From aecbd9b96f770cafdbb0c6b42a3ef8359c653f2d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=98yvind=20R=C3=B8nningstad?= Date: Mon, 11 Jan 2021 15:38:00 +0100 Subject: [PATCH] modules: tf-m: Add zephyr native NS interface and logging function MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit To allow using TFM NS interface without enabling CMSIS_RTOS V2 support. And to allow using TFM NS code that uses logging. Signed-off-by: Øyvind Rønningstad Signed-off-by: Ioannis Glaropoulos --- modules/trusted-firmware-m/CMakeLists.txt | 2 +- .../trusted-firmware-m/interface/interface.c | 44 ++++++++++++++++++- .../trusted-firmware-m/src/zephyr_tfm_log.c | 18 ++++++++ .../psa_level_1/CMakeLists.txt | 1 - .../tfm_integration/psa_level_1/src/tfm_ipc.c | 37 ---------------- samples/tfm_integration/tfm_ipc/src/main.c | 27 ------------ 6 files changed, 62 insertions(+), 67 deletions(-) create mode 100644 modules/trusted-firmware-m/src/zephyr_tfm_log.c delete mode 100644 samples/tfm_integration/psa_level_1/src/tfm_ipc.c diff --git a/modules/trusted-firmware-m/CMakeLists.txt b/modules/trusted-firmware-m/CMakeLists.txt index 49f1a7830886ea..fc17bcd98e27ae 100644 --- a/modules/trusted-firmware-m/CMakeLists.txt +++ b/modules/trusted-firmware-m/CMakeLists.txt @@ -181,7 +181,7 @@ function(trusted_firmware_build) ) add_library(tfm_api - ${ZEPHYR_TRUSTED_FIRMWARE_M_MODULE_DIR}/tf-m-tests/app/os_wrapper_cmsis_rtos_v2.c + ${ZEPHYR_BASE}/modules/trusted-firmware-m/src/zephyr_tfm_log.c ) target_include_directories(tfm_api diff --git a/modules/trusted-firmware-m/interface/interface.c b/modules/trusted-firmware-m/interface/interface.c index 6692dfa2ef246e..13bdb1bf1c985e 100644 --- a/modules/trusted-firmware-m/interface/interface.c +++ b/modules/trusted-firmware-m/interface/interface.c @@ -1,4 +1,5 @@ /* + * Copyright (c) 2019,2020 Linaro Limited * Copyright (c) 2021 Nordic Semiconductor ASA * * SPDX-License-Identifier: Apache-2.0 @@ -10,6 +11,46 @@ #include +/** + * @file @brief Zephyr's TF-M NS interface implementation + * + */ + + +/* Global mutex to be used by the TF-M NS dispatcher, preventing + * the Non-Secure application from initiating multiple parallel + * TF-M secure calls. + */ +K_MUTEX_DEFINE(tfm_mutex); + +int32_t tfm_ns_interface_dispatch(veneer_fn fn, + uint32_t arg0, uint32_t arg1, + uint32_t arg2, uint32_t arg3) +{ + int32_t result; + + /* TF-M request protected by NS lock */ + if (k_mutex_lock(&tfm_mutex, K_FOREVER) != 0) { + return (int32_t)TFM_ERROR_GENERIC; + } + + result = fn(arg0, arg1, arg2, arg3); + + k_mutex_unlock(&tfm_mutex); + + return result; +} + +enum tfm_status_e tfm_ns_interface_init(void) +{ + /* + * The static K_MUTEX_DEFINE handles mutex initialization, + * so this function may be implemented as no-op. + */ + return TFM_SUCCESS; +} + + #if defined(TFM_PSA_API) #include "psa_manifest/sid.h" #endif /* TFM_PSA_API */ @@ -18,7 +59,8 @@ static int ns_interface_init(const struct device *arg) { ARG_UNUSED(arg); - (void)tfm_ns_interface_init(); + __ASSERT(tfm_ns_interface_init() == TFM_SUCCESS, + "TF-M