Attestation: Implement Attest services with static handle
Change Initial Attestation services to one stateless service.
Change-Id: Ie4578df8c4295e8c8e74c96c8caeb946bfc1e637
Signed-off-by: Shawn Shan <Shawn.Shan@arm.com>
diff --git a/interface/include/tfm_attest_defs.h b/interface/include/tfm_attest_defs.h
new file mode 100644
index 0000000..dad7769
--- /dev/null
+++ b/interface/include/tfm_attest_defs.h
@@ -0,0 +1,23 @@
+/*
+ * Copyright (c) 2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __TFM_ATTEST_DEFS_H__
+#define __TFM_ATTEST_DEFS_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Initial Attestation message types that distinguish Attest services. */
+#define TFM_ATTEST_GET_TOKEN 1001
+#define TFM_ATTEST_GET_TOKEN_SIZE 1002
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __TFM_ATTEST_DEFS_H__ */
diff --git a/interface/src/tfm_initial_attestation_ipc_api.c b/interface/src/tfm_initial_attestation_ipc_api.c
index 43c9b0e..81c1455 100644
--- a/interface/src/tfm_initial_attestation_ipc_api.c
+++ b/interface/src/tfm_initial_attestation_ipc_api.c
@@ -10,6 +10,7 @@
#include "psa/client.h"
#include "psa/crypto_types.h"
#include "psa_manifest/sid.h"
+#include "tfm_attest_defs.h"
psa_status_t
psa_initial_attest_get_token(const uint8_t *auth_challenge,
@@ -18,7 +19,6 @@
size_t token_buf_size,
size_t *token_size)
{
- psa_handle_t handle = PSA_NULL_HANDLE;
psa_status_t status;
psa_invec in_vec[] = {
@@ -28,16 +28,9 @@
{token_buf, token_buf_size}
};
- handle = psa_connect(TFM_ATTEST_GET_TOKEN_SID,
- TFM_ATTEST_GET_TOKEN_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_HANDLE_TO_ERROR(handle);
- }
-
- status = psa_call(handle, PSA_IPC_CALL,
+ status = psa_call(TFM_ATTESTATION_SERVICE_HANDLE, TFM_ATTEST_GET_TOKEN,
in_vec, IOVEC_LEN(in_vec),
out_vec, IOVEC_LEN(out_vec));
- psa_close(handle);
if (status == PSA_SUCCESS) {
*token_size = out_vec[0].len;
@@ -59,16 +52,9 @@
{token_size, sizeof(size_t)}
};
- handle = psa_connect(TFM_ATTEST_GET_TOKEN_SIZE_SID,
- TFM_ATTEST_GET_TOKEN_SIZE_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_HANDLE_TO_ERROR(handle);
- }
-
- status = psa_call(handle, PSA_IPC_CALL,
+ status = psa_call(TFM_ATTESTATION_SERVICE_HANDLE, TFM_ATTEST_GET_TOKEN_SIZE,
in_vec, IOVEC_LEN(in_vec),
out_vec, IOVEC_LEN(out_vec));
- psa_close(handle);
return status;
}
diff --git a/secure_fw/partitions/initial_attestation/tfm_attest_req_mngr.c b/secure_fw/partitions/initial_attestation/tfm_attest_req_mngr.c
index dc14e41..d33db15 100644
--- a/secure_fw/partitions/initial_attestation/tfm_attest_req_mngr.c
+++ b/secure_fw/partitions/initial_attestation/tfm_attest_req_mngr.c
@@ -16,6 +16,7 @@
#include "psa/service.h"
#include "psa_manifest/tfm_initial_attestation.h"
#include "region_defs.h"
+#include "tfm_attest_defs.h"
#define ECC_P256_PUBLIC_KEY_SIZE PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(256)
@@ -108,22 +109,20 @@
;
}
-static void attest_signal_handle(psa_signal_t signal, attest_func_t pfn)
+static void attest_signal_handle(psa_signal_t signal)
{
psa_msg_t msg;
psa_status_t status;
status = psa_get(signal, &msg);
switch (msg.type) {
- case PSA_IPC_CONNECT:
- psa_reply(msg.handle, PSA_SUCCESS);
- break;
- case PSA_IPC_CALL:
- status = (psa_status_t)pfn(&msg);
+ case TFM_ATTEST_GET_TOKEN:
+ status = psa_attest_get_token(&msg);
psa_reply(msg.handle, status);
break;
