HAL: Replace the 'idx' input param with 'privileged'
In tfm_spm_hal_configure_default_isolation(), a partition index
is passed in to query the partition privilege. Change to pass
in privilege directly instead of the partition index.
Change-Id: Id046431cc8e224a94e83a71564ba2843fabf8ed7
Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
diff --git a/docs/technical_references/tfm_physical_attack_mitigation.rst b/docs/technical_references/tfm_physical_attack_mitigation.rst
index 4c0f20a..ee0734e 100644
--- a/docs/technical_references/tfm_physical_attack_mitigation.rst
+++ b/docs/technical_references/tfm_physical_attack_mitigation.rst
@@ -394,7 +394,7 @@
enum tfm_hal_status_t tfm_hal_set_up_static_boundaries(void);
enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
- uint32_t partition_idx,
+ bool privileged,
const struct platform_data_t *platform_data);
enum tfm_hal_status_t tfm_hal_mpu_update_partition_boundary(uintptr_t start,
uintptr_t end);
diff --git a/platform/ext/target/arm/mps2/an519/spm_hal.c b/platform/ext/target/arm/mps2/an519/spm_hal.c
index 02cd47a..c192152 100644
--- a/platform/ext/target/arm/mps2/an519/spm_hal.c
+++ b/platform/ext/target/arm/mps2/an519/spm_hal.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -22,11 +22,9 @@
extern const struct memory_region_limits memory_regions;
enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
- uint32_t partition_idx,
+ bool privileged,
const struct platform_data_t *platform_data)
{
- bool privileged = tfm_is_partition_privileged(partition_idx);
-
if (!platform_data) {
return TFM_PLAT_ERR_INVALID_INPUT;
}
diff --git a/platform/ext/target/arm/mps2/an521/spm_hal.c b/platform/ext/target/arm/mps2/an521/spm_hal.c
index 58dee4d..9390b46 100644
--- a/platform/ext/target/arm/mps2/an521/spm_hal.c
+++ b/platform/ext/target/arm/mps2/an521/spm_hal.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -33,16 +33,15 @@
#ifdef TFM_FIH_PROFILE_ON
fih_int tfm_spm_hal_configure_default_isolation(
- uint32_t partition_idx,
+ bool privileged,
const struct platform_data_t *platform_data)
#else /* TFM_FIH_PROFILE_ON */
enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
- uint32_t partition_idx,
+ bool privileged,
const struct platform_data_t *platform_data)
#endif /* TFM_FIH_PROFILE_ON */
{
fih_int fih_rc = FIH_FAILURE;
- bool privileged = tfm_is_partition_privileged(partition_idx);
#if defined(CONFIG_TFM_ENABLE_MEMORY_PROTECT) && (TFM_LVL != 1)
struct mpu_armv8m_region_cfg_t region_cfg;
#endif
diff --git a/platform/ext/target/arm/mps2/fvp_sse300/spm_hal.c b/platform/ext/target/arm/mps2/fvp_sse300/spm_hal.c
index 6b2d8a6..ff26d6f 100644
--- a/platform/ext/target/arm/mps2/fvp_sse300/spm_hal.c
+++ b/platform/ext/target/arm/mps2/fvp_sse300/spm_hal.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -27,11 +27,10 @@
#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
- uint32_t partition_idx,
+ bool privileged,
const struct platform_data_t *platform_data)
{
#if defined(CONFIG_TFM_ENABLE_MEMORY_PROTECT) && (TFM_LVL != 1)
- bool privileged = tfm_is_partition_privileged(partition_idx);
struct mpu_armv8m_region_cfg_t region_cfg;
#endif
diff --git a/platform/ext/target/arm/mps3/an524/spm_hal.c b/platform/ext/target/arm/mps3/an524/spm_hal.c
index 8abe9d8..30907b2 100644
--- a/platform/ext/target/arm/mps3/an524/spm_hal.c
+++ b/platform/ext/target/arm/mps3/an524/spm_hal.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -33,11 +33,9 @@
extern const struct memory_region_limits memory_regions;
enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
- uint32_t partition_idx,
+ bool privileged,
const struct platform_data_t *platform_data)
{
- bool privileged = tfm_is_partition_privileged(partition_idx);
-
if (!platform_data) {
return TFM_PLAT_ERR_INVALID_INPUT;
}
diff --git a/platform/ext/target/arm/mps3/an547/spm_hal.c b/platform/ext/target/arm/mps3/an547/spm_hal.c
index 840deac..e8c8c8d 100644
--- a/platform/ext/target/arm/mps3/an547/spm_hal.c
