1 /*
2 * Copyright (c) 2023 EPAM Systems
3 *
4 * SPDX-License-Identifier: Apache-2.0
5 */
6
7 /**
8 * @file drivers/tee.h
9 *
10 * @brief Public APIs for the tee driver.
11 */
12
13 /*
14 * Copyright (c) 2015-2016, Linaro Limited
15 * All rights reserved.
16 *
17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions are met:
19 *
20 * 1. Redistributions of source code must retain the above copyright notice,
21 * this list of conditions and the following disclaimer.
22 *
23 * 2. Redistributions in binary form must reproduce the above copyright notice,
24 * this list of conditions and the following disclaimer in the documentation
25 * and/or other materials provided with the distribution.
26 *
27 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
28 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
29 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
30 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
31 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
32 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
33 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
34 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
35 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
36 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
37 * POSSIBILITY OF SUCH DAMAGE.
38 */
39 #ifndef ZEPHYR_INCLUDE_DRIVERS_TEE_H_
40 #define ZEPHYR_INCLUDE_DRIVERS_TEE_H_
41
42 #include <zephyr/device.h>
43 #include <zephyr/kernel.h>
44 #include <zephyr/sys/util.h>
45
46 /**
47 * @brief Trusted Execution Environment Interface
48 * @defgroup tee_interface TEE Interface
49 * @ingroup io_interfaces
50 * @{
51 *
52 * The generic interface to work with Trusted Execution Environment (TEE).
53 * TEE is Trusted OS, running in the Secure Space, such as TrustZone in ARM cpus.
54 * It also can be presented as the separate secure co-processors. It allows system
55 * to implement logic, separated from the Normal World.
56 *
57 * Using TEE syscalls:
58 * - tee_get_version() to get current TEE capabilities
59 * - tee_open_session() to open new session to the TA
60 * - tee_close_session() to close session to the TA
61 * - tee_cancel() to cancel session or invoke function
62 * - tee_invoke_func() to invoke function to the TA
63 * - tee_shm_register() to register shared memory region
64 * - tee_shm_unregister() to unregister shared memory region
65 * - tee_shm_alloc() to allocate shared memory region
66 * - tee_shm_free() to free shared memory region
67 */
68
69 #ifdef __cplusplus
70 extern "C" {
71 #endif
72 #define TEE_UUID_LEN 16
73
74 #define TEE_GEN_CAP_GP BIT(0) /* GlobalPlatform compliant TEE */
75 #define TEE_GEN_CAP_PRIVILEGED BIT(1) /* Privileged device (for supplicant) */
76 #define TEE_GEN_CAP_REG_MEM BIT(2) /* Supports registering shared memory */
77 #define TEE_GEN_CAP_MEMREF_NULL BIT(3) /* Support NULL MemRef */
78
79 #define TEE_SHM_REGISTER BIT(0)
80 #define TEE_SHM_ALLOC BIT(1)
81
82 #define TEE_PARAM_ATTR_TYPE_NONE 0 /* parameter not used */
83 #define TEE_PARAM_ATTR_TYPE_VALUE_INPUT 1
84 #define TEE_PARAM_ATTR_TYPE_VALUE_OUTPUT 2
85 #define TEE_PARAM_ATTR_TYPE_VALUE_INOUT 3 /* input and output */
86 #define TEE_PARAM_ATTR_TYPE_MEMREF_INPUT 5
87 #define TEE_PARAM_ATTR_TYPE_MEMREF_OUTPUT 6
88 #define TEE_PARAM_ATTR_TYPE_MEMREF_INOUT 7 /* input and output */
89 #define TEE_PARAM_ATTR_TYPE_MASK 0xff
90 #define TEE_PARAM_ATTR_META 0x100
91 #define TEE_PARAM_ATTR_MASK (TEE_PARAM_ATTR_TYPE_MASK | TEE_PARAM_ATTR_META)
92
93 /**
94 * @brief Function error origins, of type TEEC_ErrorOrigin. These indicate where in
95 * the software stack a particular return value originates from.
96 *
97 * TEEC_ORIGIN_API The error originated within the TEE Client API
98 * implementation.
99 * TEEC_ORIGIN_COMMS The error originated within the underlying
100 * communications stack linking the rich OS with
101 * the TEE.
102 * TEEC_ORIGIN_TEE The error originated within the common TEE code.
103 * TEEC_ORIGIN_TRUSTED_APP The error originated within the Trusted Application
104 * code.
105 */
106 #define TEEC_ORIGIN_API 0x00000001
107 #define TEEC_ORIGIN_COMMS 0x00000002
108 #define TEEC_ORIGIN_TEE 0x00000003
109 #define TEEC_ORIGIN_TRUSTED_APP 0x00000004
110
111 /**
112 * Return values. Type is TEEC_Result
113 *
114 * TEEC_SUCCESS The operation was successful.
115 * TEEC_ERROR_GENERIC Non-specific cause.
