PS: Implement Protected Storage services with static handle
Change Protected Storage services to one stateless service.
Change-Id: Ie4d4cb136b2f8ad9f7333c099c93c1c3eae8e8c1
Signed-off-by: Shawn Shan <Shawn.Shan@arm.com>
diff --git a/interface/include/tfm_ps_defs.h b/interface/include/tfm_ps_defs.h
index 5dcf2f1..aac2316 100644
--- a/interface/include/tfm_ps_defs.h
+++ b/interface/include/tfm_ps_defs.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2017-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -15,6 +15,13 @@
/* Invalid UID */
#define TFM_PS_INVALID_UID 0
+/* PS message types that distinguish PS services. */
+#define TFM_PS_SET 1001
+#define TFM_PS_GET 1002
+#define TFM_PS_GET_INFO 1003
+#define TFM_PS_REMOVE 1004
+#define TFM_PS_GET_SUPPORT 1005
+
#ifdef __cplusplus
}
#endif
diff --git a/interface/src/tfm_ps_ipc_api.c b/interface/src/tfm_ps_ipc_api.c
index 106917e..c74c425 100644
--- a/interface/src/tfm_ps_ipc_api.c
+++ b/interface/src/tfm_ps_ipc_api.c
@@ -9,6 +9,7 @@
#include "psa/protected_storage.h"
#include "psa_manifest/sid.h"
#include "tfm_ns_interface.h"
+#include "tfm_ps_defs.h"
psa_status_t psa_ps_set(psa_storage_uid_t uid,
size_t data_length,
@@ -16,7 +17,6 @@
psa_storage_create_flags_t create_flags)
{
psa_status_t status;
- psa_handle_t handle;
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) },
@@ -24,15 +24,8 @@
{ .base = &create_flags, .len = sizeof(create_flags) }
};
- handle = psa_connect(TFM_PS_SET_SID, TFM_PS_SET_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_ERROR_GENERIC_ERROR;
- }
-
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec),
- NULL, 0);
-
- psa_close(handle);
+ status = psa_call(TFM_PROTECTED_STORAGE_SERVICE_HANDLE, TFM_PS_SET, in_vec,
+ IOVEC_LEN(in_vec), NULL, 0);
return status;
}
@@ -44,7 +37,6 @@
size_t *p_data_length)
{
psa_status_t status;
- psa_handle_t handle;
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) },
@@ -59,15 +51,8 @@
return PSA_ERROR_INVALID_ARGUMENT;
}
- handle = psa_connect(TFM_PS_GET_SID, TFM_PS_GET_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_ERROR_GENERIC_ERROR;
- }
-
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
- IOVEC_LEN(out_vec));
-
- psa_close(handle);
+ status = psa_call(TFM_PROTECTED_STORAGE_SERVICE_HANDLE, TFM_PS_GET, in_vec,
+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
*p_data_length = out_vec[0].len;
@@ -78,7 +63,6 @@
struct psa_storage_info_t *p_info)
{
psa_status_t status;
- psa_handle_t handle;
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) }
@@ -88,15 +72,8 @@
{ .base = p_info, .len = sizeof(*p_info) }
};
- handle = psa_connect(TFM_PS_GET_INFO_SID, TFM_PS_GET_INFO_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_ERROR_GENERIC_ERROR;
- }
-
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
- IOVEC_LEN(out_vec));
-
- psa_close(handle);
+ status = psa_call(TFM_PROTECTED_STORAGE_SERVICE_HANDLE, TFM_PS_GET_INFO,
+ in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
return status;
}
@@ -104,22 +81,13 @@
psa_status_t psa_ps_remove(psa_storage_uid_t uid)
{
psa_status_t status;
- psa_handle_t handle;
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) }
};
-
- handle = psa_connect(TFM_PS_REMOVE_SID, TFM_PS_REMOVE_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_ERROR_GENERIC_ERROR;
- }
-
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec),
- NULL, 0);
-
- psa_close(handle);
+ status = psa_call(TFM_PROTECTED_STORAGE_SERVICE_HANDLE, TFM_PS_REMOVE,
+ in_vec, IOVEC_LEN(in_vec), NULL, 0);
return status;
}
@@ -151,7 +119,6 @@
* uninitialised value in case the secure function fails.