+++ b/platform/ext/target/arm/mps3/an547/spm_hal.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -29,11 +29,10 @@
#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
- uint32_t partition_idx,
+ bool privileged,
const struct platform_data_t *platform_data)
{
#if defined(CONFIG_TFM_ENABLE_MEMORY_PROTECT) && (TFM_LVL != 1)
- bool privileged = tfm_is_partition_privileged(partition_idx);
struct mpu_armv8m_region_cfg_t region_cfg;
#endif
diff --git a/platform/ext/target/arm/musca_b1/secure_enclave/spm_hal.c b/platform/ext/target/arm/musca_b1/secure_enclave/spm_hal.c
index b800078..207db15 100644
--- a/platform/ext/target/arm/musca_b1/secure_enclave/spm_hal.c
+++ b/platform/ext/target/arm/musca_b1/secure_enclave/spm_hal.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
* Copyright (c) 2019-2020, Cypress Semiconductor Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
@@ -21,12 +21,12 @@
extern const struct memory_region_limits memory_regions;
enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
- uint32_t partition_idx,
+ bool privileged,
const struct platform_data_t *platform_data)
{
/* Nothing to do, there is no isolation HW in this platform to be
* configured by Secure Enclave */
- (void) partition_idx;
+ (void) privileged;
(void) platform_data;
return TFM_PLAT_ERR_SUCCESS;
}
diff --git a/platform/ext/target/arm/musca_b1/sse_200/spm_hal.c b/platform/ext/target/arm/musca_b1/sse_200/spm_hal.c
index 42c10cf..58ac546 100644
--- a/platform/ext/target/arm/musca_b1/sse_200/spm_hal.c
+++ b/platform/ext/target/arm/musca_b1/sse_200/spm_hal.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -33,10 +33,9 @@
#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
- uint32_t partition_idx,
+ bool privileged,
const struct platform_data_t *platform_data)
{
- bool privileged = tfm_is_partition_privileged(partition_idx);
#if defined(CONFIG_TFM_ENABLE_MEMORY_PROTECT) && (TFM_LVL != 1)
struct mpu_armv8m_region_cfg_t region_cfg;
#endif
diff --git a/platform/ext/target/arm/musca_s1/spm_hal.c b/platform/ext/target/arm/musca_s1/spm_hal.c
index dba2177..46f0de0 100644
--- a/platform/ext/target/arm/musca_s1/spm_hal.c
+++ b/platform/ext/target/arm/musca_s1/spm_hal.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -25,11 +25,9 @@
struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE };
enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
- uint32_t partition_idx,
+ bool privileged,
const struct platform_data_t *platform_data)
{
- bool privileged = tfm_is_partition_privileged(partition_idx);
-
if (!platform_data) {
return TFM_PLAT_ERR_INVALID_INPUT;
}
diff --git a/platform/ext/target/cypress/psoc64/spm_hal.c b/platform/ext/target/cypress/psoc64/spm_hal.c
index 7b4e2fe..b996368 100644
--- a/platform/ext/target/cypress/psoc64/spm_hal.c
+++ b/platform/ext/target/cypress/psoc64/spm_hal.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
* Copyright (c) 2019-2020, Cypress Semiconductor Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
@@ -35,10 +35,10 @@
extern const struct memory_region_limits memory_regions;
enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
- uint32_t partition_idx,
+ bool privileged,
const struct platform_data_t *platform_data)
{
- (void) partition_idx; /* Unused parameter */
+ (void) privileged; /* Unused parameter */
if (!platform_data) {
return TFM_PLAT_ERR_INVALID_INPUT;
}
diff --git a/platform/ext/target/nordic_nrf/common/core/spm_hal.c b/platform/ext/target/nordic_nrf/common/core/spm_hal.c
index d38100d..5b9aa9c 100644
--- a/platform/ext/target/nordic_nrf/common/core/spm_hal.c
+++ b/platform/ext/target/nordic_nrf/common/core/spm_hal.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
* Copyright (c) 2020, Nordic Semiconductor ASA. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
@@ -29,7 +29,7 @@
#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
- uint32_t partition_idx,
+ bool privileged,
const struct platform_data_t *platform_data)
{
if (!platform_data) {
@@ -38,7 +38,7 @@
