SPM: Get "ns_caller" information from caller info
The "ns_caller" was passed to PSA API bodies as an argument.
This patch:
- Moves the non-secure caller check related codes into
"tfm_spm_validate_caller()".
- Removes the arg "ns_caller" of PSA APIs, and changes to
acquire "ns_caller" from the caller info.
Two cases for acquiring the "ns_caller":
- In multi-core topology, PSA API requests are processed via
mailbox, which triggers pendSV. If PSA API is called from pendSV,
caller is NS.
- Otherwise, caller security state is obtained from running
partition load info.
Change-Id: I29d0a522fc4f50a258c9d12102ecdb5c35f4a5e1
Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
diff --git a/secure_fw/spm/cmsis_psa/arch/tfm_arch_v6m_v7m.h b/secure_fw/spm/cmsis_psa/arch/tfm_arch_v6m_v7m.h
index 5058dd8..b29af05 100644
--- a/secure_fw/spm/cmsis_psa/arch/tfm_arch_v6m_v7m.h
+++ b/secure_fw/spm/cmsis_psa/arch/tfm_arch_v6m_v7m.h
@@ -30,6 +30,11 @@
/* processor mode for return: 0=Handler mode 1=Thread mod. */
#define EXC_RETURN_MODE (1UL << 3)
+/* Exception numbers */
+#define EXC_NUM_THREAD_MODE (0)
+#define EXC_NUM_SVCALL (11)
+#define EXC_NUM_PENDSV (14)
+
struct tfm_arch_ctx_t {
uint32_t r8;
uint32_t r9;
diff --git a/secure_fw/spm/cmsis_psa/spm_ipc.c b/secure_fw/spm/cmsis_psa/spm_ipc.c
index 5b6065c..42ef5a2 100644
--- a/secure_fw/spm/cmsis_psa/spm_ipc.c
+++ b/secure_fw/spm/cmsis_psa/spm_ipc.c
@@ -27,6 +27,7 @@
#include "tfm_core_trustzone.h"
#include "lists.h"
#include "tfm_pools.h"
+#include "region.h"
#include "psa_manifest/pid.h"
#include "tfm/tfm_spm_services.h"
#include "load/partition_defs.h"
@@ -44,6 +45,10 @@
TFM_POOL_DECLARE(conn_handle_pool, sizeof(struct tfm_conn_handle_t),
TFM_CONN_HANDLE_MAX_NUM);
+/* The veneer section names come from the scatter file */
+REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
+REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
+
void spm_interrupt_handler(struct partition_load_info_t *p_ldinf,
psa_signal_t signal,
uint32_t irq_line,
@@ -603,6 +608,21 @@
return SPM_ERROR_MEMORY_CHECK;
}
+bool tfm_spm_is_ns_caller(void)
+{
+#if defined(TFM_MULTI_CORE_TOPOLOGY) || defined(FORWARD_PROT_MSG)
+ /* Multi-core NS PSA API request is processed by pendSV. */
+ return (__get_active_exc_num() == EXC_NUM_PENDSV);
+#else
+ struct partition_t *partition = tfm_spm_get_running_partition();
+ if (!partition) {
+ tfm_core_panic();
+ }
+
+ return (partition->p_ldinf->pid == TFM_SP_NON_SECURE_ID);
+#endif
+}
+
uint32_t tfm_spm_init(void)
{
uint32_t i;
@@ -948,24 +968,47 @@
}
#if !defined(__ARM_ARCH_8_1M_MAIN__)
-void tfm_spm_validate_caller(struct partition_t *p_cur_sp, uint32_t *p_ctx,
- uint32_t exc_return, bool ns_caller)
+void tfm_spm_validate_caller(uint32_t *p_ctx, uint32_t exc_return)
{
+ /*
+ * TODO: the reentrant detection mechanism needs to be changed when there
+ * is no boundaries.
+ */
uintptr_t stacked_ctx_pos;
+ bool ns_caller = false;
+ struct partition_t *p_cur_sp = tfm_spm_get_running_partition();
+ uint32_t veneer_base =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
+ uint32_t veneer_limit =
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
+
+ if (!p_cur_sp) {
+ tfm_core_panic();
+ }
+
+ /*
+ * The caller security attribute detection bases on LR of state context.
+ * However, if SP calls PSA APIs based on its customized SVC, the LR may be
+ * occupied by general purpose value while calling SVC.
