Kenji Arai
mbed-os5 only for TYBLE16
Dependents: TYBLE16_simple_data_logger TYBLE16_MP3_Air
components/TARGET_PSA/TARGET_TFM/COMPONENT_SPE/secure_fw/core/tfm_secure_api.h@1:9db0e321a9f4, 2019-12-31 (annotated)
- Committer:
- kenjiArai
- Date:
- Tue Dec 31 06:02:27 2019 +0000
- Revision:
- 1:9db0e321a9f4
- Parent:
- 0:5b88d5760320
updated based on mbed-os5.15.0
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| kenjiArai | 0:5b88d5760320 | 1 | /* |
| kenjiArai | 0:5b88d5760320 | 2 | * Copyright (c) 2017-2019, Arm Limited. All rights reserved. |
| kenjiArai | 0:5b88d5760320 | 3 | * |
| kenjiArai | 0:5b88d5760320 | 4 | * SPDX-License-Identifier: BSD-3-Clause |
| kenjiArai | 0:5b88d5760320 | 5 | * |
| kenjiArai | 0:5b88d5760320 | 6 | */ |
| kenjiArai | 0:5b88d5760320 | 7 | |
| kenjiArai | 0:5b88d5760320 | 8 | #ifndef __TFM_SECURE_API_H__ |
| kenjiArai | 0:5b88d5760320 | 9 | #define __TFM_SECURE_API_H__ |
| kenjiArai | 0:5b88d5760320 | 10 | |
| kenjiArai | 0:5b88d5760320 | 11 | #include <arm_cmse.h> |
| kenjiArai | 0:5b88d5760320 | 12 | #include "tfm_svc.h" |
| kenjiArai | 0:5b88d5760320 | 13 | #include "secure_utilities.h" |
| kenjiArai | 0:5b88d5760320 | 14 | #include "tfm_core.h" |
| kenjiArai | 0:5b88d5760320 | 15 | #include "tfm_api.h" |
| kenjiArai | 0:5b88d5760320 | 16 | #include "bl2/include/tfm_boot_status.h" |
| kenjiArai | 0:5b88d5760320 | 17 | |
| kenjiArai | 0:5b88d5760320 | 18 | /*! |
| kenjiArai | 0:5b88d5760320 | 19 | * \def __tfm_secure_gateway_attributes__ |
| kenjiArai | 0:5b88d5760320 | 20 | * |
| kenjiArai | 0:5b88d5760320 | 21 | * \brief Attributes for secure gateway functions |
| kenjiArai | 0:5b88d5760320 | 22 | */ |
| kenjiArai | 0:5b88d5760320 | 23 | #define __tfm_secure_gateway_attributes__ \ |
| kenjiArai | 0:5b88d5760320 | 24 | __attribute__((cmse_nonsecure_entry, noinline, section("SFN"))) |
| kenjiArai | 0:5b88d5760320 | 25 | |
| kenjiArai | 0:5b88d5760320 | 26 | /* Hide specific errors if not debugging */ |
| kenjiArai | 0:5b88d5760320 | 27 | #ifdef TFM_CORE_DEBUG |
| kenjiArai | 0:5b88d5760320 | 28 | #define TFM_ERROR_STATUS(status) (status) |
| kenjiArai | 0:5b88d5760320 | 29 | #else |
| kenjiArai | 0:5b88d5760320 | 30 | #define TFM_ERROR_STATUS(status) (TFM_PARTITION_BUSY) |
| kenjiArai | 0:5b88d5760320 | 31 | #endif |
| kenjiArai | 0:5b88d5760320 | 32 | |
| kenjiArai | 0:5b88d5760320 | 33 | #define TFM_SFN_API_LEGACY 0 |
| kenjiArai | 0:5b88d5760320 | 34 | #define TFM_SFN_API_IOVEC 1 |
| kenjiArai | 0:5b88d5760320 | 35 | |
| kenjiArai | 0:5b88d5760320 | 36 | #ifndef TFM_LVL |
| kenjiArai | 0:5b88d5760320 | 37 | #error TFM_LVL is not defined! |
| kenjiArai | 0:5b88d5760320 | 38 | #endif |
| kenjiArai | 0:5b88d5760320 | 39 | |
| kenjiArai | 0:5b88d5760320 | 40 | extern void tfm_secure_api_error_handler(void); |
| kenjiArai | 0:5b88d5760320 | 41 | |
| kenjiArai | 0:5b88d5760320 | 42 | typedef int32_t(*sfn_t)(int32_t, int32_t, int32_t, int32_t); |
| kenjiArai | 0:5b88d5760320 | 43 | |
