Attest: Introduce PSA error codes

This change addresses the compliance with PSA initial attestation
API 1.0.0 version. It replaces the existing psa_attest_err_t enum
values with the error codes that are detailed in the
interface/include/psa/error.h file.

Change-Id: I1795331e7081589371c82f0e56655db6a543edd3
Signed-off-by: Sverteczky, Marcell <marcell.sverteczky@arm.com>
Signed-off-by: Raef Coles <raef.coles@arm.com>
diff --git a/docs/user_guides/services/tfm_attestation_integration_guide.rst b/docs/user_guides/services/tfm_attestation_integration_guide.rst
index 80af21e..cae3d2e 100644
--- a/docs/user_guides/services/tfm_attestation_integration_guide.rst
+++ b/docs/user_guides/services/tfm_attestation_integration_guide.rst
@@ -196,17 +196,17 @@
 
 .. code-block:: c
 
-    enum psa_attest_err_t
+    psa_status_t
     psa_initial_attest_get_token(const uint8_t *challenge_obj,
         uint32_t challenge_size,
         uint8_t  *token,
         uint32_t *token_size);
 
-    enum psa_attest_err_t
+    psa_status_t
     psa_initial_attest_get_token_size(uint32_t challenge_size,
         uint32_t *token_size);
 
-    enum psa_attest_err_t
+    psa_status_t
     tfm_initial_attest_get_public_key(uint8_t         *public_key,
                                       size_t           public_key_buf_size,
                                       size_t          *public_key_len,
diff --git a/interface/include/psa/initial_attestation.h b/interface/include/psa/initial_attestation.h
index 4dd247b..aa4a414 100644
--- a/interface/include/psa/initial_attestation.h
+++ b/interface/include/psa/initial_attestation.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  *
@@ -33,35 +33,6 @@
 #define PSA_INITIAL_ATTEST_API_VERSION_MINOR (0)
 
 /**
- * \enum psa_attest_err_t
- *
- * \brief Initial attestation service error types
- *
- */
-enum psa_attest_err_t {
-    /** Action was performed successfully */
-    PSA_ATTEST_ERR_SUCCESS = 0,
-    /** Boot status data is unavailable or malformed */
-    PSA_ATTEST_ERR_INIT_FAILED,
-    /** Token buffer is too small to store the created token there */
-    PSA_ATTEST_ERR_TOKEN_BUFFER_OVERFLOW,
-    /** Attestation key buffer is too small to store the obtained key there */
-    PSA_ATTEST_ERR_KEY_BUFFER_OVERFLOW,
-    /** Some of the mandatory claims are unavailable */
-    PSA_ATTEST_ERR_CLAIM_UNAVAILABLE,
-    /** Some parameter or combination of parameters are recognised as invalid:
-     * - challenge size is not allowed
-     * - challenge object is unavailable
-     * - token buffer is unavailable
-     */
-    PSA_ATTEST_ERR_INVALID_INPUT,
-    /** Unexpected error happened during operation */
-    PSA_ATTEST_ERR_GENERAL,
-    /** Following entry is only to ensure the error code of integer size */
-    PSA_ATTEST_ERR_FORCE_INT_SIZE = INT_MAX
-};
-
-/**
  * The allowed size of input challenge in bytes: 32, 48, 64
  * Challenge can be a nonce from server
  * or the hash of some combined data : nonce + attested data by caller.
@@ -197,9 +168,9 @@
  *                                updated by initial attestation service with
  *                                final token size.
  *
- * \return Returns error code as specified in \ref psa_attest_err_t
+ * \return Returns error code as specified in \ref psa_status_t
  */
-enum psa_attest_err_t
+psa_status_t
 psa_initial_attest_get_token(const uint8_t *challenge_obj,
                              uint32_t       challenge_size,
                              uint8_t       *token,
@@ -215,9 +186,9 @@
  * \param[out]  token_size      Size of the token in bytes, which is created by
  *                              initial attestation service.
  *
- * \return Returns error code as specified in \ref psa_attest_err_t
+ * \return Returns error code as specified in \ref psa_status_t
  */
-enum psa_attest_err_t
+psa_status_t
 psa_initial_attest_get_token_size(uint32_t  challenge_size,
                                   uint32_t *token_size);
 