116 * TEEC_ERROR_ACCESS_DENIED Access privileges are not sufficient.
117 * TEEC_ERROR_CANCEL The operation was canceled.
118 * TEEC_ERROR_ACCESS_CONFLICT Concurrent accesses caused conflict.
119 * TEEC_ERROR_EXCESS_DATA Too much data for the requested operation was
120 * passed.
121 * TEEC_ERROR_BAD_FORMAT Input data was of invalid format.
122 * TEEC_ERROR_BAD_PARAMETERS Input parameters were invalid.
123 * TEEC_ERROR_BAD_STATE Operation is not valid in the current state.
124 * TEEC_ERROR_ITEM_NOT_FOUND The requested data item is not found.
125 * TEEC_ERROR_NOT_IMPLEMENTED The requested operation should exist but is not
126 * yet implemented.
127 * TEEC_ERROR_NOT_SUPPORTED The requested operation is valid but is not
128 * supported in this implementation.
129 * TEEC_ERROR_NO_DATA Expected data was missing.
130 * TEEC_ERROR_OUT_OF_MEMORY System ran out of resources.
131 * TEEC_ERROR_BUSY The system is busy working on something else.
132 * TEEC_ERROR_COMMUNICATION Communication with a remote party failed.
133 * TEEC_ERROR_SECURITY A security fault was detected.
134 * TEEC_ERROR_SHORT_BUFFER The supplied buffer is too short for the
135 * generated output.
136 * TEEC_ERROR_TARGET_DEAD Trusted Application has panicked
137 * during the operation.
138 */
139
140 /**
141 * Standard defined error codes.
142 */
143 #define TEEC_SUCCESS 0x00000000
144 #define TEEC_ERROR_STORAGE_NOT_AVAILABLE 0xF0100003
145 #define TEEC_ERROR_GENERIC 0xFFFF0000
146 #define TEEC_ERROR_ACCESS_DENIED 0xFFFF0001
147 #define TEEC_ERROR_CANCEL 0xFFFF0002
148 #define TEEC_ERROR_ACCESS_CONFLICT 0xFFFF0003
149 #define TEEC_ERROR_EXCESS_DATA 0xFFFF0004
150 #define TEEC_ERROR_BAD_FORMAT 0xFFFF0005
151 #define TEEC_ERROR_BAD_PARAMETERS 0xFFFF0006
152 #define TEEC_ERROR_BAD_STATE 0xFFFF0007
153 #define TEEC_ERROR_ITEM_NOT_FOUND 0xFFFF0008
154 #define TEEC_ERROR_NOT_IMPLEMENTED 0xFFFF0009
155 #define TEEC_ERROR_NOT_SUPPORTED 0xFFFF000A
156 #define TEEC_ERROR_NO_DATA 0xFFFF000B
157 #define TEEC_ERROR_OUT_OF_MEMORY 0xFFFF000C
158 #define TEEC_ERROR_BUSY 0xFFFF000D
159 #define TEEC_ERROR_COMMUNICATION 0xFFFF000E
160 #define TEEC_ERROR_SECURITY 0xFFFF000F
161 #define TEEC_ERROR_SHORT_BUFFER 0xFFFF0010
162 #define TEEC_ERROR_EXTERNAL_CANCEL 0xFFFF0011
163 #define TEEC_ERROR_TARGET_DEAD 0xFFFF3024
164 #define TEEC_ERROR_STORAGE_NO_SPACE 0xFFFF3041
165
166 /**
167 * Session login methods, for use in tee_open_session() as parameter
168 * connectionMethod. Type is uint32_t.
169 *
170 * TEEC_LOGIN_PUBLIC No login data is provided.
171 * TEEC_LOGIN_USER Login data about the user running the Client
172 * Application process is provided.
173 * TEEC_LOGIN_GROUP Login data about the group running the Client
174 * Application process is provided.
175 * TEEC_LOGIN_APPLICATION Login data about the running Client Application
176 * itself is provided.
177 * TEEC_LOGIN_USER_APPLICATION Login data about the user and the running
178 * Client Application itself is provided.
179 * TEEC_LOGIN_GROUP_APPLICATION Login data about the group and the running
180 * Client Application itself is provided.
181 */
182 #define TEEC_LOGIN_PUBLIC 0x00000000
183 #define TEEC_LOGIN_USER 0x00000001
184 #define TEEC_LOGIN_GROUP 0x00000002
185 #define TEEC_LOGIN_APPLICATION 0x00000004
186 #define TEEC_LOGIN_USER_APPLICATION 0x00000005
187 #define TEEC_LOGIN_GROUP_APPLICATION 0x00000006
188
189 /**
190 * @brief TEE version
191 *
192 * Identifies the TEE implementation,@ref impl_id is one of TEE_IMPL_ID_* above.
193 * @ref impl_caps is implementation specific, for example TEE_OPTEE_CAP_*
194 * is valid when @ref impl_id == TEE_IMPL_ID_OPTEE.
