diff options
author | Summer Qin <summer.qin@arm.com> | 2019-07-02 14:56:08 +0800 |
---|---|---|
committer | Summer Qin <summer.qin@arm.com> | 2019-07-24 10:49:49 +0800 |
commit | 4b1d03b6b68611b671b57f218df8b28ded9f17f7 (patch) | |
tree | 8e1cdbc650ea07932428db0a9861ab7adeec4f2b | |
parent | 05b24199afbbcda2bcba1580e840a1cc156b5763 (diff) | |
download | trusted-firmware-m-4b1d03b6b68611b671b57f218df8b28ded9f17f7.tar.gz |
Core: PSA APIs alignment
Update PSA Client and Secure Partition APIs and some related files:
- Add psa_panic() to indicate an internal fault in a secure partition.
- Introduce a message type parameter to the psa_call() function which
is delivered as part of the psa_msg_t data to the RoT Service.
- Change 'minor version' to 'version'.
- Add PSA_HANDLE_IS_VALID() and PSA_HANDLE_TO_ERROR() macros.
- Move the definition of PSA_MAX_IOVEC and PSA_IPC_CALL from
psa/service.h to psa/client.h.
- Change the error code returned by psa_get() when the message could
not be delivered. It now returns PSA_ERROR_DOES_NOT_EXIST.
Change-Id: Ia717f591c80484699f4f491d1ed6dbc4fd7c050f
Signed-off-by: Summer Qin <summer.qin@arm.com>
29 files changed, 338 insertions, 293 deletions
diff --git a/app/tfm_integ_test.c b/app/tfm_integ_test.c index 5e7e722309..357397eb26 100644 --- a/app/tfm_integ_test.c +++ b/app/tfm_integ_test.c @@ -59,7 +59,7 @@ static psa_status_t psa_test_common(uint32_t sid, uint32_t minor_version, return CORE_TEST_ERRNO_INVALID_PARAMETER; } - status = psa_call(handle, in_vecs, in_len, out_vecs, out_len); + status = psa_call(handle, PSA_IPC_CALL, in_vecs, in_len, out_vecs, out_len); if (status < 0) { status = CORE_TEST_ERRNO_UNEXPECTED_CORE_BEHAVIOUR; } diff --git a/interface/include/psa/client.h b/interface/include/psa/client.h index 33e3f2d415..d0408343fd 100644 --- a/interface/include/psa/client.h +++ b/interface/include/psa/client.h @@ -19,17 +19,44 @@ extern "C" { /*********************** PSA Client Macros and Types *************************/ -#define PSA_FRAMEWORK_VERSION (0x0100) +/** + * The version of the PSA Framework API that is being used to build the calling + * firmware. + */ +#define PSA_FRAMEWORK_VERSION (0x0100u) -#define PSA_VERSION_NONE (0) +/** + * Return value from psa_version() if the requested RoT Service is not present + * in the system. + */ +#define PSA_VERSION_NONE (0u) -/* PSA response types */ -#define PSA_CONNECTION_REFUSED (INT32_MIN + 1) -#define PSA_CONNECTION_BUSY (INT32_MIN + 2) -#define PSA_DROP_CONNECTION (INT32_MIN) +/** + * The zero-value null handle can be assigned to variables used in clients and + * RoT Services, indicating that there is no current connection or message. + */ +#define PSA_NULL_HANDLE ((psa_handle_t)0) + +/** + * Tests whether a handle value returned by psa_connect() is valid. + */ +#define PSA_HANDLE_IS_VALID(handle) ((psa_handle_t)(handle) > 0) -/* PSA message handles */ -#define PSA_NULL_HANDLE ((psa_handle_t)0) +/** + * Converts the handle value returned from a failed call psa_connect() into + * an error code. + */ +#define PSA_HANDLE_TO_ERROR(handle) ((psa_status_t)(handle)) + +/** + * Maximum number of input and output vectors for a request to psa_call(). + */ +#define PSA_MAX_IOVEC (4u) + +/** + * An IPC message type that indicates a generic client request. + */ +#define PSA_IPC_CALL (0) typedef int32_t psa_handle_t; @@ -64,15 +91,14 @@ typedef struct psa_outvec { uint32_t psa_framework_version(void); /** - * \brief Retrieve the minor version of an RoT Service or indicate that it is - * not present on this system. + * \brief Retrieve the version of an RoT Service or indicate that it is not + * present on this system. * * \param[in] sid ID of the RoT Service to query. * * \retval PSA_VERSION_NONE The RoT Service is not implemented, or the * caller is not permitted to access the service. - * \retval > 0 The minor version of the implemented RoT - * Service. + * \retval > 0 The version of the implemented RoT Service. */ uint32_t psa_version(uint32_t sid); @@ -80,23 +106,28 @@ uint32_t psa_version(uint32_t sid); * \brief Connect to an RoT Service by its SID. * * \param[in] sid ID of the RoT Service to connect to. - * \param[in] minor_version Requested version of the RoT Service. + * \param[in] version Requested version of the RoT Service. * * \retval > 0 A handle for the connection. - * \retval PSA_CONNECTION_REFUSED The SPM or RoT Service has refused the + * \retval PSA_ERROR_CONNECTION_REFUSED The SPM or RoT Service has refused the * connection. - * \retval PSA_CONNECTION_BUSY The SPM or RoT Service cannot make the + * \retval PSA_ERROR_CONNECTION_BUSY The SPM or RoT Service cannot make the * connection at the moment. - * \retval "Does not return" The RoT Service ID and version are not - * supported, or the caller is not permitted to - * access the service. + * \retval "PROGRAMMER ERROR" The call is a PROGRAMMER ERROR if one or more + * of the following are true: + * \arg The RoT Service ID is not present. + * \arg The RoT Service version is not supported. + * \arg The caller is not allowed to access the RoT + * service. */ -psa_handle_t psa_connect(uint32_t sid, uint32_t minor_version); +psa_handle_t psa_connect(uint32_t sid, uint32_t version); /** * \brief Call an RoT Service on an established connection. * * \param[in] handle A handle to an established connection. + * \param[in] type The reuqest type. + * Must be zero( \ ref PSA_IPC_CALL) or positive. * \param[in] in_vec Array of input \ref psa_invec structures. * \param[in] in_len Number of input \ref psa_invec structures. * \param[in/out] out_vec Array of output \ref psa_outvec structures. @@ -104,19 +135,18 @@ psa_handle_t psa_connect(uint32_t sid, uint32_t minor_version); * * \retval >=0 RoT Service-specific status value. * \retval <0 RoT Service-specific error code. - * \retval PSA_DROP_CONNECTION The connection has been dropped by the RoT - * Service. This indicates that either this or - * a previous message was invalid. - * \retval "Does not return" The call is invalid, one or more of the - * following are true: + * \retval PSA_ERROR_PROGRAMMER_ERROR The connection has been terminated by the + * RoT Service. The call is a PROGRAMMER ERROR if + * one or more of the following are true: * \arg An invalid handle was passed. * \arg The connection is already handling a request. + * \arg type < 0. * \arg An invalid memory reference was provided. * \arg in_len + out_len > PSA_MAX_IOVEC. * \arg The message is unrecognized by the RoT * Service or incorrectly formatted. */ -psa_status_t psa_call(psa_handle_t handle, +psa_status_t psa_call(psa_handle_t handle, int32_t type, const psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, @@ -129,11 +159,12 @@ psa_status_t psa_call(psa_handle_t handle, * null handle. * * \retval void Success. - * \retval "Does not return" The call is invalid, one or more of the - * following are true: + * \retval "PROGRAMMER ERROR" The call is a PROGRAMMER ERROR if one or more + * of the following are true: * \arg An invalid handle was provided that is not * the null handle. - * \arg The connection is handling a request. + * \arg The connection is currently handling a + * request. */ void psa_close(psa_handle_t handle); diff --git a/interface/include/psa/service.h b/interface/include/psa/service.h index 9af3f6757b..94eb08230c 100644 --- a/interface/include/psa/service.h +++ b/interface/include/psa/service.h @@ -20,26 +20,31 @@ extern "C" { /********************** PSA Secure Partition Macros and Types ****************/ -/* PSA wait timeouts */ +/** + * A timeout value that requests a polling wait operation. + */ #define PSA_POLL (0x00000000u) + +/** + * A timeout value that requests a blocking wait operation. + */ #define PSA_BLOCK (0x80000000u) -/* A mask value that includes all Secure Partition signals */ -#define PSA_WAIT_ANY (~0u) +/** + * A mask value that includes all Secure Partition signals. + */ +#define PSA_WAIT_ANY (0xFFFFFFFFu) -/* Doorbell signal */ +/** + * The signal number for the Secure Partition doorbell. + */ #define PSA_DOORBELL (0x00000008u) /* PSA message types */ -#define PSA_IPC_CONNECT (1) -#define PSA_IPC_CALL (2) -#define PSA_IPC_DISCONNECT (3) - -/* Maximum number of input and output vectors */ -#define PSA_MAX_IOVEC (4) - -/* Return code from psa_get() */ -#define PSA_ERR_NOMSG (INT32_MIN + 3) +/* An IPC message type that indicates a new connection. */ +#define PSA_IPC_CONNECT (-1) +/* An IPC message type that indicates the end of a connection. */ +#define PSA_IPC_DISCONNECT (-2) /* Store a set of one or more Secure Partition signals */ typedef uint32_t psa_signal_t; @@ -48,9 +53,9 @@ typedef uint32_t psa_signal_t; * Describe a message received by an RoT Service after calling \ref psa_get(). */ typedef struct psa_msg_t { - uint32_t type; /* One of the following values: + int32_t type; /* One of the following values: * \ref PSA_IPC_CONNECT - * \ref PSA_IPC_CALL + * >= 0 * \ref PSA_IPC_DISCONNECT */ psa_handle_t handle; /* A reference generated by the SPM to the @@ -97,8 +102,8 @@ psa_signal_t psa_wait(psa_signal_t signal_mask, uint32_t timeout); * * \retval PSA_SUCCESS Success, *msg will contain the delivered * message. - * \retval PSA_ERR_NOMSG Message could not be delivered. - * \retval "Does not return" The call is invalid because one or more of the + * \retval PSA_ERROR_DOES_NOT_EXIST Message could not be delivered. + * \retval "PROGRAMMER ERROR" The call is invalid because one or more of the * following are true: * \arg signal has more than a single bit set. * \arg signal does not correspond to an RoT Service. @@ -118,7 +123,7 @@ psa_status_t psa_get(psa_signal_t signal, psa_msg_t *msg); * \retval void Success, rhandle will be provided with all * subsequent messages delivered on this * connection. - * \retval "Does not return" msg_handle is invalid. + * \retval "PROGRAMMER ERROR" msg_handle is invalid. */ void psa_set_rhandle(psa_handle_t msg_handle, void *rhandle); @@ -137,7 +142,7 @@ void psa_set_rhandle(psa_handle_t msg_handle, void *rhandle); * \retval >0 Number of bytes copied. * \retval 0 There was no remaining data in this input * vector. - * \retval "Does not return" The call is invalid, one or more of the + * \retval "PROGRAMMER ERROR" The call is invalid, one or more of the * following are true: * \arg msg_handle is invalid. * \arg msg_handle does not refer to a @@ -162,11 +167,11 @@ size_t psa_read(psa_handle_t msg_handle, uint32_t invec_idx, * \retval >0 Number of bytes skipped. * \retval 0 There was no remaining data in this input * vector. - * \retval "Does not return" The call is invalid, one or more of the + * \retval "PROGRAMMER ERROR" The call is invalid, one or more of the * following are true: * \arg msg_handle is invalid. - * \arg msg_handle does not refer to a - * \ref PSA_IPC_CALL message. + * \arg msg_handle does not refer to a request + * message. * \arg invec_idx is equal to or greater than * \ref PSA_MAX_IOVEC. */ @@ -183,11 +188,11 @@ size_t psa_skip(psa_handle_t msg_handle, uint32_t invec_idx, size_t num_bytes); * vector. * * \retval void Success - * \retval "Does not return" The call is invalid, one or more of the + * \retval "PROGRAMMER ERROR" The call is invalid, one or more of the * following are true: * \arg msg_handle is invalid. - * \arg msg_handle does not refer to a - * \ref PSA_IPC_CALL message. + * \arg msg_handle does not refer to a request + * message. * \arg outvec_idx is equal to or greater than * \ref PSA_MAX_IOVEC. * \arg The memory reference for buffer is invalid. @@ -205,7 +210,7 @@ void psa_write(psa_handle_t msg_handle, uint32_t outvec_idx, * client. * * \retval void Success. - * \retval "Does not return" The call is invalid, one or more of the + * \retval "PROGRAMMER ERROR" The call is invalid, one or more of the * following are true: * \arg msg_handle is invalid. * \arg An invalid status code is specified for the @@ -219,7 +224,7 @@ void psa_reply(psa_handle_t msg_handle, psa_status_t status); * \param[in] partition_id Secure Partition ID of the target partition. * * \retval void Success. - * \retval "Does not return" partition_id does not correspond to a Secure + * \retval "PROGRAMMER ERROR" partition_id does not correspond to a Secure * Partition. */ void psa_notify(int32_t partition_id); @@ -228,7 +233,7 @@ void psa_notify(int32_t partition_id); * \brief Clear the PSA_DOORBELL signal. * * \retval void Success. - * \retval "Does not return" The Secure Partition's doorbell signal is not + * \retval "PROGRAMMER ERROR" The Secure Partition's doorbell signal is not * currently asserted. */ void psa_clear(void); @@ -239,7 +244,7 @@ void psa_clear(void); * \param[in] irq_signal The interrupt signal that has been processed. * * \retval void Success. - * \retval "Does not return" The call is invalid, one or more of the + * \retval "PROGRAMMER ERROR" The call is invalid, one or more of the * following are true: * \arg irq_signal is not an interrupt signal. * \arg irq_signal indicates more than one signal. @@ -247,6 +252,14 @@ void psa_clear(void); */ void psa_eoi(psa_signal_t irq_signal); +/** + * \brief Terminate execution within the calling Secure Partition and will not + * return. + * + * \retval "Does not return" + */ +void psa_panic(void); + #ifdef __cplusplus } #endif diff --git a/interface/include/tfm_api.h b/interface/include/tfm_api.h index 5a56ec79b5..650fe5256c 100644 --- a/interface/include/tfm_api.h +++ b/interface/include/tfm_api.h @@ -35,9 +35,6 @@ extern "C" { */ #define TFM_CLIENT_ID_IS_NS(client_id) ((client_id)<0) -/* Maximum number of input and output vectors */ -#define PSA_MAX_IOVEC (4) - /* The mask used for timeout values */ #define PSA_TIMEOUT_MASK PSA_BLOCK @@ -102,22 +99,24 @@ uint32_t tfm_psa_version_veneer(uint32_t sid); * \brief Connect to secure function * * \param[in] sid ID of secure service - * \param[in] minor_version Minor version of SF requested by client + * \param[in] version Version of SF requested by client * * \return Returns handle to connection */ -psa_handle_t tfm_psa_connect_veneer(uint32_t sid, uint32_t minor_version); +psa_handle_t tfm_psa_connect_veneer(uint32_t sid, uint32_t version); /** * \brief Call a secure function referenced by a connection handle * * \param[in] handle Handle to connection + * \param[in] type The reuqest type. Must be zero(PSA_IPC_CALL) or + * positive. * \param[in] in_vecs invec containing pointer/count of input vectors * \param[in] out_vecs invec containing pointer/count of output vectors * * \return Returns \ref psa_status_t status code */ -psa_status_t tfm_psa_call_veneer(psa_handle_t handle, +psa_status_t tfm_psa_call_veneer(psa_handle_t handle, int32_t type, const psa_invec *in_vecs, const psa_invec *out_vecs); diff --git a/interface/src/tfm_crypto_api.c b/interface/src/tfm_crypto_api.c index 400e12381d..554cdb56d7 100644 --- a/interface/src/tfm_crypto_api.c +++ b/interface/src/tfm_crypto_api.c @@ -32,12 +32,12 @@ #define PSA_CLOSE() psa_close(ipc_handle) #define API_DISPATCH(sfn_name, sfn_id) \ - psa_call(ipc_handle, /*PSA_IPC_CALL,*/ \ + psa_call(ipc_handle, PSA_IPC_CALL, \ in_vec, ARRAY_SIZE(in_vec), \ out_vec, ARRAY_SIZE(out_vec)) #define API_DISPATCH_NO_OUTVEC(sfn_name, sfn_id) \ - psa_call(ipc_handle, /*PSA_IPC_CALL,*/ \ + psa_call(ipc_handle, PSA_IPC_CALL, \ in_vec, ARRAY_SIZE(in_vec), \ (psa_outvec *)NULL, 0) #else @@ -1061,7 +1061,7 @@ psa_status_t psa_aead_encrypt(psa_key_handle_t handle, if (additional_data == NULL) { in_len--; } - status = psa_call(ipc_handle, in_vec, in_len, + status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len, out_vec, ARRAY_SIZE(out_vec)); #else status = API_DISPATCH(tfm_crypto_aead_encrypt, @@ -1131,7 +1131,7 @@ psa_status_t psa_aead_decrypt(psa_key_handle_t handle, if (additional_data == NULL) { in_len--; } - status = psa_call(ipc_handle, in_vec, in_len, + status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len, out_vec, ARRAY_SIZE(out_vec)); #else status = API_DISPATCH(tfm_crypto_aead_decrypt, @@ -1260,7 +1260,7 @@ psa_status_t psa_asymmetric_encrypt(psa_key_handle_t handle, if (salt == NULL) { in_len--; } - status = psa_call(ipc_handle, in_vec, in_len, + status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len, out_vec, ARRAY_SIZE(out_vec)); #else status = API_DISPATCH(tfm_crypto_asymmetric_encrypt, @@ -1317,7 +1317,7 @@ psa_status_t