1 /*
2  * Copyright (c) 2023 EPAM Systems
3  *
4  * SPDX-License-Identifier: Apache-2.0
5  */
6 
7 /**
8  * @file drivers/tee.h
9  *
10  * @brief Public APIs for the tee driver.
11  */
12 
13 /*
14  * Copyright (c) 2015-2016, Linaro Limited
15  * All rights reserved.
16  *
17  * Redistribution and use in source and binary forms, with or without
18  * modification, are permitted provided that the following conditions are met:
19  *
20  * 1. Redistributions of source code must retain the above copyright notice,
21  * this list of conditions and the following disclaimer.
22  *
23  * 2. Redistributions in binary form must reproduce the above copyright notice,
24  * this list of conditions and the following disclaimer in the documentation
25  * and/or other materials provided with the distribution.
26  *
27  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
28  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
29  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
30  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
31  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
32  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
33  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
34  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
35  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
36  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
37  * POSSIBILITY OF SUCH DAMAGE.
38  */
39 #ifndef ZEPHYR_INCLUDE_DRIVERS_TEE_H_
40 #define ZEPHYR_INCLUDE_DRIVERS_TEE_H_
41 
42 #include <zephyr/device.h>
43 #include <zephyr/kernel.h>
44 #include <zephyr/sys/util.h>
45 
46 /**
47  * @brief Trusted Execution Environment Interface
48  * @defgroup tee_interface TEE Interface
49  * @ingroup io_interfaces
50  * @{
51  *
52  * The generic interface to work with Trusted Execution Environment (TEE).
53  * TEE is Trusted OS, running in the Secure Space, such as TrustZone in ARM cpus.
54  * It also can be presented as the separate secure co-processors. It allows system
55  * to implement logic, separated from the Normal World.
56  *
57  * Using TEE syscalls:
58  * - tee_get_version() to get current TEE capabilities
59  * - tee_open_session() to open new session to the TA
60  * - tee_close_session() to close session to the TA
61  * - tee_cancel() to cancel session or invoke function
62  * - tee_invoke_func() to invoke function to the TA
63  * - tee_shm_register() to register shared memory region
64  * - tee_shm_unregister() to unregister shared memory region
65  * - tee_shm_alloc() to allocate shared memory region
66  * - tee_shm_free() to free shared memory region
67  */
68 
69 #ifdef __cplusplus
70 extern "C" {
71 #endif
72 #define TEE_UUID_LEN 16
73 
74 #define TEE_GEN_CAP_GP		BIT(0) /* GlobalPlatform compliant TEE */
75 #define TEE_GEN_CAP_PRIVILEGED	BIT(1) /* Privileged device (for supplicant) */
76 #define TEE_GEN_CAP_REG_MEM	BIT(2) /* Supports registering shared memory */
77 #define TEE_GEN_CAP_MEMREF_NULL BIT(3) /* Support NULL MemRef */
78 
79 #define TEE_SHM_REGISTER	BIT(0)
80 #define TEE_SHM_ALLOC		BIT(1)
81 
82 #define TEE_PARAM_ATTR_TYPE_NONE		0 /* parameter not used */
83 #define TEE_PARAM_ATTR_TYPE_VALUE_INPUT		1
84 #define TEE_PARAM_ATTR_TYPE_VALUE_OUTPUT	2
85 #define TEE_PARAM_ATTR_TYPE_VALUE_INOUT		3 /* input and output */
86 #define TEE_PARAM_ATTR_TYPE_MEMREF_INPUT	5
87 #define TEE_PARAM_ATTR_TYPE_MEMREF_OUTPUT	6
88 #define TEE_PARAM_ATTR_TYPE_MEMREF_INOUT	7 /* input and output */
89 #define TEE_PARAM_ATTR_TYPE_MASK		0xff
90 #define TEE_PARAM_ATTR_META			0x100
91 #define TEE_PARAM_ATTR_MASK			(TEE_PARAM_ATTR_TYPE_MASK | TEE_PARAM_ATTR_META)
92 
93 /**
94  * @brief Function error origins, of type TEEC_ErrorOrigin. These indicate where in
95  * the software stack a particular return value originates from.
