Core: PSA APIs alignment

Update PSA Client and Secure Partition APIs and some related files:
 - Add psa_panic() to indicate an internal fault in a secure partition.
 - Introduce a message type parameter to the psa_call() function which
   is delivered as part of the psa_msg_t data to the RoT Service.
 - Change 'minor version' to 'version'.
 - Add PSA_HANDLE_IS_VALID() and PSA_HANDLE_TO_ERROR() macros.
 - Move the definition of PSA_MAX_IOVEC and PSA_IPC_CALL from
   psa/service.h to psa/client.h.
 - Change the error code returned by psa_get() when the message could
   not be delivered. It now returns PSA_ERROR_DOES_NOT_EXIST.

Change-Id: Ia717f591c80484699f4f491d1ed6dbc4fd7c050f
Signed-off-by: Summer Qin <summer.qin@arm.com>
diff --git a/app/tfm_integ_test.c b/app/tfm_integ_test.c
index 5e7e722..357397e 100644
--- a/app/tfm_integ_test.c
+++ b/app/tfm_integ_test.c
@@ -59,7 +59,7 @@
         return CORE_TEST_ERRNO_INVALID_PARAMETER;
     }
 
-    status = psa_call(handle, in_vecs, in_len, out_vecs, out_len);
+    status = psa_call(handle, PSA_IPC_CALL, in_vecs, in_len, out_vecs, out_len);
     if (status < 0) {
         status = CORE_TEST_ERRNO_UNEXPECTED_CORE_BEHAVIOUR;
     }
diff --git a/interface/include/psa/client.h b/interface/include/psa/client.h
index 33e3f2d..d040834 100644
--- a/interface/include/psa/client.h
+++ b/interface/include/psa/client.h
@@ -19,17 +19,44 @@
 
 /*********************** PSA Client Macros and Types *************************/
 
-#define PSA_FRAMEWORK_VERSION  (0x0100)
+/**
+ * The version of the PSA Framework API that is being used to build the calling
+ * firmware.
+ */
+#define PSA_FRAMEWORK_VERSION       (0x0100u)
 
-#define PSA_VERSION_NONE       (0)
+/**
+ * Return value from psa_version() if the requested RoT Service is not present
+ * in the system.
+ */
+#define PSA_VERSION_NONE            (0u)
 
-/* PSA response types */
-#define PSA_CONNECTION_REFUSED (INT32_MIN + 1)
-#define PSA_CONNECTION_BUSY    (INT32_MIN + 2)
-#define PSA_DROP_CONNECTION    (INT32_MIN)
+/**
+ * The zero-value null handle can be assigned to variables used in clients and
+ * RoT Services, indicating that there is no current connection or message.
+ */
+#define PSA_NULL_HANDLE             ((psa_handle_t)0)
 
-/* PSA message handles */
-#define PSA_NULL_HANDLE        ((psa_handle_t)0)
+/**
+ * Tests whether a handle value returned by psa_connect() is valid.
+ */
+#define PSA_HANDLE_IS_VALID(handle) ((psa_handle_t)(handle) > 0)
+
+/**
+ * Converts the handle value returned from a failed call psa_connect() into
+ * an error code.
+ */
+#define PSA_HANDLE_TO_ERROR(handle) ((psa_status_t)(handle))
+
+/**
+ * Maximum number of input and output vectors for a request to psa_call().
+ */
+#define PSA_MAX_IOVEC               (4u)
+
+/**
+ * An IPC message type that indicates a generic client request.
+ */
+#define PSA_IPC_CALL                (0)
 
 typedef int32_t psa_handle_t;
 
@@ -64,15 +91,14 @@
 uint32_t psa_framework_version(void);
 
 /**
- * \brief Retrieve the minor version of an RoT Service or indicate that it is
- *        not present on this system.
+ * \brief Retrieve the version of an RoT Service or indicate that it is not
+ *        present on this system.
  *
  * \param[in] sid               ID of the RoT Service to query.
  *
  * \retval PSA_VERSION_NONE     The RoT Service is not implemented, or the
  *                              caller is not permitted to access the service.
- * \retval > 0                  The minor version of the implemented RoT
- *                              Service.
+ * \retval > 0                  The version of the implemented RoT Service.
  */
 uint32_t psa_version(uint32_t sid);
 
@@ -80,23 +106,28 @@
  * \brief Connect to an RoT Service by its SID.
  *
  * \param[in] sid               ID of the RoT Service to connect to.
- * \param[in] minor_version     Requested version of the RoT Service.
+ * \param[in] version           Requested version of the RoT Service.
  *
  * \retval > 0                  A handle for the connection.
- * \retval PSA_CONNECTION_REFUSED The SPM or RoT Service has refused the
+ * \retval PSA_ERROR_CONNECTION_REFUSED The SPM or RoT Service has refused the
  *                              connection.
- * \retval PSA_CONNECTION_BUSY  The SPM or RoT Service cannot make the
+ * \retval PSA_ERROR_CONNECTION_BUSY The SPM or RoT Service cannot make the
  *                              connection at the moment.
- * \retval "Does not return"    The RoT Service ID and version are not
- *                              supported, or the caller is not permitted to
- *                              access the service.
+ * \retval "PROGRAMMER ERROR"   The call is a PROGRAMMER ERROR if one or more
+ *                              of the following are true:
+ * \arg                           The RoT Service ID is not present.
+ * \arg                           The RoT Service version is not supported.
+ * \arg                           The caller is not allowed to access the RoT
+ *                                service.
  */
-psa_handle_t psa_connect(uint32_t sid, uint32_t minor_version);
+psa_handle_t psa_connect(uint32_t sid, uint32_t version);
 
 /**
  * \brief Call an RoT Service on an established connection.
  *
  * \param[in] handle            A handle to an established connection.
+ * \param[in] type              The reuqest type.
+ *                              Must be zero( \ ref PSA_IPC_CALL) or positive.
  * \param[in] in_vec            Array of input \ref psa_invec structures.
  * \param[in] in_len            Number of input \ref psa_invec structures.
  * \param[in/out] out_vec       Array of output \ref psa_outvec structures.
@@ -104,19 +135,18 @@
  *
  * \retval >=0                  RoT Service-specific status value.
  * \retval <0                   RoT Service-specific error code.
- * \retval PSA_DROP_CONNECTION  The connection has been dropped by the RoT
- *                              Service. This indicates that either this or
- *                              a previous message was invalid.
- * \retval "Does not return"    The call is invalid, one or more of the
- *                              following are true:
+ * \retval PSA_ERROR_PROGRAMMER_ERROR The connection has been terminated by the
+ *                              RoT Service. The call is a PROGRAMMER ERROR if
+ *                              one or more of the following are true:
  * \arg                           An invalid handle was passed.
  * \arg                           The connection is already handling a request.
+ * \arg                           type < 0.
  * \arg                           An invalid memory reference was provided.
  * \arg                           in_len + out_len > PSA_MAX_IOVEC.
  * \arg                           The message is unrecognized by the RoT
  *                                Service or incorrectly formatted.
  */
-psa_status_t psa_call(psa_handle_t handle,
+psa_status_t psa_call(psa_handle_t handle, int32_t type,
                       const psa_invec *in_vec,
                       size_t in_len,
                       psa_outvec *out_vec,
@@ -129,11 +159,12 @@
  *                              null handle.
  *
  * \retval void                 Success.
- * \retval "Does not return"    The call is invalid, one or more of the
- *                              following are true:
+ * \retval "PROGRAMMER ERROR"   The call is a PROGRAMMER ERROR if one or more
+ *                              of the following are true:
  * \arg                           An invalid handle was provided that is not
  *                                the null handle.
- * \arg                           The connection is handling a request.
+ * \arg                           The connection is currently handling a
+ *                                request.
  */
 void psa_close(psa_handle_t handle);
 
diff --git a/interface/include/psa/service.h b/interface/include/psa/service.h
index 9af3f67..94eb082 100644
--- a/interface/include/psa/service.h
+++ b/interface/include/psa/service.h
@@ -20,26 +20,31 @@
 
 /********************** PSA Secure Partition Macros and Types ****************/
 
-/* PSA wait timeouts */
+/**
+ * A timeout value that requests a polling wait operation.
+ */
 #define PSA_POLL                (0x00000000u)
+
+/**
+ * A timeout value that requests a blocking wait operation.
+ */
 #define PSA_BLOCK               (0x80000000u)
 
-/* A mask value that includes all Secure Partition signals */
-#define PSA_WAIT_ANY            (~0u)
+/**
+ * A mask value that includes all Secure Partition signals.
+ */
+#define PSA_WAIT_ANY            (0xFFFFFFFFu)
 
-/* Doorbell signal */
+/**
+ * The signal number for the Secure Partition doorbell.
+ */
 #define PSA_DOORBELL            (0x00000008u)
 