| kenjiArai | 0:5b88d5760320 | 44 | struct tfm_sfn_req_s { |
| kenjiArai | 0:5b88d5760320 | 45 | uint32_t sp_id; |
| kenjiArai | 0:5b88d5760320 | 46 | sfn_t sfn; |
| kenjiArai | 0:5b88d5760320 | 47 | int32_t *args; |
| kenjiArai | 0:5b88d5760320 | 48 | uint32_t caller_part_idx; |
| kenjiArai | 0:5b88d5760320 | 49 | int32_t iovec_api; |
| kenjiArai | 0:5b88d5760320 | 50 | uint32_t ns_caller; |
| kenjiArai | 0:5b88d5760320 | 51 | }; |
| kenjiArai | 0:5b88d5760320 | 52 | |
| kenjiArai | 0:5b88d5760320 | 53 | enum tfm_buffer_share_region_e { |
| kenjiArai | 0:5b88d5760320 | 54 | TFM_BUFFER_SHARE_DISABLE, |
| kenjiArai | 0:5b88d5760320 | 55 | TFM_BUFFER_SHARE_NS_CODE, |
| kenjiArai | 0:5b88d5760320 | 56 | TFM_BUFFER_SHARE_SCRATCH, |
| kenjiArai | 0:5b88d5760320 | 57 | TFM_BUFFER_SHARE_PRIV, /* only for TCB in level 2, all in level 1 */ |
| kenjiArai | 0:5b88d5760320 | 58 | TFM_BUFFER_SHARE_DEFAULT, |
| kenjiArai | 0:5b88d5760320 | 59 | }; |
| kenjiArai | 0:5b88d5760320 | 60 | |
| kenjiArai | 0:5b88d5760320 | 61 | enum tfm_ns_region_e { |
| kenjiArai | 0:5b88d5760320 | 62 | TFM_NS_REGION_CODE = 0, |
| kenjiArai | 0:5b88d5760320 | 63 | TFM_NS_REGION_DATA, |
| kenjiArai | 0:5b88d5760320 | 64 | TFM_NS_REGION_VENEER, |
| kenjiArai | 0:5b88d5760320 | 65 | TFM_NS_REGION_PERIPH_1, |
| kenjiArai | 0:5b88d5760320 | 66 | TFM_NS_REGION_PERIPH_2, |
| kenjiArai | 0:5b88d5760320 | 67 | TFM_NS_SECONDARY_IMAGE_REGION, |
| kenjiArai | 0:5b88d5760320 | 68 | }; |
| kenjiArai | 0:5b88d5760320 | 69 | |
| kenjiArai | 0:5b88d5760320 | 70 | enum tfm_memory_access_e { |
| kenjiArai | 0:5b88d5760320 | 71 | TFM_MEMORY_ACCESS_RO = 1, |
| kenjiArai | 0:5b88d5760320 | 72 | TFM_MEMORY_ACCESS_RW = 2, |
| kenjiArai | 0:5b88d5760320 | 73 | }; |
| kenjiArai | 0:5b88d5760320 | 74 | |
| kenjiArai | 0:5b88d5760320 | 75 | extern int32_t tfm_core_set_buffer_area(enum tfm_buffer_share_region_e share); |
| kenjiArai | 0:5b88d5760320 | 76 | |
| kenjiArai | 0:5b88d5760320 | 77 | extern int32_t tfm_core_validate_secure_caller(void); |
| kenjiArai | 0:5b88d5760320 | 78 | |
| kenjiArai | 0:5b88d5760320 | 79 | extern int32_t tfm_core_get_caller_client_id(int32_t *caller_client_id); |
| kenjiArai | 0:5b88d5760320 | 80 | |
| kenjiArai | 0:5b88d5760320 | 81 | extern int32_t tfm_core_memory_permission_check(const void *ptr, |
| kenjiArai | 0:5b88d5760320 | 82 | uint32_t size, |
| kenjiArai | 0:5b88d5760320 | 83 | int32_t access); |
| kenjiArai | 0:5b88d5760320 | 84 | |
| kenjiArai | 0:5b88d5760320 | 85 | extern int32_t tfm_core_get_boot_data(uint8_t major_type, |
| kenjiArai | 0:5b88d5760320 | 86 | struct tfm_boot_data *boot_data, |
| kenjiArai | 0:5b88d5760320 | 87 | uint32_t len); |
| kenjiArai | 0:5b88d5760320 | 88 | |
| kenjiArai | 0:5b88d5760320 | 89 | int32_t tfm_core_sfn_request(const struct tfm_sfn_req_s *desc_ptr); |
| kenjiArai | 0:5b88d5760320 | 90 | |
| kenjiArai | 0:5b88d5760320 | 91 | int32_t tfm_core_sfn_request_thread_mode(struct tfm_sfn_req_s *desc_ptr); |