96  *
97  * TEEC_ORIGIN_API         The error originated within the TEE Client API
98  *                         implementation.
99  * TEEC_ORIGIN_COMMS       The error originated within the underlying
100  *                         communications stack linking the rich OS with
101  *                         the TEE.
102  * TEEC_ORIGIN_TEE         The error originated within the common TEE code.
103  * TEEC_ORIGIN_TRUSTED_APP The error originated within the Trusted Application
104  *                         code.
105  */
106 #define TEEC_ORIGIN_API		0x00000001
107 #define TEEC_ORIGIN_COMMS	0x00000002
108 #define TEEC_ORIGIN_TEE		0x00000003
109 #define TEEC_ORIGIN_TRUSTED_APP 0x00000004
110 
111 /**
112  * Return values. Type is TEEC_Result
113  *
114  * TEEC_SUCCESS                 The operation was successful.
115  * TEEC_ERROR_GENERIC           Non-specific cause.
116  * TEEC_ERROR_ACCESS_DENIED     Access privileges are not sufficient.
117  * TEEC_ERROR_CANCEL            The operation was canceled.
118  * TEEC_ERROR_ACCESS_CONFLICT   Concurrent accesses caused conflict.
119  * TEEC_ERROR_EXCESS_DATA       Too much data for the requested operation was
120  *                              passed.
121  * TEEC_ERROR_BAD_FORMAT        Input data was of invalid format.
122  * TEEC_ERROR_BAD_PARAMETERS    Input parameters were invalid.
123  * TEEC_ERROR_BAD_STATE         Operation is not valid in the current state.
124  * TEEC_ERROR_ITEM_NOT_FOUND    The requested data item is not found.
125  * TEEC_ERROR_NOT_IMPLEMENTED   The requested operation should exist but is not
126  *                              yet implemented.
127  * TEEC_ERROR_NOT_SUPPORTED     The requested operation is valid but is not
128  *                              supported in this implementation.
129  * TEEC_ERROR_NO_DATA           Expected data was missing.
130  * TEEC_ERROR_OUT_OF_MEMORY     System ran out of resources.
131  * TEEC_ERROR_BUSY              The system is busy working on something else.
132  * TEEC_ERROR_COMMUNICATION     Communication with a remote party failed.
133  * TEEC_ERROR_SECURITY          A security fault was detected.
134  * TEEC_ERROR_SHORT_BUFFER      The supplied buffer is too short for the
135  *                              generated output.
136  * TEEC_ERROR_TARGET_DEAD       Trusted Application has panicked
137  *                              during the operation.
138  */
139 
140 /**
141  *  Standard defined error codes.
142  */
143 #define TEEC_SUCCESS				0x00000000
144 #define TEEC_ERROR_STORAGE_NOT_AVAILABLE	0xF0100003
145 #define TEEC_ERROR_GENERIC			0xFFFF0000
146 #define TEEC_ERROR_ACCESS_DENIED		0xFFFF0001
147 #define TEEC_ERROR_CANCEL			0xFFFF0002
148 #define TEEC_ERROR_ACCESS_CONFLICT		0xFFFF0003
149 #define TEEC_ERROR_EXCESS_DATA			0xFFFF0004
150 #define TEEC_ERROR_BAD_FORMAT			0xFFFF0005
151 #define TEEC_ERROR_BAD_PARAMETERS		0xFFFF0006
152 #define TEEC_ERROR_BAD_STATE			0xFFFF0007
153 #define TEEC_ERROR_ITEM_NOT_FOUND		0xFFFF0008
154 #define TEEC_ERROR_NOT_IMPLEMENTED		0xFFFF0009
155 #define TEEC_ERROR_NOT_SUPPORTED		0xFFFF000A
156 #define TEEC_ERROR_NO_DATA			0xFFFF000B
157 #define TEEC_ERROR_OUT_OF_MEMORY		0xFFFF000C
158 #define TEEC_ERROR_BUSY				0xFFFF000D
159 #define TEEC_ERROR_COMMUNICATION		0xFFFF000E
160 #define TEEC_ERROR_SECURITY			0xFFFF000F
161 #define TEEC_ERROR_SHORT_BUFFER			0xFFFF0010
162 #define TEEC_ERROR_EXTERNAL_CANCEL		0xFFFF0011
163 #define TEEC_ERROR_TARGET_DEAD			0xFFFF3024
164 #define TEEC_ERROR_STORAGE_NO_SPACE		0xFFFF3041
165 
166 /**
167  * Session login methods, for use in tee_open_session() as parameter
168  * connectionMethod. Type is uint32_t.