+ * Check if caller comes from non-secure: return address (p_ctx[6]) belongs
+ * to veneer section, and the bit0 of LR (p_ctx[5]) is zero.
+ */
+ if (p_ctx[6] >= veneer_base && p_ctx[6] < veneer_limit &&
+ !(p_ctx[5] & TFM_VENEER_LR_BIT0_MASK)) {
+ ns_caller = true;
+ }
+
+ /* If called from ns, partition ID should be TFM_SP_NON_SECURE_ID. */
+ if ((ns_caller == true) !=
+ (p_cur_sp->p_ldinf->pid == TFM_SP_NON_SECURE_ID)) {
+ tfm_core_panic();
+ }
if (ns_caller) {
/*
* The background IRQ can't be supported, since if SP is executing,
* the preempted context of SP can be different with the one who
- * preempts veneer.
- */
- if (p_cur_sp->p_ldinf->pid != TFM_SP_NON_SECURE_ID) {
- tfm_core_panic();
- }
-
- /*
- * It is non-secure caller, check if veneer stack contains
- * multiple contexts.
+ * preempts veneer. Check if veneer stack contains multiple contexts.
*/
stacked_ctx_pos = (uintptr_t)p_ctx +
sizeof(struct tfm_state_context_t) +
@@ -984,8 +1027,6 @@
if (stacked_ctx_pos != p_cur_sp->sp_thread.stk_top) {
tfm_core_panic();
}
- } else if (p_cur_sp->p_ldinf->pid <= 0) {
- tfm_core_panic();
}
}
#endif
diff --git a/secure_fw/spm/cmsis_psa/spm_ipc.h b/secure_fw/spm/cmsis_psa/spm_ipc.h
index 7d86cb9..da7e449 100644
--- a/secure_fw/spm/cmsis_psa/spm_ipc.h
+++ b/secure_fw/spm/cmsis_psa/spm_ipc.h
@@ -356,6 +356,14 @@
uint32_t privileged);
/**
+ * \brief Get the ns_caller info from runtime context.
+ *
+ * \retval - true: the PSA API caller is from non-secure
+ * - false: the PSA API caller is from secure
+ */
+bool tfm_spm_is_ns_caller(void);
+
+/**
* \brief Set up the isolation boundary of the given partition.
*
* \param[in] partition The partition of which the boundary is set up.
@@ -388,11 +396,8 @@
/**
* \brief Validate the whether NS caller re-enter.
*
- * \param[in] p_cur_sp Pointer to current partition.
* \param[in] p_ctx Pointer to current stack context.
* \param[in] exc_return EXC_RETURN value.
- * \param[in] ns_caller If 'true', call from non-secure client.
- * Or from secure client.
*
* \retval void Success.
*
@@ -400,20 +405,16 @@
* For architecture v8.1m and later, will use hardware re-entrant detection.
* Otherwise will use the software solution to validate the caller.
*/
-void tfm_spm_validate_caller(struct partition_t *p_cur_sp, uint32_t *p_ctx,
- uint32_t exc_return, bool ns_caller);
+void tfm_spm_validate_caller(uint32_t *p_ctx, uint32_t exc_return);
#else
/**
* In v8.1 mainline, will use hardware re-entrant detection instead.
*/
__STATIC_INLINE
-void tfm_spm_validate_caller(struct partition_t *p_cur_sp, uint32_t *p_ctx,
- uint32_t exc_return, bool ns_caller)
+void tfm_spm_validate_caller(uint32_t *p_ctx, uint32_t exc_return)
{
- (void)p_cur_sp;
(void)p_ctx;
(void)exc_return;
- (void)ns_caller;
return;
}
#endif
diff --git a/secure_fw/spm/cmsis_psa/tfm_core_svcalls_ipc.c b/secure_fw/spm/cmsis_psa/tfm_core_svcalls_ipc.c
index ab4ad75..aa29c07 100644
--- a/secure_fw/spm/cmsis_psa/tfm_core_svcalls_ipc.c
+++ b/secure_fw/spm/cmsis_psa/tfm_core_svcalls_ipc.c
@@ -20,10 +20,6 @@
#include "ffm/psa_api_svc.h"
#include "tfm_hal_spm_logdev.h"
-/* The section names come from the scatter file */
-REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
-
/* MSP bottom (higher address) */
REGION_DECLARE(Image$$, ARM_LIB_STACK_MSP, $$ZI$$Limit);
@@ -42,43 +38,19 @@
static int32_t SVC_Handler_IPC(uint8_t svc_num, uint32_t *ctx,
uint32_t lr)
{
- bool ns_caller = false;
- struct partition_t *partition = NULL;
- uint32_t veneer_base =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
- uint32_t veneer_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
-
- /*
- * The caller security attribute detection bases on LR of state context.
