Home
last modified time | relevance | path

Searched refs:service (Results 1 – 25 of 108) sorted by relevance

12345

/trusted-firmware-m-3.7.0/secure_fw/spm/core/
Dspm_ipc.c65 if (p_handle_iter->service->p_ldinf->signal == signal) { in spm_get_handle_by_signal()
124 int32_t tfm_spm_check_client_version(const struct service_t *service, in tfm_spm_check_client_version() argument
127 SPM_ASSERT(service); in tfm_spm_check_client_version()
129 switch (SERVICE_GET_VERSION_POLICY(service->p_ldinf->flags)) { in tfm_spm_check_client_version()
131 if (version > service->p_ldinf->version) { in tfm_spm_check_client_version()
136 if (version != service->p_ldinf->version) { in tfm_spm_check_client_version()
147 const struct service_t *service, in tfm_spm_check_authorization() argument
154 SPM_ASSERT(service); in tfm_spm_check_authorization()
157 if (!SERVICE_IS_NS_ACCESSIBLE(service->p_ldinf->flags)) { in tfm_spm_check_authorization()
186 const struct service_t *service; in spm_get_idle_connection() local
[all …]
Dpsa_version_api.c22 const struct service_t *service; in tfm_spm_client_psa_version() local
29 service = tfm_spm_get_service_by_sid(sid); in tfm_spm_client_psa_version()
30 if (!service) { in tfm_spm_client_psa_version()
38 if (tfm_spm_check_authorization(sid, service, ns_caller) != PSA_SUCCESS) { in tfm_spm_client_psa_version()
42 return service->p_ldinf->version; in tfm_spm_client_psa_version()
Dpsa_connection_api.c40 const struct service_t *service; in spm_psa_connect_client_id_associated() local
49 service = tfm_spm_get_service_by_sid(sid); in spm_psa_connect_client_id_associated()
50 if (!service) { in spm_psa_connect_client_id_associated()
55 if (SERVICE_IS_STATELESS(service->p_ldinf->flags)) { in spm_psa_connect_client_id_associated()
63 if (tfm_spm_check_authorization(sid, service, ns_caller) != PSA_SUCCESS) { in spm_psa_connect_client_id_associated()
71 if (tfm_spm_check_client_version(service, version) != PSA_SUCCESS) { in spm_psa_connect_client_id_associated()
86 spm_init_idle_connection(connection, service, client_id); in spm_psa_connect_client_id_associated()
140 if (SERVICE_IS_STATELESS(handle->service->p_ldinf->flags)) { in tfm_spm_partition_psa_set_rhandle()
Dpsa_mmiovec_api.c29 partition = handle->service->partition; in tfm_spm_partition_psa_map_invec()
35 if (!SERVICE_ENABLED_MM_IOVEC(handle->service->p_ldinf->flags)) { in tfm_spm_partition_psa_map_invec()
107 if (!SERVICE_ENABLED_MM_IOVEC(handle->service->p_ldinf->flags)) { in tfm_spm_partition_psa_unmap_invec()
159 partition = handle->service->partition; in tfm_spm_partition_psa_map_outvec()
165 if (!SERVICE_ENABLED_MM_IOVEC(handle->service->p_ldinf->flags)) { in tfm_spm_partition_psa_map_outvec()
235 if (!SERVICE_ENABLED_MM_IOVEC(handle->service->p_ldinf->flags)) { in tfm_spm_partition_psa_unmap_outvec()
Dbackend_sfn.c47 if (!p_connection || !p_connection->service || in backend_messaging()
48 !p_connection->service->p_ldinf || in backend_messaging()
49 !p_connection->service->partition) { in backend_messaging()
53 p_target = p_connection->service->partition; in backend_messaging()
69 status = ((service_fn_t)p_connection->service->p_ldinf->sfn)(&p_connection->msg); in backend_messaging()
Dpsa_api.c203 const struct service_t *service; in tfm_spm_partition_psa_reply() local
219 service = handle->service; in tfm_spm_partition_psa_reply()
220 if (!service) { in tfm_spm_partition_psa_reply()
276 if (SERVICE_IS_STATELESS(service->p_ldinf->flags)) { in tfm_spm_partition_psa_reply()
Dspm.h82 const struct service_t *service; /* RoT service pointer */ member
242 const struct service_t *service,
266 int32_t tfm_spm_check_client_version(const struct service_t *service,
281 const struct service_t *service,
/trusted-firmware-m-3.7.0/interface/include/psa_manifest/
Dsid.h.template20 {% for service in partition.manifest.services %}
21 #define {{"%-58s"|format(service.name + "_SID")}} ({{"%10s"|format(service.sid)}}U)
22 #define {{"%-58s"|format(service.name + "_VERSION")}} ({{"%d"|format(service.version)}}U)
23 {% if service.connection_based == false %}
24 #define {{"%-58s"|format(service.name + "_HANDLE")}} ({{"%s"|format(service.stateless_handle_value)…
/trusted-firmware-m-3.7.0/tools/
Dtfm_parse_manifest_list.py153 for service in service_list:
155 service['connection_based'] = True
156 elif 'connection_based' not in service:
159 if 'version' not in service.keys():
160 service['version'] = 1
161 if 'version_policy' not in service.keys():
162 service['version_policy'] = 'STRICT'
165 if service['sid'] in sid_list:
166 raise Exception('Service ID: {} has duplications!'.format(service['sid']))
168 sid_list.append(service['sid'])
[all …]
/trusted-firmware-m-3.7.0/docs/security/security_advisories/
Dprofile_small_key_id_encoding_vulnerability.rst5 | Title | NSPE may access secure keys stored in TF-M Crypto service |
18 | Impact | In Profile Small, secure keys stored in Crypto service can |
32 When the Crypto key is stored into TF-M Crypto service, the key ID is not
34 Therefore, TF-M Crypto service is unable to distinguish or validate owners of
41 In TF-M v1.4.0, TF-M Crypto service by default relies on two mechanisms to
44 - TF-M Crypto service maintains a key handle array. When a key is stored in
45 Crypto service, the key ID and the key owner client ID are stored in the
46 array. When a caller requests to access a key, TF-M Crypto service validates
78 - ITS service doesn’t create or store its own key in Crypto service. It is not
81 - Crypto service key derivation may be impacted.
[all …]
/trusted-firmware-m-3.7.0/docs/platform/arm/musca_s1/
Dreadme.rst14 Platform pin service
17 This service is designed to perform secure pin services of the platform
19 The service uses the IOCTL API of TF-M's Platform Service, which allows the
20 non-secure application to make pin service requests on Musca S1 based on a
21 generic service request delivery mechanism.
/trusted-firmware-m-3.7.0/docs/integration_guide/services/
Dtfm_platform_integration_guide.rst8 TF-M Platform service is a trusted service which allows secure partitions and
22 The TF-M interfaces for the Platform service are located in
24 The TF-M Platform service source files are located in
28 TF-M Platform service
30 The Platform service interfaces and types are defined and documented in
34 to the platform service
37 when the secure partitions request an action to the Platform service
62 IOCTL service and HAL function:
72 the service in ``out_vec``.
79 The Platform Service provides an abstracted service for exposing the NV counters
[all …]
Dtfm_ps_integration_guide.rst8 TF-M Protected Storage (PS) service implements PSA Protected Storage APIs.
10 The service is usually backed by hardware isolation of the flash
15 The PS service implements an AES-GCM based AEAD encryption policy, as a
19 Internal Trusted Storage service to store encrypted, authenticated
32 content of the protected storage is changed maliciously, the service is able
68 - **PSA internal trusted storage API** - In the current design, the service does
93 Protected storage service code is located in
100 The PSA PS interfaces for PS service are located in ``interface/include/psa``
105 The PS service exposes the following mandatory PSA PS interfaces, version 1.0:
125 handles all requests which arrive to the service. This layer extracts the
[all …]
Dtfm_crypto_integration_guide.rst10 The TF-M Crypto service allows Non Secure world applications and Secure
19 The secure service resides in the Crypto partition as a single entry point and
39 the service *backend* to provide the actual implementation of the crypto
49 :ref:`TF-M Internal Trusted Storage (ITS) service <its-introduction-label>`,
55 The PSA interfaces for the Crypto service are located in ``interface/include``.
57 the PSA API is ``psa/crypto.h``. The TF-M Crypto service source files are
62 The TF-M Crypto service exposes the PSA interfaces detailed in the header
83 - ``crypto_init.c`` : Init module for the service. The modules stores also the
94 secure memory not visible outside of the crypto service. The
103 API symbols exported by the TF-M Crypto service. The renaming adds a default
[all …]
/trusted-firmware-m-3.7.0/docs/design_docs/services/
Dstateless_rot_service.rst32 The index, stateless indicator, and service version information are encoded into
48 - service version requested by client - for client version check
61 locating a stateless service in SPM logic. A range of index [0, 31] is the
69 ``sid.h`` contains service ID and version. The tooling is extended to generate
90 support the stateless service.
