Home
last modified time | relevance | path

Searched refs:client (Results 1 – 25 of 38) sorted by relevance

12

/trusted-firmware-m-3.7.0/docs/security/security_advisories/
Dprofile_small_key_id_encoding_vulnerability.rst29 TF-M Profile Small disabled Crypto key ID encoding with key owner client ID in
33 encoded with the client ID of key owner in Profile Small in TF-M v1.4.0.
45 Crypto service, the key ID and the key owner client ID are stored in the
47 the request by comparing the caller client ID with the stored key client ID.
49 - Mbed TLS stores a special structure encoded by key owner client ID and the
51 request by comparing the caller client ID with the key client ID stored in
55 require to validate key owner client ID between secure clients. Therefore, in
58 not encoded with key owner client ID.
60 However, it also disables the validation of NS client ID when a NS client
84 Crypto service. The stored derived keys can be accessed by a NS client if
[all …]
Dcrypto_multi_part_ops_abort_fail.rst66 The context is cleaned up in crypto library ``abort()`` function when the client
201 This mitigation assumes that client follows the sequence specified in PSA
/trusted-firmware-m-3.7.0/docs/design_docs/dual-cpu/
Dcommunication_prototype_between_nspe_and_spe_in_dual_core_systems.rst47 - `PSA client call handling flow in TF-M`_ discusses about the detailed sequence
48 and key modules of handling PSA client call in TF-M.
61 2. TF-M non-secure interface library notifies TF-M of the PSA client call
66 deal with the inbound mailbox event(s) and deliver the PSA client call
68 4. TF-M SPM processes the PSA client call request. The PSA client call is
79 Step 3 ~ step 5 are covered in `PSA client call handling flow in TF-M`_ in
95 A mailbox message shall contain the information and parameters of a PSA client
105 following, according to PSA client call type
132 Support of multiple ongoing NS PSA client calls (informative)
135 If the support of multiple ongoing NS PSA client calls in TF-M is required
[all …]
Dmailbox_ns_agent_update.rst14 isolated cores respectively. NSPE and SPE transfer non-secure client requests
44 - SPM treats FF-M Client API caller's ID as the client ID. While the mailbox NS
46 SPM which non-secure client it is representing, and the default FF-M Client
61 clients, the FF-M client API behaviour follows the FF-M definition. And NS
90 client of the service, which means that a specific API is required to
91 support identifying the represented non-secure client. SPM sets the non-secure
194 ``ns_client_id_stateless`` indicates the non-secure client id when the client
199 The vectors and non-secure client ID are recorded in the internal handle.
213 One extra parameter ``ns_client_id`` added to tell SPM which NS client the
216 values are invalid non-secure client IDs, SPM does not use these invalid IDs
[all …]
Dtfm_multi_core_access_check.rst42 - Non-secure client call request should not access secure memory.
52 - Non-secure client call request should not access secure memory.
150 check on non-secure memory for NSPE client call. If non-secure memory
155 For example, all the access from NSPE client calls to non-secure memory are
162 check functionalities before submitting the NSPE client call request to SPE.
217 non-secure client call request.
Dmailbox_design_on_dual_core_system.rst185 client call.
330 If ``TFM_MULTI_CORE_NS_OS`` is enabled, when a NS client starts a PSA Client
334 to organize received PSA client call parameters into a mailbox message.
337 SPE. During waiting for the result, the NS client thread may be switched
340 - When the result arrives, the NS client thread will be woken up inside
343 - The result is then written back to NS client finally.
388 client result. It can decrease the CPU idle time of waiting for PSA Client call
648 - ``client_id`` records the client ID of the non-secure client. Optional.
821 | ``reply`` | The NS client task private buffer written with |
1044 This function initializes the multi-core lock for synchronizing PSA client
[all …]
/trusted-firmware-m-3.7.0/docs/integration_guide/
Dnon-secure_client_extension_integration_guide.rst22 - Non-secure client ID (NSID) management
49 manage the NS client context. It is not accessible to NSPE.
64 specified for the connection of the NS client. NSCE allocates only one context
100 This function allocates a context for the NS client connection. The `gid` and
104 It is the responsibility of NSPE RTOS to assign gid and tid for each NS client.
119 This function should be called when NSPE RTOS schedules in a NS client. `token`
120 is returned by `tfm_nsce_acquire_ctx()`. `nsid` is the non-secure client ID
124 the same NSID for a NS client when calling this function each time. This allows
125 the NS client changing its NSID in the lifecycle. For example, the provisioning
133 This function should be called when NSPE RTOS schedules out a NS client. The
[all …]
Dos_migration_guide_armv8m.rst20 - If the OS manages the non-secure client identification, please check the
