SPM: Introduce GET_PARTITION_PRIVILEGED_MODE
This patch introduces a GET_PARTITION_PRIVILEGED_MODE to
replace the tfm_spm_partition_get_privileged_mode function.
Change-Id: I7da33f8990695652413899390ffe397c2bef7d7e
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
diff --git a/secure_fw/spm/cmsis_psa/spm_ipc.c b/secure_fw/spm/cmsis_psa/spm_ipc.c
index 83b1080..1548979 100755
--- a/secure_fw/spm/cmsis_psa/spm_ipc.c
+++ b/secure_fw/spm/cmsis_psa/spm_ipc.c
@@ -267,19 +267,6 @@
return msg;
}
-uint32_t tfm_spm_partition_get_privileged_mode(uint32_t partition_flags)
-{
-#if TFM_LVL == 1
- return TFM_PARTITION_PRIVILEGED_MODE;
-#else /* TFM_LVL == 1 */
- if (partition_flags & PARTITION_MODEL_PSA_ROT) {
- return TFM_PARTITION_PRIVILEGED_MODE;
- } else {
- return TFM_PARTITION_UNPRIVILEGED_MODE;
- }
-#endif /* TFM_LVL == 1 */
-}
-
struct service_t *tfm_spm_get_service_by_sid(uint32_t sid)
{
struct service_t *p_prev, *p_curr;
@@ -563,7 +550,7 @@
tfm_core_panic();
}
- return tfm_spm_partition_get_privileged_mode(partition->p_ldinf->flags);
+ return GET_PARTITION_PRIVILEGED_MODE(partition->p_ldinf);
}
int32_t tfm_spm_get_client_id(bool ns_caller)
diff --git a/secure_fw/spm/cmsis_psa/spm_ipc.h b/secure_fw/spm/cmsis_psa/spm_ipc.h
index 08786da..a960b60 100644
--- a/secure_fw/spm/cmsis_psa/spm_ipc.h
+++ b/secure_fw/spm/cmsis_psa/spm_ipc.h
@@ -16,6 +16,7 @@
#include "tfm_secure_api.h"
#include "thread.h"
#include "psa/service.h"
+#include "load/partition_defs.h"
#include "load/interrupt_defs.h"
#define TFM_HANDLE_STATUS_IDLE 0
@@ -28,6 +29,14 @@
#define TFM_PARTITION_UNPRIVILEGED_MODE (0U)
#define TFM_PARTITION_PRIVILEGED_MODE (1U)
+#if TFM_LVL == 1
+#define GET_PARTITION_PRIVILEGED_MODE(p_ldinf) TFM_PARTITION_PRIVILEGED_MODE
+#else
+#define GET_PARTITION_PRIVILEGED_MODE(p_ldinf) \
+ (IS_PARTITION_PSA_ROT(p_ldinf) ? TFM_PARTITION_PRIVILEGED_MODE : \
+ TFM_PARTITION_UNPRIVILEGED_MODE)
+#endif
+
/*
* Set a number limit for stateless handle.
* Valid handle must be positive, set client handle minimum value to 1.
@@ -149,16 +158,6 @@
};
/**
- * \brief Get the privileged mode of Partition.
- *
- * \param[in] partition_flags Flags of the Partition
- *
- * \retval TFM_PARTITION_PRIVILEGED_MODE Privileged mode
- * \retval TFM_PARTITION_UNPRIVILEGED_MODE Unprivileged mode
- */
-uint32_t tfm_spm_partition_get_privileged_mode(uint32_t partition_flags);
-
-/**
* \brief Get the running partition ID.
