Core: create iovec-based veneers for secure functions
Define uniform API for all secure functions to enable
IO buffer sanitization when a secure function call is
made.
If secure function API is adopted for a given secure
function, it no longer needs to add a veneer, which
is instead auto-generated from the manifest file.
Change-Id: If3cdf579b0c39b5c1dff0721b3d563e06582825f
Signed-off-by: Miklos Balint <miklos.balint@arm.com>
diff --git a/interface/include/tfm_api.h b/interface/include/tfm_api.h
index fea137a..5194c2a 100644
--- a/interface/include/tfm_api.h
+++ b/interface/include/tfm_api.h
@@ -14,6 +14,8 @@
#include <stdint.h>
+#include "psa_client.h"
+
#define TFM_INVALID_CLIENT_ID 0
/**
diff --git a/interface/include/tfm_veneers.h b/interface/include/tfm_veneers.h
new file mode 100644
index 0000000..f771bb9
--- /dev/null
+++ b/interface/include/tfm_veneers.h
@@ -0,0 +1,89 @@
+/*
+ * Copyright (c) 2018, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+/*********** WARNING: This is an auto-generated file. Do not edit! ***********/
+
+#ifndef __TFM_VENEERS_H__
+#define __TFM_VENEERS_H__
+
+#include "tfm_api.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/******** TFM_SP_STORAGE ********/
+int32_t tfm_sst_am_create_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+int32_t tfm_sst_am_get_info_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+int32_t tfm_sst_am_get_attributes_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+int32_t tfm_sst_am_set_attributes_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+int32_t tfm_sst_am_read_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+int32_t tfm_sst_am_write_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+int32_t tfm_sst_am_delete_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+
+/******** TFM_SP_AUDIT_LOG ********/
+int32_t tfm_audit_core_retrieve_record_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+int32_t tfm_audit_core_add_record_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+int32_t tfm_audit_core_get_info_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+int32_t tfm_audit_core_get_record_info_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+int32_t tfm_audit_core_delete_record_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+
+/******** TFM_SP_CRYPTO ********/
+int32_t tfm_tfm_crypto_import_key_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+int32_t tfm_tfm_crypto_destroy_key_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+int32_t tfm_tfm_crypto_get_key_information_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+int32_t tfm_tfm_crypto_export_key_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+int32_t tfm_tfm_crypto_encrypt_set_iv_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+int32_t tfm_tfm_crypto_encrypt_setup_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+int32_t tfm_tfm_crypto_decrypt_setup_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+int32_t tfm_tfm_crypto_cipher_update_wrapper_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+int32_t tfm_tfm_crypto_cipher_abort_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+int32_t tfm_tfm_crypto_cipher_finish_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+int32_t tfm_tfm_crypto_hash_start_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+int32_t tfm_tfm_crypto_hash_update_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+int32_t tfm_tfm_crypto_hash_finish_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+int32_t tfm_tfm_crypto_hash_verify_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+int32_t tfm_tfm_crypto_hash_abort_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+
+/******** TFM_SP_PLATFORM ********/
+int32_t tfm_platform_sp_system_reset_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+
+/******** TFM_SP_INITIAL_ATTESTATION ********/
+int32_t tfm_initial_attest_get_token_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+
+#ifdef TFM_PARTITION_TEST_CORE
+/******** TFM_SP_CORE_TEST ********/
+int32_t tfm_spm_core_test_sfn_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+int32_t tfm_spm_core_test_sfn_init_success_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+int32_t tfm_spm_core_test_sfn_direct_recursion_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+#endif /* TFM_PARTITION_TEST_CORE */
+
+#ifdef TFM_PARTITION_TEST_CORE
+/******** TFM_SP_CORE_TEST_2 ********/
+int32_t tfm_spm_core_test_2_slave_service_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+int32_t tfm_spm_core_test_2_sfn_invert_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+int32_t tfm_spm_core_test_2_check_caller_client_id_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+#endif /* TFM_PARTITION_TEST_CORE */
+
+#ifdef TFM_PARTITION_TEST_SST
+/******** TFM_SP_SST_TEST_PARTITION ********/