@@ -233,9 +204,9 @@
  *
  * \note Currently only the ECDSA P-256 over SHA-256 algorithm is supported.
  *
- * \return Returns error code as specified in \ref psa_attest_err_t
+ * \return Returns error code as specified in \ref psa_status_t
  */
-enum psa_attest_err_t
+psa_status_t
 tfm_initial_attest_get_public_key(uint8_t         *public_key,
                                   size_t           public_key_buf_size,
                                   size_t          *public_key_len,
diff --git a/interface/src/tfm_initial_attestation_func_api.c b/interface/src/tfm_initial_attestation_func_api.c
index 7292df5..cf82498 100644
--- a/interface/src/tfm_initial_attestation_func_api.c
+++ b/interface/src/tfm_initial_attestation_func_api.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  *
@@ -13,7 +13,7 @@
 
 #define IOVEC_LEN(x) (sizeof(x)/sizeof(x[0]))
 
-enum psa_attest_err_t
+psa_status_t
 psa_initial_attest_get_token(const uint8_t *challenge_obj,
                              uint32_t       challenge_size,
                              uint8_t       *token,
@@ -34,14 +34,14 @@
                                (uint32_t)in_vec,  IOVEC_LEN(in_vec),
                                (uint32_t)out_vec, IOVEC_LEN(out_vec));
 
-    if (res == (int32_t)PSA_ATTEST_ERR_SUCCESS) {
+    if (res == (int32_t)PSA_SUCCESS) {
         *token_size = out_vec[0].len;
     }
 
-    return (enum psa_attest_err_t)res;
+    return res;
 }
 
-enum psa_attest_err_t
+psa_status_t
 psa_initial_attest_get_token_size(uint32_t  challenge_size,
                                   uint32_t *token_size)
 {
@@ -52,13 +52,13 @@
         {token_size, sizeof(uint32_t)}
     };
 
-    return (enum psa_attest_err_t)tfm_ns_interface_dispatch(
+    return tfm_ns_interface_dispatch(
                             (veneer_fn)tfm_initial_attest_get_token_size_veneer,
                             (uint32_t)in_vec,  IOVEC_LEN(in_vec),
                             (uint32_t)out_vec, IOVEC_LEN(out_vec));
 }
 
-enum psa_attest_err_t
+psa_status_t
 tfm_initial_attest_get_public_key(uint8_t         *public_key,
                                   size_t           public_key_buf_size,
                                   size_t          *public_key_len,
@@ -77,5 +77,5 @@
                         (uint32_t)NULL,  0,
                         (uint32_t)out_vec, IOVEC_LEN(out_vec));
 
-    return (enum psa_attest_err_t)res;
+    return (psa_status_t) res;
 }
diff --git a/interface/src/tfm_initial_attestation_ipc_api.c b/interface/src/tfm_initial_attestation_ipc_api.c
index ed9264f..c60f8bd 100644
--- a/interface/src/tfm_initial_attestation_ipc_api.c
+++ b/interface/src/tfm_initial_attestation_ipc_api.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  *
@@ -14,7 +14,7 @@
 
 #define IOVEC_LEN(x) (sizeof(x)/sizeof(x[0]))
 
-enum psa_attest_err_t
+psa_status_t
 psa_initial_attest_get_token(const uint8_t *challenge_obj,
                              uint32_t       challenge_size,
                              uint8_t       *token,
@@ -32,8 +32,8 @@
 
     handle = psa_connect(TFM_ATTEST_GET_TOKEN_SID,
                          TFM_ATTEST_GET_TOKEN_VERSION);
-    if (handle <= 0) {
-        return PSA_ATTEST_ERR_GENERAL;
+    if (!PSA_HANDLE_IS_VALID(handle)) {
+        return PSA_HANDLE_TO_ERROR(handle);
     }
 
     status = psa_call(handle, PSA_IPC_CALL,
@@ -41,18 +41,14 @@
                       out_vec, IOVEC_LEN(out_vec));
     psa_close(handle);
 
-    if (status < PSA_SUCCESS) {
-        return PSA_ATTEST_ERR_GENERAL;
-    }
-
     if (status == PSA_SUCCESS) {
         *token_size = out_vec[0].len;
     }
 
-    return (enum psa_attest_err_t)status;
+    return status;
 }
 
-enum psa_attest_err_t
+psa_status_t
 psa_initial_attest_get_token_size(uint32_t  challenge_size,
                                   uint32_t *token_size)
 {
@@ -67,8 +63,8 @@
 
     handle = psa_connect(TFM_ATTEST_GET_TOKEN_SIZE_SID,
                          TFM_ATTEST_GET_TOKEN_SIZE_VERSION);
-    if (handle <= 0) {
-        return PSA_ATTEST_ERR_GENERAL;
+    if (!PSA_HANDLE_IS_VALID(handle)) {
+        return PSA_HANDLE_TO_ERROR(handle);
     }
 
     status = psa_call(handle, PSA_IPC_CALL,
@@ -76,14 +72,10 @@
                       out_vec, IOVEC_LEN(out_vec));
     psa_close(handle);
 
