Core: Enhance manifest to align with PSA
Below enhancements need to be applied to follow PSA:
- IPC related parameters added in manifest file (such as signal, sid,
minor_version and minor_policy).
- IPC service partition manifest file added to generate secure partion
source.
- Remove "tfm_partition_name" from manifest file and use "name"
directly.
- Remove IPC unused template: tfm_sfid_list.inc.template
Note:
- Signal header also need to be added manually by hardcode for tool
cannot support it now.
Change-Id: I47c2c4058e99a0b278c7b05b1e8d80058bc185a1
Signed-off-by: Edison Ai <edison.ai@arm.com>
diff --git a/secure_fw/core/ipc/include/tfm_spm_signal_defs.h b/secure_fw/core/ipc/include/tfm_spm_signal_defs.h
new file mode 100644
index 0000000..e632354
--- /dev/null
+++ b/secure_fw/core/ipc/include/tfm_spm_signal_defs.h
@@ -0,0 +1,12 @@
+/*
+ * Copyright (c) 2018, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+#ifndef __TFM_SPM_SIGNAL_DEFS_H__
+#define __TFM_SPM_SIGNAL_DEFS_H__
+
+#include "test/test_services/tfm_ipc_service/tfm_ipc_service_partition.h"
+
+#endif
diff --git a/secure_fw/core/tfm_secure_api.c b/secure_fw/core/tfm_secure_api.c
index 863643b..698f17a 100644
--- a/secure_fw/core/tfm_secure_api.c
+++ b/secure_fw/core/tfm_secure_api.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2017-2019, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -94,12 +94,13 @@
caller_flags = tfm_spm_partition_get_flags(caller_partition_idx);
/* Check partition state consistency */
- if (((caller_flags&SPM_PART_FLAG_SECURE) != 0) != (!desc_ptr->ns_caller)) {
+ if (((caller_flags & SPM_PART_FLAG_APP_ROT) != 0)
+ != (!desc_ptr->ns_caller)) {
/* Partition state inconsistency detected */
return TFM_SECURE_LOCK_FAILED;
}
- if((caller_flags & SPM_PART_FLAG_SECURE) == 0) {
+ if((caller_flags & SPM_PART_FLAG_APP_ROT) == 0) {
/* Disable NS exception handling while secure service is running.
* FixMe:
* This restriction is applied to limit the number of possible attack
@@ -123,7 +124,7 @@
/* Make thread mode unprivileged while untrusted partition init is
* executed
*/
- if ((partition_flags & SPM_PART_FLAG_TRUSTED) == 0) {
+ if ((partition_flags & SPM_PART_FLAG_PSA_ROT) == 0) {
CONTROL_Type ctrl;
ctrl.w = __get_CONTROL();
@@ -158,7 +159,7 @@
caller_partition_idx);
tfm_spm_partition_store_context(caller_partition_idx, psp, excReturn);
- if ((caller_flags&SPM_PART_FLAG_SECURE)) {
+ if ((caller_flags & SPM_PART_FLAG_APP_ROT)) {
tfm_spm_partition_set_caller_client_id(partition_idx,
caller_partition_id);
} else {
@@ -245,7 +246,7 @@
tfm_secure_lock--;
- if((return_partition_flags & SPM_PART_FLAG_SECURE) == 0) {
+ if((return_partition_flags & SPM_PART_FLAG_APP_ROT) == 0) {
/* Re-enable NS exceptions when secure service returns to NS client.
* FixMe:
* To be removed when pre-emption and context management issues have
@@ -261,7 +262,7 @@
/* Restore privilege for thread mode during TF-M init. This is only
* have to be done if the partition is not trusted.
*/
- if ((current_partition_flags & SPM_PART_FLAG_TRUSTED) == 0) {
+ if ((current_partition_flags & SPM_PART_FLAG_PSA_ROT) == 0) {
CONTROL_Type ctrl;
ctrl.w = __get_CONTROL();
@@ -279,7 +280,7 @@
ERROR_MSG("Failed to configure sandbox for partition!");
tfm_secure_api_error_handler();
}
- if (return_partition_flags&SPM_PART_FLAG_SECURE) {
+ if (return_partition_flags & SPM_PART_FLAG_APP_ROT) {
/* Restore share status */
tfm_spm_partition_set_share(
return_partition_idx,
@@ -290,7 +291,7 @@
#endif
#if TFM_LVL == 1
- if (!(return_partition_flags & SPM_PART_FLAG_SECURE) ||
+ if (!(return_partition_flags & SPM_PART_FLAG_APP_ROT) ||
(tfm_secure_api_initializing)) {
/* In TFM level 1 context restore is only done when
* returning to NS or after initialization
@@ -472,7 +473,7 @@
uint32_t caller_partition_flags =
tfm_spm_partition_get_flags(curr_part_data->caller_partition_idx);
- if (!(running_partition_flags&SPM_PART_FLAG_SECURE)) {
+ if (!(running_partition_flags & SPM_PART_FLAG_APP_ROT)) {
/* This handler shouldn't be called from outside partition context.
* Partitions are only allowed to run while S domain is locked.