 /* PSA message types */
-#define PSA_IPC_CONNECT         (1)
-#define PSA_IPC_CALL            (2)
-#define PSA_IPC_DISCONNECT      (3)
-
-/* Maximum number of input and output vectors */
-#define PSA_MAX_IOVEC           (4)
-
-/* Return code from psa_get() */
-#define PSA_ERR_NOMSG           (INT32_MIN + 3)
+/* An IPC message type that indicates a new connection. */
+#define PSA_IPC_CONNECT         (-1)
+/* An IPC message type that indicates the end of a connection. */
+#define PSA_IPC_DISCONNECT      (-2)
 
 /* Store a set of one or more Secure Partition signals */
 typedef uint32_t psa_signal_t;
@@ -48,9 +53,9 @@
  * Describe a message received by an RoT Service after calling \ref psa_get().
  */
 typedef struct psa_msg_t {
-    uint32_t type;              /* One of the following values:
+    int32_t type;              /* One of the following values:
                                  * \ref PSA_IPC_CONNECT
-                                 * \ref PSA_IPC_CALL
+                                 * >= 0
                                  * \ref PSA_IPC_DISCONNECT
                                  */
     psa_handle_t handle;        /* A reference generated by the SPM to the
@@ -97,8 +102,8 @@
  *
  * \retval PSA_SUCCESS          Success, *msg will contain the delivered
  *                              message.
- * \retval PSA_ERR_NOMSG        Message could not be delivered.
- * \retval "Does not return"    The call is invalid because one or more of the
+ * \retval PSA_ERROR_DOES_NOT_EXIST Message could not be delivered.
+ * \retval "PROGRAMMER ERROR"   The call is invalid because one or more of the
  *                              following are true:
  * \arg                           signal has more than a single bit set.
  * \arg                           signal does not correspond to an RoT Service.
@@ -118,7 +123,7 @@
  * \retval void                 Success, rhandle will be provided with all
  *                              subsequent messages delivered on this
  *                              connection.
- * \retval "Does not return"    msg_handle is invalid.
+ * \retval "PROGRAMMER ERROR"   msg_handle is invalid.
  */
 void psa_set_rhandle(psa_handle_t msg_handle, void *rhandle);
 
@@ -137,7 +142,7 @@
  * \retval >0                   Number of bytes copied.
  * \retval 0                    There was no remaining data in this input
  *                              vector.
- * \retval "Does not return"    The call is invalid, one or more of the
+ * \retval "PROGRAMMER ERROR"   The call is invalid, one or more of the
  *                              following are true:
  * \arg                           msg_handle is invalid.
  * \arg                           msg_handle does not refer to a
@@ -162,11 +167,11 @@
  * \retval >0                   Number of bytes skipped.
  * \retval 0                    There was no remaining data in this input
  *                              vector.
- * \retval "Does not return"    The call is invalid, one or more of the
+ * \retval "PROGRAMMER ERROR"   The call is invalid, one or more of the
  *                              following are true:
  * \arg                           msg_handle is invalid.
- * \arg                           msg_handle does not refer to a
- *                                \ref PSA_IPC_CALL message.
+ * \arg                           msg_handle does not refer to a request
+ *                                message.
  * \arg                           invec_idx is equal to or greater than
  *                                \ref PSA_MAX_IOVEC.
  */
@@ -183,11 +188,11 @@
  *                              vector.
  *
  * \retval void                 Success
- * \retval "Does not return"    The call is invalid, one or more of the
+ * \retval "PROGRAMMER ERROR"   The call is invalid, one or more of the
  *                              following are true:
  * \arg                           msg_handle is invalid.
- * \arg                           msg_handle does not refer to a
- *                                \ref PSA_IPC_CALL message.
+ * \arg                           msg_handle does not refer to a request
+ *                                message.
  * \arg                           outvec_idx is equal to or greater than
  *                                \ref PSA_MAX_IOVEC.
  * \arg                           The memory reference for buffer is invalid.
@@ -205,7 +210,7 @@
  *                              client.
  *
  * \retval void                 Success.
- * \retval "Does not return"    The call is invalid, one or more of the
+ * \retval "PROGRAMMER ERROR"   The call is invalid, one or more of the
  *                              following are true:
  * \arg                         msg_handle is invalid.
  * \arg                         An invalid status code is specified for the
@@ -219,7 +224,7 @@
  * \param[in] partition_id      Secure Partition ID of the target partition.
  *
  * \retval void                 Success.
- * \retval "Does not return"    partition_id does not correspond to a Secure
+ * \retval "PROGRAMMER ERROR"   partition_id does not correspond to a Secure
  *                              Partition.
  */
 void psa_notify(int32_t partition_id);
@@ -228,7 +233,7 @@
  * \brief Clear the PSA_DOORBELL signal.
  *
  * \retval void                 Success.
- * \retval "Does not return"    The Secure Partition's doorbell signal is not
+ * \retval "PROGRAMMER ERROR"   The Secure Partition's doorbell signal is not
  *                              currently asserted.
  */
 void psa_clear(void);
@@ -239,7 +244,7 @@
  * \param[in] irq_signal        The interrupt signal that has been processed.
  *
  * \retval void                 Success.
- * \retval "Does not return"    The call is invalid, one or more of the
+ * \retval "PROGRAMMER ERROR"   The call is invalid, one or more of the
  *                              following are true:
  * \arg                           irq_signal is not an interrupt signal.
  * \arg                           irq_signal indicates more than one signal.
@@ -247,6 +252,14 @@
  */
 void psa_eoi(psa_signal_t irq_signal);
 
+/**
+ * \brief Terminate execution within the calling Secure Partition and will not
+ *        return.
+ *
+ * \retval "Does not return"
+ */
+void psa_panic(void);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/interface/include/tfm_api.h b/interface/include/tfm_api.h
index 5a56ec7..650fe52 100644
--- a/interface/include/tfm_api.h
+++ b/interface/include/tfm_api.h
@@ -35,9 +35,6 @@
  */
 #define TFM_CLIENT_ID_IS_NS(client_id) ((client_id)<0)
 
-/* Maximum number of input and output vectors */
-#define PSA_MAX_IOVEC    (4)
-
 /* The mask used for timeout values */
 #define PSA_TIMEOUT_MASK        PSA_BLOCK
 
@@ -102,22 +99,24 @@
  * \brief Connect to secure function
  *
  * \param[in]  sid              ID of secure service
- * \param[in]  minor_version    Minor version of SF requested by client
+ * \param[in]  version          Version of SF requested by client
  *
  * \return Returns handle to connection
  */
-psa_handle_t tfm_psa_connect_veneer(uint32_t sid, uint32_t minor_version);
+psa_handle_t tfm_psa_connect_veneer(uint32_t sid, uint32_t version);
 
 /**
  * \brief Call a secure function referenced by a connection handle
  *
  * \param[in]  handle   Handle to connection
+ * \param[in]  type     The reuqest type. Must be zero(PSA_IPC_CALL) or
+ *                      positive.
  * \param[in]  in_vecs  invec containing pointer/count of input vectors
  * \param[in]  out_vecs invec containing pointer/count of output vectors
  *
  * \return Returns \ref psa_status_t status code
  */
-psa_status_t tfm_psa_call_veneer(psa_handle_t handle,
+psa_status_t tfm_psa_call_veneer(psa_handle_t handle, int32_t type,
                                  const psa_invec *in_vecs,
                                  const psa_invec *out_vecs);
 
diff --git a/interface/src/tfm_crypto_api.c b/interface/src/tfm_crypto_api.c
index 400e123..554cdb5 100644
--- a/interface/src/tfm_crypto_api.c
+++ b/interface/src/tfm_crypto_api.c
@@ -32,12 +32,12 @@
 #define PSA_CLOSE() psa_close(ipc_handle)
 
 #define API_DISPATCH(sfn_name, sfn_id)                          \
-    psa_call(ipc_handle, /*PSA_IPC_CALL,*/                      \
+    psa_call(ipc_handle, PSA_IPC_CALL,                          \
         in_vec, ARRAY_SIZE(in_vec),                             \
         out_vec, ARRAY_SIZE(out_vec))
 
