The current RTOS integration with TZ API support is to make it generic. You can use "empty" implementation for these API if you don't use multiple secure context (SFC or IPC model) and have no multiple NS client IDs requirements.
Besides that, the users can leverage TZ API for some other purposes, e.g. policy control for which NS task can access which secure partitions and etc. But that's quite use case specific. Just FYI.

Regards,

David Wang

ARM Electronic Technology (Shanghai) Co., Ltd

Phone: +86-21-6154 9142 (ext. 59142)




From: TF-M <tf-m-bounces@lists.trustedfirmware.org> on behalf of Reinhard Keil via TF-M <tf-m@lists.trustedfirmware.org>
Sent: 13 December 2019 19:41
To: tf-m@lists.trustedfirmware.org <tf-m@lists.trustedfirmware.org>
Subject: Re: [TF-M] Simplify RTOS / TF-M interface (single thread execution)
 
Ken,

thanks for all your swift answers.



Sorry, I need to check on this part of the answer again:

  *   What happens worst case when an RTOS does not implement TZ RTOS Context Management?



Ken.L: If there is no locking protection in NS and multiple ns calling would panic.

TZ RTOS Context Management does not prevent from that.  Correct.

So the only feature that is enabled with TZ RTOS Context Management is 'client ID identification' for Protected Storage (and potentially other services).

Reinhard
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
--
TF-M mailing list
TF-M@lists.trustedfirmware.org
https://lists.trustedfirmware.org/mailman/listinfo/tf-m