*/
@@ -481,7 +482,7 @@
}
/* Store return value in r0 */
- if (caller_partition_flags&SPM_PART_FLAG_SECURE) {
+ if (caller_partition_flags & SPM_PART_FLAG_APP_ROT) {
res = TFM_SUCCESS;
}
svc_args[0] = res;
@@ -555,7 +556,7 @@
tfm_spm_partition_get_runtime_data(running_partition_idx);
int res = 0;
- if (!(running_partition_flags&SPM_PART_FLAG_SECURE)) {
+ if (!(running_partition_flags & SPM_PART_FLAG_APP_ROT)) {
/* This handler shouldn't be called from outside partition context.
* Partitions are only allowed to run while S domain is locked.
*/
@@ -599,7 +600,7 @@
int32_t flags = 0;
void *rangeptr;
- if (!(running_partition_flags&SPM_PART_FLAG_SECURE) || (size == 0)) {
+ if (!(running_partition_flags & SPM_PART_FLAG_APP_ROT) || (size == 0)) {
/* This handler should only be called from a secure partition. */
svc_args[0] = TFM_ERROR_INVALID_PARAMETER;
return;
@@ -768,7 +769,7 @@
/* tfm_core_set_buffer_area() returns int32_t */
int32_t *res_ptr = (int32_t *)&args[0];
- if (!(running_partition_flags&SPM_PART_FLAG_SECURE)) {
+ if (!(running_partition_flags & SPM_PART_FLAG_APP_ROT)) {
/* This handler should only be called from a secure partition. */
*res_ptr = TFM_ERROR_INVALID_PARAMETER;
return;
@@ -776,7 +777,7 @@
switch (args[0]) {
case TFM_BUFFER_SHARE_DEFAULT:
- share = (!(caller_partition_flags&SPM_PART_FLAG_SECURE)) ?
+ share = (!(caller_partition_flags & SPM_PART_FLAG_APP_ROT)) ?
(TFM_BUFFER_SHARE_NS_CODE) : (TFM_BUFFER_SHARE_SCRATCH);
break;
case TFM_BUFFER_SHARE_SCRATCH:
diff --git a/secure_fw/services/audit_logging/manifest.yaml b/secure_fw/services/audit_logging/manifest.yaml
index 694b822..371ce2d 100644
--- a/secure_fw/services/audit_logging/manifest.yaml
+++ b/secure_fw/services/audit_logging/manifest.yaml
@@ -1,18 +1,16 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2018, Arm Limited. All rights reserved.
+# Copyright (c) 2018-2019, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
#-------------------------------------------------------------------------------
{
- "name": "AUDIT_LOG",
- "type": "TRUSTED",
- "tfm_partition_name": "TFM_SP_AUDIT_LOG",
- "tfm_trusted": true,
+ "name": "TFM_SP_AUDIT_LOG",
+ "type": "PSA-ROT",
"priority": "NORMAL",
"id": "0x00000101",
- "entry_point": "main",
+ "entry_point": "audit_core_init",
"stack_size": "0x1000",
"heap_size": "0x0400",
"mmio_regions" : [
@@ -22,7 +20,6 @@
"conditional": "AUDIT_UART_REDIRECTION"
}
],
- "tfm_init_symbol": "audit_core_init",
"secure_functions": [
{
"sfid": "TFM_AUDIT_RETRIEVE_RECORD_SFID",
diff --git a/secure_fw/services/crypto/manifest.yaml b/secure_fw/services/crypto/manifest.yaml
index 05a2331..32f794b 100644
--- a/secure_fw/services/crypto/manifest.yaml
+++ b/secure_fw/services/crypto/manifest.yaml
@@ -1,21 +1,18 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2018, Arm Limited. All rights reserved.
+# Copyright (c) 2018-2019, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
#-------------------------------------------------------------------------------
{
- "name": "CRYPTO",
- "type": "TRUSTED",
- "tfm_partition_name": "TFM_SP_CRYPTO",
- "tfm_trusted": true,
+ "name": "TFM_SP_CRYPTO",
+ "type": "PSA-ROT",
"priority": "NORMAL",
"id": "0x00000102",
- "entry_point": "main",
+ "entry_point": "tfm_crypto_init",
"stack_size": "0x2000",
"heap_size": "0x0400",
- "tfm_init_symbol": "tfm_crypto_init",
"secure_functions": [
{
"sfid": "TFM_CRYPTO_ALLOC_OPERATION_SFID",
diff --git a/secure_fw/services/initial_attestation/manifest.yaml b/secure_fw/services/initial_attestation/manifest.yaml
index 319987b..b46f577 100644
--- a/secure_fw/services/initial_attestation/manifest.yaml
+++ b/secure_fw/services/initial_attestation/manifest.yaml
@@ -1,18 +1,16 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2018, Arm Limited. All rights reserved.
