TF-M Reference Manual  1.2.0
TrustedFirmware-M
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
tfm_ps_secure_api.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  *
6  */
7 
9 #include "tfm_veneers.h"
10 #ifdef TFM_PSA_API
11 #include "psa_manifest/sid.h"
12 #endif
13 
14 #define IOVEC_LEN(x) (sizeof(x)/sizeof(x[0]))
15 
16 __attribute__((section("SFN")))
18  size_t data_length,
19  const void *p_data,
20  psa_storage_create_flags_t create_flags)
21 {
22  psa_status_t status;
23 #ifdef TFM_PSA_API
24  psa_handle_t handle;
25 #endif
26 
27  psa_invec in_vec[] = {
28  { .base = &uid, .len = sizeof(uid) },
29  { .base = p_data, .len = data_length },
30  { .base = &create_flags, .len = sizeof(create_flags) }
31  };
32 
33 #ifdef TFM_PSA_API
35  if (!PSA_HANDLE_IS_VALID(handle)) {
37  }
38 
39  status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec),
40  NULL, 0);
41 
42  psa_close(handle);
43 
44 #else
45  status = tfm_tfm_ps_set_req_veneer(in_vec, IOVEC_LEN(in_vec),
46  NULL, 0);
47 #endif
48 
49  /* A parameter with a buffer pointer pointer that has data length longer
50  * than maximum permitted is treated as a secure violation.
51  * TF-M framework rejects the request with TFM_ERROR_INVALID_PARAMETER.
52  */
55  }
56 
57  return status;
58 }
59 
60 __attribute__((section("SFN")))
62  size_t data_offset,
63  size_t data_size,
64  void *p_data,
65  size_t *p_data_length)
66 {
67  psa_status_t status;
68 #ifdef TFM_PSA_API
69  psa_handle_t handle;
70 #endif
71 
72  psa_invec in_vec[] = {
73  { .base = &uid, .len = sizeof(uid) },
74  { .base = &data_offset, .len = sizeof(data_offset) }
75  };
76 
77  psa_outvec out_vec[] = {
78  { .base = p_data, .len = data_size }
79  };
80 
81  if (p_data_length == NULL) {
83  }
84 #ifdef TFM_PSA_API
86  if (!PSA_HANDLE_IS_VALID(handle)) {
88  }
89 
90  status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
91  IOVEC_LEN(out_vec));
92 
93  psa_close(handle);
94 
95 #else
96  status = tfm_tfm_ps_get_req_veneer(in_vec, IOVEC_LEN(in_vec),
97  out_vec, IOVEC_LEN(out_vec));
98 
99 #endif
100 
101  /* A parameter with a buffer pointer pointer that has data length longer
102  * than maximum permitted is treated as a secure violation.
103  * TF-M framework rejects the request with TFM_ERROR_INVALID_PARAMETER.
104  */
105  if (status == (psa_status_t)TFM_ERROR_INVALID_PARAMETER) {
107  }
108 
109  *p_data_length = out_vec[0].len;
110 
111  return status;
112 }
113 
114 __attribute__((section("SFN")))
116  struct psa_storage_info_t *p_info)
117 {
118  psa_status_t status;
119 #ifdef TFM_PSA_API
120  psa_handle_t handle;
121 #endif
122 
123  psa_invec in_vec[] = {
124  { .base = &uid, .len = sizeof(uid) }
125  };
126 
127  psa_outvec out_vec[] = {
128  { .base = p_info, .len = sizeof(*p_info) }
129  };
130 
131 #ifdef TFM_PSA_API
133  if (!PSA_HANDLE_IS_VALID(handle)) {
135  }
136 
137  status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), out_vec,
138  IOVEC_LEN(out_vec));
139 
140  psa_close(handle);
141 
142 #else
143  status = tfm_tfm_ps_get_info_req_veneer(in_vec, IOVEC_LEN(in_vec),
144  out_vec, IOVEC_LEN(out_vec));
145 #endif
146 
147  if (status == (psa_status_t)TFM_ERROR_INVALID_PARAMETER) {
149  }
150  return status;
151 }
152 
153 __attribute__((section("SFN")))
155 {
156  psa_status_t status;
157 #ifdef TFM_PSA_API
158  psa_handle_t handle;
159 #endif
160 
161  psa_invec in_vec[] = {
162  { .base = &uid, .len = sizeof(uid) }
163  };
164 
165 #ifdef TFM_PSA_API
167  if (!PSA_HANDLE_IS_VALID(handle)) {
169  }
170 
171  status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec),
172  NULL, 0);
173 
174  psa_close(handle);
175 
176 #else
177  status = tfm_tfm_ps_remove_req_veneer(in_vec, IOVEC_LEN(in_vec),
178  NULL, 0);
179 
180 #endif
181 
182  if (status == (psa_status_t)TFM_ERROR_INVALID_PARAMETER) {
184  }
185  return status;
186 }
187 
188 __attribute__((section("SFN")))
190  psa_storage_create_flags_t create_flags)
191 {
192  (void)uid;
193  (void)size;
194  (void)create_flags;
195 
197 }
198 
199 __attribute__((section("SFN")))
201  size_t data_length, const void *p_data)
202 {
203  (void)uid;
204  (void)data_offset;
205  (void)data_length;
206  (void)p_data;
207 
209 }
210 
211 __attribute__((section("SFN")))
212 uint32_t psa_ps_get_support(void)
213 {
214  /* Initialise support_flags to a sensible default, to avoid returning an
215  * uninitialised value in case the secure function fails.
