3" se05x = { version = "0.1.1", optional = true} serde = { version = "1.0.180", default-features = false } trussed = { version = "0.1", default-features = false, features = ["crypto-client", "filesystem-client", "management-client", "serde-extensions", "ui-client"] } @@ -51,20 +52,14 @@ cbor-smol = "0.5" hex = "0.4" [features] -# client count = n + 1, where n is the number of activated optional -# applications except ndef-app: -# - admin-app is always enabled (+1) -# - ndef-app does not require a Trussed client (0) -# - all other optional apps require a Trussed client (+n) - # nk3 -nk3 = ["fido-authenticator", "ndef-app", "secrets-app", "opcard", "piv-authenticator", "factory-reset", "trussed/clients-5"] -nk3-test = ["nk3", "trussed/clients-5"] -nk3-provisioner = ["nk3", "provisioner-app", "trussed/clients-6"] +nk3 = ["fido-authenticator", "ndef-app", "secrets-app", "opcard", "piv-authenticator", "factory-reset"] +nk3-test = ["nk3"] +nk3-provisioner = ["nk3", "provisioner-app"] # nkpk -nkpk = ["fido-authenticator", "factory-reset", "trussed/clients-2"] -nkpk-provisioner = ["nkpk", "provisioner-app", "trussed/clients-3"] +nkpk = ["fido-authenticator", "factory-reset"] +nkpk-provisioner = ["nkpk", "provisioner-app"] # apps secrets-app = ["dep:secrets-app", "backend-auth", "trussed/chacha8-poly1305", "trussed/hmac-sha1", "trussed/hmac-sha256", "trussed/sha256"] diff --git a/components/apps/src/lib.rs b/components/apps/src/lib.rs index fca03987..0c29ad16 100644 --- a/components/apps/src/lib.rs +++ b/components/apps/src/lib.rs @@ -1,5 +1,8 @@ #![no_std] +#[cfg(feature = "trussed-usbip")] +extern crate alloc; + #[cfg(feature = "secrets-app")] const SECRETS_APP_CREDENTIALS_COUNT_LIMIT: u16 = 50; #[cfg(feature = "webcrypt")] @@ -28,11 +31,11 @@ use serde::{Deserialize, Serialize}; use trussed::{api::NotBefore, service::Filestore}; use trussed::{ backend::BackendId, - client::ClientBuilder, interrupt::InterruptFlag, + pipe::{ServiceEndpoint, TrussedChannel}, platform::Syscall, store::filestore::ClientFilestore, - types::{Location, Mechanism, Path}, + types::{CoreContext, Location, Mechanism, Path}, ClientImplementation, Platform, Service, }; @@ -45,8 +48,7 @@ use admin_app::{ConfigValueMut, ResetSignalAllocation}; use webcrypt::{PeekingBypass, Webcrypt}; mod dispatch; -use dispatch::Backend; -pub use dispatch::Dispatch; +pub use dispatch::{Backend, Dispatch, DispatchContext}; #[cfg(any(feature = "backend-auth", feature = "se050"))] pub use dispatch::AUTH_LOCATION; @@ -314,7 +316,7 @@ pub struct PivConfig { } pub trait Runner { - type Syscall: Syscall + 'static; + type Syscall: Syscall + Clone + 'static; type Reboot: Reboot; type Store: trussed::store::Store; @@ -343,6 +345,7 @@ pub struct Data { } type Client = ClientImplementation< + 'static, ::Syscall, Dispatch<::Twi, ::Se050Timer>, >; @@ -409,6 +412,58 @@ pub struct Apps { webcrypt: Option, WebcryptApp>>, } +const CLIENT_COUNT: usize = const { + // ndef is not listed here because it does not need a client + let clients = [ + cfg!(feature = "fido-authenticator"), + cfg!(feature = "opcard"), + cfg!(feature = "piv-authenticator"), + cfg!(feature = "provisioner-app"), + cfg!(feature = "secrets-app"), + cfg!