Interface: Enable Platform service in IPC model
Enable Platform Secure service in IPC model
- modify Cmake files to build the service for IPC model
- create NS API source file
- add IPC model implementation to secure API file
- add services to Platform Secure partition's yaml file
- declare IPC support for the Platform Secure partition in
tfm_manifest_list.yaml
- enable reset service /SPM request in IPC mode
Change-Id: I553b7c64bb90c65e6200c619b7c0b30881bf490f
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
diff --git a/CommonConfig.cmake b/CommonConfig.cmake
index bae73af..0e98af9 100644
--- a/CommonConfig.cmake
+++ b/CommonConfig.cmake
@@ -248,7 +248,6 @@
if (CORE_IPC)
set(TFM_PARTITION_AUDIT_LOG OFF)
- set(TFM_PARTITION_PLATFORM OFF)
endif()
if (TFM_PARTITION_AUDIT_LOG)
diff --git a/app/CMakeLists.txt b/app/CMakeLists.txt
index 57df915..155492e 100644
--- a/app/CMakeLists.txt
+++ b/app/CMakeLists.txt
@@ -89,7 +89,7 @@
if (TFM_PARTITION_PLATFORM)
if (TFM_PSA_API)
- message(FATAL_ERROR "Platform service has not been supported in IPC model yet.")
+ list(APPEND NS_APP_SRC "${INTERFACE_DIR}/src/tfm_platform_ipc_api.c")
else()
list(APPEND NS_APP_SRC "${INTERFACE_DIR}/src/tfm_platform_func_api.c")
endif()
diff --git a/interface/include/psa_manifest/sid.h b/interface/include/psa_manifest/sid.h
index a6a96e7..4a2895d 100644
--- a/interface/include/psa_manifest/sid.h
+++ b/interface/include/psa_manifest/sid.h
@@ -40,6 +40,12 @@
#define TFM_CRYPTO_SID (0x00000080U)
#define TFM_CRYPTO_VERSION (1U)
+/******** TFM_SP_PLATFORM ********/
+#define TFM_SP_PLATFORM_SYSTEM_RESET_SID (0x00000040U)
+#define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION (1U)
+#define TFM_SP_PLATFORM_IOCTL_SID (0x00000041U)
+#define TFM_SP_PLATFORM_IOCTL_VERSION (1U)
+
/******** TFM_SP_INITIAL_ATTESTATION ********/
#define TFM_ATTEST_GET_TOKEN_SID (0x00000020U)
#define TFM_ATTEST_GET_TOKEN_VERSION (1U)
diff --git a/interface/src/tfm_platform_ipc_api.c b/interface/src/tfm_platform_ipc_api.c
new file mode 100644
index 0000000..0c1edf4
--- /dev/null
+++ b/interface/src/tfm_platform_ipc_api.c
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 2019, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include <stdbool.h>
+#include "tfm_platform_api.h"
+#include "psa_manifest/sid.h"
+
+enum tfm_platform_err_t tfm_platform_system_reset(void)
+{
+ psa_status_t status = PSA_ERROR_CONNECTION_REFUSED;
+ psa_handle_t handle = PSA_NULL_HANDLE;
+
+ handle = psa_connect(TFM_SP_PLATFORM_SYSTEM_RESET_SID,
+ TFM_SP_PLATFORM_SYSTEM_RESET_VERSION);
+ if (handle <= 0) {
+ return TFM_PLATFORM_ERR_SYSTEM_ERROR;
+ }
+
+ status = psa_call(handle, PSA_IPC_CALL,
+ NULL, 0, NULL, 0);
+ psa_close(handle);
+
+ if (status < PSA_SUCCESS) {