| kenjiArai | 0:5b88d5760320 | 92 | |
| kenjiArai | 0:5b88d5760320 | 93 | /** |
| kenjiArai | 0:5b88d5760320 | 94 | * \brief Check whether the current partition has read access to a memory range |
| kenjiArai | 0:5b88d5760320 | 95 | * |
| kenjiArai | 0:5b88d5760320 | 96 | * This function assumes, that the current MPU configuration is set for the |
| kenjiArai | 0:5b88d5760320 | 97 | * partition to be checked. |
| kenjiArai | 0:5b88d5760320 | 98 | * |
| kenjiArai | 0:5b88d5760320 | 99 | * \param[in] p The start address of the range to check |
| kenjiArai | 0:5b88d5760320 | 100 | * \param[in] s The size of the range to check |
| kenjiArai | 0:5b88d5760320 | 101 | * \param[in] ns_caller Whether the current partition is a non-secure one |
| kenjiArai | 0:5b88d5760320 | 102 | * \param[in] privileged Privileged mode or unprivileged mode: |
| kenjiArai | 0:5b88d5760320 | 103 | * \ref TFM_PARTITION_UNPRIVILEGED_MODE |
| kenjiArai | 0:5b88d5760320 | 104 | * \ref TFM_PARTITION_PRIVILEGED_MODE |
| kenjiArai | 0:5b88d5760320 | 105 | * |
| kenjiArai | 0:5b88d5760320 | 106 | * \return TFM_SUCCESS if the partition has access to the memory range, |
| kenjiArai | 0:5b88d5760320 | 107 | * TFM_ERROR_GENERIC otherwise. |
| kenjiArai | 0:5b88d5760320 | 108 | */ |
| kenjiArai | 0:5b88d5760320 | 109 | int32_t tfm_core_has_read_access_to_region(const void *p, size_t s, |
| kenjiArai | 0:5b88d5760320 | 110 | uint32_t ns_caller, |
| kenjiArai | 0:5b88d5760320 | 111 | uint32_t privileged); |
| kenjiArai | 0:5b88d5760320 | 112 | |
| kenjiArai | 0:5b88d5760320 | 113 | /** |
| kenjiArai | 0:5b88d5760320 | 114 | * \brief Check whether the current partition has write access to a memory range |
| kenjiArai | 0:5b88d5760320 | 115 | * |
| kenjiArai | 0:5b88d5760320 | 116 | * This function assumes, that the current MPU configuration is set for the |
| kenjiArai | 0:5b88d5760320 | 117 | * partition to be checked. |
| kenjiArai | 0:5b88d5760320 | 118 | * |
| kenjiArai | 0:5b88d5760320 | 119 | * \param[in] p The start address of the range to check |
| kenjiArai | 0:5b88d5760320 | 120 | * \param[in] s The size of the range to check |
| kenjiArai | 0:5b88d5760320 | 121 | * \param[in] ns_caller Whether the current partition is a non-secure one |
| kenjiArai | 0:5b88d5760320 | 122 | * \param[in] privileged Privileged mode or unprivileged mode: |
| kenjiArai | 0:5b88d5760320 | 123 | * \ref TFM_PARTITION_UNPRIVILEGED_MODE |
| kenjiArai | 0:5b88d5760320 | 124 | * \ref TFM_PARTITION_PRIVILEGED_MODE |
| kenjiArai | 0:5b88d5760320 | 125 | * |
| kenjiArai | 0:5b88d5760320 | 126 | * \return TFM_SUCCESS if the partition has access to the memory range, |
| kenjiArai | 0:5b88d5760320 | 127 | * TFM_ERROR_GENERIC otherwise. |
| kenjiArai | 0:5b88d5760320 | 128 | */ |
| kenjiArai | 0:5b88d5760320 | 129 | int32_t tfm_core_has_write_access_to_region(void *p, size_t s, |
| kenjiArai | 0:5b88d5760320 | 130 | uint32_t ns_caller, |
