ITS: Implement ITS Services with static handle
Change Internal Trusted Storage services to one stateless service.
Change-Id: I92cad72e85255cf4970f314681e4c871f171b72f
Signed-off-by: Shawn Shan <Shawn.Shan@arm.com>
diff --git a/interface/include/tfm_its_defs.h b/interface/include/tfm_its_defs.h
index 852f8f4..a6591b1 100644
--- a/interface/include/tfm_its_defs.h
+++ b/interface/include/tfm_its_defs.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -15,6 +15,12 @@
/* Invalid UID */
#define TFM_ITS_INVALID_UID 0
+/* ITS message types that distinguish ITS services. */
+#define TFM_ITS_SET 1001
+#define TFM_ITS_GET 1002
+#define TFM_ITS_GET_INFO 1003
+#define TFM_ITS_REMOVE 1004
+
#ifdef __cplusplus
}
#endif
diff --git a/interface/src/tfm_its_ipc_api.c b/interface/src/tfm_its_ipc_api.c
index 543b88f..a52197b 100644
--- a/interface/src/tfm_its_ipc_api.c
+++ b/interface/src/tfm_its_ipc_api.c
@@ -9,6 +9,7 @@
#include "psa/internal_trusted_storage.h"
#include "psa_manifest/sid.h"
#include "tfm_api.h"
+#include "tfm_its_defs.h"
psa_status_t psa_its_set(psa_storage_uid_t uid,
size_t data_length,
@@ -16,7 +17,6 @@
psa_storage_create_flags_t create_flags)
{
psa_status_t status;
- psa_handle_t handle;
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) },
@@ -24,14 +24,8 @@
{ .base = &create_flags, .len = sizeof(create_flags) }
};
- handle = psa_connect(TFM_ITS_SET_SID, TFM_ITS_SET_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_ERROR_GENERIC_ERROR;
- }
-
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), NULL, 0);
-
- psa_close(handle);
+ status = psa_call(TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE, TFM_ITS_SET,
+ in_vec, IOVEC_LEN(in_vec), NULL, 0);
return status;
}
@@ -43,7 +37,6 @@
size_t *p_data_length)
{
psa_status_t status;
- psa_handle_t handle;
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) },
@@ -58,15 +51,8 @@
return PSA_ERROR_INVALID_ARGUMENT;
}
- handle = psa_connect(TFM_ITS_GET_SID, TFM_ITS_GET_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_ERROR_GENERIC_ERROR;
- }
-
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
- IOVEC_LEN(out_vec));
-
- psa_close(handle);
+ status = psa_call(TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE, TFM_ITS_GET,
+ in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
*p_data_length = out_vec[0].len;
@@ -77,7 +63,6 @@
struct psa_storage_info_t *p_info)
{
psa_status_t status;
- psa_handle_t handle;
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) }
@@ -87,36 +72,23 @@
{ .base = p_info, .len = sizeof(*p_info) }
};
- handle = psa_connect(TFM_ITS_GET_INFO_SID, TFM_ITS_GET_INFO_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_ERROR_GENERIC_ERROR;
- }
-
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
+ status = psa_call(TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE,
+ TFM_ITS_GET_INFO, in_vec, IOVEC_LEN(in_vec), out_vec,
IOVEC_LEN(out_vec));
- psa_close(handle);
-
return status;
}
psa_status_t psa_its_remove(psa_storage_uid_t uid)
{
psa_status_t status;
- psa_handle_t handle;
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) }
};
- handle = psa_connect(TFM_ITS_REMOVE_SID, TFM_ITS_REMOVE_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_ERROR_GENERIC_ERROR;
- }
-
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), NULL, 0);
-
- psa_close(handle);
+ status = psa_call(TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE,
+ TFM_ITS_REMOVE, in_vec, IOVEC_LEN(in_vec), NULL, 0);
return status;
}
diff --git a/secure_fw/partitions/crypto/tfm_crypto.yaml b/secure_fw/partitions/crypto/tfm_crypto.yaml
index 740745f..980849a 100644
--- a/secure_fw/partitions/crypto/tfm_crypto.yaml
+++ b/secure_fw/partitions/crypto/tfm_crypto.yaml
@@ -482,9 +482,6 @@
},
],
"dependencies": [
- "TFM_ITS_SET",
- "TFM_ITS_GET",
- "TFM_ITS_GET_INFO",
- "TFM_ITS_REMOVE",
+ "TFM_INTERNAL_TRUSTED_STORAGE_SERVICE"
]
}
diff --git a/secure_fw/partitions/internal_trusted_storage/tfm_internal_trusted_storage.yaml b/secure_fw/partitions/internal_trusted_storage/tfm_internal_trusted_storage.yaml
index 3af1aef..5907370 100644
--- a/secure_fw/partitions/internal_trusted_storage/tfm_internal_trusted_storage.yaml
+++ b/secure_fw/partitions/internal_trusted_storage/tfm_internal_trusted_storage.yaml
@@ -1,15 +1,16 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2019-2020, Arm Limited. All rights reserved.