+ return TFM_PLATFORM_ERR_SYSTEM_ERROR;
+ } else {
+ return (enum tfm_platform_err_t) status;
+ }
+
+}
+
+enum tfm_platform_err_t
+tfm_platform_ioctl(tfm_platform_ioctl_req_t request,
+ psa_invec *input, psa_outvec *output)
+{
+ tfm_platform_ioctl_req_t req = request;
+ struct psa_invec in_vec[2] = { {0} };
+ size_t inlen, outlen;
+ psa_status_t status = PSA_ERROR_CONNECTION_REFUSED;
+ psa_handle_t handle = PSA_NULL_HANDLE;
+
+ in_vec[0].base = &req;
+ in_vec[0].len = sizeof(req);
+ if (input != NULL) {
+ in_vec[1].base = input->base;
+ in_vec[1].len = input->len;
+ inlen = 2;
+ } else {
+ inlen = 1;
+ }
+
+ if (output != NULL) {
+ outlen = 1;
+ } else {
+ outlen = 0;
+ }
+
+ handle = psa_connect(TFM_SP_PLATFORM_IOCTL_SID,
+ TFM_SP_PLATFORM_IOCTL_VERSION);
+ if (handle <= 0) {
+ return TFM_PLATFORM_ERR_SYSTEM_ERROR;
+ }
+
+ status = psa_call(handle, PSA_IPC_CALL,
+ in_vec, inlen,
+ output, outlen);
+ psa_close(handle);
+
+ if (status < PSA_SUCCESS) {
+ return TFM_PLATFORM_ERR_SYSTEM_ERROR;
+ } else {
+ return (enum tfm_platform_err_t) status;
+ }
+}
+
diff --git a/platform/ext/common/armclang/tfm_common_s.sct b/platform/ext/common/armclang/tfm_common_s.sct
index 36dc5af..9704611 100644
--- a/platform/ext/common/armclang/tfm_common_s.sct
+++ b/platform/ext/common/armclang/tfm_common_s.sct
@@ -355,7 +355,7 @@
}
#if defined (TFM_PSA_API)
- TFM_SP_PLATFORM_LINKER_STACK +0 ALIGN 128 EMPTY 0 {
+ TFM_SP_PLATFORM_LINKER_STACK +0 ALIGN 128 EMPTY 0x0400 {
}
#endif
#endif /* TFM_PARTITION_PLATFORM */
diff --git a/platform/ext/common/gcc/tfm_common_s.ld b/platform/ext/common/gcc/tfm_common_s.ld
index df4d29c..f4088d0 100644
--- a/platform/ext/common/gcc/tfm_common_s.ld
+++ b/platform/ext/common/gcc/tfm_common_s.ld
@@ -942,6 +942,14 @@
Image$$TFM_SP_PLATFORM_LINKER_DATA$$ZI$$Base = ADDR(.TFM_SP_PLATFORM_LINKER_BSS);
Image$$TFM_SP_PLATFORM_LINKER_DATA$$ZI$$Limit = ADDR(.TFM_SP_PLATFORM_LINKER_BSS) + SIZEOF(.TFM_SP_PLATFORM_LINKER_BSS);
+#if defined (TFM_PSA_API)
+ .TFM_SP_PLATFORM_LINKER_STACK : ALIGN(128)
+ {
+ . += 0x0400;
+ } > RAM
+ Image$$TFM_SP_PLATFORM_LINKER_STACK$$ZI$$Base = ADDR(.TFM_SP_PLATFORM_LINKER_STACK);
+ Image$$TFM_SP_PLATFORM_LINKER_STACK$$ZI$$Limit = ADDR(.TFM_SP_PLATFORM_LINKER_STACK) + SIZEOF(.TFM_SP_PLATFORM_LINKER_STACK);
+#endif
#endif /* TFM_PARTITION_PLATFORM */
diff --git a/platform/ext/target/musca_b1/services/src/tfm_platform_system.c b/platform/ext/target/musca_b1/services/src/tfm_platform_system.c
index 07425d7..a1d4c39 100644
--- a/platform/ext/target/musca_b1/services/src/tfm_platform_system.c
+++ b/platform/ext/target/musca_b1/services/src/tfm_platform_system.c
@@ -14,6 +14,7 @@
#include "tfm_secure_api.h"
#include "services/include/tfm_ioctl_api.h"
+#ifndef TFM_PSA_API
/*!
