Remap the "0" client_id in RSE_COMMS
The client_id of an NS endpoint should be a negative number, according
to the PSA FF-M [1], otherwise, TF-M will reject the call [2]. The
calls from the Application Core are considered to be NS from the
Secure Enclave's point of view.
The RSE_COMMS library performs a positive-to-negative transformation on
the TF-M side [3] so the client_id provided in Trusted Services must
be a positive number. The [2] check was added in TF-Mv2.1.x release.
The client_id is sent as a 16 bits long integer so the sign will be
always okay as it is checked as an int32_t in the TF-M side, but the
"0" check can cause problems. Therefore, '0' is not allowed and must
be remapped to a different value.
This is done by replacing the "0" client_id with the SE-Proxy's own
FF-A ID. This is a viable option because the SE-Proxy SP is never a
source of a request on its own, it just forwards the requests of the
other endpoints. For example, the SE-Proxy SP doesn't store any assets
in a PS or ITS, which would need to be isolated from the other SPs.
[1] https://developer.arm.com/documentation/den0063/a/?lang=en
[2] https://git.trustedfirmware.org/plugins/gitiles/TF-M/trusted-firmware-m.git/+/refs/tags/TF-Mv2.1.1/secure_fw/partitions/ns_agent_mailbox/tfm_multi_core_client_id.c#52
[3] https://git.trustedfirmware.org/plugins/gitiles/TF-M/trusted-firmware-m.git/+/refs/tags/TF-Mv2.1.1/platform/ext/target/arm/rse/common/rse_comms/rse_comms.c#75
Change-Id: Id880659e6a4c27d7edaa4e8de49c873c2f870548
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
diff --git a/components/rpc/rse_comms/rse_comms.c b/components/rpc/rse_comms/rse_comms.c
index 691c7ef..ac474f8 100644
--- a/components/rpc/rse_comms/rse_comms.c
+++ b/components/rpc/rse_comms/rse_comms.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2025, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -21,6 +21,12 @@
#define COMMS_MHU_MSG_SIZE 0x2200
#endif
+/*
+ * This must be set beforehand, during the SP's initialization. This is
+ * the FF-A ID of the SP.
+ */
+extern uint16_t own_id;
+
static uint8_t select_protocol_version(const struct psa_invec *in_vec, size_t in_len,
const struct psa_outvec *out_vec, size_t out_len)
{
@@ -95,8 +101,20 @@
}
req->header.seq_num = seq_num;
- /* No need to distinguish callers (currently concurrent calls are not supported). */
- req->header.client_id = client_id;
+
+ /*
+ * This is needed because the "0" is not accepted in TF-M so it has to be remapped
+ * to a different value.
+ * The SE-Proxy's own FFA ID is used as the new value. This is a viable option
+ * because the SE-Proxy SP never originates requests itself, it just
+ * forwards the requests of the other endpoints.
+ */
+
+ if (client_id == 0)
+ req->header.client_id = own_id;
+ else
+ req->header.client_id = client_id;
+
req->header.protocol_ver = protocol_ver;
psa_status = rse_protocol_serialize_msg(handle, type, in_vec, in_len, out_vec, out_len, req,