Interface: Interface provided to NS side
These files provide a reference interface mplementation for integration
with OS running on the NS side. This has been tested to work with
RTX scheduler.
Modifications may be required while integrating other OS.
Change-Id: I4845584465c5df0bc574de31564a0789154c0dd5
Signed-off-by: Ashutosh Singh <ashutosh.singh@arm.com>
Co-Authored-By: Marc Moreno Berengue <marc.morenoberengue@arm.com>
Co-Authored-By: Antonio de Angelis <antonio.deangelis@arm.com>
diff --git a/interface/include/tfm_api.h b/interface/include/tfm_api.h
new file mode 100644
index 0000000..d911f0c
--- /dev/null
+++ b/interface/include/tfm_api.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2017, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __TFM_API_H__
+#define __TFM_API_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* FixMe: sort out DEBUG compile option and limit return value options
+ * on external interfaces */
+/* Note:
+ * TFM will only return values recognized and parsed by TFM core.
+ * Service return codes are not automatically passed on to REE.
+ * Any non-zero return value is interpreted as an error that may trigger
+ * TEE error handling flow.
+ */
+enum tfm_status_e
+{
+ TFM_SUCCESS = 0,
+ TFM_SERVICE_PENDED,
+ TFM_SERVICE_BUSY,
+ TFM_ERROR_SERVICE_ALREADY_PENDED,
+ TFM_ERROR_SECURE_DOMAIN_LOCKED,
+ TFM_ERROR_INVALID_PARAMETER,
+ TFM_ERROR_SERVICE_NON_REENTRANT,
+ TFM_ERROR_NS_THREAD_MODE_CALL,
+ TFM_ERROR_INVALID_EXC_MODE,
+ TFM_SECURE_LOCK_FAILED,
+ TFM_SECURE_UNLOCK_FAILED,
+ TFM_ERROR_GENERIC = 0x1F,
+ TFM_SERVICE_SPECIFIC_ERROR_MIN,
+};
+
+//==================== Secure function declarations ==========================//
+
+/* Placeholder for secure function declarations defined by TF-M in the future */
+
+//================ End Secure function declarations ==========================//
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __TFM_API_H__ */
diff --git a/interface/include/tfm_id_mngr.h b/interface/include/tfm_id_mngr.h
new file mode 100644
index 0000000..dafe133
--- /dev/null
+++ b/interface/include/tfm_id_mngr.h
@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2017, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __TFM_ID_MNGR_H__
+#define __TFM_ID_MNGR_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <stdint.h>
+
+/**
+ * \brief Gets SST current application ID
+ *
+ * \return Returns the SST current application ID
+ */
+uint32_t tfm_sst_get_cur_id(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __TFM_ID_MNGR_H__ */
diff --git a/interface/include/tfm_ns_lock.h b/interface/include/tfm_ns_lock.h
new file mode 100644
index 0000000..7361aac
--- /dev/null
+++ b/interface/include/tfm_ns_lock.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2017, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+#ifndef __TFM_NS_LOCK_H__
+#define __TFM_NS_LOCK_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <stdint.h>
+#include "tfm_ns_svc.h"
+
+/**
+ * \brief NS world, NS lock based dispatcher
+ *
+ * \details To be called from the SVC wrapper API interface
+ */
+uint32_t tfm_ns_lock_svc_dispatch(enum tfm_svc_num svc_num,
+ uint32_t arg0,
+ uint32_t arg1,
+ uint32_t arg2,
+ uint32_t arg3);
+
+/**
+ * \brief NS world, Init NS lock
+ *
