Hi Miklos/Mate,
Thanks for the detailed proposal. I have a comment/question regarding the return type to be used in the unified signature.
int32_t secure_function_name(struct psa_invec *in_vec, size_t in_len,
struct psa_outvec *out_vec, size_t out_len);
The type returned is a int32_t. As a service developer, I have to be aware that although the type returned by the service is a int32_t, there is a set of reserved return codes which are reserved by the TF-M framework and can't be used freely by the service itself (as described in interface/include/tfm_api.h through the enum tfm_status_e type, only allowed values are below the TFM_PARTITION_SPECIFIC_ERROR_MIN). As a consequence, the services right now need to define their own return type and make sure the values don't clash with the values reserved by TF-M.
*Question is*: what is your opinion on explicitly marking the return type here with a dedicated type (instead of a plain int32_t) which enforces the fact that not all possible return values are usable by the service/secure function?
In addition to this, in case the feedback is positive, I think that the new type we choose/define should be aligned as much as possible with the patterns of the return types used by the service API's and this would help secure service developers. Currently in fact, as TF-M is reserving return values between 0x01 and 0x1F, an intermediate translation step is required, for everything different than TFM_SUCCESS, to align the values returned by services to the values that the API's return (take again in example the Crypto service which returns psa_status_t, when the return values are propagated back to the API interface, the TFM_PARTITION_SPECIFIC_ERROR_MIN needs to be removed every time). If we define our new type as to be still based on int32_t, but with TF-M reserved values in a very high range (e.g. between -0x1F and -0x1) this would save the translation step and won't clash with the return values that are defined by the services (or, at least, this seems to be the current trend).
Thanks in advance for any feedback on this observation.
Thanks,
Antonio
