- TF-M - lists.trustedfirmware.org

General mailbox design for TF-M in dual core system

by David Hu (Arm Technology China)

Hi all, I post a design document for mailbox design for TF-M in dual core system. Could you please please take a look at https://developer.trustedfirmware.org/w/tf_m/design/twin-cpu/general_mailbo… Any comment is welcome. :) Thank you. Best regards, Hu Ziji

6 years, 7 months

1
0
0 0

Re: [TF-M] TF-M ARM GCC Optimization issue

by Antonio De Angelis

Hi, We have a candidate fix for issues reported with -Os builds with IPC mode builds, available here: https://review.trustedfirmware.org/c/trusted-firmware-m/+/882 could you please help verify if this fixes the issue you're seeing? Note that also with this patch, the Secure side of SST regression in IPC mode fails, but that is another issue that we have identified and we have a separate patch which will be ready shortly for that. Thanks, Antonio -----Original Message----- From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Stanislav Jancik via TF-M Sent: 16 April 2019 13:26 To: tf-m(a)lists.trustedfirmware.org Subject: [TF-M] TF-M ARM GCC Optimization issue Hi Gyorgy, Yes, it looks that this is the issue. I saw exactly this behavior when optimization was set to -O1. Do you think, that ARM will prepare official fix of this file? Moreover, when I tried to set optimization to -Os, the regression tests have stopped working at TFM_SST_TEST_1XXX test suite. But I did not try to find the reason why, therefore I cannot say more. Regards Stanislav -----Original Message----- From: TF-M [mailto:tf-m-bounces@lists.trustedfirmware.org] On Behalf Of tf-m-request(a)lists.trustedfirmware.org Sent: Tuesday, April 16, 2019 2:00 PM To: tf-m(a)lists.trustedfirmware.org Subject: [EXT] TF-M Digest, Vol 6, Issue 12 WARNING: This email was created outside of NXP. DO NOT CLICK links or attachments unless you recognize the sender and know the content is safe. Send TF-M mailing list submissions to tf-m(a)lists.trustedfirmware.org To subscribe or unsubscribe via the World Wide Web, visit https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.tru… or, via email, send a message with subject or body 'help' to tf-m-request(a)lists.trustedfirmware.org You can reach the person managing the list at tf-m-owner(a)lists.trustedfirmware.org When replying, please edit your Subject line so it is more specific than "Re: Contents of TF-M digest..." Today's Topics: 1. FW: Trusted boot - rollback protection (Tamas Ban) 2. TF-M ARM GCC Optimization issue (Stanislav Jancik) 3. Re: TF-M ARM GCC Optimization issue (Gyorgy Szing) ---------------------------------------------------------------------- Message: 1 Date: Mon, 15 Apr 2019 14:52:49 +0000 From: Tamas Ban <Tamas.Ban(a)arm.com> To: "tf-m(a)lists.trustedfirmware.org" <tf-m(a)lists.trustedfirmware.org> Subject: [TF-M] FW: Trusted boot - rollback protection Message-ID: <AM6PR08MB3126592CF647127402DB91C4E22B0(a)AM6PR08MB3126.eurprd08.prod.outlook.com> Content-Type: text/plain; charset="utf-8" Actually the design doc propose to use a distinct security counter from image version (ih_ver in header). But in the most simple case this security counter can be derived from the image version, to have the exact same value (ignoring the build number). The image signature cover these continues blocks in memory: - image header - image - some part of TLV section (currently not covered, but due to multi image support it is planned to introduce a signed TLV section) Because these are contiguous regions in the memory it is not possible to place only the (header + TLV section) to the trusted memory but miss out the image itself (at least I cannot see how to solve) Tamas -----Original Message----- From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Michel JAOUEN via TF-M Sent: 08 April 2019 16:20 To: tf-m(a)lists.trustedfirmware.org Subject: Re: [TF-M] Trusted boot - rollback protection For the platform without hardware for NV counter, but having trusted memory It is mentioned that the support is possible as follow : "an active image and related manifest data is stored in trusted memory then the included security counter cannot be compromised." the impact for this implementation in mcu-boot is limited to : * The test of the version (security counter is ih_ver from mcuboot header) * The placement of active image and related