Hi Jun,

Basically, the service accessing model is a client-service model, hence the service won't call back to the client which makes the client a 'service'. Service can get client info by passed-in parameters and other SPM controlled channels.

Assuming you are using a Trustzone based hardware, the hardware provides the capability that calling back to NSPE, but it is not encouraged inside TF-M because it breaks the simplified model proposed by FF-M and difficulties the secure threat analysis - a simple case is that the secure context is blocked because it is waiting for NS returns.

If you do need to perform such operations, implement an interrupt based asynchronous mechanism is safer than software callbacks.

The most queried requirement we have met is someone querying if the execution can be delivered back to NSPE when secure IDLE is going to happen. Not sure if you are facing the similar, is it okay to share more details?

BR

/Ken

From: TF-M tf-m-bounces@lists.trustedfirmware.org On Behalf Of Li, Jun R via TF-M Sent: Tuesday, October 19, 2021 12:20 AM To: tf-m@lists.trustedfirmware.org Subject: [TF-M] Sending events from TF-M to non-secure world?

Hi,

Anyone has idea how a service inside a secure partition can send out some events to the non-secure world? Does callback still work over IPC? It seems non-secure world can connect to a SP but not easy to do the other way.

Appreciate any comments or suggestions!

Jun

Intel Corporation @ SC, CA