psa_asymmetric_decrypt(psa_key_handle_t handle, if (salt == NULL) { in_len--; } - status = psa_call(ipc_handle, in_vec, in_len, + status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len, out_vec, ARRAY_SIZE(out_vec)); #else status = API_DISPATCH(tfm_crypto_asymmetric_decrypt, @@ -1503,7 +1503,7 @@ psa_status_t psa_key_derivation(psa_crypto_generator_t *generator, in_len--; } } - status = psa_call(ipc_handle, in_vec, in_len, + status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len, out_vec, ARRAY_SIZE(out_vec)); #else status = API_DISPATCH(tfm_crypto_key_derivation, @@ -1622,7 +1622,7 @@ psa_status_t psa_generate_key(psa_key_handle_t handle, in_len--; } - status = psa_call(ipc_handle, in_vec, in_len, NULL, 0); + status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len, NULL, 0); #else status = API_DISPATCH_NO_OUTVEC(tfm_crypto_generate_key, TFM_CRYPTO_GENERATE_KEY); diff --git a/interface/src/tfm_initial_attestation_api.c b/interface/src/tfm_initial_attestation_api.c index 0f6377e565..1bcce057fd 100644 --- a/interface/src/tfm_initial_attestation_api.c +++ b/interface/src/tfm_initial_attestation_api.c @@ -41,7 +41,7 @@ psa_initial_attest_get_token(const uint8_t *challenge_obj, return PSA_ATTEST_ERR_GENERAL; } - status = psa_call(handle, + status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); psa_close(handle); @@ -91,7 +91,7 @@ psa_initial_attest_get_token_size(uint32_t challenge_size, return PSA_ATTEST_ERR_GENERAL; } - status = psa_call(handle, + status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); psa_close(handle); diff --git a/interface/src/tfm_psa_ns_api.c b/interface/src/tfm_psa_ns_api.c index 1c8308465f..5fb5de3d65 100644 --- a/interface/src/tfm_psa_ns_api.c +++ b/interface/src/tfm_psa_ns_api.c @@ -31,17 +31,17 @@ uint32_t psa_version(uint32_t sid) 0); } -psa_handle_t psa_connect(uint32_t sid, uint32_t minor_version) +psa_handle_t psa_connect(uint32_t sid, uint32_t version) { return tfm_ns_interface_dispatch( (veneer_fn)tfm_psa_connect_veneer, sid, - minor_version, + version, 0, 0); } -psa_status_t psa_call(psa_handle_t handle, +psa_status_t psa_call(psa_handle_t handle, int32_t type, const psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, @@ -63,9 +63,9 @@ psa_status_t psa_call(psa_handle_t handle, return tfm_ns_interface_dispatch( (veneer_fn)tfm_psa_call_veneer, (uint32_t)handle, + (uint32_t)type, (uint32_t)&in_vecs, - (uint32_t)&out_vecs, - 0); + (uint32_t)&out_vecs); } void psa_close(psa_handle_t handle) diff --git a/interface/src/tfm_sst_api.c b/interface/src/tfm_sst_api.c index 2722c673b2..c7796d0a84 100644 --- a/interface/src/tfm_sst_api.c +++ b/interface/src/tfm_sst_api.c @@ -44,7 +44,7 @@ psa_ps_status_t psa_ps_set(psa_ps_uid_t uid, return PSA_PS_ERROR_OPERATION_FAILED; } - status = psa_call(handle, in_vec, IOVEC_LEN(in_vec), out_vec, + status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); psa_close(handle); @@ -92,7 +92,7 @@ psa_ps_status_t psa_ps_get(psa_ps_uid_t uid, return PSA_PS_ERROR_OPERATION_FAILED; } - status = psa_call(handle, in_vec, IOVEC_LEN(in_vec), out_vec, + status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); psa_close(handle); @@ -137,7 +137,7 @@ psa_ps_status_t psa_ps_get_info(psa_ps_uid_t uid, struct psa_ps_info_t *p_info) return PSA_PS_ERROR_OPERATION_FAILED; } - status = psa_call(handle, in_vec, IOVEC_LEN(in_vec), out_vec, + status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); psa_close(handle); @@ -181,7 +181,7 @@ psa_ps_status_t psa_ps_remove(psa_ps_uid_t uid) return PSA_PS_ERROR_OPERATION_FAILED; } - status = psa_call(handle, in_vec, IOVEC_LEN(in_vec), out_vec, + status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); psa_close(handle); @@ -247,7 +247,7 @@ uint32_t psa_ps_get_support(void) return support_flags; } - (void)psa_call(handle, NULL, 0, out_vec, IOVEC_LEN(out_vec)); + (void)psa_call(handle, PSA_IPC_CALL, NULL, 0, out_vec, IOVEC_LEN(out_vec)); psa_close(handle); #else diff --git a/secure_fw/core/ipc/include/tfm_svcalls.h b/secure_fw/core/ipc/include/tfm_svcalls.h index 97c506be14..371895ae0a 100644 --- a/secure_fw/core/ipc/include/tfm_svcalls.h +++ b/secure_fw/core/ipc/include/tfm_svcalls.h @@ -41,9 +41,9 @@ uint32_t tfm_svcall_psa_version(uint32_t *args, int32_t ns_caller); * Or from secure client. * * \retval > 0 A handle for the connection. - * \retval PSA_CONNECTION_REFUSED The SPM or RoT Service has refused the + * \retval PSA_ERROR_CONNECTION_REFUSED The SPM or RoT Service has refused the * connection. - * \retval PSA_CONNECTION_BUSY The SPM or RoT Service cannot make the + * \retval PSA_ERROR_CONNECTION_BUSY The SPM or RoT Service cannot make the * connection at the moment. * \retval "Does not return" The RoT Service ID and version are not * supported, or the caller is not permitted to @@ -62,13 +62,12 @@ psa_handle_t tfm_svcall_psa_connect(uint32_t *args, int32_t ns_caller); * * \retval >=0 RoT Service-specific status value. * \retval <0 RoT Service-specific error code. - * \retval PSA_DROP_CONNECTION The connection has been dropped by the RoT - * Service. This indicates that either this or - * a previous message was invalid. - * \retval "Does not return" The call is invalid, one or more of the - * following are true: + * \retval PSA_ERROR_PROGRAMMER_ERROR The connection has been terminated by the + * RoT Service. The call is a PROGRAMMER ERROR if + * one or more of the following are true: * \arg An invalid handle was passed. * \arg The connection is already handling a request. + * \arg type < 0. * \arg An invalid memory reference was provided. * \arg in_len + out_len > PSA_MAX_IOVEC. * \arg The message is unrecognized by the RoT diff --git a/secure_fw/core/ipc/psa_client.c b/secure_fw/core/ipc/psa_client.c index 040d596f8d..6a696e32f9 100644 --- a/secure_fw/core/ipc/psa_client.c +++ b/secure_fw/core/ipc/psa_client.c @@ -27,7 +27,7 @@ uint32_t psa_version(uint32_t sid) } __attribute__((naked, section("SFN"))) -psa_handle_t psa_connect(uint32_t sid, uint32_t minor_version) +psa_handle_t psa_connect(uint32_t sid, uint32_t version) { __ASM volatile("SVC %0 \n" "BX LR \n" @@ -36,6 +36,7 @@ psa_handle_t psa_connect(uint32_t sid, uint32_t minor_version) __attribute__((naked, section("SFN"))) psa_status_t psa_call(psa_handle_t handle, + int32_t type, const psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, diff --git a/secure_fw/core/ipc/tfm_svcalls.c b/secure_fw/core/ipc/tfm_svcalls.c index d03b7dcfab..447a9f7e43 100644 --- a/secure_fw/core/ipc/tfm_svcalls.c +++ b/secure_fw/core/ipc/tfm_svcalls.c @@ -88,7 +88,7 @@ psa_handle_t tfm_svcall_psa_connect(uint32_t *args, int32_t ns_caller) */ connect_handle = tfm_spm_create_conn_handle(service); if (connect_handle == PSA_NULL_HANDLE) { - return PSA_CONNECTION_BUSY; + return PSA_ERROR_CONNECTION_BUSY; } /* @@ -112,7 +112,7 @@ psa_handle_t tfm_svcall_psa_connect(uint32_t *args, int32_t ns_caller) ns_caller, NULL, 0, NULL, 0, NULL); if (!msg) { /* Have no enough resource to create message */ - return PSA_CONNECTION_BUSY; + return PSA_ERROR_CONNECTION_BUSY; } /* @@ -121,7 +121,7 @@ psa_handle_t tfm_svcall_psa_connect(uint32_t *args, int32_t ns_caller) */ tfm_spm_send_event(service, msg); - return PSA_CONNECTION_BUSY; + return PSA_ERROR_CONNECTION_BUSY; } psa_status_t tfm_svcall_psa_call(uint32_t *args, int32_t ns_caller, uint32_t lr) @@ -135,10 +135,15 @@ psa_status_t tfm_svcall_psa_call(uint32_t *args, int32_t ns_caller, uint32_t lr) int i; struct tfm_spm_ipc_partition_t *partition = NULL; uint32_t privileged; + int32_t type; TFM_ASSERT(args != NULL); handle = (psa_handle_t)args[0]; + type = (int32_t)args[1]; + if (type < 0) { + tfm_panic(); + } partition = tfm_spm_get_running_partition(); if (!partition) { tfm_panic(); @@ -146,29 +151,31 @@ psa_status_t tfm_svcall_psa_call(uint32_t *args, int32_t ns_caller, uint32_t lr) privileged = tfm_spm_partition_get_privileged_mode(partition->index); if (!ns_caller) { - inptr = (psa_invec *)args[1]; - in_num = (size_t)args[2]; - outptr = (psa_outvec *)args[3]; + inptr = (psa_invec *)args[2]; + in_num = (size_t)args[3]; /* - * 5th parameter is pushed at stack top before SVC, then PE hardware - * stacks the