Build: Unify isolation level setting with TFM_ISOLATION_LEVEL
There is a CMake configuration "TFM_ISOLATION_LEVEL", which can also be
used as the CMake compile definition. To make the code easier to
maintain, remove current compile definition "TFM_LVL" and unify the
isolation level setting with "TFM_ISOLATION_LEVEL".
Signed-off-by: Xinyu Zhang <xinyu.zhang@arm.com>
Change-Id: I659744b470e8da6f14457094402e45cf77964406
diff --git a/secure_fw/include/build_config_check.h b/secure_fw/include/build_config_check.h
index 636640e..7f01e8e 100644
--- a/secure_fw/include/build_config_check.h
+++ b/secure_fw/include/build_config_check.h
@@ -28,10 +28,10 @@
#endif
/* Check isolation levels. */
-#ifndef TFM_LVL
-#error TFM_LVL is not defined.
-#elif (TFM_LVL != 1) && (TFM_LVL != 2) && (TFM_LVL != 3)
-#error Invalid TFM_LVL value. The possible values are 1, 2 and 3.
+#ifndef TFM_ISOLATION_LEVEL
+#error TFM_ISOLATION_LEVEL is not defined.
+#elif (TFM_ISOLATION_LEVEL != 1) && (TFM_ISOLATION_LEVEL != 2) && (TFM_ISOLATION_LEVEL != 3)
+#error Invalid TFM_ISOLATION_LEVEL value. The possible values are 1, 2 and 3.
#endif
/* Check if there are unsupported thread priority. */
diff --git a/secure_fw/partitions/idle_partition/load_info_idle_sp.c b/secure_fw/partitions/idle_partition/load_info_idle_sp.c
index 4b17b66..748b4a4 100644
--- a/secure_fw/partitions/idle_partition/load_info_idle_sp.c
+++ b/secure_fw/partitions/idle_partition/load_info_idle_sp.c
@@ -17,7 +17,7 @@
#include "region_defs.h"
#include "tfm_s_linker_alignments.h"
-#if TFM_LVL == 3
+#if TFM_ISOLATION_LEVEL == 3
#define TFM_SP_IDLE_NASSETS (1)
#endif
@@ -31,7 +31,7 @@
/* per-partition variable length load data */
uintptr_t stack_addr;
uintptr_t heap_addr;
-#if TFM_LVL == 3
+#if TFM_ISOLATION_LEVEL == 3
struct asset_desc_t assets[TFM_SP_IDLE_NASSETS];
#endif
} __attribute__((aligned(4)));
@@ -58,7 +58,7 @@
.heap_size = 0,
.ndeps = 0,
.nservices = 0,
-#if TFM_LVL == 3
+#if TFM_ISOLATION_LEVEL == 3
.nassets = TFM_SP_IDLE_NASSETS,
#else
.nassets = 0,
@@ -66,7 +66,7 @@
},
.stack_addr = (uintptr_t)idle_sp_stack,
.heap_addr = 0,
-#if TFM_LVL == 3
+#if TFM_ISOLATION_LEVEL == 3
.assets = {
{
.mem.start = (uintptr_t)idle_sp_stack,
diff --git a/secure_fw/partitions/lib/runtime/service_api.c b/secure_fw/partitions/lib/runtime/service_api.c
index 1ed1ad9..3e9576d 100644
--- a/secure_fw/partitions/lib/runtime/service_api.c
+++ b/secure_fw/partitions/lib/runtime/service_api.c
@@ -22,7 +22,7 @@
);
}
-#if TFM_LVL != 1
+#if TFM_ISOLATION_LEVEL != 1
/* Entry point when Partition FLIH functions return */
__attribute__((naked))
void tfm_flih_func_return(psa_flih_result_t result)
@@ -30,4 +30,4 @@
__ASM volatile("SVC "M2S(TFM_SVC_FLIH_FUNC_RETURN)" \n"
);
}
-#endif /* TFM_LVL != 1 */
+#endif /* TFM_ISOLATION_LEVEL != 1 */
diff --git a/secure_fw/partitions/ns_agent_mailbox/tfm_multi_core_mem_check.c b/secure_fw/partitions/ns_agent_mailbox/tfm_multi_core_mem_check.c
index 5b8339e..ba6958d 100644
--- a/secure_fw/partitions/ns_agent_mailbox/tfm_multi_core_mem_check.c
+++ b/secure_fw/partitions/ns_agent_mailbox/tfm_multi_core_mem_check.c
@@ -18,8 +18,8 @@
#include "tfm_arch.h"
#include "utilities.h"
-#ifndef TFM_LVL
-#error TFM_LVL is not defined!