 #define API_DISPATCH_NO_OUTVEC(sfn_name, sfn_id)                \
-    psa_call(ipc_handle, /*PSA_IPC_CALL,*/                      \
+    psa_call(ipc_handle, PSA_IPC_CALL,                          \
         in_vec, ARRAY_SIZE(in_vec),                             \
         (psa_outvec *)NULL, 0)
 #else
@@ -1061,7 +1061,7 @@
     if (additional_data == NULL) {
         in_len--;
     }
-    status = psa_call(ipc_handle, in_vec, in_len,
+    status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len,
                       out_vec, ARRAY_SIZE(out_vec));
 #else
     status = API_DISPATCH(tfm_crypto_aead_encrypt,
@@ -1131,7 +1131,7 @@
     if (additional_data == NULL) {
         in_len--;
     }
-    status = psa_call(ipc_handle, in_vec, in_len,
+    status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len,
                       out_vec, ARRAY_SIZE(out_vec));
 #else
     status = API_DISPATCH(tfm_crypto_aead_decrypt,
@@ -1260,7 +1260,7 @@
     if (salt == NULL) {
         in_len--;
     }
-    status = psa_call(ipc_handle, in_vec, in_len,
+    status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len,
                       out_vec, ARRAY_SIZE(out_vec));
 #else
     status = API_DISPATCH(tfm_crypto_asymmetric_encrypt,
@@ -1317,7 +1317,7 @@
     if (salt == NULL) {
         in_len--;
     }
-    status = psa_call(ipc_handle, in_vec, in_len,
+    status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len,
                       out_vec, ARRAY_SIZE(out_vec));
 #else
     status = API_DISPATCH(tfm_crypto_asymmetric_decrypt,
@@ -1503,7 +1503,7 @@
             in_len--;
         }
     }
-    status = psa_call(ipc_handle, in_vec, in_len,
+    status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len,
                       out_vec, ARRAY_SIZE(out_vec));
 #else
     status = API_DISPATCH(tfm_crypto_key_derivation,
@@ -1622,7 +1622,7 @@
         in_len--;
     }
 
-    status = psa_call(ipc_handle, in_vec, in_len, NULL, 0);
+    status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len, NULL, 0);
 #else
     status = API_DISPATCH_NO_OUTVEC(tfm_crypto_generate_key,
                                     TFM_CRYPTO_GENERATE_KEY);
diff --git a/interface/src/tfm_initial_attestation_api.c b/interface/src/tfm_initial_attestation_api.c
index 0f6377e..1bcce05 100644
--- a/interface/src/tfm_initial_attestation_api.c
+++ b/interface/src/tfm_initial_attestation_api.c
@@ -41,7 +41,7 @@
         return PSA_ATTEST_ERR_GENERAL;
     }
 
-    status = psa_call(handle,
+    status = psa_call(handle, PSA_IPC_CALL,
                       in_vec, IOVEC_LEN(in_vec),
                       out_vec, IOVEC_LEN(out_vec));
     psa_close(handle);
@@ -91,7 +91,7 @@
         return PSA_ATTEST_ERR_GENERAL;
     }
 
-    status = psa_call(handle,
+    status = psa_call(handle, PSA_IPC_CALL,
                       in_vec, IOVEC_LEN(in_vec),
                       out_vec, IOVEC_LEN(out_vec));
     psa_close(handle);
diff --git a/interface/src/tfm_psa_ns_api.c b/interface/src/tfm_psa_ns_api.c
index 1c83084..5fb5de3 100644
--- a/interface/src/tfm_psa_ns_api.c
+++ b/interface/src/tfm_psa_ns_api.c
@@ -31,17 +31,17 @@
                                 0);
 }
 
-psa_handle_t psa_connect(uint32_t sid, uint32_t minor_version)
+psa_handle_t psa_connect(uint32_t sid, uint32_t version)
 {
     return tfm_ns_interface_dispatch(
                                 (veneer_fn)tfm_psa_connect_veneer,
                                 sid,
-                                minor_version,
+                                version,
                                 0,
                                 0);
 }
 
-psa_status_t psa_call(psa_handle_t handle,
+psa_status_t psa_call(psa_handle_t handle, int32_t type,
                       const psa_invec *in_vec,
                       size_t in_len,
                       psa_outvec *out_vec,
@@ -63,9 +63,9 @@
     return tfm_ns_interface_dispatch(
                                 (veneer_fn)tfm_psa_call_veneer,
                                 (uint32_t)handle,
+                                (uint32_t)type,
                                 (uint32_t)&in_vecs,
-                                (uint32_t)&out_vecs,
-                                0);
+                                (uint32_t)&out_vecs);
 }
 
 void psa_close(psa_handle_t handle)
diff --git a/interface/src/tfm_sst_api.c b/interface/src/tfm_sst_api.c
index 2722c67..c7796d0 100644
--- a/interface/src/tfm_sst_api.c
+++ b/interface/src/tfm_sst_api.c
@@ -44,7 +44,7 @@
         return PSA_PS_ERROR_OPERATION_FAILED;
     }
 
-    status = psa_call(handle, in_vec, IOVEC_LEN(in_vec), out_vec,
+    status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
                       IOVEC_LEN(out_vec));
 
     psa_close(handle);
@@ -92,7 +92,7 @@
         return PSA_PS_ERROR_OPERATION_FAILED;
     }
 
-    status = psa_call(handle, in_vec, IOVEC_LEN(in_vec), out_vec,
+    status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
                       IOVEC_LEN(out_vec));
 
     psa_close(handle);
@@ -137,7 +137,7 @@
         return PSA_PS_ERROR_OPERATION_FAILED;
     }
 
-    status = psa_call(handle, in_vec, IOVEC_LEN(in_vec), out_vec,
+    status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
                       IOVEC_LEN(out_vec));
 
     psa_close(handle);
@@ -181,7 +181,7 @@
         return PSA_PS_ERROR_OPERATION_FAILED;
     }
 
-    status = psa_call(handle, in_vec, IOVEC_LEN(in_vec), out_vec,
+    status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
                       IOVEC_LEN(out_vec));
 
     psa_close(handle);
@@ -247,7 +247,7 @@
         return support_flags;
     }
 
-    (void)psa_call(handle, NULL, 0, out_vec, IOVEC_LEN(out_vec));
+    (void)psa_call(handle, PSA_IPC_CALL, NULL, 0, out_vec, IOVEC_LEN(out_vec));
 
     psa_close(handle);
 #else
diff --git a/secure_fw/core/ipc/include/tfm_svcalls.h b/secure_fw/core/ipc/include/tfm_svcalls.h
index 97c506b..371895a 100644
--- a/secure_fw/core/ipc/include/tfm_svcalls.h
+++ b/secure_fw/core/ipc/include/tfm_svcalls.h
@@ -41,9 +41,9 @@
  *                              Or from secure client.
  *
  * \retval > 0                  A handle for the connection.
- * \retval PSA_CONNECTION_REFUSED The SPM or RoT Service has refused the
+ * \retval PSA_ERROR_CONNECTION_REFUSED The SPM or RoT Service has refused the
  *                              connection.
- * \retval PSA_CONNECTION_BUSY  The SPM or RoT Service cannot make the
+ * \retval PSA_ERROR_CONNECTION_BUSY The SPM or RoT Service cannot make the
  *                              connection at the moment.
  * \retval "Does not return"    The RoT Service ID and version are not
  *                              supported, or the caller is not permitted to
@@ -62,13 +62,12 @@
  *
  * \retval >=0                  RoT Service-specific status value.
  * \retval <0                   RoT Service-specific error code.
- * \retval PSA_DROP_CONNECTION  The connection has been dropped by the RoT
- *                              Service. This indicates that either this or
- *                              a previous message was invalid.
- * \retval "Does not return"    The call is invalid, one or more of the
- *                              following are true:
+ * \retval PSA_ERROR_PROGRAMMER_ERROR The connection has been terminated by the
+ *                              RoT Service. The call is a PROGRAMMER ERROR if
+ *                              one or more of the following are true:
  * \arg                           An invalid handle was passed.
  * \arg                           The connection is already handling a request.
+ * \arg                           type < 0.
  * \arg                           An invalid memory reference was provided.
  * \arg                           in_len + out_len > PSA_MAX_IOVEC.
  * \arg                           The message is unrecognized by the RoT
diff --git a/secure_fw/core/ipc/psa_client.c b/secure_fw/core/ipc/psa_client.c
index 040d596..6a696e3 100644
--- a/secure_fw/core/ipc/psa_client.c
+++ b/secure_fw/core/ipc/psa_client.c
@@ -27,7 +27,7 @@
 }
 
 __attribute__((naked, section("SFN")))
-psa_handle_t psa_connect(uint32_t sid, uint32_t minor_version)
+psa_handle_t psa_connect(uint32_t sid, uint32_t version)
 {
     __ASM volatile("SVC %0           \n"
                    "BX LR            \n"
@@ -36,6 +36,7 @@
 
 __attribute__((naked, section("SFN")))
 psa_status_t psa_call(psa_handle_t handle,
+                      int32_t type,
                       const psa_invec *in_vec,
                       size_t in_len,
                       psa_outvec *out_vec,
diff --git a/secure_fw/core/ipc/tfm_svcalls.c b/secure_fw/core/ipc/tfm_svcalls.c
index d03b7dc..447a9f7 100644
--- a/secure_fw/core/ipc/tfm_svcalls.c
+++ b/secure_fw/core/ipc/tfm_svcalls.c
@@ -88,7 +88,7 @@
      */
     connect_handle = tfm_spm_create_conn_handle(service);
     if (connect_handle == PSA_NULL_HANDLE) {
-        return PSA_CONNECTION_BUSY;
+        return PSA_ERROR_CONNECTION_BUSY;
     }
 
     /*
@@ -112,7 +112,7 @@
                              ns_caller, NULL, 0, NULL, 0, NULL);
     if (!msg) {
         /* Have no enough resource to create message */
-        return PSA_CONNECTION_BUSY;
+        return PSA_ERROR_CONNECTION_BUSY;
     }
 