+# Copyright (c) 2019-2021, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
#-------------------------------------------------------------------------------
{
- "psa_framework_version": 1.0,
+ "psa_framework_version": 1.1,
"name": "TFM_SP_ITS",
"type": "PSA-ROT",
"priority": "NORMAL",
+ "model": "IPC",
"entry_point": "tfm_its_req_mngr_init",
"stack_size": "0x680",
"secure_functions": [
@@ -42,33 +43,15 @@
"version_policy": "STRICT"
}
],
- "services" : [{
- "name": "TFM_ITS_SET",
- "sid": "0x00000070",
- "non_secure_clients": true,
- "version": 1,
- "version_policy": "STRICT"
- },
- {
- "name": "TFM_ITS_GET",
- "sid": "0x00000071",
- "non_secure_clients": true,
- "version": 1,
- "version_policy": "STRICT"
- },
- {
- "name": "TFM_ITS_GET_INFO",
- "sid": "0x00000072",
- "non_secure_clients": true,
- "version": 1,
- "version_policy": "STRICT"
- },
- {
- "name": "TFM_ITS_REMOVE",
- "sid": "0x00000073",
- "non_secure_clients": true,
- "version": 1,
- "version_policy": "STRICT"
- }
+ "services" : [
+ {
+ "name": "TFM_INTERNAL_TRUSTED_STORAGE_SERVICE",
+ "sid": "0x00000070",
+ "non_secure_clients": true,
+ "connection_based": false,
+ "stateless_handle": 3,
+ "version": 1,
+ "version_policy": "STRICT"
+ }
]
}
diff --git a/secure_fw/partitions/internal_trusted_storage/tfm_its_req_mngr.c b/secure_fw/partitions/internal_trusted_storage/tfm_its_req_mngr.c
index e844a5d..1c05331 100644
--- a/secure_fw/partitions/internal_trusted_storage/tfm_its_req_mngr.c
+++ b/secure_fw/partitions/internal_trusted_storage/tfm_its_req_mngr.c
@@ -16,6 +16,7 @@
#ifdef TFM_PSA_API
#include "psa/service.h"
#include "psa_manifest/tfm_internal_trusted_storage.h"
+#include "tfm_its_defs.h"
#else
#include <stdbool.h>
#include "tfm_secure_api.h"
@@ -284,7 +285,7 @@
return tfm_its_remove(msg.client_id, uid);
}
-static void its_signal_handle(psa_signal_t signal, its_func_t pfn)
+static void its_signal_handle(psa_signal_t signal)
{
psa_status_t status;
@@ -294,15 +295,21 @@
}
switch (msg.type) {
- case PSA_IPC_CONNECT:
- psa_reply(msg.handle, PSA_SUCCESS);
- break;
- case PSA_IPC_CALL:
- status = pfn();
+ case TFM_ITS_SET:
+ status = tfm_its_set_ipc();
psa_reply(msg.handle, status);
break;
- case PSA_IPC_DISCONNECT:
- psa_reply(msg.handle, PSA_SUCCESS);
+ case TFM_ITS_GET:
+ status = tfm_its_get_ipc();
+ psa_reply(msg.handle, status);
+ break;
+ case TFM_ITS_GET_INFO:
+ status = tfm_its_get_info_ipc();
+ psa_reply(msg.handle, status);
+ break;
+ case TFM_ITS_REMOVE:
+ status = tfm_its_remove_ipc();
+ psa_reply(msg.handle, status);
break;
default:
psa_panic();
@@ -321,14 +328,8 @@
while (1) {
signals = psa_wait(PSA_WAIT_ANY, PSA_BLOCK);
- if (signals & TFM_ITS_SET_SIGNAL) {
- its_signal_handle(TFM_ITS_SET_SIGNAL, tfm_its_set_ipc);
- } else if (signals & TFM_ITS_GET_SIGNAL) {
- its_signal_handle(TFM_ITS_GET_SIGNAL, tfm_its_get_ipc);
- } else if (signals & TFM_ITS_GET_INFO_SIGNAL) {
- its_signal_handle(TFM_ITS_GET_INFO_SIGNAL, tfm_its_get_info_ipc);
- } else if (signals & TFM_ITS_REMOVE_SIGNAL) {
- its_signal_handle(TFM_ITS_REMOVE_SIGNAL, tfm_its_remove_ipc);
+ if (signals & TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_SIGNAL) {
+ its_signal_handle(TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_SIGNAL);
} else {
psa_panic();
}
diff --git a/secure_fw/partitions/internal_trusted_storage/tfm_its_secure_api.c b/secure_fw/partitions/internal_trusted_storage/tfm_its_secure_api.c
index 491d16d..cbe7270 100644
--- a/secure_fw/partitions/internal_trusted_storage/tfm_its_secure_api.c
