Platform: Update platform partition to SFN
Change-Id: Ia0863dd3514b118f6c95358922bfa70f0f0a6b0c
Signed-off-by: Raef Coles <raef.coles@arm.com>
diff --git a/docs/integration_guide/services/tfm_platform_integration_guide.rst b/docs/integration_guide/services/tfm_platform_integration_guide.rst
index 7858435..afe8b2f 100644
--- a/docs/integration_guide/services/tfm_platform_integration_guide.rst
+++ b/docs/integration_guide/services/tfm_platform_integration_guide.rst
@@ -77,7 +77,8 @@
=====================
The Platform Service provides an abstracted service for exposing the NV counters
-to the secure world. The following operations are supported:
+to secure partitions or non-secure callers. The following operations are
+supported:
- Increment a counter.
- Read a counter value to a preallocated buffer.
@@ -95,7 +96,7 @@
``platform/include/tfm_plat_nv_counters.h``
For Level 2,3 isolation implementations, secure partitions in the
-Application Root of Trust, should have ``TFM_SP_PLATFORM_NV_COUNTER`` set as a
+Application Root of Trust, should have ``TFM_PLATFORM_SERVICE`` set as a
dependency for access to the NV counter API.
***************************
@@ -110,4 +111,4 @@
--------------
-*Copyright (c) 2018-2020, Arm Limited. All rights reserved.*
+*Copyright (c) 2018-2022, Arm Limited. All rights reserved.*
diff --git a/docs/integration_guide/services/tfm_secure_partition_addition.rst b/docs/integration_guide/services/tfm_secure_partition_addition.rst
index fdbaf56..fc3901d 100644
--- a/docs/integration_guide/services/tfm_secure_partition_addition.rst
+++ b/docs/integration_guide/services/tfm_secure_partition_addition.rst
@@ -232,6 +232,7 @@
TFM_SP_ITS 3
TFM_SP_INITIAL_ATTESTATION 4
TFM_SP_FWU 5
+ TFM_SP_PLATFORM 6
=============================== =======================
mmio_regions
diff --git a/interface/include/tfm_platform_api.h b/interface/include/tfm_platform_api.h
index 8c9b0db..f7f3972 100644
--- a/interface/include/tfm_platform_api.h
+++ b/interface/include/tfm_platform_api.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2022, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -25,6 +25,8 @@
#define TFM_PLATFORM_API_ID_NV_READ (1010)
#define TFM_PLATFORM_API_ID_NV_INCREMENT (1011)
+#define TFM_PLATFORM_API_ID_SYSTEM_RESET (1012)
+#define TFM_PLATFORM_API_ID_IOCTL (1013)
/*!
* \enum tfm_platform_err_t
diff --git a/interface/src/tfm_platform_ipc_api.c b/interface/src/tfm_platform_ipc_api.c
index 072e243..d709607 100644
--- a/interface/src/tfm_platform_ipc_api.c
+++ b/interface/src/tfm_platform_ipc_api.c
@@ -12,17 +12,10 @@
enum tfm_platform_err_t tfm_platform_system_reset(void)
{
psa_status_t status = PSA_ERROR_CONNECTION_REFUSED;
- psa_handle_t handle = PSA_NULL_HANDLE;
- handle = psa_connect(TFM_SP_PLATFORM_SYSTEM_RESET_SID,
- TFM_SP_PLATFORM_SYSTEM_RESET_VERSION);
- if (handle <= 0) {
