aboutsummaryrefslogtreecommitdiff
path: root/interface
diff options
context:
space:
mode:
authorGalanakis, Minos <minos.galanakis@arm.com>2019-11-20 14:29:44 +0000
committerJamie Fox <jamie.fox@arm.com>2020-02-19 15:28:32 +0000
commitecc9de8367a778b7516f2d197a0ebb0537d6e4ae (patch)
tree9d788acfa269c6a65594fc9208a98ca331066fa3 /interface
parent235ab656044a684fd95ce8d208d2c7b7220d3e77 (diff)
downloadtrusted-firmware-m-ecc9de8367a778b7516f2d197a0ebb0537d6e4ae.tar.gz
SST: Implement PSA Protected Storage 1.0
Refactors SST to implement PSA Protected Storage version 1.0. Change-Id: I967375e98799a465069525f203881f5331d6d84a Signed-off-by: Galanakis, Minos <minos.galanakis@arm.com>
Diffstat (limited to 'interface')
-rw-r--r--interface/src/tfm_sst_func_api.c93
-rw-r--r--interface/src/tfm_sst_ipc_api.c99
2 files changed, 83 insertions, 109 deletions
diff --git a/interface/src/tfm_sst_func_api.c b/interface/src/tfm_sst_func_api.c
index 6d94d67940..77a466eed7 100644
--- a/interface/src/tfm_sst_func_api.c
+++ b/interface/src/tfm_sst_func_api.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2017-2020, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -12,73 +12,72 @@
#define IOVEC_LEN(x) (uint32_t)(sizeof(x)/sizeof(x[0]))
-psa_ps_status_t psa_ps_set(psa_ps_uid_t uid,
- uint32_t data_length,
- const void *p_data,
- psa_ps_create_flags_t create_flags)
+psa_status_t psa_ps_set(psa_storage_uid_t uid,
+ size_t data_length,
+ const void *p_data,
+ psa_storage_create_flags_t create_flags)
{
psa_status_t status;
- psa_ps_status_t err;
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) },
{ .base = p_data, .len = data_length },
{ .base = &create_flags, .len = sizeof(create_flags) }
};
- psa_outvec out_vec[] = {
- { .base = &err , .len = sizeof(err) }
- };
-
status = tfm_ns_interface_dispatch(
(veneer_fn)tfm_tfm_sst_set_req_veneer,
(uint32_t)in_vec, IOVEC_LEN(in_vec),
- (uint32_t)out_vec, IOVEC_LEN(out_vec));
- if (status != PSA_SUCCESS) {
- return PSA_PS_ERROR_OPERATION_FAILED;
- }
+ (uint32_t)NULL, 0);
- return err;
+ /* A parameter with a buffer pointer pointer that has data length longer
+ * than maximum permitted is treated as a secure violation.
+ * TF-M framework rejects the request with TFM_ERROR_INVALID_PARAMETER.
+ */
+ if (status == (psa_status_t)TFM_ERROR_INVALID_PARAMETER) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ return status;
}
-psa_ps_status_t psa_ps_get(psa_ps_uid_t uid,
- uint32_t data_offset,
- uint32_t data_length,
- void *p_data)
+psa_status_t psa_ps_get(psa_storage_uid_t uid,
+ size_t data_offset,
+ size_t data_size,
+ void *p_data,
+ size_t *p_data_length)
{
psa_status_t status;
- psa_ps_status_t err;
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) },
{ .base = &data_offset, .len = sizeof(data_offset) }
};
psa_outvec out_vec[] = {
- { .base = &err, .len = sizeof(err) },
- { .base = p_data, .len = data_length }
+ { .base = p_data, .len = data_size }
};
+ if (p_data_length == NULL) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+
status = tfm_ns_interface_dispatch(
(veneer_fn)tfm_tfm_sst_get_req_veneer,
(uint32_t)in_vec, IOVEC_LEN(in_vec),
(uint32_t)out_vec, IOVEC_LEN(out_vec));
- if (status != PSA_SUCCESS) {
- return PSA_PS_ERROR_OPERATION_FAILED;
- }
+ *p_data_length = out_vec[0].len;
- return err;
+ return status;
}
-psa_ps_status_t psa_ps_get_info(psa_ps_uid_t uid, struct psa_ps_info_t *p_info)
+psa_status_t psa_ps_get_info(psa_storage_uid_t uid,