- * However, if SP calls PSA APIs based on its customized SVC, the LR may be
- * occupied by general purpose value while calling SVC.
- * Check if caller comes from non-secure: return address (ctx[6]) is belongs
- * to veneer section, and the bit0 of LR (ctx[5]) is zero.
- */
- if (ctx[6] >= veneer_base && ctx[6] < veneer_limit &&
- !(ctx[5] & TFM_VENEER_LR_BIT0_MASK)) {
- ns_caller = true;
- }
-
- partition = tfm_spm_get_running_partition();
- if (!partition) {
- tfm_core_panic();
- }
-
- tfm_spm_validate_caller(partition, ctx, lr, ns_caller);
+ tfm_spm_validate_caller(ctx, lr);
switch (svc_num) {
case TFM_SVC_PSA_FRAMEWORK_VERSION:
return tfm_spm_psa_framework_version();
case TFM_SVC_PSA_VERSION:
- return tfm_spm_psa_version(ctx, ns_caller);
+ return tfm_spm_psa_version(ctx);
case TFM_SVC_PSA_CONNECT:
- return tfm_spm_psa_connect(ctx, ns_caller);
+ return tfm_spm_psa_connect(ctx);
case TFM_SVC_PSA_CALL:
- return tfm_spm_psa_call(ctx, ns_caller, lr);
+ return tfm_spm_psa_call(ctx, lr);
case TFM_SVC_PSA_CLOSE:
- tfm_spm_psa_close(ctx, ns_caller);
+ tfm_spm_psa_close(ctx);
break;
case TFM_SVC_PSA_WAIT:
return tfm_spm_psa_wait(ctx);
diff --git a/secure_fw/spm/cmsis_psa/tfm_rpc.c b/secure_fw/spm/cmsis_psa/tfm_rpc.c
index c9919b2..8303009 100644
--- a/secure_fw/spm/cmsis_psa/tfm_rpc.c
+++ b/secure_fw/spm/cmsis_psa/tfm_rpc.c
@@ -39,39 +39,35 @@
return tfm_spm_client_psa_framework_version();
}
-uint32_t tfm_rpc_psa_version(const struct client_call_params_t *params,
- bool ns_caller)
+uint32_t tfm_rpc_psa_version(const struct client_call_params_t *params)
{
TFM_CORE_ASSERT(params != NULL);
- return tfm_spm_client_psa_version(params->sid, ns_caller);
+ return tfm_spm_client_psa_version(params->sid);
}
-psa_status_t tfm_rpc_psa_connect(const struct client_call_params_t *params,
- bool ns_caller)
+psa_status_t tfm_rpc_psa_connect(const struct client_call_params_t *params)
{
TFM_CORE_ASSERT(params != NULL);
- return tfm_spm_client_psa_connect(params->sid, params->version, ns_caller);
+ return tfm_spm_client_psa_connect(params->sid, params->version);
}
-psa_status_t tfm_rpc_psa_call(const struct client_call_params_t *params,
- bool ns_caller)
+psa_status_t tfm_rpc_psa_call(const struct client_call_params_t *params)
{
TFM_CORE_ASSERT(params != NULL);
return tfm_spm_client_psa_call(params->handle, params->type,
params->in_vec, params->in_len,
- params->out_vec, params->out_len, ns_caller,
+ params->out_vec, params->out_len,
TFM_PARTITION_UNPRIVILEGED_MODE);
}
-void tfm_rpc_psa_close(const struct client_call_params_t *params,
- bool ns_caller)
+void tfm_rpc_psa_close(const struct client_call_params_t *params)
{
TFM_CORE_ASSERT(params != NULL);
- tfm_spm_client_psa_close(params->handle, ns_caller);
+ tfm_spm_client_psa_close(params->handle);
}
int32_t tfm_rpc_register_ops(const struct tfm_rpc_ops_t *ops_ptr)
diff --git a/secure_fw/spm/cmsis_psa/tfm_rpc.h b/secure_fw/spm/cmsis_psa/tfm_rpc.h
index c07ac82..8fb0fad 100644
--- a/secure_fw/spm/cmsis_psa/tfm_rpc.h
+++ b/secure_fw/spm/cmsis_psa/tfm_rpc.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -72,20 +72,17 @@
* \brief RPC handler for \ref psa_version.