(feature = "webcrypt"), + ]; + + let mut n = 0; + let mut i = 0; + while i < clients.len() { + if clients[i] { + n += 1; + } + i += 1; + } + n +}; + +pub type Endpoint = ServiceEndpoint<'static, Backend, DispatchContext>; +pub type Endpoints = Vec; + +pub struct ClientBuilder { + syscall: R::Syscall, + endpoints: Endpoints, +} + +impl ClientBuilder { + pub fn new(syscall: R::Syscall) -> Self { + Self { + syscall, + endpoints: Default::default(), + } + } + + fn client>(&mut self, runner: &R, config: &A::Config) -> Client { + let interrupt = A::interrupt(); + let backends = A::backends(runner, config); + let (requester, responder) = A::channel().split().unwrap(); + let context = CoreContext::with_interrupt(A::CLIENT_ID.into(), interrupt); + self.endpoints.push(Endpoint::new(responder, context, backends)).ok().unwrap(); + Client::::new(requester, self.syscall.clone(), interrupt) + } + + pub fn into_endpoints(self) -> Endpoints { + self.endpoints + } +} + const fn contains(data: &[Mechanism], item: Mechanism) -> bool { let mut i = 0; while i < data.len() { @@ -451,19 +506,13 @@ impl Apps { pub fn new( runner: &R, trussed_service: &mut Service>, - mut make_client: impl FnMut( - &mut Service>, - &'static Path, - &'static [BackendId], - Option<&'static InterruptFlag>, - ) -> Client, + client_builder: &mut ClientBuilder, data: Data, ) -> Self { const { validate_mechanisms(); } - let _ = (runner, &mut make_client); let Data { admin, #[cfg(feature = "fido-authenticator")] @@ -474,10 +523,8 @@ impl Apps { } = data; let (admin, init_status) = - Self::admin_app(runner, trussed_service, &mut make_client, admin); + Self::admin_app(runner, trussed_service, client_builder, admin); - let mut make_client = - |ids, backends, interrupt| make_client(trussed_service, ids, backends, interrupt); let migrated_successfully = !init_status.contains(InitStatus::MIGRATION_ERROR); #[cfg(feature = "opcard")] let config_has_error = init_status.contains(InitStatus::CONFIG_ERROR); @@ -487,27 +534,27 @@ impl Apps { // error occured. #[cfg(feature = "opcard")] let opcard = (!config_has_error && migrated_successfully) - .then(|| App::new(runner, &mut make_client, (), &admin.config().opcard)); + .then(|| App::new(runner, client_builder, (), &admin.config().opcard)); #[cfg(all(feature = "fido-authenticator", not(feature = "webcrypt")))] let fido = migrated_successfully - .then(|| App::new(runner, &mut make_client, fido, &admin.config().fido)); + .then(|| App::new(runner, client_builder, fido, &admin.config().fido)); #[cfg(feature = "webcrypt")] let webcrypt_fido_bypass = migrated_successfully.then(|| { PeekingBypass::new( - App::new(runner, &mut make_client, fido, &admin.config().fido), - App::new(runner, &mut make_client, (), &()), + App::new(runner, client_builder, fido, &admin.config().fido), + App::new(runner, client_builder, (), &()), ) }); #[cfg(feature = "secrets-app")] - let oath = migrated_successfully.then(|| App::new(runner, &mut make_client, (), &())); + let oath = migrated_successfully.then(|| App::new(runner, client_builder, (), &())); #[cfg(feature = "piv-authenticator")] - let piv = migrated_successfully.then(|| App::new(runner, &mut make_client, (), &())); + let piv = migrated_successfully.then(|| App::new(runner, client_builder, (), &())); #[cfg(feature = "provisioner-app")] - let provisioner = App::new(runner, &mut make_client, provisioner, &()); + let provisioner = App::new(runner, client_builder, provisioner, &()); Self { #[cfg(all(feature = "fido-authenticator", not(feature = "webcrypt")))] @@ -531,19 +578,13 @@ impl Apps { fn admin_app( runner: &R, trussed_service: &mut Service>, - make_client: impl FnOnce( - &mut Service>, - &'static Path, - &'static [BackendId], - Option<&'static InterruptFlag>, - ) -> Client, + client_builder: &mut ClientBuilder, mut data: AdminData, ) -> (AdminApp, InitStatus) { - let trussed = AdminApp::::client( - runner, - |id, backends, interrupt| make_client(trussed_service, id, backends, interrupt), - &(), - ); + #[cfg(not(feature = "se050"))] + let _ = trussed_service; + + let trussed = client_builder.client::>(runner, &()); // TODO: use CLIENT_ID directly let mut filestore = ClientFilestore::new(ADMIN_APP_CLIENT_ID.into(), data.store); let version = data.version.encode(); @@ -653,29 +694,6 @@ impl Apps { (app, data.init_status) } - pub fn with_service( - runner: &R, - trussed_service: &mut Service>, - data: Data, - ) -> Self - where - R::Syscall: Default, - { - Self::new( - runner, - trussed_service, - |trussed_service, id, backends, interrupt| { - ClientBuilder::new(id) - .backends(backends) - .interrupt(interrupt) - .prepare(trussed_service) - .unwrap() - .build(R::Syscall::default()) - }, - data, - ) - } - pub fn apdu_dispatch(&mut self, f: F) -> T where F: FnOnce(&mut [&mut dyn ApduApp]) -> T, @@ -765,21 +783,19 @@ where fn new( trussed_service: &mut Service, Dispatch>, + endpoints: &mut alloc::vec::Vec, syscall: trussed_usbip::Syscall, (runner, data): (R, Data), ) -> Self { - Self::new( + let mut client_builder = ClientBuilder::new(syscall); + let apps = Self::new( &runner, trussed_service, - move |trussed_service, id, backends, _| { - ClientBuilder::new(id) - .backends(backends) - .prepare(trussed_service) - .unwrap() - .build(syscall.clone()) - }, + &mut client_builder, data, - ) + ); + endpoints.extend(client_builder.into_endpoints()); + apps } fn with_ctaphid_apps( @@ -808,37 +824,19 @@ trait App: Sized { fn new( runner: &R, - make_client: impl FnOnce( - &'static Path, - &'static [BackendId], - Option<&'static InterruptFlag>, - ) -> Client, + client_builder: &mut ClientBuilder, data: Self::Data, config: &Self::Config, ) -> Self { - let client = Self::client(runner, make_client, config); + let client = client_builder.client::(runner, config); Self::with_client(runner, client, data, config) } - fn client( - runner: &R, - make_client: impl FnOnce( - &'static Path, - &'static [BackendId], - Option<&'static InterruptFlag>, - ) -> Client, - config: &Self::Config, - ) -> Client { - make_client( - Self::CLIENT_ID, - Self::backends(runner, config), - Self::interrupt(), - ) - } - fn with_client(runner: &R, trussed: Client, data: Self::Data, config: &Self::Config) -> Self; + fn channel() -> &'static TrussedChannel; + fn backends(runner: &R, config: &Self::Config) -> &'static [BackendId] { let _ = (runner, config); const BACKENDS_DEFAULT: &[BackendId] = &[]; @@ -962,6 +960,11 @@ impl App for AdminApp { unimplemented!(); } + fn channel() -> &'static TrussedChannel { + static CHANNEL: TrussedChannel = TrussedChannel::new(); + &CHANNEL + } + fn interrupt() -> Option<&'static InterruptFlag> { static INTERRUPT: InterruptFlag = InterruptFlag::new(); Some(&INTERRUPT) @@ -1017,6 +1020,12 @@ impl App for FidoApp { }, ) } + + fn channel() -> &'static TrussedChannel { + static CHANNEL: TrussedChannel = TrussedChannel::new(); + &CHANNEL + } + fn interrupt() -> Option<&'static InterruptFlag> { static INTERRUPT: InterruptFlag = InterruptFlag::new(); Some(&INTERRUPT) @@ -1045,6 +1054,12 @@ impl App for WebcryptApp { ), ) } + + fn channel() -> &'static TrussedChannel { + static CHANNEL: TrussedChannel = TrussedChannel::new(); + &CHANNEL + } + fn backends(runner: &R, _: &()) -> &'static [BackendId] { const BACKENDS_WEBCRYPT: &[BackendId] = &[ BackendId::Custom(Backend::SoftwareRsa), @@ -1075,12 +1090,19 @@ impl App for SecretsApp { ); Self::new(trussed, options) } + + fn channel() -> &'static TrussedChannel { + static CHANNEL: TrussedChannel = TrussedChannel::new(); + &CHANNEL + } + fn backends(runner: &R, _: &()) -> &'static [BackendId] { const BACKENDS_OATH: &[BackendId] = &[BackendId::Custom(Backend::Auth), BackendId::Core]; let _ = runner; BACKENDS_OATH } + fn interrupt() -> Option<&'static InterruptFlag> { static INTERRUPT: InterruptFlag = InterruptFlag::new(); Some(&INTERRUPT) @@ -1148,9 +1170,16 @@ impl App for OpcardApp { } Self::new(trussed, options) } + + fn channel() -> &'static TrussedChannel { + static CHANNEL: TrussedChannel = TrussedChannel::new(); + &CHANNEL + } + fn backends(_runner: &R, config: &OpcardConfig) -> &'static [BackendId] { config.backends() } + fn interrupt() -> Option<&'static InterruptFlag> { static INTERRUPT: InterruptFlag = InterruptFlag::new(); Some(&INTERRUPT) @@ -1170,6 +1199,12 @@ impl App for PivApp { piv_authenticator::Options::default().uuid(Some(runner.uuid())), ) } + + fn channel() -> &'static TrussedChannel { + static CHANNEL: TrussedChannel = TrussedChannel::new(); + &CHANNEL + } + fn backends(runner: &R, _: &()) -> &'static [BackendId] { const BACKENDS_PIV: &[BackendId] = &[ #[cfg(feature = "se050")] @@ -1180,6 +1215,7 @@ impl App for PivApp { let _ = runner; BACKENDS_PIV } + fn interrupt() -> Option<&'static InterruptFlag> { static INTERRUPT: InterruptFlag = InterruptFlag::new(); Some(&INTERRUPT) @@ -1212,6 +1248,12 @@ impl App for ProvisionerApp { data.rebooter, ) } + + fn channel() -> &'static TrussedChannel { + static CHANNEL: TrussedChannel = TrussedChannel::new(); + &CHANNEL + } + fn interrupt() -> Option<&'static InterruptFlag> { static INTERRUPT: InterruptFlag = InterruptFlag::new(); Some(&INTERRUPT) diff --git a/components/boards/src/init.rs b/components/boards/src/init.rs index 2dba8468..1dcbe9b1 100644 --- a/components/boards/src/init.rs +++ b/components/boards/src/init.rs @@ -4,7 +4,7 @@ use apdu_dispatch::{ }; #[cfg(any(feature = "trussed-auth", feature = "se050"))] use apps::AUTH_LOCATION; -use apps::{AdminData, Data, Dispatch, FidoData, InitStatus}; +use apps::{AdminData, ClientBuilder, Data, Dispatch, Endpoints, FidoData, InitStatus}; use ctaphid_dispatch::{Channel as CtapChannel, Dispatch as CtaphidDispatch}; #[cfg(not(feature = "no-delog"))] @@ -178,7 +178,7 @@ pub fn init_apps( nfc_powered: bool, version: Version, version_string: &'static str, -) -> Apps { +) -> (Apps, Endpoints) { let mut admin = AdminData::new(*store, B::Soc::VARIANT, version, version_string); admin.init_status = init_status; if !nfc_powered { @@ -223,7 +223,11 @@ pub fn init_apps( provisioner, _marker: Default::default(), }; - Apps::with_service(&runner, trussed, data) + + let mut client_builder = ClientBuilder::new(Default::default()); + let apps = Apps::new(&runner, trussed, &mut client_builder, data); + let endpoints = client_builder.into_endpoints(); + (apps, endpoints) } #[cfg(feature = "se050")] diff --git a/components/boards/src/lib.rs b/components/boards/src/lib.rs index b8eca688..4ae8d723 100644 --- a/components/boards/src/lib.rs +++ b/components/boards/src/lib.rs @@ -129,6 +129,12 @@ pub struct RunnerSyscall { _marker: PhantomData, } +impl Clone for RunnerSyscall { + fn clone(&self) -> Self { + Default::default() + } +} + impl Default for RunnerSyscall { fn default() -> Self { Self { diff --git a/components/boards/src/runtime.rs b/components/boards/src/runtime.rs index 2b26b668..472283fe 100644 --- a/components/boards/src/runtime.rs +++ b/components/boards/src/runtime.rs @@ -1,4 +1,5 @@ use apdu_dispatch::dispatch::{ApduDispatch, Interface}; +use apps::Endpoints; use ctaphid_dispatch::Dispatch as CtaphidDispatch; use