manifest data in a trusted memory. Is my understanding correct ? As the placement of full image in a trusted memory is a constraint. Can we limit the information placed in a trusted memory to : * image header, * TLV sections. This seems sufficient to support anti roll back. Of course additional impact on mcu-boot must be planned but as multi image support is also targeted , the placement of all images in a trusted memory is likely to be unachievable for all configurations. -- TF-M mailing list TF-M(a)lists.trustedfirmware.org https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.tru… IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. ------------------------------ Message: 2 Date: Tue, 16 Apr 2019 11:21:05 +0000 From: Stanislav Jancik <stanislav.jancik(a)nxp.com> To: "tf-m(a)lists.trustedfirmware.org" <tf-m(a)lists.trustedfirmware.org> Subject: [TF-M] TF-M ARM GCC Optimization issue Message-ID: <VI1PR04MB63200EB729C45B420D211A2890240(a)VI1PR04MB6320.eurprd04.prod.outlook.com> Content-Type: text/plain; charset="us-ascii" Hi, I am currently working on porting TF-M to our (NXP's) LPC55S69 platform. We have supported armclang compiler and we work on support of armgcc compiler. I found out, that the TF-M is working correctly only with optimization -O0 for secure code. I use "7 2018-q2-update" compiler. For example, when optimization -O1 is set for secure code, the regression tests are running correctly until TFM_IPC_TEST_1XXX test suite. When I debugged this issue, I found out that function and arguments are not properly assigned in function tfm_core_ns_ipc_request (tfm_psa_api_client.c). When I updated this function so the variables int32_t args[4]; struct tfm_sfn_req_s desc, *desc_ptr = &desc; and nt32_t res; were global instead of local. The tests have started running correctly. I so similar issue, when optimization was -Os, but only secure test suites run correctly in this case. I did not see such a behavior when I used armclang compiler. Did you try to use different optimization at Musca boards as well? Regards Stanislav ------------------------------ Message: 3 Date: Tue, 16 Apr 2019 11:58:29 +0000 From: Gyorgy Szing <Gyorgy.Szing(a)arm.com> To: "tf-m(a)lists.trustedfirmware.org" <tf-m(a)lists.trustedfirmware.org> Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] TF-M ARM GCC Optimization issue Message-ID: <VE1PR08MB4928420C61B16FA35C6F9A4D91240(a)VE1PR08MB4928.eurprd08.prod.outlook.com> Content-Type: text/plain; charset="utf-8" Hi Stanislav, Can you please check if the issue described here https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeveloper… is the same as you are reporting? /George -----Original Message----- From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Stanislav Jancik via TF-M Sent: 16 April 2019 13:21 To: tf-m(a)lists.trustedfirmware.org Subject: [TF-M] TF-M ARM GCC Optimization issue Hi, I am currently working on porting TF-M to our (NXP's) LPC55S69 platform. We have supported armclang compiler and we work on support of armgcc compiler. I found out, that the TF-M is working correctly only with optimization -O0 for secure code. I use "7 2018-q2-update" compiler. For example, when optimization -O1 is set for secure code, the regression tests are running correctly until TFM_IPC_TEST_1XXX test suite. When I debugged this issue, I found out that function and arguments are not properly assigned in function tfm_core_ns_ipc_request (tfm_psa_api_client.c). When I updated this function so the variables int32_t args[4]; struct tfm_sfn_req_s desc, *desc_ptr = &desc; and nt32_t res; were global instead of local. The tests have started running correctly. I so similar issue, when optimization was -Os, but only secure test suites run correctly in this case. I did not see such a behavior when I used armclang compiler. Did you try to use different optimization at Musca boards as well? Regards Stanislav -- TF-M mailing list TF-M(a)lists.trustedfirmware.org https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.tru… ------------------------------ Subject: Digest Footer TF-M mailing list TF-M(a)lists.trustedfirmware.org https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.tru… ------------------------------ End of TF-M Digest, Vol 6, Issue 12 *********************************** -- TF-M mailing list TF-M(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-m

