TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TS / trusted-services / 7527ddf2046665ae2aae0cc2fd026016c51e505f^! / . / deployments / se-proxy / env / commonsp / se_proxy_sp.c
commit7527ddf2046665ae2aae0cc2fd026016c51e505f[log] [tgz]
authorBence Balogh <bence.balogh@arm.com>Tue Feb 25 08:18:14 2025 +0100
committerGyörgy Szing <gyorgy.szing@arm.com>Fri Mar 07 09:58:27 2025 +0100
treeace9085deda325142f6ff5eb084a09bd8ed4d67d
parentda242000ea4059741dbad72b869bb5ba7e2265a3 [diff] [blame]
Remap the "0" client_id in RSE_COMMS

The client_id of an NS endpoint should be a negative number, according
to the PSA FF-M [1], otherwise, TF-M will reject the call [2]. The
calls from the Application Core are considered to be NS from the
Secure Enclave's point of view.

The RSE_COMMS library performs a positive-to-negative transformation on
the TF-M side [3] so the client_id provided in Trusted Services must
be a positive number. The [2] check was added in TF-Mv2.1.x release.

The client_id is sent as a 16 bits long integer so the sign will be
always okay as it is checked as an int32_t in the TF-M side, but the
"0" check can cause problems. Therefore, '0' is not allowed and must
be remapped to a different value.

This is done by replacing the "0" client_id with the SE-Proxy's own
FF-A ID. This is a viable option because the SE-Proxy SP is never a
source of a request on its own, it just forwards the requests of the
other endpoints. For example, the SE-Proxy SP doesn't store any assets
in a PS or ITS, which would need to be isolated from the other SPs.

[1] https://developer.arm.com/documentation/den0063/a/?lang=en
[2] https://git.trustedfirmware.org/plugins/gitiles/TF-M/trusted-firmware-m.git/+/refs/tags/TF-Mv2.1.1/secure_fw/partitions/ns_agent_mailbox/tfm_multi_core_client_id.c#52
[3] https://git.trustedfirmware.org/plugins/gitiles/TF-M/trusted-firmware-m.git/+/refs/tags/TF-Mv2.1.1/platform/ext/target/arm/rse/common/rse_comms/rse_comms.c#75

Change-Id: Id880659e6a4c27d7edaa4e8de49c873c2f870548
Signed-off-by: Bence Balogh <bence.balogh@arm.com>

diff --git a/deployments/se-proxy/env/commonsp/se_proxy_sp.c b/deployments/se-proxy/env/commonsp/se_proxy_sp.c
index bdef9b2..1203521 100644
--- a/deployments/se-proxy/env/commonsp/se_proxy_sp.c
+++ b/deployments/se-proxy/env/commonsp/se_proxy_sp.c

@@ -15,6 +15,12 @@
 
 #include <stddef.h>
 
+/*
+ * This must be a global variable so the communication layer (e.g. RSE_COMMS)
+ * can use this to remap message client_ids if needed.
+ */
+uint16_t own_id;
+
 static bool sp_init(uint16_t *own_sp_id);
 
 void __noreturn sp_main(union ffa_boot_info *boot_info)
@@ -23,7 +29,6 @@
 	struct sp_msg req_msg = { 0 };
 	struct sp_msg resp_msg = { 0 };
 	struct rpc_service_interface *rpc_iface = NULL;
-	uint16_t own_id = 0;
 	sp_result result = SP_RESULT_INTERNAL_ERROR;
 	rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
 	unsigned int n_services = PROXY_SERVICE_FACTORY_LIST_LENGTH();