*
* \param[in] params Base address of parameters
- * \param[in] ns_caller If 'true', indicate the non-secure caller
*
* \retval PSA_VERSION_NONE The RoT Service is not implemented, or the
* caller is not permitted to access the service.
* \retval > 0 The version of the implemented RoT Service.
*/
-uint32_t tfm_rpc_psa_version(const struct client_call_params_t *params,
- bool ns_caller);
+uint32_t tfm_rpc_psa_version(const struct client_call_params_t *params);
/**
* \brief RPC handler for \ref psa_connect.
*
* \param[in] params Base address of parameters
- * \param[in] ns_caller If 'true', indicate the non-secure caller
*
* \retval PSA_SUCCESS Success.
* \retval PSA_CONNECTION_BUSY The SPM cannot make the connection
@@ -94,14 +91,12 @@
* supported, or the caller is not permitted to
* access the service.
*/
-psa_status_t tfm_rpc_psa_connect(const struct client_call_params_t *params,
- bool ns_caller);
+psa_status_t tfm_rpc_psa_connect(const struct client_call_params_t *params);
/**
* \brief RPC handler for \ref psa_call.
*
* \param[in] params Base address of parameters
- * \param[in] ns_caller If 'true', indicate the non-secure caller
*
* \retval PSA_SUCCESS Success.
* \retval "Does not return" The call is invalid, one or more of the
@@ -113,14 +108,12 @@
* \arg The message is unrecognized or
* incorrectly formatted.
*/
-psa_status_t tfm_rpc_psa_call(const struct client_call_params_t *params,
- bool ns_caller);
+psa_status_t tfm_rpc_psa_call(const struct client_call_params_t *params);
/**
* \brief RPC handler for \ref psa_close.
*
* \param[in] params Base address of parameters
- * \param[in] ns_caller If 'true', indicate the non-secure caller
*
* \retval void Success.
* \retval "Does not return" The call is invalid, one or more of the
@@ -128,8 +121,7 @@
* \arg An invalid handle was provided that is not
* the null handle..
*/
-void tfm_rpc_psa_close(const struct client_call_params_t *params,
- bool ns_caller);
+void tfm_rpc_psa_close(const struct client_call_params_t *params);
/**
* \brief Register underlying mailbox communication operations.
diff --git a/secure_fw/spm/cmsis_psa/tfm_spe_mailbox.c b/secure_fw/spm/cmsis_psa/tfm_spe_mailbox.c
index 5580169..c4eb2e1 100644
--- a/secure_fw/spm/cmsis_psa/tfm_spe_mailbox.c
+++ b/secure_fw/spm/cmsis_psa/tfm_spe_mailbox.c
@@ -14,8 +14,6 @@
#include "tfm_rpc.h"
#include "tfm_multi_core.h"
-#define NS_CALLER_FLAG (true)
-
static struct secure_mailbox_queue_t spe_mailbox_queue;
static int32_t tfm_mailbox_dispatch(uint32_t call_type,
@@ -36,12 +34,12 @@
return MAILBOX_SUCCESS;
case MAILBOX_PSA_VERSION:
spm_params.sid = params->psa_version_params.sid;
- *psa_ret = tfm_rpc_psa_version(&spm_params, NS_CALLER_FLAG);
+ *psa_ret = tfm_rpc_psa_version(&spm_params);
return MAILBOX_SUCCESS;
case MAILBOX_PSA_CONNECT:
spm_params.sid = params->psa_connect_params.sid;
spm_params.version = params->psa_connect_params.version;
- *psa_ret = tfm_rpc_psa_connect(&spm_params, NS_CALLER_FLAG);
+ *psa_ret = tfm_rpc_psa_connect(&spm_params);
return MAILBOX_SUCCESS;
case MAILBOX_PSA_CALL:
spm_params.handle = params->psa_call_params.handle;