169  *
170  * TEEC_LOGIN_PUBLIC            No login data is provided.
171  * TEEC_LOGIN_USER              Login data about the user running the Client
172  *                              Application process is provided.
173  * TEEC_LOGIN_GROUP             Login data about the group running the Client
174  *                              Application process is provided.
175  * TEEC_LOGIN_APPLICATION       Login data about the running Client Application
176  *                              itself is provided.
177  * TEEC_LOGIN_USER_APPLICATION  Login data about the user and the running
178  *                              Client Application itself is provided.
179  * TEEC_LOGIN_GROUP_APPLICATION Login data about the group and the running
180  *                              Client Application itself is provided.
181  */
182 #define TEEC_LOGIN_PUBLIC		0x00000000
183 #define TEEC_LOGIN_USER			0x00000001
184 #define TEEC_LOGIN_GROUP		0x00000002
185 #define TEEC_LOGIN_APPLICATION		0x00000004
186 #define TEEC_LOGIN_USER_APPLICATION	0x00000005
187 #define TEEC_LOGIN_GROUP_APPLICATION	0x00000006
188 
189 /**
190  * @brief TEE version
191  *
192  * Identifies the TEE implementation,@ref impl_id is one of TEE_IMPL_ID_* above.
193  * @ref impl_caps is implementation specific, for example TEE_OPTEE_CAP_*
194  * is valid when @ref impl_id == TEE_IMPL_ID_OPTEE.
195  */
196 struct tee_version_info {
197 	uint32_t impl_id; /**< [out] TEE implementation id */
198 	uint32_t impl_caps; /**< [out] implementation specific capabilities */
199 	uint32_t gen_caps;  /**< Generic capabilities, defined by TEE_GEN_CAPS_* above */
200 };
201 
202  /**
203   * @brief - Open session argument
204   */
205 struct tee_open_session_arg {
206 	uint8_t uuid[TEE_UUID_LEN]; /**< [in] UUID of the Trusted Application */
207 	uint8_t clnt_uuid[TEE_UUID_LEN]; /**< [in] UUID of client */
208 	uint32_t clnt_login; /**< login class of client, TEE_IOCTL_LOGIN_* above */
209 	uint32_t cancel_id; /**< [in] cancellation id, a unique value to identify this request */
210 	uint32_t session; /**< [out] session id */
211 	uint32_t ret; /**< [out] return value */
212 	uint32_t ret_origin; /**< [out] origin of the return value */
213 };
214 
215 /**
216  * @brief Tee parameter
217  *
218  * @ref attr & TEE_PARAM_ATTR_TYPE_MASK indicates if memref or value is used in
219  * the union. TEE_PARAM_ATTR_TYPE_VALUE_* indicates value and
220  * TEE_PARAM_ATTR_TYPE_MEMREF_* indicates memref. TEE_PARAM_ATTR_TYPE_NONE
221  * indicates that none of the members are used.
222  *
223  * Shared memory is allocated with TEE_IOC_SHM_ALLOC which returns an
224  * identifier representing the shared memory object. A memref can reference
225  * a part of a shared memory by specifying an offset (@ref a) and size (@ref b) of
226  * the object. To supply the entire shared memory object set the offset
227  * (@ref a) to 0 and size (@ref b) to the previously returned size of the object.