+ * \details Needs to be called during non-secure app init
+ * to initialize the TFM NS lock object
+ */
+uint32_t tfm_ns_lock_init();
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __TFM_NS_LOCK_H__ */
diff --git a/interface/include/tfm_ns_svc.h b/interface/include/tfm_ns_svc.h
new file mode 100644
index 0000000..e83b076
--- /dev/null
+++ b/interface/include/tfm_ns_svc.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2017, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include <stdio.h>
+#include <cmsis_compiler.h>
+
+#ifndef __TFM_NS_SVC_H__
+#define __TFM_NS_SVC_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief Macro to encode an svc instruction
+ *
+ */
+#define SVC(code) __ASM("svc %0" : : "I" (code))
+
+/**
+ * \brief Numbers associated to each SVC available
+ *
+ * \details Start from 1 as 0 is reserved by RTX
+ */
+enum tfm_svc_num {
+ SVC_INVALID = 0,
+
+/* SVC API for SST */
+ SVC_TFM_SST_GET_HANDLE,
+ SVC_TFM_SST_CREATE,
+ SVC_TFM_SST_GET_ATTRIBUTES,
+ SVC_TFM_SST_READ,
+ SVC_TFM_SST_WRITE,
+ SVC_TFM_SST_DELETE,
+
+#if defined(CORE_TEST_INTERACTIVE)
+ SVC_SECURE_DECREMENT_NS_LOCK_1,
+ SVC_SECURE_DECREMENT_NS_LOCK_2,
+#endif /* CORE_TEST_INTERACTIVE */
+
+#if defined(CORE_TEST_SERVICES)
+ SVC_TFM_CORE_TEST,
+ SVC_TFM_CORE_TEST_MULTIPLE_CALLS,
+#endif /* CORE_TEST_SERVICES */
+
+ /* add all the new entries above this line */
+ SVC_TFM_MAX,
+};
+
+/* number of user SVC functions */
+#define USER_SVC_COUNT (SVC_TFM_MAX - 1)
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __TFM_NS_SVC_H__ */
diff --git a/interface/include/tfm_sst_api.h b/interface/include/tfm_sst_api.h
new file mode 100644
index 0000000..3cdb64e
--- /dev/null
+++ b/interface/include/tfm_sst_api.h
@@ -0,0 +1,89 @@
+/*
+ * Copyright (c) 2017, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __TFM_SST_API__
+#define __TFM_SST_API__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief Gets handler for the given asset UUID. If an asset is deleted, the
+ * linked asset handle reference is no longer valid and will give
+ * TFM_SST_ERR_ASSET_REF_INVALID if used.
+ *
+ * \param[in] asset_uuid Asset UUID
+ * \param[out] hdl Pointer to store the asset's handler
+ *
+ * \return Returns TFM_SST_ERR_SUCCESS if asset is found. Otherwise, error code
+ * as specified in \ref tfm_sst_err_t
+ */
+enum tfm_sst_err_t tfm_sst_get_handle(uint16_t asset_uuid,
+ uint32_t* hdl);
+
+/**
+ * \brief Allocates space for the asset, referenced by asset handler,
+ * without setting any data in the asset.
+ *
+ * \param[in] asset_uuid Asset UUID
+ *
+ * \return Returns an TFM_SST_ERR_SUCCESS if asset is created correctly.
+ * Otherwise, error code as specified in \ref tfm_sst_err_t
+ */
+enum tfm_sst_err_t tfm_sst_create(uint16_t asset_uuid);
+
+/**
+ * \brief Gets asset's attributes referenced by asset handler.
+ * Uses cached metadata to return the size and write offset of an asset.
+ *
+ * \param[in] asset_handle Asset handler
+ * \param[out] attrib_struct Pointer to store the asset's attribute
+ *
+ * \return Returns error code as specified in \ref tfm_sst_err_t
+ */
+enum tfm_sst_err_t tfm_sst_get_attributes(uint32_t asset_handle,
+ struct tfm_sst_attribs_t* attrib_struct);
+
+/**
+ * \brief Reads asset's data from asset referenced by asset handler.