+++ b/secure_fw/partitions/internal_trusted_storage/tfm_its_secure_api.c
@@ -12,6 +12,7 @@
#ifdef TFM_PSA_API
#include "psa/client.h"
#include "psa_manifest/sid.h"
+#include "tfm_its_defs.h"
#else
#include "tfm_veneers.h"
#endif
@@ -22,9 +23,6 @@
psa_storage_create_flags_t create_flags)
{
psa_status_t status;
-#ifdef TFM_PSA_API
- psa_handle_t handle;
-#endif
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) },
@@ -33,14 +31,10 @@
};
#ifdef TFM_PSA_API
- handle = psa_connect(TFM_ITS_SET_SID, TFM_ITS_SET_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_ERROR_GENERIC_ERROR;
- }
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), NULL, 0);
+ status = psa_call(TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE, TFM_ITS_SET,
+ in_vec, IOVEC_LEN(in_vec), NULL, 0);
- psa_close(handle);
#else
status = tfm_its_set_req_veneer(in_vec, IOVEC_LEN(in_vec), NULL, 0);
@@ -65,9 +59,6 @@
size_t *p_data_length)
{
psa_status_t status;
-#ifdef TFM_PSA_API
- psa_handle_t handle;
-#endif
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) },
@@ -83,15 +74,10 @@
}
#ifdef TFM_PSA_API
- handle = psa_connect(TFM_ITS_GET_SID, TFM_ITS_GET_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_ERROR_GENERIC_ERROR;
- }
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
- IOVEC_LEN(out_vec));
+ status = psa_call(TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE, TFM_ITS_GET,
+ in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
- psa_close(handle);
#else
status = tfm_its_get_req_veneer(in_vec, IOVEC_LEN(in_vec),
out_vec, IOVEC_LEN(out_vec));
@@ -116,9 +102,6 @@
struct psa_storage_info_t *p_info)
{
psa_status_t status;
-#ifdef TFM_PSA_API
- psa_handle_t handle;
-#endif
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) }
@@ -129,15 +112,11 @@
};
#ifdef TFM_PSA_API
- handle = psa_connect(TFM_ITS_GET_INFO_SID, TFM_ITS_GET_INFO_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_ERROR_GENERIC_ERROR;
- }
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
+ status = psa_call(TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE,
+ TFM_ITS_GET_INFO, in_vec, IOVEC_LEN(in_vec), out_vec,
IOVEC_LEN(out_vec));
- psa_close(handle);
#else
status = tfm_its_get_info_req_veneer(in_vec, IOVEC_LEN(in_vec),
out_vec, IOVEC_LEN(out_vec));
@@ -158,23 +137,15 @@
psa_status_t psa_its_remove(psa_storage_uid_t uid)
{
psa_status_t status;
-#ifdef TFM_PSA_API
- psa_handle_t handle;
-#endif
psa_invec in_vec[] = {
{ .base = &uid, .len = sizeof(uid) }
};
#ifdef TFM_PSA_API
- handle = psa_connect(TFM_ITS_REMOVE_SID, TFM_ITS_REMOVE_VERSION);
- if (!PSA_HANDLE_IS_VALID(handle)) {
- return PSA_ERROR_GENERIC_ERROR;
- }
- status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), NULL, 0);
-
- psa_close(handle);
+ status = psa_call(TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE,
+ TFM_ITS_REMOVE, in_vec, IOVEC_LEN(in_vec), NULL, 0);
#else
status = tfm_its_remove_req_veneer(in_vec, IOVEC_LEN(in_vec), NULL, 0);
diff --git a/secure_fw/partitions/protected_storage/tfm_protected_storage.yaml b/secure_fw/partitions/protected_storage/tfm_protected_storage.yaml
index 1444944..8d71688 100644
--- a/secure_fw/partitions/protected_storage/tfm_protected_storage.yaml
+++ b/secure_fw/partitions/protected_storage/tfm_protected_storage.yaml
@@ -63,10 +63,7 @@
],
"dependencies": [
"TFM_CRYPTO",
- "TFM_ITS_SET",
- "TFM_ITS_GET",
- "TFM_ITS_GET_INFO",
- "TFM_ITS_REMOVE",
+ "TFM_INTERNAL_TRUSTED_STORAGE_SERVICE",
"TFM_SP_PLATFORM_NV_COUNTER"
]
}