+# Copyright (c) 2018-2019, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
#-------------------------------------------------------------------------------
{
- "name": "INITIAL_ATTESTATION",
- "type": "TRUSTED",
- "tfm_partition_name": "TFM_SP_INITIAL_ATTESTATION",
- "tfm_trusted": true,
+ "name": "TFM_SP_INITIAL_ATTESTATION",
+ "type": "PSA-ROT",
"priority": "NORMAL",
"id": "0x00000103",
- "entry_point": "main",
+ "entry_point": "attest_init",
"stack_size": "0x0400",
"heap_size": "0x0400",
"tfm_init_symbol": "attest_init",
diff --git a/secure_fw/services/platform/manifest.yaml b/secure_fw/services/platform/manifest.yaml
index 8688ed6..e66b54e 100644
--- a/secure_fw/services/platform/manifest.yaml
+++ b/secure_fw/services/platform/manifest.yaml
@@ -1,21 +1,18 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2018, Arm Limited. All rights reserved.
+# Copyright (c) 2018-2019, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
#-------------------------------------------------------------------------------
{
- "name": "SP_PLATFORM",
- "type": "TRUSTED",
- "tfm_partition_name": "TFM_SP_PLATFORM",
- "tfm_trusted": true,
+ "name": "TFM_SP_PLATFORM",
+ "type": "PSA-ROT",
"priority": "NORMAL",
"id": "0x00000102",
- "entry_point": "main",
+ "entry_point": "platform_sp_init",
"stack_size": "0x0400",
"heap_size": "0x0400",
- "tfm_init_symbol": "platform_sp_init",
"secure_functions": [
{
"sfid": "TFM_SP_PLATFORM_SYSTEM_RESET_SFID",
diff --git a/secure_fw/services/secure_storage/manifest.yaml b/secure_fw/services/secure_storage/manifest.yaml
index 3b1708a..883f6fd 100644
--- a/secure_fw/services/secure_storage/manifest.yaml
+++ b/secure_fw/services/secure_storage/manifest.yaml
@@ -1,21 +1,18 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2018, Arm Limited. All rights reserved.
+# Copyright (c) 2018-2019, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
#-------------------------------------------------------------------------------
{
- "name": "SST",
- "type": "TRUSTED",
- "tfm_partition_name": "TFM_SP_STORAGE",
- "tfm_trusted": true,
+ "name": "TFM_SP_STORAGE",
+ "type": "PSA-ROT",
"priority": "NORMAL",
"id": "0x00000100",
- "entry_point": "main",
+ "entry_point": "sst_am_prepare",
"stack_size": "0x2000",
"heap_size": "0x0400",
- "tfm_init_symbol": "sst_am_prepare",
"secure_functions": [
{
"sfid": "SST_AM_CREATE_SFID",
diff --git a/secure_fw/services/tfm_partition_defs.inc b/secure_fw/services/tfm_partition_defs.inc
index b713839..5cd4186 100644
--- a/secure_fw/services/tfm_partition_defs.inc
+++ b/secure_fw/services/tfm_partition_defs.inc
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
diff --git a/secure_fw/services/tfm_partition_defs.inc.template b/secure_fw/services/tfm_partition_defs.inc.template
index 6c93c77..12eeefc 100644
--- a/secure_fw/services/tfm_partition_defs.inc.template
+++ b/secure_fw/services/tfm_partition_defs.inc.template
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -14,7 +14,7 @@
@!GENERATOR_CONDITIONAL_START!@ @@attr.conditional@@
#ifdef @@attr.conditional@@
@!GENERATOR_CONDITIONAL_END!@
-#define @@manifest.tfm_partition_name@@_ID (TFM_SP_BASE + @!GENERATOR_ITERATION_COUNTER!@)
+#define @@manifest.name@@_ID (TFM_SP_BASE + @!GENERATOR_ITERATION_COUNTER!@)
@!GENERATOR_CONDITIONAL_START!@ @@attr.conditional@@
#endif /* @@attr.conditional@@ */
@!GENERATOR_CONDITIONAL_END!@
diff --git a/secure_fw/services/tfm_partition_list.inc b/secure_fw/services/tfm_partition_list.inc
index f903edd..3dfc357 100644
--- a/secure_fw/services/tfm_partition_list.inc