@@ -50,11 +48,11 @@
spm_params.in_len = params->psa_call_params.in_len;
spm_params.out_vec = params->psa_call_params.out_vec;
spm_params.out_len = params->psa_call_params.out_len;
- *psa_ret = tfm_rpc_psa_call(&spm_params, NS_CALLER_FLAG);
+ *psa_ret = tfm_rpc_psa_call(&spm_params);
return MAILBOX_SUCCESS;
case MAILBOX_PSA_CLOSE:
spm_params.handle = params->psa_close_params.handle;
- tfm_rpc_psa_close(&spm_params, NS_CALLER_FLAG);
+ tfm_rpc_psa_close(&spm_params);
return MAILBOX_SUCCESS;
default:
return MAILBOX_INVAL_PARAMS;
diff --git a/secure_fw/spm/ffm/psa_api.c b/secure_fw/spm/ffm/psa_api.c
index eee754b..54ea1d6 100644
--- a/secure_fw/spm/ffm/psa_api.c
+++ b/secure_fw/spm/ffm/psa_api.c
@@ -8,6 +8,7 @@
#include "bitops.h"
#include "psa/service.h"
#include "spm_ipc.h"
+#include "tfm_arch.h"
#include "tfm_core_utils.h"
#include "load/partition_defs.h"
#include "load/service_defs.h"
@@ -29,9 +30,10 @@
return PSA_FRAMEWORK_VERSION;
}
-uint32_t tfm_spm_client_psa_version(uint32_t sid, bool ns_caller)
+uint32_t tfm_spm_client_psa_version(uint32_t sid)
{
struct service_t *service;
+ bool ns_caller = tfm_spm_is_ns_caller();
/*
* It should return PSA_VERSION_NONE if the RoT Service is not
@@ -53,14 +55,14 @@
return service->p_ldinf->version;
}
-psa_status_t tfm_spm_client_psa_connect(uint32_t sid, uint32_t version,
- bool ns_caller)
+psa_status_t tfm_spm_client_psa_connect(uint32_t sid, uint32_t version)
{
struct service_t *service;
struct tfm_msg_body_t *msg;
struct tfm_conn_handle_t *connect_handle;
int32_t client_id;
psa_handle_t handle;
+ bool ns_caller = tfm_spm_is_ns_caller();
/*
* It is a PROGRAMMER ERROR if the RoT Service does not exist on the
@@ -130,7 +132,7 @@
psa_status_t tfm_spm_client_psa_call(psa_handle_t handle, int32_t type,
const psa_invec *inptr, size_t in_num,
psa_outvec *outptr, size_t out_num,
- bool ns_caller, uint32_t privileged)
+ uint32_t privileged)
{
psa_invec invecs[PSA_MAX_IOVEC];
psa_outvec outvecs[PSA_MAX_IOVEC];
@@ -140,6 +142,12 @@
int i, j;
int32_t client_id;
uint32_t sid, version, index;
+ bool ns_caller = tfm_spm_is_ns_caller();
+
+ /* The request type must be zero or positive. */
+ if (type < 0) {
+ TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_PROGRAMMER_ERROR);
+ }
/* It is a PROGRAMMER ERROR if in_len + out_len > PSA_MAX_IOVEC. */
if ((in_num > PSA_MAX_IOVEC) ||
@@ -312,12 +320,13 @@
return PSA_SUCCESS;
}
-void tfm_spm_client_psa_close(psa_handle_t handle, bool ns_caller)
+void tfm_spm_client_psa_close(psa_handle_t handle)
{
struct service_t *service;
struct tfm_msg_body_t *msg;
struct tfm_conn_handle_t *conn_handle;
int32_t client_id;
+ bool ns_caller = tfm_spm_is_ns_caller();
/* It will have no effect if called with the NULL handle */
if (handle == PSA_NULL_HANDLE) {
diff --git a/secure_fw/spm/ffm/psa_api.h b/secure_fw/spm/ffm/psa_api.h
index e01bc9f..856977c 100644
--- a/secure_fw/spm/ffm/psa_api.h
+++ b/secure_fw/spm/ffm/psa_api.h
@@ -37,22 +37,18 @@
* \brief handler for \ref psa_version.
*
* \param[in] sid RoT Service identity.
- * \param[in] ns_caller If 'true', call from non-secure client.