+ struct psa_storage_info_t *p_info)
{
psa_status_t status;
- psa_ps_status_t err;
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) }
};
psa_outvec out_vec[] = {
- { .base = &err, .len = sizeof(err) },
{ .base = p_info, .len = sizeof(*p_info) }
};
@@ -87,56 +86,44 @@ psa_ps_status_t psa_ps_get_info(psa_ps_uid_t uid, struct psa_ps_info_t *p_info)
(uint32_t)in_vec, IOVEC_LEN(in_vec),
(uint32_t)out_vec, IOVEC_LEN(out_vec));
- if (status != PSA_SUCCESS) {
- return PSA_PS_ERROR_OPERATION_FAILED;
- }
-
- return err;
+ return status;
}
-psa_ps_status_t psa_ps_remove(psa_ps_uid_t uid)
+psa_status_t psa_ps_remove(psa_storage_uid_t uid)
{
psa_status_t status;
- psa_ps_status_t err;
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) }
};
- psa_outvec out_vec[] = {
- { .base = &err, .len = sizeof(err) }
- };
-
status = tfm_ns_interface_dispatch(
(veneer_fn)tfm_tfm_sst_remove_req_veneer,
(uint32_t)in_vec, IOVEC_LEN(in_vec),
- (uint32_t)out_vec, IOVEC_LEN(out_vec));
-
- if (status != PSA_SUCCESS) {
- return PSA_PS_ERROR_OPERATION_FAILED;
- }
+ (uint32_t)NULL, 0);
- return err;
+ return status;
}
-psa_ps_status_t psa_ps_create(psa_ps_uid_t uid, uint32_t size,
- psa_ps_create_flags_t create_flags)
+psa_status_t psa_ps_create(psa_storage_uid_t uid,
+ size_t capacity,
+ psa_storage_create_flags_t create_flags)
{
(void)uid;
- (void)size;
+ (void)capacity;
(void)create_flags;
- return PSA_PS_ERROR_NOT_SUPPORTED;
+ return PSA_ERROR_NOT_SUPPORTED;
}
-psa_ps_status_t psa_ps_set_extended(psa_ps_uid_t uid, uint32_t data_offset,
- uint32_t data_length, const void *p_data)
+psa_status_t psa_ps_set_extended(psa_storage_uid_t uid, size_t data_offset,
+ size_t data_length, const void *p_data)
{
(void)uid;
(void)data_offset;
(void)data_length;
(void)p_data;
- return PSA_PS_ERROR_NOT_SUPPORTED;
+ return PSA_ERROR_NOT_SUPPORTED;
}
uint32_t psa_ps_get_support(void)
diff --git a/interface/src/tfm_sst_ipc_api.c b/interface/src/tfm_sst_ipc_api.c
index 9ef95ff499..8d0dc431a4 100644
--- a/interface/src/tfm_sst_ipc_api.c
+++ b/interface/src/tfm_sst_ipc_api.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2017-2020, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -13,13 +13,12 @@
#define IOVEC_LEN(x) (uint32_t)(sizeof(x)/sizeof(x[0]))
-psa_ps_status_t psa_ps_set(psa_ps_uid_t uid,
- uint32_t data_length,
- const void *p_data,
- psa_ps_create_flags_t create_flags)
+psa_status_t psa_ps_set(psa_storage_uid_t uid,
+ size_t data_length,
+ const void *p_data,
+ psa_storage_create_flags_t create_flags)
{
psa_status_t status;
- psa_ps_status_t err;
psa_handle_t handle;
psa_invec in_vec[] = {
@@ -28,34 +27,34 @@ psa_ps_status_t psa_ps_set(psa_ps_uid_t uid,
{ .base = &create_flags, .len = sizeof(create_flags) }
};
- psa_outvec out_vec[] = {
- { .base = &err , .len = sizeof(err) }
- };
-
handle = psa_connect(TFM_SST_SET_SID, TFM_SST_SET_VERSION);
if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_PS_ERROR_OPERATION_FAILED;
+ return PSA_ERROR_GENERIC_ERROR;
}
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
- IOVEC_LEN(out_vec));
+ status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec),
+ NULL, 0);
psa_close(handle);
- if (status != PSA_SUCCESS) {
- return PSA_PS_ERROR_OPERATION_FAILED;
+ /* A parameter with a buffer pointer pointer that has data length longer
+ * than maximum permitted is treated as a secure violation.
+ * TF-M framework rejects the request with TFM_ERROR_INVALID_PARAMETER.
