feat(esp_tee): Added examples demonstrating the ESP-TEE framework

examples/security/tee/tee_basic/components/example_secure_service/CMakeLists.txt

@@ -0,0 +1,11 @@
+cmake_minimum_required(VERSION 3.16)
+
+idf_build_get_property(esp_tee_build ESP_TEE_BUILD)
+
+if(NOT esp_tee_build)
+    return()
+endif()
+
+idf_component_register(SRCS "example_service.c"
+                       INCLUDE_DIRS include
+                       PRIV_REQUIRES main)

examples/security/tee/tee_basic/components/example_secure_service/example.tbl

@@ -0,0 +1,2 @@
+# SS no.    API type    Function                        Args
+201         custom      example_sec_serv_aes_op          6

examples/security/tee/tee_basic/components/example_secure_service/example_service.c

@@ -0,0 +1,39 @@
+/*
+ * SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Unlicense OR CC0-1.0
+ */
+#include "esp_cpu.h"
+#include "esp_err.h"
+#include "esp_rom_sys.h"
+
+#include "hal/aes_hal.h"
+#include "aes/esp_aes.h"
+
+#include "esp_tee.h"
+#include "secure_service_num.h"
+
+/* Fixed key */
+static const uint8_t key[AES_256_KEY_BYTES] =  {[0 ... 31] = 0xA5};
+
+esp_err_t _ss_example_sec_serv_aes_op(int mode, size_t length, unsigned char iv[16], const unsigned char *input, unsigned char *output)
+{
+    if (length == 0 || iv == NULL || input == NULL || output == NULL) {
+        return ESP_ERR_INVALID_ARG;
+    }
+
+    if (esp_cpu_get_curr_privilege_level() != ESP_CPU_S_MODE) {
+        esp_rom_printf("Operation executing from illegal privilege level!\n");
+        return ESP_ERR_INVALID_STATE;
+    }
+
+    esp_rom_printf("TEE: Secure service call for AES-256-CBC operation\n");
+    esp_rom_printf("TEE: In PROTECTED M-mode\n");
+
+    esp_aes_context ctx = {};
+    ctx.key_bytes = AES_256_KEY_BYTES;
+    ctx.key_in_hardware = 0;
+    memcpy(ctx.key, key, ctx.key_bytes);
+
+    return (esp_err_t)esp_aes_crypt_cbc(&ctx, mode, length, iv, input, output);
+}

examples/security/tee/tee_basic/components/example_secure_service/include/example_service.h

@@ -0,0 +1,20 @@
+/*
+ * SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Unlicense OR CC0-1.0
+ */
+
+#include "esp_err.h"
+
+/**
+ * @brief Perform AES-256-CBC encryption/decryption operation in TEE
+ *
+ * @param mode      ESP_AES_ENCRYPT (1) for encryption, ESP_AES_DECRYPT (0) for decryption
+ * @param length    Length of input data in bytes
+ * @param iv        Initialization vector (16 bytes)
+ * @param input     Input buffer containing plaintext (for encryption) or ciphertext (for decryption)
+ * @param output    Output buffer for ciphertext (for encryption) or plaintext (for decryption)
+ *
+ * @return esp_err_t ESP_OK on success, appropriate error code on failure
+ */
+esp_err_t example_sec_serv_aes_op(int mode, size_t length, unsigned char iv[16], const unsigned char *input, unsigned char *output);

examples/security/tee/tee_basic/components/example_secure_service/tee_project.cmake

@@ -0,0 +1,15 @@
+# tee_project.cmake file must be manually included in the project's top level CMakeLists.txt before project()
+# This ensures that the variables are set before TEE starts building
+
+get_filename_component(directory "${CMAKE_CURRENT_LIST_DIR}/.." ABSOLUTE DIRECTORY)
+get_filename_component(name ${CMAKE_CURRENT_LIST_DIR} NAME)
+
+# Append secure service table consisting of secure services
+idf_build_set_property(CUSTOM_SECURE_SERVICE_TBL ${CMAKE_CURRENT_LIST_DIR}/example.tbl APPEND)
+
+# Append the directory of this component which is used by esp_tee component as
+# EXTRA_COMPONENT_DIRS
+idf_build_set_property(CUSTOM_SECURE_SERVICE_COMPONENT_DIR ${directory} APPEND)
+
+# Append the name of the component so that esp_tee can include it in its COMPONENTS list
+idf_build_set_property(CUSTOM_SECURE_SERVICE_COMPONENT ${name} APPEND)