- * Otherwise from secure client.
*
* \retval PSA_VERSION_NONE The RoT Service is not implemented, or the
* caller is not permitted to access the service.
* \retval > 0 The version of the implemented RoT Service.
*/
-uint32_t tfm_spm_client_psa_version(uint32_t sid, bool ns_caller);
+uint32_t tfm_spm_client_psa_version(uint32_t sid);
/**
* \brief handler for \ref psa_connect.
*
* \param[in] sid RoT Service identity.
* \param[in] version The version of the RoT Service.
- * \param[in] ns_caller If 'true', call from non-secure client.
- * Otherwise from secure client.
*
* \retval PSA_SUCCESS Success.
* \retval PSA_ERROR_CONNECTION_REFUSED The SPM or RoT Service has refused the
@@ -63,8 +59,7 @@
* supported, or the caller is not permitted to
* access the service.
*/
-psa_status_t tfm_spm_client_psa_connect(uint32_t sid, uint32_t version,
- bool ns_caller);
+psa_status_t tfm_spm_client_psa_connect(uint32_t sid, uint32_t version);
/**
* \brief handler for \ref psa_call.
@@ -81,8 +76,6 @@
* \ref psa_outvec
* \param[in] out_num Number of outut psa_outvec structures.
* \ref psa_outvec
- * \param[in] ns_caller If 'true', call from non-secure client.
- * Otherwise from secure client.
* \param[in] privileged Privileged mode or unprivileged mode:
* \ref TFM_PARTITION_UNPRIVILEGED_MODE
* \ref TFM_PARTITION_PRIVILEGED_MODE
@@ -100,15 +93,13 @@
psa_status_t tfm_spm_client_psa_call(psa_handle_t handle, int32_t type,
const psa_invec *inptr, size_t in_num,
psa_outvec *outptr, size_t out_num,
- bool ns_caller, uint32_t privileged);
+ uint32_t privileged);
/**
* \brief handler for \ref psa_close.
*
* \param[in] handle Service handle to the connection to be closed,
* \ref psa_handle_t
- * \param[in] ns_caller If 'true', call from non-secure client.
- * Otherwise from secure client.
*
* \retval void Success.
* \retval "Does not return" The call is invalid, one or more of the
@@ -117,7 +108,7 @@
* the null handle.
* \arg The connection is handling a request.
*/
-void tfm_spm_client_psa_close(psa_handle_t handle, bool ns_caller);
+void tfm_spm_client_psa_close(psa_handle_t handle);
/* PSA Partition API function body, for privileged use only. */
diff --git a/secure_fw/spm/ffm/psa_api_svc.c b/secure_fw/spm/ffm/psa_api_svc.c
index 12fa95c..ef242f7 100644
--- a/secure_fw/spm/ffm/psa_api_svc.c
+++ b/secure_fw/spm/ffm/psa_api_svc.c
@@ -36,17 +36,17 @@
return tfm_spm_client_psa_framework_version();
}
-uint32_t tfm_spm_psa_version(uint32_t *args, bool ns_caller)
+uint32_t tfm_spm_psa_version(uint32_t *args)
{
uint32_t sid;
TFM_CORE_ASSERT(args != NULL);
sid = (uint32_t)args[0];
- return tfm_spm_client_psa_version(sid, ns_caller);
+ return tfm_spm_client_psa_version(sid);
}
-psa_status_t tfm_spm_psa_connect(uint32_t *args, bool ns_caller)
+psa_status_t tfm_spm_psa_connect(uint32_t *args)
{
uint32_t sid;
uint32_t version;
@@ -55,10 +55,10 @@
sid = (uint32_t)args[0];
version = (uint32_t)args[1];
- return tfm_spm_client_psa_connect(sid, version, ns_caller);
+ return tfm_spm_client_psa_connect(sid, version);
}
-psa_status_t tfm_spm_psa_call(uint32_t *args, bool ns_caller, uint32_t lr)
+psa_status_t tfm_spm_psa_call(uint32_t *args, uint32_t lr)
{
psa_handle_t handle;
psa_invec *inptr;
@@ -84,23 +84,18 @@
inptr = (psa_invec *)args[2];
outptr = (psa_outvec *)args[3];
- /* The request type must be zero or positive. */
- if (type < 0) {
- TFM_PROGRAMMER_ERROR(ns_caller, PSA_ERROR_PROGRAMMER_ERROR);
- }
-
return tfm_spm_client_psa_call(handle, type, inptr, in_num, outptr, out_num,
- ns_caller, privileged);
+ privileged);
}
-void tfm_spm_psa_close(uint32_t *args, bool ns_caller)
+void tfm_spm_psa_close(uint32_t *args)
{
psa_handle_t handle;
TFM_CORE_ASSERT(args != NULL);
handle = args[0];
- tfm_spm_client_psa_close(handle, ns_caller);
+ tfm_spm_client_psa_close(handle);
}
/****** SVC-use only. SVC args unstacking for PSA Partition APIs ******/
diff --git a/secure_fw/spm/ffm/psa_api_svc.h b/secure_fw/spm/ffm/psa_api_svc.h
index 5d7bccf..fea1238 100644
--- a/secure_fw/spm/ffm/psa_api_svc.h
+++ b/secure_fw/spm/ffm/psa_api_svc.h
@@ -34,22 +34,18 @@
* \brief SVC handler for \ref psa_version.
