aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--interface/include/psa/client.h8
-rw-r--r--interface/src/psa/psa_client.c7
-rw-r--r--interface/src/tfm_psa_ns_api.c7
-rw-r--r--secure_fw/spm/ffm/psa_client_service_apis.c2
4 files changed, 15 insertions, 9 deletions
diff --git a/interface/include/psa/client.h b/interface/include/psa/client.h
index d92de026f2..7aee1e5e6a 100644
--- a/interface/include/psa/client.h
+++ b/interface/include/psa/client.h
@@ -130,6 +130,14 @@ psa_handle_t psa_connect(uint32_t sid, uint32_t version);
/**
* \brief Call an RoT Service on an established connection.
*
+ * \note FF-M 1.0 proposes 6 parameters for psa_call but the secure gateway ABI
+ * support at most 4 parameters. TF-M chooses to encode 'in_len',
+ * 'out_len', and 'type' into a 32-bit integer to improve efficiency.
+ * Compared with struct-based encoding, this method saves extra memory
+ * check and memory copy operation. The disadvantage is that the 'type'
+ * range has to be reduced into a 16-bit integer. So with this encoding,
+ * the valid range for 'type' is 0-32767.
+ *
* \param[in] handle A handle to an established connection.
* \param[in] type The request type.
* Must be zero( \ref PSA_IPC_CALL) or positive.
diff --git a/interface/src/psa/psa_client.c b/interface/src/psa/psa_client.c
index 00d95eeb2b..6960ac67af 100644
--- a/interface/src/psa/psa_client.c
+++ b/interface/src/psa/psa_client.c
@@ -56,10 +56,9 @@ psa_status_t psa_call(psa_handle_t handle,
{
if ((type > INT16_MAX) ||
(type < INT16_MIN) ||
- (in_len > PSA_MAX_IOVEC) ||
- (out_len > PSA_MAX_IOVEC) ||
- ((in_len + out_len) > PSA_MAX_IOVEC)) {
- return PSA_ERROR_INVALID_ARGUMENT;
+ (in_len > UINT8_MAX) ||
+ (out_len > UINT8_MAX)) {
+ return PSA_ERROR_PROGRAMMER_ERROR;
}
return psa_call_param_pack(handle,
diff --git a/interface/src/tfm_psa_ns_api.c b/interface/src/tfm_psa_ns_api.c
index 9d60a11d7f..751216dd0b 100644
--- a/interface/src/tfm_psa_ns_api.c
+++ b/interface/src/tfm_psa_ns_api.c
@@ -50,10 +50,9 @@ psa_status_t psa_call(psa_handle_t handle, int32_t type,
{
if ((type > INT16_MAX) ||
(type < INT16_MIN) ||
- (in_len > PSA_MAX_IOVEC) ||
- (out_len > PSA_MAX_IOVEC) ||
- ((in_len + out_len) > PSA_MAX_IOVEC)) {
- return PSA_ERROR_INVALID_ARGUMENT;
+ (in_len > UINT8_MAX) ||
+ (out_len > UINT8_MAX)) {
+ return PSA_ERROR_PROGRAMMER_ERROR;
}
return tfm_ns_interface_dispatch(
diff --git a/secure_fw/spm/ffm/psa_client_service_apis.c b/secure_fw/spm/ffm/psa_client_service_apis.c
index 2f57c0cc8a..57c1b82a41 100644
--- a/secure_fw/spm/ffm/psa_client_service_apis.c
+++ b/secure_fw/spm/ffm/psa_client_service_apis.c
@@ -78,7 +78,7 @@ psa_status_t tfm_spm_psa_call(uint32_t *args, bool ns_caller, uint32_t lr)
privileged = tfm_spm_partition_get_privileged_mode(
partition->p_static->flags);
- type = (int32_t)((args[1] & TYPE_MASK) >> TYPE_OFFSET);
+ type = (int32_t)(int16_t)((args[1] & TYPE_MASK) >> TYPE_OFFSET);
in_num = (size_t)((args[1] & IN_LEN_MASK) >> IN_LEN_OFFSET);
out_num = (size_t)((args[1] & OUT_LEN_MASK) >> OUT_LEN_OFFSET);
inptr = (psa_invec *)args[2];