6 years, 8 months

1
0
0 0

TF-M ARM GCC Optimization issue

by Stanislav Jancik

Hi Gyorgy, Yes, it looks that this is the issue. I saw exactly this behavior when optimization was set to -O1. Do you think, that ARM will prepare official fix of this file? Moreover, when I tried to set optimization to -Os, the regression tests have stopped working at TFM_SST_TEST_1XXX test suite. But I did not try to find the reason why, therefore I cannot say more. Regards Stanislav -----Original Message----- From: TF-M [mailto:tf-m-bounces@lists.trustedfirmware.org] On Behalf Of tf-m-request(a)lists.trustedfirmware.org Sent: Tuesday, April 16, 2019 2:00 PM To: tf-m(a)lists.trustedfirmware.org Subject: [EXT] TF-M Digest, Vol 6, Issue 12 WARNING: This email was created outside of NXP. DO NOT CLICK links or attachments unless you recognize the sender and know the content is safe. Send TF-M mailing list submissions to tf-m(a)lists.trustedfirmware.org To subscribe or unsubscribe via the World Wide Web, visit https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.tru… or, via email, send a message with subject or body 'help' to tf-m-request(a)lists.trustedfirmware.org You can reach the person managing the list at tf-m-owner(a)lists.trustedfirmware.org When replying, please edit your Subject line so it is more specific than "Re: Contents of TF-M digest..." Today's Topics: 1. FW: Trusted boot - rollback protection (Tamas Ban) 2. TF-M ARM GCC Optimization issue (Stanislav Jancik) 3. Re: TF-M ARM GCC Optimization issue (Gyorgy Szing) ---------------------------------------------------------------------- Message: 1 Date: Mon, 15 Apr 2019 14:52:49 +0000 From: Tamas Ban <Tamas.Ban(a)arm.com> To: "tf-m(a)lists.trustedfirmware.org" <tf-m(a)lists.trustedfirmware.org> Subject: [TF-M] FW: Trusted boot - rollback protection Message-ID: <AM6PR08MB3126592CF647127402DB91C4E22B0(a)AM6PR08MB3126.eurprd08.prod.outlook.com> Content-Type: text/plain; charset="utf-8" Actually the design doc propose to use a distinct security counter from image version (ih_ver in header). But in the most simple case this security counter can be derived from the image version, to have the exact same value (ignoring the build number). The image signature cover these continues blocks in memory: - image header - image - some part of TLV section (currently not covered, but due to multi image support it is planned to introduce a signed TLV section) Because these are contiguous regions in the memory it is not possible to place only the (header + TLV section) to the trusted memory but miss out the image itself (at least I cannot see how to solve) Tamas -----Original Message----- From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Michel JAOUEN via TF-M Sent: 08 April 2019 16:20 To: tf-m(a)lists.trustedfirmware.org Subject: Re: [TF-M] Trusted boot - rollback protection For the platform without hardware for NV counter, but having trusted memory It is mentioned that the support is possible as follow : "an active image and related manifest data is stored in trusted memory then the included security counter cannot be compromised." the impact for this implementation in mcu-boot is limited to : * The test of the version (security counter is ih_ver from mcuboot header) * The placement of active image and related manifest data in a trusted memory. Is my understanding correct ? As the placement of full image in a trusted memory is a constraint. Can we limit the information placed in a trusted memory to : * image header, * TLV sections. This seems sufficient to support anti roll back. Of course additional impact on mcu-boot must be planned but as multi image support is also targeted , the placement of all images in a trusted memory is likely to be unachievable for all configurations. -- TF-M mailing list TF-M(a)lists.trustedfirmware.org https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.tru… IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. ------------------------------ Message: 2 Date: Tue, 16 Apr 2019 11:21:05 +0000 From: Stanislav Jancik <stanislav.jancik(a)nxp.com> To: "tf-m(a)lists.trustedfirmware.org" <tf-m(a)lists.trustedfirmware.org> Subject: [TF-M] TF-M ARM GCC Optimization issue Message-ID: <VI1PR04MB63200EB729C45B420D211A2890240(a)VI1PR04MB6320.eurprd04.prod.outlook.com> Content-Type: text/plain; charset="us-ascii" Hi, I am currently working on porting TF-M to our (NXP's) LPC55S69 platform. We have supported armclang compiler and we work on support of armgcc compiler. I found out, that the TF-M is working correctly only with optimization -O0 for secure code. I use "7 2018-q2-update" compiler. For example, when optimization -O1 is set for secure code, the regression tests are running correctly until TFM_IPC_TEST_1XXX test suite. When I debugged this issue, I found out that function and arguments are not properly assigned in function tfm_core_ns_ipc_request (tfm_psa_api_client.c). When I updated this function so the variables int32_t args[4]; struct tfm_sfn_req_s desc, *desc_ptr = &desc; and nt32_t res; were global instead of local. The tests have started running correctly. I so similar issue, when optimization was -Os, but only secure test suites run correctly in this case. I did not see such a behavior when I used armclang compiler. Did you try to use different optimization at Musca boards as well? Regards Stanislav ------------------------------ Message: 3 Date: Tue, 16 Apr 2019 11:58:29 +0000 From: Gyorgy Szing <Gyorgy.Szing(a)arm.com> To: "tf-m(a)lists.trustedfirmware.org" <tf-m(a)lists.trustedfirmware.org> Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] TF-M ARM GCC Optimization issue Message-ID: <VE1PR08MB4928420C61B16FA35C6F9A4D91240(a)VE1PR08MB4928.eurprd08.prod.outlook.com> Content-Type: text/plain; charset="utf-8" Hi Stanislav, Can you please check if the issue described here https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeveloper… is the same as you are reporting? /George -----Original Message----- From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Stanislav Jancik via TF-M Sent: 16 April 2019 13:21 To: tf-m(a)lists.trustedfirmware.org Subject: [TF-M] TF-M ARM GCC Optimization issue Hi, I am currently working on porting TF-M to our (NXP's) LPC55S69 platform. We have supported armclang compiler and we work on support of armgcc compiler. I found out, that the TF-M is working correctly only with optimization -O0 for secure code. I use "7 2018-q2-update" compiler. For example, when optimization -O1 is set for secure code, the regression tests are running correctly until TFM_IPC_TEST_1XXX test suite. When I debugged this issue, I found out that function and arguments are not properly assigned in function tfm_core_ns_ipc_request (tfm_psa_api_client.c). When I updated this function so the variables int32_t args[4]; struct tfm_sfn_req_s desc, *desc_ptr = &desc; and nt32_t res; were global instead of local. The tests have started running correctly. I so similar issue, when optimization was -Os, but only secure test suites run correctly in this case. I did not see such a behavior when I used armclang compiler. Did you try to use different optimization at Musca boards as well? Regards Stanislav -- TF-M mailing list TF-M(a)lists.trustedfirmware.org https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.tru… ------------------------------ Subject: Digest Footer TF-M mailing list TF-M(a)lists.trustedfirmware.org https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.tru… ------------------------------ End of TF-M Digest, Vol 6, Issue 12 ***********************************