execution context. The size of the context depends on - * various settings: - * - if FP is not used, 5th parameter is at 8th position counting - * from SP; - * - if FP is used and FPCCR_S.TS is 0, 5th parameter is at 26th + * 5th and 6th parameter is pushed at stack top before SVC, then PE + * hardware stacks the execution context. The size of the context + * depends on various settings: + * - if FP is not used, 5th and 6th parameters are at 8th and 9th * position counting from SP; - * - if FP is used and FPCCR_S.TS is 1, 5th parameter is at 42th - * position counting from SP. + * - if FP is used and FPCCR_S.TS is 0, 5th and 6th parameters are at + * 26th and 27th position counting from SP; + * - if FP is used and FPCCR_S.TS is 1, 5th and 6th parameters are at + * 42th and 43th position counting from SP. */ - if (lr & EXC_RETURN_FPU_FRAME_BASIC) { - out_num = (size_t)args[8]; + if (lr & EXC_RETURN_FPU_FRAME_BASIC) { + outptr = (psa_outvec *)args[8]; + out_num = (size_t)args[9]; #if defined (__FPU_USED) && (__FPU_USED == 1U) - } else if (FPU->FPCCR & FPU_FPCCR_TS_Msk) { - out_num = (size_t)args[42]; + } else if (FPU->FPCCR & FPU_FPCCR_TS_Msk) { + outptr = (psa_outvec *)args[42]; + out_num = (size_t)args[43]; #endif - } else { - out_num = (size_t)args[26]; - } + } else { + outptr = (psa_outvec *)args[26]; + out_num = (size_t)args[27]; + } } else { /* * FixMe: From non-secure caller, vec and len are composed into a new @@ -178,19 +185,19 @@ psa_status_t tfm_svcall_psa_call(uint32_t *args, int32_t ns_caller, uint32_t lr) * Read parameters from the arguments. It is a fatal error if the * memory reference for buffer is invalid or not readable. */ - if (tfm_memory_check((void *)args[1], sizeof(uint32_t), + if (tfm_memory_check((void *)args[2], sizeof(uint32_t), ns_caller, TFM_MEMORY_ACCESS_RO, privileged) != IPC_SUCCESS) { tfm_panic(); } - if (tfm_memory_check((void *)args[2], sizeof(uint32_t), + if (tfm_memory_check((void *)args[3], sizeof(uint32_t), ns_caller, TFM_MEMORY_ACCESS_RO, privileged) != IPC_SUCCESS) { tfm_panic(); } - inptr = (psa_invec *)((psa_invec *)args[1])->base; - in_num = ((psa_invec *)args[1])->len; - outptr = (psa_outvec *)((psa_invec *)args[2])->base; - out_num = ((psa_invec *)args[2])->len; + inptr = (psa_invec *)((psa_invec *)args[2])->base; + in_num = ((psa_invec *)args[2])->len; + outptr = (psa_outvec *)((psa_invec *)args[3])->base; + out_num = ((psa_invec *)args[3])->len; } /* It is a fatal error if in_len + out_len > PSA_MAX_IOVEC. */ @@ -372,7 +379,7 @@ static psa_signal_t tfm_svcall_psa_wait(uint32_t *args) * * \retval PSA_SUCCESS Success, *msg will contain the delivered * message. - * \retval PSA_ERR_NOMSG Message could not be delivered. + * \retval PSA_ERROR_DOES_NOT_EXIST Message could not be delivered. * \retval "Does not return" The call is invalid because one or more of the * following are true: * \arg signal has more than a single bit set. @@ -445,7 +452,7 @@ static psa_status_t tfm_svcall_psa_get(uint32_t *args) tmp_msg = tfm_msg_dequeue(&service->msg_queue); if (!tmp_msg) { - return PSA_ERR_NOMSG; + return PSA_ERROR_DOES_NOT_EXIST; } tfm_memcpy(msg, &tmp_msg->msg, sizeof(psa_msg_t)); @@ -817,10 +824,10 @@ static void tfm_svcall_psa_reply(uint32_t *args) if (msg->msg.rhandle) { tfm_spm_set_rhandle(service, msg->handle, msg->msg.rhandle); } - } else if (status == PSA_CONNECTION_REFUSED) { - ret = PSA_CONNECTION_REFUSED; - } else if (status == PSA_CONNECTION_BUSY) { - ret = PSA_CONNECTION_BUSY; + } else if (status == PSA_ERROR_CONNECTION_REFUSED) { + ret = PSA_ERROR_CONNECTION_REFUSED; + } else if (status == PSA_ERROR_CONNECTION_BUSY) { + ret = PSA_ERROR_CONNECTION_BUSY; } else { tfm_panic(); } @@ -829,8 +836,6 @@ static void tfm_svcall_psa_reply(uint32_t *args) /* Reply to PSA_IPC_CALL message. Return values are based on status */ if (status == PSA_SUCCESS) { ret = PSA_SUCCESS; - } else if (status == PSA_DROP_CONNECTION) { - ret = PSA_DROP_CONNECTION; } else if ((status >= (INT32_MIN + 1)) && (status <= (INT32_MIN + 127))) { tfm_panic(); @@ -1162,7 +1167,7 @@ int32_t SVC_Handler_IPC(tfm_svc_number_t svc_num, uint32_t *ctx, uint32_t lr) default: LOG_MSG("Unknown SVC number requested!"); - return PSA_DROP_CONNECTION; + return PSA_ERROR_GENERIC_ERROR; } return PSA_SUCCESS; } diff --git a/secure_fw/ns_callable/tfm_psa_api_veneers.c b/secure_fw/ns_callable/tfm_psa_api_veneers.c index 420d0c4bf4..55f5d52935 100644 --- a/secure_fw/ns_callable/tfm_psa_api_veneers.c +++ b/secure_fw/ns_callable/tfm_psa_api_veneers.c @@ -91,19 +91,18 @@ uint32_t tfm_psa_version_veneer(uint32_t sid) } __tfm_secure_gateway_attributes__ -psa_handle_t tfm_psa_connect_veneer(uint32_t sid, uint32_t minor_version) +psa_handle_t tfm_psa_connect_veneer(uint32_t sid, uint32_t version) { - TFM_CORE_NS_IPC_REQUEST_VENEER(tfm_svcall_psa_connect, sid, - minor_version, 0, 0); + TFM_CORE_NS_IPC_REQUEST_VENEER(tfm_svcall_psa_connect, sid, version, 0, 0); } __tfm_secure_gateway_attributes__ -psa_status_t tfm_psa_call_veneer(psa_handle_t handle, +psa_status_t tfm_psa_call_veneer(psa_handle_t handle, int32_t type, const psa_invec *in_vecs, const psa_invec *out_vecs) { - TFM_CORE_NS_IPC_REQUEST_VENEER(tfm_svcall_psa_call, handle, in_vecs, - out_vecs, 0); + TFM_CORE_NS_IPC_REQUEST_VENEER(tfm_svcall_psa_call, handle, type, in_vecs, + out_vecs); } __tfm_secure_gateway_attributes__ diff --git a/secure_fw/services/crypto/crypto_aead.c b/secure_fw/services/crypto/crypto_aead.c index f8fa055e28..383b0eb61d 100644 --- a/secure_fw/services/crypto/crypto_aead.c +++ b/secure_fw/services/crypto/crypto_aead.c @@ -8,7 +8,7 @@ #include <stddef.h> #include <stdint.h> -/* FixMe: Use PSA_CONNECTION_REFUSED when performing parameter +/* FixMe: Use PSA_ERROR_CONNECTION_REFUSED when performing parameter * integrity checks but this will have to be revised * when the full set of error codes mandated by PSA FF * is available. @@ -32,11 +32,11 @@ psa_status_t tfm_crypto_aead_encrypt(psa_invec in_vec[], psa_status_t status = PSA_SUCCESS; if ( !((in_len == 2) || (in_len == 3)) || (out_len != 1)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; const struct tfm_crypto_aead_pack_input *aead_pack_input = &iov->aead_in; @@ -80,11 +80,11 @@ psa_status_t tfm_crypto_aead_decrypt(psa_invec in_vec[], psa_status_t status = PSA_SUCCESS; if ( !((in_len == 2) || (in_len == 3)) || (out_len > 1)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; const struct tfm_crypto_aead_pack_input *aead_pack_input = &iov->aead_in; diff --git a/secure_fw/services/crypto/crypto_asymmetric.c b/secure_fw/services/crypto/crypto_asymmetric.c index 57c7f9295c..a2d48c9c5a 100644 --- a/secure_fw/services/crypto/crypto_asymmetric.c +++ b/secure_fw/services/crypto/crypto_asymmetric.c @@ -8,7 +8,7 @@ #include <stddef.h> #include <stdint.h> -/* FixMe: Use PSA_CONNECTION_REFUSED when performing parameter +/* FixMe: Use PSA_ERROR_CONNECTION_REFUSED when performing parameter * integrity checks but this will have to be revised * when the full set of error codes mandated by PSA FF * is available. @@ -30,11 +30,11 @@ psa_status_t tfm_crypto_asymmetric_sign(psa_invec in_vec[], size_t out_len) { if ((in_len != 2) || (out_len != 1)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; @@ -60,11 +60,11 @@ psa_status_t tfm_crypto_asymmetric_verify(psa_invec in_vec[], size_t out_len) { if ((in_len != 3) || (out_len != 0)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; @@ -92,11 +92,11 @@ psa_status_t tfm_crypto_asymmetric_encrypt(psa_invec in_vec[], psa_status_t status; if (!((in_len == 2) || (in_len == 3)) || (out_len != 1)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; @@ -142,11 +142,11 @@ psa_status_t tfm_crypto_asymmetric_decrypt(psa_invec in_vec[], size_t out_len) { if (!