Core: Only allow PRoT services to make reset request
Only allow reset requests that are coming from a PSA Root of Trust
secure service.
Also make test service, that is making an SPM requests to be PRoT
Change-Id: Id89a619db4e59f7460600351081a231dab3a366e
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
diff --git a/platform/ext/common/armclang/tfm_common_s.sct b/platform/ext/common/armclang/tfm_common_s.sct
index 4896800..9d8a4ca 100644
--- a/platform/ext/common/armclang/tfm_common_s.sct
+++ b/platform/ext/common/armclang/tfm_common_s.sct
@@ -78,6 +78,13 @@
*(TFM_SP_INITIAL_ATTESTATION_ATTR_FN)
}
+#ifdef TFM_PARTITION_TEST_CORE
+ TFM_SP_CORE_TEST +0 ALIGN 32 {
+ *tfm_ss_core_test.* (+RO)
+ *(TFM_SP_CORE_TEST_ATTR_FN)
+ }
+#endif /* TFM_PARTITION_TEST_CORE */
+
#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
TFM_SP_SECURE_TEST_PARTITION +0 ALIGN 32 {
*tfm_secure_client_service.* (+RO)
@@ -116,13 +123,6 @@
}
#ifdef TFM_PARTITION_TEST_CORE
- TFM_SP_CORE_TEST +0 ALIGN 32 {
- *tfm_ss_core_test.* (+RO)
- *(TFM_SP_CORE_TEST_ATTR_FN)
- }
-#endif /* TFM_PARTITION_TEST_CORE */
-
-#ifdef TFM_PARTITION_TEST_CORE
TFM_SP_CORE_TEST_2 +0 ALIGN 32 {
*tfm_ss_core_test_2.* (+RO)
*(TFM_SP_CORE_TEST_2_ATTR_FN)
@@ -252,6 +252,19 @@
}
#endif
+#ifdef TFM_PARTITION_TEST_CORE
+ TFM_SP_CORE_TEST_DATA +0 ALIGN 32 {
+ *tfm_ss_core_test.* (+RW +ZI)
+ *(TFM_SP_CORE_TEST_ATTR_RW)
+ *(TFM_SP_CORE_TEST_ATTR_ZI)
+ }
+
+#if defined (TFM_PSA_API)
+ TFM_SP_CORE_TEST_STACK +0 ALIGN 128 EMPTY 0x0300 {
+ }
+#endif
+#endif /* TFM_PARTITION_TEST_CORE */
+
#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
TFM_SP_SECURE_TEST_PARTITION_DATA +0 ALIGN 32 {
*tfm_secure_client_service.* (+RW +ZI)
@@ -302,19 +315,6 @@
}
#ifdef TFM_PARTITION_TEST_CORE
- TFM_SP_CORE_TEST_DATA +0 ALIGN 32 {
- *tfm_ss_core_test.* (+RW +ZI)
- *(TFM_SP_CORE_TEST_ATTR_RW)
- *(TFM_SP_CORE_TEST_ATTR_ZI)
- }
-
-#if defined (TFM_PSA_API)
- TFM_SP_CORE_TEST_STACK +0 ALIGN 128 EMPTY 0x0300 {
- }
-#endif
-#endif /* TFM_PARTITION_TEST_CORE */
-
-#ifdef TFM_PARTITION_TEST_CORE
TFM_SP_CORE_TEST_2_DATA +0 ALIGN 32 {
*tfm_ss_core_test_2.* (+RW +ZI)
*(TFM_SP_CORE_TEST_2_ATTR_RW)
diff --git a/platform/ext/common/gcc/tfm_common_s.ld b/platform/ext/common/gcc/tfm_common_s.ld
index cd587ec..fb20a5d 100644
--- a/platform/ext/common/gcc/tfm_common_s.ld
+++ b/platform/ext/common/gcc/tfm_common_s.ld
@@ -303,6 +303,20 @@
Image$$TFM_SP_INITIAL_ATTESTATION$$Base = ADDR(.TFM_SP_INITIAL_ATTESTATION);
Image$$TFM_SP_INITIAL_ATTESTATION$$Limit = ADDR(.TFM_SP_INITIAL_ATTESTATION) + SIZEOF(.TFM_SP_INITIAL_ATTESTATION);
+#ifdef TFM_PARTITION_TEST_CORE
+ .TFM_SP_CORE_TEST : ALIGN(32)
+ {
+ *tfm_ss_core_test.*(.text*)
+ *tfm_ss_core_test.*(.rodata*)
+ *(TFM_SP_CORE_TEST_ATTR_FN)
+ . = ALIGN(32);
+ } > FLASH
+ Image$$TFM_SP_CORE_TEST$$RO$$Base = ADDR(.TFM_SP_CORE_TEST);
