Build: Add psa_framework_version attribute
- Add "psa_framework_version" attribute in manifest files.
- Support psa_framework_version check.
Change-Id: I1b2a9bb63124bf8f45ac93c95bb8fdb687f9561f
Signed-off-by: Edison Ai <edison.ai@arm.com>
diff --git a/secure_fw/services/audit_logging/tfm_audit_logging.yaml b/secure_fw/services/audit_logging/tfm_audit_logging.yaml
index a011613..144747c 100644
--- a/secure_fw/services/audit_logging/tfm_audit_logging.yaml
+++ b/secure_fw/services/audit_logging/tfm_audit_logging.yaml
@@ -6,6 +6,7 @@
#-------------------------------------------------------------------------------
{
+ "psa_framework_version": 1.0,
"name": "TFM_SP_AUDIT_LOG",
"type": "PSA-ROT",
"priority": "NORMAL",
diff --git a/secure_fw/services/crypto/tfm_crypto.yaml b/secure_fw/services/crypto/tfm_crypto.yaml
index c2ca83c..ecfeb53 100644
--- a/secure_fw/services/crypto/tfm_crypto.yaml
+++ b/secure_fw/services/crypto/tfm_crypto.yaml
@@ -6,6 +6,7 @@
#-------------------------------------------------------------------------------
{
+ "psa_framework_version": 1.0,
"name": "TFM_SP_CRYPTO",
"type": "PSA-ROT",
"priority": "NORMAL",
diff --git a/secure_fw/services/initial_attestation/tfm_initial_attestation.yaml b/secure_fw/services/initial_attestation/tfm_initial_attestation.yaml
index 4a002e1..6ce4f6d 100644
--- a/secure_fw/services/initial_attestation/tfm_initial_attestation.yaml
+++ b/secure_fw/services/initial_attestation/tfm_initial_attestation.yaml
@@ -6,6 +6,7 @@
#-------------------------------------------------------------------------------
{
+ "psa_framework_version": 1.0,
"name": "TFM_SP_INITIAL_ATTESTATION",
"type": "PSA-ROT",
"priority": "NORMAL",
diff --git a/secure_fw/services/internal_trusted_storage/tfm_internal_trusted_storage.yaml b/secure_fw/services/internal_trusted_storage/tfm_internal_trusted_storage.yaml
index fb0bf52..da8225e 100644
--- a/secure_fw/services/internal_trusted_storage/tfm_internal_trusted_storage.yaml
+++ b/secure_fw/services/internal_trusted_storage/tfm_internal_trusted_storage.yaml
@@ -6,6 +6,7 @@
#-------------------------------------------------------------------------------
{
+ "psa_framework_version": 1.0,
"name": "TFM_SP_ITS",
"type": "PSA-ROT",
"priority": "NORMAL",
diff --git a/secure_fw/services/platform/tfm_platform.yaml b/secure_fw/services/platform/tfm_platform.yaml
index b1e19a7..abea272 100644
--- a/secure_fw/services/platform/tfm_platform.yaml
+++ b/secure_fw/services/platform/tfm_platform.yaml
@@ -6,6 +6,7 @@
#-------------------------------------------------------------------------------
{
+ "psa_framework_version": 1.0,
"name": "TFM_SP_PLATFORM",
"type": "PSA-ROT",
"priority": "NORMAL",
diff --git a/secure_fw/services/secure_storage/tfm_secure_storage.yaml b/secure_fw/services/secure_storage/tfm_secure_storage.yaml
index 59efd18..23b0d89 100644
--- a/secure_fw/services/secure_storage/tfm_secure_storage.yaml
