aboutsummaryrefslogtreecommitdiff
path: root/secure_fw
diff options
context:
space:
mode:
authorMingyang Sun <mingyang.sun@arm.com>2021-07-12 14:46:30 +0800
committerMingyang Sun <mingyang.sun@arm.com>2021-08-06 15:08:19 +0800
commite529e3b5f52163b38f5261eb80246f392eed4e83 (patch)
treefd8e0a525d03a8cd7a17159af8917e46cb9ead18 /secure_fw
parent22a3faf4c41150d15868c0bd369c40d02a222988 (diff)
downloadtrusted-firmware-m-e529e3b5f52163b38f5261eb80246f392eed4e83.tar.gz
SPM: Remove the "privileged" argument
Remove the "privileged" argument from PSA API function body, create an API to obtain privilege information from the caller info. Change-Id: If0b7f66bd315c5249ca0b77ea761e015f9349c00 Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
Diffstat (limited to 'secure_fw')
-rw-r--r--secure_fw/spm/cmsis_psa/spm_ipc.c22
-rw-r--r--secure_fw/spm/cmsis_psa/spm_ipc.h9
-rw-r--r--secure_fw/spm/cmsis_psa/tfm_rpc.c3
-rw-r--r--secure_fw/spm/ffm/psa_api.c6
-rw-r--r--secure_fw/spm/ffm/psa_api.h6
-rw-r--r--secure_fw/spm/ffm/psa_api_svc.c14
6 files changed, 39 insertions, 21 deletions
diff --git a/secure_fw/spm/cmsis_psa/spm_ipc.c b/secure_fw/spm/cmsis_psa/spm_ipc.c
index 42ef5a2301..75661b2caf 100644
--- a/secure_fw/spm/cmsis_psa/spm_ipc.c
+++ b/secure_fw/spm/cmsis_psa/spm_ipc.c
@@ -615,6 +615,7 @@ bool tfm_spm_is_ns_caller(void)
return (__get_active_exc_num() == EXC_NUM_PENDSV);
#else
struct partition_t *partition = tfm_spm_get_running_partition();
+
if (!partition) {
tfm_core_panic();
}
@@ -623,6 +624,27 @@ bool tfm_spm_is_ns_caller(void)
#endif
}
+uint32_t tfm_spm_get_caller_privilege_mode(void)
+{
+ struct partition_t *partition;
+
+#if defined(TFM_MULTI_CORE_TOPOLOGY) || defined(FORWARD_PROT_MSG)
+ /*
+ * In multi-core topology, if PSA request is from mailbox, the client
+ * is unprivileged.
+ */
+ if (__get_active_exc_num() == EXC_NUM_PENDSV) {
+ return TFM_PARTITION_UNPRIVILEGED_MODE;
+ }
+#endif
+ partition = tfm_spm_get_running_partition();
+ if (!partition) {
+ tfm_core_panic();
+ }
+
+ return tfm_spm_partition_get_privileged_mode(partition->p_ldinf->flags);
+}
+
uint32_t tfm_spm_init(void)
{
uint32_t i;
diff --git a/secure_fw/spm/cmsis_psa/spm_ipc.h b/secure_fw/spm/cmsis_psa/spm_ipc.h
index da7e4495b4..9dad8b13f5 100644
--- a/secure_fw/spm/cmsis_psa/spm_ipc.h
+++ b/secure_fw/spm/cmsis_psa/spm_ipc.h
@@ -364,6 +364,15 @@ int32_t tfm_memory_check(const void *buffer, size_t len, bool ns_caller,
bool tfm_spm_is_ns_caller(void);
/**
+ * \brief Get the privilege mode of service caller.
+ *
+ * \retval Privilege mode of the service caller
+ * \ref TFM_PARTITION_UNPRIVILEGED_MODE
+ * \ref TFM_PARTITION_PRIVILEGED_MODE
+ */
+uint32_t tfm_spm_get_caller_privilege_mode(void);
+
+/**
* \brief Set up the isolation boundary of the given partition.