+int32_t tfm_sst_test_service_sfn_setup_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+int32_t tfm_sst_test_service_sfn_dummy_encrypt_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+int32_t tfm_sst_test_service_sfn_dummy_decrypt_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+int32_t tfm_sst_test_service_sfn_clean_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+#endif /* TFM_PARTITION_TEST_SST */
+
+#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
+/******** TFM_SP_SECURE_TEST_PARTITION ********/
+int32_t tfm_tfm_secure_client_service_sfn_run_tests_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+#endif /* TFM_PARTITION_TEST_SECURE_SERVICES */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __TFM_VENEERS_H__ */
diff --git a/interface/include/tfm_veneers.h.template b/interface/include/tfm_veneers.h.template
new file mode 100644
index 0000000..c335e3a
--- /dev/null
+++ b/interface/include/tfm_veneers.h.template
@@ -0,0 +1,34 @@
+/*
+ * Copyright (c) 2018, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+@!GENERATOR_DONOTEDIT_WARNING!@
+
+#ifndef __TFM_VENEERS_H__
+#define __TFM_VENEERS_H__
+
+#include "tfm_api.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+@!GENERATOR_BLOCK_START!@
+@!GENERATOR_CONDITIONAL_START!@ @@attr.conditional@@
+#ifdef @@attr.conditional@@
+@!GENERATOR_CONDITIONAL_END!@
+/******** @@manifest.tfm_partition_name@@ ********/
+int32_t tfm_@@manifest.secure_functions.tfm_symbol@@_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+@!GENERATOR_CONDITIONAL_START!@ @@attr.conditional@@
+#endif /* @@attr.conditional@@ */
+@!GENERATOR_CONDITIONAL_END!@
+
+@!GENERATOR_BLOCK_END!@
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __TFM_VENEERS_H__ */
diff --git a/platform/ext/target/mps2/an519/partition/region_defs.h b/platform/ext/target/mps2/an519/partition/region_defs.h
index 081b848..50786f9 100644
--- a/platform/ext/target/mps2/an519/partition/region_defs.h
+++ b/platform/ext/target/mps2/an519/partition/region_defs.h
@@ -79,7 +79,11 @@
#define IMAGE_CODE_SIZE \
(FLASH_PARTITION_SIZE - BL2_HEADER_SIZE - BL2_TRAILER_SIZE)
-#define CMSE_VENEER_REGION_SIZE (0x000001C0)
+/* FIXME: veneer region size is increased temporarily while both legacy veneers
+ * and their iovec-based equivalents co-exist for secure partitions. To be
+ * adjusted as legacy veneers are eliminated
+ */
+#define CMSE_VENEER_REGION_SIZE (0x00000380)
/* Use SRAM1 memory to store Code data */
#define S_ROM_ALIAS_BASE (0x10000000)
@@ -141,4 +145,3 @@
#endif /* BL2 */
#endif /* __REGION_DEFS_H__ */
-
diff --git a/platform/ext/target/mps2/an521/partition/region_defs.h b/platform/ext/target/mps2/an521/partition/region_defs.h
index 4de8db1..149b101 100644
--- a/platform/ext/target/mps2/an521/partition/region_defs.h
+++ b/platform/ext/target/mps2/an521/partition/region_defs.h
@@ -79,7 +79,11 @@
#define IMAGE_CODE_SIZE \
(FLASH_PARTITION_SIZE - BL2_HEADER_SIZE - BL2_TRAILER_SIZE)
-#define CMSE_VENEER_REGION_SIZE (0x000001C0)
+/* FIXME: veneer region size is increased temporarily while both legacy veneers
+ * and their iovec-based equivalents co-exist for secure partitions. To be
+ * adjusted as legacy veneers are eliminated
+ */
+#define CMSE_VENEER_REGION_SIZE (0x00000380)
/* Use SRAM1 memory to store Code data */
#define S_ROM_ALIAS_BASE (0x10000000)
@@ -141,4 +145,3 @@
#endif /* BL2 */
#endif /* __REGION_DEFS_H__ */
-
diff --git a/platform/ext/target/musca_a/partition/region_defs.h b/platform/ext/target/musca_a/partition/region_defs.h
index d88e898..ff69ce8 100755
--- a/platform/ext/target/musca_a/partition/region_defs.h
+++ b/platform/ext/target/musca_a/partition/region_defs.h
@@ -60,7 +60,11 @@
#define IMAGE_CODE_SIZE \
(FLASH_PARTITION_SIZE - BL2_HEADER_SIZE - BL2_TRAILER_SIZE)
-#define CMSE_VENEER_REGION_SIZE (0x000001C0)
+/* FIXME: veneer region size is increased temporarily while both legacy veneers
+ * and their iovec-based equivalents co-exist for secure partitions. To be
+ * adjusted as legacy veneers are eliminated
+ */
+#define CMSE_VENEER_REGION_SIZE (0x00000380)
/*
* Since we enable/disable flash during s/ns code copy to code sram we cannot
diff --git a/platform/ext/target/musca_b1/partition/region_defs.h b/platform/ext/target/musca_b1/partition/region_defs.h
index f85be1b..9c739ed 100644
--- a/platform/ext/target/musca_b1/partition/region_defs.h
+++ b/platform/ext/target/musca_b1/partition/region_defs.h
@@ -80,7 +80,11 @@
#define IMAGE_CODE_SIZE \
(FLASH_PARTITION_SIZE - BL2_HEADER_SIZE - BL2_TRAILER_SIZE)
-#define CMSE_VENEER_REGION_SIZE (0x000001C0)
+/* FIXME: veneer region size is increased temporarily while both legacy veneers
+ * and their iovec-based equivalents co-exist for secure partitions. To be
+ * adjusted as legacy veneers are eliminated
+ */
+#define CMSE_VENEER_REGION_SIZE (0x00000380)
/* Use QSPI Flash memory to store Code data */
#define S_ROM_ALIAS_BASE (0x10000000)
diff --git a/secure_fw/ns_callable/CMakeLists.inc b/secure_fw/ns_callable/CMakeLists.inc
index 8b883db..80561db 100644
--- a/secure_fw/ns_callable/CMakeLists.inc
+++ b/secure_fw/ns_callable/CMakeLists.inc
@@ -23,7 +23,8 @@
message(FATAL_ERROR "Please set TFM_ROOT_DIR before including this file.")