     /*
@@ -121,7 +121,7 @@
      */
     tfm_spm_send_event(service, msg);
 
-    return PSA_CONNECTION_BUSY;
+    return PSA_ERROR_CONNECTION_BUSY;
 }
 
 psa_status_t tfm_svcall_psa_call(uint32_t *args, int32_t ns_caller, uint32_t lr)
@@ -135,10 +135,15 @@
     int i;
     struct tfm_spm_ipc_partition_t *partition = NULL;
     uint32_t privileged;
+    int32_t type;
 
     TFM_ASSERT(args != NULL);
     handle = (psa_handle_t)args[0];
+    type = (int32_t)args[1];
 
+    if (type < 0) {
+        tfm_panic();
+    }
     partition = tfm_spm_get_running_partition();
     if (!partition) {
         tfm_panic();
@@ -146,29 +151,31 @@
     privileged = tfm_spm_partition_get_privileged_mode(partition->index);
 
     if (!ns_caller) {
-        inptr = (psa_invec *)args[1];
-        in_num = (size_t)args[2];
-        outptr = (psa_outvec *)args[3];
+        inptr = (psa_invec *)args[2];
+        in_num = (size_t)args[3];
         /*
-         * 5th parameter is pushed at stack top before SVC, then PE hardware
-         * stacks the execution context. The size of the context depends on
-         * various settings:
-         * - if FP is not used, 5th parameter is at 8th position counting
-         *   from SP;
-         * - if FP is used and FPCCR_S.TS is 0, 5th parameter is at 26th
+         * 5th and 6th parameter is pushed at stack top before SVC, then PE
+         * hardware stacks the execution context. The size of the context
+         * depends on various settings:
+         * - if FP is not used, 5th and 6th parameters are at 8th and 9th
          *   position counting from SP;
-         * - if FP is used and FPCCR_S.TS is 1, 5th parameter is at 42th
-         *   position counting from SP.
+         * - if FP is used and FPCCR_S.TS is 0, 5th and 6th parameters are at
+         *   26th and 27th position counting from SP;
+         * - if FP is used and FPCCR_S.TS is 1, 5th and 6th parameters are at
+         *   42th and 43th position counting from SP.
          */
-         if (lr & EXC_RETURN_FPU_FRAME_BASIC) {
-            out_num = (size_t)args[8];
+        if (lr & EXC_RETURN_FPU_FRAME_BASIC) {
+            outptr = (psa_outvec *)args[8];
+            out_num = (size_t)args[9];
 #if defined (__FPU_USED) && (__FPU_USED == 1U)
-         } else if (FPU->FPCCR & FPU_FPCCR_TS_Msk) {
-            out_num = (size_t)args[42];
+        } else if (FPU->FPCCR & FPU_FPCCR_TS_Msk) {
+            outptr = (psa_outvec *)args[42];
+            out_num = (size_t)args[43];
 #endif
-         } else {
-            out_num = (size_t)args[26];
-         }
+        } else {
+            outptr = (psa_outvec *)args[26];
+            out_num = (size_t)args[27];
+        }
     } else {
         /*
          * FixMe: From non-secure caller, vec and len are composed into a new
@@ -178,19 +185,19 @@
          * Read parameters from the arguments. It is a fatal error if the
          * memory reference for buffer is invalid or not readable.
          */
-        if (tfm_memory_check((void *)args[1], sizeof(uint32_t),
-            ns_caller, TFM_MEMORY_ACCESS_RO, privileged) != IPC_SUCCESS) {
-            tfm_panic();
-        }
         if (tfm_memory_check((void *)args[2], sizeof(uint32_t),
             ns_caller, TFM_MEMORY_ACCESS_RO, privileged) != IPC_SUCCESS) {
             tfm_panic();
         }
+        if (tfm_memory_check((void *)args[3], sizeof(uint32_t),
+            ns_caller, TFM_MEMORY_ACCESS_RO, privileged) != IPC_SUCCESS) {
+            tfm_panic();
+        }
 
-        inptr = (psa_invec *)((psa_invec *)args[1])->base;
-        in_num = ((psa_invec *)args[1])->len;
-        outptr = (psa_outvec *)((psa_invec *)args[2])->base;
-        out_num = ((psa_invec *)args[2])->len;
+        inptr = (psa_invec *)((psa_invec *)args[2])->base;
+        in_num = ((psa_invec *)args[2])->len;
+        outptr = (psa_outvec *)((psa_invec *)args[3])->base;
+        out_num = ((psa_invec *)args[3])->len;
     }
 
     /* It is a fatal error if in_len + out_len > PSA_MAX_IOVEC. */
@@ -372,7 +379,7 @@
  *
  * \retval PSA_SUCCESS          Success, *msg will contain the delivered
  *                              message.
- * \retval PSA_ERR_NOMSG        Message could not be delivered.
+ * \retval PSA_ERROR_DOES_NOT_EXIST Message could not be delivered.
  * \retval "Does not return"    The call is invalid because one or more of the
  *                              following are true:
  * \arg                           signal has more than a single bit set.
@@ -445,7 +452,7 @@
 
     tmp_msg = tfm_msg_dequeue(&service->msg_queue);
     if (!tmp_msg) {
-        return PSA_ERR_NOMSG;
+        return PSA_ERROR_DOES_NOT_EXIST;
     }
 
     tfm_memcpy(msg, &tmp_msg->msg, sizeof(psa_msg_t));
@@ -817,10 +824,10 @@
             if (msg->msg.rhandle) {
                 tfm_spm_set_rhandle(service, msg->handle, msg->msg.rhandle);
             }
-        } else if (status == PSA_CONNECTION_REFUSED) {
-            ret = PSA_CONNECTION_REFUSED;
-        } else if (status == PSA_CONNECTION_BUSY) {
-            ret = PSA_CONNECTION_BUSY;
+        } else if (status == PSA_ERROR_CONNECTION_REFUSED) {
+            ret = PSA_ERROR_CONNECTION_REFUSED;
+        } else if (status == PSA_ERROR_CONNECTION_BUSY) {
+            ret = PSA_ERROR_CONNECTION_BUSY;
         } else {
             tfm_panic();
         }
@@ -829,8 +836,6 @@
         /* Reply to PSA_IPC_CALL message. Return values are based on status */
         if (status == PSA_SUCCESS) {
             ret = PSA_SUCCESS;
-        } else if (status == PSA_DROP_CONNECTION) {
-            ret = PSA_DROP_CONNECTION;
         } else if ((status >= (INT32_MIN + 1)) &&
                    (status <= (INT32_MIN + 127))) {
             tfm_panic();
@@ -1162,7 +1167,7 @@
 
     default:
         LOG_MSG("Unknown SVC number requested!");
-        return PSA_DROP_CONNECTION;
+        return PSA_ERROR_GENERIC_ERROR;
     }
     return PSA_SUCCESS;
 }
diff --git a/secure_fw/ns_callable/tfm_psa_api_veneers.c b/secure_fw/ns_callable/tfm_psa_api_veneers.c
index 420d0c4..55f5d52 100644
--- a/secure_fw/ns_callable/tfm_psa_api_veneers.c
+++ b/secure_fw/ns_callable/tfm_psa_api_veneers.c
@@ -91,19 +91,18 @@
 }
 
 __tfm_secure_gateway_attributes__
-psa_handle_t tfm_psa_connect_veneer(uint32_t sid, uint32_t minor_version)
+psa_handle_t tfm_psa_connect_veneer(uint32_t sid, uint32_t version)
 {
-    TFM_CORE_NS_IPC_REQUEST_VENEER(tfm_svcall_psa_connect, sid,
-                                   minor_version, 0, 0);
+    TFM_CORE_NS_IPC_REQUEST_VENEER(tfm_svcall_psa_connect, sid, version, 0, 0);
 }
 
 __tfm_secure_gateway_attributes__
-psa_status_t tfm_psa_call_veneer(psa_handle_t handle,
+psa_status_t tfm_psa_call_veneer(psa_handle_t handle, int32_t type,
                                  const psa_invec *in_vecs,
                                  const psa_invec *out_vecs)
 {
-    TFM_CORE_NS_IPC_REQUEST_VENEER(tfm_svcall_psa_call, handle, in_vecs,
-                                   out_vecs, 0);
+    TFM_CORE_NS_IPC_REQUEST_VENEER(tfm_svcall_psa_call, handle, type, in_vecs,
+                                   out_vecs);
 }
 
 __tfm_secure_gateway_attributes__
diff --git a/secure_fw/services/crypto/crypto_aead.c b/secure_fw/services/crypto/crypto_aead.c
index f8fa055..383b0eb 100644
--- a/secure_fw/services/crypto/crypto_aead.c
+++ b/secure_fw/services/crypto/crypto_aead.c
@@ -8,7 +8,7 @@
 #include <stddef.h>
 #include <stdint.h>
 