+++ b/secure_fw/services/secure_storage/tfm_secure_storage.yaml
@@ -6,6 +6,7 @@
#-------------------------------------------------------------------------------
{
+ "psa_framework_version": 1.0,
"name": "TFM_SP_STORAGE",
"type": "PSA-ROT",
"priority": "NORMAL",
diff --git a/secure_fw/services/tfm_spm_db.inc b/secure_fw/services/tfm_spm_db.inc
index 594e1f7..a4fe4f1 100644
--- a/secure_fw/services/tfm_spm_db.inc
+++ b/secure_fw/services/tfm_spm_db.inc
@@ -420,6 +420,9 @@
const struct spm_partition_static_data_t static_data_list[] =
{
{
+#ifdef TFM_PSA_API
+ .psa_framework_version = 0x0100,
+#endif /* defined(TFM_PSA_API) */
.partition_id = TFM_SP_NON_SECURE_ID,
#ifdef TFM_PSA_API
#if TFM_MULTI_CORE_TOPOLOGY
@@ -442,6 +445,9 @@
#endif
{
+#ifdef TFM_PSA_API
+ .psa_framework_version = 0x0100,
+#endif /* defined(TFM_PSA_API) */
.partition_id = TFM_SP_STORAGE_ID,
.partition_flags = SPM_PART_FLAG_IPC
| SPM_PART_FLAG_PSA_ROT | SPM_PART_FLAG_APP_ROT
@@ -451,6 +457,9 @@
},
{
+#ifdef TFM_PSA_API
+ .psa_framework_version = 0x0100,
+#endif /* defined(TFM_PSA_API) */
.partition_id = TFM_SP_ITS_ID,
.partition_flags = SPM_PART_FLAG_IPC
| SPM_PART_FLAG_PSA_ROT | SPM_PART_FLAG_APP_ROT
@@ -461,6 +470,9 @@
#ifdef TFM_PARTITION_AUDIT_LOG
{
+#ifdef TFM_PSA_API
+ .psa_framework_version = 0x0100,
+#endif /* defined(TFM_PSA_API) */
.partition_id = TFM_SP_AUDIT_LOG_ID,
.partition_flags = 0
| SPM_PART_FLAG_PSA_ROT | SPM_PART_FLAG_APP_ROT
@@ -471,6 +483,9 @@
#endif /* TFM_PARTITION_AUDIT_LOG */
{
+#ifdef TFM_PSA_API
+ .psa_framework_version = 0x0100,
+#endif /* defined(TFM_PSA_API) */
.partition_id = TFM_SP_CRYPTO_ID,
.partition_flags = SPM_PART_FLAG_IPC
| SPM_PART_FLAG_PSA_ROT | SPM_PART_FLAG_APP_ROT
@@ -481,6 +496,9 @@
#ifdef TFM_PARTITION_PLATFORM
{
+#ifdef TFM_PSA_API
+ .psa_framework_version = 0x0100,
+#endif /* defined(TFM_PSA_API) */
.partition_id = TFM_SP_PLATFORM_ID,
.partition_flags = 0
| SPM_PART_FLAG_PSA_ROT | SPM_PART_FLAG_APP_ROT
@@ -491,6 +509,9 @@
#endif /* TFM_PARTITION_PLATFORM */
{
+#ifdef TFM_PSA_API
+ .psa_framework_version = 0x0100,
+#endif /* defined(TFM_PSA_API) */
.partition_id = TFM_SP_INITIAL_ATTESTATION_ID,
.partition_flags = SPM_PART_FLAG_IPC
| SPM_PART_FLAG_PSA_ROT | SPM_PART_FLAG_APP_ROT
@@ -501,6 +522,9 @@
#ifdef TFM_PARTITION_TEST_CORE
{
+#ifdef TFM_PSA_API
+ .psa_framework_version = 0x0100,
+#endif /* defined(TFM_PSA_API) */
.partition_id = TFM_SP_CORE_TEST_ID,
.partition_flags = SPM_PART_FLAG_IPC
| SPM_PART_FLAG_PSA_ROT | SPM_PART_FLAG_APP_ROT
@@ -512,6 +536,9 @@
#ifdef TFM_PARTITION_TEST_CORE
{
+#ifdef TFM_PSA_API
+ .psa_framework_version = 0x0100,
+#endif /* defined(TFM_PSA_API) */
.partition_id = TFM_SP_CORE_TEST_2_ID,
.partition_flags = SPM_PART_FLAG_IPC
| SPM_PART_FLAG_APP_ROT
@@ -523,6 +550,9 @@
#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
{
+#ifdef TFM_PSA_API
+ .psa_framework_version = 0x0100,
+#endif /* defined(TFM_PSA_API) */