216  */
217  uint32_t support_flags = 0;
218 #ifdef TFM_PSA_API
219  psa_handle_t handle;
220 #endif
221 
222  psa_outvec out_vec[] = {
223  { .base = &support_flags, .len = sizeof(support_flags) }
224  };
225 
226  /* The PSA API does not return an error, so any error from TF-M is
227  * ignored.
228  */
229 #ifdef TFM_PSA_API
231  if (!PSA_HANDLE_IS_VALID(handle)) {
232  return support_flags;
233  }
234 
235  (void)psa_call(handle, PSA_IPC_CALL, NULL, 0, out_vec, IOVEC_LEN(out_vec));
236 
237  psa_close(handle);
238 #else
239  (void)tfm_tfm_ps_get_support_req_veneer(NULL, 0,
240  out_vec, IOVEC_LEN(out_vec));
241 #endif
242 
243  return support_flags;
244 }
#define TFM_PS_GET_INFO_VERSION
Definition: sid.h:23
#define TFM_PS_REMOVE_SID
Definition: sid.h:24
psa_status_t psa_ps_create(psa_storage_uid_t uid, size_t size, psa_storage_create_flags_t create_flags)
Reserves storage for the specified uid.
void * base
Definition: client.h:75
#define TFM_PS_SET_SID
Definition: sid.h:18
#define TFM_PS_REMOVE_VERSION
Definition: sid.h:25
#define TFM_PS_GET_VERSION
Definition: sid.h:21
void psa_close(psa_handle_t handle)
Close a connection to an RoT Service.
Definition: psa_client.c:63
#define TFM_PS_GET_SUPPORT_SID
Definition: sid.h:26
uint32_t psa_ps_get_support(void)
Lists optional features.
psa_status_t psa_ps_remove(psa_storage_uid_t uid)
Remove the provided uid and its associated data from the storage.
psa_status_t psa_ps_set(psa_storage_uid_t uid, size_t data_length, const void *p_data, psa_storage_create_flags_t create_flags)
Create a new, or modify an existing, uid/value pair.
#define PSA_ERROR_GENERIC_ERROR
Definition: crypto_values.h:43
#define PSA_ERROR_INVALID_ARGUMENT
psa_handle_t psa_connect(uint32_t sid, uint32_t version)
Connect to an RoT Service by its SID.
Definition: psa_client.c:30
#define PSA_HANDLE_IS_VALID(handle)
Definition: client.h:43
#define IOVEC_LEN(x)
#define TFM_PS_SET_VERSION
Definition: sid.h:19
#define TFM_PS_GET_SID
Definition: sid.h:20
psa_status_t psa_ps_get(psa_storage_uid_t uid, size_t data_offset, size_t data_size, void *p_data, size_t *p_data_length)
Retrieve data associated with a provided uid.
#define PSA_ERROR_NOT_SUPPORTED
Definition: crypto_values.h:52
#define TFM_PS_GET_SUPPORT_VERSION
Definition: sid.h:27
#define TFM_PS_GET_INFO_SID
Definition: sid.h:22
size_t len
Definition: client.h:76
int32_t psa_handle_t
Definition: client.h:61
uint64_t psa_storage_uid_t
#define PSA_IPC_CALL
Definition: client.h:59
const void * base
Definition: client.h:67
uint32_t psa_storage_create_flags_t
psa_status_t psa_ps_get_info(psa_storage_uid_t uid, struct psa_storage_info_t *p_info)
Retrieve the metadata about the provided uid.
int32_t psa_status_t
Function return status.
Definition: crypto_types.h:43
psa_status_t psa_call(psa_handle_t handle, int32_t type, const psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len)
Call an RoT Service on an established connection.
Definition: psa_client.c:47
psa_status_t psa_ps_set_extended(psa_storage_uid_t uid, size_t data_offset, size_t data_length, const void *p_data)
Sets partial data into an asset.