-/* FixMe: Use PSA_CONNECTION_REFUSED when performing parameter
+/* FixMe: Use PSA_ERROR_CONNECTION_REFUSED when performing parameter
  *        integrity checks but this will have to be revised
  *        when the full set of error codes mandated by PSA FF
  *        is available.
@@ -32,11 +32,11 @@
     psa_status_t status = PSA_SUCCESS;
 
     if ( !((in_len == 2) || (in_len == 3)) || (out_len != 1)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
     const struct tfm_crypto_aead_pack_input *aead_pack_input = &iov->aead_in;
@@ -80,11 +80,11 @@
     psa_status_t status = PSA_SUCCESS;
 
     if ( !((in_len == 2) || (in_len == 3)) || (out_len > 1)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
     const struct tfm_crypto_aead_pack_input *aead_pack_input = &iov->aead_in;
diff --git a/secure_fw/services/crypto/crypto_asymmetric.c b/secure_fw/services/crypto/crypto_asymmetric.c
index 57c7f92..a2d48c9 100644
--- a/secure_fw/services/crypto/crypto_asymmetric.c
+++ b/secure_fw/services/crypto/crypto_asymmetric.c
@@ -8,7 +8,7 @@
 #include <stddef.h>
 #include <stdint.h>
 
-/* FixMe: Use PSA_CONNECTION_REFUSED when performing parameter
+/* FixMe: Use PSA_ERROR_CONNECTION_REFUSED when performing parameter
  *        integrity checks but this will have to be revised
  *        when the full set of error codes mandated by PSA FF
  *        is available.
@@ -30,11 +30,11 @@
                                         size_t out_len)
 {
     if ((in_len != 2) || (out_len != 1)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
 
@@ -60,11 +60,11 @@
                                           size_t out_len)
 {
     if ((in_len != 3) || (out_len != 0)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
 
@@ -92,11 +92,11 @@
     psa_status_t status;
 
     if (!((in_len == 2) || (in_len == 3)) || (out_len != 1)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
 
@@ -142,11 +142,11 @@
                                            size_t out_len)
 {
     if (!((in_len == 2) || (in_len == 3)) || (out_len != 1)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
 
diff --git a/secure_fw/services/crypto/crypto_cipher.c b/secure_fw/services/crypto/crypto_cipher.c
index 590b457..466cbfe 100644
--- a/secure_fw/services/crypto/crypto_cipher.c
+++ b/secure_fw/services/crypto/crypto_cipher.c
@@ -8,7 +8,7 @@
 #include <stddef.h>
 #include <stdint.h>
 
-/* FixMe: Use PSA_CONNECTION_REFUSED when performing parameter
+/* FixMe: Use PSA_ERROR_CONNECTION_REFUSED when performing parameter
  *        integrity checks but this will have to be revised
  *        when the full set of error codes mandated by PSA FF
  *        is available.
@@ -33,12 +33,12 @@
     psa_cipher_operation_t *operation = NULL;
 
     if ((in_len != 1) || (out_len != 2)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
         (out_vec[0].len != sizeof(uint32_t))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
@@ -79,12 +79,12 @@
     psa_cipher_operation_t *operation = NULL;
 
     if ((in_len != 2) || (out_len != 1)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
         (out_vec[0].len != sizeof(uint32_t))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
     uint32_t handle = iov->op_handle;
@@ -122,12 +122,12 @@
     psa_cipher_operation_t *operation = NULL;
 
     if ((in_len != 1) || (out_len != 1)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((out_vec[0].len != sizeof(uint32_t)) ||
         (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
     uint32_t handle = iov->op_handle;
@@ -169,12 +169,12 @@
     psa_cipher_operation_t *operation = NULL;
 
     if ((in_len != 1) || (out_len != 1)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((out_vec[0].len != sizeof(uint32_t)) ||
         (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
     uint32_t handle = iov->op_handle;
@@ -216,12 +216,12 @@
     psa_cipher_operation_t *operation = NULL;
 
     if ((in_len != 2) || (out_len != 2)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
         (out_vec[0].len != sizeof(uint32_t))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
     uint32_t handle = iov->op_handle;
@@ -265,12 +265,12 @@
     psa_cipher_operation_t *operation = NULL;
 
     if ((in_len != 1) || (out_len != 2)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
         (out_vec[0].len != sizeof(uint32_t))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
     uint32_t handle = iov->op_handle;
@@ -313,12 +313,12 @@
     psa_cipher_operation_t *operation = NULL;
 
     if ((in_len != 1) || (out_len != 1)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
         (out_vec[0].len != sizeof(uint32_t))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
     uint32_t handle = iov->op_handle;
diff --git a/secure_fw/services/crypto/crypto_generator.c b/secure_fw/services/crypto/crypto_generator.c
index bb79de9..b2102e1 100644
--- a/secure_fw/services/crypto/crypto_generator.c
+++ b/secure_fw/services/crypto/crypto_generator.c
@@ -8,7 +8,7 @@
 #include <stddef.h>
 #include <stdint.h>
 
-/* FixMe: Use PSA_CONNECTION_REFUSED when performing parameter
+/* FixMe: Use PSA_ERROR_CONNECTION_REFUSED when performing parameter
  *        integrity checks but this will have to be revised
  *        when the full set of error codes mandated by PSA FF
  *        is available.
@@ -31,12 +31,12 @@
 {
     psa_status_t status;
     if ((in_len != 1) || (out_len != 1)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
         (out_vec[0].len != sizeof(size_t))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
 
@@ -63,11 +63,11 @@
 {
     psa_status_t status;
     if ((in_len != 1) || (out_len != 1)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
 
@@ -94,12 +94,12 @@
 {
     psa_status_t status;
     if ((in_len != 2) || (out_len != 0)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
         (in_vec[1].len != sizeof(size_t))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
 
@@ -132,12 +132,12 @@
 {
     psa_status_t status;
     if ((in_len != 1) || (out_len != 1)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
         (out_vec[0].len != sizeof(uint32_t))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
 
@@ -178,12 +178,12 @@
 {
     psa_status_t status;
     if (!((in_len == 1) || (in_len == 2) || (in_len == 3)) || (out_len != 1)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
         (out_vec[0].len != sizeof(uint32_t))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
 
@@ -240,12 +240,12 @@
 {
     psa_status_t status;
     if ((in_len != 2) || (out_len != 1)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
         (out_vec[0].len != sizeof(uint32_t))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
 
@@ -288,11 +288,11 @@
                                         size_t out_len)
 {
     if ((in_len != 1) || (out_len != 1)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     uint8_t *output = out_vec[0].base;
     size_t output_size = out_vec[0].len;
@@ -306,12 +306,12 @@
                                      size_t out_len)
 {
     if (!((in_len == 2) || (in_len == 3)) || (out_len != 0)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
         (in_vec[1].len != sizeof(size_t))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
     psa_key_handle_t key_handle = iov->key_handle;
diff --git a/secure_fw/services/crypto/crypto_hash.c b/secure_fw/services/crypto/crypto_hash.c
index 911227d..25577ee 100644
--- a/secure_fw/services/crypto/crypto_hash.c
+++ b/secure_fw/services/crypto/crypto_hash.c
@@ -8,7 +8,7 @@
 #include <stddef.h>
 #include <stdint.h>
 
-/* FixMe: Use PSA_CONNECTION_REFUSED when performing parameter
+/* FixMe: Use PSA_ERROR_CONNECTION_REFUSED when performing parameter
  *        integrity checks but this will have to be revised
  *        when the full set of error codes mandated by PSA FF
  *        is available.
@@ -33,12 +33,12 @@
     psa_hash_operation_t *operation = NULL;
 
     if ((in_len != 1) || (out_len != 1)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((out_vec[0].len != sizeof(uint32_t)) ||
         (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
     uint32_t handle = iov->op_handle;
@@ -77,12 +77,12 @@
     psa_hash_operation_t *operation = NULL;
 
     if ((in_len != 2) || (out_len != 1)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
         (out_vec[0].len != sizeof(uint32_t))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
     uint32_t handle = iov->op_handle;
@@ -120,12 +120,12 @@
     psa_hash_operation_t *operation = NULL;
 
     if ((in_len != 1) || (out_len != 2)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
         (out_vec[0].len != sizeof(uint32_t))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
     uint32_t handle = iov->op_handle;
@@ -168,12 +168,12 @@
     psa_hash_operation_t *operation = NULL;
 
     if ((in_len != 2) || (out_len != 1)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
         (out_vec[0].len != sizeof(uint32_t))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
     uint32_t handle = iov->op_handle;
@@ -213,12 +213,12 @@
     psa_hash_operation_t *operation = NULL;
 
     if ((in_len != 1) || (out_len != 1)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
         (out_vec[0].len != sizeof(uint32_t))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
     uint32_t handle = iov->op_handle;
@@ -258,12 +258,12 @@
     psa_hash_operation_t *target_operation = NULL;
 
     if ((in_len != 1) || (out_len != 1)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
         (out_vec[0].len != sizeof(uint32_t))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
     uint32_t source_handle = iov->op_handle;
diff --git a/secure_fw/services/crypto/crypto_key.c b/secure_fw/services/crypto/crypto_key.c
index 65a72b7..66718e1 100644
--- a/secure_fw/services/crypto/crypto_key.c
+++ b/secure_fw/services/crypto/crypto_key.c
@@ -8,7 +8,7 @@
 #include <stddef.h>
 #include <stdint.h>
 
