Core: Add lifecycle API
Add the lifecycle related macros and APIs and only return
PSA_LIFECYCLE_UNKNOWN to the caller. It will be implemented in the
future.
Change-Id: Ia3e327f88c559ac6611ddabf2fb9e8c5150619eb
Signed-off-by: Shawn Shan <shawn.shan@arm.com>
diff --git a/interface/include/psa/lifecycle.h b/interface/include/psa/lifecycle.h
new file mode 100644
index 0000000..a892c49
--- /dev/null
+++ b/interface/include/psa/lifecycle.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __PSA_LIFECYCLE_H__
+#define __PSA_LIFECYCLE_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define PSA_LIFECYCLE_PSA_STATE_MASK (0xff00u)
+#define PSA_LIFECYCLE_IMP_STATE_MASK (0x00ffu)
+#define PSA_LIFECYCLE_UNKNOWN (0x0000u)
+#define PSA_LIFECYCLE_ASSEMBLY_AND_TEST (0x1000u)
+#define PSA_LIFECYCLE_PSA_ROT_PROVISIONING (0x2000u)
+#define PSA_LIFECYCLE_SECURED (0x3000u)
+#define PSA_LIFECYCLE_NON_PSA_ROT_DEBUG (0x4000u)
+#define PSA_LIFECYCLE_RECOVERABLE_PSA_ROT_DEBUG (0x5000u)
+#define PSA_LIFECYCLE_DECOMMISSIONED (0x6000u)
+
+/*
+ * \brief This function retrieves the current PSA RoT lifecycle state.
+ *
+ * \return state The current security lifecycle state of the PSA
+ * RoT. The PSA state and implementation state are
+ * encoded as follows:
+ * \arg state[15:8] – PSA lifecycle state
+ * \arg state[7:0] – IMPLEMENTATION DEFINED state
+ */
+uint32_t psa_rot_lifecycle_state(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __PSA_LIFECYCLE_H__ */
diff --git a/interface/src/psa/psa_lifecycle.c b/interface/src/psa/psa_lifecycle.c
new file mode 100644
index 0000000..928a000
--- /dev/null
+++ b/interface/src/psa/psa_lifecycle.c
@@ -0,0 +1,17 @@
+/*
+ * Copyright (c) 2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+#include <inttypes.h>
+#include "psa/lifecycle.h"
+#include "core/tfm_core_svc.h"
+
+__attribute__((naked))
+uint32_t psa_rot_lifecycle_state(void)
+{
+ __ASM volatile("SVC %0 \n"
+ "BX LR \n"
+ : : "I" (TFM_SVC_PSA_LIFECYCLE));
+}
diff --git a/secure_fw/core/ipc/include/tfm_svcalls.h b/secure_fw/core/ipc/include/tfm_svcalls.h
index 5fd9628..3532296 100644
--- a/secure_fw/core/ipc/include/tfm_svcalls.h
+++ b/secure_fw/core/ipc/include/tfm_svcalls.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -91,6 +91,14 @@
void tfm_svcall_psa_close(uint32_t *args, bool ns_caller);
/**
+ * \brief SVC handler for \ref psa_rot_lifecycle_state.
+ *
+ * \return state The current security lifecycle state of the PSA
+ * RoT.
+ */
+uint32_t tfm_svcall_get_lifecycle_state(void);
+
+/**
* \brief SVC handler for IPC functions
*
* \param[in] svc_num SVC number.