*
* \param[in] args Include all input arguments: sid.
- * \param[in] ns_caller If 'true', call from non-secure client.
- * Or from secure client.
*
* \retval PSA_VERSION_NONE The RoT Service is not implemented, or the
* caller is not permitted to access the service.
* \retval > 0 The version of the implemented RoT Service.
*/
-uint32_t tfm_spm_psa_version(uint32_t *args, bool ns_caller);
+uint32_t tfm_spm_psa_version(uint32_t *args);
/**
* \brief SVC handler for \ref psa_connect.
*
* \param[in] args Include all input arguments:
* sid, version.
- * \param[in] ns_caller If 'true', call from non-secure client.
- * Or from secure client.
*
* \retval PSA_SUCCESS Success.
* \retval PSA_ERROR_CONNECTION_REFUSED The SPM or RoT Service has refused the
@@ -60,15 +56,13 @@
* supported, or the caller is not permitted to
* access the service.
*/
-psa_status_t tfm_spm_psa_connect(uint32_t *args, bool ns_caller);
+psa_status_t tfm_spm_psa_connect(uint32_t *args);
/**
* \brief SVC handler for \ref psa_call.
*
* \param[in] args Include all input arguments:
* handle, in_vec, in_len, out_vec, out_len.
- * \param[in] ns_caller If 'true', call from non-secure client.
- * Or from secure client.
* \param[in] lr EXC_RETURN value of the SVC.
*
* \retval >=0 RoT Service-specific status value.
@@ -84,14 +78,12 @@
* \arg The message is unrecognized by the RoT
* Service or incorrectly formatted.
*/
-psa_status_t tfm_spm_psa_call(uint32_t *args, bool ns_caller, uint32_t lr);
+psa_status_t tfm_spm_psa_call(uint32_t *args, uint32_t lr);
/**
* \brief SVC handler for \ref psa_close.
*
* \param[in] args Include all input arguments: handle.
- * \param[in] ns_caller If 'true', call from non-secure client.
- * Or from secure client.
*
* \retval void Success.
* \retval "Does not return" The call is invalid, one or more of the
@@ -100,7 +92,7 @@
* the null handle.
* \arg The connection is handling a request.
*/
-void tfm_spm_psa_close(uint32_t *args, bool ns_caller);
+void tfm_spm_psa_close(uint32_t *args);
/* Svcall for PSA Partition APIs */
diff --git a/secure_fw/spm/include/tfm_arch_v8m.h b/secure_fw/spm/include/tfm_arch_v8m.h
index 5fbc2b2..e615c3c 100644
--- a/secure_fw/spm/include/tfm_arch_v8m.h
+++ b/secure_fw/spm/include/tfm_arch_v8m.h
@@ -40,6 +40,11 @@
EXC_RETURN_STACK_MAIN | EXC_RETURN_RES0 | \
EXC_RETURN_EXC_SECURE
+/* Exception numbers */
+#define EXC_NUM_THREAD_MODE (0)
+#define EXC_NUM_SVCALL (11)
+#define EXC_NUM_PENDSV (14)
+
#if defined(__ARM_ARCH_8_1M_MAIN__) || defined(__ARM_ARCH_8M_MAIN__)
struct tfm_arch_ctx_t {
uint32_t r4;