* \brief Verify access rights for memory addresses sent in io vectors
*
@@ -38,6 +39,7 @@
return false;
}
}
+#endif /* TFM_PSA_API */
void tfm_platform_hal_system_reset(void)
{
@@ -65,9 +67,12 @@
enum gpio_altfunc_t altfunc;
enum pinmode_select_t pin_mode;
+#ifndef TFM_PSA_API
if (memory_addr_check(in_vec, out_vec) == false) {
return TFM_PLATFORM_ERR_SYSTEM_ERROR;
}
+#endif /* TFM_PSA_API */
+
if (in_vec->len != sizeof(struct tfm_pin_service_args_t) ||
out_vec->len != sizeof(uint32_t)) {
return TFM_PLATFORM_ERR_SYSTEM_ERROR;
diff --git a/secure_fw/CMakeLists.txt b/secure_fw/CMakeLists.txt
index 6cc8d6c..59b5095 100644
--- a/secure_fw/CMakeLists.txt
+++ b/secure_fw/CMakeLists.txt
@@ -344,8 +344,13 @@
if(TFM_PARTITION_PLATFORM)
install(FILES ${INTERFACE_INC_DIR}/tfm_platform_api.h
DESTINATION ${EXPORT_INC_DIR})
- install(FILES ${INTERFACE_SRC_DIR}/tfm_platform_func_api.c
- DESTINATION ${EXPORT_SRC_DIR})
+ if(TFM_PSA_API)
+ install(FILES ${INTERFACE_SRC_DIR}/tfm_platform_ipc_api.c
+ DESTINATION ${EXPORT_SRC_DIR})
+ else()
+ install(FILES ${INTERFACE_SRC_DIR}/tfm_platform_func_api.c
+ DESTINATION ${EXPORT_SRC_DIR})
+ endif()
endif()
install(FILES ${S_VENEER_FILE} DESTINATION export/tfm/veneers)
diff --git a/secure_fw/core/ipc/tfm_svcalls.c b/secure_fw/core/ipc/tfm_svcalls.c
index bde97ff..3b71e17 100644
--- a/secure_fw/core/ipc/tfm_svcalls.c
+++ b/secure_fw/core/ipc/tfm_svcalls.c
@@ -27,6 +27,7 @@
#include "tfm_core_utils.h"
#include "tfm_psa_client_call.h"
#include "tfm_rpc.h"
+#include "tfm_internal.h"
#ifdef PLATFORM_SVC_HANDLERS
extern int32_t platform_svc_handlers(tfm_svc_number_t svc_num,
@@ -1017,6 +1018,9 @@
case TFM_SVC_DISABLE_IRQ:
tfm_svcall_disable_irq(ctx);
break;
+ case TFM_SVC_SPM_REQUEST:
+ tfm_core_spm_request_handler((const struct tfm_state_context_t *)ctx);
+ break;
default:
#ifdef PLATFORM_SVC_HANDLERS
diff --git a/secure_fw/core/tfm_core.c b/secure_fw/core/tfm_core.c
index 0ba2678..59f22b5 100644
--- a/secure_fw/core/tfm_core.c
+++ b/secure_fw/core/tfm_core.c
@@ -18,14 +18,13 @@
#include "secure_fw/include/tfm_spm_services_api.h"
#include "tfm_irq_list.h"
#include "tfm_utils.h"
+#include "spm_db.h"
#ifdef TFM_PSA_API
#include "psa/client.h"
#include "psa/service.h"
#include "tfm_thread.h"
#include "tfm_wait.h"
#include "tfm_message_queue.h"
-#else
-#include "spm_api.h"
#endif
/*
@@ -50,11 +49,6 @@
#endif
#endif
-/* Macros to pick linker symbols and allow to form the partition data base */
-#define REGION(a, b, c) a##b##c
-#define REGION_NAME(a, b, c) REGION(a, b, c)
-#define REGION_DECLARE(a, b, c) extern uint32_t REGION_NAME(a, b, c)
-
REGION_DECLARE(Image$$, ARM_LIB_STACK_MSP, $$ZI$$Base);
int32_t tfm_core_init(void)
@@ -151,21 +145,32 @@
return TFM_SUCCESS;
}
-#ifndef TFM_PSA_API
void tfm_core_spm_request_handler(const struct tfm_state_context_t *svc_ctx)
{
uint32_t *res_ptr = (uint32_t *)&svc_ctx->r0;
uint32_t running_partition_flags = 0;
+#ifdef TFM_PSA_API
+ const struct spm_partition_desc_t *partition = NULL;
+#else /* TFM_PSA_API */
uint32_t running_partition_idx;
+#endif /* TFM_PSA_API */
/* Check permissions on request type basis */
switch (svc_ctx->r0) {
case TFM_SPM_REQUEST_RESET_VOTE:
+#ifdef TFM_PSA_API
+ partition = tfm_spm_get_running_partition();
+ if (!partition) {
+ tfm_panic();
+ }
+ running_partition_flags = partition->static_data->partition_flags;
+#else /* TFM_PSA_API */
running_partition_idx =
- tfm_spm_partition_get_running_partition_idx();
+ tfm_spm_partition_get_running_partition_idx();
running_partition_flags = tfm_spm_partition_get_flags(
running_partition_idx);
+#endif /* TFM_PSA_API */
/* Currently only PSA Root of Trust services are allowed to make Reset
* vote request
@@ -178,12 +183,12 @@
* allowing execution of reset
*/
*res_ptr = (uint32_t)TFM_SUCCESS;
+
break;
default:
*res_ptr = (uint32_t)TFM_ERROR_INVALID_PARAMETER;
}
}
-#endif /* TFM_PSA_API */
int main(void)
{
diff --git a/secure_fw/core/tfm_spm_services.c b/secure_fw/core/tfm_spm_services.c
index 127a9e3..fec40d3 100644
--- a/secure_fw/core/tfm_spm_services.c
+++ b/secure_fw/core/tfm_spm_services.c
@@ -44,14 +44,16 @@
}
__attribute__((naked))
-int32_t tfm_spm_request_reset_vote(void)
+int32_t tfm_core_validate_secure_caller(void)
{
__ASM volatile(
- "MOVS R0, %0\n"
- "B tfm_spm_request\n"
- : : "I" (TFM_SPM_REQUEST_RESET_VOTE));
+ "SVC %0\n"
+ "BX lr\n"
+ : : "I" (TFM_SVC_VALIDATE_SECURE_CALLER));
}
+#endif
+
__attribute__((naked))
int32_t tfm_spm_request(void)
{
@@ -62,16 +64,14 @@
}
__attribute__((naked))
-int32_t tfm_core_validate_secure_caller(void)
+int32_t tfm_spm_request_reset_vote(void)
{
__ASM volatile(
- "SVC %0\n"
- "BX lr\n"
- : : "I" (TFM_SVC_VALIDATE_SECURE_CALLER));
+ "MOVS R0, %0\n"
+ "B tfm_spm_request\n"
+ : : "I" (TFM_SPM_REQUEST_RESET_VOTE));
}
-#endif
-
__attribute__((naked))
int32_t tfm_core_get_boot_data(uint8_t major_type,
struct tfm_boot_data *boot_status,
diff --git a/secure_fw/services/platform/platform_sp.c b/secure_fw/services/platform/platform_sp.c
index 5c2d8b4..f5d0973 100644
--- a/secure_fw/services/platform/platform_sp.c
+++ b/secure_fw/services/platform/platform_sp.c
@@ -10,12 +10,17 @@
#include "platform/include/tfm_platform_system.h"
#include "secure_fw/include/tfm_spm_services_api.h"
-enum tfm_platform_err_t platform_sp_init(void)
-{
- /* Nothing to be done */
+#ifdef TFM_PSA_API
+#include "psa_manifest/tfm_platform.h"
+#include "psa/client.h"
+#include "psa/service.h"
+#include "region_defs.h"
- return TFM_PLATFORM_ERR_SUCCESS;
-}
+#define INPUT_BUFFER_SIZE 64
+#define OUTPUT_BUFFER_SIZE 64
+
+typedef enum tfm_platform_err_t (*plat_func_t)(const psa_msg_t *msg);
+#endif
enum tfm_platform_err_t platform_sp_system_reset(void)
{
@@ -34,6 +39,8 @@
return TFM_PLATFORM_ERR_SUCCESS;
}
+#ifndef TFM_PSA_API
+
enum tfm_platform_err_t
platform_sp_ioctl(psa_invec *in_vec, uint32_t num_invec,
psa_outvec *out_vec, uint32_t num_outvec)
@@ -55,3 +62,133 @@
return tfm_platform_hal_ioctl(request, input, output);
}
+#else /* TFM_PSA_API */
+
+static enum tfm_platform_err_t
+platform_sp_system_reset_ipc(const psa_msg_t *msg)
+{
+ (void)msg; /* unused parameter */
+
+ return platform_sp_system_reset();
+}
+
+static enum tfm_platform_err_t
+platform_sp_ioctl_ipc(const psa_msg_t *msg)
+{
+ void *input = NULL;
+ void *output = NULL;
+ psa_invec invec = {0};
+ psa_outvec outvec = {0};
+ uint8_t input_buffer[INPUT_BUFFER_SIZE] = {0};
+ uint8_t output_buffer[OUTPUT_BUFFER_SIZE] = {0};
+ tfm_platform_ioctl_req_t request = 0;
+ enum tfm_platform_err_t ret = TFM_PLATFORM_ERR_SYSTEM_ERROR;
+ int num = 0;
+ uint32_t in_len = PSA_MAX_IOVEC;
+ uint32_t out_len = PSA_MAX_IOVEC;
+
+ while ((in_len > 0) && (msg->in_size[in_len - 1] == 0)) {
+ in_len--;
+ }
+
+ while ((out_len > 0) && (msg->out_size[out_len - 1] == 0)) {
+ out_len--;
+ }
+
+ if ((in_len < 1) || (in_len > 2) ||
+ (out_len > 1)) {
+ return TFM_PLATFORM_ERR_SYSTEM_ERROR;
+ }
+
+ num = psa_read(msg->handle, 0, &request, sizeof(request));
+ if (num != sizeof(request)) {
+ return PSA_ERROR_PROGRAMMER_ERROR;
+ }
+
+ if (in_len > 1) {
+ if (msg->in_size[1] > INPUT_BUFFER_SIZE) {
+ return PSA_ERROR_PROGRAMMER_ERROR;
+ }
+ num = psa_read(msg->handle, 1, &input_buffer, msg->in_size[1]);
+ if (num != msg->in_size[1]) {
+ return PSA_ERROR_PROGRAMMER_ERROR;
+ }
+ invec.base = input_buffer;
+ invec.len = msg->in_size[1];
+ input = &invec;
+ }
+
+ if (out_len > 0) {
+ if (msg->out_size[0] > OUTPUT_BUFFER_SIZE) {
+ return PSA_ERROR_PROGRAMMER_ERROR;
+ }
+ outvec.base = output_buffer;
+ outvec.len = msg->out_size[0];
+ output = &outvec;
+ }
+
+ ret = tfm_platform_hal_ioctl(request, input, output);
+
+ if (output != NULL) {
+ psa_write(msg->handle, 0, outvec.base, outvec.len);
+ }
+
+ return ret;
+}
+
+static void platform_signal_handle(psa_signal_t signal, plat_func_t pfn)
+{
+ psa_msg_t msg;
+ psa_status_t status;
+
+ status = psa_get(signal, &msg);
+ switch (msg.type) {
+ case PSA_IPC_CONNECT:
+ psa_reply(msg.handle, PSA_SUCCESS);
+ break;
+ case PSA_IPC_CALL:
+ status = (psa_status_t)pfn(&msg);
+ psa_reply(msg.handle, status);
+ break;
+ case PSA_IPC_DISCONNECT:
+ psa_reply(msg.handle, PSA_SUCCESS);
+ break;
+ default:
+ /* FIXME: Should be replaced by a call to psa_panic() when it
+ * becomes available.
+ */
+ while (1) {
+ ;
+ }
+ }
+}
+
+#endif /* TFM_PSA_API */
+
+enum tfm_platform_err_t platform_sp_init(void)
+{
+#ifdef TFM_PSA_API
+ psa_signal_t signals = 0;
+
+ while (1) {
+ signals = psa_wait(PSA_WAIT_ANY, PSA_BLOCK);
+ if (signals & TFM_SP_PLATFORM_SYSTEM_RESET_SIGNAL) {
+ platform_signal_handle(TFM_SP_PLATFORM_SYSTEM_RESET_SIGNAL,
+ platform_sp_system_reset_ipc);
+ } else if (signals & TFM_SP_PLATFORM_IOCTL_SIGNAL) {
+ platform_signal_handle(TFM_SP_PLATFORM_IOCTL_SIGNAL,
+ platform_sp_ioctl_ipc);
+ } else {
+ /* FIXME: Should be replaced by a call to psa_panic() when it
+ * becomes available.
+ */
+ while (1) {
+ ;
+ }
+ }
+ }
+
+#endif /* TFM_PSA_API */
+
+ return TFM_PLATFORM_ERR_SUCCESS;
+}
diff --git a/secure_fw/services/platform/psa_manifest/tfm_platform.h b/secure_fw/services/platform/psa_manifest/tfm_platform.h
index 0920ce6..a3ea0c6 100644
--- a/secure_fw/services/platform/psa_manifest/tfm_platform.h
+++ b/secure_fw/services/platform/psa_manifest/tfm_platform.h
@@ -14,6 +14,8 @@
extern "C" {
#endif
+#define TFM_SP_PLATFORM_SYSTEM_RESET_SIGNAL (1U << (0 + 4))
+#define TFM_SP_PLATFORM_IOCTL_SIGNAL (1U << (1 + 4))
#ifdef __cplusplus
}
diff --git a/secure_fw/services/platform/tfm_platform.yaml b/secure_fw/services/platform/tfm_platform.yaml
index 0bacbbb..af95e3a 100644
--- a/secure_fw/services/platform/tfm_platform.yaml
+++ b/secure_fw/services/platform/tfm_platform.yaml
@@ -13,6 +13,24 @@
"entry_point": "platform_sp_init",
"stack_size": "0x0400",
"heap_size": "0x0400",
+ "services": [
+ {
+ "name": "TFM_SP_PLATFORM_SYSTEM_RESET",
+ "signal": "PLATFORM_SP_SYSTEM_RESET_SIG",
+ "sid": "0x00000040",
+ "non_secure_clients": true,
+ "minor_version": 1,
+ "minor_policy": "STRICT"
+ },
+ {
+ "name": "TFM_SP_PLATFORM_IOCTL",
+ "signal": "PLATFORM_SP_IOCTL_SIG",
+ "sid": "0x00000041",
+ "non_secure_clients": true,
+ "minor_version": 1,
+ "minor_policy": "STRICT"
+ }
+ ],
"secure_functions": [
{
"name": "TFM_SP_PLATFORM_SYSTEM_RESET",
diff --git a/secure_fw/services/platform/tfm_platform_secure_api.c b/secure_fw/services/platform/tfm_platform_secure_api.c
index 9103ab4..19739fb 100644
--- a/secure_fw/services/platform/tfm_platform_secure_api.c
+++ b/secure_fw/services/platform/tfm_platform_secure_api.c
@@ -7,12 +7,36 @@
#include "tfm_platform_api.h"
#include "tfm_veneers.h"
+#ifdef TFM_PSA_API
+#include "psa_manifest/sid.h"
+#endif
__attribute__((section("SFN")))
enum tfm_platform_err_t tfm_platform_system_reset(void)
{
+#ifdef TFM_PSA_API
+ psa_status_t status = PSA_ERROR_CONNECTION_REFUSED;
+ psa_handle_t handle = PSA_NULL_HANDLE;
+
+ handle = psa_connect(TFM_SP_PLATFORM_SYSTEM_RESET_SID,
+ TFM_SP_PLATFORM_SYSTEM_RESET_VERSION);
+ if (handle <= 0) {
+ return TFM_PLATFORM_ERR_SYSTEM_ERROR;
+ }
+
+ status = psa_call(handle, PSA_IPC_CALL,
+ NULL, 0, NULL, 0);
+ psa_close(handle);
+
+ if (status < PSA_SUCCESS) {
+ return TFM_PLATFORM_ERR_SYSTEM_ERROR;
+ } else {
+ return (enum tfm_platform_err_t) status;
+ }
+#else /* TFM_PSA_API */
return (enum tfm_platform_err_t) tfm_platform_sp_system_reset_veneer(
NULL, 0, NULL, 0);
+#endif /* TFM_PSA_API */
}
__attribute__((section("SFN")))
@@ -23,6 +47,10 @@
tfm_platform_ioctl_req_t req = request;
struct psa_invec in_vec[2];
size_t inlen, outlen;
+#ifdef TFM_PSA_API
+ psa_status_t status = PSA_ERROR_CONNECTION_REFUSED;
+ psa_handle_t handle = PSA_NULL_HANDLE;
+#endif /* TFM_PSA_API */
in_vec[0].base = &req;
in_vec[0].len = sizeof(req);
@@ -39,9 +67,26 @@
} else {
outlen = 0;
}
+#ifdef TFM_PSA_API
+ handle = psa_connect(TFM_SP_PLATFORM_IOCTL_SID,
+ TFM_SP_PLATFORM_IOCTL_VERSION);
+ if (handle <= 0) {
+ return TFM_PLATFORM_ERR_SYSTEM_ERROR;
+ }
+ status = psa_call(handle, PSA_IPC_CALL,
+ in_vec, inlen,
+ output, outlen);
+ psa_close(handle);