- return TFM_PLATFORM_ERR_SYSTEM_ERROR;
- }
-
- status = psa_call(handle, PSA_IPC_CALL,
+ status = psa_call(TFM_PLATFORM_SERVICE_HANDLE,
+ TFM_PLATFORM_API_ID_SYSTEM_RESET,
NULL, 0, NULL, 0);
- psa_close(handle);
if (status < PSA_SUCCESS) {
return TFM_PLATFORM_ERR_SYSTEM_ERROR;
@@ -40,7 +33,6 @@
struct psa_invec in_vec[2] = { {0} };
size_t inlen, outlen;
psa_status_t status = PSA_ERROR_CONNECTION_REFUSED;
- psa_handle_t handle = PSA_NULL_HANDLE;
in_vec[0].base = &req;
in_vec[0].len = sizeof(req);
@@ -58,16 +50,10 @@
outlen = 0;
}
- handle = psa_connect(TFM_SP_PLATFORM_IOCTL_SID,
- TFM_SP_PLATFORM_IOCTL_VERSION);
- if (handle <= 0) {
- return TFM_PLATFORM_ERR_SYSTEM_ERROR;
- }
-
- status = psa_call(handle, PSA_IPC_CALL,
+ status = psa_call(TFM_PLATFORM_SERVICE_HANDLE,
+ TFM_PLATFORM_API_ID_IOCTL,
in_vec, inlen,
output, outlen);
- psa_close(handle);
if (status < PSA_SUCCESS) {
return TFM_PLATFORM_ERR_SYSTEM_ERROR;
@@ -80,23 +66,15 @@
tfm_platform_nv_counter_increment(uint32_t counter_id)
{
psa_status_t status = PSA_ERROR_CONNECTION_REFUSED;
- psa_handle_t handle = PSA_NULL_HANDLE;
struct psa_invec in_vec[1];
in_vec[0].base = &counter_id;
in_vec[0].len = sizeof(counter_id);
- handle = psa_connect(TFM_SP_PLATFORM_NV_COUNTER_SID,
- TFM_SP_PLATFORM_NV_COUNTER_VERSION);
- if (handle <= 0) {
- return TFM_PLATFORM_ERR_SYSTEM_ERROR;
- }
-
- status = psa_call(handle, TFM_PLATFORM_API_ID_NV_INCREMENT,
+ status = psa_call(TFM_PLATFORM_SERVICE_HANDLE,
+ TFM_PLATFORM_API_ID_NV_INCREMENT,
in_vec, 1, (psa_outvec *)NULL, 0);
- psa_close(handle);
-
if (status < PSA_SUCCESS) {
return TFM_PLATFORM_ERR_SYSTEM_ERROR;
} else {
@@ -109,7 +87,6 @@
uint32_t size, uint8_t *val)
{
psa_status_t status = PSA_ERROR_CONNECTION_REFUSED;
- psa_handle_t handle = PSA_NULL_HANDLE;
struct psa_invec in_vec[1];
struct psa_outvec out_vec[1];
@@ -119,17 +96,10 @@
out_vec[0].base = val;
out_vec[0].len = size;
- handle = psa_connect(TFM_SP_PLATFORM_NV_COUNTER_SID,
- TFM_SP_PLATFORM_NV_COUNTER_VERSION);
- if (handle <= 0) {
- return TFM_PLATFORM_ERR_SYSTEM_ERROR;
- }
-
- status = psa_call(handle, TFM_PLATFORM_API_ID_NV_READ,
+ status = psa_call(TFM_PLATFORM_SERVICE_HANDLE,
+ TFM_PLATFORM_API_ID_NV_READ,
in_vec, 1, out_vec, 1);
- psa_close(handle);
-
if (status < PSA_SUCCESS) {
return TFM_PLATFORM_ERR_SYSTEM_ERROR;
} else {
diff --git a/lib/ext/tf-m-tests/repo_config_default.cmake b/lib/ext/tf-m-tests/repo_config_default.cmake
index 6345ae8..4c757f0 100644
--- a/lib/ext/tf-m-tests/repo_config_default.cmake
+++ b/lib/ext/tf-m-tests/repo_config_default.cmake
@@ -8,5 +8,5 @@
# Default configs of tf-m-tests repo
set(TFM_TEST_REPO_PATH "DOWNLOAD" CACHE PATH "Path to TFM-TEST repo (or DOWNLOAD to fetch automatically")
-set(TFM_TEST_REPO_VERSION "66ba1d4" CACHE STRING "The version of tf-m-tests to use")
+set(TFM_TEST_REPO_VERSION "f0c9a1c" CACHE STRING "The version of tf-m-tests to use")