6 years, 8 months

1
0
0 0

Re: [TF-M] TF-M ARM GCC Optimization issue

by Gyorgy Szing

Hi Stanislav, Can you please check if the issue described here https://developer.trustedfirmware.org/T234 is the same as you are reporting? /George -----Original Message----- From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Stanislav Jancik via TF-M Sent: 16 April 2019 13:21 To: tf-m(a)lists.trustedfirmware.org Subject: [TF-M] TF-M ARM GCC Optimization issue Hi, I am currently working on porting TF-M to our (NXP's) LPC55S69 platform. We have supported armclang compiler and we work on support of armgcc compiler. I found out, that the TF-M is working correctly only with optimization -O0 for secure code. I use "7 2018-q2-update" compiler. For example, when optimization -O1 is set for secure code, the regression tests are running correctly until TFM_IPC_TEST_1XXX test suite. When I debugged this issue, I found out that function and arguments are not properly assigned in function tfm_core_ns_ipc_request (tfm_psa_api_client.c). When I updated this function so the variables int32_t args[4]; struct tfm_sfn_req_s desc, *desc_ptr = &desc; and nt32_t res; were global instead of local. The tests have started running correctly. I so similar issue, when optimization was -Os, but only secure test suites run correctly in this case. I did not see such a behavior when I used armclang compiler. Did you try to use different optimization at Musca boards as well? Regards Stanislav -- TF-M mailing list TF-M(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-m

6 years, 8 months

1
0
0 0

TF-M ARM GCC Optimization issue

by Stanislav Jancik

Hi, I am currently working on porting TF-M to our (NXP's) LPC55S69 platform. We have supported armclang compiler and we work on support of armgcc compiler. I found out, that the TF-M is working correctly only with optimization -O0 for secure code. I use "7 2018-q2-update" compiler. For example, when optimization -O1 is set for secure code, the regression tests are running correctly until TFM_IPC_TEST_1XXX test suite. When I debugged this issue, I found out that function and arguments are not properly assigned in function tfm_core_ns_ipc_request (tfm_psa_api_client.c). When I updated this function so the variables int32_t args[4]; struct tfm_sfn_req_s desc, *desc_ptr = &desc; and nt32_t res; were global instead of local. The tests have started running correctly. I so similar issue, when optimization was -Os, but only secure test suites run correctly in this case. I did not see such a behavior when I used armclang compiler. Did you try to use different optimization at Musca boards as well? Regards Stanislav

