Hi,
Assuming Isolation Level 1 and IPC backend, I'm using Attestation partition with SFN model with stateless handle and a custom Crypto partition using IPC model with stateless handle. My custom Crypto partition includes a PSA crypto wrapper which defines all the PSA Crypto APIs to use HW crypto. We used IPC since we want to be able to support isolation level 2-3 in the future.
When the Attestation partition make calls to PSA Crypto (psa_hash_setup for example), should it use a psa_call() to the Crypto Partition? That is what I had expected since the crypto partition is IPC model but I'm seeing it call the PSA crypto code directly. Also, it appears to provide client side psa_hash_operation_t directly to the psa_hash_setup which is expecting the full operation struct.
Is my configuration valid? How should it work?
[ 52%] Building C object secure_fw/partitions/partitions/_1/crypto_sp/CMakeFiles/ti_tfm_psa_rot_partition_crypto.dir/home/brian/gits/secure_drivers/source/third_party/psa_crypto/psa_crypto_wrapper.o [ 53%] Building C object secure_fw/partitions/partitions/_1/crypto_sp/CMakeFiles/ti_tfm_psa_rot_partition_crypto.dir/__/__/__/__/__/generated/secure_fw/partitions/ti_crypto/auto_generated/intermedia_crypto_sp.o [ 53%] Building C object secure_fw/partitions/partitions/_1/crypto_sp/CMakeFiles/ti_tfm_psa_rot_partition_crypto.dir/home/brian/gits/spe/source/third_party/tfm/platform/ext/common/syscalls_stub.o [ 54%] Linking C static library libti_tfm_psa_rot_partition_crypto.a [ 54%] Built target ti_tfm_psa_rot_partition_crypto [ 54%] Building C object secure_fw/partitions/initial_attestation/CMakeFiles/tfm_psa_rot_partition_attestation.dir/tfm_attest.o [ 55%] Building C object secure_fw/partitions/initial_attestation/CMakeFiles/tfm_psa_rot_partition_attestation.dir/tfm_attest_req_mngr.o [ 55%] Building C object secure_fw/partitions/initial_attestation/CMakeFiles/tfm_psa_rot_partition_attestation.dir/attest_core.o [ 56%] Building C object secure_fw/partitions/initial_attestation/CMakeFiles/tfm_psa_rot_partition_attestation.dir/attest_boot_data.o [ 56%] Building C object secure_fw/partitions/initial_attestation/CMakeFiles/tfm_psa_rot_partition_attestation.dir/attest_asymmetric_key.o [ 57%] Building C object secure_fw/partitions/initial_attestation/CMakeFiles/tfm_psa_rot_partition_attestation.dir/attest_token_encode.o [ 57%] Building C object secure_fw/partitions/initial_attestation/CMakeFiles/tfm_psa_rot_partition_attestation.dir/__/__/__/generated/secure_fw/partitions/initial_attestation/auto_generated/intermedia_tfm_initial_attestation.o [ 58%] Building C object secure_fw/partitions/initial_attestation/CMakeFiles/tfm_psa_rot_partition_attestation.dir/__/__/__/lib/ext/t_cose/src/t_cose_sign1_sign.o [ 58%] Building C object secure_fw/partitions/initial_attestation/CMakeFiles/tfm_psa_rot_partition_attestation.dir/__/__/__/lib/ext/t_cose/src/t_cose_sign1_verify.o [ 59%] Building C object secure_fw/partitions/initial_attestation/CMakeFiles/tfm_psa_rot_partition_attestation.dir/__/__/__/lib/ext/t_cose/src/t_cose_util.o [ 59%] Building C object secure_fw/partitions/initial_attestation/CMakeFiles/tfm_psa_rot_partition_attestation.dir/__/__/__/lib/ext/t_cose/src/t_cose_parameters.o [ 60%] Building C object secure_fw/partitions/initial_attestation/CMakeFiles/tfm_psa_rot_partition_attestation.dir/__/__/__/lib/ext/t_cose/crypto_adapters/t_cose_psa_crypto.o [ 60%] Building C object secure_fw/partitions/initial_attestation/CMakeFiles/tfm_psa_rot_partition_attestation.dir/__/__/__/platform/ext/common/syscalls_stub.o [ 61%] Linking C static library libtfm_psa_rot_partition_attestation.a [ 61%] Built target tfm_psa_rot_partition_attestation [ 61%] Building C object secure_fw/partitions/lib/runtime/CMakeFiles/tfm_sprt.dir/__/__/__/__/platform/ext/common/syscalls_stub.o [ 62%] Building C object secure_fw/partitions/lib/runtime/CMakeFiles/tfm_sprt.dir/crt_memcmp.o [ 62%] Building C object secure_fw/partitions/lib/runtime/CMakeFiles/tfm_sprt.dir/crt_memmove.o [ 63%] Building C object secure_fw/partitions/lib/runtime/CMakeFiles/tfm_sprt.dir/crt_strnlen.o [ 63%] Building C object secure_fw/partitions/lib/runtime/CMakeFiles/tfm_sprt.dir/service_api.o [ 64%] Building C object secure_fw/partitions/lib/runtime/CMakeFiles/tfm_sprt.dir/__/__/__/shared/crt_memcpy.o [ 64%] Building C object secure_fw/partitions/lib/runtime/CMakeFiles/tfm_sprt.dir/__/__/__/shared/crt_memset.o [ 65%] Building C object secure_fw/partitions/lib/runtime/CMakeFiles/tfm_sprt.dir/sprt_partition_metadata_indicator.o [ 65%] Building C object secure_fw/partitions/lib/runtime/CMakeFiles/tfm_sprt.dir/sfn_common_thread.o [ 66%] Building C object secure_fw/partitions/lib/runtime/CMakeFiles/tfm_sprt.dir/psa_api_ipc.o [ 66%] Building C object secure_fw/partitions/lib/runtime/CMakeFiles/tfm_sprt.dir/__/__/__/spm/core/psa_interface_thread_fn_call.o [ 67%] Building C object secure_fw/partitions/lib/runtime/CMakeFiles/tfm_sprt.dir/__/__/__/__/interface/src/tfm_attest_api.o [ 67%] Building C object secure_fw/partitions/lib/runtime/CMakeFiles/tfm_sprt.dir/__/__/__/__/interface/src/tfm_psa_call.o [ 68%] Building C object secure_fw/partitions/lib/runtime/CMakeFiles/tfm_sprt.dir/__/__/__/__/interface/src/tfm_crypto_api.o [ 68%] Linking C static library libtfm_sprt.a
Regards,
Brian Quach SimpleLink MCU Texas Instruments Inc. 12500 TI Blvd, MS F-4000 Dallas, TX 75243 214-479-4076
Hi Brian,
We will try to reproduce your configuration just to confirm how the Crypto service is called. All the clients, even the secure ones, are supposed to always use the client interface and provide the client view of those structures. If it provides client side structures but calls directly into PSA Crypto APIs it will just crash as that is not the expected call flow.
Thanks, Antonio
________________________________ From: Quach, Brian via TF-M Sent: Tuesday, May 06, 2025 00:33 To: tf-m@lists.trustedfirmware.org Subject: [TF-M] Attestation calls to PSA Crypto
Hi,
Assuming Isolation Level 1 and IPC backend, I’m using Attestation partition with SFN model with stateless handle and a custom Crypto partition using IPC model with stateless handle. My custom Crypto partition includes a PSA crypto wrapper which defines all the PSA Crypto APIs to use HW crypto. We used IPC since we want to be able to support isolation level 2-3 in the future.
When the Attestation partition make calls to PSA Crypto (psa_hash_setup for example), should it use a psa_call() to the Crypto Partition? That is what I had expected since the crypto partition is IPC model but I’m seeing it call the PSA crypto code directly. Also, it appears to provide client side psa_hash_operation_t directly to the psa_hash_setup which is expecting the full operation struct.
Is my configuration valid? How should it work?
