commit 092aaf0d0da98834b0da319a3574edad97883f6d
author Marc Moreno Berengue <marc.morenoberengue@arm.com> Thu Jul 12 11:30:33 2018 +0100
committer Marc Moreno Berengue <marc.morenoberengue@arm.com> Wed Jul 25 09:20:09 2018 +0100
tree b41c6b155160ccf5f8d02a796ae37014bf3df71a
parent b3919763e1d832770fbc588b89dd34586e114438

SST: Add reference read PSA SST API definition

This patch adds a reference read PSA SST API definition to read asset's
data on behalf of a given client ID from a secure partition. This
function is only accessible for secure partitions with specific
permissions in the asset policy table.
This API must not be accessible from the Non-secure Processing
Environment (NSPE).
To prevent the use of this API from the NSPE, this is not implemented
in the tfm_sst_api.c to trigger a linker error in case it is referenced
in the NSPE client code. In case, the NSPE client calls directly the
veneer, the SST service will detect it and return an error accordingly.

Change-Id: If033cbd2d24237b4b29cb8e034801ec2c3b84fc8
Signed-off-by: Marc Moreno <marc.morenoberengue@arm.com>

interface/include/psa_sst_api.h

diff --git a/interface/include/psa_sst_api.h b/interface/include/psa_sst_api.h
index 4ad50d2..14944ea 100644
--- a/interface/include/psa_sst_api.h
+++ b/interface/include/psa_sst_api.h
@@ -27,7 +27,7 @@
  * PSA SST API version
  */
 #define PSA_SST_API_VERSION_MAJOR 0
-#define PSA_SST_API_VERSION_MINOR 1
+#define PSA_SST_API_VERSION_MINOR 2
 
 /* The return value is shared with the TF-M partition status value.
  * The SST return codes shouldn't overlap with predefined TFM status values.
@@ -165,6 +165,37 @@
                                 uint8_t *data);
 
 /**
+ * \brief Reads asset's data on behalf of the given client ID if the
+ *        client has reference permissions.
+ *        This function is only accessible for secure partition with specific
+ *        permissions. Hence, It must not be accessible from the Non-secure
+ *        Processing Environment (NSPE).
+ *
+ * \param[in]  client_id   Client ID which is referenced in the read
+ * \param[in]  asset_uuid  Asset UUID
+ * \param[in]  token       Must be set to NULL, reserved for future use.
+ *                         Pointer to the asset token to be used to generate
+ *                         the asset key to encrypt and decrypt the asset
+ *                         data. This is an optional parameter that has to
+ *                         be NULL in case the token is not provied.
+ * \param[in]  token_size  Must be set to 0, reserved for future use.
+ *                         Token size. In case the token is not provided
+ *                         the token size has to be 0.
+ * \param[in]  size        Size of the data to read
+ * \param[in]  offset      Offset within asset to start to read
+ * \param[out] data        Pointer to data vector to store data
+ *
+ * \return Returns error code as specified in \ref psa_sst_err_t
+ */
+enum psa_sst_err_t psa_sst_reference_read(int32_t  client_id,
+                                          uint32_t asset_uuid,
+                                          const uint8_t* token,
+                                          uint32_t token_size,
+                                          uint32_t size,
+                                          uint32_t offset,
+                                          uint8_t *data);
+
+/**
  * \brief Writes data into an asset referenced by asset UUID.
  *
  * \param[in] asset_uuid  Asset UUID