+ Image$$TFM_SP_CORE_TEST$$RO$$Limit = ADDR(.TFM_SP_CORE_TEST) + SIZEOF(.TFM_SP_CORE_TEST);
+ Image$$TFM_SP_CORE_TEST$$Base = ADDR(.TFM_SP_CORE_TEST);
+ Image$$TFM_SP_CORE_TEST$$Limit = ADDR(.TFM_SP_CORE_TEST) + SIZEOF(.TFM_SP_CORE_TEST);
+#endif /* TFM_PARTITION_TEST_CORE */
+
#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
.TFM_SP_SECURE_TEST_PARTITION : ALIGN(32)
{
@@ -354,20 +368,6 @@
Image$$TFM_APP_CODE_START$$Base = .;
#ifdef TFM_PARTITION_TEST_CORE
- .TFM_SP_CORE_TEST : ALIGN(32)
- {
- *tfm_ss_core_test.*(.text*)
- *tfm_ss_core_test.*(.rodata*)
- *(TFM_SP_CORE_TEST_ATTR_FN)
- . = ALIGN(32);
- } > FLASH
- Image$$TFM_SP_CORE_TEST$$RO$$Base = ADDR(.TFM_SP_CORE_TEST);
- Image$$TFM_SP_CORE_TEST$$RO$$Limit = ADDR(.TFM_SP_CORE_TEST) + SIZEOF(.TFM_SP_CORE_TEST);
- Image$$TFM_SP_CORE_TEST$$Base = ADDR(.TFM_SP_CORE_TEST);
- Image$$TFM_SP_CORE_TEST$$Limit = ADDR(.TFM_SP_CORE_TEST) + SIZEOF(.TFM_SP_CORE_TEST);
-#endif /* TFM_PARTITION_TEST_CORE */
-
-#ifdef TFM_PARTITION_TEST_CORE
.TFM_SP_CORE_TEST_2 : ALIGN(32)
{
*tfm_ss_core_test_2.*(.text*)
@@ -682,6 +682,39 @@
#endif
+#ifdef TFM_PARTITION_TEST_CORE
+ .TFM_SP_CORE_TEST_DATA : ALIGN(32)
+ {
+ *tfm_ss_core_test.*(.data*)
+ *(TFM_SP_CORE_TEST_ATTR_RW)
+ . = ALIGN(32);
+ } > RAM AT> FLASH
+ Image$$TFM_SP_CORE_TEST_DATA$$RW$$Base = ADDR(.TFM_SP_CORE_TEST_DATA);
+ Image$$TFM_SP_CORE_TEST_DATA$$RW$$Limit = ADDR(.TFM_SP_CORE_TEST_DATA) + SIZEOF(.TFM_SP_CORE_TEST_DATA);
+
+ .TFM_SP_CORE_TEST_BSS : ALIGN(32)
+ {
+ start_of_TFM_SP_CORE_TEST = .;
+ *tfm_ss_core_test.*(.bss*)
+ *tfm_ss_core_test.*(COMMON)
+ *(TFM_SP_CORE_TEST_ATTR_ZI)
+ . += (. - start_of_TFM_SP_CORE_TEST) ? 0 : 4;
+ . = ALIGN(32);
+ } > RAM AT> RAM
+ Image$$TFM_SP_CORE_TEST_DATA$$ZI$$Base = ADDR(.TFM_SP_CORE_TEST_BSS);
+ Image$$TFM_SP_CORE_TEST_DATA$$ZI$$Limit = ADDR(.TFM_SP_CORE_TEST_BSS) + SIZEOF(.TFM_SP_CORE_TEST_BSS);
+
+#if defined (TFM_PSA_API)
+ .TFM_SP_CORE_TEST_STACK : ALIGN(128)
+ {
+ . += 0x0300;
+ } > RAM
+ Image$$TFM_SP_CORE_TEST_STACK$$ZI$$Base = ADDR(.TFM_SP_CORE_TEST_STACK);
+ Image$$TFM_SP_CORE_TEST_STACK$$ZI$$Limit = ADDR(.TFM_SP_CORE_TEST_STACK) + SIZEOF(.TFM_SP_CORE_TEST_STACK);
+#endif
+
+#endif /* TFM_PARTITION_TEST_CORE */
+
#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
.TFM_SP_SECURE_TEST_PARTITION_DATA : ALIGN(32)
{
@@ -779,39 +812,6 @@
Image$$TFM_APP_RW_STACK_START$$Base = .;
#ifdef TFM_PARTITION_TEST_CORE
- .TFM_SP_CORE_TEST_DATA : ALIGN(32)
- {
- *tfm_ss_core_test.*(.data*)
- *(TFM_SP_CORE_TEST_ATTR_RW)
- . = ALIGN(32);
- } > RAM AT> FLASH
- Image$$TFM_SP_CORE_TEST_DATA$$RW$$Base = ADDR(.TFM_SP_CORE_TEST_DATA);
- Image$$TFM_SP_CORE_TEST_DATA$$RW$$Limit = ADDR(.TFM_SP_CORE_TEST_DATA) + SIZEOF(.TFM_SP_CORE_TEST_DATA);
-
- .TFM_SP_CORE_TEST_BSS : ALIGN(32)
- {
- start_of_TFM_SP_CORE_TEST = .;
- *tfm_ss_core_test.*(.bss*)
- *tfm_ss_core_test.*(COMMON)
- *(TFM_SP_CORE_TEST_ATTR_ZI)
- . += (. - start_of_TFM_SP_CORE_TEST) ? 0 : 4;