[ 52%] Building C object secure_fw/partitions/partitions/_1/crypto_sp/CMakeFiles/ti_tfm_psa_rot_partition_crypto.dir/home/brian/gits/secure_drivers/source/third_party/psa_crypto/psa_crypto_wrapper.o
[ 53%] Building C object secure_fw/partitions/partitions/_1/crypto_sp/CMakeFiles/ti_tfm_psa_rot_partition_crypto.dir/__/__/__/__/__/generated/secure_fw/partitions/ti_crypto/auto_generated/intermedia_crypto_sp.o
[ 53%] Building C object secure_fw/partitions/partitions/_1/crypto_sp/CMakeFiles/ti_tfm_psa_rot_partition_crypto.dir/home/brian/gits/spe/source/third_party/tfm/platform/ext/common/syscalls_stub.o
[ 54%] Linking C static library libti_tfm_psa_rot_partition_crypto.a
[ 54%] Built target ti_tfm_psa_rot_partition_crypto
[ 54%] Building C object secure_fw/partitions/initial_attestation/CMakeFiles/tfm_psa_rot_partition_attestation.dir/tfm_attest.o
[ 55%] Building C object secure_fw/partitions/initial_attestation/CMakeFiles/tfm_psa_rot_partition_attestation.dir/tfm_attest_req_mngr.o
[ 55%] Building C object secure_fw/partitions/initial_attestation/CMakeFiles/tfm_psa_rot_partition_attestation.dir/attest_core.o
[ 56%] Building C object secure_fw/partitions/initial_attestation/CMakeFiles/tfm_psa_rot_partition_attestation.dir/attest_boot_data.o
[ 56%] Building C object secure_fw/partitions/initial_attestation/CMakeFiles/tfm_psa_rot_partition_attestation.dir/attest_asymmetric_key.o
[ 57%] Building C object secure_fw/partitions/initial_attestation/CMakeFiles/tfm_psa_rot_partition_attestation.dir/attest_token_encode.o
[ 57%] Building C object secure_fw/partitions/initial_attestation/CMakeFiles/tfm_psa_rot_partition_attestation.dir/__/__/__/generated/secure_fw/partitions/initial_attestation/auto_generated/intermedia_tfm_initial_attestation.o
[ 58%] Building C object secure_fw/partitions/initial_attestation/CMakeFiles/tfm_psa_rot_partition_attestation.dir/__/__/__/lib/ext/t_cose/src/t_cose_sign1_sign.o
[ 58%] Building C object secure_fw/partitions/initial_attestation/CMakeFiles/tfm_psa_rot_partition_attestation.dir/__/__/__/lib/ext/t_cose/src/t_cose_sign1_verify.o
[ 59%] Building C object secure_fw/partitions/initial_attestation/CMakeFiles/tfm_psa_rot_partition_attestation.dir/__/__/__/lib/ext/t_cose/src/t_cose_util.o
[ 59%] Building C object secure_fw/partitions/initial_attestation/CMakeFiles/tfm_psa_rot_partition_attestation.dir/__/__/__/lib/ext/t_cose/src/t_cose_parameters.o
[ 60%] Building C object secure_fw/partitions/initial_attestation/CMakeFiles/tfm_psa_rot_partition_attestation.dir/__/__/__/lib/ext/t_cose/crypto_adapters/t_cose_psa_crypto.o
[ 60%] Building C object secure_fw/partitions/initial_attestation/CMakeFiles/tfm_psa_rot_partition_attestation.dir/__/__/__/platform/ext/common/syscalls_stub.o
[ 61%] Linking C static library libtfm_psa_rot_partition_attestation.a
[ 61%] Built target tfm_psa_rot_partition_attestation
[ 61%] Building C object secure_fw/partitions/lib/runtime/CMakeFiles/tfm_sprt.dir/__/__/__/__/platform/ext/common/syscalls_stub.o
[ 62%] Building C object secure_fw/partitions/lib/runtime/CMakeFiles/tfm_sprt.dir/crt_memcmp.o