diff --git a/secure_fw/core/ipc/tfm_svcalls.c b/secure_fw/core/ipc/tfm_svcalls.c
index adb5719..397261c 100644
--- a/secure_fw/core/ipc/tfm_svcalls.c
+++ b/secure_fw/core/ipc/tfm_svcalls.c
@@ -133,6 +133,11 @@
return tfm_psa_close(handle, ns_caller);
}
+uint32_t tfm_svcall_get_lifecycle_state(void)
+{
+ return tfm_spm_get_lifecycle_state();
+}
+
/*********************** SVC handler for PSA Service APIs ********************/
/**
@@ -1096,6 +1101,8 @@
case TFM_SVC_SPM_REQUEST:
tfm_core_spm_request_handler((const struct tfm_state_context_t *)ctx);
break;
+ case TFM_SVC_PSA_LIFECYCLE:
+ return tfm_svcall_get_lifecycle_state();
default:
#ifdef PLATFORM_SVC_HANDLERS
return (platform_svc_handlers(svc_num, ctx, lr));
diff --git a/secure_fw/include/core/tfm_core_svc.h b/secure_fw/include/core/tfm_core_svc.h
index affbe31..f5a1c85 100644
--- a/secure_fw/include/core/tfm_core_svc.h
+++ b/secure_fw/include/core/tfm_core_svc.h
@@ -42,6 +42,7 @@
TFM_SVC_PSA_NOTIFY,
TFM_SVC_PSA_CLEAR,
TFM_SVC_PSA_PANIC,
+ TFM_SVC_PSA_LIFECYCLE,
#endif
TFM_SVC_PLATFORM_BASE = 50 /* leave room for additional Core handlers */
} tfm_svc_number_t;
diff --git a/secure_fw/lib/sprt/CMakeLists.inc b/secure_fw/lib/sprt/CMakeLists.inc
index 55ae920..23b725a 100644
--- a/secure_fw/lib/sprt/CMakeLists.inc
+++ b/secure_fw/lib/sprt/CMakeLists.inc
@@ -1,5 +1,5 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2019, Arm Limited. All rights reserved.
+# Copyright (c) 2019-2020, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -34,6 +34,7 @@
list(APPEND LIBSPRT_C_SRC
"${TFM_ROOT_DIR}/interface/src/psa/psa_client.c"
"${TFM_ROOT_DIR}/interface/src/psa/psa_service.c"
+ "${TFM_ROOT_DIR}/interface/src/psa/psa_lifecycle.c"
)
endif()
diff --git a/secure_fw/spm/spm_api.c b/secure_fw/spm/spm_api.c
index f162890..044e336 100644
--- a/secure_fw/spm/spm_api.c
+++ b/secure_fw/spm/spm_api.c
@@ -19,6 +19,7 @@
#include "tfm_core.h"
#include "tfm_peripherals_def.h"
#include "spm_partition_defs.h"
+#include "psa/lifecycle.h"
#define NON_SECURE_INTERNAL_PARTITION_DB_IDX 0
#define TFM_CORE_INTERNAL_PARTITION_DB_IDX 1
@@ -106,6 +107,15 @@
TFM_PARTITION_PRIVILEGED_MODE;
}
+uint32_t tfm_spm_get_lifecycle_state(void)
+{
+ /*
+ * FixMe: return PSA_LIFECYCLE_UNKNOWN to the caller directly. It will be
+ * implemented in the future.
+ */
+ return PSA_LIFECYCLE_UNKNOWN;
+}
+
__attribute__((section("SFN")))
void tfm_spm_partition_change_privilege(uint32_t privileged)
{
diff --git a/secure_fw/spm/spm_api.h b/secure_fw/spm/spm_api.h
index 56a112a..33118b1 100644
--- a/secure_fw/spm/spm_api.h
+++ b/secure_fw/spm/spm_api.h
@@ -687,6 +687,18 @@
*/
uint32_t tfm_spm_init(void);
+
+/*
+ * \brief This function get the current PSA RoT lifecycle state.
+ *
+ * \return state The current security lifecycle state of the PSA
+ * RoT. The PSA state and implementation state are
+ * encoded as follows:
+ * \arg state[15:8] – PSA lifecycle state
+ * \arg state[7:0] – IMPLEMENTATION DEFINED state
+ */
+uint32_t tfm_spm_get_lifecycle_state(void);
+
#endif /* ifdef(TFM_PSA_API) */
#endif /*__SPM_API_H__ */