*/
uint32_t support_flags = 0;
- psa_handle_t handle;
psa_outvec out_vec[] = {
{ .base = &support_flags, .len = sizeof(support_flags) }
@@ -160,14 +127,8 @@
/* The PSA API does not return an error, so any error from TF-M is
* ignored.
*/
- handle = psa_connect(TFM_PS_GET_SUPPORT_SID, TFM_PS_GET_SUPPORT_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return support_flags;
- }
-
- (void)psa_call(handle, PSA_IPC_CALL, NULL, 0, out_vec, IOVEC_LEN(out_vec));
-
- psa_close(handle);
+ (void)psa_call(TFM_PROTECTED_STORAGE_SERVICE_HANDLE, TFM_PS_GET_SUPPORT,
+ NULL, 0, out_vec, IOVEC_LEN(out_vec));
return support_flags;
}
diff --git a/secure_fw/partitions/protected_storage/tfm_protected_storage.yaml b/secure_fw/partitions/protected_storage/tfm_protected_storage.yaml
index 5c4e084..1444944 100644
--- a/secure_fw/partitions/protected_storage/tfm_protected_storage.yaml
+++ b/secure_fw/partitions/protected_storage/tfm_protected_storage.yaml
@@ -1,15 +1,16 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+# Copyright (c) 2018-2021, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
#-------------------------------------------------------------------------------
{
- "psa_framework_version": 1.0,
+ "psa_framework_version": 1.1,
"name": "TFM_SP_PS",
"type": "APPLICATION-ROT",
"priority": "NORMAL",
+ "model": "IPC",
"entry_point": "tfm_ps_req_mngr_init",
"stack_size": "0x800",
"secure_functions": [
@@ -49,41 +50,16 @@
"version_policy": "STRICT"
}
],
- "services" : [{
- "name": "TFM_PS_SET",
- "sid": "0x00000060",
- "non_secure_clients": true,
- "version": 1,
- "version_policy": "STRICT"
- },
- {
- "name": "TFM_PS_GET",
- "sid": "0x00000061",
- "non_secure_clients": true,
- "version": 1,
- "version_policy": "STRICT"
- },
- {
- "name": "TFM_PS_GET_INFO",
- "sid": "0x00000062",
- "non_secure_clients": true,
- "version": 1,
- "version_policy": "STRICT"
- },
- {
- "name": "TFM_PS_REMOVE",
- "sid": "0x00000063",
- "non_secure_clients": true,
- "version": 1,
- "version_policy": "STRICT"
- },
- {
- "name": "TFM_PS_GET_SUPPORT",
- "sid": "0x00000064",
- "non_secure_clients": true,
- "version": 1,
- "version_policy": "STRICT"
- }
+ "services" : [
+ {
+ "name": "TFM_PROTECTED_STORAGE_SERVICE",
+ "sid": "0x00000060",
+ "non_secure_clients": true,
+ "connection_based": false,
+ "stateless_handle": 2,
+ "version": 1,
+ "version_policy": "STRICT"
+ }
],
"dependencies": [
"TFM_CRYPTO",
diff --git a/secure_fw/partitions/protected_storage/tfm_ps_req_mngr.c b/secure_fw/partitions/protected_storage/tfm_ps_req_mngr.c
index 5cca280..f5b2031 100644
--- a/secure_fw/partitions/protected_storage/tfm_ps_req_mngr.c
+++ b/secure_fw/partitions/protected_storage/tfm_ps_req_mngr.c
@@ -17,6 +17,7 @@
#ifdef TFM_PSA_API
#include "psa/service.h"
#include "psa_manifest/tfm_protected_storage.h"