228  */
229 struct tee_param {
230 	uint64_t attr; /**< attributes */
231 	uint64_t a; /**< if a memref, offset into the shared memory object, else a value*/
232 	uint64_t b; /**< if a memref, size of the buffer, else a value parameter */
233 	uint64_t c; /**< if a memref, shared memory identifier, else a value parameter */
234 };
235 
236 /**
237  * @brief Invokes a function in a Trusted Application
238  */
239 struct tee_invoke_func_arg {
240 	uint32_t func;       /**< [in] Trusted Application function, specific to the TA */
241 	uint32_t session;    /**< [in] session id */
242 	uint32_t cancel_id;  /**< [in] cancellation id, a unique value to identify this request */
243 	uint32_t ret;        /**< [out] return value */
244 	uint32_t ret_origin; /**< [out] origin of the return value */
245 };
246 
247 /**
248  * @brief Tee shared memory structure
249  */
250 struct tee_shm {
251 	const struct device *dev; /**< [out] pointer to the device driver structure */
252 	void *addr;               /**< [out] shared buffer pointer */
253 	uint64_t size;            /**< [out] shared buffer size */
254 	uint32_t flags;           /**< [out] shared buffer flags */
255 };
256 
257 /**
258  * @typedef tee_get_version_t
259  *
260  * @brief Callback API to get current tee version
261  *
262  * See @a tee_version_get() for argument definitions.
263  */
264 typedef int (*tee_get_version_t)(const struct device *dev, struct tee_version_info *info);
265 
266 /**
267  * @typedef tee_open_session_t
268  *
269  * @brief Callback API to open session to Trusted Application
270  *
271  * See @a tee_open_session() for argument definitions.
272  */
273 typedef int (*tee_open_session_t)(const struct device *dev, struct tee_open_session_arg *arg,
274 				  unsigned int num_param, struct tee_param *param,
275 				  uint32_t *session_id);
276 /**
277  * @typedef tee_close_session_t
278  *
279  * @brief Callback API to close session to TA
280  *
281  * See @a tee_close_session() for argument definitions.
282  */
283 typedef int (*tee_close_session_t)(const struct device *dev, uint32_t session_id);
284 
285 /**
286  * @typedef tee_cancel_t
287  *
288  * @brief Callback API to cancel open session of invoke function to TA
289  *
290  * See @a tee_cancel() for argument definitions.
291  */
292 typedef int (*tee_cancel_t)(const struct device *dev, uint32_t session_id, uint32_t cancel_id);
293 
294 /**
295  * @typedef tee_invoke_func_t
296  *
297  * @brief Callback API to invoke function to TA
298  *
299  * See @a tee_invoke_func() for argument definitions.
300  */
301 typedef int (*tee_invoke_func_t)(const struct device *dev, struct tee_invoke_func_arg *arg,
302 				 unsigned int num_param, struct tee_param *param);
303 /**
304  * @typedef tee_shm_register_t
305  *
306  * @brief Callback API to register shared memory
307  *
308  * See @a tee_shm_register() for argument definitions.
309  */
310 typedef int (*tee_shm_register_t)(const struct device *dev, struct tee_shm *shm);
311 
312 /**
313  * @typedef tee_shm_unregister_t
314  *
315  * @brief Callback API to unregister shared memory
316  *
317  * See @a tee_shm_unregister() for argument definitions.
318  */
319 typedef int (*tee_shm_unregister_t)(const struct device *dev, struct tee_shm *shm);
320 
321 /**
322  * @typedef tee_suppl_recv_t
323  *
324  * @brief Callback API to receive a request for TEE supplicant
325  *
326  * See @a tee_suppl_recv() for argument definitions.
327  */
328 typedef int (*tee_suppl_recv_t)(const struct device *dev, uint32_t *func, unsigned int *num_params,
329 				struct tee_param *param);
330 
331 /**
332  * @typedef tee_suppl_send_t
333  *
334  * @brief Callback API to send a request for TEE supplicant
335  *
336  * See @a tee_suppl_send() for argument definitions.