NS interface init failed"); return 0; } diff --git a/modules/trusted-firmware-m/src/zephyr_tfm_log.c b/modules/trusted-firmware-m/src/zephyr_tfm_log.c new file mode 100644 index 00000000000000..f5a74196f0740c --- /dev/null +++ b/modules/trusted-firmware-m/src/zephyr_tfm_log.c @@ -0,0 +1,18 @@ +/* + * Copyright (c) 2021 Nordic Semiconductor ASA + * + * SPDX-License-Identifier: Apache-2.0 + */ + +#include + +int tfm_log_printf(const char *fmt, ...) +{ + va_list ap; + + va_start(ap, fmt); + vprintk(fmt, ap); + va_end(ap); + + return 0; +} diff --git a/samples/tfm_integration/psa_level_1/CMakeLists.txt b/samples/tfm_integration/psa_level_1/CMakeLists.txt index afcbe6c6d5865e..f958ce6593c1e8 100644 --- a/samples/tfm_integration/psa_level_1/CMakeLists.txt +++ b/samples/tfm_integration/psa_level_1/CMakeLists.txt @@ -14,7 +14,6 @@ target_sources(app PRIVATE src/main.c) target_sources(app PRIVATE src/psa_attestation.c) target_sources(app PRIVATE src/psa_crypto.c) target_sources(app PRIVATE src/shell.c) -target_sources(app PRIVATE src/tfm_ipc.c) target_sources(app PRIVATE src/util_app_cfg.c) target_sources(app PRIVATE src/util_app_log.c) target_sources(app PRIVATE src/util_sformat.c) diff --git a/samples/tfm_integration/psa_level_1/src/tfm_ipc.c b/samples/tfm_integration/psa_level_1/src/tfm_ipc.c deleted file mode 100644 index 1aad8ee3efd82c..00000000000000 --- a/samples/tfm_integration/psa_level_1/src/tfm_ipc.c +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (c) 2019,2020 Linaro Limited - * - * SPDX-License-Identifier: Apache-2.0 - */ - -#include - -#include "tfm_api.h" -#include "tfm_ns_interface.h" - -K_MUTEX_DEFINE(tfm_mutex); - -int32_t tfm_ns_interface_dispatch(veneer_fn fn, - uint32_t arg0, uint32_t arg1, - uint32_t arg2, uint32_t arg3) -{ - int32_t result; - - /* TFM request protected by NS lock */ - if (k_mutex_lock(&tfm_mutex, K_FOREVER) != 0) { - return (int32_t)TFM_ERROR_GENERIC; - } - - result = fn(arg0, arg1, arg2, arg3); - - k_mutex_unlock(&tfm_mutex); - - return result; -} - -enum tfm_status_e tfm_ns_interface_init(void) -{ - /* The static K_MUTEX_DEFINE handles mutex init, so just return. */ - - return TFM_SUCCESS; -} diff --git a/samples/tfm_integration/tfm_ipc/src/main.c b/samples/tfm_integration/tfm_ipc/src/main.c index e2551f00db41d4..18e8b17675c738 100644 --- a/samples/tfm_integration/tfm_ipc/src/main.c +++ b/samples/tfm_integration/tfm_ipc/src/main.c @@ -13,33 +13,6 @@ #include "psa_manifest/sid.h" #endif -K_MUTEX_DEFINE(tfm_mutex); - -int32_t tfm_ns_interface_dispatch(veneer_fn fn, - uint32_t arg0, uint32_t arg1, - uint32_t arg2, uint32_t arg3) -{ - int32_t result; - - /* TFM request protected by NS lock */ - if (k_mutex_lock(&tfm_mutex, K_FOREVER) != 0) { - return (int32_t)TFM_ERROR_GENERIC; - } - - result = fn(arg0, arg1, arg2, arg3); - - k_mutex_unlock(&tfm_mutex); - - return result; -} - -enum tfm_status_e tfm_ns_interface_init(void) -{ - /* The static K_MUTEX_DEFINE handles mutex init, so just return. */ - - return TFM_SUCCESS; -} - /** * \brief Retrieve the version of the PSA Framework API. *