-    if (status < PSA_SUCCESS) {
-        return PSA_ATTEST_ERR_GENERAL;
-    }
-
-    return (enum psa_attest_err_t)status;
+    return status;
 }
 
-enum psa_attest_err_t
+psa_status_t
 tfm_initial_attest_get_public_key(uint8_t         *public_key,
                                   size_t           public_key_buf_size,
                                   size_t          *public_key_len,
@@ -101,7 +93,7 @@
     handle = psa_connect(TFM_ATTEST_GET_PUBLIC_KEY_SID,
                          TFM_ATTEST_GET_PUBLIC_KEY_VERSION);
     if (!PSA_HANDLE_IS_VALID(handle)) {
-        return PSA_ATTEST_ERR_GENERAL;
+        return PSA_HANDLE_TO_ERROR(handle);
     }
 
     status = psa_call(handle, PSA_IPC_CALL,
@@ -109,5 +101,5 @@
                       out_vec, IOVEC_LEN(out_vec));
     psa_close(handle);
 
-    return (enum psa_attest_err_t)status;
+    return status;
 }
diff --git a/secure_fw/services/initial_attestation/attest_token.c b/secure_fw/services/initial_attestation/attest_token.c
index c6a4ecde..f3f8d70 100644
--- a/secure_fw/services/initial_attestation/attest_token.c
+++ b/secure_fw/services/initial_attestation/attest_token.c
@@ -16,6 +16,7 @@
 #include "q_useful_buf.h"
 #include "psa/crypto.h"
 #include "attestation_key.h"
+#include "attestation.h"
 
 
 /**
diff --git a/secure_fw/services/initial_attestation/attestation.h b/secure_fw/services/initial_attestation/attestation.h
index b892d7e..a381cf1 100644
--- a/secure_fw/services/initial_attestation/attestation.h
+++ b/secure_fw/services/initial_attestation/attestation.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  *
@@ -24,6 +24,33 @@
     TFM_ATTEST_ACCESS_RW = 2,
 };
 
+/**
+ * \enum psa_attest_err_t
+ *
+ * \brief Initial attestation service error types
+ *
+ */
+enum psa_attest_err_t {
+    /** Action was performed successfully */
+    PSA_ATTEST_ERR_SUCCESS = 0,
+    /** Boot status data is unavailable or malformed */
+    PSA_ATTEST_ERR_INIT_FAILED,
+    /** Buffer is too small to store required data */
+    PSA_ATTEST_ERR_BUFFER_OVERFLOW,
+    /** Some of the mandatory claims are unavailable*/
+    PSA_ATTEST_ERR_CLAIM_UNAVAILABLE,
+    /** Some parameter or combination of parameters are recognised as invalid:
+     * - challenge size is not allowed
+     * - challenge object is unavailable
+     * - token buffer is unavailable
+     */
+    PSA_ATTEST_ERR_INVALID_INPUT,
+    /** Unexpected error happened during operation */
+    PSA_ATTEST_ERR_GENERAL,
+    /** Following entry is only to ensure the error code of integer size */
+    PSA_ATTEST_ERR_FORCE_INT_SIZE = INT_MAX
+};
+
 /*!
  * \brief Copy the boot data (coming from boot loader) from shared memory area
  *        to service memory area
@@ -68,10 +95,10 @@
  * \brief Initialise the initial attestation service during the TF-M boot up
  *        process.
  *
- * \return Returns PSA_ATTEST_ERR_SUCCESS if init has been completed,
- *         otherwise error as specified in \ref psa_attest_err_t
+ * \return Returns PSA_SUCCESS if init has been completed,
+ *         otherwise error as specified in \ref psa_status_t
  */
-enum psa_attest_err_t attest_init(void);
+psa_status_t attest_init(void);
 
 /*!
  * \brief Get initial attestation token
@@ -83,9 +110,9 @@
  *                           to attestation service
  * \param[in]     num_outvec Number of elements in out_vec array
  *
- * \return Returns error code as specified in \ref psa_attest_err_t
+ * \return Returns error code as specified in \ref psa_status_t
  */
-enum psa_attest_err_t
+psa_status_t
 initial_attest_get_token(const psa_invec  *in_vec,  uint32_t num_invec,
                                psa_outvec *out_vec, uint32_t num_outvec);
 
@@ -99,9 +126,9 @@
  *                           where to store the output data
  * \param[in]     num_outvec Number of elements in out_vec array
  *
- * \return Returns error code as specified in \ref psa_attest_err_t
+ * \return Returns error code as specified in \ref psa_status_t
  */
-enum psa_attest_err_t
+psa_status_t
 initial_attest_get_token_size(const psa_invec  *in_vec,  uint32_t num_invec,
                                     psa_outvec *out_vec, uint32_t num_outvec);
 
@@ -115,9 +142,9 @@
  *                           where to store the output data
  * \param[in]     num_outvec Number of elements in out_vec array
  *
- * \return Returns error code as specified in \ref psa_attest_err_t
+ * \return Returns error code as specified in \ref psa_status_t
  */
-enum psa_attest_err_t
+psa_status_t
 initial_attest_get_public_key(const psa_invec  *in_vec,  uint32_t num_invec,
                                     psa_outvec *out_vec, uint32_t num_outvec);
 
diff --git a/secure_fw/services/initial_attestation/attestation_core.c b/secure_fw/services/initial_attestation/attestation_core.c
index 1d64d00..beb93a3 100644
--- a/secure_fw/services/initial_attestation/attestation_core.c
+++ b/secure_fw/services/initial_attestation/attestation_core.c
@@ -54,7 +54,42 @@
 __attribute__ ((aligned(4)))
 static struct attest_boot_data boot_data;
 
-enum psa_attest_err_t attest_init(void)
+/*!
+ * \brief Static function to map return values between \ref psa_attest_err_t
+ *        and \ref psa_status_t
+ *
+ * \param[in]  attest_err  Attestation error code
+ *
+ * \return Returns error code as specified in \ref psa_status_t
+ */
+static inline psa_status_t
+error_mapping_to_psa_status_t(enum psa_attest_err_t attest_err)
+{
+    switch (attest_err) {
+    case PSA_ATTEST_ERR_SUCCESS:
+        return PSA_SUCCESS;
+        break;
+    case PSA_ATTEST_ERR_INIT_FAILED:
+        return PSA_ERROR_SERVICE_FAILURE;
+        break;
+    case PSA_ATTEST_ERR_BUFFER_OVERFLOW:
+        return PSA_ERROR_BUFFER_TOO_SMALL;
+        break;
+    case PSA_ATTEST_ERR_CLAIM_UNAVAILABLE:
+        return PSA_ERROR_GENERIC_ERROR;
+        break;
+    case PSA_ATTEST_ERR_INVALID_INPUT:
+        return PSA_ERROR_INVALID_ARGUMENT;
+        break;
+    case PSA_ATTEST_ERR_GENERAL:
+        return PSA_ERROR_GENERIC_ERROR;
+        break;
+    default:
+        return PSA_ERROR_GENERIC_ERROR;
+    }
+}
+
+psa_status_t attest_init(void)
 {
     enum psa_attest_err_t res;
 
@@ -62,7 +97,7 @@
                                (struct tfm_boot_data *)&boot_data,
                                MAX_BOOT_STATUS);
 
-    return res;
+    return error_mapping_to_psa_status_t(res);
 }
 
 /*!
@@ -74,14 +109,14 @@
  * \return Returns error code as specified in \ref psa_attest_err_t
  */
 static inline enum psa_attest_err_t
-error_mapping(enum attest_token_err_t token_err)
+error_mapping_to_psa_attest_err_t(enum attest_token_err_t token_err)
 {
     switch (token_err) {
     case ATTEST_TOKEN_ERR_SUCCESS:
         return PSA_ATTEST_ERR_SUCCESS;
         break;
     case ATTEST_TOKEN_ERR_TOO_SMALL:
-        return PSA_ATTEST_ERR_TOKEN_BUFFER_OVERFLOW;
+        return PSA_ATTEST_ERR_BUFFER_OVERFLOW;
         break;
     default:
         return PSA_ATTEST_ERR_GENERAL;
@@ -956,7 +991,7 @@
                                    token);
 
     if (token_err != ATTEST_TOKEN_ERR_SUCCESS) {
-        attest_err = error_mapping(token_err);
+        attest_err = error_mapping_to_psa_attest_err_t(token_err);
         goto error;
     }
 
@@ -1022,7 +1057,7 @@
      */
     token_err = attest_token_finish(&attest_token_ctx, completed_token);
     if (token_err) {
-        attest_err = error_mapping(token_err);
+        attest_err = error_mapping_to_psa_attest_err_t(token_err);
         goto error;
     }
 