set(CMSIS_5_PATH "DOWNLOAD" CACHE PATH "Path to CMSIS_5 (or DOWNLOAD to fetch automatically")
diff --git a/secure_fw/partitions/firmware_update/tfm_firmware_update.yaml b/secure_fw/partitions/firmware_update/tfm_firmware_update.yaml
index 3e01040..617358f 100644
--- a/secure_fw/partitions/firmware_update/tfm_firmware_update.yaml
+++ b/secure_fw/partitions/firmware_update/tfm_firmware_update.yaml
@@ -71,6 +71,6 @@
],
"dependencies": [
"TFM_CRYPTO",
- "TFM_SP_PLATFORM_SYSTEM_RESET"
+ "TFM_PLATFORM_SERVICE"
]
-}
\ No newline at end of file
+}
diff --git a/secure_fw/partitions/platform/platform_sp.c b/secure_fw/partitions/platform/platform_sp.c
index b0d60eb..18cd721 100644
--- a/secure_fw/partitions/platform/platform_sp.c
+++ b/secure_fw/partitions/platform/platform_sp.c
@@ -168,16 +168,14 @@
#else /* TFM_PSA_API */
-static enum tfm_platform_err_t
-platform_sp_system_reset_ipc(const psa_msg_t *msg)
+static psa_status_t platform_sp_system_reset_psa_api(const psa_msg_t *msg)
{
(void)msg; /* unused parameter */
return platform_sp_system_reset();
}
-static enum tfm_platform_err_t
-platform_sp_nv_counter_ipc(const psa_msg_t *msg)
+static psa_status_t platform_sp_nv_read_psa_api(const psa_msg_t *msg)
{
enum tfm_plat_err_t err = TFM_PLAT_ERR_SYSTEM_ERR;
size_t in_len = PSA_MAX_IOVEC, out_len = PSA_MAX_IOVEC, num = 0;
@@ -194,70 +192,84 @@
while ((out_len > 0) && (msg->out_size[out_len - 1] == 0)) {
out_len--;
}
- switch (msg->type) {
- case TFM_PLATFORM_API_ID_NV_INCREMENT:
- if (msg->in_size[0] != NV_COUNTER_ID_SIZE ||
- in_len != 1 || out_len != 0) {
- return TFM_PLATFORM_ERR_SYSTEM_ERROR;
- }
- num = psa_read(msg->handle, 0, &counter_id, msg->in_size[0]);
- if (num != msg->in_size[0]) {
- return TFM_PLATFORM_ERR_SYSTEM_ERROR;
- }
-
- if (msg->client_id < 0) {
- counter_id += PLAT_NV_COUNTER_NS_0;
- }
-
- if (nv_counter_permissions_check(msg->client_id, counter_id, false)
- != TFM_PLATFORM_ERR_SUCCESS) {
- return TFM_PLATFORM_ERR_SYSTEM_ERROR;
- }
-
- err = tfm_plat_increment_nv_counter(counter_id);
- break;
- case TFM_PLATFORM_API_ID_NV_READ:
- if (msg->in_size[0] != NV_COUNTER_ID_SIZE ||
- in_len != 1 || out_len != 1) {
- return TFM_PLATFORM_ERR_SYSTEM_ERROR;
- }
-
- num = psa_read(msg->handle, 0, &counter_id, msg->in_size[0]);
- if (num != msg->in_size[0]) {
- return TFM_PLATFORM_ERR_SYSTEM_ERROR;
- }
-
- if (msg->client_id < 0) {
- counter_id += PLAT_NV_COUNTER_NS_0;
- }
-
- if (nv_counter_permissions_check(msg->client_id, counter_id, true)
- != TFM_PLATFORM_ERR_SUCCESS) {
- return TFM_PLATFORM_ERR_SYSTEM_ERROR;
- }
-
- err = tfm_plat_read_nv_counter(counter_id, msg->out_size[0],
- &counter_val);
-
- if (err != TFM_PLAT_ERR_SUCCESS) {
- return TFM_PLATFORM_ERR_SYSTEM_ERROR;
- }
- psa_write(msg->handle, 0, &counter_val, msg->out_size[0]);
- break;
- default:
+ if (msg->in_size[0] != NV_COUNTER_ID_SIZE ||