#if defined(CONFIG_TFM_ENABLE_MEMORY_PROTECT) && (TFM_LVL != 1)
- if (!tfm_is_partition_privileged(partition_idx)) {
+ if (!privileged) {
struct mpu_armv8m_region_cfg_t region_cfg;
region_cfg.region_nr = PARTITION_REGION_PERIPH_START + periph_num_count;
diff --git a/platform/ext/target/nuvoton/common/spm_hal.c b/platform/ext/target/nuvoton/common/spm_hal.c
index 500593b..9772399 100644
--- a/platform/ext/target/nuvoton/common/spm_hal.c
+++ b/platform/ext/target/nuvoton/common/spm_hal.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -22,11 +22,9 @@
extern const struct memory_region_limits memory_regions;
enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
- uint32_t partition_idx,
+ bool privileged,
const struct platform_data_t *platform_data)
{
- bool privileged = tfm_is_partition_privileged(partition_idx);
-
if (!platform_data) {
return TFM_PLAT_ERR_INVALID_INPUT;
}
diff --git a/platform/ext/target/nxp/common/spm_hal.c b/platform/ext/target/nxp/common/spm_hal.c
index b9a6e98..fee91a9 100644
--- a/platform/ext/target/nxp/common/spm_hal.c
+++ b/platform/ext/target/nxp/common/spm_hal.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
* Copyright 2019-2020 NXP. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
@@ -30,10 +30,9 @@
#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
- uint32_t partition_idx,
+ bool privileged,
const struct platform_data_t *platform_data)
{
- bool privileged = tfm_is_partition_privileged(partition_idx);
#if defined(CONFIG_TFM_ENABLE_MEMORY_PROTECT) && (TFM_LVL != 1)
struct mpu_armv8m_region_cfg_t region_cfg;
#endif
diff --git a/platform/ext/target/stm/common/stm32l5xx/secure/spm_hal.c b/platform/ext/target/stm/common/stm32l5xx/secure/spm_hal.c
index 94cab01..638d0cf 100644
--- a/platform/ext/target/stm/common/stm32l5xx/secure/spm_hal.c
+++ b/platform/ext/target/stm/common/stm32l5xx/secure/spm_hal.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -19,7 +19,7 @@
extern const struct memory_region_limits memory_regions;
enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
- uint32_t partition_idx,
+ bool privileged,
const struct platform_data_t *platform_data)
{
/* plat data are ignored */
diff --git a/platform/include/tfm_spm_hal.h b/platform/include/tfm_spm_hal.h
index 11da3c9..5730492 100644
--- a/platform/include/tfm_spm_hal.h
+++ b/platform/include/tfm_spm_hal.h
@@ -51,20 +51,19 @@
/**
* \brief Configure peripherals for a partition based on the platform data and
- * partition index from the DB
+ * partition privilege
*
* This function is called during partition initialisation (before calling the
* init function for the partition)
*
- * \param[in] partition_idx The index of the partition that this peripheral
- * is assigned to.
+ * \param[in] privileged Whether the partition is privileged.
* \param[in] platform_data The platform fields of the partition DB record to
* be used for configuration.
*
* \return Returns values as specified by FIH specific platform error code
*/
fih_int tfm_spm_hal_configure_default_isolation(
- uint32_t partition_idx,
+ bool privileged,
const struct platform_data_t *platform_data);
/**
* \brief Configures the system debug properties.
@@ -106,20 +105,19 @@
/**
* \brief Configure peripherals for a partition based on the platform data and
- * partition index from the DB
+ * partition privilege
*
* This function is called during partition initialisation (before calling the
* init function for the partition)
*
- * \param[in] partition_idx The index of the partition that this peripheral
- * is assigned to.
+ * \param[in] privileged Whether the partition is privileged.
* \param[in] platform_data The platform fields of the partition DB record to
* be used for configuration.
*
* \return Returns values as specified by the \ref tfm_plat_err_t
*/
enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
- uint32_t partition_idx,
+ bool priviledged,
const struct platform_data_t *platform_data);
/**
* \brief Configures the system debug properties.