@@ -1043,7 +1078,7 @@
  *    token due to lack of psa_asymmetric_sign() implementation in crypto
  *    service.
  */
-enum psa_attest_err_t
+psa_status_t
 initial_attest_get_token(const psa_invec  *in_vec,  uint32_t num_invec,
                                psa_outvec *out_vec, uint32_t num_outvec)
 {
@@ -1090,11 +1125,11 @@
     out_vec[0].len  = completed_token.len;
 
 error:
-    return attest_err;
+    return error_mapping_to_psa_status_t(attest_err);
 }
 
 /* Initial implementation, just returns with hard coded value */
-enum psa_attest_err_t
+psa_status_t
 initial_attest_get_token_size(const psa_invec  *in_vec,  uint32_t num_invec,
                                     psa_outvec *out_vec, uint32_t num_outvec)
 {
@@ -1131,10 +1166,10 @@
     *token_buf_size = completed_token.len;
 
 error:
-    return attest_err;
+    return error_mapping_to_psa_status_t(attest_err);
 }
 
-enum psa_attest_err_t
+psa_status_t
 initial_attest_get_public_key(const psa_invec  *in_vec,  uint32_t num_invec,
                                     psa_outvec *out_vec, uint32_t num_outvec)
 {
@@ -1182,7 +1217,7 @@
     }
 
     if (key_buffer.len < key_len) {
-        attest_err = PSA_ATTEST_ERR_KEY_BUFFER_OVERFLOW;
+        attest_err = PSA_ATTEST_ERR_BUFFER_OVERFLOW;
         goto error;
     }
 
@@ -1193,5 +1228,5 @@
     *(size_t *)out_vec[2].base = key_len;
 
 error:
-    return attest_err;
+    return error_mapping_to_psa_status_t(attest_err);
 }
diff --git a/secure_fw/services/initial_attestation/attestation_key.c b/secure_fw/services/initial_attestation/attestation_key.c
index a5854fd..75e5d92 100644
--- a/secure_fw/services/initial_attestation/attestation_key.c
+++ b/secure_fw/services/initial_attestation/attestation_key.c
@@ -7,9 +7,9 @@
  */
 
 #include "attestation_key.h"
+#include "attestation.h"
 #include <stdint.h>
 #include <stddef.h>
-#include "psa/initial_attestation.h"
 #include "platform/include/tfm_plat_defs.h"
 #include "platform/include/tfm_plat_crypto_keys.h"
 #include "t_cose_standard_constants.h"
diff --git a/secure_fw/services/initial_attestation/tfm_attestation_req_mngr.c b/secure_fw/services/initial_attestation/tfm_attestation_req_mngr.c
index 6539dcb..0b1e93b 100644
--- a/secure_fw/services/initial_attestation/tfm_attestation_req_mngr.c
+++ b/secure_fw/services/initial_attestation/tfm_attestation_req_mngr.c
@@ -19,13 +19,13 @@
 #define ECC_P256_PUBLIC_KEY_SIZE PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(256)
 #define IOVEC_LEN(x) (sizeof(x)/sizeof(x[0]))
 
-typedef enum psa_attest_err_t (*attest_func_t)(const psa_msg_t *msg);
+typedef psa_status_t (*attest_func_t)(const psa_msg_t *msg);
 
 int32_t g_attest_caller_id;
 
-static enum psa_attest_err_t psa_attest_get_token(const psa_msg_t *msg)
+static psa_status_t psa_attest_get_token(const psa_msg_t *msg)
 {
-    enum psa_attest_err_t status = PSA_ATTEST_ERR_SUCCESS;
+    psa_status_t status = PSA_SUCCESS;
     uint8_t challenge_buff[PSA_INITIAL_ATTEST_CHALLENGE_SIZE_64];
     uint8_t token_buff[PSA_INITIAL_ATTEST_TOKEN_MAX_SIZE];
     uint32_t bytes_read = 0;
@@ -39,7 +39,7 @@
     };
 
     if (challenge_size > PSA_INITIAL_ATTEST_CHALLENGE_SIZE_64) {
-        return PSA_ATTEST_ERR_INVALID_INPUT;
+        return PSA_ERROR_INVALID_ARGUMENT;
     }
 
     /* store the client ID here for later use in service */
@@ -48,7 +48,7 @@
     bytes_read = psa_read(msg->handle, 0,
                           challenge_buff, challenge_size);
     if (bytes_read != challenge_size) {
-        return PSA_ATTEST_ERR_GENERAL;
+        return PSA_ERROR_GENERIC_ERROR;
     }
 
     token_size = (token_size < PSA_INITIAL_ATTEST_TOKEN_MAX_SIZE) ?
@@ -56,16 +56,16 @@
 
     status = initial_attest_get_token(in_vec, IOVEC_LEN(in_vec),
                                       out_vec, IOVEC_LEN(out_vec));
-    if (status == PSA_ATTEST_ERR_SUCCESS) {
+    if (status == PSA_SUCCESS) {
         psa_write(msg->handle, 0, out_vec[0].base, out_vec[0].len);
     }
 
     return status;
 }
 
-static enum psa_attest_err_t psa_attest_get_token_size(const psa_msg_t *msg)
+static psa_status_t psa_attest_get_token_size(const psa_msg_t *msg)
 {
-    enum psa_attest_err_t status = PSA_ATTEST_ERR_SUCCESS;
+    psa_status_t status = PSA_SUCCESS;
     uint32_t challenge_size;
     uint32_t token_size;
     uint32_t bytes_read = 0;
@@ -78,7 +78,7 @@
 
     if (msg->in_size[0] != sizeof(challenge_size)
         || msg->out_size[0] != sizeof(token_size)) {
-        return PSA_ATTEST_ERR_INVALID_INPUT;
+        return PSA_ERROR_INVALID_ARGUMENT;
     }
 
     /* store the client ID here for later use in service */
@@ -87,21 +87,21 @@
     bytes_read = psa_read(msg->handle, 0,
                           &challenge_size, msg->in_size[0]);
     if (bytes_read != msg->in_size[0]) {
-        return PSA_ATTEST_ERR_INVALID_INPUT;
+        return PSA_ERROR_INVALID_ARGUMENT;
     }
 
     status = initial_attest_get_token_size(in_vec, IOVEC_LEN(in_vec),
                                            out_vec, IOVEC_LEN(out_vec));
-    if (status == PSA_ATTEST_ERR_SUCCESS) {
+    if (status == PSA_SUCCESS) {
         psa_write(msg->handle, 0, out_vec[0].base, out_vec[0].len);
     }
 
     return status;
 }
 
-static enum psa_attest_err_t tfm_attest_get_public_key(const psa_msg_t *msg)
+static psa_status_t tfm_attest_get_public_key(const psa_msg_t *msg)
 {
-    enum psa_attest_err_t status = PSA_ATTEST_ERR_SUCCESS;
+    psa_status_t status = PSA_SUCCESS;
     uint8_t key_buf[ECC_P256_PUBLIC_KEY_SIZE];
     size_t key_len;
     psa_ecc_curve_t curve_type;
@@ -114,7 +114,7 @@
 
     if (msg->out_size[1] != out_vec[1].len ||
         msg->out_size[2] != out_vec[2].len) {
-        return PSA_ATTEST_ERR_INVALID_INPUT;
+        return PSA_ERROR_INVALID_ARGUMENT;
     }
 
     /* Store the client ID here for later use in service. */
@@ -124,10 +124,10 @@
                                            out_vec, IOVEC_LEN(out_vec));
 
     if (msg->out_size[0] < key_len) {
-        return PSA_ATTEST_ERR_KEY_BUFFER_OVERFLOW;
+        return PSA_ERROR_BUFFER_TOO_SMALL;
     }
 
-    if (status == PSA_ATTEST_ERR_SUCCESS) {
+    if (status == PSA_SUCCESS) {
         psa_write(msg->handle, 0, key_buf, key_len);
         psa_write(msg->handle, 1, &curve_type, out_vec[1].len);
         psa_write(msg->handle, 2, &key_len, out_vec[2].len);
@@ -169,16 +169,16 @@
 }
 #endif
 
-enum psa_attest_err_t attest_partition_init(void)
+psa_status_t attest_partition_init(void)
 {
-    enum psa_attest_err_t err = PSA_ATTEST_ERR_SUCCESS;
+    psa_status_t err = PSA_SUCCESS;
 #ifdef TFM_PSA_API
     psa_signal_t signals;
 #endif
 
     err = attest_init();
 #ifdef TFM_PSA_API
-    if (err != PSA_ATTEST_ERR_SUCCESS) {
+    if (err != PSA_SUCCESS) {
         tfm_abort();
     }
 
diff --git a/secure_fw/services/initial_attestation/tfm_attestation_secure_api.c b/secure_fw/services/initial_attestation/tfm_attestation_secure_api.c
index b134224..151c168 100644
--- a/secure_fw/services/initial_attestation/tfm_attestation_secure_api.c
+++ b/secure_fw/services/initial_attestation/tfm_attestation_secure_api.c
@@ -18,7 +18,7 @@
 #define IOVEC_LEN(x) (sizeof(x)/sizeof(x[0]))
 