+++ b/secure_fw/services/tfm_partition_list.inc
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -11,63 +11,76 @@
#define __TFM_PARTITION_LIST_INC__
/******** TFM_SP_STORAGE ********/
-PARTITION_DECLARE(TFM_SP_STORAGE, SPM_PART_FLAG_SECURE | SPM_PART_FLAG_TRUSTED);
+PARTITION_DECLARE(TFM_SP_STORAGE, 0
+ , "PSA-ROT", 0x00000100, NORMAL);
PARTITION_ADD_INIT_FUNC(TFM_SP_STORAGE, sst_am_prepare);
/******** TFM_SP_AUDIT_LOG ********/
-PARTITION_DECLARE(TFM_SP_AUDIT_LOG, SPM_PART_FLAG_SECURE | SPM_PART_FLAG_TRUSTED);
+PARTITION_DECLARE(TFM_SP_AUDIT_LOG, 0
+ , "PSA-ROT", 0x00000101, NORMAL);
PARTITION_ADD_INIT_FUNC(TFM_SP_AUDIT_LOG, audit_core_init);
#ifdef AUDIT_UART_REDIRECTION
PARTITION_ADD_PERIPHERAL(TFM_SP_AUDIT_LOG, TFM_PERIPHERAL_UART1);
#endif /* AUDIT_UART_REDIRECTION */
/******** TFM_SP_CRYPTO ********/
-PARTITION_DECLARE(TFM_SP_CRYPTO, SPM_PART_FLAG_SECURE | SPM_PART_FLAG_TRUSTED);
+PARTITION_DECLARE(TFM_SP_CRYPTO, 0
+ , "PSA-ROT", 0x00000102, NORMAL);
PARTITION_ADD_INIT_FUNC(TFM_SP_CRYPTO, tfm_crypto_init);
/******** TFM_SP_PLATFORM ********/
-PARTITION_DECLARE(TFM_SP_PLATFORM, SPM_PART_FLAG_SECURE | SPM_PART_FLAG_TRUSTED);
+PARTITION_DECLARE(TFM_SP_PLATFORM, 0
+ , "PSA-ROT", 0x00000102, NORMAL);
PARTITION_ADD_INIT_FUNC(TFM_SP_PLATFORM, platform_sp_init);
/******** TFM_SP_INITIAL_ATTESTATION ********/
-PARTITION_DECLARE(TFM_SP_INITIAL_ATTESTATION, SPM_PART_FLAG_SECURE | SPM_PART_FLAG_TRUSTED);
+PARTITION_DECLARE(TFM_SP_INITIAL_ATTESTATION, 0
+ , "PSA-ROT", 0x00000103, NORMAL);
PARTITION_ADD_INIT_FUNC(TFM_SP_INITIAL_ATTESTATION, attest_init);
#ifdef TFM_PARTITION_TEST_CORE
/******** TFM_SP_CORE_TEST ********/
-PARTITION_DECLARE(TFM_SP_CORE_TEST, SPM_PART_FLAG_SECURE);
+PARTITION_DECLARE(TFM_SP_CORE_TEST, 0
+ , "APPLICATION-ROT", 0x00000002, NORMAL);
PARTITION_ADD_INIT_FUNC(TFM_SP_CORE_TEST, core_test_init);
PARTITION_ADD_PERIPHERAL(TFM_SP_CORE_TEST, TFM_PERIPHERAL_FPGA_IO);
#endif /* TFM_PARTITION_TEST_CORE */
#ifdef TFM_PARTITION_TEST_CORE
/******** TFM_SP_CORE_TEST_2 ********/
-PARTITION_DECLARE(TFM_SP_CORE_TEST_2, SPM_PART_FLAG_SECURE);
+PARTITION_DECLARE(TFM_SP_CORE_TEST_2, 0
+ , "APPLICATION-ROT", 0x00000003, NORMAL);
PARTITION_ADD_INIT_FUNC(TFM_SP_CORE_TEST_2, core_test_2_init);
#endif /* TFM_PARTITION_TEST_CORE */
#ifdef TFM_PARTITION_TEST_SST
/******** TFM_SP_SST_TEST_PARTITION ********/
-PARTITION_DECLARE(TFM_SP_SST_TEST_PARTITION, SPM_PART_FLAG_SECURE | SPM_PART_FLAG_TRUSTED);
+PARTITION_DECLARE(TFM_SP_SST_TEST_PARTITION, 0
+ , "PSA-ROT", 0x00000004, NORMAL);
PARTITION_ADD_INIT_FUNC(TFM_SP_SST_TEST_PARTITION, sst_test_service_init);
#endif /* TFM_PARTITION_TEST_SST */
#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
/******** TFM_SP_SECURE_TEST_PARTITION ********/
-PARTITION_DECLARE(TFM_SP_SECURE_TEST_PARTITION, SPM_PART_FLAG_SECURE | SPM_PART_FLAG_TRUSTED);
+PARTITION_DECLARE(TFM_SP_SECURE_TEST_PARTITION, 0
+ , "PSA-ROT", 0x00000005, NORMAL);
PARTITION_ADD_INIT_FUNC(TFM_SP_SECURE_TEST_PARTITION, tfm_secure_client_service_init);
PARTITION_ADD_PERIPHERAL(TFM_SP_SECURE_TEST_PARTITION, TFM_PERIPHERAL_STD_UART);
#endif /* TFM_PARTITION_TEST_SECURE_SERVICES */
#ifdef TFM_PSA_API
/******** TFM_SP_IPC_SERVICE_TEST ********/
-PARTITION_DECLARE(TFM_SP_IPC_SERVICE_TEST, SPM_PART_FLAG_SECURE);
+PARTITION_DECLARE(TFM_SP_IPC_SERVICE_TEST, 0
+ | SPM_PART_FLAG_IPC
+ , "APPLICATION-ROT", 0x00000007, HIGH);
PARTITION_ADD_INIT_FUNC(TFM_SP_IPC_SERVICE_TEST, ipc_service_test_main);
#endif /* TFM_PSA_API */
#ifdef TFM_PSA_API
/******** TFM_SP_IPC_CLIENT_TEST ********/