[ 62%] Building C object secure_fw/partitions/lib/runtime/CMakeFiles/tfm_sprt.dir/crt_memmove.o
[ 63%] Building C object secure_fw/partitions/lib/runtime/CMakeFiles/tfm_sprt.dir/crt_strnlen.o
[ 63%] Building C object secure_fw/partitions/lib/runtime/CMakeFiles/tfm_sprt.dir/service_api.o
[ 64%] Building C object secure_fw/partitions/lib/runtime/CMakeFiles/tfm_sprt.dir/__/__/__/shared/crt_memcpy.o
[ 64%] Building C object secure_fw/partitions/lib/runtime/CMakeFiles/tfm_sprt.dir/__/__/__/shared/crt_memset.o
[ 65%] Building C object secure_fw/partitions/lib/runtime/CMakeFiles/tfm_sprt.dir/sprt_partition_metadata_indicator.o
[ 65%] Building C object secure_fw/partitions/lib/runtime/CMakeFiles/tfm_sprt.dir/sfn_common_thread.o
[ 66%] Building C object secure_fw/partitions/lib/runtime/CMakeFiles/tfm_sprt.dir/psa_api_ipc.o
[ 66%] Building C object secure_fw/partitions/lib/runtime/CMakeFiles/tfm_sprt.dir/__/__/__/spm/core/psa_interface_thread_fn_call.o
[ 67%] Building C object secure_fw/partitions/lib/runtime/CMakeFiles/tfm_sprt.dir/__/__/__/__/interface/src/tfm_attest_api.o
[ 67%] Building C object secure_fw/partitions/lib/runtime/CMakeFiles/tfm_sprt.dir/__/__/__/__/interface/src/tfm_psa_call.o
[ 68%] Building C object secure_fw/partitions/lib/runtime/CMakeFiles/tfm_sprt.dir/__/__/__/__/interface/src/tfm_crypto_api.o
[ 68%] Linking C static library libtfm_sprt.a
Regards,
Brian Quach
SimpleLink MCU
Texas Instruments Inc.
12500 TI Blvd, MS F-4000
Dallas, TX 75243
214-479-4076
Hi Brian,
We built secure world TF-M test for AN521 platform:
``` cmake -S spe -B build_spe -DTFM_PLATFORM=arm/mps2/an521 \ -DCONFIG_TFM_SOURCE_PATH="$TFM_SOURCE_DIR" \ -DCMAKE_BUILD_TYPE=Debug \ -DTEST_S=ON -DTEST_NS=OFF ```
We ran this test on a FVP model and stepped through `tfm_attest_test_1001`. Please find attached a screenshot of the call stack.
Function in `attest_core` (in the Attestation partition) invokes function in the `tfm_crypto_api`. This request is routed by the Secure Partition Manager (SPM) into the Crypto partition via `psa_call()`.
On 5/6/25 00:33, Quach, Brian wrote:
Is my configuration valid? How should it work?
Any time you call a function across partitions, regardless of isolation level, the SPM forwards it to the target partition using `psa_call()`
Best regards, Mudit Sharma
Hi Mudit,
Thanks for checking. Is the build you tested using the same mix of SFN and IPC as I was?
Regards, Brian
From: Mudit Sharma mudit.sharma@arm.com Sent: Thursday, May 8, 2025 5:21 AM To: Quach, Brian brian@ti.com; tf-m@lists.trustedfirmware.org Cc: Antonio.DeAngelis@arm.com Subject: [EXTERNAL] Re: [TF-M] Attestation calls to PSA Crypto
Hi Brian, We built secure world TF-M test for AN521 platform: ``` cmake -S spe -B build_spe -DTFM_PLATFORM=arm/mps2/an521 \ -DCONFIG_TFM_SOURCE_PATH="$TFM_SOURCE_DIR" \ -DCMAKE_BUILD_TYPE=Debug \ -DTEST_S=ON -DTEST_NS=OFF ``` We ran this test ZjQcmQRYFpfptBannerStart This message was sent from outside of Texas Instruments.
Do not click links or open attachments unless you recognize the source of this email and know the content is safe.