- case PSA_IPC_DISCONNECT:
- psa_reply(msg.handle, PSA_SUCCESS);
+ case TFM_ATTEST_GET_TOKEN_SIZE:
+ status = psa_attest_get_token_size(&msg);
+ psa_reply(msg.handle, status);
break;
default:
tfm_abort();
@@ -143,12 +142,8 @@
while (1) {
signals = psa_wait(PSA_WAIT_ANY, PSA_BLOCK);
- if (signals & TFM_ATTEST_GET_TOKEN_SIGNAL) {
- attest_signal_handle(TFM_ATTEST_GET_TOKEN_SIGNAL,
- psa_attest_get_token);
- } else if (signals & TFM_ATTEST_GET_TOKEN_SIZE_SIGNAL) {
- attest_signal_handle(TFM_ATTEST_GET_TOKEN_SIZE_SIGNAL,
- psa_attest_get_token_size);
+ if (signals & TFM_ATTESTATION_SERVICE_SIGNAL) {
+ attest_signal_handle(TFM_ATTESTATION_SERVICE_SIGNAL);
} else {
tfm_abort();
}
diff --git a/secure_fw/partitions/initial_attestation/tfm_attest_secure_api.c b/secure_fw/partitions/initial_attestation/tfm_attest_secure_api.c
index ab32645..1e8c642 100644
--- a/secure_fw/partitions/initial_attestation/tfm_attest_secure_api.c
+++ b/secure_fw/partitions/initial_attestation/tfm_attest_secure_api.c
@@ -12,6 +12,7 @@
#ifdef TFM_PSA_API
#include "psa/client.h"
#include "psa_manifest/sid.h"
+#include "tfm_attest_defs.h"
#else
#include "tfm_veneers.h"
#endif
@@ -33,18 +34,12 @@
};
#ifdef TFM_PSA_API
- psa_handle_t handle = PSA_NULL_HANDLE;
- handle = psa_connect(TFM_ATTEST_GET_TOKEN_SID,
- TFM_ATTEST_GET_TOKEN_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_HANDLE_TO_ERROR(handle);
- }
- status = psa_call(handle, PSA_IPC_CALL,
+ status = psa_call(TFM_ATTESTATION_SERVICE_HANDLE, TFM_ATTEST_GET_TOKEN,
in_vec, IOVEC_LEN(in_vec),
out_vec, IOVEC_LEN(out_vec));
- psa_close(handle);
#else
+
status = tfm_initial_attest_get_token_veneer(in_vec, IOVEC_LEN(in_vec),
out_vec, IOVEC_LEN(out_vec));
#endif
@@ -68,17 +63,10 @@
};
#ifdef TFM_PSA_API
- psa_handle_t handle = PSA_NULL_HANDLE;
- handle = psa_connect(TFM_ATTEST_GET_TOKEN_SIZE_SID,
- TFM_ATTEST_GET_TOKEN_SIZE_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_HANDLE_TO_ERROR(handle);
- }
- status = psa_call(handle, PSA_IPC_CALL,
+ status = psa_call(TFM_ATTESTATION_SERVICE_HANDLE, TFM_ATTEST_GET_TOKEN_SIZE,
in_vec, IOVEC_LEN(in_vec),
out_vec, IOVEC_LEN(out_vec));
- psa_close(handle);
#else
status = tfm_initial_attest_get_token_size_veneer(in_vec, IOVEC_LEN(in_vec),
diff --git a/secure_fw/partitions/initial_attestation/tfm_initial_attestation.yaml b/secure_fw/partitions/initial_attestation/tfm_initial_attestation.yaml
index d50bb80..9bb716d 100644
--- a/secure_fw/partitions/initial_attestation/tfm_initial_attestation.yaml
+++ b/secure_fw/partitions/initial_attestation/tfm_initial_attestation.yaml
@@ -6,10 +6,11 @@
#-------------------------------------------------------------------------------
{
- "psa_framework_version": 1.0,
+ "psa_framework_version": 1.1,
"name": "TFM_SP_INITIAL_ATTESTATION",
"type": "PSA-ROT",
"priority": "NORMAL",
+ "model": "IPC",
"entry_point": "attest_partition_init",
"stack_size": "0x0A80",
"secure_functions": [
@@ -32,19 +33,14 @@
],
"services": [
{
- "name": "TFM_ATTEST_GET_TOKEN",
+ "name": "TFM_ATTESTATION_SERVICE",
"sid": "0x00000020",
"non_secure_clients": true,
+ "connection_based": false,
+ "stateless_handle": 4,
"version": 1,
"version_policy": "STRICT"
- },
- {
- "name": "TFM_ATTEST_GET_TOKEN_SIZE",
- "sid": "0x00000021",
- "non_secure_clients": true,
- "version": 1,
- "version_policy": "STRICT"
- },
+ }
],
"dependencies": [
"TFM_CRYPTO"