+#ifndef TFM_ISOLATION_LEVEL
+#error TFM_ISOLATION_LEVEL is not defined!
#endif
void tfm_get_mem_region_security_attr(const void *p, size_t s,
@@ -52,7 +52,7 @@
p_attr->is_valid = false;
}
-#if TFM_LVL == 2
+#if TFM_ISOLATION_LEVEL == 2
REGION_DECLARE(Image$$, TFM_UNPRIV_CODE_START, $$RO$$Base);
REGION_DECLARE(Image$$, TFM_UNPRIV_CODE_END, $$RO$$Limit);
#ifdef CONFIG_TFM_PARTITION_META
@@ -68,7 +68,7 @@
void tfm_get_secure_mem_region_attr(const void *p, size_t s,
struct mem_attr_info_t *p_attr)
{
-#if TFM_LVL == 1
+#if TFM_ISOLATION_LEVEL == 1
p_attr->is_mpu_enabled = false;
p_attr->is_valid = true;
@@ -91,7 +91,7 @@
}
p_attr->is_valid = false;
-#elif TFM_LVL == 2
+#elif TFM_ISOLATION_LEVEL == 2
uintptr_t base, limit;
p_attr->is_mpu_enabled = false;
@@ -317,8 +317,8 @@
static enum tfm_status_e secure_mem_attr_check(struct mem_attr_info_t attr,
uint8_t flags)
{
-#if TFM_LVL == 1
- /* Privileged/unprivileged is ignored in TFM_LVL == 1 */
+#if TFM_ISOLATION_LEVEL == 1
+ /* Privileged/unprivileged is ignored in TFM_ISOLATION_LEVEL == 1 */
if ((flags & MEM_CHECK_MPU_READWRITE) &&
(attr.is_priv_rd_allow || attr.is_unpriv_rd_allow) &&
@@ -420,7 +420,7 @@
/* Retrieve access attributes of secure memory region */
tfm_hal_get_secure_access_attr(p, s, &mem_attr);
-#if TFM_LVL != 1
+#if TFM_ISOLATION_LEVEL != 1
/* Secure MPU must be enabled in Isolation Level 2 and 3 */
if (!mem_attr.is_mpu_enabled) {
tfm_core_panic();
diff --git a/secure_fw/partitions/ns_agent_tz/load_info_ns_agent_tz.c b/secure_fw/partitions/ns_agent_tz/load_info_ns_agent_tz.c
index b51ee06..5f18b16 100644
--- a/secure_fw/partitions/ns_agent_tz/load_info_ns_agent_tz.c
+++ b/secure_fw/partitions/ns_agent_tz/load_info_ns_agent_tz.c
@@ -26,7 +26,7 @@
#define TFM_SP_NS_AGENT_NDEPS (0)
#define TFM_SP_NS_AGENT_NSERVS (0)
-#if TFM_LVL == 3
+#if TFM_ISOLATION_LEVEL == 3
#define TFM_SP_NS_AGENT_NASSETS (1)
#endif
@@ -47,7 +47,7 @@
/* per-partition variable length load data */
uintptr_t stack_addr;
uintptr_t heap_addr;
-#if TFM_LVL == 3
+#if TFM_ISOLATION_LEVEL == 3
struct asset_desc_t assets[TFM_SP_NS_AGENT_NASSETS];
#endif
} __attribute__((aligned(4)));
@@ -71,7 +71,7 @@
.heap_size = 0,
.ndeps = TFM_SP_NS_AGENT_NDEPS,
.nservices = TFM_SP_NS_AGENT_NSERVS,
-#if TFM_LVL == 3
+#if TFM_ISOLATION_LEVEL == 3