Report Suspicious https://us-phishalarm-ewt.proofpoint.com/EWT/v1/G3vK!uXdq_RaPN01xCsXEHfkD30mIPYz_EbnBqQGBvnbouMgudPdAJ14GyaOHUmdKZixGFsdj_stb3XHSw1iHvk8Tv38$
ZjQcmQRYFpfptBannerEnd
Hi Brian,
We built secure world TF-M test for AN521 platform:
```
cmake -S spe -B build_spe -DTFM_PLATFORM=arm/mps2/an521 \
-DCONFIG_TFM_SOURCE_PATH="$TFM_SOURCE_DIR" \
-DCMAKE_BUILD_TYPE=Debug \
-DTEST_S=ON -DTEST_NS=OFF
```
We ran this test on a FVP model and stepped through
`tfm_attest_test_1001`. Please find attached a screenshot of the call stack.
Function in `attest_core` (in the Attestation partition) invokes
function in the `tfm_crypto_api`. This request is routed by the Secure
Partition Manager (SPM) into the Crypto partition via `psa_call()`.
On 5/6/25 00:33, Quach, Brian wrote:
Is my configuration valid? How should it work?
Any time you call a function across partitions, regardless of isolation
level, the SPM forwards it to the target partition using `psa_call()`
Best regards,
Mudit Sharma
Hi Brian,
we can't reproduce exactly that mixture easily but I don't think that should affect how the partition code gets linked to the interface code. Regardless of the type of partition (SFN/IPC) the linking of the interfaces should remain the same, i.e. your setup should not be able to link at all directly with the crypto library that provides the PSA Crypto APIs.
Thanks, Antonio
________________________________ From: Quach, Brian Sent: Thursday, May 08, 2025 15:29 To: Mudit Sharma; tf-m@lists.trustedfirmware.org Cc: Antonio De Angelis Subject: RE: [EXTERNAL] Re: [TF-M] Attestation calls to PSA Crypto
Hi Mudit,
Thanks for checking. Is the build you tested using the same mix of SFN and IPC as I was?
Regards, Brian
From: Mudit Sharma mudit.sharma@arm.com Sent: Thursday, May 8, 2025 5:21 AM To: Quach, Brian brian@ti.com; tf-m@lists.trustedfirmware.org Cc: Antonio.DeAngelis@arm.com Subject: [EXTERNAL] Re: [TF-M] Attestation calls to PSA Crypto
Hi Brian, We built secure world TF-M test for AN521 platform: ``` cmake -S spe -B build_spe -DTFM_PLATFORM=arm/mps2/an521 \ -DCONFIG_TFM_SOURCE_PATH="$TFM_SOURCE_DIR" \ -DCMAKE_BUILD_TYPE=Debug \ -DTEST_S=ON -DTEST_NS=OFF ``` We ran this test
ZjQcmQRYFpfptBannerStart
This message was sent from outside of Texas Instruments.
Do not click links or open attachments unless you recognize the source of this email and know the content is safe.
Report Suspicious https://us-phishalarm-ewt.proofpoint.com/EWT/v1/G3vK!uXdq_RaPN01xCsXEHfkD30mIPYz_EbnBqQGBvnbouMgudPdAJ14GyaOHUmdKZixGFsdj_stb3XHSw1iHvk8Tv38$
ZjQcmQRYFpfptBannerEnd
Hi Brian,
We built secure world TF-M test for AN521 platform:
```
cmake -S spe -B build_spe -DTFM_PLATFORM=arm/mps2/an521 \
-DCONFIG_TFM_SOURCE_PATH="$TFM_SOURCE_DIR" \
-DCMAKE_BUILD_TYPE=Debug \
-DTEST_S=ON -DTEST_NS=OFF
```
We ran this test on a FVP model and stepped through
`tfm_attest_test_1001`. Please find attached a screenshot of the call stack.
Function in `attest_core` (in the Attestation partition) invokes
function in the `tfm_crypto_api`. This request is routed by the Secure
Partition Manager (SPM) into the Crypto partition via `psa_call()`.
On 5/6/25 00:33, Quach, Brian wrote:
Is my configuration valid? How should it work?
Any time you call a function across partitions, regardless of isolation
level, the SPM forwards it to the target partition using `psa_call()`
Best regards,
Mudit Sharma
tf-m@lists.trustedfirmware.org