-/* FixMe: Use PSA_CONNECTION_REFUSED when performing parameter
+/* FixMe: Use PSA_ERROR_CONNECTION_REFUSED when performing parameter
  *        integrity checks but this will have to be revised
  *        when the full set of error codes mandated by PSA FF
  *        is available.
@@ -70,12 +70,12 @@
                                      size_t out_len)
 {
     if ((in_len != 1) || (out_len != 1)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
         (out_vec[0].len != sizeof(psa_key_handle_t))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     psa_key_handle_t *key_handle = out_vec[0].base;
@@ -119,11 +119,11 @@
     (void)out_vec;
 
     if ((in_len != 2) || (out_len != 0)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
 
@@ -148,11 +148,11 @@
     (void)out_vec;
 
     if ((in_len != 1) || (out_len != 0)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
 
@@ -181,13 +181,13 @@
                                             size_t out_len)
 {
     if ((in_len != 1) || (out_len != 2)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
         (out_vec[0].len != sizeof(psa_key_type_t)) ||
         (out_vec[1].len != sizeof(size_t))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
 
@@ -204,11 +204,11 @@
                                    size_t out_len)
 {
     if ((in_len != 1) || (out_len != 1)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
 
@@ -225,11 +225,11 @@
                                           size_t out_len)
 {
     if ((in_len != 1) || (out_len != 1)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
 
@@ -248,13 +248,13 @@
     (void)out_vec;
 
     if ((in_len != 3) || (out_len != 0)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
         (in_vec[1].len != sizeof(psa_key_handle_t)) ||
         (in_vec[2].len != sizeof(psa_key_policy_t))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
 
@@ -273,12 +273,12 @@
     (void)out_vec;
 
     if ((in_len != 2) || (out_len != 0)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
         (in_vec[1].len != sizeof(psa_key_policy_t))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
 
@@ -299,12 +299,12 @@
                                        size_t out_len)
 {
     if ((in_len != 1) || (out_len != 1)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
         (out_vec[0].len != sizeof(psa_key_policy_t))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
 
@@ -320,12 +320,12 @@
                                          size_t out_len)
 {
     if ((in_len != 1) || (out_len != 1)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
         (out_vec[0].len != sizeof(psa_key_lifetime_t))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
 
diff --git a/secure_fw/services/crypto/crypto_mac.c b/secure_fw/services/crypto/crypto_mac.c
index 788cfe1..16e996f 100644
--- a/secure_fw/services/crypto/crypto_mac.c
+++ b/secure_fw/services/crypto/crypto_mac.c
@@ -8,7 +8,7 @@
 #include <stddef.h>
 #include <stdint.h>
 
-/* FixMe: Use PSA_CONNECTION_REFUSED when performing parameter
+/* FixMe: Use PSA_ERROR_CONNECTION_REFUSED when performing parameter
  *        integrity checks but this will have to be revised
  *        when the full set of error codes mandated by PSA FF
  *        is available.
@@ -33,12 +33,12 @@
     psa_mac_operation_t *operation = NULL;
 
     if ((in_len != 1) || (out_len != 1)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((out_vec[0].len != sizeof(uint32_t)) ||
         (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
     uint32_t handle = iov->op_handle;
@@ -83,12 +83,12 @@
     psa_mac_operation_t *operation = NULL;
 
     if ((in_len != 1) || (out_len != 1)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((out_vec[0].len != sizeof(uint32_t)) ||
         (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
     uint32_t handle = iov->op_handle;
@@ -133,12 +133,12 @@
     psa_mac_operation_t *operation = NULL;
 
     if ((in_len != 2) || (out_len != 1)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
         (out_vec[0].len != sizeof(uint32_t))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
     uint32_t handle = iov->op_handle;
@@ -176,12 +176,12 @@
     psa_mac_operation_t *operation = NULL;
 
     if ((in_len != 1) || (out_len != 2)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
         (out_vec[0].len != sizeof(uint32_t))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
     uint32_t handle = iov->op_handle;
@@ -224,12 +224,12 @@
     psa_mac_operation_t *operation = NULL;
 
     if ((in_len != 2) || (out_len != 1)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
         (out_vec[0].len != sizeof(uint32_t))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
     uint32_t handle = iov->op_handle;
@@ -269,12 +269,12 @@
     psa_mac_operation_t *operation = NULL;
 
     if ((in_len != 1) || (out_len != 1)) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
         (out_vec[0].len != sizeof(uint32_t))) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
     uint32_t handle = iov->op_handle;
diff --git a/secure_fw/services/crypto/tfm_crypto_secure_api.c b/secure_fw/services/crypto/tfm_crypto_secure_api.c
index 01be810..af6e5a3 100644
--- a/secure_fw/services/crypto/tfm_crypto_secure_api.c
+++ b/secure_fw/services/crypto/tfm_crypto_secure_api.c
@@ -31,12 +31,12 @@
 #define PSA_CLOSE() psa_close(ipc_handle)
 
 #define API_DISPATCH(sfn_name, sfn_id)                         \
-    psa_call(ipc_handle, /*PSA_IPC_CALL,*/                     \
+    psa_call(ipc_handle, PSA_IPC_CALL,                         \
         in_vec, ARRAY_SIZE(in_vec),                            \
         out_vec, ARRAY_SIZE(out_vec))
 
 #define API_DISPATCH_NO_OUTVEC(sfn_name, sfn_id)               \
-    psa_call(ipc_handle, /*PSA_IPC_CALL,*/                     \
+    psa_call(ipc_handle, PSA_IPC_CALL,                         \
         in_vec, ARRAY_SIZE(in_vec),                            \
         (psa_outvec *)NULL, 0)
 #else
@@ -1097,7 +1097,7 @@
     if (additional_data == NULL) {
         in_len--;
     }
-    status = psa_call(ipc_handle, in_vec, in_len,
+    status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len,
                       out_vec, ARRAY_SIZE(out_vec));
 #else
     status = API_DISPATCH(tfm_crypto_aead_encrypt,
@@ -1168,7 +1168,7 @@
     if (additional_data == NULL) {
         in_len--;
     }
-    status = psa_call(ipc_handle, in_vec, in_len,
+    status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len,
                       out_vec, ARRAY_SIZE(out_vec));
 #else
     status = API_DISPATCH(tfm_crypto_aead_decrypt,
@@ -1300,7 +1300,7 @@
     if (salt == NULL) {
         in_len--;
     }
-    status = psa_call(ipc_handle, in_vec, in_len,
+    status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len,
                       out_vec, ARRAY_SIZE(out_vec));
 #else
     status = API_DISPATCH(tfm_crypto_asymmetric_encrypt,
@@ -1358,7 +1358,7 @@
     if (salt == NULL) {
         in_len--;
     }
-    status = psa_call(ipc_handle, in_vec, in_len,
+    status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len,
                       out_vec, ARRAY_SIZE(out_vec));
 #else
     status = API_DISPATCH(tfm_crypto_asymmetric_decrypt,
@@ -1549,7 +1549,7 @@
             in_len--;
         }
     }
-    status = psa_call(ipc_handle, in_vec, in_len,
+    status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len,
                       out_vec, ARRAY_SIZE(out_vec));
 #else
     status = API_DISPATCH(tfm_crypto_key_derivation,
@@ -1671,7 +1671,7 @@
         in_len--;
     }
 
-    status = psa_call(ipc_handle, in_vec, in_len, NULL, 0);
+    status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len, NULL, 0);
 #else
     status = API_DISPATCH_NO_OUTVEC(tfm_crypto_generate_key,
                                     TFM_CRYPTO_GENERATE_KEY);
diff --git a/secure_fw/services/initial_attestation/tfm_attestation_secure_api.c b/secure_fw/services/initial_attestation/tfm_attestation_secure_api.c
index 282698c..794311a 100644
--- a/secure_fw/services/initial_attestation/tfm_attestation_secure_api.c
+++ b/secure_fw/services/initial_attestation/tfm_attestation_secure_api.c
@@ -54,7 +54,7 @@
         return PSA_ATTEST_ERR_GENERAL;
     }
 
-    status = psa_call(handle,
+    status = psa_call(handle, PSA_IPC_CALL,
                       in_vec, IOVEC_LEN(in_vec),
                       out_vec, IOVEC_LEN(out_vec));
     psa_close(handle);
@@ -134,7 +134,7 @@
         return PSA_ATTEST_ERR_GENERAL;
     }
 