+ in_len != 1 || out_len != 1) {
return TFM_PLATFORM_ERR_SYSTEM_ERROR;
- break;
}
+ num = psa_read(msg->handle, 0, &counter_id, msg->in_size[0]);
+ if (num != NV_COUNTER_ID_SIZE) {
+ return TFM_PLATFORM_ERR_SYSTEM_ERROR;
+ }
+
+ if (msg->client_id < 0) {
+ counter_id += PLAT_NV_COUNTER_NS_0;
+ }
+
+ if (nv_counter_permissions_check(msg->client_id, counter_id, true)
+ != TFM_PLATFORM_ERR_SUCCESS) {
+ return TFM_PLATFORM_ERR_SYSTEM_ERROR;
+ }
+
+ err = tfm_plat_read_nv_counter(counter_id, msg->out_size[0],
+ &counter_val);
+
+ if (err != TFM_PLAT_ERR_SUCCESS) {
+ return TFM_PLATFORM_ERR_SYSTEM_ERROR;
+ }
+
+ psa_write(msg->handle, 0, &counter_val, msg->out_size[0]);
+
+ return TFM_PLATFORM_ERR_SUCCESS;
+}
+
+static psa_status_t platform_sp_nv_increment_psa_api(const psa_msg_t *msg)
+{
+ enum tfm_plat_err_t err = TFM_PLAT_ERR_SYSTEM_ERR;
+ size_t in_len = PSA_MAX_IOVEC, out_len = PSA_MAX_IOVEC, num = 0;
+
+ enum tfm_nv_counter_t counter_id;
+
+ /* Check the number of in_vec filled */
+ while ((in_len > 0) && (msg->in_size[in_len - 1] == 0)) {
+ in_len--;
+ }
+
+ /* Check the number of out_vec filled */
+ while ((out_len > 0) && (msg->out_size[out_len - 1] == 0)) {
+ out_len--;
+ }
+
+ if (msg->in_size[0] != NV_COUNTER_ID_SIZE ||
+ in_len != 1 || out_len != 0) {
+ return TFM_PLATFORM_ERR_SYSTEM_ERROR;
+ }
+
+ num = psa_read(msg->handle, 0, &counter_id, msg->in_size[0]);
+ if (num != NV_COUNTER_ID_SIZE) {
+ return TFM_PLATFORM_ERR_SYSTEM_ERROR;
+ }
+
+ if (msg->client_id < 0) {
+ counter_id += PLAT_NV_COUNTER_NS_0;
+ }
+
+ if (nv_counter_permissions_check(msg->client_id, counter_id, false)
+ != TFM_PLATFORM_ERR_SUCCESS) {
+ return TFM_PLATFORM_ERR_SYSTEM_ERROR;
+ }
+
+ err = tfm_plat_increment_nv_counter(counter_id);
+
if (err != TFM_PLAT_ERR_SUCCESS) {
return TFM_PLATFORM_ERR_SYSTEM_ERROR;
}
+
return TFM_PLATFORM_ERR_SUCCESS;
}
-static enum tfm_platform_err_t
-platform_sp_ioctl_ipc(const psa_msg_t *msg)
+static psa_status_t platform_sp_ioctl_psa_api(const psa_msg_t *msg)
{
void *input = NULL;
void *output = NULL;
@@ -270,6 +282,7 @@
int num = 0;
uint32_t in_len = PSA_MAX_IOVEC;
uint32_t out_len = PSA_MAX_IOVEC;
+ size_t input_size;
while ((in_len > 0) && (msg->in_size[in_len - 1] == 0)) {
in_len--;
@@ -290,15 +303,16 @@
}
if (in_len > 1) {
- if (msg->in_size[1] > INPUT_BUFFER_SIZE) {
- return (enum tfm_platform_err_t) PSA_ERROR_PROGRAMMER_ERROR;
+ input_size = msg->in_size[1];
+ if (input_size > INPUT_BUFFER_SIZE) {
+ return (enum tfm_platform_err_t) PSA_ERROR_BUFFER_TOO_SMALL;
}
num = psa_read(msg->handle, 1, &input_buffer, msg->in_size[1]);
- if (num != msg->in_size[1]) {
+ if (num != input_size) {
return (enum tfm_platform_err_t) PSA_ERROR_PROGRAMMER_ERROR;
}
invec.base = input_buffer;
- invec.len = msg->in_size[1];
+ invec.len = input_size;
input = &invec;
}
@@ -319,65 +333,35 @@
return ret;