+ *
+ * \param[in] asset_handle Asset handler
+ * \param[out] data Pointer to data vector \ref tfm_sst_buf_t to store
+ * data, size and offset
+ *
+ * \return Returns error code as specified in \ref tfm_sst_err_t
+ */
+enum tfm_sst_err_t tfm_sst_read(uint32_t asset_handle,
+ struct tfm_sst_buf_t* data);
+
+/**
+ * \brief Writes data into an asset referenced by asset handler.
+ *
+ * \param[in] asset_handle Asset handler
+ * \param[in] data Pointer to data vector \ref tfm_sst_buf_t which
+ * contains the data to write
+ *
+ * \return Returns error code as specified in \ref tfm_sst_err_t
+ */
+enum tfm_sst_err_t tfm_sst_write(uint32_t asset_handle,
+ struct tfm_sst_buf_t* data);
+
+/**
+ * \brief Deletes the asset referenced by the asset handler.
+ *
+ * \param[in] asset_handle Asset handler
+ *
+ * \return Returns error code as specified in \ref tfm_sst_err_t
+ */
+enum tfm_sst_err_t tfm_sst_delete(uint32_t asset_handle);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __TFM_SST_API__ */
diff --git a/interface/include/tfm_sst_defs.h b/interface/include/tfm_sst_defs.h
new file mode 100644
index 0000000..75e2a16
--- /dev/null
+++ b/interface/include/tfm_sst_defs.h
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 2017, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __TFM_SST_DEFS_H__
+#define __TFM_SST_DEFS_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <inttypes.h>
+#include <limits.h>
+#include "tfm_api.h"
+
+/* FIXME: the secure APP ID should not be share with the non-secure code
+ * as it is revealing information about secure code implementation.
+ */
+#define S_APP_ID 0xF0000000
+
+/* FIXME:
+ * Very descriptive error codes can leak implementation
+ * information to caller and may allow exploitation
+ * of implementation weaknesses by malicious actors.
+ * Potential approaches-
+ * a. Just return generic error for any kind of failure
+ *
+ * OR
+ *
+ * b. Non-secure callers get the generic failure, the
+ * secure side callers get a bit more detailed error
+ * codes.
+ */
+
+/* The return value is shared with the TFM service status value. The SST return
+ * codes shouldn't overlap with predefined TFM status values.
+ */
+#define TFM_SST_ERR_OFFSET (TFM_SERVICE_SPECIFIC_ERROR_MIN)
+
+enum tfm_sst_err_t {
+ TFM_SST_ERR_SUCCESS = 0,
+ TFM_SST_ERR_ASSET_NOT_PREPARED = TFM_SST_ERR_OFFSET,
+ TFM_SST_ERR_ASSET_NOT_FOUND,
+ TFM_SST_ERR_PARAM_ERROR,
+ TFM_SST_ERR_INVALID_HANDLE,
+ TFM_SST_ERR_STORAGE_SYSTEM_FULL,
+ TFM_SST_ERR_SYSTEM_ERROR,
+ /* Following entry is only to ensure the error code of int size */
+ TFM_SST_ERR_FORCE_INT_SIZE = INT_MAX
+};
+
+struct tfm_sst_attribs_t {
+ uint32_t size_current; /*!< The current size of the asset */
+ uint32_t size_max; /*!< The maximum size of the asset in bytes */
+};
+
+/* Structure to store data information to read/write from/to asset */
+struct tfm_sst_buf_t {
+ uint8_t* data; /*!< Address of input/output data */
+ uint32_t size; /*!< Size of input/output data */
+ uint32_t offset; /*!< Offset within asset */
+};
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __TFM_SST_DEFS_H__ */
diff --git a/interface/include/tfm_sst_svc_handler.h b/interface/include/tfm_sst_svc_handler.h
new file mode 100644
index 0000000..808c0ea
--- /dev/null
+++ b/interface/include/tfm_sst_svc_handler.h
@@ -0,0 +1,92 @@
+/*
+ * Copyright (c) 2017, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __TFM_SST_SVC_HANDLER_H__
+#define __TFM_SST_SVC_HANDLER_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "tfm_sst_defs.h"
+
+/**
+ * \brief SVC funtion to get handler for the given asset UUID. If an asset is
+ * deleted, the linked asset handle reference is no longer valid and
+ * will give TFM_SST_ERR_ASSET_REF_INVALID if used.