 __attribute__((section("SFN")))
-enum psa_attest_err_t
+psa_status_t
 psa_initial_attest_get_token(const uint8_t *challenge_obj,
                              uint32_t       challenge_size,
                              uint8_t       *token,
@@ -36,18 +36,14 @@
     psa_handle_t handle = PSA_NULL_HANDLE;
     handle = psa_connect(TFM_ATTEST_GET_TOKEN_SID,
                          TFM_ATTEST_GET_TOKEN_VERSION);
-    if (handle <= 0) {
-        return PSA_ATTEST_ERR_GENERAL;
+    if (!PSA_HANDLE_IS_VALID(handle)) {
+        return PSA_HANDLE_TO_ERROR(handle);
     }
 
     status = psa_call(handle, PSA_IPC_CALL,
                       in_vec, IOVEC_LEN(in_vec),
                       out_vec, IOVEC_LEN(out_vec));
     psa_close(handle);
-
-    if (status < PSA_SUCCESS) {
-        return PSA_ATTEST_ERR_GENERAL;
-    }
 #else
     status = tfm_initial_attest_get_token_veneer(in_vec, IOVEC_LEN(in_vec),
                                                  out_vec, IOVEC_LEN(out_vec));
@@ -57,11 +53,11 @@
         *token_size = out_vec[0].len;
     }
 
-    return (enum psa_attest_err_t)status;
+    return status;
 }
 
 __attribute__((section("SFN")))
-enum psa_attest_err_t
+psa_status_t
 psa_initial_attest_get_token_size(uint32_t challenge_size,
                                   uint32_t *token_size)
 {
@@ -77,29 +73,25 @@
     psa_handle_t handle = PSA_NULL_HANDLE;
     handle = psa_connect(TFM_ATTEST_GET_TOKEN_SIZE_SID,
                          TFM_ATTEST_GET_TOKEN_SIZE_VERSION);
-    if (handle <= 0) {
-        return PSA_ATTEST_ERR_GENERAL;
+    if (!PSA_HANDLE_IS_VALID(handle)) {
+        return PSA_HANDLE_TO_ERROR(handle);
     }
 
     status = psa_call(handle, PSA_IPC_CALL,
                       in_vec, IOVEC_LEN(in_vec),
                       out_vec, IOVEC_LEN(out_vec));
     psa_close(handle);
-
-    if (status < PSA_SUCCESS) {
-        return PSA_ATTEST_ERR_GENERAL;
-    }
 #else
 
     status = tfm_initial_attest_get_token_size_veneer(in_vec, IOVEC_LEN(in_vec),
                                                    out_vec, IOVEC_LEN(out_vec));
 #endif
 
-    return (enum psa_attest_err_t)status;
+    return status;
 }
 
 __attribute__((section("SFN")))
-enum psa_attest_err_t
+psa_status_t
 tfm_initial_attest_get_public_key(uint8_t         *public_key,
                                   size_t           public_key_buf_size,
                                   size_t          *public_key_len,
@@ -119,7 +111,7 @@
     handle = psa_connect(TFM_ATTEST_GET_PUBLIC_KEY_SID,
                          TFM_ATTEST_GET_PUBLIC_KEY_VERSION);
     if (!PSA_HANDLE_IS_VALID(handle)) {
-        return PSA_ATTEST_ERR_GENERAL;
+        return PSA_HANDLE_TO_ERROR(handle);
     }
 
     status = psa_call(handle, PSA_IPC_CALL,
@@ -131,5 +123,5 @@
                                                 out_vec, IOVEC_LEN(out_vec));
 #endif
 
-    return (enum psa_attest_err_t)status;
+    return status;
 }
diff --git a/test/suites/attestation/attest_public_key.c b/test/suites/attestation/attest_public_key.c
index 5cb645f..f2ecc7e 100644
--- a/test/suites/attestation/attest_public_key.c
+++ b/test/suites/attestation/attest_public_key.c
@@ -1,15 +1,14 @@
 /*
- * Copyright (c) 2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  *
  */
 
 #include "attest_public_key.h"
-#include "psa/initial_attestation.h"
 #include "psa/crypto.h"
-#include "psa/crypto_types.h"
 #include <stdint.h>
+#include "attestation.h"
 
 /*!
  * \def ECC_CURVE_SECP256R1_PULBIC_KEY_LENGTH
diff --git a/test/suites/attestation/attest_token_decode.c b/test/suites/attestation/attest_token_decode.c
index ccd21dc..9bcf053 100644
--- a/test/suites/attestation/attest_token_decode.c
+++ b/test/suites/attestation/attest_token_decode.c
@@ -15,7 +15,7 @@
 #include "qcbor_util.h"
 #include "psa/crypto.h"
 #include "attest_public_key.h"
-
+#include "attestation.h"
 