| kenjiArai | 0:5b88d5760320 | 131 | uint32_t privileged); |
| kenjiArai | 0:5b88d5760320 | 132 | |
| kenjiArai | 0:5b88d5760320 | 133 | #ifdef TFM_PSA_API |
| kenjiArai | 0:5b88d5760320 | 134 | /* The following macros are only valid if secure services can be called |
| kenjiArai | 0:5b88d5760320 | 135 | * using veneer functions. This is not the case if IPC messaging is enabled |
| kenjiArai | 0:5b88d5760320 | 136 | */ |
| kenjiArai | 0:5b88d5760320 | 137 | #define TFM_CORE_IOVEC_SFN_REQUEST(id, fn, a, b, c, d) \ |
| kenjiArai | 0:5b88d5760320 | 138 | do { \ |
| kenjiArai | 0:5b88d5760320 | 139 | ERROR_MSG("Invalid TF-M configuration detected"); \ |
| kenjiArai | 0:5b88d5760320 | 140 | tfm_secure_api_error_handler(); \ |
| kenjiArai | 0:5b88d5760320 | 141 | /* This point never reached */ \ |
| kenjiArai | 0:5b88d5760320 | 142 | return (int32_t)TFM_ERROR_GENERIC; \ |
| kenjiArai | 0:5b88d5760320 | 143 | } while (0) |
| kenjiArai | 0:5b88d5760320 | 144 | #define TFM_CORE_SFN_REQUEST(id, fn, a, b, c, d) \ |
| kenjiArai | 0:5b88d5760320 | 145 | do { \ |
| kenjiArai | 0:5b88d5760320 | 146 | ERROR_MSG("Invalid TF-M configuration detected"); \ |
| kenjiArai | 0:5b88d5760320 | 147 | tfm_secure_api_error_handler(); \ |
| kenjiArai | 0:5b88d5760320 | 148 | /* This point never reached */ \ |
| kenjiArai | 0:5b88d5760320 | 149 | return (int32_t)TFM_ERROR_GENERIC; \ |
| kenjiArai | 0:5b88d5760320 | 150 | } while (0) |
| kenjiArai | 0:5b88d5760320 | 151 | #else |
| kenjiArai | 0:5b88d5760320 | 152 | #define TFM_CORE_IOVEC_SFN_REQUEST(id, fn, a, b, c, d) \ |
| kenjiArai | 0:5b88d5760320 | 153 | return tfm_core_partition_request(id, fn, TFM_SFN_API_IOVEC, \ |
| kenjiArai | 0:5b88d5760320 | 154 | (int32_t)a, (int32_t)b, (int32_t)c, (int32_t)d) |
| kenjiArai | 0:5b88d5760320 | 155 | |
| kenjiArai | 0:5b88d5760320 | 156 | #define TFM_CORE_SFN_REQUEST(id, fn, a, b, c, d) \ |
| kenjiArai | 0:5b88d5760320 | 157 | return tfm_core_partition_request(id, fn, TFM_SFN_API_LEGACY, \ |
| kenjiArai | 0:5b88d5760320 | 158 | (int32_t)a, (int32_t)b, (int32_t)c, (int32_t)d) |
| kenjiArai | 0:5b88d5760320 | 159 | |
| kenjiArai | 0:5b88d5760320 | 160 | __attribute__ ((always_inline)) __STATIC_INLINE |
| kenjiArai | 0:5b88d5760320 | 161 | int32_t tfm_core_partition_request(uint32_t id, void *fn, int32_t iovec_api, |
| kenjiArai | 0:5b88d5760320 | 162 | int32_t arg1, int32_t arg2, int32_t arg3, int32_t arg4) |
| kenjiArai | 0:5b88d5760320 | 163 | { |
| kenjiArai | 0:5b88d5760320 | 164 | int32_t args[4] = {arg1, arg2, arg3, arg4}; |
| kenjiArai | 0:5b88d5760320 | 165 | struct tfm_sfn_req_s desc, *desc_ptr = &desc; |
| kenjiArai | 0:5b88d5760320 | 166 | |
| kenjiArai | 0:5b88d5760320 | 167 | desc.sp_id = id; |
| kenjiArai | 0:5b88d5760320 | 168 | desc.sfn = (sfn_t) fn; |
| kenjiArai | 0:5b88d5760320 | 169 | desc.args = args; |
| kenjiArai | 0:5b88d5760320 | 170 | /* |
| kenjiArai | 0:5b88d5760320 | 171 | * This preprocessor condition checks if a version of GCC smaller than |