embedded_time::duration::Milliseconds; use nfc_device::{traits::nfc::Device as NfcDevice, Iso14443}; @@ -119,6 +120,6 @@ where }; } -pub fn run_trussed(trussed: &mut Trussed) { - trussed.process(); +pub fn run_trussed(trussed: &mut Trussed, endpoints: &mut Endpoints) { + trussed.process(endpoints); } diff --git a/runners/embedded/src/bin/app-lpc.rs b/runners/embedded/src/bin/app-lpc.rs index 4c5fc116..4c34a637 100644 --- a/runners/embedded/src/bin/app-lpc.rs +++ b/runners/embedded/src/bin/app-lpc.rs @@ -16,6 +16,7 @@ pub fn msp() -> u32 { #[rtic::app(device = lpc55_hal::raw, peripherals = true, dispatchers = [PLU, PIN_INT5, PIN_INT7])] mod app { + use apps::Endpoints; use apdu_dispatch::dispatch::ApduDispatch; use boards::{ init::{Resources, UsbClasses}, @@ -93,7 +94,10 @@ mod app { } #[local] - struct LocalResources {} + struct LocalResources { + /// The endpoints that are polled by the Trussed service. + endpoints: Endpoints, + } // TODO: replace #[monotonic(binds = SysTick, default = true)] @@ -109,6 +113,7 @@ mod app { usb_nfc, trussed, apps, + endpoints, clock_controller, } = nk3xn::init(c.device, c.core, c.local.resources); let perf_timer = basic.perf_timer; @@ -134,7 +139,10 @@ mod app { clock_ctrl: clock_controller, wait_extender, }; - (shared, LocalResources {}, init::Monotonics(systick.into())) + let local = LocalResources { + endpoints + }; + (shared, local, init::Monotonics(systick.into())) } #[idle(shared = [apdu_dispatch, ctaphid_dispatch, apps, perf_timer, usb_classes])] @@ -268,10 +276,12 @@ mod app { }); } - #[task(binds = OS_EVENT, shared = [trussed], priority = 5)] + #[task(binds = OS_EVENT, shared = [trussed], local = [endpoints], priority = 5)] fn os_event(mut c: os_event::Context) { // debug_now!("os event: remaining stack size: {} bytes", super::msp() - 0x2000_0000); - c.shared.trussed.lock(runtime::run_trussed); + c.shared.trussed.lock(|trussed| { + runtime::run_trussed(trussed, c.local.endpoints); + }); } #[task(shared = [trussed], priority = 1)] diff --git a/runners/embedded/src/bin/app-nrf.rs b/runners/embedded/src/bin/app-nrf.rs index cceba170..133823b7 100644 --- a/runners/embedded/src/bin/app-nrf.rs +++ b/runners/embedded/src/bin/app-nrf.rs @@ -8,6 +8,7 @@ use cortex_m_rt::{exception, ExceptionFrame}; #[rtic::app(device = nrf52840_hal::pac, peripherals = true, dispatchers = [SWI3_EGU3, SWI4_EGU4, SWI5_EGU5])] mod app { use apdu_dispatch::{dispatch::ApduDispatch, interchanges::Channel as CcidChannel}; + use apps::Endpoints; use boards::{ init::{Resources, UsbClasses}, nk3am::{self, InternalFlashStorage, NK3AM}, @@ -38,6 +39,7 @@ mod app { struct LocalResources { gpiote: Gpiote, power: nrf52840_pac::POWER, + endpoints: Endpoints, } #[monotonic(binds = RTC0, default = true)] @@ -117,7 +119,7 @@ mod app { Some(se050), ); - let apps = boards::init::init_apps( + let (apps, endpoints) = boards::init::init_apps( &soc, &mut trussed, init_status, @@ -142,6 +144,7 @@ mod app { LocalResources { gpiote: board_gpio.gpiote, power: ctx.device.POWER, + endpoints, }, init::Monotonics(rtc_mono), ) @@ -188,13 +191,13 @@ mod app { // loop {} } - #[task(priority = 2, binds = SWI0_EGU0, shared = [trussed])] + #[task(priority = 2, binds = SWI0_EGU0, shared = [trussed], local = [endpoints])] fn task_trussed(ctx: task_trussed::Context) { let mut trussed = ctx.shared.trussed; - + //trace!("irq SWI0_EGU0"); trussed.lock(|trussed| { - runtime::run_trussed(trussed); + runtime::run_trussed(trussed, ctx.local.endpoints); }); } diff --git a/runners/embedded/src/nk3xn/init.rs b/runners/embedded/src/nk3xn/init.rs index 73853076..f68a0e08 100644 --- a/runners/embedded/src/nk3xn/init.rs +++ b/runners/embedded/src/nk3xn/init.rs @@ -1,7 +1,7 @@ use apdu_dispatch::interchanges::{ Channel as CcidChannel, Requester as CcidRequester, Responder as CcidResponder, }; -use apps::InitStatus; +use apps::{Endpoints, InitStatus}; #[cfg(feature = "se050")] use boards::nk3xn::TimerDelay; use boards::{ @@ -796,7 +796,7 @@ impl Stage6 { usbhs: Usbhs, ) -> All { self.perform_data_migrations(); - let apps = init::init_apps( + let (apps, endpoints) = init::init_apps( &Lpc55::new(), &mut self.trussed, self.status, @@ -842,6 +842,7 @@ impl Stage6 { basic: self.basic, trussed: self.trussed, apps, + endpoints, clock_controller, usb_nfc, } @@ -853,6 +854,7 @@ pub struct All { pub usb_nfc: UsbNfc, pub trussed: Trussed, pub apps: Apps, + pub endpoints: Endpoints, pub clock_controller: Option, } diff --git a/runners/usbip/Cargo.toml b/runners/usbip/Cargo.toml index 4ffab7e1..2e1cfa6a 100644 --- a/runners/usbip/Cargo.toml +++ b/runners/usbip/Cargo.toml @@ -15,7 +15,7 @@ log = { version = "0.4.14", default-features = false } pretty_env_logger = "0.5.0" rand_core = { version = "0.6.4", features = ["getrandom"] } signal-hook = { version = "0.3.17", default-features = false } -trussed = { version = "0.1", features = ["clients-3"] } +trussed = { version = "0.1" } trussed-usbip = { version = "0.0.1", default-features = false, features = ["ctaphid"] } utils = { path = "../../components/utils", features = ["log-all"] } From aaa663da0323d77fa40cc92bf5b2c6d12b59238a Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Thu, 23 Jan 2025 12:01:30 +0100 Subject: [PATCH 2/4] fixup! Update trussed to remove clients-? features --- components/apps/src/lib.rs | 17 +++++++---------- runners/embedded/src/bin/app-lpc.rs | 6 ++---- runners/embedded/src/bin/app-nrf.rs | 2 +- 3 files changed, 10 insertions(+), 15 deletions(-) diff --git a/components/apps/src/lib.rs b/components/apps/src/lib.rs index 0c29ad16..3183d102 100644 --- a/components/apps/src/lib.rs +++ b/components/apps/src/lib.rs @@ -455,7 +455,10 @@ impl ClientBuilder { let backends = A::backends(runner, config); let (requester, responder) = A::channel().split().unwrap(); let context = CoreContext::with_interrupt(A::CLIENT_ID.into(), interrupt); - self.endpoints.push(Endpoint::new(responder, context, backends)).ok().unwrap(); + self.endpoints + .push(Endpoint::new(responder, context, backends)) + .ok() + .unwrap(); Client::::new(requester, self.syscall.clone(), interrupt) } @@ -522,8 +525,7 @@ impl Apps { .. } = data; - let (admin, init_status) = - Self::admin_app(runner, trussed_service, client_builder, admin); + let (admin, init_status) = Self::admin_app(runner, trussed_service, client_builder, admin); let migrated_successfully = !init_status.contains(InitStatus::MIGRATION_ERROR); #[cfg(feature = "opcard")] @@ -583,7 +585,7 @@ impl Apps { ) -> (AdminApp, InitStatus) { #[cfg(not(feature = "se050"))] let _ = trussed_service; - + let trussed = client_builder.client::>(runner, &()); // TODO: use CLIENT_ID directly let mut filestore = ClientFilestore::new(ADMIN_APP_CLIENT_ID.into(), data.store); @@ -788,12 +790,7 @@ where (runner, data): (R, Data), ) -> Self { let mut client_builder = ClientBuilder::new(syscall); - let apps = Self::new( - &runner, - trussed_service, - &mut client_builder, - data, - ); + let apps = Self::new(&runner, trussed_service, &mut client_builder, data); endpoints.extend(client_builder.into_endpoints()); apps } diff --git a/runners/embedded/src/bin/app-lpc.rs b/runners/embedded/src/bin/app-lpc.rs index 