.partition_id = TFM_SP_SECURE_TEST_PARTITION_ID,
.partition_flags = SPM_PART_FLAG_IPC
| SPM_PART_FLAG_PSA_ROT | SPM_PART_FLAG_APP_ROT
@@ -534,6 +564,9 @@
#ifdef TFM_PARTITION_TEST_CORE_IPC
{
+#ifdef TFM_PSA_API
+ .psa_framework_version = 0x0100,
+#endif /* defined(TFM_PSA_API) */
.partition_id = TFM_SP_IPC_SERVICE_TEST_ID,
.partition_flags = SPM_PART_FLAG_IPC
| SPM_PART_FLAG_PSA_ROT | SPM_PART_FLAG_APP_ROT
@@ -545,6 +578,9 @@
#ifdef TFM_PARTITION_TEST_CORE_IPC
{
+#ifdef TFM_PSA_API
+ .psa_framework_version = 0x0100,
+#endif /* defined(TFM_PSA_API) */
.partition_id = TFM_SP_IPC_CLIENT_TEST_ID,
.partition_flags = SPM_PART_FLAG_IPC
| SPM_PART_FLAG_APP_ROT
@@ -556,6 +592,9 @@
#ifdef TFM_ENABLE_IRQ_TEST
{
+#ifdef TFM_PSA_API
+ .psa_framework_version = 0x0100,
+#endif /* defined(TFM_PSA_API) */
.partition_id = TFM_IRQ_TEST_1_ID,
.partition_flags = SPM_PART_FLAG_IPC
| SPM_PART_FLAG_APP_ROT
diff --git a/secure_fw/services/tfm_spm_db.inc.template b/secure_fw/services/tfm_spm_db.inc.template
index c3bb13c..a11a00a 100644
--- a/secure_fw/services/tfm_spm_db.inc.template
+++ b/secure_fw/services/tfm_spm_db.inc.template
@@ -131,6 +131,9 @@
const struct spm_partition_static_data_t static_data_list[] =
{
{
+#ifdef TFM_PSA_API
+ .psa_framework_version = 0x0100,
+#endif /* defined(TFM_PSA_API) */
.partition_id = TFM_SP_NON_SECURE_ID,
#ifdef TFM_PSA_API
#if TFM_MULTI_CORE_TOPOLOGY
@@ -157,6 +160,13 @@
#ifdef {{manifest.attr.conditional}}
{% endif %}
{{'{'}}
+#ifdef TFM_PSA_API
+ {% if manifest.manifest.psa_framework_version == 1.0 %}
+ .psa_framework_version = 0x0100,
+ {% else %}
+ .psa_framework_version = 0,
+ {% endif %}
+#endif /* defined(TFM_PSA_API) */
.partition_id = {{manifest.manifest.name}}_ID,
{% if manifest.attr.tfm_partition_ipc %}
.partition_flags = SPM_PART_FLAG_IPC
diff --git a/secure_fw/spm/spm_api_ipc.c b/secure_fw/spm/spm_api_ipc.c
index 987002f..7b08682 100644
--- a/secure_fw/spm/spm_api_ipc.c
+++ b/secure_fw/spm/spm_api_ipc.c
@@ -489,6 +489,14 @@
/* Init partition first for it will be used when init service */
for (i = 0; i < g_spm_partition_db.partition_count; i++) {
partition = &g_spm_partition_db.partitions[i];
+
+ /* Check if the PSA framework version matches. */
+ if (partition->static_data->psa_framework_version !=
+ PSA_FRAMEWORK_VERSION) {
+ ERROR_MSG("Warning: PSA Framework Verison is not matched!");
+ continue;
+ }
+
tfm_spm_hal_configure_default_isolation(partition->platform_data);
if ((tfm_spm_partition_get_flags(i) & SPM_PART_FLAG_IPC) == 0) {
continue;
diff --git a/secure_fw/spm/spm_db.h b/secure_fw/spm/spm_db.h
index 34e9693..14e5074 100644
--- a/secure_fw/spm/spm_db.h
+++ b/secure_fw/spm/spm_db.h
@@ -34,6 +34,9 @@
* phase.
*/
struct spm_partition_static_data_t {
+#ifdef TFM_PSA_API
+ uint32_t psa_framework_version;
+#endif /* defined(TFM_PSA_API) */
uint32_t partition_id;
uint32_t partition_flags;
uint32_t partition_priority;