337  */
338 typedef int (*tee_suppl_send_t)(const struct device *dev, unsigned int ret, unsigned int num_params,
339 				struct tee_param *param);
340 
341 __subsystem struct tee_driver_api {
342 	tee_get_version_t get_version;
343 	tee_open_session_t open_session;
344 	tee_close_session_t close_session;
345 	tee_cancel_t cancel;
346 	tee_invoke_func_t invoke_func;
347 	tee_shm_register_t shm_register;
348 	tee_shm_unregister_t shm_unregister;
349 	tee_suppl_recv_t suppl_recv;
350 	tee_suppl_send_t suppl_send;
351 };
352 
353 /**
354  * @brief Get the current TEE version info
355  *
356  * Returns info as tee version info which includes capabilities description
357  *
358  * @param dev TEE device
359  * @param info Structure to return the capabilities
360  *
361  * @retval -ENOSYS If callback was not implemented
362  *
363  * @retval 0       On success, negative on error
364  */
365 __syscall int tee_get_version(const struct device *dev, struct tee_version_info *info);
366 
z_impl_tee_get_version(const struct device * dev,struct tee_version_info * info)367 static inline int z_impl_tee_get_version(const struct device *dev, struct tee_version_info *info)
368 {
369 	const struct tee_driver_api *api = (const struct tee_driver_api *)dev->api;
370 
371 	if (!api->get_version) {
372 		return -ENOSYS;
373 	}
374 
375 	return api->get_version(dev, info);
376 }
377 
378 /**
379  * @brief Open session for Trusted Environment
380  *
381  * Opens the new session to the Trusted Environment
382  *
383  * @param dev TEE device
384  * @param arg Structure with the session arguments
385  * @param num_param Number of the additional params to be passed
386  * @param param List of the params to pass to open_session call
387  * @param session_id Returns id of the created session
388  *
389  * @retval -ENOSYS If callback was not implemented
390  *
391  * @retval 0       On success, negative on error
392  */
393 __syscall int tee_open_session(const struct device *dev, struct tee_open_session_arg *arg,
394 			       unsigned int num_param, struct tee_param *param,
395 			       uint32_t *session_id);
396 
z_impl_tee_open_session(const struct device * dev,struct tee_open_session_arg * arg,unsigned int num_param,struct tee_param * param,uint32_t * session_id)397 static inline int z_impl_tee_open_session(const struct device *dev,
398 					  struct tee_open_session_arg *arg,
399 					  unsigned int num_param, struct tee_param *param,
400 					  uint32_t *session_id)
401 {
402 	const struct tee_driver_api *api = (const struct tee_driver_api *)dev->api;
403 
404 	if (!api->open_session) {
405 		return -ENOSYS;
406 	}
407 
408 	return api->open_session(dev, arg, num_param, param, session_id);
409 }
410 
411 /**
412  * @brief Close session for Trusted Environment
413  *
414  * Closes session to the Trusted Environment
415  *
416  * @param dev TEE device
417  * @param session_id session to close
418  *
419  * @retval -ENOSYS If callback was not implemented
420  *
421  * @retval 0       On success, negative on error
422  */
423 __syscall int tee_close_session(const struct device *dev, uint32_t session_id);
424 
z_impl_tee_close_session(const struct device * dev,uint32_t session_id)425 static inline int z_impl_tee_close_session(const struct device *dev, uint32_t session_id)
426 {
427 	const struct tee_driver_api *api = (const struct tee_driver_api *)dev->api;
428 
429 	if (!api->close_session) {
430 		return -ENOSYS;
431 	}
432 
433 	return api->close_session(dev, session_id);
434 }
435 
436 /**
437  * @brief Cancel session or invoke function for Trusted Environment
438  *
439  * Cancels session or invoke function for TA
440  *
441  * @param dev TEE device
442  * @param session_id session to close
443  * @param cancel_id cancel reason
444  *
445  * @retval -ENOSYS If callback was not implemented
446  *
447  * @retval 0       On success, negative on error
448  */
449 __syscall int tee_cancel(const struct device *dev, uint32_t session_id, uint32_t cancel_id);