-    status = psa_call(handle,
+    status = psa_call(handle, PSA_IPC_CALL,
                       in_vec, IOVEC_LEN(in_vec),
                       out_vec, IOVEC_LEN(out_vec));
     psa_close(handle);
diff --git a/secure_fw/services/secure_storage/tfm_sst_req_mngr.c b/secure_fw/services/secure_storage/tfm_sst_req_mngr.c
index 87d4e76..0f7d49b 100644
--- a/secure_fw/services/secure_storage/tfm_sst_req_mngr.c
+++ b/secure_fw/services/secure_storage/tfm_sst_req_mngr.c
@@ -33,13 +33,14 @@
  *       function call, as calls to the Crypto service are required for
  *       initialisation.
  *
- * \return PSA_SUCCESS if SST is initialised, PSA_CONNECTION_REFUSED otherwise.
+ * \return PSA_SUCCESS if SST is initialised, PSA_ERROR_CONNECTION_REFUSED
+ *         otherwise.
  */
 static psa_status_t sst_check_init(void)
 {
     if (!sst_is_init) {
         if (tfm_sst_init() != PSA_PS_SUCCESS) {
-            return PSA_CONNECTION_REFUSED;
+            return PSA_ERROR_CONNECTION_REFUSED;
         }
         sst_is_init = true;
     }
@@ -59,17 +60,17 @@
     psa_ps_status_t *err;
 
     if (sst_check_init() != PSA_SUCCESS) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_len != 3) || (out_len != 1)) {
         /* The number of arguments are incorrect */
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if (in_vec[0].len != sizeof(psa_ps_uid_t)) {
         /* The input argument size is incorrect */
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     uid = *((psa_ps_uid_t *)in_vec[0].base);
@@ -79,14 +80,14 @@
 
     if (in_vec[2].len != sizeof(psa_ps_create_flags_t)) {
         /* The input argument size is incorrect */
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     create_flags = *(psa_ps_create_flags_t *)in_vec[2].base;
 
     if (out_vec[0].len != sizeof(psa_ps_status_t)) {
         /* The output argument size is incorrect */
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     err = (psa_ps_status_t *)out_vec[0].base;
@@ -94,7 +95,7 @@
     /* Get the caller's client ID */
     status = tfm_core_get_caller_client_id(&client_id);
     if (status != (int32_t)TFM_SUCCESS) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     *err = tfm_sst_set(client_id, uid, data_length, p_data, create_flags);
@@ -114,31 +115,31 @@
     psa_ps_status_t *err;
 
     if (sst_check_init() != PSA_SUCCESS) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_len != 2) || (out_len != 2)) {
         /* The number of arguments are incorrect */
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if (in_vec[0].len != sizeof(psa_ps_uid_t)) {
         /* The input argument size is incorrect */
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     uid = *((psa_ps_uid_t *)in_vec[0].base);
 
     if (in_vec[1].len != sizeof(data_offset)) {
         /* The input argument size is incorrect */
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     data_offset = *(uint32_t *)in_vec[1].base;
 
     if (out_vec[0].len != sizeof(psa_ps_status_t)) {
         /* The output argument size is incorrect */
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     err = (psa_ps_status_t *)out_vec[0].base;
@@ -149,7 +150,7 @@
     /* Get the caller's client ID */
     status = tfm_core_get_caller_client_id(&client_id);
     if (status != (int32_t)TFM_SUCCESS) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     *err = tfm_sst_get(client_id, uid, data_offset, data_length, p_data);
@@ -168,31 +169,31 @@
     psa_ps_status_t *err;
 
     if (sst_check_init() != PSA_SUCCESS) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_len != 1) || (out_len != 2)) {
         /* The number of arguments are incorrect */
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if (in_vec[0].len != sizeof(psa_ps_uid_t)) {
         /* The input argument size is incorrect */
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     uid = *((psa_ps_uid_t *)in_vec[0].base);
 
     if (out_vec[0].len != sizeof(psa_ps_status_t)) {
         /* The output argument size is incorrect */
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     err = (psa_ps_status_t *)out_vec[0].base;
 
     if (out_vec[1].len != sizeof(struct psa_ps_info_t)) {
         /* The output argument size is incorrect */
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     p_info = (struct psa_ps_info_t *)out_vec[1].base;
@@ -200,7 +201,7 @@
     /* Get the caller's client ID */
     status = tfm_core_get_caller_client_id(&client_id);
     if (status != (int32_t)TFM_SUCCESS) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     *err = tfm_sst_get_info(client_id, uid, p_info);
@@ -217,24 +218,24 @@
     psa_ps_status_t *err;
 
     if (sst_check_init() != PSA_SUCCESS) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_len != 1) || (out_len != 1)) {
         /* The number of arguments are incorrect */
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if (in_vec[0].len != sizeof(psa_ps_uid_t)) {
         /* The input argument size is incorrect */
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     uid = *((psa_ps_uid_t *)in_vec[0].base);
 
     if (out_vec[0].len != sizeof(psa_ps_status_t)) {
         /* The output argument size is incorrect */
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     err = (psa_ps_status_t *)out_vec[0].base;
@@ -242,7 +243,7 @@
     /* Get the caller's client ID */
     status = tfm_core_get_caller_client_id(&client_id);
     if (status != (int32_t)TFM_SUCCESS) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     *err = tfm_sst_remove(client_id, uid);
@@ -258,17 +259,17 @@
     (void)in_vec;
 
     if (sst_check_init() != PSA_SUCCESS) {
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if ((in_len != 0) || (out_len != 1)) {
         /* The number of arguments are incorrect */
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     if (out_vec[0].len != sizeof(*support_flags)) {
         /* The output argument size is incorrect */
-        return PSA_CONNECTION_REFUSED;
+        return PSA_ERROR_CONNECTION_REFUSED;
     }
 
     support_flags = (uint32_t *)out_vec[0].base;
diff --git a/secure_fw/services/secure_storage/tfm_sst_secure_api.c b/secure_fw/services/secure_storage/tfm_sst_secure_api.c
index a5afc36..f7832ad 100644
--- a/secure_fw/services/secure_storage/tfm_sst_secure_api.c
+++ b/secure_fw/services/secure_storage/tfm_sst_secure_api.c
@@ -43,7 +43,7 @@
         return PSA_PS_ERROR_OPERATION_FAILED;
     }
 
-    status = psa_call(handle, in_vec, IOVEC_LEN(in_vec), out_vec,
+    status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
                       IOVEC_LEN(out_vec));
 
     psa_close(handle);
@@ -90,7 +90,7 @@
         return PSA_PS_ERROR_OPERATION_FAILED;
     }
 
-    status = psa_call(handle, in_vec, IOVEC_LEN(in_vec), out_vec,
+    status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
                       IOVEC_LEN(out_vec));
 
     psa_close(handle);
@@ -133,7 +133,7 @@
         return PSA_PS_ERROR_OPERATION_FAILED;
     }
 
-    status = psa_call(handle, in_vec, IOVEC_LEN(in_vec), out_vec,
+    status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
                       IOVEC_LEN(out_vec));
 
     psa_close(handle);
@@ -176,7 +176,7 @@
         return PSA_PS_ERROR_OPERATION_FAILED;
     }
 
-    status = psa_call(handle, in_vec, IOVEC_LEN(in_vec), out_vec,
+    status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
                       IOVEC_LEN(out_vec));
 
     psa_close(handle);
@@ -243,7 +243,7 @@
         return support_flags;
     }
 
-    (void)psa_call(handle, NULL, 0, out_vec, IOVEC_LEN(out_vec));
+    (void)psa_call(handle, PSA_IPC_CALL, NULL, 0, out_vec, IOVEC_LEN(out_vec));
 
     psa_close(handle);
 #else
diff --git a/test/suites/core/non_secure/core_ns_positive_testsuite.c b/test/suites/core/non_secure/core_ns_positive_testsuite.c
index 571bd22..34a721c 100644
--- a/test/suites/core/non_secure/core_ns_positive_testsuite.c
+++ b/test/suites/core/non_secure/core_ns_positive_testsuite.c
@@ -122,7 +122,7 @@
         return CORE_TEST_ERRNO_INVALID_PARAMETER;
     }
 
-    status = psa_call(handle, in_vecs, in_len, out_vecs, out_len);
+    status = psa_call(handle, PSA_IPC_CALL, in_vecs, in_len, out_vecs, out_len);
     if (status < 0) {
         status = CORE_TEST_ERRNO_UNEXPECTED_CORE_BEHAVIOUR;
     }
diff --git a/test/suites/ipc/non_secure/ipc_ns_interface_testsuite.c b/test/suites/ipc/non_secure/ipc_ns_interface_testsuite.c
index fb9bc3d..a1bc5df 100644
--- a/test/suites/ipc/non_secure/ipc_ns_interface_testsuite.c
+++ b/test/suites/ipc/non_secure/ipc_ns_interface_testsuite.c
@@ -148,12 +148,9 @@
     TEST_LOG("TFM service support minor version is %d.\r\n", min_version);
     handle = psa_connect(IPC_SERVICE_TEST_BASIC_SID,
                          IPC_SERVICE_TEST_BASIC_VERSION);
-    status = psa_call(handle, invecs, 2, outvecs, 2);
+    status = psa_call(handle, PSA_IPC_CALL, invecs, 2, outvecs, 2);
     if (status >= 0) {
         TEST_LOG("psa_call is successful!\r\n");
-    } else if (status == PSA_DROP_CONNECTION) {
-        TEST_FAIL("The connection has been dropped by the RoT Service!\r\n");
-        return;
     } else {
         TEST_FAIL("psa_call is failed!\r\n");
         return;
@@ -185,7 +182,7 @@
         return;
     }
 