diff --git a/secure_fw/spm/cmsis_func/spm_func.c b/secure_fw/spm/cmsis_func/spm_func.c
index 1144b44..62e0060 100644
--- a/secure_fw/spm/cmsis_func/spm_func.c
+++ b/secure_fw/spm/cmsis_func/spm_func.c
@@ -1224,6 +1224,7 @@
int32_t args[4] = {0};
fih_int fail_cnt = FIH_INT_INIT(0);
uint32_t idx;
+ bool privileged;
const struct platform_data_t **platform_data_p;
#ifdef TFM_FIH_PROFILE_ON
fih_int fih_rc = FIH_FAILURE;
@@ -1235,14 +1236,19 @@
platform_data_p = part->platform_data_list;
if (platform_data_p != NULL) {
while ((*platform_data_p) != NULL) {
+ if (tfm_is_partition_privileged(idx)) {
+ privileged = true;
+ } else {
+ privileged = false;
+ }
#ifdef TFM_FIH_PROFILE_ON
- FIH_CALL(tfm_spm_hal_configure_default_isolation, fih_rc, idx,
- *platform_data_p);
+ FIH_CALL(tfm_spm_hal_configure_default_isolation, fih_rc,
+ privileged, *platform_data_p);
if (fih_not_eq(fih_rc, fih_int_encode(TFM_PLAT_ERR_SUCCESS))) {
fail_cnt = fih_int_encode(fih_int_decode(fail_cnt) + 1);
}
#else /* TFM_FIH_PROFILE_ON */
- if (tfm_spm_hal_configure_default_isolation(idx,
+ if (tfm_spm_hal_configure_default_isolation(privileged,
*platform_data_p) != TFM_PLAT_ERR_SUCCESS) {
fail_cnt++;
}
diff --git a/secure_fw/spm/cmsis_psa/spm_ipc.c b/secure_fw/spm/cmsis_psa/spm_ipc.c
index d8d9060..b657d4e 100644
--- a/secure_fw/spm/cmsis_psa/spm_ipc.c
+++ b/secure_fw/spm/cmsis_psa/spm_ipc.c
@@ -334,14 +334,6 @@
}
}
-bool tfm_is_partition_privileged(uint32_t partition_idx)
-{
- uint32_t flags = tfm_spm_partition_get_flags(partition_idx);
-
- return tfm_spm_partition_get_privileged_mode(flags) ==
- TFM_PARTITION_PRIVILEGED_MODE;
-}
-
struct service_t *tfm_spm_get_service_by_sid(uint32_t sid)
{
struct service_t *p_serv = connection_services_listhead;
@@ -643,7 +635,8 @@
uint32_t tfm_spm_init(void)
{
- uint32_t i, j, part_idx = 0;
+ uint32_t i, j;
+ bool privileged;
struct partition_t *partition;
struct tfm_core_thread_t *pth, *p_ns_entry_thread = NULL;
const struct platform_data_t *platform_data_p;
@@ -671,6 +664,15 @@
p_cmninf = partition->p_ldinf;
/* Init mmio assets */
+ if (p_cmninf->nassets > 0) {
+ if (tfm_spm_partition_get_privileged_mode(p_cmninf->flags) ==
+ TFM_PARTITION_PRIVILEGED_MODE) {
+ privileged = true;
+ } else {
+ privileged = false;
+ }
+ }
+
p_asset_load = (struct asset_desc_t *)LOAD_INFO_ASSET(p_cmninf);
for (i = 0; i < p_cmninf->nassets; i++) {
/* Skip the memory-based asset */
@@ -696,13 +698,13 @@
}
#ifdef TFM_FIH_PROFILE_ON
- FIH_CALL(tfm_spm_hal_configure_default_isolation, fih_rc, part_idx,
- platform_data_p);
+ FIH_CALL(tfm_spm_hal_configure_default_isolation, fih_rc,
+ privileged, platform_data_p);
if (fih_not_eq(fih_rc, fih_int_encode(TFM_PLAT_ERR_SUCCESS))) {
tfm_core_panic();
}
#else /* TFM_FIH_PROFILE_ON */
- if (tfm_spm_hal_configure_default_isolation(part_idx,
+ if (tfm_spm_hal_configure_default_isolation(privileged,
platform_data_p) != TFM_PLAT_ERR_SUCCESS) {
tfm_core_panic();
}
@@ -755,8 +757,6 @@
if (tfm_core_thrd_start(pth) != THRD_SUCCESS) {
tfm_core_panic();
}
-
- part_idx++;
}
/*
diff --git a/secure_fw/spm/include/tfm_platform_core_api.h b/secure_fw/spm/include/tfm_platform_core_api.h
index f79190b..de53254 100644
--- a/secure_fw/spm/include/tfm_platform_core_api.h
+++ b/secure_fw/spm/include/tfm_platform_core_api.h
@@ -23,13 +23,4 @@
*/
void tfm_access_violation_handler(void);
-/**
- * \brief Return whether a secure partition is privileged.
- *
- * \param[in] partition_idx The index of the partition in the partition_list.
- *
- * \return True if the partition is privileged, false otherwise.
- */
-bool tfm_is_partition_privileged(uint32_t partition_idx);
-
#endif /* __TFM_PLATFORM_CORE_API_H__ */