}
-
-static void platform_signal_handle(psa_signal_t signal, plat_func_t pfn)
-{
- psa_msg_t msg;
- psa_status_t status;
-
- status = psa_get(signal, &msg);
- switch (msg.type) {
- case PSA_IPC_CONNECT:
- psa_reply(msg.handle, PSA_SUCCESS);
- break;
- case PSA_IPC_CALL:
- case TFM_PLATFORM_API_ID_NV_READ:
- case TFM_PLATFORM_API_ID_NV_INCREMENT:
- status = (psa_status_t)pfn(&msg);
- psa_reply(msg.handle, status);
- break;
- case PSA_IPC_DISCONNECT:
- psa_reply(msg.handle, PSA_SUCCESS);
- break;
- default:
- psa_panic();
- }
-}
-
#endif /* TFM_PSA_API */
-enum tfm_platform_err_t platform_sp_init(void)
+psa_status_t tfm_platform_service_sfn(const psa_msg_t *msg)
+{
+ switch (msg->type) {
+ case TFM_PLATFORM_API_ID_NV_READ:
+ return platform_sp_nv_read_psa_api(msg);
+ case TFM_PLATFORM_API_ID_NV_INCREMENT:
+ return platform_sp_nv_increment_psa_api(msg);
+ case TFM_PLATFORM_API_ID_SYSTEM_RESET:
+ return platform_sp_system_reset_psa_api(msg);
+ case TFM_PLATFORM_API_ID_IOCTL:
+ return platform_sp_ioctl_psa_api(msg);
+ default:
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+
+ return PSA_ERROR_GENERIC_ERROR;
+}
+
+psa_status_t platform_sp_init(void)
{
/* Initialise the non-volatile counters */
enum tfm_plat_err_t err;
+
err = tfm_plat_init_nv_counter();
if (err != TFM_PLAT_ERR_SUCCESS) {
-#ifdef TFM_PSA_API
- psa_panic();
-#else
- return TFM_PLATFORM_ERR_SYSTEM_ERROR;
-#endif
- }
-#ifdef TFM_PSA_API
- psa_signal_t signals;
-
- while (1) {
- signals = psa_wait(PSA_WAIT_ANY, PSA_BLOCK);
- if (signals & TFM_SP_PLATFORM_SYSTEM_RESET_SIGNAL) {
- platform_signal_handle(TFM_SP_PLATFORM_SYSTEM_RESET_SIGNAL,
- platform_sp_system_reset_ipc);
- } else if (signals & TFM_SP_PLATFORM_IOCTL_SIGNAL) {
- platform_signal_handle(TFM_SP_PLATFORM_IOCTL_SIGNAL,
- platform_sp_ioctl_ipc);
- } else if (signals & TFM_SP_PLATFORM_NV_COUNTER_SIGNAL) {
- platform_signal_handle(TFM_SP_PLATFORM_NV_COUNTER_SIGNAL,
- platform_sp_nv_counter_ipc);
- } else {
- psa_panic();
- }
+ return PSA_ERROR_HARDWARE_FAILURE;
}
-#else
- return TFM_PLATFORM_ERR_SUCCESS;
-#endif /* TFM_PSA_API */
+ return PSA_SUCCESS;
}
diff --git a/secure_fw/partitions/platform/platform_sp.h b/secure_fw/partitions/platform/platform_sp.h
index 44332dc..90a5e3d 100644
--- a/secure_fw/partitions/platform/platform_sp.h
+++ b/secure_fw/partitions/platform/platform_sp.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2022, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -17,9 +17,9 @@
/*!
* \brief Initializes the secure partition.
*
- * \return Returns values as specified by the \ref tfm_platform_err_t
+ * \return Returns values as specified by the \ref psa_status_t
*/
-enum tfm_platform_err_t platform_sp_init(void);
+psa_status_t platform_sp_init(void);
/*!
* \brief Resets the system.
@@ -28,22 +28,6 @@
*/
enum tfm_platform_err_t platform_sp_system_reset(void);
-/*!