((in_len == 2) || (in_len == 3)) || (out_len != 1)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; diff --git a/secure_fw/services/crypto/crypto_cipher.c b/secure_fw/services/crypto/crypto_cipher.c index 590b457834..466cbfef42 100644 --- a/secure_fw/services/crypto/crypto_cipher.c +++ b/secure_fw/services/crypto/crypto_cipher.c @@ -8,7 +8,7 @@ #include <stddef.h> #include <stdint.h> -/* FixMe: Use PSA_CONNECTION_REFUSED when performing parameter +/* FixMe: Use PSA_ERROR_CONNECTION_REFUSED when performing parameter * integrity checks but this will have to be revised * when the full set of error codes mandated by PSA FF * is available. @@ -33,12 +33,12 @@ psa_status_t tfm_crypto_cipher_generate_iv(psa_invec in_vec[], psa_cipher_operation_t *operation = NULL; if ((in_len != 1) || (out_len != 2)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) || (out_vec[0].len != sizeof(uint32_t))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; @@ -79,12 +79,12 @@ psa_status_t tfm_crypto_cipher_set_iv(psa_invec in_vec[], psa_cipher_operation_t *operation = NULL; if ((in_len != 2) || (out_len != 1)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) || (out_vec[0].len != sizeof(uint32_t))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; uint32_t handle = iov->op_handle; @@ -122,12 +122,12 @@ psa_status_t tfm_crypto_cipher_encrypt_setup(psa_invec in_vec[], psa_cipher_operation_t *operation = NULL; if ((in_len != 1) || (out_len != 1)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((out_vec[0].len != sizeof(uint32_t)) || (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; uint32_t handle = iov->op_handle; @@ -169,12 +169,12 @@ psa_status_t tfm_crypto_cipher_decrypt_setup(psa_invec in_vec[], psa_cipher_operation_t *operation = NULL; if ((in_len != 1) || (out_len != 1)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((out_vec[0].len != sizeof(uint32_t)) || (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; uint32_t handle = iov->op_handle; @@ -216,12 +216,12 @@ psa_status_t tfm_crypto_cipher_update(psa_invec in_vec[], psa_cipher_operation_t *operation = NULL; if ((in_len != 2) || (out_len != 2)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) || (out_vec[0].len != sizeof(uint32_t))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; uint32_t handle = iov->op_handle; @@ -265,12 +265,12 @@ psa_status_t tfm_crypto_cipher_finish(psa_invec in_vec[], psa_cipher_operation_t *operation = NULL; if ((in_len != 1) || (out_len != 2)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) || (out_vec[0].len != sizeof(uint32_t))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; uint32_t handle = iov->op_handle; @@ -313,12 +313,12 @@ psa_status_t tfm_crypto_cipher_abort(psa_invec in_vec[], psa_cipher_operation_t *operation = NULL; if ((in_len != 1) || (out_len != 1)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) || (out_vec[0].len != sizeof(uint32_t))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; uint32_t handle = iov->op_handle; diff --git a/secure_fw/services/crypto/crypto_generator.c b/secure_fw/services/crypto/crypto_generator.c index bb79de957d..b2102e1803 100644 --- a/secure_fw/services/crypto/crypto_generator.c +++ b/secure_fw/services/crypto/crypto_generator.c @@ -8,7 +8,7 @@ #include <stddef.h> #include <stdint.h> -/* FixMe: Use PSA_CONNECTION_REFUSED when performing parameter +/* FixMe: Use PSA_ERROR_CONNECTION_REFUSED when performing parameter * integrity checks but this will have to be revised * when the full set of error codes mandated by PSA FF * is available. @@ -31,12 +31,12 @@ psa_status_t tfm_crypto_get_generator_capacity(psa_invec in_vec[], { psa_status_t status; if ((in_len != 1) || (out_len != 1)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) || (out_vec[0].len != sizeof(size_t))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; @@ -63,11 +63,11 @@ psa_status_t tfm_crypto_generator_read(psa_invec in_vec[], { psa_status_t status; if ((in_len != 1) || (out_len != 1)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; @@ -94,12 +94,12 @@ psa_status_t tfm_crypto_generator_import_key(psa_invec in_vec[], { psa_status_t status; if ((in_len != 2) || (out_len != 0)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) || (in_vec[1].len != sizeof(size_t))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; @@ -132,12 +132,12 @@ psa_status_t tfm_crypto_generator_abort(psa_invec in_vec[], { psa_status_t status; if ((in_len != 1) || (out_len != 1)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) || (out_vec[0].len != sizeof(uint32_t))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; @@ -178,12 +178,12 @@ psa_status_t tfm_crypto_key_derivation(psa_invec in_vec[], { psa_status_t status; if (!((in_len == 1) || (in_len == 2) || (in_len == 3)) || (out_len != 1)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) || (out_vec[0].len != sizeof(uint32_t))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; @@ -240,12 +240,12 @@ psa_status_t tfm_crypto_key_agreement(psa_invec in_vec[], { psa_status_t status; if ((in_len != 2) || (out_len != 1)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) || (out_vec[0].len != sizeof(uint32_t))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; @@ -288,11 +288,11 @@ psa_status_t tfm_crypto_generate_random(psa_invec in_vec[], size_t out_len) { if ((in_len != 1) || (out_len != 1)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } uint8_t *output = out_vec[0].base; size_t output_size = out_vec[0].len; @@ -306,12 +306,12 @@ psa_status_t tfm_crypto_generate_key(psa_invec in_vec[], size_t out_len) { if (!((in_len == 2) || (in_len == 3)) || (out_len != 0)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) || (in_vec[1].len != sizeof(size_t))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; psa_key_handle_t key_handle = iov->key_handle; diff --git a/secure_fw/services/crypto/crypto_hash.c b/secure_fw/services/crypto/crypto_hash.c index 911227d763..25577ee2c2 100644 --- a/secure_fw/services/crypto/crypto_hash.c +++ b/secure_fw/services/crypto/crypto_hash.c @@ -8,7 +8,7 @@ #include <stddef.h> #include <stdint.h> -/* FixMe: Use PSA_CONNECTION_REFUSED when performing parameter +/* FixMe: Use PSA_ERROR_CONNECTION_REFUSED when performing parameter * integrity checks but this will have to be revised * when the full set of error codes mandated by PSA FF * is available. @@ -33,12 +33,12 @@ psa_status_t tfm_crypto_hash_setup(psa_invec in_vec[], psa_hash_operation_t *operation = NULL; if ((in_len != 1) || (out_len != 1)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((out_vec[0].len != sizeof(uint32_t)) || (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; uint32_t handle = iov->op_handle; @@ -77,12 +77,12 @@ psa_status_t tfm_crypto_hash_update(psa_invec in_vec[], psa_hash_operation_t *operation = NULL; if ((in_len != 2) || (out_len != 1)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) || (out_vec[0].len != sizeof(uint32_t))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; uint32_t handle = iov->op_handle; @@ -120,12 +120,12 @@ psa_status_t tfm_crypto_hash_finish(psa_invec in_vec[], psa_hash_operation_t *operation = NULL; if ((in_len != 1) || (out_len != 2)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) || (out_vec[0].len != sizeof(uint32_t))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; uint32_t handle = iov->op_handle; @@ -168,12 +168,12 @@ psa_status_t tfm_crypto_hash_verify(psa_invec in_vec[], psa_hash_operation_t *operation = NULL; if ((in_len != 2) || (out_len != 1)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) || (out_vec[0].len != sizeof(uint32_t))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; uint32_t handle = iov->op_handle; @@ -213,12 +213,12 @@ psa_status_t tfm_crypto_hash_abort(psa_invec in_vec[], psa_hash_operation_t *operation = NULL; if ((in_len != 1) || (out_len != 1)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) || (out_vec[0].len != sizeof(uint32_t))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; uint32_t handle = iov->op_handle; @@ -258,12 +258,12 @@ psa_status_t tfm_crypto_hash_clone(psa_invec in_vec[], psa_hash_operation_t *target_operation = NULL; if ((in_len != 1) || (out_len != 1)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) || (out_vec[0].len != sizeof(uint32_t))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; uint32_t source_handle = iov->op_handle; diff --git a/secure_fw/services/crypto/crypto_key.c b/secure_fw/services/crypto/crypto_key.c index 65a72b7514..66718e1934 100644 --- a/secure_fw/services/crypto/crypto_key.c +++ b/secure_fw/services/crypto/crypto_key.c @@ -8,7 +8,7 @@ #include <stddef.h> #include <stdint.h> -/* FixMe: Use PSA_CONNECTION_REFUSED when performing parameter +/* FixMe: Use PSA_ERROR_CONNECTION_REFUSED when performing parameter * integrity checks but this will have to be revised * when the full set of error codes mandated by PSA FF * is available. @@ -70,12 +70,12 @@ psa_status_t tfm_crypto_allocate_key(psa_invec in_vec[], size_t out_len) { if ((in_len != 1) || (out_len != 1)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) || (out_vec[0].len != sizeof(psa_key_handle_t))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } psa_key_handle_t *key_handle = out_vec[0].base; @@ -119,11 +119,11 @@ psa_status_t tfm_crypto_import_key(psa_invec in_vec[], (void)out_vec; if ((in_len != 2) || (out_len != 0)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; @@ -148,11 +148,11 @@ psa_status_t tfm_crypto_destroy_key(psa_invec in_vec[], (void)out_vec; if ((in_len != 1) || (out_len != 0)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; @@ -181,13 +181,13 @@ psa_status_t tfm_crypto_get_key_information(psa_invec in_vec[], size_t out_len) { if ((in_len != 1) || (out_len != 2)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) || (out_vec[0].len != sizeof(psa_key_type_t)) || (out_vec[1].len != sizeof(size_t))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; @@ -204,11 +204,11 @@ psa_status_t tfm_crypto_export_key(psa_invec in_vec[], size_t out_len) { if ((in_len != 1) || (out_len != 1)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; @@ -225,11 +225,11 @@ psa_status_t tfm_crypto_export_public_key(psa_invec in_vec[], size_t out_len) { if ((in_len != 1) || (out_len != 1)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; @@ -248,13 +248,13 @@ psa_status_t tfm_crypto_copy_key(psa_invec in_vec[], (void)out_vec; if ((in_len != 3) || (out_len != 0)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) || (in_vec[1].len != sizeof(psa_key_handle_t)) || (in_vec[2].len != sizeof(psa_key_policy_t))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; @@ -273,12 +273,12 @@ psa_status_t tfm_crypto_set_key_policy(psa_invec in_vec[], (void)out_vec; if ((in_len != 2) || (out_len != 0)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) || (in_vec[1].len != sizeof(psa_key_policy_t))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; @@ -299,12 +299,12 @@ psa_status_t tfm_crypto_get_key_policy(psa_invec in_vec[], size_t out_len) { if ((in_len != 1) || (out_len != 1)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) || (out_vec[0].len != sizeof(psa_key_policy_t))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; @@ -320,12 +320,12 @@ psa_status_t tfm_crypto_get_key_lifetime(psa_invec in_vec[], size_t out_len) { if ((in_len != 1) || (out_len != 1)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) || (out_vec[0].len != sizeof(psa_key_lifetime_t))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; diff --git a/secure_fw/services/crypto/crypto_mac.c b/secure_fw/services/crypto/crypto_mac.c index 788cfe13c0..16e996f761 100644 --- a/secure_fw/services/crypto/crypto_mac.c +++ b/secure_fw/services/crypto/crypto_mac.c @@ -8,7 +8,7 @@ #include <stddef.h> #include <stdint.h> -/* FixMe: Use PSA_CONNECTION_REFUSED when performing parameter +/* FixMe: Use PSA_ERROR_CONNECTION_REFUSED when performing parameter * integrity checks but this will have to be revised * when the full set of error codes mandated by PSA FF * is available. @@ -33,12 +33,12 @@ psa_status_t tfm_crypto_mac_sign_setup(psa_invec in_vec[], psa_mac_operation_t *operation = NULL; if ((in_len != 1) || (out_len != 1)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((out_vec[0].len != sizeof(uint32_t)) || (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; uint32_t handle = iov->op_handle; @@ -83,12 +83,12 @@ psa_status_t tfm_crypto_mac_verify_setup(psa_invec in_vec[], psa_mac_operation_t *operation = NULL; if ((in_len != 1) || (out_len != 1)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((out_vec[0].len != sizeof(uint32_t)) || (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; uint32_t handle = iov->op_handle; @@ -133,12 +133,12 @@ psa_status_t tfm_crypto_mac_update(psa_invec in_vec[], psa_mac_operation_t *operation = NULL; if ((in_len != 2) || (out_len != 1)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) || (out_vec[0].len != sizeof(uint32_t))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; uint32_t handle = iov->op_handle; @@ -176,12 +176,12 @@ psa_status_t tfm_crypto_mac_sign_finish(psa_invec in_vec[], psa_mac_operation_t *operation = NULL; if ((in_len != 1) || (out_len != 2)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) || (out_vec[0].len != sizeof(uint32_t))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; uint32_t handle = iov->op_handle; @@ -224,12 +224,12 @@ psa_status_t tfm_crypto_mac_verify_finish(psa_invec in_vec[], psa_mac_operation_t *operation = NULL; if ((in_len != 2) || (out_len != 1)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) || (out_vec[0].len != sizeof(uint32_t))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; uint32_t handle = iov->op_handle; @@ -269,12 +269,12 @@ psa_status_t tfm_crypto_mac_abort(psa_invec in_vec[], psa_mac_operation_t *operation = NULL; if ((in_len != 1) || (out_len != 1)) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) || (out_vec[0].len != sizeof(uint32_t))) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; uint32_t handle = iov->op_handle; diff --git a/secure_fw/services/crypto/tfm_crypto_secure_api.c b/secure_fw/services/crypto/tfm_crypto_secure_api.c index 01be810588..af6e5a3d0b 100644 --- a/secure_fw/services/crypto/tfm_crypto_secure_api.c +++ b/secure_fw/services/crypto/tfm_crypto_secure_api.c @@ -31,12 +31,12 @@ #define PSA_CLOSE() psa_close(ipc_handle) #define API_DISPATCH(sfn_name, sfn_id) \ - psa_call(ipc_handle, /*PSA_IPC_CALL,*/ \ + psa_call(ipc_handle, PSA_IPC_CALL, \ in_vec, ARRAY_SIZE(in_vec), \ out_vec, ARRAY_SIZE(out_vec)) #define API_DISPATCH_NO_OUTVEC(sfn_name, sfn_id) \ - psa_call(ipc_handle, /*PSA_IPC_CALL,*/ \ + psa_call(ipc_handle, PSA_IPC_CALL, \ in_vec, ARRAY_SIZE(in_vec), \ (psa_outvec *)NULL, 0) #else @@ -1097,7 +1097,7 @@ psa_status_t psa_aead_encrypt(psa_key_handle_t handle, if (additional_data == NULL) { in_len--; } - status = psa_call(ipc_handle, in_vec, in_len, + status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len, out_vec, ARRAY_SIZE(out_vec)); #else status = API_DISPATCH(tfm_crypto_aead_encrypt, @@ -1168,7 +1168,7 @@ psa_status_t psa_aead_decrypt(psa_key_handle_t handle, if (additional_data == NULL) { in_len--; } - status = psa_call(ipc_handle, in_vec, in_len, + status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len, out_vec, ARRAY_SIZE(out_vec)); #else status = API_DISPATCH(tfm_crypto_aead_decrypt, @@ -1300,7 +1300,7 @@ psa_status_t psa_asymmetric_encrypt(psa_key_handle_t handle, if (salt == NULL) { in_len--; } - status = psa_call(ipc_handle, in_vec, in_len, + status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len, out_vec, ARRAY_SIZE(out_vec)); #else status = API_DISPATCH(tfm_crypto_asymmetric_encrypt, @@ -1358,7 +1358,7 @@ psa_status_t psa_asymmetric_decrypt(psa_key_handle_t handle, if (salt == NULL) { in_len--; } - status = psa_call(ipc_handle, in_vec, in_len, + status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len, out_vec, ARRAY_SIZE(out_vec)); #else status = API_DISPATCH(tfm_crypto_asymmetric_decrypt, @@ -1549,7 +1549,7 @@ psa_status_t psa_key_derivation(psa_crypto_generator_t *generator, in_len--; } } - status = psa_call(ipc_handle, in_vec, in_len, + status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len, out_vec, ARRAY_SIZE(out_vec)); #else status = API_DISPATCH(tfm_crypto_key_derivation, @@ -1671,7 +1671,7 @@ psa_status_t psa_generate_key(psa_key_handle_t handle, in_len--; } - status = psa_call(ipc_handle, in_vec, in_len, NULL, 0); + status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len, NULL, 0); #else status = API_DISPATCH_NO_OUTVEC(tfm_crypto_generate_key, TFM_CRYPTO_GENERATE_KEY); diff --git