-PARTITION_DECLARE(TFM_SP_IPC_CLIENT_TEST, SPM_PART_FLAG_SECURE);
+PARTITION_DECLARE(TFM_SP_IPC_CLIENT_TEST, 0
+ | SPM_PART_FLAG_IPC
+ , "APPLICATION-ROT", 0x00000006, NORMAL);
PARTITION_ADD_INIT_FUNC(TFM_SP_IPC_CLIENT_TEST, ipc_client_init);
#endif /* TFM_PSA_API */
diff --git a/secure_fw/services/tfm_partition_list.inc.template b/secure_fw/services/tfm_partition_list.inc.template
index 7cc1993..5ab855e 100644
--- a/secure_fw/services/tfm_partition_list.inc.template
+++ b/secure_fw/services/tfm_partition_list.inc.template
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -14,18 +14,18 @@
@!GENERATOR_CONDITIONAL_START!@ @@attr.conditional@@
#ifdef @@attr.conditional@@
@!GENERATOR_CONDITIONAL_END!@
-/******** @@manifest.tfm_partition_name@@ ********/
-@!GENERATOR_CONDITIONAL_START!@ @@manifest.tfm_trusted@@
-PARTITION_DECLARE(@@manifest.tfm_partition_name@@, SPM_PART_FLAG_SECURE | SPM_PART_FLAG_TRUSTED);
-@!GENERATOR_CONDITIONAL_ELSE!@
-PARTITION_DECLARE(@@manifest.tfm_partition_name@@, SPM_PART_FLAG_SECURE);
+/******** @@manifest.name@@ ********/
+PARTITION_DECLARE(@@manifest.name@@, 0
+@!GENERATOR_CONDITIONAL_START!@ @@manifest.tfm_partition_ipc@@
+ | SPM_PART_FLAG_IPC
@!GENERATOR_CONDITIONAL_END!@
-PARTITION_ADD_INIT_FUNC(@@manifest.tfm_partition_name@@, @@manifest.tfm_init_symbol@@);
+ , "@@manifest.type@@", @@manifest.id@@, @@manifest.priority@@);
+PARTITION_ADD_INIT_FUNC(@@manifest.name@@, @@manifest.entry_point@@);
@!GENERATOR_CONDITIONAL_START!@ @@manifest.mmio_regions.conditional@@
#ifdef @@manifest.mmio_regions.conditional@@
@!GENERATOR_CONDITIONAL_END!@
@!GENERATOR_CONDITIONAL_START!@ @@manifest.mmio_regions.name@@
-PARTITION_ADD_PERIPHERAL(@@manifest.tfm_partition_name@@, @@manifest.mmio_regions.name@@);
+PARTITION_ADD_PERIPHERAL(@@manifest.name@@, @@manifest.mmio_regions.name@@);
@!GENERATOR_CONDITIONAL_END!@
@!GENERATOR_CONDITIONAL_START!@ @@manifest.mmio_regions.conditional@@
#endif /* @@manifest.mmio_regions.conditional@@ */
diff --git a/secure_fw/services/tfm_service_list.inc b/secure_fw/services/tfm_service_list.inc
new file mode 100644
index 0000000..eb29c06
--- /dev/null
+++ b/secure_fw/services/tfm_service_list.inc
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+/*********** WARNING: This is an auto-generated file. Do not edit! ***********/
+
+#ifndef __TFM_SERVICE_LIST_INC__
+#define __TFM_SERVICE_LIST_INC__
+
+/******** TFM_SP_STORAGE ********/
+
+/******** TFM_SP_AUDIT_LOG ********/
+
+/******** TFM_SP_CRYPTO ********/
+
+/******** TFM_SP_PLATFORM ********/
+
+/******** TFM_SP_INITIAL_ATTESTATION ********/
+
+#ifdef TFM_PARTITION_TEST_CORE
+/******** TFM_SP_CORE_TEST ********/
+#endif /* TFM_PARTITION_TEST_CORE */
+
+#ifdef TFM_PARTITION_TEST_CORE
+/******** TFM_SP_CORE_TEST_2 ********/
+#endif /* TFM_PARTITION_TEST_CORE */
+
+#ifdef TFM_PARTITION_TEST_SST
+/******** TFM_SP_SST_TEST_PARTITION ********/
+#endif /* TFM_PARTITION_TEST_SST */
+
+#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
+/******** TFM_SP_SECURE_TEST_PARTITION ********/
+#endif /* TFM_PARTITION_TEST_SECURE_SERVICES */
+
+#ifdef TFM_PSA_API
+/******** TFM_SP_IPC_SERVICE_TEST ********/
+{"IPC_SID_BASIC", TFM_SP_IPC_SERVICE_TEST_ID, IPC_BASIC_SIGNAL, 0x00001000, true, 1, TFM_VERSION_POLICY_STRICT},
+#endif /* TFM_PSA_API */
+
+#ifdef TFM_PSA_API
+/******** TFM_SP_IPC_CLIENT_TEST ********/
+#endif /* TFM_PSA_API */
+
+#endif /* __TFM_SERVICE_LIST_INC__ */
diff --git a/secure_fw/services/tfm_service_list.inc.template b/secure_fw/services/tfm_service_list.inc.template
new file mode 100644
index 0000000..f247fec
--- /dev/null
