Hi Anton and Kevin,
"call secure services directlyˇ± here
means calling by PSA client API in IPC mode.
Here is the scenarios,
For example, a new secure partition is added
,and this partition provides some secure services. One service needs get
some pre-provisioned information,such as a key. This operation(get pre-provisioned
information) may vary with platforms.
Scenario A:Target1(A board without MCU embedded
Flash ) , the pre-provisioned information were stored in OTP during provisioning,
so this target reads pre-provisioned information from OTP during deployment
period.
Scenario B: Target1(A board with MCU embedded
Flash ) , assume the pre-provisioned information were stored in MCU embedded
Flash by calling psa_its_set() service during provisioning(I am not sure
whether this kind of implementation is right ), so this target needs
reading pre-provisioned information by calling psa_its_get() service during
deployment period. I am wondering whether this design breaks the design
rules of tf-m.
Best Regards,
Poppy Wu
Macronix Microelectronics (Suzhou) Co.,Ltd
Kevin Peng via TF-M <tf-m@lists.trustedfirmware.org>
Sent by: "TF-M" <tf-m-bounces@lists.trustedfirmware.org>
2021/07/07 11:10
|
Please respond to
Kevin Peng <Kevin.Peng@arm.com> |
|
|
To
| "tf-m@lists.trustedfirmware.org"
<tf-m@lists.trustedfirmware.org>
|
|
cc
| nd <nd@arm.com>
|
|
Subject
| Re: [TF-M] Whether the codes in platform
folder of tf-m project can be allowed to call secure services in secure_fw
folder? |
|
Hi Poppy,
By ˇ°call
secure services directlyˇ± I guess you mean function call?
That is forbidden.
Secure services can be only called by PSA
Client APIs (psa_connect/psa_call/psa_close) or Partition provided APIs
(for example psa_ps_set).
As Anton mentioned, platform folder actually
provide HW level support to Secure Partitions and Framework (SPM).
Could you provide more details of you use
case of calling Secure Services from platform folder?
Best Regards,
Kevin
From: TF-M <tf-m-bounces@lists.trustedfirmware.org>
On Behalf Of Anton Komlev via TF-M
Sent: Tuesday, July 6, 2021 8:31 PM
To: tf-m@lists.trustedfirmware.org
Cc: nd <nd@arm.com>
Subject: Re: [TF-M] Whether the codes in platform folder of tf-m project
can be allowed to call secure services in secure_fw folder?
Hi Poppy,
Platform folder represents a HW integration
layer.
What kind of use case you have in mind
to call the secure services from there?
Thanks,
Anton
From: TF-M <tf-m-bounces@lists.trustedfirmware.org>
On Behalf Of Edward Yang via TF-M
Sent: Tuesday, July 6, 2021 9:30 AM
To: tf-m@lists.trustedfirmware.org;
nd <nd@arm.com>
Subject: [TF-M] Whether the codes in platform folder of tf-m project
can be allowed to call secure services in secure_fw folder?
Hi experts,
The tf-m project includes secure_fw and paltform these two folders, I want
to know whether the codes in platform folder are allowed to call secure
services directly?
Best Regards,
Poppy Wu
Macronix Microelectronics (Suzhou) Co.,Ltd
CONFIDENTIALITY NOTE:
This e-mail and any attachments may contain confidential
information and/or personal data, which is protected by applicable laws.
Please be reminded that duplication, disclosure, distribution, or use of
this e-mail (and/or its attachments) or any part thereof is prohibited.
If you receive this e-mail in error, please notify us immediately and delete
this mail as well as its attachment(s) from your system. In addition, please
be informed that collection, processing, and/or use of personal data is
prohibited unless expressly permitted by personal data protection laws.
Thank you for your attention and cooperation.
Macronix International Co., Ltd.
=====================================================================--
TF-M mailing list
TF-M@lists.trustedfirmware.org
https://lists.trustedfirmware.org/mailman/listinfo/tf-m
CONFIDENTIALITY NOTE:
This e-mail and any attachments may contain confidential information and/or personal data, which is protected by applicable laws. Please be reminded that duplication, disclosure, distribution, or use of this e-mail (and/or its attachments) or any part thereof is prohibited. If you receive this e-mail in error, please notify us immediately and delete this mail as well as it attachments from your system. In addition, please be informed that collection, processing, and/or use of personal data is prohibited unless expressly permitted by personal data protection laws. Thank you for your attention and cooperation.
Macronix International Co., Ltd.
=====================================================================