.nassets = TFM_SP_NS_AGENT_NASSETS,
#else
.nassets = 0,
@@ -79,7 +79,7 @@
},
.stack_addr = (uintptr_t)ns_agent_tz_stack,
.heap_addr = 0,
-#if TFM_LVL == 3
+#if TFM_ISOLATION_LEVEL == 3
.assets = {
{
.mem.start = (uintptr_t)ns_agent_tz_stack,
diff --git a/secure_fw/spm/core/backend_ipc.c b/secure_fw/spm/core/backend_ipc.c
index 53937ae..ef7f0f0 100644
--- a/secure_fw/spm/core/backend_ipc.c
+++ b/secure_fw/spm/core/backend_ipc.c
@@ -129,7 +129,7 @@
ARCH_CTXCTRL_ALLOCATED_PTR(ctx_ctrl);
p_rt_meta->entry = p_pt_ldi->entry;
-#if TFM_LVL == 1
+#if TFM_ISOLATION_LEVEL == 1
p_rt_meta->psa_fns = &psa_api_cross;
#else
/* TODO: ABI for PRoT partitions needs to be updated based on implementations. */
diff --git a/secure_fw/spm/core/interrupt.c b/secure_fw/spm/core/interrupt.c
index 0b5e043..2caf165 100644
--- a/secure_fw/spm/core/interrupt.c
+++ b/secure_fw/spm/core/interrupt.c
@@ -25,7 +25,7 @@
extern uintptr_t spm_boundary;
-#if TFM_LVL != 1
+#if TFM_ISOLATION_LEVEL != 1
extern void tfm_flih_func_return(psa_flih_result_t result);
__attribute__((naked))
@@ -161,7 +161,7 @@
flih_result = PSA_FLIH_SIGNAL;
} else {
/* FLIH Model Handling */
-#if TFM_LVL == 1
+#if TFM_ISOLATION_LEVEL == 1
flih_result = p_ildi->flih_func();
#else
if (!tfm_hal_boundary_need_switch(spm_boundary,
diff --git a/secure_fw/spm/core/main.c b/secure_fw/spm/core/main.c
index 17a0cde..eb29267 100644
--- a/secure_fw/spm/core/main.c
+++ b/secure_fw/spm/core/main.c
@@ -65,7 +65,7 @@
SPMLOG_INFMSG("\033[1;34m[Sec Thread] Secure image initializing!\033[0m\r\n");
- SPMLOG_DBGMSGVAL("TF-M isolation level is: ", TFM_LVL);
+ SPMLOG_DBGMSGVAL("TF-M isolation level is: ", TFM_ISOLATION_LEVEL);
#if (CONFIG_TFM_FLOAT_ABI == 2)
SPMLOG_INFMSG("TF-M Float ABI: Hard\r\n");
diff --git a/secure_fw/spm/core/tfm_svcalls.c b/secure_fw/spm/core/tfm_svcalls.c
index 1704f0f..1a14bd5 100644
--- a/secure_fw/spm/core/tfm_svcalls.c
+++ b/secure_fw/spm/core/tfm_svcalls.c
@@ -102,7 +102,7 @@
case TFM_SVC_GET_BOOT_DATA:
tfm_core_get_boot_data_handler(svc_args);
break;
-#if (TFM_LVL != 1) && (CONFIG_TFM_FLIH_API == 1)
+#if (TFM_ISOLATION_LEVEL != 1) && (CONFIG_TFM_FLIH_API == 1)
case TFM_SVC_PREPARE_DEPRIV_FLIH:
exc_return = tfm_flih_prepare_depriv_flih((struct partition_t *)svc_args[0],
(uintptr_t)svc_args[1]);