6 years, 8 months

1
0
0 0

FW: Trusted boot - rollback protection

by Tamas Ban

Actually the design doc propose to use a distinct security counter from image version (ih_ver in header). But in the most simple case this security counter can be derived from the image version, to have the exact same value (ignoring the build number). The image signature cover these continues blocks in memory: - image header - image - some part of TLV section (currently not covered, but due to multi image support it is planned to introduce a signed TLV section) Because these are contiguous regions in the memory it is not possible to place only the (header + TLV section) to the trusted memory but miss out the image itself (at least I cannot see how to solve) Tamas -----Original Message----- From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Michel JAOUEN via TF-M Sent: 08 April 2019 16:20 To: tf-m(a)lists.trustedfirmware.org Subject: Re: [TF-M] Trusted boot - rollback protection For the platform without hardware for NV counter, but having trusted memory It is mentioned that the support is possible as follow : "an active image and related manifest data is stored in trusted memory then the included security counter cannot be compromised." the impact for this implementation in mcu-boot is limited to : * The test of the version (security counter is ih_ver from mcuboot header) * The placement of active image and related manifest data in a trusted memory. Is my understanding correct ? As the placement of full image in a trusted memory is a constraint. Can we limit the information placed in a trusted memory to : * image header, * TLV sections. This seems sufficient to support anti roll back. Of course additional impact on mcu-boot must be planned but as multi image support is also targeted , the placement of all images in a trusted memory is likely to be unachievable for all configurations. -- TF-M mailing list TF-M(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-m IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

6 years, 8 months

1
0
0 0

Re: [TF-M] Platform: Create platform service for pin functions

by Miklos Balint

Michel, I agree there is a need for a more generic design pattern for such platform-specific features. I think that there should be a single entry point for any platform specific service request to the platform/ directory and each platform should/could list the specific features it supports. Then the specific function type would be encoded in an invec to the service request. But I think a more detailed design proposal is needed with enough room for discussion before committing to a new pattern, and I'd prefer to avoid introducing platform dependencies in the services/ folder. That folder should ideally just have an indirection across HAL to a platform-specific service request arbiter. Any opinions or should I produce a more detailed proposal to show what I mean? Regards Miklos -----Original Message----- From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Michel JAOUEN via TF-M Sent: 11 April 2019 13:57 To: tf-m(a)lists.trustedfirmware.org Subject: Re: [TF-M] Platform: Create platform service for pin functions I see that there is https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/825/ On review , it adds some dummy functions for the platform not requiring these services Can we think about introducing some configuration on platform basis. As example , I post https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/854/ Best regards From: Michel JAOUEN Sent: mercredi 10 avril 2019 13:05 To: 'tf-m(a)lists.trustedfirmware.org' <tf-m(a)lists.trustedfirmware.org> Subject: Platform: Create platform service for pin functions Hello, I noticed the merge of this api, which seems require only for platform Musca_a. This create the need to implement dummy functions for the other platform. would it be better to make this configurable for each platform ? I think for the interface connected to platform partition, it is important to have a flexibility. As example some platform , may require an API requesting a pin to be configureable from non secure . Best regards -- TF-M mailing list TF-M(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-m

6 years, 8 months

2
1
0 0

Re: [TF-M] Platform: Create platform service for pin functions

by Michel JAOUEN

I see that there is https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/825/ On review , it adds some dummy functions for the platform not requiring these services Can we think about introducing some configuration on platform basis. As example , I post https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/854/ Best regards From: Michel JAOUEN Sent: mercredi 10 avril 2019 13:05 To: 'tf-m(a)lists.trustedfirmware.org' <tf-m(a)lists.trustedfirmware.org> Subject: Platform: Create platform service for pin functions Hello, I noticed the merge of this api, which seems require only for platform Musca_a. This create the need to implement dummy functions for the other platform. would it be better to make this configurable for each platform ? I think for the interface connected to platform partition, it is important to have a flexibility. As example some platform , may require an API requesting a pin to be configureable from non secure . Best regards

6 years, 8 months

1
0
0 0

Re: [TF-M] psa_invec type mismatch in tfm_psa_call_veneer?

by Ken Liu (Arm Technology China)