450 
z_impl_tee_cancel(const struct device * dev,uint32_t session_id,uint32_t cancel_id)451 static inline int z_impl_tee_cancel(const struct device *dev, uint32_t session_id,
452 				    uint32_t cancel_id)
453 {
454 	const struct tee_driver_api *api = (const struct tee_driver_api *)dev->api;
455 
456 	if (!api->cancel) {
457 		return -ENOSYS;
458 	}
459 
460 	return api->cancel(dev, session_id, cancel_id);
461 }
462 
463 /**
464  * @brief Invoke function for Trusted Environment Application
465  *
466  * Invokes function to the TA
467  *
468  * @param dev TEE device
469  * @param arg Structure with the invoke function arguments
470  * @param num_param Number of the additional params to be passed
471  * @param param List of the params to pass to open_session call
472  *
473  * @retval -ENOSYS If callback was not implemented
474  *
475  * @retval 0       On success, negative on error
476  */
477 __syscall int tee_invoke_func(const struct device *dev, struct tee_invoke_func_arg *arg,
478 			      unsigned int num_param, struct tee_param *param);
479 
z_impl_tee_invoke_func(const struct device * dev,struct tee_invoke_func_arg * arg,unsigned int num_param,struct tee_param * param)480 static inline int z_impl_tee_invoke_func(const struct device *dev, struct tee_invoke_func_arg *arg,
481 					 unsigned int num_param, struct tee_param *param)
482 {
483 	const struct tee_driver_api *api = (const struct tee_driver_api *)dev->api;
484 
485 	if (!api->invoke_func) {
486 		return -ENOSYS;
487 	}
488 
489 	return api->invoke_func(dev, arg, num_param, param);
490 }
491 
492 /**
493  * @brief Helper function to allocate and register shared memory
494  *
495  * Allocates and registers shared memory for TEE
496  *
497  * @param dev TEE device
498  * @param addr Address of the shared memory
499  * @param align Region alignment
500  * @param size Size of the shared memory region
501  * @param flags Flags to set registering parameters
502  * @param shmp Return shared memory structure
503  *
504  * @retval 0       On success, negative on error
505  */
506 int tee_add_shm(const struct device *dev, void *addr, size_t align, size_t size, uint32_t flags,
507 		struct tee_shm **shmp);
508 
509 /**
510  * @brief Helper function to remove and unregister shared memory
511  *
512  * Removes and unregisters shared memory for TEE
513  *
514  * @param dev TEE device
515  * @param shm Pointer to tee_shm structure
516  *
517  * @retval 0       On success, negative on error
518  */
519 int tee_rm_shm(const struct device *dev, struct tee_shm *shm);
520 
521 /**
522  * @brief Register shared memory for Trusted Environment
523  *
524  * Registers shared memory for TEE
525  *
526  * @param dev TEE device
527  * @param addr Address of the shared memory
528  * @param size Size of the shared memory region
529  * @param flags Flags to set registering parameters
530  * @param shm Return shared memory structure
531  *
532  * @retval -ENOSYS If callback was not implemented
533  *
534  * @retval 0       On success, negative on error
535  */
536 __syscall int tee_shm_register(const struct device *dev, void *addr, size_t size,
537 			       uint32_t flags, struct tee_shm **shm);
538 
z_impl_tee_shm_register(const struct device * dev,void * addr,size_t size,uint32_t flags,struct tee_shm ** shm)539 static inline int z_impl_tee_shm_register(const struct device *dev, void *addr, size_t size,
540 					  uint32_t flags, struct tee_shm **shm)
541 {
542 	flags &= ~TEE_SHM_ALLOC;
543 	return tee_add_shm(dev, addr, 0, size, flags | TEE_SHM_REGISTER, shm);
544 }
545 
546 /**
547  * @brief Unregister shared memory for Trusted Environment
548  *
549  * Unregisters shared memory for TEE
550  *
551  * @param dev TEE device
552  * @param shm Shared memory structure
553  *
554  * @retval -ENOSYS If callback was not implemented
555  *
556  * @retval 0       On success, negative on error
557  */
558 __syscall int tee_shm_unregister(const struct device *dev, struct tee_shm *shm);