4c34a637..67245f57 100644 --- a/runners/embedded/src/bin/app-lpc.rs +++ b/runners/embedded/src/bin/app-lpc.rs @@ -16,8 +16,8 @@ pub fn msp() -> u32 { #[rtic::app(device = lpc55_hal::raw, peripherals = true, dispatchers = [PLU, PIN_INT5, PIN_INT7])] mod app { - use apps::Endpoints; use apdu_dispatch::dispatch::ApduDispatch; + use apps::Endpoints; use boards::{ init::{Resources, UsbClasses}, nk3xn::{nfc::NfcChip, NK3xN}, @@ -139,9 +139,7 @@ mod app { clock_ctrl: clock_controller, wait_extender, }; - let local = LocalResources { - endpoints - }; + let local = LocalResources { endpoints }; (shared, local, init::Monotonics(systick.into())) } diff --git a/runners/embedded/src/bin/app-nrf.rs b/runners/embedded/src/bin/app-nrf.rs index 133823b7..a3667fb1 100644 --- a/runners/embedded/src/bin/app-nrf.rs +++ b/runners/embedded/src/bin/app-nrf.rs @@ -194,7 +194,7 @@ mod app { #[task(priority = 2, binds = SWI0_EGU0, shared = [trussed], local = [endpoints])] fn task_trussed(ctx: task_trussed::Context) { let mut trussed = ctx.shared.trussed; - + //trace!("irq SWI0_EGU0"); trussed.lock(|trussed| { runtime::run_trussed(trussed, ctx.local.endpoints); From 8732ed83d2134d2f40860bbeba72043e984b082f Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Thu, 23 Jan 2025 15:09:03 +0100 Subject: [PATCH 3/4] fixup! Update trussed to remove clients-? features --- runners/nkpk/src/main.rs | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/runners/nkpk/src/main.rs b/runners/nkpk/src/main.rs index f7868d29..37140e66 100644 --- a/runners/nkpk/src/main.rs +++ b/runners/nkpk/src/main.rs @@ -8,6 +8,7 @@ use cortex_m_rt::{exception, ExceptionFrame}; #[rtic::app(device = nrf52840_pac, peripherals = true, dispatchers = [SWI3_EGU3, SWI4_EGU4, SWI5_EGU5])] mod app { use apdu_dispatch::{dispatch::ApduDispatch, interchanges::Channel as CcidChannel}; + use apps::Endpoints; use boards::{ init::{Resources, UsbClasses}, nkpk::{self, ExternalFlashStorage, InternalFlashStorage, NKPK}, @@ -40,6 +41,7 @@ mod app { struct LocalResources { gpiote: Gpiote, power: nrf52840_pac::POWER, + endpoints: Endpoints, } #[monotonic(binds = RTC0, default = true)] @@ -101,7 +103,7 @@ mod app { let mut trussed = boards::init::init_trussed(&mut dev_rng, store, user_interface, &mut init_status); - let apps = boards::init::init_apps( + let (apps, endpoints) = boards::init::init_apps( &soc, &mut trussed, init_status, @@ -126,6 +128,7 @@ mod app { LocalResources { gpiote: board_gpio.gpiote, power: ctx.device.POWER, + endpoints, }, init::Monotonics(rtc_mono), ) @@ -171,13 +174,13 @@ mod app { } } - #[task(priority = 2, binds = SWI0_EGU0, shared = [trussed])] + #[task(priority = 2, binds = SWI0_EGU0, shared = [trussed], local = [endpoints])] fn task_trussed(ctx: task_trussed::Context) { let mut trussed = ctx.shared.trussed; //trace!("irq SWI0_EGU0"); trussed.lock(|trussed| { - runtime::run_trussed(trussed); + runtime::run_trussed(trussed, ctx.local.endpoints); }); } From dbfaec0d818bc41babcbae40876cec0fa29cf59c Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Thu, 23 Jan 2025 16:14:29 +0100 Subject: [PATCH 4/4] fixup! Update trussed to remove clients-? features --- components/apps/src/lib.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/components/apps/src/lib.rs b/components/apps/src/lib.rs index 3183d102..ad045089 100644 --- a/components/apps/src/lib.rs +++ b/components/apps/src/lib.rs @@ -431,7 +431,8 @@ const CLIENT_COUNT: usize = const { } i += 1; } - n + // admin-app is always enabled + n + 1 }; pub type Endpoint = ServiceEndpoint<'static, Backend, DispatchContext>;