+ *
+ * \param[in] asset_uuid Asset UUID
+ * \param[out] hdl Pointer to store the asset's handler
+ *
+ * \return Returns TFM_SST_ERR_SUCCESS if asset is found. Otherwise, error code
+ * as specified in \ref tfm_sst_err_t
+ */
+enum tfm_sst_err_t tfm_sst_svc_get_handle(uint16_t asset_uuid,
+ uint32_t* hdl);
+
+/**
+ * \brief SVC funtion to allocate space for the asset, referenced by asset
+ * handler, without setting any data in the asset.
+ *
+ * \param[in] asset_uuid Asset UUID
+ *
+ * \return Returns an TFM_SST_ERR_SUCCESS if asset is created correctly.
+ * Otherwise, error code as specified in \ref tfm_sst_err_t
+ */
+enum tfm_sst_err_t tfm_sst_svc_create(uint16_t asset_uuid);
+
+/**
+ * \brief SVC funtion to get asset's attributes referenced by asset handler.
+ * Uses cached metadata to return the size and write offset of an asset.
+ *
+ * \param[in] asset_handle Asset handler
+ * \param[out] attrib_struct Pointer to store asset's attribute
+ *
+ * \return Returns error code as specified in \ref tfm_sst_err_t
+ */
+enum tfm_sst_err_t tfm_sst_svc_get_attributes(uint32_t asset_handle,
+ struct tfm_sst_attribs_t* attrib_struct);
+
+/**
+ * \brief SVC funtion to read asset's data from asset referenced by asset
+ * handler.
+ *
+ * \param[in] asset_handle Asset handler
+ * \param[out] data Pointer to data vector \ref tfm_sst_buf_t to store
+ * data, size and offset
+ *
+ * \return Returns error code as specified in \ref tfm_sst_err_t
+ */
+enum tfm_sst_err_t tfm_sst_svc_read(uint32_t asset_handle,
+ struct tfm_sst_buf_t* data);
+
+/**
+ * \brief SVC funtion to write data into an asset referenced by asset handler.
+ *
+ * \param[in] asset_handle Asset handler
+ * \param[in] data Pointer to data vector \ref tfm_sst_buf_t which
+ * contains the data to write
+ *
+ * \return Returns error code as specified in \ref tfm_sst_err_t
+ */
+enum tfm_sst_err_t tfm_sst_svc_write(uint32_t asset_handle,
+ struct tfm_sst_buf_t* data);
+
+/**
+ * \brief SVC funtion to delete the asset referenced by the asset handler.
+ *
+ * \param[in] asset_handle Asset handler
+ *
+ * \return Returns error code as specified in \ref tfm_sst_err_t
+ */
+enum tfm_sst_err_t tfm_sst_svc_delete(uint32_t asset_handle);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __TFM_SST_SVC_HANDLER_H__ */
diff --git a/interface/include/tfm_sst_veneers.h b/interface/include/tfm_sst_veneers.h
new file mode 100644
index 0000000..791bbb0
--- /dev/null
+++ b/interface/include/tfm_sst_veneers.h
@@ -0,0 +1,119 @@
+/*
+ * Copyright (c) 2017, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __TFM_SST_VENEERS_H__
+#define __TFM_SST_VENEERS_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "tfm_sst_defs.h"
+
+#define __cmse_secure_gateway \
+ __attribute__((cmse_nonsecure_entry, noinline, section("SFN")))
+
+/**
+ * \brief Gets handler for the given asset uuid. If an asset is deleted, the
+ * linked asset handle reference is no longer valid and will give
+ * TFM_SST_ERR_ASSET_REF_INVALID if used.
