Hi.
I was testing the SFN model on the TF-M 1.6 release and I am confused about which API source files should be used for the non-secure application. The documentation here is lacking, so I am going by what we do in the build scripts of TF-M and tf-m-tests. The non-secure source files that are exported and included in the nonsecure API library are tfm_<partition>_ipc_api.c.
This strikes me as odd, to use the IPC source files for the SFN model. If this is correct the naming is misleading. From the code the selection is done based on PSA_API definition. Based on this if this is the correct source files to use then I would think this should either be documented or renamed to something that better reflect the use, perhaps tfm_<partition>_psa_api.c?
In the documentation there is a lot of room for improvements, the existence of tfm_<partition>_secure_api.c could lead to confusion since it is not always well described.
tfm_attestation_integration_guide.rst: System integrators might need to port these interfaces to a custom secure partition manager implementation (SPM). Implementations in TF-M project can be found here:
- ``interface/src/tfm_initial_attestation_func_api.c``: non-secure interface implementation for library model - ``interface/src/tfm_initial_attestation_ipc_api.c``: non-secure interface implementation for IPC model - ``secure_fw/partitions/initial_attestation/tfm_attestation_secure_api.c``: secure interface implementation
Here it is not clear to me what "secure interface implementation" means, it could be interpreted as the SFN API.
tfm_crypto_integration_guide.rst: - ``tfm_crypto_secure_api.c`` : This module implements the PSA Crypto API client interface exposed to the Secure Processing Environment
Here it is clearer that tfm_<partition>_secure_api.c is the interface to the SPE. However the documented NSPE interface source file does not even exist, and does not explain the IPC / FUNC difference: | NSPE client API interface | This module exports the client API of PSA Crypto to the NSPE | ``./interface/src/tfm_crypto_api.c``
tfm_fwu_service.rst: | NSPE client API interface | This module exports the client API of PSA Firmware Update to | ``./interface/src/tfm_firmware_update_func_api.c`` | | | the NSPE(i.e. to the applications). | ``./interface/src/tfm_firmware_update_ipc_api.c`` |
Here it is mentioned the two possible source files, but it is not specified when to use which source file.
Generally: Between all the services this is not consistently listed, for example the tfm_its_service.rst file does not have the table of source files.
If there is a general description of the non-secure interface sources, I couldn't find it.
-Joakim AnderSSON
Hi Andersson,
Sorry for the confusions.
tfm_<partition>_ipc_api.c did were for the IPC Model, while there are another set of APIs tfm_<partition>_func_api.c for Library Model. Back then there was no the SFN Model (it was introduced in the FF-M v1.1 extensions). Although the IPC and SFN work very differently, the interfaces for requesting RoT Services are the same. The SFN shares the same API files with IPC and we wasn't able to rename them.
As have announced earlier, we will depreciate the Library model after October 1 and it will be removed in TF-M v1.7.0. The work would include cleaning up the APIs and documentations. Hope it would be much clearer then.
Best Regards, Kevin
From: Andersson, Joakim via TF-M tf-m@lists.trustedfirmware.org Sent: Monday, September 26, 2022 21:32 To: tf-m@lists.trustedfirmware.org Subject: [TF-M] SFN non-secure interface sources
Hi.
I was testing the SFN model on the TF-M 1.6 release and I am confused about which API source files should be used for the non-secure application. The documentation here is lacking, so I am going by what we do in the build scripts of TF-M and tf-m-tests. The non-secure source files that are exported and included in the nonsecure API library are tfm_<partition>_ipc_api.c.
This strikes me as odd, to use the IPC source files for the SFN model. If this is correct the naming is misleading. From the code the selection is done based on PSA_API definition. Based on this if this is the correct source files to use then I would think this should either be documented or renamed to something that better reflect the use, perhaps tfm_<partition>_psa_api.c?
In the documentation there is a lot of room for improvements, the existence of tfm_<partition>_secure_api.c could lead to confusion since it is not always well described.
tfm_attestation_integration_guide.rst: System integrators might need to port these interfaces to a custom secure partition manager implementation (SPM). Implementations in TF-M project can be found here:
- ``interface/src/tfm_initial_attestation_func_api.c``: non-secure interface implementation for library model - ``interface/src/tfm_initial_attestation_ipc_api.c``: non-secure interface implementation for IPC model - ``secure_fw/partitions/initial_attestation/tfm_attestation_secure_api.c``: secure interface implementation
Here it is not clear to me what "secure interface implementation" means, it could be interpreted as the SFN API.
tfm_crypto_integration_guide.rst: - ``tfm_crypto_secure_api.c`` : This module implements the PSA Crypto API client interface exposed to the Secure Processing Environment
Here it is clearer that tfm_<partition>_secure_api.c is the interface to the SPE. However the documented NSPE interface source file does not even exist, and does not explain the IPC / FUNC difference: | NSPE client API interface | This module exports the client API of PSA Crypto to the NSPE | ``./interface/src/tfm_crypto_api.c``
tfm_fwu_service.rst: | NSPE client API interface | This module exports the client API of PSA Firmware Update to | ``./interface/src/tfm_firmware_update_func_api.c`` | | | the NSPE(i.e. to the applications). | ``./interface/src/tfm_firmware_update_ipc_api.c`` |
Here it is mentioned the two possible source files, but it is not specified when to use which source file.
Generally: Between all the services this is not consistently listed, for example the tfm_its_service.rst file does not have the table of source files.
If there is a general description of the non-secure interface sources, I couldn't find it.
-Joakim AnderSSON
tf-m@lists.trustedfirmware.org