+ */
+ if (status == (psa_status_t)TFM_ERROR_INVALID_PARAMETER) {
+ return PSA_ERROR_INVALID_ARGUMENT;
}
- return err;
+ return status;
}
-psa_ps_status_t psa_ps_get(psa_ps_uid_t uid,
- uint32_t data_offset,
- uint32_t data_length,
- void *p_data)
+psa_status_t psa_ps_get(psa_storage_uid_t uid,
+ size_t data_offset,
+ size_t data_size,
+ void *p_data,
+ size_t *p_data_length)
{
psa_status_t status;
- psa_ps_status_t err;
psa_handle_t handle;
psa_invec in_vec[] = {
@@ -64,13 +63,16 @@ psa_ps_status_t psa_ps_get(psa_ps_uid_t uid,
};
psa_outvec out_vec[] = {
- { .base = &err, .len = sizeof(err) },
- { .base = p_data, .len = data_length }
+ { .base = p_data, .len = data_size }
};
+ if (p_data_length == NULL) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+
handle = psa_connect(TFM_SST_GET_SID, TFM_SST_GET_VERSION);
if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_PS_ERROR_OPERATION_FAILED;
+ return PSA_ERROR_GENERIC_ERROR;
}
status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
@@ -78,17 +80,15 @@ psa_ps_status_t psa_ps_get(psa_ps_uid_t uid,
psa_close(handle);
- if (status != PSA_SUCCESS) {
- return PSA_PS_ERROR_OPERATION_FAILED;
- }
+ *p_data_length = out_vec[0].len;
- return err;
+ return status;
}
-psa_ps_status_t psa_ps_get_info(psa_ps_uid_t uid, struct psa_ps_info_t *p_info)
+psa_status_t psa_ps_get_info(psa_storage_uid_t uid,
+ struct psa_storage_info_t *p_info)
{
psa_status_t status;
- psa_ps_status_t err;
psa_handle_t handle;
psa_invec in_vec[] = {
@@ -96,13 +96,12 @@ psa_ps_status_t psa_ps_get_info(psa_ps_uid_t uid, struct psa_ps_info_t *p_info)
};
psa_outvec out_vec[] = {
- { .base = &err, .len = sizeof(err) },
{ .base = p_info, .len = sizeof(*p_info) }
};
handle = psa_connect(TFM_SST_GET_INFO_SID, TFM_SST_GET_INFO_VERSION);
if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_PS_ERROR_OPERATION_FAILED;
+ return PSA_ERROR_GENERIC_ERROR;
}
status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
@@ -110,63 +109,51 @@ psa_ps_status_t psa_ps_get_info(psa_ps_uid_t uid, struct psa_ps_info_t *p_info)
psa_close(handle);
- if (status != PSA_SUCCESS) {
- return PSA_PS_ERROR_OPERATION_FAILED;
- }
-
- return err;
+ return status;
}
-psa_ps_status_t psa_ps_remove(psa_ps_uid_t uid)
+psa_status_t psa_ps_remove(psa_storage_uid_t uid)
{
psa_status_t status;
- psa_ps_status_t err;
psa_handle_t handle;
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) }
};
- psa_outvec out_vec[] = {
- { .base = &err, .len = sizeof(err) }
- };
handle = psa_connect(TFM_SST_REMOVE_SID, TFM_SST_REMOVE_VERSION);
if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_PS_ERROR_OPERATION_FAILED;
+ return PSA_ERROR_GENERIC_ERROR;
}
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
- IOVEC_LEN(out_vec));
+ status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec),
+ NULL, 0);
psa_close(handle);
- if (status != PSA_SUCCESS) {
- return PSA_PS_ERROR_OPERATION_FAILED;
- }
-
- return err;
+ return status;
}
-psa_ps_status_t psa_ps_create(psa_ps_uid_t uid, uint32_t size,
- psa_ps_create_flags_t create_flags)
+psa_status_t psa_ps_create(psa_storage_uid_t uid, size_t size,
+ psa_storage_create_flags_t create_flags)
{
(void)uid;
(void)size;
(void)create_flags;
- return PSA_PS_ERROR_NOT_SUPPORTED;
+ return PSA_ERROR_NOT_SUPPORTED;
}
-psa_ps_status_t psa_ps_set_extended(psa_ps_uid_t uid, uint32_t data_offset,
- uint32_t data_length, const void *p_data)
+psa_status_t psa_ps_set_extended(psa_storage_uid_t uid, size_t data_offset,
+ size_t data_length, const void *p_data)
{
(void)uid;
(void)data_offset;
(void)data_length;
(void)p_data;
- return PSA_PS_ERROR_NOT_SUPPORTED;
+ return PSA_ERROR_NOT_SUPPORTED;
}
uint32_t psa_ps_get_support(void)