+ *
+ * \param[in] app_id Application ID
+ * \param[in] asset_uuid Asset UUID
+ * \param[out] hdl Handle to be returned
+ *
+ * \return Returns asset handle. If asset is not found, it returns
+ * TFM_SST_ERR_ASSET_NOT_FOUND. If SST area is not prepared, it returns
+ * TFM_SST_ERR_ASSET_NOT_PREPARED.
+ */
+enum tfm_sst_err_t tfm_sst_veneer_get_handle(uint32_t app_id,
+ uint16_t asset_uuid,
+ uint32_t *hdl)
+__cmse_secure_gateway;
+
+/**
+ * \brief Allocates space for the asset, referenced by asset handler,
+ * without setting any data in the asset.
+ *
+ * \param[in] app_id Application ID
+ * \param[in] asset_uuid Asset UUID
+ *
+ * \return Returns an asset handle. If SST area is not prepared, it returns
+ * TFM_SST_ERR_ASSET_NOT_PREPARED. If SST area is full, it returns
+ * TFM_SST_ERR_STORAGE_SYSTEM_FULL. If application id doesn't have the
+ * write rights, it returns TFM_SST_ERR_PERMS_NOT_ALLOWED.
+ */
+enum tfm_sst_err_t tfm_sst_veneer_create(uint32_t app_id, uint16_t asset_uuid)
+__cmse_secure_gateway;
+
+/**
+ * \brief Gets asset's attributes referenced by asset handler.
+ * Uses cached metadata to return the size and write offset of an asset.
+ *
+ * \param[in] app_id Application ID
+ * \param[in] asset_handle Asset handler
+ * \param[out] attrib_struct Pointer to asset attribute struct
+ *
+ * \return Returns error code as specified in \ref tfm_sst_err_t
+ */
+extern enum tfm_sst_err_t tfm_sst_veneer_get_attributes(
+ uint32_t app_id,
+ uint32_t asset_handle,
+ struct tfm_sst_attribs_t *attrib_struct)
+__cmse_secure_gateway;
+
+/**
+ * \brief Reads asset's data from asset referenced by asset handler.
+ *
+ * \param[in] app_id Application ID
+ * \param[in] asset_handle Asset handler
+ * \param[in/out] data Pointer to data vector \ref tfm_sst_buf_t to
+ * store data, size and offset
+ *
+ * \return Returns the number of bytes written or a castable \ref tfm_sst_err_t
+ * value
+ */
+enum tfm_sst_err_t tfm_sst_veneer_read(uint32_t app_id,
+ uint32_t asset_handle,
+ struct tfm_sst_buf_t *data)
+__cmse_secure_gateway;
+
+/**
+ * \brief Writes data into an asset referenced by asset handler.
+ *
+ * \param[in] app_id Application ID
+ * \param[in] asset_handle Asset handler
+ * \param[in] data Pointer to data vector \ref tfm_sst_buf_t which
+ * contains the data to write
+ *
+ * \return Returns the number of bytes written or a castable \ref tfm_sst_err_t
+ * value
+ */
+enum tfm_sst_err_t tfm_sst_veneer_write(uint32_t app_id,
+ uint32_t asset_handle,
+ struct tfm_sst_buf_t *data)
+__cmse_secure_gateway;
+
+/**
+ * \brief Deletes the asset referenced by the asset handler.
+ *
+ * \param[in] app_id Application ID
+ * \param[in] asset_handle Asset handler
+ *
+ * \return Returns TFM_SST_ERR_PERMS_NOT_ALLOWED if the asset can't be deleted
+ * to by this app ID. Returns TFM_SST_ERR_ASSET_REF_INVALID, if asset
+ * no longer exists. Otherwise, TFM_SST_ERR_SUCCESS.
+ */
+enum tfm_sst_err_t tfm_sst_veneer_delete(uint32_t app_id,
+ uint32_t asset_handle)
+__cmse_secure_gateway;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __TFM_SST_VENEERS_H__ */