- * \brief Performs pin services of the platform
- *
- * \param[in] in_vec Pointer to in_vec array, which contains input
- * arguments for the pin service
- * \param[in] num_invec Number of elements in in_vec array
- * \param[in,out] out_vec Pointer out_vec array, which contains output data
- * of the pin service
- * \param[in] num_outvec Number of elements in out_vec array
- *
- * \return Returns values as specified by the \ref tfm_platform_err_t
- */
-enum tfm_platform_err_t
-platform_sp_pin_service(const psa_invec *in_vec, uint32_t num_invec,
- const psa_outvec *out_vec, uint32_t num_outvec);
-
#ifdef __cplusplus
}
#endif
diff --git a/secure_fw/partitions/platform/tfm_platform.yaml b/secure_fw/partitions/platform/tfm_platform.yaml
index a0d3972..67e4952 100644
--- a/secure_fw/partitions/platform/tfm_platform.yaml
+++ b/secure_fw/partitions/platform/tfm_platform.yaml
@@ -6,34 +6,23 @@
#-------------------------------------------------------------------------------
{
- "psa_framework_version": 1.0,
+ "psa_framework_version": 1.1,
"name": "TFM_SP_PLATFORM",
"type": "PSA-ROT",
"priority": "NORMAL",
- "entry_point": "platform_sp_init",
+ "model": "SFN",
+ "entry_init": "platform_sp_init",
"stack_size": "0x0500",
"services": [
{
- "name": "TFM_SP_PLATFORM_SYSTEM_RESET",
+ "name": "TFM_PLATFORM_SERVICE",
"sid": "0x00000040",
"non_secure_clients": true,
+ "connection_based": false,
+ "stateless_handle": 6,
"minor_version": 1,
"minor_policy": "STRICT"
},
- {
- "name": "TFM_SP_PLATFORM_IOCTL",
- "sid": "0x00000041",
- "non_secure_clients": true,
- "minor_version": 1,
- "minor_policy": "STRICT"
- },
- {
- "name": "TFM_SP_PLATFORM_NV_COUNTER",
- "sid": "0x00000042",
- "non_secure_clients": true,
- "version": 1,
- "version_policy": "STRICT"
- }
],
"secure_functions": [
{
diff --git a/secure_fw/partitions/platform/tfm_platform_secure_api.c b/secure_fw/partitions/platform/tfm_platform_secure_api.c
index 0fe0c7f..abd154f 100644
--- a/secure_fw/partitions/platform/tfm_platform_secure_api.c
+++ b/secure_fw/partitions/platform/tfm_platform_secure_api.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2022, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -16,17 +16,10 @@
{
#ifdef TFM_PSA_API
psa_status_t status = PSA_ERROR_CONNECTION_REFUSED;
- psa_handle_t handle = PSA_NULL_HANDLE;
- handle = psa_connect(TFM_SP_PLATFORM_SYSTEM_RESET_SID,
- TFM_SP_PLATFORM_SYSTEM_RESET_VERSION);
- if (handle <= 0) {
- return TFM_PLATFORM_ERR_SYSTEM_ERROR;
- }
-
- status = psa_call(handle, PSA_IPC_CALL,
+ status = psa_call(TFM_PLATFORM_SERVICE_HANDLE,
+ TFM_PLATFORM_API_ID_SYSTEM_RESET,
NULL, 0, NULL, 0);
- psa_close(handle);
if (status < PSA_SUCCESS) {
return TFM_PLATFORM_ERR_SYSTEM_ERROR;
@@ -48,7 +41,6 @@
size_t inlen, outlen;
#ifdef TFM_PSA_API
psa_status_t status = PSA_ERROR_CONNECTION_REFUSED;
- psa_handle_t handle = PSA_NULL_HANDLE;
#endif /* TFM_PSA_API */
in_vec[0].base = &req;
@@ -67,16 +59,10 @@
outlen = 0;
}
#ifdef TFM_PSA_API
- handle = psa_connect(TFM_SP_PLATFORM_IOCTL_SID,
- TFM_SP_PLATFORM_IOCTL_VERSION);
- if (handle <= 0) {
- return TFM_PLATFORM_ERR_SYSTEM_ERROR;
- }
-