endif()
-set (SS_NS_CALLABLE_C_SRC "${CMAKE_CURRENT_LIST_DIR}/tfm_sst_veneers.c"
+set (SS_NS_CALLABLE_C_SRC "${CMAKE_CURRENT_LIST_DIR}/tfm_veneers.c"
+ "${CMAKE_CURRENT_LIST_DIR}/tfm_sst_veneers.c"
"${CMAKE_CURRENT_LIST_DIR}/tfm_audit_veneers.c"
"${CMAKE_CURRENT_LIST_DIR}/tfm_crypto_veneers.c"
"${CMAKE_CURRENT_LIST_DIR}/tfm_platform_veneers.c"
@@ -37,5 +38,3 @@
embedded_include_directories(PATH ${TFM_ROOT_DIR} ABSOLUTE)
embedded_include_directories(PATH ${TFM_ROOT_DIR}/interface/include ABSOLUTE)
embedded_include_directories(PATH ${TFM_ROOT_DIR}/secure_fw/spm ABSOLUTE)
-
-
diff --git a/secure_fw/ns_callable/tfm_veneers.c b/secure_fw/ns_callable/tfm_veneers.c
new file mode 100644
index 0000000..88d4789
--- /dev/null
+++ b/secure_fw/ns_callable/tfm_veneers.c
@@ -0,0 +1,158 @@
+/*
+ * Copyright (c) 2018, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+/*********** WARNING: This is an auto-generated file. Do not edit! ***********/
+
+#include "tfm_secure_api.h"
+#include "tfm_api.h"
+#include "secure_fw/spm/spm_partition_defs.h"
+
+/******** TFM_SP_STORAGE ********/
+int32_t sst_am_create(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t sst_am_get_info(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t sst_am_get_attributes(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t sst_am_set_attributes(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t sst_am_read(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t sst_am_write(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t sst_am_delete(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+
+/******** TFM_SP_AUDIT_LOG ********/
+int32_t audit_core_retrieve_record(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t audit_core_add_record(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t audit_core_get_info(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t audit_core_get_record_info(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t audit_core_delete_record(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+
+/******** TFM_SP_CRYPTO ********/
+int32_t tfm_crypto_import_key(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t tfm_crypto_destroy_key(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t tfm_crypto_get_key_information(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t tfm_crypto_export_key(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t tfm_crypto_encrypt_set_iv(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t tfm_crypto_encrypt_setup(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t tfm_crypto_decrypt_setup(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t tfm_crypto_cipher_update_wrapper(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t tfm_crypto_cipher_abort(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t tfm_crypto_cipher_finish(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t tfm_crypto_hash_start(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t tfm_crypto_hash_update(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t tfm_crypto_hash_finish(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t tfm_crypto_hash_verify(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t tfm_crypto_hash_abort(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+
+/******** TFM_SP_PLATFORM ********/
+int32_t platform_sp_system_reset(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+
+/******** TFM_SP_INITIAL_ATTESTATION ********/
+int32_t initial_attest_get_token(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+
+#ifdef TFM_PARTITION_TEST_CORE
+/******** TFM_SP_CORE_TEST ********/