- . = ALIGN(32);
- } > RAM AT> RAM
- Image$$TFM_SP_CORE_TEST_DATA$$ZI$$Base = ADDR(.TFM_SP_CORE_TEST_BSS);
- Image$$TFM_SP_CORE_TEST_DATA$$ZI$$Limit = ADDR(.TFM_SP_CORE_TEST_BSS) + SIZEOF(.TFM_SP_CORE_TEST_BSS);
-
-#if defined (TFM_PSA_API)
- .TFM_SP_CORE_TEST_STACK : ALIGN(128)
- {
- . += 0x0300;
- } > RAM
- Image$$TFM_SP_CORE_TEST_STACK$$ZI$$Base = ADDR(.TFM_SP_CORE_TEST_STACK);
- Image$$TFM_SP_CORE_TEST_STACK$$ZI$$Limit = ADDR(.TFM_SP_CORE_TEST_STACK) + SIZEOF(.TFM_SP_CORE_TEST_STACK);
-#endif
-
-#endif /* TFM_PARTITION_TEST_CORE */
-
-#ifdef TFM_PARTITION_TEST_CORE
.TFM_SP_CORE_TEST_2_DATA : ALIGN(32)
{
*tfm_ss_core_test_2.*(.data*)
diff --git a/secure_fw/core/tfm_core.c b/secure_fw/core/tfm_core.c
index 92dc567..3ac6f97 100644
--- a/secure_fw/core/tfm_core.c
+++ b/secure_fw/core/tfm_core.c
@@ -24,6 +24,8 @@
#include "tfm_thread.h"
#include "tfm_wait.h"
#include "tfm_message_queue.h"
+#else
+#include "spm_api.h"
#endif
/*
@@ -189,14 +191,29 @@
return TFM_SUCCESS;
}
+#ifndef TFM_PSA_API
void tfm_core_spm_request_handler(const struct tfm_state_context_t *svc_ctx)
{
uint32_t *res_ptr = (uint32_t *)&svc_ctx->r0;
+ uint32_t running_partition_flags = 0;
+ uint32_t running_partition_idx;
- /* FixMe: check if caller partition is permitted to make an SPM request */
+ /* Check permissions on request type basis */
switch (svc_ctx->r0) {
case TFM_SPM_REQUEST_RESET_VOTE:
+ running_partition_idx =
+ tfm_spm_partition_get_running_partition_idx();
+ running_partition_flags = tfm_spm_partition_get_flags(
+ running_partition_idx);
+
+ /* Currently only PSA Root of Trust services are allowed to make Reset
+ * vote request
+ */
+ if ((running_partition_flags & SPM_PART_FLAG_PSA_ROT) == 0) {
+ *res_ptr = (uint32_t)TFM_ERROR_GENERIC;
+ }
+
/* FixMe: this is a placeholder for checks to be performed before
* allowing execution of reset
*/
@@ -206,6 +223,7 @@
*res_ptr = (uint32_t)TFM_ERROR_INVALID_PARAMETER;
}
}
+#endif /* TFM_PSA_API */
int main(void)
{
diff --git a/secure_fw/services/tfm_spm_db.inc b/secure_fw/services/tfm_spm_db.inc
index 14a4020..6d2bef6 100644
--- a/secure_fw/services/tfm_spm_db.inc
+++ b/secure_fw/services/tfm_spm_db.inc
@@ -467,7 +467,7 @@
{
.partition_id = TFM_SP_CORE_TEST_ID,
.partition_flags = SPM_PART_FLAG_IPC
- | SPM_PART_FLAG_APP_ROT
+ | SPM_PART_FLAG_PSA_ROT | SPM_PART_FLAG_APP_ROT
,
.partition_priority = TFM_PRIORITY(NORMAL),
.partition_init = core_test_init,
diff --git a/test/test_services/tfm_core_test/tfm_test_core.yaml b/test/test_services/tfm_core_test/tfm_test_core.yaml
index 2bed651..f481c11 100644
--- a/test/test_services/tfm_core_test/tfm_test_core.yaml
+++ b/test/test_services/tfm_core_test/tfm_test_core.yaml
@@ -7,7 +7,7 @@
{
"name": "TFM_SP_CORE_TEST",
- "type": "APPLICATION-ROT",
+ "type": "PSA-ROT",
"priority": "NORMAL",
"id": "0x00000002",
"entry_point": "core_test_init",