*
* \return Returns the partition ID
diff --git a/secure_fw/spm/ffm/interrupt.c b/secure_fw/spm/ffm/interrupt.c
index 920554c..79047cc 100644
--- a/secure_fw/spm/ffm/interrupt.c
+++ b/secure_fw/spm/ffm/interrupt.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2022, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -144,7 +144,7 @@
flih_result = PSA_FLIH_SIGNAL;
} else {
/* FLIH Model Handling */
- if (tfm_spm_partition_get_privileged_mode(p_part->p_ldinf->flags) ==
+ if (GET_PARTITION_PRIVILEGED_MODE(p_part->p_ldinf) ==
TFM_PARTITION_PRIVILEGED_MODE) {
flih_result = p_ildi->flih_func();
} else {
diff --git a/secure_fw/spm/ffm/psa_api.c b/secure_fw/spm/ffm/psa_api.c
index 7b8342b..28da0c5 100644
--- a/secure_fw/spm/ffm/psa_api.c
+++ b/secure_fw/spm/ffm/psa_api.c
@@ -504,8 +504,7 @@
if (!partition) {
tfm_core_panic();
}
- privileged = tfm_spm_partition_get_privileged_mode(
- partition->p_ldinf->flags);
+ privileged = GET_PARTITION_PRIVILEGED_MODE(partition->p_ldinf);
/*
* Write the message to the service buffer. It is a fatal error if the
@@ -555,8 +554,7 @@
{
size_t bytes;
struct tfm_msg_body_t *msg = NULL;
- uint32_t privileged;
- struct partition_t *partition = NULL;
+ uint32_t priv_mode;
/* It is a fatal error if message handle is invalid */
msg = tfm_spm_get_msg_from_handle(msg_handle);
@@ -564,9 +562,7 @@
tfm_core_panic();
}
- partition = msg->service->partition;
- privileged = tfm_spm_partition_get_privileged_mode(
- partition->p_ldinf->flags);
+ priv_mode = GET_PARTITION_PRIVILEGED_MODE(msg->service->partition->p_ldinf);
/*
* It is a fatal error if message handle does not refer to a request
@@ -606,7 +602,7 @@
* if the memory reference for buffer is invalid or not read-write.
*/
if (tfm_memory_check(buffer, num_bytes, false,
- TFM_MEMORY_ACCESS_RW, privileged) != SPM_SUCCESS) {
+ TFM_MEMORY_ACCESS_RW, priv_mode) != SPM_SUCCESS) {
tfm_core_panic();
}
@@ -686,8 +682,7 @@
const void *buffer, size_t num_bytes)
{
struct tfm_msg_body_t *msg = NULL;
- uint32_t privileged;
- struct partition_t *partition = NULL;
+ uint32_t priv_mode;
/* It is a fatal error if message handle is invalid */
msg = tfm_spm_get_msg_from_handle(msg_handle);
@@ -695,9 +690,7 @@
tfm_core_panic();
}
- partition = msg->service->partition;
- privileged = tfm_spm_partition_get_privileged_mode(
- partition->p_ldinf->flags);
+ priv_mode = GET_PARTITION_PRIVILEGED_MODE(msg->service->partition->p_ldinf);
/*
* It is a fatal error if message handle does not refer to a request
@@ -741,7 +734,7 @@
* if the memory reference for buffer is invalid or not readable.
*/
if (tfm_memory_check(buffer, num_bytes, false,
- TFM_MEMORY_ACCESS_RO, privileged) != SPM_SUCCESS) {
+ TFM_MEMORY_ACCESS_RO, priv_mode) != SPM_SUCCESS) {
tfm_core_panic();
}
@@ -1066,8 +1059,7 @@
}
partition = msg->service->partition;
- privileged = tfm_spm_partition_get_privileged_mode(
- partition->p_ldinf->flags);
+ privileged = GET_PARTITION_PRIVILEGED_MODE(partition->p_ldinf);
/*
* It is a fatal error if MM-IOVEC has not been enabled for the RoT
@@ -1196,8 +1188,7 @@
}
partition = msg->service->partition;
- privileged = tfm_spm_partition_get_privileged_mode(
- partition->p_ldinf->flags);
+ privileged = GET_PARTITION_PRIVILEGED_MODE(partition->p_ldinf);
/*
* It is a fatal error if MM-IOVEC has not been enabled for the RoT
diff --git a/secure_fw/spm/ffm/tfm_boot_data.c b/secure_fw/spm/ffm/tfm_boot_data.c
index 1d0aeef..1d1af85 100644
--- a/secure_fw/spm/ffm/tfm_boot_data.c
+++ b/secure_fw/spm/ffm/tfm_boot_data.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2022, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -176,8 +176,7 @@
if (!partition) {
tfm_core_panic();
}
- privileged =
- tfm_spm_partition_get_privileged_mode(partition->p_ldinf->flags);
+ privileged = GET_PARTITION_PRIVILEGED_MODE(partition->p_ldinf);
if (tfm_memory_check(buf_start, buf_size, false, TFM_MEMORY_ACCESS_RW,
privileged) != SPM_SUCCESS) {