-    status = psa_call(handle, NULL, 0, outvecs, 1);
+    status = psa_call(handle, PSA_IPC_CALL, NULL, 0, outvecs, 1);
     if (status >= 0) {
         TEST_LOG("Call success!");
         if (test_result > 0) {
@@ -222,7 +219,7 @@
         return;
     }
 
-    status = psa_call(handle, NULL, 0, outvecs, 1);
+    status = psa_call(handle, PSA_IPC_CALL, NULL, 0, outvecs, 1);
     if (status >= 0) {
         TEST_LOG("Call success!");
         if (test_result > 0) {
@@ -259,7 +256,7 @@
         return;
     }
 
-    psa_call(handle, NULL, 0, outvecs, 1);
+    psa_call(handle, PSA_IPC_CALL, NULL, 0, outvecs, 1);
 
     /* The system should panic in psa_call. If runs here, the test fails. */
     ret->val = TEST_FAILED;
@@ -288,7 +285,7 @@
         return;
     }
 
-    psa_call(handle, NULL, 0, outvecs, 1);
+    psa_call(handle, PSA_IPC_CALL, NULL, 0, outvecs, 1);
 
     /* The system should panic in psa_call. If runs here, the test fails. */
     ret->val = TEST_FAILED;
@@ -317,7 +314,7 @@
         return;
     }
 
-    psa_call(handle, NULL, 0, outvecs, 1);
+    psa_call(handle, PSA_IPC_CALL, NULL, 0, outvecs, 1);
 
     /* The system should panic in psa_call. If runs here, the test fails. */
     ret->val = TEST_FAILED;
diff --git a/test/test_services/tfm_core_test/tfm_ss_core_test.c b/test/test_services/tfm_core_test/tfm_ss_core_test.c
index 0e146fd..8e74559 100644
--- a/test/test_services/tfm_core_test/tfm_ss_core_test.c
+++ b/test/test_services/tfm_core_test/tfm_ss_core_test.c
@@ -53,7 +53,7 @@
         return CORE_TEST_ERRNO_INVALID_PARAMETER;
     }
 
-    status = psa_call(handle, in_vecs, in_len, out_vecs, out_len);
+    status = psa_call(handle, PSA_IPC_CALL, in_vecs, in_len, out_vecs, out_len);
     if (status < 0) {
         status = CORE_TEST_ERRNO_UNEXPECTED_CORE_BEHAVIOUR;
     }
diff --git a/test/test_services/tfm_ipc_client/tfm_ipc_client_test.c b/test/test_services/tfm_ipc_client/tfm_ipc_client_test.c
index f486592..fbe4210 100644
--- a/test/test_services/tfm_ipc_client/tfm_ipc_client_test.c
+++ b/test/test_services/tfm_ipc_client/tfm_ipc_client_test.c
@@ -55,7 +55,7 @@
         return IPC_SP_TEST_FAILED;
     }
 
-    status = psa_call(handle, invecs, 1, NULL, 0);
+    status = psa_call(handle, PSA_IPC_CALL, invecs, 1, NULL, 0);
 
     /* The system should panic before here. */
     psa_close(handle);
@@ -79,7 +79,7 @@
         return result;
     }
 
-    status = psa_call(handle, invecs, 1, NULL, 0);
+    status = psa_call(handle, PSA_IPC_CALL, invecs, 1, NULL, 0);
 
     if ((client_data == 'B') && (status >= 0)) {
         result = IPC_SP_TEST_SUCCESS;
@@ -108,7 +108,7 @@
         return result;
     }
 
-    status = psa_call(handle, invecs, 2, outvecs, 2);
+    status = psa_call(handle, PSA_IPC_CALL, invecs, 2, outvecs, 2);
     if (status >= 0) {
         result = IPC_SP_TEST_SUCCESS;
     }
@@ -132,7 +132,7 @@
         return IPC_SP_TEST_FAILED;
     }
 
-    status = psa_call(handle, NULL, 0, outvecs, 1);
+    status = psa_call(handle, PSA_IPC_CALL, NULL, 0, outvecs, 1);
     if (status >= 0) {
         /*
          * outvecs should contain the pointer pointed to ipc service parition
@@ -166,7 +166,7 @@
         return IPC_SP_TEST_FAILED;
     }
 
-    status = psa_call(handle, NULL, 0, outvecs, 1);
+    status = psa_call(handle, PSA_IPC_CALL, NULL, 0, outvecs, 1);
     if (status >= 0) {
         /*
          * outvecs should contain the pointer pointed to ipc service parition
@@ -178,7 +178,7 @@
         if (psa_data_p) {
             invecs[0].base = psa_data_p;
             invecs[0].len = sizeof(psa_data_p);
-            psa_call(handle, invecs, 1, NULL, 0);
+            psa_call(handle, PSA_IPC_CALL, invecs, 1, NULL, 0);
         }
     }
 
@@ -197,7 +197,7 @@
     switch (msg.type) {
     case PSA_IPC_CONNECT:
         if (service_in_use & signals) {
-            r = PSA_CONNECTION_REFUSED;
+            r = PSA_ERROR_CONNECTION_REFUSED;
         } else {
             service_in_use |= signals;
             r = PSA_SUCCESS;
diff --git a/test/test_services/tfm_ipc_service/tfm_ipc_service_test.c b/test/test_services/tfm_ipc_service/tfm_ipc_service_test.c
index d1935df..16950c9 100644
--- a/test/test_services/tfm_ipc_service/tfm_ipc_service_test.c
+++ b/test/test_services/tfm_ipc_service/tfm_ipc_service_test.c
@@ -46,7 +46,7 @@
     switch (msg.type) {
     case PSA_IPC_CONNECT:
         if (service_in_use & IPC_SERVICE_TEST_BASIC_SIGNAL) {
-            r = PSA_CONNECTION_REFUSED;
+            r = PSA_ERROR_CONNECTION_REFUSED;
         } else {
             service_in_use |= IPC_SERVICE_TEST_BASIC_SIGNAL;
             r = PSA_SUCCESS;
@@ -87,7 +87,7 @@
     switch (msg.type) {
     case PSA_IPC_CONNECT:
         if (service_in_use & IPC_SERVICE_TEST_PSA_ACCESS_APP_MEM_SIGNAL) {
-            r = PSA_CONNECTION_REFUSED;
+            r = PSA_ERROR_CONNECTION_REFUSED;
         } else {
             service_in_use |= IPC_SERVICE_TEST_PSA_ACCESS_APP_MEM_SIGNAL;
             r = PSA_SUCCESS;
@@ -139,7 +139,7 @@
     case PSA_IPC_CONNECT:
         if (service_in_use &
             IPC_SERVICE_TEST_PSA_ACCESS_APP_READ_ONLY_MEM_SIGNAL) {
-            r = PSA_CONNECTION_REFUSED;
+            r = PSA_ERROR_CONNECTION_REFUSED;
         } else {
             service_in_use |=
                           IPC_SERVICE_TEST_PSA_ACCESS_APP_READ_ONLY_MEM_SIGNAL;
@@ -194,7 +194,7 @@
     switch (msg.type) {
     case PSA_IPC_CONNECT:
         if (service_in_use & IPC_SERVICE_TEST_APP_ACCESS_PSA_MEM_SIGNAL) {
-            r = PSA_CONNECTION_REFUSED;
+            r = PSA_ERROR_CONNECTION_REFUSED;
         } else {
             service_in_use |= IPC_SERVICE_TEST_APP_ACCESS_PSA_MEM_SIGNAL;
             r = PSA_SUCCESS;
diff --git a/test/test_services/tfm_secure_client_service/tfm_secure_client_service_api.c b/test/test_services/tfm_secure_client_service/tfm_secure_client_service_api.c
index ff6af34..0dda69f 100644
--- a/test/test_services/tfm_secure_client_service/tfm_secure_client_service_api.c
+++ b/test/test_services/tfm_secure_client_service/tfm_secure_client_service_api.c
@@ -26,7 +26,7 @@
         return TFM_ERROR_GENERIC;
     }
 
-    status = psa_call(handle, NULL, 0, NULL, 0);
+    status = psa_call(handle, PSA_IPC_CALL, NULL, 0, NULL, 0);
     psa_close(handle);
 
     if (status != PSA_SUCCESS) {