Hi Both, The intention of doing this is for packing parameters while handling non-secure psa_call(). This function has five parameters, which means the 5th one needs to be put in NS stack. If we extract 5th parameter in veneer function we need to enable non-secure memory accessing for veneer and implement some assembler code there to fetch PSP_NS. To make it simple at first stage we just pack 'psa_invec' and 'psa_outvec' as two inputs of tfm_psa_call_veneer(); that why the two types are invec -- because they really are inputs. This part really causes confuse and need to be discussed if we need to implement more proper way for this. Let's track it in the ticket. -Ken > -----Original Message----- > From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Antonio De > Angelis via TF-M > Sent: Thursday, April 11, 2019 6:31 AM > To: tf-m(a)lists.trustedfirmware.org > Cc: nd <nd(a)arm.com> > Subject: Re: [TF-M] psa_invec type mismatch in tfm_psa_call_veneer? > > Hi Alan, > > I think you're right, the prototypes of these functions should be fixed. Moreover, > I think psa_outvec *out_vecs should drop the const qualifier to match > psa_call(...) prototypes, as it's an output parameter and needs to be non-const. > I have raised https://developer.trustedfirmware.org/T313 to keep track of this. > > Thanks, > Antonio > > ________________________________ > From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> on behalf of DeMars, > Alan via TF-M <tf-m(a)lists.trustedfirmware.org> > Sent: 10 April 2019 22:12 > To: tf-m(a)lists.trustedfirmware.org > Subject: [TF-M] psa_invec type mismatch in tfm_psa_call_veneer? > > It seems to me that the 'psa_invec' type is incorrectly being used where the > 'psa_outvec' type should be used everywhere tfm_psa_call_veneer() is used. > > > > In tfm_api.h, I think this: > > > > psa_status_t tfm_psa_call_veneer(psa_handle_t handle, > > const psa_invec *in_vecs, > > const psa_invec *out_vecs); > > > > should be this: > > > > psa_status_t tfm_psa_call_veneer(psa_handle_t handle, > > const psa_invec *in_vecs, > > const psa_outvec *out_vecs); > > > > > > And, in the implementation of the tfm_psa_call_veneer > > within tfm_psa_api_client.c, I think this: > > > > __tfm_secure_gateway_attributes__ > > psa_status_t tfm_psa_call_veneer(psa_handle_t handle, > > const psa_invec *in_vecs, > > const psa_invec *out_vecs) > > > > should be this: > > > > __tfm_secure_gateway_attributes__ > > psa_status_t tfm_psa_call_veneer(psa_handle_t handle, > > const psa_invec *in_vecs, > > const psa_outvec *out_vecs) > > > > > > And, in the NS implementation of psa_call() within tfm_psa_ns_api.c, I think this: > > > > psa_invec in_vecs, out_vecs; > > > > should be this: > > > > psa_invec in_vecs; > > psa_outvec out_vecs; > > > > > > Alan > > > -- > TF-M mailing list > TF-M(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tf-m > -- > TF-M mailing list > TF-M(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tf-m

6 years, 8 months

1
0
0 0

Re: [TF-M] psa_invec type mismatch in tfm_psa_call_veneer?

by Antonio De Angelis

Hi Alan, I think you're right, the prototypes of these functions should be fixed. Moreover, I think psa_outvec *out_vecs should drop the const qualifier to match psa_call(...) prototypes, as it's an output parameter and needs to be non-const. I have raised https://developer.trustedfirmware.org/T313 to keep track of this. Thanks, Antonio ________________________________ From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> on behalf of DeMars, Alan via TF-M <tf-m(a)lists.trustedfirmware.org> Sent: 10 April 2019 22:12 To: tf-m(a)lists.trustedfirmware.org Subject: [TF-M] psa_invec type mismatch in tfm_psa_call_veneer? It seems to me that the 'psa_invec' type is incorrectly being used where the 'psa_outvec' type should be used everywhere tfm_psa_call_veneer() is used. In tfm_api.h, I think this: psa_status_t tfm_psa_call_veneer(psa_handle_t handle, const psa_invec *in_vecs, const psa_invec *out_vecs); should be this: psa_status_t tfm_psa_call_veneer(psa_handle_t handle, const psa_invec *in_vecs, const psa_outvec *out_vecs); And, in the implementation of the tfm_psa_call_veneer within tfm_psa_api_client.c, I think this: __tfm_secure_gateway_attributes__ psa_status_t tfm_psa_call_veneer(psa_handle_t handle, const psa_invec *in_vecs, const psa_invec *out_vecs) should be this: __tfm_secure_gateway_attributes__ psa_status_t tfm_psa_call_veneer(psa_handle_t handle, const psa_invec *in_vecs, const psa_outvec *out_vecs) And, in the NS implementation of psa_call() within tfm_psa_ns_api.c, I think this: psa_invec in_vecs, out_vecs; should be this: psa_invec in_vecs; psa_outvec out_vecs; Alan -- TF-M mailing list TF-M(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-m

6 years, 8 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

TF-M