+#include "tfm_ps_defs.h"
#endif
#ifndef TFM_PSA_API
@@ -359,21 +360,31 @@
return PSA_SUCCESS;
}
-static void ps_signal_handle(psa_signal_t signal, ps_func_t pfn)
+static void ps_signal_handle(psa_signal_t signal)
{
psa_status_t status;
status = psa_get(signal, &msg);
switch (msg.type) {
- case PSA_IPC_CONNECT:
- psa_reply(msg.handle, PSA_SUCCESS);
- break;
- case PSA_IPC_CALL:
- status = pfn();
+ case TFM_PS_SET:
+ status = tfm_ps_set_ipc();
psa_reply(msg.handle, status);
break;
- case PSA_IPC_DISCONNECT:
- psa_reply(msg.handle, PSA_SUCCESS);
+ case TFM_PS_GET:
+ status = tfm_ps_get_ipc();
+ psa_reply(msg.handle, status);
+ break;
+ case TFM_PS_GET_INFO:
+ status = tfm_ps_get_info_ipc();
+ psa_reply(msg.handle, status);
+ break;
+ case TFM_PS_REMOVE:
+ status = tfm_ps_remove_ipc();
+ psa_reply(msg.handle, status);
+ break;
+ case TFM_PS_GET_SUPPORT:
+ status = tfm_ps_get_support_ipc();
+ psa_reply(msg.handle, status);
break;
default:
psa_panic();
@@ -392,17 +403,8 @@
while (1) {
signals = psa_wait(PSA_WAIT_ANY, PSA_BLOCK);
- if (signals & TFM_PS_SET_SIGNAL) {
- ps_signal_handle(TFM_PS_SET_SIGNAL, tfm_ps_set_ipc);
- } else if (signals & TFM_PS_GET_SIGNAL) {
- ps_signal_handle(TFM_PS_GET_SIGNAL, tfm_ps_get_ipc);
- } else if (signals & TFM_PS_GET_INFO_SIGNAL) {
- ps_signal_handle(TFM_PS_GET_INFO_SIGNAL, tfm_ps_get_info_ipc);
- } else if (signals & TFM_PS_REMOVE_SIGNAL) {
- ps_signal_handle(TFM_PS_REMOVE_SIGNAL, tfm_ps_remove_ipc);
- } else if (signals & TFM_PS_GET_SUPPORT_SIGNAL) {
- ps_signal_handle(TFM_PS_GET_SUPPORT_SIGNAL,
- tfm_ps_get_support_ipc);
+ if (signals & TFM_PROTECTED_STORAGE_SERVICE_SIGNAL) {
+ ps_signal_handle(TFM_PROTECTED_STORAGE_SERVICE_SIGNAL);
} else {
psa_panic();
}
diff --git a/secure_fw/partitions/protected_storage/tfm_ps_secure_api.c b/secure_fw/partitions/protected_storage/tfm_ps_secure_api.c
index 0f69022..bf573f5 100644
--- a/secure_fw/partitions/protected_storage/tfm_ps_secure_api.c
+++ b/secure_fw/partitions/protected_storage/tfm_ps_secure_api.c
@@ -10,6 +10,7 @@
#ifdef TFM_PSA_API
#include "psa/client.h"
#include "psa_manifest/sid.h"
+#include "tfm_ps_defs.h"
#else
#include "tfm_veneers.h"
#endif
@@ -20,9 +21,6 @@
psa_storage_create_flags_t create_flags)
{
psa_status_t status;
-#ifdef TFM_PSA_API
- psa_handle_t handle;
-#endif
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) },
@@ -31,15 +29,8 @@
};
#ifdef TFM_PSA_API
- handle = psa_connect(TFM_PS_SET_SID, TFM_PS_SET_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_ERROR_GENERIC_ERROR;
- }
-
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec),
- NULL, 0);
-
- psa_close(handle);
+ status = psa_call(TFM_PROTECTED_STORAGE_SERVICE_HANDLE, TFM_PS_SET, in_vec,
+ IOVEC_LEN(in_vec), NULL, 0);
#else
status = tfm_ps_set_req_veneer(in_vec, IOVEC_LEN(in_vec), NULL, 0);
@@ -63,9 +54,6 @@
size_t *p_data_length)
{
psa_status_t status;
-#ifdef TFM_PSA_API
- psa_handle_t handle;
-#endif
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) },
@@ -80,15 +68,8 @@
return PSA_ERROR_INVALID_ARGUMENT;
}
#ifdef TFM_PSA_API
- handle = psa_connect(TFM_PS_GET_SID, TFM_PS_GET_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_ERROR_GENERIC_ERROR;
- }
-
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
- IOVEC_LEN(out_vec));
-
- psa_close(handle);
+ status = psa_call(TFM_PROTECTED_STORAGE_SERVICE_HANDLE, TFM_PS_GET, in_vec,
+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
#else
status = tfm_ps_get_req_veneer(in_vec, IOVEC_LEN(in_vec),
@@ -111,9 +92,6 @@
struct psa_storage_info_t *p_info)
{
psa_status_t status;
-#ifdef TFM_PSA_API
- psa_handle_t handle;
-#endif
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) }
@@ -124,15 +102,8 @@
};
#ifdef TFM_PSA_API
- handle = psa_connect(TFM_PS_GET_INFO_SID, TFM_PS_GET_INFO_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_ERROR_GENERIC_ERROR;
- }
-
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
- IOVEC_LEN(out_vec));
-
- psa_close(handle);
+ status = psa_call(TFM_PROTECTED_STORAGE_SERVICE_HANDLE, TFM_PS_GET_INFO,
+ in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
#else
status = tfm_ps_get_info_req_veneer(in_vec, IOVEC_LEN(in_vec),
@@ -148,24 +119,14 @@
psa_status_t psa_ps_remove(psa_storage_uid_t uid)
{
psa_status_t status;
-#ifdef TFM_PSA_API
- psa_handle_t handle;
-#endif
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) }
};
#ifdef TFM_PSA_API
- handle = psa_connect(TFM_PS_REMOVE_SID, TFM_PS_REMOVE_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_ERROR_GENERIC_ERROR;
- }
-
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec),
- NULL, 0);
-
- psa_close(handle);
+ status = psa_call(TFM_PROTECTED_STORAGE_SERVICE_HANDLE, TFM_PS_REMOVE,
+ in_vec, IOVEC_LEN(in_vec), NULL, 0);
#else
status = tfm_ps_remove_req_veneer(in_vec, IOVEC_LEN(in_vec), NULL, 0);
@@ -204,9 +165,6 @@
* uninitialised value in case the secure function fails.
*/
uint32_t support_flags = 0;
-#ifdef TFM_PSA_API
- psa_handle_t handle;
-#endif
psa_outvec out_vec[] = {
{ .base = &support_flags, .len = sizeof(support_flags) }
@@ -216,14 +174,8 @@
* ignored.
*/
#ifdef TFM_PSA_API
- handle = psa_connect(TFM_PS_GET_SUPPORT_SID, TFM_PS_GET_SUPPORT_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return support_flags;
- }
-
- (void)psa_call(handle, PSA_IPC_CALL, NULL, 0, out_vec, IOVEC_LEN(out_vec));
-
- psa_close(handle);
+ (void)psa_call(TFM_PROTECTED_STORAGE_SERVICE_HANDLE, TFM_PS_GET_SUPPORT,
+ NULL, 0, out_vec, IOVEC_LEN(out_vec));
#else
(void)tfm_ps_get_support_req_veneer(NULL, 0, out_vec, IOVEC_LEN(out_vec));
#endif