+int32_t spm_core_test_sfn(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t spm_core_test_sfn_init_success(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t spm_core_test_sfn_direct_recursion(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+#endif /* TFM_PARTITION_TEST_CORE */
+
+#ifdef TFM_PARTITION_TEST_CORE
+/******** TFM_SP_CORE_TEST_2 ********/
+int32_t spm_core_test_2_slave_service(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t spm_core_test_2_sfn_invert(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t spm_core_test_2_check_caller_client_id(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+#endif /* TFM_PARTITION_TEST_CORE */
+
+#ifdef TFM_PARTITION_TEST_SST
+/******** TFM_SP_SST_TEST_PARTITION ********/
+int32_t sst_test_service_sfn_setup(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t sst_test_service_sfn_dummy_encrypt(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t sst_test_service_sfn_dummy_decrypt(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+int32_t sst_test_service_sfn_clean(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+#endif /* TFM_PARTITION_TEST_SST */
+
+#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
+/******** TFM_SP_SECURE_TEST_PARTITION ********/
+int32_t tfm_secure_client_service_sfn_run_tests(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+#endif /* TFM_PARTITION_TEST_SECURE_SERVICES */
+
+
+#define TFM_VENEER_FUNCTION(partition_name, sfn_name) \
+ __tfm_secure_gateway_attributes__ \
+ int32_t tfm_##sfn_name##_veneer(struct psa_invec *in_vec, \
+ size_t in_len, \
+ struct psa_outvec *out_vec, \
+ size_t out_len) \
+ { \
+ TFM_CORE_SFN_REQUEST(partition_name##_ID, \
+ sfn_name, \
+ in_vec, in_len, out_vec, out_len); \
+ }
+
+/******** TFM_SP_STORAGE ********/
+TFM_VENEER_FUNCTION(TFM_SP_STORAGE, sst_am_create)
+TFM_VENEER_FUNCTION(TFM_SP_STORAGE, sst_am_get_info)
+TFM_VENEER_FUNCTION(TFM_SP_STORAGE, sst_am_get_attributes)
+TFM_VENEER_FUNCTION(TFM_SP_STORAGE, sst_am_set_attributes)
+TFM_VENEER_FUNCTION(TFM_SP_STORAGE, sst_am_read)
+TFM_VENEER_FUNCTION(TFM_SP_STORAGE, sst_am_write)
+TFM_VENEER_FUNCTION(TFM_SP_STORAGE, sst_am_delete)
+
+/******** TFM_SP_AUDIT_LOG ********/
+TFM_VENEER_FUNCTION(TFM_SP_AUDIT_LOG, audit_core_retrieve_record)
+TFM_VENEER_FUNCTION(TFM_SP_AUDIT_LOG, audit_core_add_record)
+TFM_VENEER_FUNCTION(TFM_SP_AUDIT_LOG, audit_core_get_info)
+TFM_VENEER_FUNCTION(TFM_SP_AUDIT_LOG, audit_core_get_record_info)
+TFM_VENEER_FUNCTION(TFM_SP_AUDIT_LOG, audit_core_delete_record)
+
+/******** TFM_SP_CRYPTO ********/
+TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_import_key)
+TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_destroy_key)
+TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_get_key_information)
+TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_export_key)
+TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_encrypt_set_iv)
+TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_encrypt_setup)
+TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_decrypt_setup)
+TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_cipher_update_wrapper)
+TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_cipher_abort)
+TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_cipher_finish)
+TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_hash_start)
+TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_hash_update)
+TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_hash_finish)
+TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_hash_verify)
+TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_hash_abort)
+
+/******** TFM_SP_PLATFORM ********/
+TFM_VENEER_FUNCTION(TFM_SP_PLATFORM, platform_sp_system_reset)
+
+/******** TFM_SP_INITIAL_ATTESTATION ********/