116 ``psa_manifest/sid.h`` when requesting a stateless service.
117 2. This API validates stateless handle, decodes index and service version
118 information from it. SPM uses the index to know which stateless service is
121 authorization check, service and client version check, and handle space
133 According to FF-M v1.1, stateless service calling this API on a message is a
[all …]
Dsecure_partition_manager.rst19 The service access process of FF-M:
26 FF-M service access process
29 functionalities in `SPE`, and `Client` is the user of the `Service`. A service
38 Each service exposes its `Service ID` (`SID`) and `Handle` for client access
57 concept of TF-M SPM surrounds the FF-M defined service management and access
69 converts the service accessing info from the `Client API` call into messages
70 and assert a signal to the partition. The partition calls corresponded service
71 function indicated by the signal and its bound message, and reply service
76 - It provides a mechanism for handling multiple service access. There is no
79 the service access is implemented in a function-call based mechanism. This
[all …]
Dtfm_crypto_design.rst14 (in short, TF-M Crypto service).
19 The TF-M Crypto service provides an implementation of the PSA Certified Crypto
25 The service can be requested by other services running in the SPE, or by
34 The TF-M Crypto service is implemented by a number of different firmware
48 …| | service as a cryptographic `backend` library which provides | co…
53 …| Init module | This module handles the initialisation of the service objects | ``…
54 …| | during TF-M boot and provides the infrastructure to service | …
69 …| | used by the service itself to match the context to the actual | …
90 …| Manifest | The manifest file is a description of the service components. | ``…
93 …| | build the service as part of the Secure FW build. The service | ``…
[all …]
Dtfm_uniform_secure_service_signature.rst10 Declaring secure service interface
13 The following alternative secure service signature is proposed as an
25 secure service can provide, reserving a range for framework error codes.
31 secure service. There are multiple advantages of this method:
40 secure service's manifest)
60 secure service veneers would not apply to secure services using the uniform
90 The number of vectors that can be passed to a secure service is constrained:
/trusted-firmware-m-3.7.0/docs/platform/arm/musca_b1/
Dreadme.rst19 Platform pin service
22 This service is designed to perform secure pin services of the platform
24 The service uses the IOCTL API of TF-M's Platform Service, which allows the
25 non-secure application to make pin service requests on Musca B1 based on a
26 generic service request delivery mechanism.
/trusted-firmware-m-3.7.0/tools/templates/
Dmanifestfilename.template26 {% for service in manifest.services %}
28 psa_status_t {{service.name|lower}}_sfn(const psa_msg_t* msg);
30 #define {{"%-55s"|format(service.name + "_SIGNAL")}} ({{"0x%x"|format(service.signal_value)}})
Dpartition_load_info.template97 /* Partition load, deps, service load data. Put to a dedicated section. */
158 {% for service in manifest.services %}
160 .name_strid = STRING_PTR_TO_STRID("{{service.name}}"),
162 .sfn = ENTRY_TO_POSITION({{service.name|lower}}_sfn),
168 .signal = {{service.signal_value}},
170 .signal = {{service.name}}_SIGNAL,
174 .sid = {{service.sid}},
176 {% if service.non_secure_clients is sameas true %}
179 {% if service.connection_based is sameas false %}
180 … | SERVICE_FLAG_STATELESS | 0x{{"%x"|format(service.stateless_handle_index)}}
[all …]
/trusted-firmware-m-3.7.0/secure_fw/partitions/crypto/
Ddir_crypto.dox13 \brief Source code for the Crypto service.
14 \details The Crypto service captures cryptography functionality.
/trusted-firmware-m-3.7.0/secure_fw/partitions/platform/
Ddir_platform.dox13 \brief Source code for the Platform service.
14 \details The Platform service captures target platform specific functionality.
/trusted-firmware-m-3.7.0/secure_fw/partitions/initial_attestation/
Ddir_initial_attestation.dox13 \brief Source code for the initial Attestation service.
14 \details The initial Attestation service implements initial attestation
/trusted-firmware-m-3.7.0/secure_fw/partitions/protected_storage/
Ddir_protected_storage.dox13 \brief Source code for the Protected Storage service.
14 \details The protected storage service is responsible to hold sensitive

12345