/* * Copyright (c) 2017-2019, Arm Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause * */ #ifndef __TFM_API_H__ #define __TFM_API_H__ #ifdef __cplusplus extern "C" { #endif #include <stdint.h> #include "psa_client.h" #define TFM_INVALID_CLIENT_ID 0 /** * \brief Checks if the provided client ID is a secure client ID. * * \param[in] client_id Client ID to check * * \return Returns 1 if the client Id is secure. Otherwise, returns 0. */ #define TFM_CLIENT_ID_IS_S(client_id) ((client_id)>0) /** * \brief Checks if the provided client ID is a non-secure client ID. * * \param[in] client_id Client ID to check * * \return Returns 1 if the client Id is non-secure. Otherwise, returns 0. */ #define TFM_CLIENT_ID_IS_NS(client_id) ((client_id)<0) /* Maximum number of input and output vectors */ #define PSA_MAX_IOVEC (4) /* FixMe: sort out DEBUG compile option and limit return value options * on external interfaces */ /* For secure functions using prorietary signatures * TFM will only return values recognized and parsed by TFM core. * Service return codes are not automatically passed on to REE. * Any non-zero return value is interpreted as an error that may trigger * TEE error handling flow. * For secure functions using the veneers in secure_fw/ns_callable/tfm_veneers.c * (iovec API) this limitation does not apply. */ enum tfm_status_e { TFM_SUCCESS = 0, TFM_PARTITION_BUSY, TFM_ERROR_SECURE_DOMAIN_LOCKED, TFM_ERROR_INVALID_PARAMETER, TFM_ERROR_PARTITION_NON_REENTRANT, TFM_ERROR_NS_THREAD_MODE_CALL, TFM_ERROR_NOT_INITIALIZED, TFM_ERROR_NO_ACTIVE_PARTITION, TFM_ERROR_INVALID_EXC_MODE, TFM_SECURE_LOCK_FAILED, TFM_SECURE_UNLOCK_FAILED, TFM_ERROR_GENERIC = 0x1F, TFM_PARTITION_SPECIFIC_ERROR_MIN, }; //==================== Secure function declarations ==========================// /** * \brief Assign client ID to the current TZ context * * \param[in] ns_client_id The client ID to be assigned to the current * context * \return TFM_SUCCESS if the client ID assigned successfully, an error code * according to \ref tfm_status_e in case of error. * * \note This function have to be called from handler mode. */ enum tfm_status_e tfm_register_client_id (int32_t ns_client_id); /** * \brief Retrieve the version of the PSA Framework API that is implemented * * \return The version of the PSA Framework */ uint32_t tfm_psa_framework_version_veneer(void); /** * \brief Return version of secure function provided by secure binary * * \param[in] sid ID of secure service * * \return Version number of secure function */ uint32_t tfm_psa_version_veneer(uint32_t sid); /** * \brief Connect to secure function * * \param[in] sid ID of secure service * \param[in] minor_version Minor version of SF requested by client * * \return Returns handle to connection */ psa_handle_t tfm_psa_connect_veneer(uint32_t sid, uint32_t minor_version); /** * \brief Call a secure function referenced by a connection handle * * \param[in] handle Handle to connection * \param[in] in_vecs invec containing pointer/count of input vectors * \param[in] out_vecs outvec containing pointer/count of output vectors * * \return Returns \ref psa_status_t status code */ psa_status_t tfm_psa_call_veneer(psa_handle_t handle, const psa_invec *in_vecs, psa_outvec *out_vecs); /** * \brief Close connection to secure function referenced by a connection handle * * \param[in] handle Handle to connection * * \return Returns \ref psa_status_t status code */ psa_status_t tfm_psa_close_veneer(psa_handle_t handle); //================ End Secure function declarations ==========================// #ifdef __cplusplus } #endif #endif /* __TFM_API_H__ */