Hi @ioannisg , my understanding is the same as yours.
In theory, there should be any issues.
May I ask which service were you connecting to and got the invalid handle?
And could you provide more information on how the IRQs are locked? I have not ever used the BASEPRI_NS.
Any other information like the version of TF-M you are integrating and build configurations would also help.
Thanks.

This issue has been fixed.

Single shot key agreement:

hash_compute has been added directly by @salomethirot-arm to the multipart patch available here: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/10607 as discussed during the last sync-up call. @Vge0rge please do have a round of review of the hash_compute (and the whole patch as well) to get to +1 status.

https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/10607

OK, could you take this issue, @adeaarm ?

Probably better to reduce the priority of the ticket but keep it open just to make sure we are reminded to verify it again once the next release of qemu is available.

Thanks Antonio for the information.
Since this is not a TF-M issue, suggest closing it.

Hi @ioannisg , this is due to this bug in QEMU:

Here's the original proposal:

The TF-A project uses the OpenCI project https://www.trustedfirmware.org/projects/open-ci/ to provide "Daily" and "Gerrit patch review" testing through a Jenkins infrastructure system with jobs visible here https://ci.trustedfirmware.org and these make use of tests defined in the TF-A Tests repository and from other reposititories. Please refer to the OpenCI documentation for more information https://tf-ci-users-guide.readthedocs.io/en/latest/

Cipher/MAC single-shot APIs patches:

ACS can be updated to skip checks for this. But spec isn't specific about whether this way of retrieving memory is optional.

Hash: https://review.trustedfirmware.org/c/TF-M/tf-m-tests/+/10544
MAC: Support in mbedtls-2.26.0 for the single-shot APIs is not present. I have a patch to enable the tests and the shim layer in TF-M, I will keep it private until support from the backend side is available somehow for the feature-cc-psa-crypto-drivers dev branch.
Cipher: Support in mbedtls-2.26.0 for the single-shot APIs is not present. I have a patch to enable the tests and the shim layer in TF-M, I will keep it private until support from the backend side is available somehow for the feature-cc-psa-crypto-drivers dev branch.
AEAD: Single-shot APIs for AEAD are already supported, multipart is missing (both in TF-M and in the backend and driver entry points, still pending review in mbedTLS)
No Key agreement single shot API test yet. Need to understand and add it.

This patch extends tests coverate in the TF-M regression test suite for the single-shot hash API.