- User Since
- Apr 9 2018, 6:38 AM (53 w, 6 d)
Thu, Apr 11
The transition from NS to S using the psa_call veneer has an implementation-defined layer of serialization in addition to what is prescribed in the PSA client API, necessary because of the limitations on parameter passing between security states.
The argument list mentioned above:
psa_status_t tfm_psa_call_veneer(psa_handle_t handle, const psa_invec *in_vecs, const psa_invec *out_vecs);
has those data types by design: both the invec array and outvec array are serialized to one invec each, i.e. two input parameters for the secure veneer, one containing the array of invecs, the other containing the array of outvecs.
From the veneer point of view both are constant input parameters, hence the const psa_invec type.
When extracting the arrays from these vectors in tfm_svcalls.c you can see the deserialization to the PSA-defined data types:
outptr = (psa_outvec *)((psa_invec *)args)->base; out_num = ((psa_invec *)args)->len;
Feb 25 2019
Feb 21 2019
Feb 5 2019
Jan 29 2019
Please note that secure SVC is running on highest priority. Execution of this code cannot be pre-empted by either NSPE or any external secure interrupt. This is essentially a critical section.
Jan 10 2019
Jan 8 2019
Dec 19 2018
Dec 11 2018
Dec 10 2018
Please see https://developer.trustedfirmware.org/w/tf_m/design/uniform_secure_service_signature/ for detailed design proposal
Nov 23 2018
Nov 19 2018
A bugfix is provided for incorrect default behaviour if NS client identification is turned off in the build environment in change:
Nov 14 2018
Nov 13 2018
Nov 12 2018
Oct 20 2018
Oct 19 2018
Oct 1 2018
Design documented at https://developer.trustedfirmware.org/w/tf_m/design/ns_client_management/
Sep 21 2018
Sep 19 2018
Change and related improvements upstreamed
https://review.trustedfirmware.org/#/c/191/ is a proposed resolution for this change.
Sep 17 2018
Based on @gyuri-szing's comment on the review I split the change to two parts:
https://review.trustedfirmware.org/#/c/174/ only fixes the upstream to keep NS exceptions disabled during secure execution by default as is the current assumption for TF-M.
Change https://review.trustedfirmware.org/#/c/183/ introduces the switch. Gyorgy's comment can be debated separately this way without blocking the fix.
Sep 7 2018
In my view we should investigate other options for having the API definitions stand out from the service internal files.
There is an ongoing effort to limit the number of steps that need to be taken in order to integrate a new partition into the system, or to disable/enable one that is already present.
I would therefore suggest to keep service API files in the service folder and not create a new location for them.
Sep 4 2018
Change on review at:
The change has been merged on both branches
Aug 24 2018
Mate is working on the prototype while I'm writing the design document.
Aug 6 2018
Jun 26 2018
https://issues.trustedfirmware.org/T39 to follow up on updates needed for newer version of PSA spec and updates, reduction of proprietary fields
First batch of related changes upstreamed.
Jun 21 2018
Jun 1 2018
change sent for review:
May 29 2018
Change on review: