1 /* 2 * Copyright (c) 2021, Arm Limited. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 * 6 */ 7 8 #ifndef __TFM_NS_CLIENT_EXT_H__ 9 #define __TFM_NS_CLIENT_EXT_H__ 10 11 #ifdef __cplusplus 12 extern "C" { 13 #endif 14 15 #include <stdint.h> 16 17 #define TFM_NS_CLIENT_INVALID_TOKEN 0xFFFFFFFF 18 19 /* TF-M NSID Error code */ 20 #define TFM_NS_CLIENT_ERR_SUCCESS 0x0 21 #define TFM_NS_CLIENT_ERR_INVALID_TOKEN 0x1 22 #define TFM_NS_CLIENT_ERR_INVALID_NSID 0x2 23 #define TFM_NS_CLIENT_ERR_INVALID_ACCESS 0x3 24 25 /** 26 * \brief Initialize the non-secure client extension 27 * 28 * \details This function should be called before any other non-secure client 29 * APIs. It gives NSPE the opportunity to initialize the non-secure 30 * client extension in TF-M. Also, NSPE can get the number of allocated 31 * non-secure client context slots in the return value. That is useful 32 * if NSPE wants to decide the group (context) assignment at runtime. 33 * 34 * \param[in] ctx_requested The number of non-secure context requested from the 35 * NS entity. If request maximum available context, then set it to 0. 36 * 37 * \return Returns the number of non-secure context allocated to the NS entity. 38 * The allocated context number <= maximum supported context number. 39 * If the initialization is failed, then 0 is returned. 40 */ 41 uint32_t tfm_nsce_init(uint32_t ctx_requested); 42 43 /** 44 * \brief Acquire the context for a non-secure client 45 * 46 * \details This function should be called before a non-secure client calling 47 * the PSA API into TF-M. It is to request the allocation of the 48 * context for the upcoming service call from that non-secure client. 49 * The non-secure clients in one group share the same context. 50 * The thread ID is used to identify the different non-secure clients. 51 * 52 * \param[in] group_id The group ID of the non-secure client 53 * \param[in] thread_id The thread ID of the non-secure client 54 * 55 * \return Returns the token of the allocated context. 0xFFFFFFFF means the 56 * allocation failed and the token is invalid. 57 */ 58 uint32_t tfm_nsce_acquire_ctx(uint8_t group_id, uint8_t thread_id); 59 60 /** 61 * \brief Release the context for the non-secure client 62 * 63 * \details This function should be called when a non-secure client is going to 64 * be terminated or will not call TF-M secure services in the future. 65 * It is to release the context allocated for the calling non-secure 66 * client. If the calling non-secure client is the only thread in the 67 * group, then the context will be deallocated. Otherwise, the context 68 * will still be taken for the other threads in the group. 69 * 70 * \param[in] token The token returned by tfm_nsce_acquire_ctx 71 * 72 * \return Returns the error code. 73 */ 74 uint32_t tfm_nsce_release_ctx(uint32_t token); 75 76 /** 77 * \brief Load the context for the non-secure client 78 * 79 * \details This function should be called when a non-secure client is going to 80 * be scheduled in at the non-secure side. 81 * The caller is usually the scheduler of the RTOS. 82 * The non-secure client ID is managed by the non-secure world and 83 * passed to TF-M as the input parameter of TF-M. 84 * 85 * \param[in] token The token returned by tfm_nsce_acquire_ctx 86 * \param[in] nsid The non-secure client ID for this client 87 * 88 * \return Returns the error code. 89 */ 90 uint32_t tfm_nsce_load_ctx(uint32_t token, int32_t nsid); 91 92 /** 93 * \brief Save the context for the non-secure client 94 * 95 * \details This function should be called when a non-secure client is going to 96 * be scheduled out at the non-secure side. 97 * The caller is usually the scheduler of the RTOS. 98 * 99 * \param[in] token The token returned by tfm_nsce_acquire_ctx 100 * 101 * \return Returns the error code. 102 */ 103 uint32_t tfm_nsce_save_ctx(uint32_t token); 104 105 #ifdef __cplusplus 106 } 107 #endif 108 109 #endif /* __TFM_NS_CLIENT_EXT_H__ */ 110