+TFM_VENEER_FUNCTION(TFM_SP_INITIAL_ATTESTATION, initial_attest_get_token)
+
+#ifdef TFM_PARTITION_TEST_CORE
+/******** TFM_SP_CORE_TEST ********/
+TFM_VENEER_FUNCTION(TFM_SP_CORE_TEST, spm_core_test_sfn)
+TFM_VENEER_FUNCTION(TFM_SP_CORE_TEST, spm_core_test_sfn_init_success)
+TFM_VENEER_FUNCTION(TFM_SP_CORE_TEST, spm_core_test_sfn_direct_recursion)
+#endif /* TFM_PARTITION_TEST_CORE */
+
+#ifdef TFM_PARTITION_TEST_CORE
+/******** TFM_SP_CORE_TEST_2 ********/
+TFM_VENEER_FUNCTION(TFM_SP_CORE_TEST_2, spm_core_test_2_slave_service)
+TFM_VENEER_FUNCTION(TFM_SP_CORE_TEST_2, spm_core_test_2_sfn_invert)
+TFM_VENEER_FUNCTION(TFM_SP_CORE_TEST_2, spm_core_test_2_check_caller_client_id)
+#endif /* TFM_PARTITION_TEST_CORE */
+
+#ifdef TFM_PARTITION_TEST_SST
+/******** TFM_SP_SST_TEST_PARTITION ********/
+TFM_VENEER_FUNCTION(TFM_SP_SST_TEST_PARTITION, sst_test_service_sfn_setup)
+TFM_VENEER_FUNCTION(TFM_SP_SST_TEST_PARTITION, sst_test_service_sfn_dummy_encrypt)
+TFM_VENEER_FUNCTION(TFM_SP_SST_TEST_PARTITION, sst_test_service_sfn_dummy_decrypt)
+TFM_VENEER_FUNCTION(TFM_SP_SST_TEST_PARTITION, sst_test_service_sfn_clean)
+#endif /* TFM_PARTITION_TEST_SST */
+
+#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
+/******** TFM_SP_SECURE_TEST_PARTITION ********/
+TFM_VENEER_FUNCTION(TFM_SP_SECURE_TEST_PARTITION, tfm_secure_client_service_sfn_run_tests)
+#endif /* TFM_PARTITION_TEST_SECURE_SERVICES */
+
diff --git a/secure_fw/ns_callable/tfm_veneers.c.template b/secure_fw/ns_callable/tfm_veneers.c.template
new file mode 100644
index 0000000..1624747
--- /dev/null
+++ b/secure_fw/ns_callable/tfm_veneers.c.template
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2018, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+@!GENERATOR_DONOTEDIT_WARNING!@
+
+#include "tfm_secure_api.h"
+#include "tfm_api.h"
+#include "secure_fw/spm/spm_partition_defs.h"
+
+@!GENERATOR_BLOCK_START!@
+@!GENERATOR_CONDITIONAL_START!@ @@attr.conditional@@
+#ifdef @@attr.conditional@@
+@!GENERATOR_CONDITIONAL_END!@
+/******** @@manifest.tfm_partition_name@@ ********/
+int32_t @@manifest.secure_functions.tfm_symbol@@(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+@!GENERATOR_CONDITIONAL_START!@ @@attr.conditional@@
+#endif /* @@attr.conditional@@ */
+@!GENERATOR_CONDITIONAL_END!@
+
+@!GENERATOR_BLOCK_END!@
+
+#define TFM_VENEER_FUNCTION(partition_name, sfn_name) \
+ __tfm_secure_gateway_attributes__ \
+ int32_t tfm_##sfn_name##_veneer(struct psa_invec *in_vec, \
+ size_t in_len, \
+ struct psa_outvec *out_vec, \
+ size_t out_len) \
+ { \
+ TFM_CORE_SFN_REQUEST(partition_name##_ID, \
+ sfn_name, \
+ in_vec, in_len, out_vec, out_len); \
+ }
+
+@!GENERATOR_BLOCK_START!@
+@!GENERATOR_CONDITIONAL_START!@ @@attr.conditional@@
+#ifdef @@attr.conditional@@
+@!GENERATOR_CONDITIONAL_END!@
+/******** @@manifest.tfm_partition_name@@ ********/
+TFM_VENEER_FUNCTION(@@manifest.tfm_partition_name@@, @@manifest.secure_functions.tfm_symbol@@)
+@!GENERATOR_CONDITIONAL_START!@ @@attr.conditional@@
+#endif /* @@attr.conditional@@ */
+@!GENERATOR_CONDITIONAL_END!@
+
+@!GENERATOR_BLOCK_END!@
diff --git a/tools/tfm_generated_file_list.yaml b/tools/tfm_generated_file_list.yaml
index 8820696..2669953 100644
--- a/tools/tfm_generated_file_list.yaml
+++ b/tools/tfm_generated_file_list.yaml
@@ -45,6 +45,16 @@
"name": "MUSCA-B1 secure ld file",
"short_name": "musca_s.ld",
"output": "platform/ext/target/musca_b1/Device/Source/gcc/musca_s.ld"
+ },
+ {
+ "name": "Secure Veneers C file",
+ "short_name": "tfm_veneers_c",
+ "output": "secure_fw/ns_callable/tfm_veneers.c"
+ },
+ {
+ "name": "Secure Veneers H file",
+ "short_name": "tfm_veneers_h",
+ "output": "interface/include/tfm_veneers.h"
}
]
}