Platform: Implementation of isolation HAL API
Implementation of isolation HAL API for all platforms.
- tfm_hal_set_up_static_boundaries() is implemented in each
platform.
- tfm_hal_memory_has_access() is implemented in a common
source file except that nordic and psoc64 have their own
dedicated implementations.
Change-Id: I15bf2e8706a079097757273e25b78fa5087be74a
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
Co-authored-by: Mingyang Sun <mingyang.sun@arm.com>
diff --git a/secure_fw/spm/CMakeLists.txt b/secure_fw/spm/CMakeLists.txt
index 15661a8..e243f05 100755
--- a/secure_fw/spm/CMakeLists.txt
+++ b/secure_fw/spm/CMakeLists.txt
@@ -39,7 +39,7 @@
$<$<BOOL:${TFM_MULTI_CORE_TOPOLOGY}>:cmsis_psa/tfm_multi_core_mem_check.c>
$<$<BOOL:${TFM_MULTI_CORE_TOPOLOGY}>:cmsis_psa/tfm_rpc.c>
$<$<BOOL:${TFM_MULTI_CORE_TOPOLOGY}>:cmsis_psa/tfm_spe_mailbox.c>
- $<$<NOT:$<BOOL:${TFM_MULTI_CORE_TOPOLOGY}>>:common/tfm_core_mem_check.c>
+ $<$<NOT:$<BOOL:${TFM_PSA_API}>>:common/tfm_core_mem_check.c>
$<$<BOOL:${TFM_PSA_API}>:cmsis_psa/arch/tfm_arch.c>
$<$<BOOL:${TFM_PSA_API}>:cmsis_psa/main.c>
$<$<BOOL:${TFM_PSA_API}>:cmsis_psa/spm_ipc.c>
diff --git a/secure_fw/spm/cmsis_psa/main.c b/secure_fw/spm/cmsis_psa/main.c
index dcb13ec..40f3590 100644
--- a/secure_fw/spm/cmsis_psa/main.c
+++ b/secure_fw/spm/cmsis_psa/main.c
@@ -9,6 +9,7 @@
#include "region.h"
#include "spm_ipc.h"
#include "tfm_hal_platform.h"
+#include "tfm_hal_isolation.h"
#include "tfm_irq_list.h"
#include "tfm_nspm.h"
#include "tfm_spm_hal.h"
@@ -60,8 +61,8 @@
* Access to any peripheral should be performed after programming
* the necessary security components such as PPC/SAU.
*/
- plat_err = tfm_spm_hal_init_isolation_hw();
- if (plat_err != TFM_PLAT_ERR_SUCCESS) {
+ hal_status = tfm_hal_set_up_static_boundaries();
+ if (hal_status != TFM_HAL_SUCCESS) {
return TFM_ERROR_GENERIC;
}
@@ -133,12 +134,6 @@
tfm_core_panic();
}
-#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
- if (tfm_spm_hal_setup_isolation_hw() != TFM_PLAT_ERR_SUCCESS) {
- tfm_core_panic();
- }
-#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
-
/*
* Prioritise secure exceptions to avoid NS being able to pre-empt
* secure SVC or SecureFault. Do it before PSA API initialization.
diff --git a/secure_fw/spm/cmsis_psa/spm_ipc.c b/secure_fw/spm/cmsis_psa/spm_ipc.c
index deebf3d..ffec2f8 100644
--- a/secure_fw/spm/cmsis_psa/spm_ipc.c
+++ b/secure_fw/spm/cmsis_psa/spm_ipc.c
@@ -17,12 +17,13 @@
#include "tfm_api.h"
#include "tfm_secure_api.h"
#include "tfm_memory_utils.h"
+#include "tfm_hal_defs.h"
+#include "tfm_hal_isolation.h"
#include "spm_ipc.h"
#include "tfm_peripherals_def.h"
#include "tfm_core_utils.h"
#include "tfm_rpc.h"
#include "tfm_core_trustzone.h"
-#include "tfm_core_mem_check.h"
#include "tfm_list.h"
#include "tfm_pools.h"
#include "region.h"
@@ -595,7 +596,8 @@
enum tfm_memory_access_e access,
uint32_t privileged)
{
- enum tfm_status_e err;
+ enum tfm_hal_status_t err;
+ uint32_t attr = 0;
/* If len is zero, this indicates an empty buffer and base is ignored */
if (len == 0) {
@@ -611,13 +613,24 @@
}
if (access == TFM_MEMORY_ACCESS_RW) {
- err = tfm_core_has_write_access_to_region(buffer, len, ns_caller,
- privileged);
+ attr |= (TFM_HAL_ACCESS_READABLE | TFM_HAL_ACCESS_WRITABLE);
} else {
- err = tfm_core_has_read_access_to_region(buffer, len, ns_caller,
- privileged);
+ attr |= TFM_HAL_ACCESS_READABLE;
}
- if (err == TFM_SUCCESS) {
+
+ if (privileged == TFM_PARTITION_UNPRIVILEGED_MODE) {
+ attr |= TFM_HAL_ACCESS_UNPRIVILEGED;
+ } else {
+ attr &= ~TFM_HAL_ACCESS_UNPRIVILEGED;
+ }
+
+ if (ns_caller) {
+ attr |= TFM_HAL_ACCESS_NS;
+ }
+
+ err = tfm_hal_memory_has_access((uintptr_t)buffer, len, attr);
+
+ if (err == TFM_HAL_SUCCESS) {
return IPC_SUCCESS;
}
diff --git a/secure_fw/spm/cmsis_psa/tfm_multi_core.h b/secure_fw/spm/cmsis_psa/tfm_multi_core.h
index 2618804..0cf4ba2 100644
--- a/secure_fw/spm/cmsis_psa/tfm_multi_core.h
+++ b/secure_fw/spm/cmsis_psa/tfm_multi_core.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -77,4 +77,16 @@
void tfm_get_ns_mem_region_attr(const void *p, size_t s,
struct mem_attr_info_t *p_attr);
+/**
+ * \brief Check whether a memory access is allowed to access to a memory range
+ *
+ * \param[in] p The start address of the range to check
+ * \param[in] s The size of the range to check
+ * \param[in] attr The attributes indicating the access permissions.
+ *
+ * \return TFM_SUCCESS if the access is allowed,
+ * TFM_ERROR_GENERIC otherwise.
+ */
+int32_t tfm_has_access_to_region(const void *p, size_t s, uint32_t attr);
+
#endif /* __TFM_MULTI_CORE_H__ */
diff --git a/secure_fw/spm/cmsis_psa/tfm_multi_core_mem_check.c b/secure_fw/spm/cmsis_psa/tfm_multi_core_mem_check.c
index fd21e58..5842013 100644
--- a/secure_fw/spm/cmsis_psa/tfm_multi_core_mem_check.c
+++ b/secure_fw/spm/cmsis_psa/tfm_multi_core_mem_check.c
@@ -9,6 +9,7 @@
#include "tfm_spm_hal.h"
#include "region_defs.h"
#include "spm_ipc.h"
+#include "tfm_hal_isolation.h"
#include "tfm_multi_core.h"
#include "tfm_secure_api.h"
#include "utilities.h"
@@ -418,20 +419,11 @@
return secure_mem_attr_check(attr, flags);
}
-/**
- * \brief Check whether a memory access is allowed to access to a memory range
- *
- * \param[in] p The start address of the range to check
- * \param[in] s The size of the range to check
- * \param[in] flags The flags indicating the access permissions.
- *
- * \return TFM_SUCCESS if the access is allowed,
- * TFM_ERROR_GENERIC otherwise.
- */
-static int32_t has_access_to_region(const void *p, size_t s, uint8_t flags)
+int32_t tfm_has_access_to_region(const void *p, size_t s, uint32_t attr)
{
struct security_attr_info_t security_attr;
struct mem_attr_info_t mem_attr;
+ uint8_t flags = 0;
if (!p) {
return (int32_t)TFM_ERROR_GENERIC;
@@ -446,6 +438,22 @@
tfm_core_panic();
}
+ if (attr & TFM_HAL_ACCESS_UNPRIVILEGED) {
+ flags |= MEM_CHECK_MPU_UNPRIV;
+ }
+
+ if (attr & TFM_HAL_ACCESS_NS) {
+ flags |= MEM_CHECK_NONSECURE;
+ }
+
+ if ((attr & TFM_HAL_ACCESS_WRITABLE) && (attr & TFM_HAL_ACCESS_READABLE)) {
+ flags |= MEM_CHECK_MPU_READWRITE;
+ } else if (attr & TFM_HAL_ACCESS_READABLE) {
+ flags |= MEM_CHECK_MPU_READ;
+ } else {
+ return TFM_HAL_ERROR_INVALID_INPUT;
+ }
+
security_attr_init(&security_attr);
/* Retrieve security attributes of target memory region */
@@ -474,41 +482,3 @@
return (int32_t)mem_attr_check(mem_attr, flags);
}
-
-int32_t tfm_core_has_read_access_to_region(const void *p, size_t s,
- bool ns_caller,
- uint32_t privileged)
-{
- uint8_t flags = MEM_CHECK_MPU_READ;
-
- if (privileged == TFM_PARTITION_UNPRIVILEGED_MODE) {
- flags |= MEM_CHECK_MPU_UNPRIV;
- } else if (privileged != TFM_PARTITION_PRIVILEGED_MODE) {
- return TFM_ERROR_GENERIC;
- }
-
- if (ns_caller) {
- flags |= MEM_CHECK_NONSECURE;
- }
-
- return has_access_to_region(p, s, flags);
-}
-
-int32_t tfm_core_has_write_access_to_region(void *p, size_t s,
- bool ns_caller,
- uint32_t privileged)
-{
- uint8_t flags = MEM_CHECK_MPU_READWRITE;
-
- if (privileged == TFM_PARTITION_UNPRIVILEGED_MODE) {
- flags |= MEM_CHECK_MPU_UNPRIV;
- } else if (privileged != TFM_PARTITION_PRIVILEGED_MODE) {
- return TFM_ERROR_GENERIC;
- }
-
- if (ns_caller) {
- flags |= MEM_CHECK_NONSECURE;
- }
-
- return has_access_to_region(p, s, flags);
-}
diff --git a/secure_fw/spm/common/tfm_core_mem_check.c b/secure_fw/spm/common/tfm_core_mem_check.c
index aeb0a86..7f028d4 100644
--- a/secure_fw/spm/common/tfm_core_mem_check.c
+++ b/secure_fw/spm/common/tfm_core_mem_check.c
@@ -11,11 +11,7 @@
#include "tfm_arch.h"
#include "tfm_spm_hal.h"
#include "tfm_api.h"
-#ifdef TFM_PSA_API
-#include "spm_ipc.h"
-#else
#include "spm_func.h"
-#endif
/**
* \brief Check whether the current partition has access to a memory range