559 
z_impl_tee_shm_unregister(const struct device * dev,struct tee_shm * shm)560 static inline int z_impl_tee_shm_unregister(const struct device *dev, struct tee_shm *shm)
561 {
562 	return tee_rm_shm(dev, shm);
563 }
564 
565 /**
566  * @brief Allocate shared memory region for Trusted Environment
567  *
568  * Allocate shared memory for TEE
569  *
570  * @param dev TEE device
571  * @param size Region size
572  * @param flags to allocate region
573  * @param shm Return shared memory structure
574  *
575  * @retval -ENOSYS If callback was not implemented
576  *
577  * @retval 0       On success, negative on error
578  */
579 __syscall int tee_shm_alloc(const struct device *dev, size_t size, uint32_t flags,
580 			    struct tee_shm **shm);
581 
z_impl_tee_shm_alloc(const struct device * dev,size_t size,uint32_t flags,struct tee_shm ** shm)582 static inline int z_impl_tee_shm_alloc(const struct device *dev, size_t size, uint32_t flags,
583 				       struct tee_shm **shm)
584 {
585 	return tee_add_shm(dev, NULL, 0, size, flags | TEE_SHM_ALLOC | TEE_SHM_REGISTER, shm);
586 }
587 
588 /**
589  * @brief Free shared memory region for Trusted Environment
590  *
591  * Frees shared memory for TEE
592  *
593  * @param dev TEE device
594  * @param shm Shared memory structure
595  *
596  * @retval -ENOSYS If callback was not implemented
597  *
598  * @retval 0       On success, negative on error
599  */
600 __syscall int tee_shm_free(const struct device *dev, struct tee_shm *shm);
601 
z_impl_tee_shm_free(const struct device * dev,struct tee_shm * shm)602 static inline int z_impl_tee_shm_free(const struct device *dev, struct tee_shm *shm)
603 {
604 	return tee_rm_shm(dev, shm);
605 }
606 
607 /**
608  * @brief Receive a request for TEE Supplicant
609  *
610  * @param dev TEE device
611  * @param func Supplicant function
612  * @param num_params Number of parameters to be passed
613  * @param param List of the params for send/receive
614  *
615  * @retval -ENOSYS If callback was not implemented
616  *
617  * @retval 0       On success, negative on error
618  */
619 __syscall int tee_suppl_recv(const struct device *dev, uint32_t *func, unsigned int *num_params,
620 			     struct tee_param *param);
621 
z_impl_tee_suppl_recv(const struct device * dev,uint32_t * func,unsigned int * num_params,struct tee_param * param)622 static inline int z_impl_tee_suppl_recv(const struct device *dev, uint32_t *func,
623 					unsigned int *num_params, struct tee_param *param)
624 {
625 	const struct tee_driver_api *api = (const struct tee_driver_api *)dev->api;
626 
627 	if (!api->suppl_recv) {
628 		return -ENOSYS;
629 	}
630 
631 	return api->suppl_recv(dev, func, num_params, param);
632 }
633 
634 /**
635  * @brief Send a request for TEE Supplicant function
636  *
637  * @param dev TEE device
638  * @param ret supplicant return code
639  * @param num_params Number of parameters to be passed
640  * @param param List of the params for send/receive
641  *
642  * @retval -ENOSYS If callback was not implemented
643  * @retval         Return value for sent request
644  *
645  * @retval 0       On success, negative on error
646  */
647 __syscall int tee_suppl_send(const struct device *dev, unsigned int ret, unsigned int num_params,
648 			     struct tee_param *param);
649 
z_impl_tee_suppl_send(const struct device * dev,unsigned int ret,unsigned int num_params,struct tee_param * param)650 static inline int z_impl_tee_suppl_send(const struct device *dev, unsigned int ret,
651 					unsigned int num_params, struct tee_param *param)
652 {
653 	const struct tee_driver_api *api = (const struct tee_driver_api *)dev->api;
654 
655 	if (!api->suppl_send) {
656 		return -ENOSYS;
657 	}
658 
659 	return api->suppl_send(dev, ret, num_params, param);
660 }
661 
662 #ifdef __cplusplus
663 }
664 #endif
665 
666 /**
667  * @}
668  */
669 
670 #include <zephyr/syscalls/tee.h>
671 
672 #endif /* ZEPHYR_INCLUDE_DRIVERS_TEE_H_ */
673