- status = psa_call(handle, PSA_IPC_CALL,
+ status = psa_call(TFM_PLATFORM_SERVICE_HANDLE,
+ TFM_PLATFORM_API_ID_IOCTL,
in_vec, inlen,
output, outlen);
- psa_close(handle);
if (status < PSA_SUCCESS) {
return TFM_PLATFORM_ERR_SYSTEM_ERROR;
@@ -94,7 +80,6 @@
{
#ifdef TFM_PSA_API
psa_status_t status = PSA_ERROR_CONNECTION_REFUSED;
- psa_handle_t handle = PSA_NULL_HANDLE;
#endif
struct psa_invec in_vec[1];
@@ -102,17 +87,10 @@
in_vec[0].len = sizeof(counter_id);
#ifdef TFM_PSA_API
- handle = psa_connect(TFM_SP_PLATFORM_NV_COUNTER_SID,
- TFM_SP_PLATFORM_NV_COUNTER_VERSION);
- if (handle <= 0) {
- return TFM_PLATFORM_ERR_SYSTEM_ERROR;
- }
-
- status = psa_call(handle, TFM_PLATFORM_API_ID_NV_INCREMENT,
+ status = psa_call(TFM_PLATFORM_SERVICE_HANDLE,
+ TFM_PLATFORM_API_ID_NV_INCREMENT,
in_vec, 1, (psa_outvec *)NULL, 0);
- psa_close(handle);
-
if (status < PSA_SUCCESS) {
return TFM_PLATFORM_ERR_SYSTEM_ERROR;
} else {
@@ -131,7 +109,6 @@
{
#ifdef TFM_PSA_API
psa_status_t status = PSA_ERROR_CONNECTION_REFUSED;
- psa_handle_t handle = PSA_NULL_HANDLE;
#endif
struct psa_invec in_vec[1];
struct psa_outvec out_vec[1];
@@ -143,17 +120,10 @@
out_vec[0].len = size;
#ifdef TFM_PSA_API
- handle = psa_connect(TFM_SP_PLATFORM_NV_COUNTER_SID,
- TFM_SP_PLATFORM_NV_COUNTER_VERSION);
- if (handle <= 0) {
- return TFM_PLATFORM_ERR_SYSTEM_ERROR;
- }
-
- status = psa_call(handle, TFM_PLATFORM_API_ID_NV_READ,
+ status = psa_call(TFM_PLATFORM_SERVICE_HANDLE,
+ TFM_PLATFORM_API_ID_NV_READ,
in_vec, 1, out_vec, 1);
- psa_close(handle);
-
if (status < PSA_SUCCESS) {
return TFM_PLATFORM_ERR_SYSTEM_ERROR;
} else {
diff --git a/secure_fw/partitions/protected_storage/tfm_protected_storage.yaml b/secure_fw/partitions/protected_storage/tfm_protected_storage.yaml
index de9c5a5..9d0a7fd 100644
--- a/secure_fw/partitions/protected_storage/tfm_protected_storage.yaml
+++ b/secure_fw/partitions/protected_storage/tfm_protected_storage.yaml
@@ -64,6 +64,6 @@
"dependencies": [
"TFM_CRYPTO",
"TFM_INTERNAL_TRUSTED_STORAGE_SERVICE",
- "TFM_SP_PLATFORM_NV_COUNTER"
+ "TFM_PLATFORM_SERVICE"
]
}
diff --git a/secure_fw/partitions/psa_proxy/psa_proxy.c b/secure_fw/partitions/psa_proxy/psa_proxy.c
index 78b9e99..29408f4 100644
--- a/secure_fw/partitions/psa_proxy/psa_proxy.c
+++ b/secure_fw/partitions/psa_proxy/psa_proxy.c
@@ -69,6 +69,10 @@
params.psa_call_params.handle = TFM_ATTESTATION_SERVICE_HANDLE;
params.psa_call_params.type = msg->type;
break;
+ case TFM_PLATFORM_SERVICE_SIGNAL:
+ params.psa_call_params.handle = TFM_PLATFORM_SERVICE_HANDLE;
+ params.psa_call_params.type = msg->type;
+ break;
default:
params.psa_call_params.handle = *((psa_handle_t *)msg->rhandle);
params.psa_call_params.type = PSA_IPC_CALL;
@@ -94,96 +98,15 @@
return status;
}
-static void psa_disconnect_from_secure_enclave(psa_msg_t *msg)
-{
- psa_handle_t *forward_handle_ptr = (psa_handle_t *)msg->rhandle;
- struct psa_client_params_t params;
- int32_t reply;
-
- params.psa_close_params.handle = *forward_handle_ptr;
-
- (void)tfm_ns_mailbox_client_call(MAILBOX_PSA_CLOSE, ¶ms,
- NON_SECURE_CLIENT_ID, &reply);
-
- deallocate_forward_handle(forward_handle_ptr);
-}