| kenjiArai | 0:5b88d5760320 | 172 | * 7.3.1 is being used to compile the code. |
| kenjiArai | 0:5b88d5760320 | 173 | * These versions are affected by a bug on the cmse_nonsecure_caller |
| kenjiArai | 0:5b88d5760320 | 174 | * intrinsic which returns incorrect results. |
| kenjiArai | 0:5b88d5760320 | 175 | * Please check Bug 85203 on GCC Bugzilla for more information. |
| kenjiArai | 0:5b88d5760320 | 176 | */ |
| kenjiArai | 0:5b88d5760320 | 177 | #if defined(__GNUC__) && !defined(__ARMCC_VERSION) && \ |
| kenjiArai | 0:5b88d5760320 | 178 | (__GNUC__ < 7 || \ |
| kenjiArai | 0:5b88d5760320 | 179 | (__GNUC__ == 7 && (__GNUC_MINOR__ < 3 || \ |
| kenjiArai | 0:5b88d5760320 | 180 | (__GNUC_MINOR__ == 3 && __GNUC_PATCHLEVEL__ < 1)))) |
| kenjiArai | 0:5b88d5760320 | 181 | /* |
| kenjiArai | 0:5b88d5760320 | 182 | * Use the fact that, if called from Non-Secure, the LSB of the return |
| kenjiArai | 0:5b88d5760320 | 183 | * address is set to 0. |
| kenjiArai | 0:5b88d5760320 | 184 | */ |
| kenjiArai | 0:5b88d5760320 | 185 | desc.ns_caller = (uint32_t)!( |
| kenjiArai | 0:5b88d5760320 | 186 | (intptr_t)__builtin_extract_return_addr(__builtin_return_address(0U)) |
| kenjiArai | 0:5b88d5760320 | 187 | & 1); |
| kenjiArai | 0:5b88d5760320 | 188 | #else |
| kenjiArai | 0:5b88d5760320 | 189 | /* |
| kenjiArai | 0:5b88d5760320 | 190 | * Convert the result of cmse_nonsecure_caller from an int to a uint32_t |
| kenjiArai | 0:5b88d5760320 | 191 | * to prevent using an int in the tfm_sfn_req_s structure. |
| kenjiArai | 0:5b88d5760320 | 192 | */ |
| kenjiArai | 0:5b88d5760320 | 193 | desc.ns_caller = (cmse_nonsecure_caller() != 0) ? 1U : 0U; |
| kenjiArai | 0:5b88d5760320 | 194 | #endif /* Check for GCC compiler version smaller than 7.3.1 */ |
| kenjiArai | 0:5b88d5760320 | 195 | desc.iovec_api = iovec_api; |
| kenjiArai | 0:5b88d5760320 | 196 | if (__get_active_exc_num() != EXC_NUM_THREAD_MODE) { |
| kenjiArai | 0:5b88d5760320 | 197 | /* FixMe: Error severity TBD */ |
| kenjiArai | 0:5b88d5760320 | 198 | return TFM_ERROR_GENERIC; |
| kenjiArai | 0:5b88d5760320 | 199 | } else { |
| kenjiArai | 0:5b88d5760320 | 200 | #if TFM_LVL == 1 |
| kenjiArai | 0:5b88d5760320 | 201 | if (desc.ns_caller) { |
| kenjiArai | 0:5b88d5760320 | 202 | return tfm_core_sfn_request(desc_ptr); |
| kenjiArai | 0:5b88d5760320 | 203 | } else { |
| kenjiArai | 0:5b88d5760320 | 204 | return tfm_core_sfn_request_thread_mode(desc_ptr); |
| kenjiArai | 0:5b88d5760320 | 205 | } |
| kenjiArai | 0:5b88d5760320 | 206 | #else |
| kenjiArai | 0:5b88d5760320 | 207 | return tfm_core_sfn_request(desc_ptr); |
| kenjiArai | 0:5b88d5760320 | 208 | #endif |
| kenjiArai | 0:5b88d5760320 | 209 | |
| kenjiArai | 0:5b88d5760320 | 210 | } |
| kenjiArai | 0:5b88d5760320 | 211 | } |
| kenjiArai | 0:5b88d5760320 | 212 | #endif |
| kenjiArai | 0:5b88d5760320 | 213 | |
| kenjiArai | 0:5b88d5760320 | 214 | #endif /* __TFM_SECURE_API_H__ */ |