+
+ if (status < PSA_SUCCESS) {
+ return TFM_PLATFORM_ERR_SYSTEM_ERROR;
+ } else {
+ return (enum tfm_platform_err_t) status;
+ }
+#else /* TFM_PSA_API */
return (enum tfm_platform_err_t) tfm_platform_sp_ioctl_veneer(
in_vec, inlen, output, outlen);
-
+#endif /* TFM_PSA_API */
}
diff --git a/secure_fw/services/tfm_service_list.inc b/secure_fw/services/tfm_service_list.inc
index bc6410c..11fbee4 100644
--- a/secure_fw/services/tfm_service_list.inc
+++ b/secure_fw/services/tfm_service_list.inc
@@ -122,6 +122,28 @@
.version_policy = TFM_VERSION_POLICY_STRICT
},
+#ifdef TFM_PARTITION_PLATFORM
+ /******** TFM_SP_PLATFORM ********/
+ {
+ .name = "TFM_SP_PLATFORM_SYSTEM_RESET",
+ .partition_id = TFM_SP_PLATFORM,
+ .signal = TFM_SP_PLATFORM_SYSTEM_RESET_SIGNAL,
+ .sid = 0x00000040,
+ .non_secure_client = true,
+ .version = 1,
+ .version_policy = TFM_VERSION_POLICY_STRICT
+ },
+ {
+ .name = "TFM_SP_PLATFORM_IOCTL",
+ .partition_id = TFM_SP_PLATFORM,
+ .signal = TFM_SP_PLATFORM_IOCTL_SIGNAL,
+ .sid = 0x00000041,
+ .non_secure_client = true,
+ .version = 1,
+ .version_policy = TFM_VERSION_POLICY_STRICT
+ },
+#endif /* TFM_PARTITION_PLATFORM */
+
/******** TFM_SP_INITIAL_ATTESTATION ********/
{
.name = "TFM_ATTEST_GET_TOKEN",
@@ -541,6 +563,24 @@
.list = {0},
},
+#ifdef TFM_PARTITION_PLATFORM
+ /******** TFM_SP_PLATFORM ********/
+ {
+ .service_db = NULL,
+ .partition = NULL,
+ .handle_list = {0},
+ .msg_queue = {0},
+ .list = {0},
+ },
+ {
+ .service_db = NULL,
+ .partition = NULL,
+ .handle_list = {0},
+ .msg_queue = {0},
+ .list = {0},
+ },
+#endif /* TFM_PARTITION_PLATFORM */
+
/******** TFM_SP_INITIAL_ATTESTATION ********/
{
.service_db = NULL,
diff --git a/secure_fw/spm/spm_db.h b/secure_fw/spm/spm_db.h
index 3c3aa95..c5869fc 100644
--- a/secure_fw/spm/spm_db.h
+++ b/secure_fw/spm/spm_db.h
@@ -68,10 +68,8 @@
/* Macros to pick linker symbols and allow to form the partition data base */
#define REGION(a, b, c) a##b##c
#define REGION_NAME(a, b, c) REGION(a, b, c)
-#ifndef TFM_PSA_API
-#define REGION_DECLARE(a, b, c)
-#else
#define REGION_DECLARE(a, b, c) extern uint32_t REGION_NAME(a, b, c)
+#ifdef TFM_PSA_API
#define PART_REGION_ADDR(partition, region) \
(uint32_t)®ION_NAME(Image$$, partition, region)
#endif
diff --git a/secure_fw/spm/tfm_spm_db.inc b/secure_fw/spm/tfm_spm_db.inc
index 6302cd3..a854967 100644
--- a/secure_fw/spm/tfm_spm_db.inc
+++ b/secure_fw/spm/tfm_spm_db.inc
@@ -533,7 +533,7 @@
.psa_framework_version = 0x0100,
#endif /* defined(TFM_PSA_API) */
.partition_id = TFM_SP_PLATFORM,
- .partition_flags = 0
+ .partition_flags = SPM_PART_FLAG_IPC
| SPM_PART_FLAG_PSA_ROT | SPM_PART_FLAG_APP_ROT
,
.partition_priority = TFM_PRIORITY(NORMAL),
diff --git a/tools/tfm_manifest_list.yaml b/tools/tfm_manifest_list.yaml
index b982d20..289394e 100644
--- a/tools/tfm_manifest_list.yaml
+++ b/tools/tfm_manifest_list.yaml
@@ -57,7 +57,7 @@
"short_name": "TFM_SP_PLATFORM",
"manifest": "secure_fw/services/platform/tfm_platform.yaml",
"tfm_extensions": true,
- "tfm_partition_ipc": false,
+ "tfm_partition_ipc": true,
"conditional": "TFM_PARTITION_PLATFORM",
"version_major": 0,
"version_minor": 1,