diff options
author | Mingyang Sun <mingyang.sun@arm.com> | 2021-07-12 14:46:30 +0800 |
---|---|---|
committer | Mingyang Sun <mingyang.sun@arm.com> | 2021-08-06 15:08:19 +0800 |
commit | e529e3b5f52163b38f5261eb80246f392eed4e83 (patch) | |
tree | fd8e0a525d03a8cd7a17159af8917e46cb9ead18 /secure_fw | |
parent | 22a3faf4c41150d15868c0bd369c40d02a222988 (diff) | |
download | trusted-firmware-m-e529e3b5f52163b38f5261eb80246f392eed4e83.tar.gz |
SPM: Remove the "privileged" argument
Remove the "privileged" argument from PSA API function
body, create an API to obtain privilege information from
the caller info.
Change-Id: If0b7f66bd315c5249ca0b77ea761e015f9349c00
Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
Diffstat (limited to 'secure_fw')
-rw-r--r-- | secure_fw/spm/cmsis_psa/spm_ipc.c | 22 | ||||
-rw-r--r-- | secure_fw/spm/cmsis_psa/spm_ipc.h | 9 | ||||
-rw-r--r-- | secure_fw/spm/cmsis_psa/tfm_rpc.c | 3 | ||||
-rw-r--r-- | secure_fw/spm/ffm/psa_api.c | 6 | ||||
-rw-r--r-- | secure_fw/spm/ffm/psa_api.h | 6 | ||||
-rw-r--r-- | secure_fw/spm/ffm/psa_api_svc.c | 14 |
6 files changed, 39 insertions, 21 deletions
diff --git a/secure_fw/spm/cmsis_psa/spm_ipc.c b/secure_fw/spm/cmsis_psa/spm_ipc.c index 42ef5a2301..75661b2caf 100644 --- a/secure_fw/spm/cmsis_psa/spm_ipc.c +++ b/secure_fw/spm/cmsis_psa/spm_ipc.c @@ -615,6 +615,7 @@ bool tfm_spm_is_ns_caller(void) return (__get_active_exc_num() == EXC_NUM_PENDSV); #else struct partition_t *partition = tfm_spm_get_running_partition(); + if (!partition) { tfm_core_panic(); } @@ -623,6 +624,27 @@ bool tfm_spm_is_ns_caller(void) #endif } +uint32_t tfm_spm_get_caller_privilege_mode(void) +{ + struct partition_t *partition; + +#if defined(TFM_MULTI_CORE_TOPOLOGY) || defined(FORWARD_PROT_MSG) + /* + * In multi-core topology, if PSA request is from mailbox, the client + * is unprivileged. + */ + if (__get_active_exc_num() == EXC_NUM_PENDSV) { + return TFM_PARTITION_UNPRIVILEGED_MODE; + } +#endif + partition = tfm_spm_get_running_partition(); + if (!partition) { + tfm_core_panic(); + } + + return tfm_spm_partition_get_privileged_mode(partition->p_ldinf->flags); +} + uint32_t tfm_spm_init(void) { uint32_t i; diff --git a/secure_fw/spm/cmsis_psa/spm_ipc.h b/secure_fw/spm/cmsis_psa/spm_ipc.h index da7e4495b4..9dad8b13f5 100644 --- a/secure_fw/spm/cmsis_psa/spm_ipc.h +++ b/secure_fw/spm/cmsis_psa/spm_ipc.h @@ -364,6 +364,15 @@ int32_t tfm_memory_check(const void *buffer, size_t len, bool ns_caller, bool tfm_spm_is_ns_caller(void); /** + * \brief Get the privilege mode of service caller. + * + * \retval Privilege mode of the service caller + * \ref TFM_PARTITION_UNPRIVILEGED_MODE + * \ref TFM_PARTITION_PRIVILEGED_MODE + */ +uint32_t tfm_spm_get_caller_privilege_mode(void); + +/** * \brief Set up the isolation boundary of the given partition. * * \param[in] partition The partition of which the boundary is set up. diff --git a/secure_fw/spm/cmsis_psa/tfm_rpc.c b/secure_fw/spm/cmsis_psa/tfm_rpc.c index 8303009e4b..7b366ceb65 100644 --- a/secure_fw/spm/cmsis_psa/tfm_rpc.c +++ b/secure_fw/spm/cmsis_psa/tfm_rpc.c @@ -59,8 +59,7 @@ psa_status_t tfm_rpc_psa_call(const struct client_call_params_t *params) return tfm_spm_client_psa_call(params->handle, params->type, params->in_vec, params->in_len, - params->out_vec, params->out_len, - TFM_PARTITION_UNPRIVILEGED_MODE); + params->out_vec, params->out_len); } void tfm_rpc_psa_close(const struct client_call_params_t *params) diff --git a/secure_fw/spm/ffm/psa_api.c b/secure_fw/spm/ffm/psa_api.c index 54ea1d62eb..a65bdec8ca 100644 --- a/secure_fw/spm/ffm/psa_api.c +++ b/secure_fw/spm/ffm/psa_api.c @@ -131,8 +131,7 @@ psa_status_t tfm_spm_client_psa_connect(uint32_t sid, uint32_t version) psa_status_t tfm_spm_client_psa_call(psa_handle_t handle, int32_t type, const psa_invec *inptr, size_t in_num, - psa_outvec *outptr, size_t out_num, - uint32_t privileged) + psa_outvec *outptr, size_t out_num) { psa_invec invecs[PSA_MAX_IOVEC]; psa_outvec outvecs[PSA_MAX_IOVEC]; @@ -142,6 +141,7 @@ psa_status_t tfm_spm_client_psa_call(psa_handle_t handle, int32_t type, int i, j; int32_t client_id; uint32_t sid, version, index; + uint32_t privileged; bool ns_caller = tfm_spm_is_ns_caller(); /* The request type must be zero or positive. */ @@ -233,6 +233,8 @@ psa_status_t tfm_spm_client_psa_call(psa_handle_t handle, int32_t type, tfm_core_panic(); } + privileged = tfm_spm_get_caller_privilege_mode(); + /* * Read client invecs from the wrap input vector. It is a PROGRAMMER ERROR * if the memory reference for the wrap input vector is invalid or not diff --git a/secure_fw/spm/ffm/psa_api.h b/secure_fw/spm/ffm/psa_api.h index 856977c35a..1c6707988e 100644 --- a/secure_fw/spm/ffm/psa_api.h +++ b/secure_fw/spm/ffm/psa_api.h @@ -76,9 +76,6 @@ psa_status_t tfm_spm_client_psa_connect(uint32_t sid, uint32_t version); * \ref psa_outvec * \param[in] out_num Number of outut psa_outvec structures. * \ref psa_outvec - * \param[in] privileged Privileged mode or unprivileged mode: - * \ref TFM_PARTITION_UNPRIVILEGED_MODE - * \ref TFM_PARTITION_PRIVILEGED_MODE * * \retval PSA_SUCCESS Success. * \retval "Does not return" The call is invalid, one or more of the @@ -92,8 +89,7 @@ psa_status_t tfm_spm_client_psa_connect(uint32_t sid, uint32_t version); */ psa_status_t tfm_spm_client_psa_call(psa_handle_t handle, int32_t type, const psa_invec *inptr, size_t in_num, - psa_outvec *outptr, size_t out_num, - uint32_t privileged); + psa_outvec *outptr, size_t out_num); /** * \brief handler for \ref psa_close. diff --git a/secure_fw/spm/ffm/psa_api_svc.c b/secure_fw/spm/ffm/psa_api_svc.c index ef242f7c6b..5ddfd898b2 100644 --- a/secure_fw/spm/ffm/psa_api_svc.c +++ b/secure_fw/spm/ffm/psa_api_svc.c @@ -64,28 +64,18 @@ psa_status_t tfm_spm_psa_call(uint32_t *args, uint32_t lr) psa_invec *inptr; psa_outvec *outptr; size_t in_num, out_num; - struct partition_t *partition = NULL; - uint32_t privileged; int32_t type; TFM_CORE_ASSERT(args != NULL); handle = (psa_handle_t)args[0]; - - partition = tfm_spm_get_running_partition(); - if (!partition) { - tfm_core_panic(); - } - privileged = tfm_spm_partition_get_privileged_mode( - partition->p_ldinf->flags); - type = (int32_t)(int16_t)((args[1] & TYPE_MASK) >> TYPE_OFFSET); in_num = (size_t)((args[1] & IN_LEN_MASK) >> IN_LEN_OFFSET); out_num = (size_t)((args[1] & OUT_LEN_MASK) >> OUT_LEN_OFFSET); inptr = (psa_invec *)args[2]; outptr = (psa_outvec *)args[3]; - return tfm_spm_client_psa_call(handle, type, inptr, in_num, outptr, out_num, - privileged); + return tfm_spm_client_psa_call(handle, type, inptr, in_num, outptr, + out_num); } void tfm_spm_psa_close(uint32_t *args) |