+++ b/secure_fw/services/tfm_service_list.inc.template
@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+@!GENERATOR_DONOTEDIT_WARNING!@
+
+#ifndef __TFM_SERVICE_LIST_INC__
+#define __TFM_SERVICE_LIST_INC__
+
+@!GENERATOR_BLOCK_START!@
+@!GENERATOR_CONDITIONAL_START!@ @@attr.conditional@@
+#ifdef @@attr.conditional@@
+@!GENERATOR_CONDITIONAL_END!@
+/******** @@manifest.name@@ ********/
+@!GENERATOR_CONDITIONAL_START!@ @@manifest.services@@
+{"@@manifest.services.name@@", @@manifest.name@@_ID, @@manifest.services.signal@@, @@manifest.services.sid@@, @@manifest.services.non_secure_clients@@, @@manifest.services.minor_version@@, TFM_VERSION_POLICY_@@manifest.services.minor_policy@@},
+@!GENERATOR_CONDITIONAL_END!@
+@!GENERATOR_CONDITIONAL_START!@ @@attr.conditional@@
+#endif /* @@attr.conditional@@ */
+@!GENERATOR_CONDITIONAL_END!@
+
+@!GENERATOR_BLOCK_END!@
+#endif /* __TFM_SERVICE_LIST_INC__ */
diff --git a/secure_fw/services/tfm_sfid_list.inc b/secure_fw/services/tfm_sfid_list.inc
deleted file mode 100644
index 4681697..0000000
--- a/secure_fw/services/tfm_sfid_list.inc
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
- * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-/*********** WARNING: This is an auto-generated file. Do not edit! ***********/
-
-#ifndef __TFM_SFID_LIST_INC__
-#define __TFM_SFID_LIST_INC__
-
- /******** TFM_SP_STORAGE ********/
- {sst_am_create, SST_AM_CREATE_SFID},
- {sst_am_get_info, SST_AM_GET_INFO_SFID},
- {sst_am_get_attributes, SST_AM_GET_ATTRIBUTES_SFID},
- {sst_am_set_attributes, SST_AM_SET_ATTRIBUTES_SFID},
- {sst_am_read, SST_AM_READ_SFID},
- {sst_am_write, SST_AM_WRITE_SFID},
- {sst_am_delete, SST_AM_DELETE_SFID},
-
- /******** TFM_SP_AUDIT_LOG ********/
- {audit_core_retrieve_record, TFM_AUDIT_RETRIEVE_RECORD_SFID},
- {audit_core_add_record, TFM_AUDIT_ADD_RECORD_SFID},
- {audit_core_get_info, TFM_AUDIT_GET_INFO_SFID},
- {audit_core_get_record_info, TFM_AUDIT_GET_RECORD_INFO_SFID},
- {audit_core_delete_record, TFM_AUDIT_DELETE_RECORD_SFID},
-
- /******** TFM_SP_CRYPTO ********/
- {tfm_crypto_alloc_operation, TFM_CRYPTO_ALLOC_OPERATION_SFID},
- {tfm_crypto_check_operation, TFM_CRYPTO_CHECK_OPERATION_SFID},
- {tfm_crypto_release_operation, TFM_CRYPTO_RELEASE_OPERATION_SFID},
- {tfm_crypto_import_key, TFM_CRYPTO_IMPORT_KEY_SFID},
- {tfm_crypto_destroy_key, TFM_CRYPTO_DESTROY_KEY_SFID},
- {tfm_crypto_get_key_information, TFM_CRYPTO_GET_KEY_INFORMATION_SFID},
- {tfm_crypto_export_key, TFM_CRYPTO_EXPORT_KEY_SFID},
- {tfm_crypto_encrypt_set_iv, TFM_CRYPTO_ENCRYPT_SET_IV_SFID},
- {tfm_crypto_encrypt_setup, TFM_CRYPTO_ENCRYPT_SETUP_SFID},
- {tfm_crypto_decrypt_setup, TFM_CRYPTO_DECRYPT_SETUP_SFID},
- {tfm_crypto_cipher_update_wrapper, TFM_CRYPTO_CIPHER_UPDATE_SFID},
- {tfm_crypto_cipher_abort, TFM_CRYPTO_CIPHER_ABORT_SFID},
- {tfm_crypto_cipher_finish, TFM_CRYPTO_CIPHER_FINISH_SFID},
- {tfm_crypto_hash_start, TFM_CRYPTO_HASH_START_SFID},
- {tfm_crypto_hash_update, TFM_CRYPTO_HASH_UPDATE_SFID},
- {tfm_crypto_hash_finish, TFM_CRYPTO_HASH_FINISH_SFID},
- {tfm_crypto_hash_verify, TFM_CRYPTO_HASH_VERIFY_SFID},
- {tfm_crypto_hash_abort, TFM_CRYPTO_HASH_ABORT_SFID},
-
- /******** TFM_SP_PLATFORM ********/
- {platform_sp_system_reset, TFM_SP_PLATFORM_SYSTEM_RESET_SFID},
-
- /******** TFM_SP_INITIAL_ATTESTATION ********/
- {attest_get_token, TFM_ATTEST_GET_TOKEN_SFID},
-
-#ifdef TFM_PARTITION_TEST_CORE
- /******** TFM_SP_CORE_TEST ********/
- {spm_core_test_sfn, TFM_CORE_TEST_SFN_SFID},
- {spm_core_test_sfn_init_success, TFM_CORE_TEST_SFN_INIT_SUCCESS_SFID},