*
* \param[in] partition The partition of which the boundary is set up.
diff --git a/secure_fw/spm/cmsis_psa/tfm_rpc.c b/secure_fw/spm/cmsis_psa/tfm_rpc.c
index 8303009e4b..7b366ceb65 100644
--- a/secure_fw/spm/cmsis_psa/tfm_rpc.c
+++ b/secure_fw/spm/cmsis_psa/tfm_rpc.c
@@ -59,8 +59,7 @@ psa_status_t tfm_rpc_psa_call(const struct client_call_params_t *params)
return tfm_spm_client_psa_call(params->handle, params->type,
params->in_vec, params->in_len,
- params->out_vec, params->out_len,
- TFM_PARTITION_UNPRIVILEGED_MODE);
+ params->out_vec, params->out_len);
}
void tfm_rpc_psa_close(const struct client_call_params_t *params)
diff --git a/secure_fw/spm/ffm/psa_api.c b/secure_fw/spm/ffm/psa_api.c
index 54ea1d62eb..a65bdec8ca 100644
--- a/secure_fw/spm/ffm/psa_api.c
+++ b/secure_fw/spm/ffm/psa_api.c
@@ -131,8 +131,7 @@ psa_status_t tfm_spm_client_psa_connect(uint32_t sid, uint32_t version)
psa_status_t tfm_spm_client_psa_call(psa_handle_t handle, int32_t type,
const psa_invec *inptr, size_t in_num,
- psa_outvec *outptr, size_t out_num,
- uint32_t privileged)
+ psa_outvec *outptr, size_t out_num)
{
psa_invec invecs[PSA_MAX_IOVEC];
psa_outvec outvecs[PSA_MAX_IOVEC];
@@ -142,6 +141,7 @@ psa_status_t tfm_spm_client_psa_call(psa_handle_t handle, int32_t type,
int i, j;
int32_t client_id;
uint32_t sid, version, index;
+ uint32_t privileged;
bool ns_caller = tfm_spm_is_ns_caller();
/* The request type must be zero or positive. */
@@ -233,6 +233,8 @@ psa_status_t tfm_spm_client_psa_call(psa_handle_t handle, int32_t type,
tfm_core_panic();
}
+ privileged = tfm_spm_get_caller_privilege_mode();
+
/*
* Read client invecs from the wrap input vector. It is a PROGRAMMER ERROR
* if the memory reference for the wrap input vector is invalid or not
diff --git a/secure_fw/spm/ffm/psa_api.h b/secure_fw/spm/ffm/psa_api.h
index 856977c35a..1c6707988e 100644
--- a/secure_fw/spm/ffm/psa_api.h
+++ b/secure_fw/spm/ffm/psa_api.h
@@ -76,9 +76,6 @@ psa_status_t tfm_spm_client_psa_connect(uint32_t sid, uint32_t version);
* \ref psa_outvec
* \param[in] out_num Number of outut psa_outvec structures.
* \ref psa_outvec
- * \param[in] privileged Privileged mode or unprivileged mode:
- * \ref TFM_PARTITION_UNPRIVILEGED_MODE
- * \ref TFM_PARTITION_PRIVILEGED_MODE
*
* \retval PSA_SUCCESS Success.
* \retval "Does not return" The call is invalid, one or more of the
@@ -92,8 +89,7 @@ psa_status_t tfm_spm_client_psa_connect(uint32_t sid, uint32_t version);
*/
psa_status_t tfm_spm_client_psa_call(psa_handle_t handle, int32_t type,
const psa_invec *inptr, size_t in_num,
- psa_outvec *outptr, size_t out_num,
- uint32_t privileged);
+ psa_outvec *outptr, size_t out_num);
/**
* \brief handler for \ref psa_close.
diff --git a/secure_fw/spm/ffm/psa_api_svc.c b/secure_fw/spm/ffm/psa_api_svc.c
index ef242f7c6b..5ddfd898b2 100644
--- a/secure_fw/spm/ffm/psa_api_svc.c
+++ b/secure_fw/spm/ffm/psa_api_svc.c
@@ -64,28 +64,18 @@ psa_status_t tfm_spm_psa_call(uint32_t *args, uint32_t lr)
psa_invec *inptr;
psa_outvec *outptr;
size_t in_num, out_num;
- struct partition_t *partition = NULL;
- uint32_t privileged;
int32_t type;
TFM_CORE_ASSERT(args != NULL);
handle = (psa_handle_t)args[0];
-
- partition = tfm_spm_get_running_partition();
- if (!partition) {
- tfm_core_panic();
- }
- privileged = tfm_spm_partition_get_privileged_mode(
- partition->p_ldinf->flags);
-
type = (int32_t)(int16_t)((args[1] & TYPE_MASK) >> TYPE_OFFSET);
in_num = (size_t)((args[1] & IN_LEN_MASK) >> IN_LEN_OFFSET);
out_num = (size_t)((args[1] & OUT_LEN_MASK) >> OUT_LEN_OFFSET);
inptr = (psa_invec *)args[2];
outptr = (psa_outvec *)args[3];
- return tfm_spm_client_psa_call(handle, type, inptr, in_num, outptr, out_num,
- privileged);
+ return tfm_spm_client_psa_call(handle, type, inptr, in_num, outptr,
+ out_num);
}
void tfm_spm_psa_close(uint32_t *args)