 /**
  * \file attest_token_decode.c
diff --git a/test/suites/attestation/attest_token_test.c b/test/suites/attestation/attest_token_test.c
index a8caf9f..6b0efd5 100644
--- a/test/suites/attestation/attest_token_test.c
+++ b/test/suites/attestation/attest_token_test.c
@@ -14,6 +14,7 @@
 #include "psa/initial_attestation.h"
 #include "attest_token_decode.h"
 #include "attest_token_test_values.h"
+#include "psa/crypto.h"
 
 
 /**
@@ -45,7 +46,7 @@
  * \param[out] completed_token  Place to put pointer and length
  *                              of completed token.
  *
- * \return various errors. See \ref attest_token_err_t.
+ * \return various errors. See \ref psa_status_t.
  *
  */
 int token_main_alt(uint32_t option_flags,
@@ -53,7 +54,7 @@
                    struct q_useful_buf buffer,
                    struct q_useful_buf_c *completed_token)
 {
-    int                          return_value;
+    psa_status_t                 return_value;
     uint32_t                     completed_token_len;
     struct q_useful_buf_c        actual_nonce;
     Q_USEFUL_BUF_MAKE_STACK_UB(  actual_nonce_storage, 64);
@@ -77,7 +78,11 @@
 
     *completed_token = (struct q_useful_buf_c){buffer.ptr, completed_token_len};
 
-    return return_value;
+    if (return_value != PSA_SUCCESS) {
+        return (int)return_value;
+    }
+
+    return 0;
 }
 
 #ifdef INCLUDE_TEST_CODE /* Remove them from release build */
diff --git a/test/suites/attestation/non_secure/attestation_ns_interface_testsuite.c b/test/suites/attestation/non_secure/attestation_ns_interface_testsuite.c
index fae87ac..cf3b28b 100644
--- a/test/suites/attestation/non_secure/attestation_ns_interface_testsuite.c
+++ b/test/suites/attestation/non_secure/attestation_ns_interface_testsuite.c
@@ -150,7 +150,7 @@
  */
 static void tfm_attest_test_2005(struct test_result_t *ret)
 {
-    enum psa_attest_err_t err;
+    psa_status_t err;
     uint32_t token_size = TEST_TOKEN_SIZE;
 
     /* Call with with bigger challenge object than allowed */
@@ -159,7 +159,7 @@
                                        token_buffer,
                                        &token_size);
 
-    if (err != PSA_ATTEST_ERR_INVALID_INPUT) {
+    if (err != PSA_ERROR_INVALID_ARGUMENT) {
         TEST_FAIL("Attestation should fail with too big challenge object");
         return;
     }
@@ -171,7 +171,7 @@
                                        token_buffer,
                                        &token_size);
 
-    if (err != PSA_ATTEST_ERR_TOKEN_BUFFER_OVERFLOW) {
+    if (err != PSA_ERROR_BUFFER_TOO_SMALL) {
         TEST_FAIL("Attestation should fail with too small token buffer");
         return;
     }
diff --git a/test/suites/attestation/secure/attestation_s_interface_testsuite.c b/test/suites/attestation/secure/attestation_s_interface_testsuite.c
index 9c911a3..7dec677 100644
--- a/test/suites/attestation/secure/attestation_s_interface_testsuite.c
+++ b/test/suites/attestation/secure/attestation_s_interface_testsuite.c
@@ -150,7 +150,7 @@
  */
 static void tfm_attest_test_1005(struct test_result_t *ret)
 {
-    enum psa_attest_err_t err;
+    psa_status_t err;
     uint32_t token_size = TEST_TOKEN_SIZE;
 
     /* Call with with bigger challenge object than allowed */
@@ -159,7 +159,7 @@
                                        token_buffer,
                                        &token_size);
 
-    if (err != PSA_ATTEST_ERR_INVALID_INPUT) {
+    if (err != PSA_ERROR_INVALID_ARGUMENT) {
         TEST_FAIL("Attestation should fail with too big challenge object");
         return;
     }
@@ -171,7 +171,7 @@
                                        token_buffer,
                                        &token_size);
 
-    if (err != PSA_ATTEST_ERR_TOKEN_BUFFER_OVERFLOW) {
+    if (err != PSA_ERROR_BUFFER_TOO_SMALL) {
         TEST_FAIL("Attestation should fail with too small token buffer");
         return;
     }