- {spm_core_test_sfn_direct_recursion, TFM_CORE_TEST_SFN_DIRECT_RECURSION_SFID},
-#endif /* TFM_PARTITION_TEST_CORE */
-
-#ifdef TFM_PARTITION_TEST_CORE
- /******** TFM_SP_CORE_TEST_2 ********/
- {spm_core_test_2_slave_service, TFM_CORE_TEST_2_SFN_SLAVE_SERVICE_SFID},
- {spm_core_test_2_sfn_invert, TFM_CORE_TEST_2_SFN_INVERT_SFID},
- {spm_core_test_2_check_caller_client_id, TFM_CORE_TEST_2_SFN_CHECK_CALLER_CLIENT_ID_SFID},
-#endif /* TFM_PARTITION_TEST_CORE */
-
-#ifdef TFM_PARTITION_TEST_SST
- /******** TFM_SP_SST_TEST_PARTITION ********/
- {sst_test_service_sfn_setup, TFM_SST_TEST_SFN_SETUP_SFID},
- {sst_test_service_sfn_dummy_encrypt, TFM_SST_TEST_SFN_DUMMY_ENCRYPT_SFID},
- {sst_test_service_sfn_dummy_decrypt, TFM_SST_TEST_SFN_DUMMY_DECRYPT_SFID},
- {sst_test_service_sfn_clean, TFM_SST_TEST_SFN_CLEAN_SFID},
-#endif /* TFM_PARTITION_TEST_SST */
-
-#ifdef TFM_PARTITION_TEST_SECURE_SERVICES
- /******** TFM_SP_SECURE_TEST_PARTITION ********/
- {tfm_secure_client_service_sfn_run_tests, TFM_SECURE_CLIENT_SFN_RUN_TESTS_SFID},
-#endif /* TFM_PARTITION_TEST_SECURE_SERVICES */
-
-#ifdef TFM_PSA_API
- /******** TFM_SP_IPC_SERVICE_TEST ********/
- {ipc_service_call, IPC_SERVICE_CALL_SFID},
-#endif /* TFM_PSA_API */
-
-#ifdef TFM_PSA_API
- /******** TFM_SP_IPC_CLIENT_TEST ********/
- {False, False},
-#endif /* TFM_PSA_API */
-
-#endif /* __TFM_SFID_LIST_INC__ */
diff --git a/secure_fw/services/tfm_sfid_list.inc.template b/secure_fw/services/tfm_sfid_list.inc.template
deleted file mode 100644
index 7f9bb92..0000000
--- a/secure_fw/services/tfm_sfid_list.inc.template
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-@!GENERATOR_DONOTEDIT_WARNING!@
-
-#ifndef __TFM_SFID_LIST_INC__
-#define __TFM_SFID_LIST_INC__
-
-@!GENERATOR_BLOCK_START!@
-@!GENERATOR_CONDITIONAL_START!@ @@attr.conditional@@
-#ifdef @@attr.conditional@@
-@!GENERATOR_CONDITIONAL_END!@
- /******** @@manifest.tfm_partition_name@@ ********/
- {@@manifest.secure_functions.tfm_symbol@@, @@manifest.secure_functions.sfid@@},
-@!GENERATOR_CONDITIONAL_START!@ @@attr.conditional@@
-#endif /* @@attr.conditional@@ */
-@!GENERATOR_CONDITIONAL_END!@
-
-@!GENERATOR_BLOCK_END!@
-#endif /* __TFM_SFID_LIST_INC__ */
diff --git a/secure_fw/spm/spm_api.c b/secure_fw/spm/spm_api.c
index 2aeb903..3167e5a 100644
--- a/secure_fw/spm/spm_api.c
+++ b/secure_fw/spm/spm_api.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2017-2019, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -118,7 +118,7 @@
g_spm_partition_db.partition_count]);
part_ptr->static_data.partition_id = TFM_SP_CORE_ID;
part_ptr->static_data.partition_flags =
- SPM_PART_FLAG_SECURE | SPM_PART_FLAG_TRUSTED;
+ SPM_PART_FLAG_APP_ROT | SPM_PART_FLAG_PSA_ROT;
part_ptr->runtime_data.partition_state = SPM_PARTITION_STATE_UNINIT;
++g_spm_partition_db.partition_count;
@@ -141,6 +141,11 @@
/* Call the init function for each partition */
for (idx = 0; idx < g_spm_partition_db.partition_count; ++idx) {
part = &g_spm_partition_db.partitions[idx];
+#ifdef TFM_PSA_API
+ if (part->static_data.partition_flags & SPM_PART_FLAG_IPC) {
+ continue;
+ }
+#endif
tfm_spm_hal_configure_default_isolation(part->platform_data);
if (part->static_data.partition_init == NULL) {
tfm_spm_partition_set_state(idx, SPM_PARTITION_STATE_IDLE);
diff --git a/secure_fw/spm/spm_api.h b/secure_fw/spm/spm_api.h
index f0034af..c3f7414 100644
--- a/secure_fw/spm/spm_api.h
+++ b/secure_fw/spm/spm_api.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2017-2019, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -32,8 +32,9 @@
};