a/secure_fw/services/initial_attestation/tfm_attestation_secure_api.c b/secure_fw/services/initial_attestation/tfm_attestation_secure_api.c index 282698c2af..794311ad30 100644 --- a/secure_fw/services/initial_attestation/tfm_attestation_secure_api.c +++ b/secure_fw/services/initial_attestation/tfm_attestation_secure_api.c @@ -54,7 +54,7 @@ psa_initial_attest_get_token(const uint8_t *challenge_obj, return PSA_ATTEST_ERR_GENERAL; } - status = psa_call(handle, + status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); psa_close(handle); @@ -134,7 +134,7 @@ psa_initial_attest_get_token_size(uint32_t challenge_size, return PSA_ATTEST_ERR_GENERAL; } - status = psa_call(handle, + status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); psa_close(handle); diff --git a/secure_fw/services/secure_storage/tfm_sst_req_mngr.c b/secure_fw/services/secure_storage/tfm_sst_req_mngr.c index 87d4e76d22..0f7d49b852 100644 --- a/secure_fw/services/secure_storage/tfm_sst_req_mngr.c +++ b/secure_fw/services/secure_storage/tfm_sst_req_mngr.c @@ -33,13 +33,14 @@ static bool sst_is_init = false; * function call, as calls to the Crypto service are required for * initialisation. * - * \return PSA_SUCCESS if SST is initialised, PSA_CONNECTION_REFUSED otherwise. + * \return PSA_SUCCESS if SST is initialised, PSA_ERROR_CONNECTION_REFUSED + * otherwise. */ static psa_status_t sst_check_init(void) { if (!sst_is_init) { if (tfm_sst_init() != PSA_PS_SUCCESS) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } sst_is_init = true; } @@ -59,17 +60,17 @@ psa_status_t tfm_sst_set_req(psa_invec *in_vec, size_t in_len, psa_ps_status_t *err; if (sst_check_init() != PSA_SUCCESS) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_len != 3) || (out_len != 1)) { /* The number of arguments are incorrect */ - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if (in_vec[0].len != sizeof(psa_ps_uid_t)) { /* The input argument size is incorrect */ - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } uid = *((psa_ps_uid_t *)in_vec[0].base); @@ -79,14 +80,14 @@ psa_status_t tfm_sst_set_req(psa_invec *in_vec, size_t in_len, if (in_vec[2].len != sizeof(psa_ps_create_flags_t)) { /* The input argument size is incorrect */ - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } create_flags = *(psa_ps_create_flags_t *)in_vec[2].base; if (out_vec[0].len != sizeof(psa_ps_status_t)) { /* The output argument size is incorrect */ - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } err = (psa_ps_status_t *)out_vec[0].base; @@ -94,7 +95,7 @@ psa_status_t tfm_sst_set_req(psa_invec *in_vec, size_t in_len, /* Get the caller's client ID */ status = tfm_core_get_caller_client_id(&client_id); if (status != (int32_t)TFM_SUCCESS) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } *err = tfm_sst_set(client_id, uid, data_length, p_data, create_flags); @@ -114,31 +115,31 @@ psa_status_t tfm_sst_get_req(psa_invec *in_vec, size_t in_len, psa_ps_status_t *err; if (sst_check_init() != PSA_SUCCESS) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_len != 2) || (out_len != 2)) { /* The number of arguments are incorrect */ - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if (in_vec[0].len != sizeof(psa_ps_uid_t)) { /* The input argument size is incorrect */ - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } uid = *((psa_ps_uid_t *)in_vec[0].base); if (in_vec[1].len != sizeof(data_offset)) { /* The input argument size is incorrect */ - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } data_offset = *(uint32_t *)in_vec[1].base; if (out_vec[0].len != sizeof(psa_ps_status_t)) { /* The output argument size is incorrect */ - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } err = (psa_ps_status_t *)out_vec[0].base; @@ -149,7 +150,7 @@ psa_status_t tfm_sst_get_req(psa_invec *in_vec, size_t in_len, /* Get the caller's client ID */ status = tfm_core_get_caller_client_id(&client_id); if (status != (int32_t)TFM_SUCCESS) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } *err = tfm_sst_get(client_id, uid, data_offset, data_length, p_data); @@ -168,31 +169,31 @@ psa_status_t tfm_sst_get_info_req(psa_invec *in_vec, size_t in_len, psa_ps_status_t *err; if (sst_check_init() != PSA_SUCCESS) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_len != 1) || (out_len != 2)) { /* The number of arguments are incorrect */ - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if (in_vec[0].len != sizeof(psa_ps_uid_t)) { /* The input argument size is incorrect */ - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } uid = *((psa_ps_uid_t *)in_vec[0].base); if (out_vec[0].len != sizeof(psa_ps_status_t)) { /* The output argument size is incorrect */ - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } err = (psa_ps_status_t *)out_vec[0].base; if (out_vec[1].len != sizeof(struct psa_ps_info_t)) { /* The output argument size is incorrect */ - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } p_info = (struct psa_ps_info_t *)out_vec[1].base; @@ -200,7 +201,7 @@ psa_status_t tfm_sst_get_info_req(psa_invec *in_vec, size_t in_len, /* Get the caller's client ID */ status = tfm_core_get_caller_client_id(&client_id); if (status != (int32_t)TFM_SUCCESS) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } *err = tfm_sst_get_info(client_id, uid, p_info); @@ -217,24 +218,24 @@ psa_status_t tfm_sst_remove_req(psa_invec *in_vec, size_t in_len, psa_ps_status_t *err; if (sst_check_init() != PSA_SUCCESS) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_len != 1) || (out_len != 1)) { /* The number of arguments are incorrect */ - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if (in_vec[0].len != sizeof(psa_ps_uid_t)) { /* The input argument size is incorrect */ - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } uid = *((psa_ps_uid_t *)in_vec[0].base); if (out_vec[0].len != sizeof(psa_ps_status_t)) { /* The output argument size is incorrect */ - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } err = (psa_ps_status_t *)out_vec[0].base; @@ -242,7 +243,7 @@ psa_status_t tfm_sst_remove_req(psa_invec *in_vec, size_t in_len, /* Get the caller's client ID */ status = tfm_core_get_caller_client_id(&client_id); if (status != (int32_t)TFM_SUCCESS) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } *err = tfm_sst_remove(client_id, uid); @@ -258,17 +259,17 @@ psa_status_t tfm_sst_get_support_req(psa_invec *in_vec, size_t in_len, (void)in_vec; if (sst_check_init() != PSA_SUCCESS) { - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if ((in_len != 0) || (out_len != 1)) { /* The number of arguments are incorrect */ - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } if (out_vec[0].len != sizeof(*support_flags)) { /* The output argument size is incorrect */ - return PSA_CONNECTION_REFUSED; + return PSA_ERROR_CONNECTION_REFUSED; } support_flags = (uint32_t *)out_vec[0].base; diff --git a/secure_fw/services/secure_storage/tfm_sst_secure_api.c b/secure_fw/services/secure_storage/tfm_sst_secure_api.c index a5afc36ff3..f7832ad295 100644 --- a/secure_fw/services/secure_storage/tfm_sst_secure_api.c +++ b/secure_fw/services/secure_storage/tfm_sst_secure_api.c @@ -43,7 +43,7 @@ psa_ps_status_t psa_ps_set(psa_ps_uid_t uid, return PSA_PS_ERROR_OPERATION_FAILED; } - status = psa_call(handle, in_vec, IOVEC_LEN(in_vec), out_vec, + status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); psa_close(handle); @@ -90,7 +90,7 @@ psa_ps_status_t psa_ps_get(psa_ps_uid_t uid, return PSA_PS_ERROR_OPERATION_FAILED; } - status = psa_call(handle, in_vec, IOVEC_LEN(in_vec), out_vec, + status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); psa_close(handle); @@ -133,7 +133,7 @@ psa_ps_status_t psa_ps_get_info(psa_ps_uid_t uid, struct psa_ps_info_t *p_info) return PSA_PS_ERROR_OPERATION_FAILED; } - status = psa_call(handle, in_vec, IOVEC_LEN(in_vec), out_vec, + status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); psa_close(handle); @@ -176,7 +176,7 @@ psa_ps_status_t psa_ps_remove(psa_ps_uid_t uid) return PSA_PS_ERROR_OPERATION_FAILED; } - status = psa_call(handle, in_vec, IOVEC_LEN(in_vec), out_vec, + status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); psa_close(handle); @@ -243,7 +243,7 @@ uint32_t psa_ps_get_support(void) return support_flags; } - (void)psa_call(handle, NULL, 0, out_vec, IOVEC_LEN(out_vec)); + (void)psa_call(handle, PSA_IPC_CALL, NULL, 0, out_vec, IOVEC_LEN(out_vec)); psa_close(handle); #else diff --git a/test/suites/core/non_secure/core_ns_positive_testsuite.c b/test/suites/core/non_secure/core_ns_positive_testsuite.c index 571bd22565..34a721c266 100644 --- a/test/suites/core/non_secure/core_ns_positive_testsuite.c +++ b/test/suites/core/non_secure/core_ns_positive_testsuite.c @@ -122,7 +122,7 @@ static psa_status_t psa_test_common(uint32_t sid, uint32_t minor_version, return CORE_TEST_ERRNO_INVALID_PARAMETER; } - status = psa_call(handle, in_vecs, in_len, out_vecs, out_len); + status = psa_call(handle, PSA_IPC_CALL, in_vecs, in_len, out_vecs, out_len); if (status < 0) { status = CORE_TEST_ERRNO_UNEXPECTED_CORE_BEHAVIOUR; } diff --git a/test/suites/ipc/non_secure/ipc_ns_interface_testsuite.c b/test/suites/ipc/non_secure/ipc_ns_interface_testsuite.c index fb9bc3d1b1..a1bc5df77d 100644 --- a/test/suites/ipc/non_secure/ipc_ns_interface_testsuite.c +++ b/test/suites/ipc/non_secure/ipc_ns_interface_testsuite.c @@ -148,12 +148,9 @@ static void tfm_ipc_test_1004(struct test_result_t *ret) TEST_LOG("TFM service support minor version is %d.\r\n", min_version); handle = psa_connect(IPC_SERVICE_TEST_BASIC_SID, IPC_SERVICE_TEST_BASIC_VERSION); - status = psa_call(handle, invecs, 2, outvecs, 2); + status = psa_call(handle, PSA_IPC_CALL, invecs, 2, outvecs, 2); if (status >= 0) { TEST_LOG("psa_call is successful!\r\n"); - } else if (status == PSA_DROP_CONNECTION) { - TEST_FAIL("The connection has been dropped by the RoT Service!\r\n"); - return; } else { TEST_FAIL("psa_call is failed!\r\n"); return; @@ -185,7 +182,7 @@ static void tfm_ipc_test_1005(struct test_result_t *ret) return; } - status = psa_call(handle, NULL, 0, outvecs, 1); + status = psa_call(handle, PSA_IPC_CALL, NULL, 0, outvecs, 1); if (status >= 0) { TEST_LOG("Call success!"); if (test_result > 0) { @@ -222,7 +219,7 @@ static void tfm_ipc_test_1006(struct test_result_t *ret) return; } - status = psa_call(handle, NULL, 0, outvecs, 1); + status = psa_call(handle, PSA_IPC_CALL, NULL, 0, outvecs, 1); if (status >= 0) { TEST_LOG("Call success!"); if (test_result > 0) { @@ -259,7 +256,7 @@ static void tfm_ipc_test_1007(struct test_result_t *ret) return; } - psa_call(handle, NULL, 0, outvecs, 1); + psa_call(handle, PSA_IPC_CALL, NULL, 0, outvecs, 1); /* The system should panic in psa_call. If runs here, the test fails. */ ret->val = TEST_FAILED; @@ -288,7 +285,7 @@ static void tfm_ipc_test_1008(struct test_result_t *ret) return; } - psa_call(handle, NULL, 0, outvecs, 1); + psa_call(handle, PSA_IPC_CALL, NULL, 0, outvecs, 1); /* The system should panic in psa_call. If runs here, the test fails. */ ret->val = TEST_FAILED; @@ -317,7 +314,7 @@ static void tfm_ipc_test_1009(struct test_result_t *ret) return; } - psa_call(handle, NULL, 0, outvecs, 1); + psa_call(handle, PSA_IPC_CALL, NULL, 0, outvecs, 1); /* The system should panic in psa_call. If runs here, the test fails. */ ret->val = TEST_FAILED; diff --git a/test/test_services/tfm_core_test/tfm_ss_core_test.c b/test/test_services/tfm_core_test/tfm_ss_core_test.c index 0e146fd765..8e74559380 100644 --- a/test/test_services/tfm_core_test/tfm_ss_core_test.c +++ b/test/test_services/tfm_core_test/tfm_ss_core_test.c @@ -53,7 +53,7 @@ static psa_status_t psa_test_common(uint32_t sid, uint32_t minor_version, return CORE_TEST_ERRNO_INVALID_PARAMETER; } - status = psa_call(handle, in_vecs, in_len, out_vecs, out_len); + status = psa_call(handle, PSA_IPC_CALL, in_vecs, in_len, out_vecs, out_len); if (status < 0) { status = CORE_TEST_ERRNO_UNEXPECTED_CORE_BEHAVIOUR; } diff --git a/test/test_services/tfm_ipc_client/tfm_ipc_client_test.c b/test/test_services/tfm_ipc_client/tfm_ipc_client_test.c index f486592007..fbe4210c75 100644 --- a/test/test_services/tfm_ipc_client/tfm_ipc_client_test.c +++ b/test/test_services/tfm_ipc_client/tfm_ipc_client_test.c @@ -55,7 +55,7 @@ static int ipc_isolation_2_psa_access_app_readonly_memory(void) return IPC_SP_TEST_FAILED; } - status = psa_call(handle, invecs, 1, NULL, 0); + status = psa_call(handle, PSA_IPC_CALL, invecs, 1, NULL, 0); /* The system should panic before here. */ psa_close(handle); @@ -79,7 +79,7 @@ static int ipc_isolation_2_psa_access_app_memory(void) return result; } - status = psa_call(handle, invecs, 1, NULL, 0); + status = psa_call(handle, PSA_IPC_CALL, invecs, 1, NULL, 0); if ((client_data == 'B') && (status >= 0)) { result = IPC_SP_TEST_SUCCESS; @@ -108,7 +108,7 @@ static int ipc_client_base_test(void) return result; } - status = psa_call(handle, invecs, 2, outvecs, 2); + status = psa_call(handle, PSA_IPC_CALL, invecs, 2, outvecs, 2); if (status >= 0) { result = IPC_SP_TEST_SUCCESS; } @@ -132,7 +132,7 @@ static int ipc_client_app_access_psa_mem_test(void) return IPC_SP_TEST_FAILED; } - status = psa_call(handle, NULL, 0, outvecs, 1); + status = psa_call(handle, PSA_IPC_CALL, NULL, 0, outvecs, 1); if (status >= 0) { /* * outvecs should contain the pointer pointed to ipc service parition @@ -166,7 +166,7 @@ static int ipc_client_mem_check_test(void) return IPC_SP_TEST_FAILED; } - status = psa_call(handle, NULL, 0, outvecs, 1); + status = psa_call(handle, PSA_IPC_CALL, NULL, 0, outvecs, 1); if (status >= 0) { /* * outvecs should contain the pointer pointed to ipc service parition @@ -178,7 +178,7 @@ static int ipc_client_mem_check_test(void) if (psa_data_p) { invecs[0].base = psa_data_p; invecs[0].len = sizeof(psa_data_p); - psa_call(handle, invecs, 1, NULL, 0); + psa_call(handle, PSA_IPC_CALL, invecs, 1, NULL, 0); } } @@ -197,7 +197,7 @@ static void ipc_client_handle_ser_req(psa_msg_t msg, uint32_t signals, switch (msg.type) { case PSA_IPC_CONNECT: if (service_in_use & signals) { - r = PSA_CONNECTION_REFUSED; + r = PSA_ERROR_CONNECTION_REFUSED; } else { service_in_use |= signals; r = PSA_SUCCESS; diff --git a/test/test_services/tfm_ipc_service/tfm_ipc_service_test.c b/test/test_services/tfm_ipc_service/tfm_ipc_service_test.c index d1935df761..16950c99ba 100644 --- a/test/test_services/tfm_ipc_service/tfm_ipc_service_test.c +++ b/test/test_services/tfm_ipc_service/tfm_ipc_service_test.c @@ -46,7 +46,7 @@ static void ipc_service_basic(void) switch (msg.type) { case PSA_IPC_CONNECT: if (service_in_use & IPC_SERVICE_TEST_BASIC_SIGNAL) { - r = PSA_CONNECTION_REFUSED; + r = PSA_ERROR_CONNECTION_REFUSED; } else { service_in_use |= IPC_SERVICE_TEST_BASIC_SIGNAL; r = PSA_SUCCESS; @@ -87,7 +87,7 @@ static void ipc_service_psa_access_app_mem(void) switch (msg.type) { case PSA_IPC_CONNECT: if (service_in_use & IPC_SERVICE_TEST_PSA_ACCESS_APP_MEM_SIGNAL) { - r = PSA_CONNECTION_REFUSED; + r = PSA_ERROR_CONNECTION_REFUSED; } else { service_in_use |= IPC_SERVICE_TEST_PSA_ACCESS_APP_MEM_SIGNAL; r = PSA_SUCCESS; @@ -139,7 +139,7 @@ static void ipc_service_psa_access_app_readonly_mem(void) case PSA_IPC_CONNECT: if (service_in_use & IPC_SERVICE_TEST_PSA_ACCESS_APP_READ_ONLY_MEM_SIGNAL) { - r = PSA_CONNECTION_REFUSED; + r = PSA_ERROR_CONNECTION_REFUSED; } else { service_in_use |= IPC_SERVICE_TEST_PSA_ACCESS_APP_READ_ONLY_MEM_SIGNAL; @@ -194,7 +194,7 @@ static void ipc_service_app_access_psa_mem(void) switch (msg.type) { case PSA_IPC_CONNECT: if (service_in_use & IPC_SERVICE_TEST_APP_ACCESS_PSA_MEM_SIGNAL) { - r = PSA_CONNECTION_REFUSED; + r = PSA_ERROR_CONNECTION_REFUSED; } else { service_in_use |= IPC_SERVICE_TEST_APP_ACCESS_PSA_MEM_SIGNAL; r = PSA_SUCCESS; diff --git a/test/test_services/tfm_secure_client_service/tfm_secure_client_service_api.c b/test/test_services/tfm_secure_client_service/tfm_secure_client_service_api.c index ff6af34106..0dda69ff8b 100644 --- a/test/test_services/tfm_secure_client_service/tfm_secure_client_service_api.c +++ b/test/test_services/tfm_secure_client_service/tfm_secure_client_service_api.c @@ -26,7 +26,7 @@ int32_t tfm_secure_client_run_tests(void) return TFM_ERROR_GENERIC; } - status = psa_call(handle, NULL, 0, NULL, 0); + status = psa_call(handle, PSA_IPC_CALL, NULL, 0, NULL, 0); psa_close(handle); if (status != PSA_SUCCESS) { |