Dindex.rst12 NS client integration <non-secure_client_extension_integration_guide.rst>
105 NS client Identification
108 The NS client identification (NSID) is specified by either SPM or NSPE RTOS.
/trusted-firmware-m-3.7.0/docs/design_docs/services/
Dsecure_partition_manager.rst30 acts as a client when it is accessing its depending services.
38 Each service exposes its `Service ID` (`SID`) and `Handle` for client access
40 Partitions use FF-M `Secure Partition API` when it needs to operate on client
41 data or reply to a client.
72 returned result to the client. The advantages of this model:
86 (from client to service function) is a function call. This model:
120 Not like an `SPE` client that can call `Client API` to access the secure
121 services in one step, an `NSPE` client needs to cross the secure boundaries
148 - SPM can treat these components as the client: NS Agent, SFN Partition,
153 - Partitions interact with client data by `Secure Partition API`.
[all …]
Dstateless_rot_service.rst48 - service version requested by client - for client version check
95 According to FF-M v1.1, client calling ``psa_connect()`` with the SID of a
101 According to FF-M v1.1, client passing a stateless handle to call this API is a
121 authorization check, service and client version check, and handle space
Dtfm_its_service.rst133 translate the UID and client ID into a file ID and then make appropriate calls
173 append the 32-bit client ID of the calling partition for access control. The
177 SST uses the object table to do the mapping from client ID, UID pairs to file
185 (client ID, UID) to file ID
200 mapping onto file IDs would incur only the cost of copying the UID and client ID
265 different flash device. It can use the client ID to detect when the caller is
Dtfm_crypto_design.rst73 …| | that setting this option on the client side is a hard | …
102 …| | definitions to build the client interface of the service, i.e.| …
122 …| | never be set when the headers are included for client side | …
167 between the client and the service sides of the API.
168 In this context, the client must always define the Mbed TLS config option
172 component on the service side which is able to identify the client through an
190 discouraged, mainly because both on the client side and on the service side a
193 how they should be used on both client and service side of the integration. Note
Dsecure_partition_runtime_library.rst125 usability of the service for client firmware.
136 In general, a client uses the PSA Client API to access a secure service.
179 - For those RoT Service APIs only get called by a specific client, they can be
180 implemented inside the caller client, instead of putting it into SPRTL.
Dtfm_fwu_service.rst41 …| Client API interface | This module exports the client API of PSA Firmware Update to | ``…
46 …| NSPE client API interface | This module exports the client API of PSA Firmware Update to | ``…
/trusted-firmware-m-3.7.0/secure_fw/partitions/platform/
DKconfig.comp15 Size of the internal transiant buffer to hold input vectors from client.
/trusted-firmware-m-3.7.0/docs/platform/arm/rse/
Drse_comms.rst13 To call an RSE service, the client must send a message in-band over the MHU
51 client to identify which message is being responded to, since replies may be
151 A reference implementation of the client side of the RSE comms is available in
/trusted-firmware-m-3.7.0/docs/design_docs/
Dtfm_physical_attack_mitigation.rst245 - PSA client permission check in TF-M
290 PSA client permission checks
293 a PSA client, such as:
295 - Check whether the PSA client is a non-secure client or a secure client
297 NS client's PSA client ID is negative. NS client is not allowed to directly
299 authenticates a NS client. It may manipulate TF-M to accept it as a secure
300 client and allow the NS client to access assets.
/trusted-firmware-m-3.7.0/platform/ext/target/cypress/psoc64/
Dconfig.cmake12 set(TFM_NS_CLIENT_IDENTIFICATION OFF CACHE BOOL "Enable NS client identificatio…
/trusted-firmware-m-3.7.0/secure_fw/spm/core/
Dbackend_ipc.c220 struct partition_t *client = handle->p_client; in backend_replying() local
231 UNI_LIST_INSERT_AFTER(client, handle, p_handles); in backend_replying()
/trusted-firmware-m-3.7.0/secure_fw/partitions/internal_trusted_storage/
DKconfig.comp53 copied between the client and the filesystem in one iteration.
/trusted-firmware-m-3.7.0/docs/releases/
D1.5.0.rst13 - Add Non-secure Client Extension (NSCE) for non-secure client ID management
/trusted-firmware-m-3.7.0/docs/integration_guide/source_structure/
Dsource_structure.rst31 interface RoT service API for client calls
/trusted-firmware-m-3.7.0/docs/integration_guide/services/
Dtfm_platform_integration_guide.rst70 A request type is provided by the client, with additional parameters contained
Dtfm_crypto_integration_guide.rst96 contexts are supported at once. In a multipart operation, the client view of
100 implements the PSA Crypto API client interface exposed to both S/NS clients.

12