-
-static void get_sid_and_version_for_signal(psa_signal_t signal, uint32_t *sid,
- uint32_t *version)
-{
- switch (signal) {
- case TFM_SP_PLATFORM_SYSTEM_RESET_SIGNAL:
- *sid = TFM_SP_PLATFORM_SYSTEM_RESET_SID;
- *version = TFM_SP_PLATFORM_SYSTEM_RESET_VERSION;
- break;
- case TFM_SP_PLATFORM_IOCTL_SIGNAL:
- *sid = TFM_SP_PLATFORM_IOCTL_SID;
- *version = TFM_SP_PLATFORM_IOCTL_VERSION;
- break;
- case TFM_SP_PLATFORM_NV_COUNTER_SIGNAL:
- *sid = TFM_SP_PLATFORM_NV_COUNTER_SID;
- *version = TFM_SP_PLATFORM_NV_COUNTER_VERSION;
- break;
- default:
- psa_panic();
- break;
- }
-}
-
-static psa_status_t psa_connect_to_secure_enclave(psa_signal_t signal,
- psa_msg_t *msg)
-{
- psa_handle_t *forward_handle_ptr;
- struct psa_client_params_t params;
- int32_t ret;
-
- forward_handle_ptr = allocate_forward_handle();
-
- if (forward_handle_ptr != NULL) {
-
- get_sid_and_version_for_signal(signal, ¶ms.psa_connect_params.sid,
- ¶ms.psa_connect_params.version);
-
- /* Fixme: All messages sent with the same client id */
- ret = tfm_ns_mailbox_client_call(MAILBOX_PSA_CONNECT, ¶ms,
- NON_SECURE_CLIENT_ID,
- (int32_t *)forward_handle_ptr);
- if (ret != MAILBOX_SUCCESS) {
- *forward_handle_ptr = PSA_NULL_HANDLE;
- }
-
- if ( *forward_handle_ptr > 0) {
- psa_set_rhandle(msg->handle, (void *)forward_handle_ptr);
- return PSA_SUCCESS;
- } else {
- deallocate_forward_handle(forward_handle_ptr);
- return *forward_handle_ptr;
- }
- } else {
- return PSA_ERROR_INSUFFICIENT_MEMORY;
- }
-}
-
static void handle_signal(psa_signal_t signal)
{
psa_msg_t msg;
psa_status_t status;
status = psa_get(signal, &msg);
- switch (msg.type) {
- case PSA_IPC_CONNECT:
- status = psa_connect_to_secure_enclave(signal, &msg);
- psa_reply(msg.handle, status);
- break;
- case PSA_IPC_DISCONNECT:
- psa_disconnect_from_secure_enclave(&msg);
- psa_reply(msg.handle, PSA_SUCCESS);
- break;
- default:
- status = forward_message_to_secure_enclave(signal, &msg);
- psa_reply(msg.handle, status);
- break;
- }
+
+ status = forward_message_to_secure_enclave(signal, &msg);
+ psa_reply(msg.handle, status);
}
static psa_status_t psa_proxy_init(void)
diff --git a/secure_fw/partitions/psa_proxy/tfm_psa_proxy.yaml b/secure_fw/partitions/psa_proxy/tfm_psa_proxy.yaml
index c5fd993..af40fb9 100644
--- a/secure_fw/partitions/psa_proxy/tfm_psa_proxy.yaml
+++ b/secure_fw/partitions/psa_proxy/tfm_psa_proxy.yaml
@@ -56,30 +56,15 @@
"version_policy": "STRICT"
},
{
- "name": "TFM_SP_PLATFORM_SYSTEM_RESET",
+ "name": "TFM_PLATFORM_SERVICE",
"sid": "0x00000040",
"non_secure_clients": true,
- "connection_based": true,
+ "connection_based": false,
+ "stateless_handle": 6,
"minor_version": 1,
"minor_policy": "STRICT"
},
{
- "name": "TFM_SP_PLATFORM_IOCTL",
- "sid": "0x00000041",
- "non_secure_clients": true,
- "connection_based": true,
- "minor_version": 1,
- "minor_policy": "STRICT"
- },
- {
- "name": "TFM_SP_PLATFORM_NV_COUNTER",
- "sid": "0x00000042",
- "non_secure_clients": false,
- "connection_based": true,
- "version": 1,
- "version_policy": "STRICT"
- },
- {
"name": "TFM_PROTECTED_STORAGE_SERVICE",
"sid": "0x00000060",
"non_secure_clients": true,