enum spm_part_flag_mask_t {
- SPM_PART_FLAG_SECURE = 0x01,
- SPM_PART_FLAG_TRUSTED = 0x02,
+ SPM_PART_FLAG_APP_ROT = 0x01,
+ SPM_PART_FLAG_PSA_ROT = 0x02,
+ SPM_PART_FLAG_IPC = 0x04
};
/**
diff --git a/secure_fw/spm/spm_db.h b/secure_fw/spm/spm_db.h
index 4b3b413..cba1446 100644
--- a/secure_fw/spm/spm_db.h
+++ b/secure_fw/spm/spm_db.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2017-2019, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -8,8 +8,36 @@
#ifndef __SPM_DB_H__
#define __SPM_DB_H__
+#ifdef TFM_PSA_API
+#include "tfm_thread.h"
+#endif
+
+struct spm_partition_desc_t;
+struct spm_partition_db_t;
+
+uint32_t get_partition_idx(uint32_t partition_id);
+
typedef int32_t(*sp_init_function)(void);
+#define TFM_PARTITION_TYPE_APP "APPLICATION-ROT"
+#define TFM_PARTITION_TYPE_PSA "PSA-ROT"
+
+#ifdef TFM_PSA_API
+enum tfm_partition_priority {
+ TFM_PRIORITY_LOW = THRD_PRIOR_LOWEST,
+ TFM_PRIORITY_NORMAL = THRD_PRIOR_MEDIUM,
+ TFM_PRIORITY_HIGH = THRD_PRIOR_HIGHEST,
+};
+#else
+enum tfm_partition_priority {
+ TFM_PRIORITY_LOW = 0xFF,
+ TFM_PRIORITY_NORMAL = 0x7F,
+ TFM_PRIORITY_HIGH = 0,
+};
+#endif
+
+#define TFM_PRIORITY(LEVEL) TFM_PRIORITY_##LEVEL
+
/**
* Holds the fields of the partition DB used by the SPM code. The values of
* these fields are calculated at compile time, and set during initialisation
@@ -18,6 +46,7 @@
struct spm_partition_static_data_t {
uint32_t partition_id;
uint32_t partition_flags;
+ uint32_t partition_priority;
sp_init_function partition_init;
};
diff --git a/secure_fw/spm/spm_db_setup.h b/secure_fw/spm/spm_db_setup.h
index d36f8cf..217cfaa 100644
--- a/secure_fw/spm/spm_db_setup.h
+++ b/secure_fw/spm/spm_db_setup.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -31,10 +31,11 @@
struct spm_partition_desc_t partitions[SPM_MAX_PARTITIONS];
};
-#define PARTITION_INIT_STATIC_DATA(data, partition, flags) \
- do { \
- data.partition_id = partition##_ID; \
- data.partition_flags = flags; \
+#define PARTITION_INIT_STATIC_DATA(data, partition, flags, id, priority) \
+ do { \
+ data.partition_id = partition##_ID; \
+ data.partition_flags = flags; \
+ data.partition_priority = TFM_PRIORITY(priority); \
} while (0)
#if TFM_LVL == 1
@@ -70,7 +71,7 @@
} while (0)
#endif
-#define PARTITION_DECLARE(partition, flags) \
+#define PARTITION_DECLARE(partition, flag, type, id, priority) \
do { \
REGION_DECLARE(Image$$, partition, $$Base); \
REGION_DECLARE(Image$$, partition, $$Limit); \
@@ -82,13 +83,24 @@
REGION_DECLARE(Image$$, partition, _DATA$$ZI$$Limit); \
REGION_DECLARE(Image$$, partition, _STACK$$ZI$$Base); \
REGION_DECLARE(Image$$, partition, _STACK$$ZI$$Limit); \
+ int32_t flags = flag; \
+ if (tfm_memcmp(type, TFM_PARTITION_TYPE_APP, \
+ strlen(TFM_PARTITION_TYPE_APP)) == 0) { \
+ flags |= SPM_PART_FLAG_APP_ROT; \
+ } else if (tfm_memcmp(type, TFM_PARTITION_TYPE_PSA, \
+ strlen(TFM_PARTITION_TYPE_PSA)) == 0) { \
+ flags |= SPM_PART_FLAG_PSA_ROT | SPM_PART_FLAG_APP_ROT; \
+ } else { \
+ return SPM_ERR_INVALID_CONFIG; \
+ } \
struct spm_partition_desc_t *part_ptr; \
if (g_spm_partition_db.partition_count >= SPM_MAX_PARTITIONS) { \
return SPM_ERR_INVALID_CONFIG; \
} \
part_ptr = &(g_spm_partition_db.partitions[ \
g_spm_partition_db.partition_count]); \
- PARTITION_INIT_STATIC_DATA(part_ptr->static_data, partition, flags); \
+ PARTITION_INIT_STATIC_DATA(part_ptr->static_data, partition, flags, \
+ id, priority); \
PARTITION_INIT_RUNTIME_DATA(part_ptr->runtime_data, partition); \
PARTITION_INIT_MEMORY_DATA(part_ptr->memory_data, partition); \
++g_spm_partition_db.partition_count; \