195 */
196 struct tee_version_info {
197 uint32_t impl_id; /**< [out] TEE implementation id */
198 uint32_t impl_caps; /**< [out] implementation specific capabilities */
199 uint32_t gen_caps; /**< Generic capabilities, defined by TEE_GEN_CAPS_* above */
200 };
201
202 /**
203 * @brief - Open session argument
204 */
205 struct tee_open_session_arg {
206 uint8_t uuid[TEE_UUID_LEN]; /**< [in] UUID of the Trusted Application */
207 uint8_t clnt_uuid[TEE_UUID_LEN]; /**< [in] UUID of client */
208 uint32_t clnt_login; /**< login class of client, TEE_IOCTL_LOGIN_* above */
209 uint32_t cancel_id; /**< [in] cancellation id, a unique value to identify this request */
210 uint32_t session; /**< [out] session id */
211 uint32_t ret; /**< [out] return value */
212 uint32_t ret_origin; /**< [out] origin of the return value */
213 };
214
215 /**
216 * @brief Tee parameter
217 *
218 * @ref attr & TEE_PARAM_ATTR_TYPE_MASK indicates if memref or value is used in
219 * the union. TEE_PARAM_ATTR_TYPE_VALUE_* indicates value and
220 * TEE_PARAM_ATTR_TYPE_MEMREF_* indicates memref. TEE_PARAM_ATTR_TYPE_NONE
221 * indicates that none of the members are used.
222 *
223 * Shared memory is allocated with TEE_IOC_SHM_ALLOC which returns an
224 * identifier representing the shared memory object. A memref can reference
225 * a part of a shared memory by specifying an offset (@ref a) and size (@ref b) of
226 * the object. To supply the entire shared memory object set the offset
227 * (@ref a) to 0 and size (@ref b) to the previously returned size of the object.
228 */
229 struct tee_param {
230 uint64_t attr; /**< attributes */
231 uint64_t a; /**< if a memref, offset into the shared memory object, else a value*/
232 uint64_t b; /**< if a memref, size of the buffer, else a value parameter */
233 uint64_t c; /**< if a memref, shared memory identifier, else a value parameter */
234 };
235
236 /**
237 * @brief Invokes a function in a Trusted Application
238 */
239 struct tee_invoke_func_arg {
240 uint32_t func; /**< [in] Trusted Application function, specific to the TA */
241 uint32_t session; /**< [in] session id */
242 uint32_t cancel_id; /**< [in] cancellation id, a unique value to identify this request */
243 uint32_t ret; /**< [out] return value */
244 uint32_t ret_origin; /**< [out] origin of the return value */
245 };
246
247 /**
248 * @brief Tee shared memory structure
249 */
250 struct tee_shm {
251 const struct device *dev; /**< [out] pointer to the device driver structure */
252 void *addr; /**< [out] shared buffer pointer */
253 uint64_t size; /**< [out] shared buffer size */
254 uint32_t flags; /**< [out] shared buffer flags */
255 };
256
257 /**
258 * @typedef tee_get_version_t
259 *
260 * @brief Callback API to get current tee version
261 *
262 * See @a tee_version_get() for argument definitions.
263 */
264 typedef int (*tee_get_version_t)(const struct device *dev, struct tee_version_info *info);
265
266 /**
267 * @typedef tee_open_session_t
268 *
269 * @brief Callback API to open session to Trusted Application
270 *
271 * See @a tee_open_session() for argument definitions.
272 */
273 typedef int (*tee_open_session_t)(const struct device *dev, struct tee_open_session_arg *arg,
274 unsigned int num_param, struct tee_param *param,
275 uint32_t *session_id);
276 /**
277 * @typedef tee_close_session_t
278 *
279 * @brief Callback API to close session to TA
280 *
281 * See @a tee_close_session() for argument definitions.
282 */
283 typedef int (*tee_close_session_t)(const struct device *dev, uint32_t session_id);
284
285 /**
286 * @typedef tee_cancel_t
287 *
288 * @brief Callback API to cancel open session of invoke function to TA
289 *
290 * See @a tee_cancel() for argument definitions.
291 */
292 typedef int (*tee_cancel_t)(const struct device *dev, uint32_t session_id, uint32_t cancel_id);
293
294 /**
295 * @typedef tee_invoke_func_t
296 *
297 * @brief Callback API to invoke function to TA
298 *
299 * See @a tee_invoke_func() for argument definitions.
300 */
301 typedef int (*tee_invoke_func_t)(const struct device *dev, struct tee_invoke_func_arg *arg,
302 unsigned int num_param, struct tee_param *param);
303 /**
304 * @typedef tee_shm_register_t
305 *
306 * @brief Callback API to register shared memory
307 *
308 * See @a tee_shm_register() for argument definitions.
309 */
310 typedef int (*tee_shm_register_t)(const struct device *dev, struct tee_shm *shm);
311
312 /**
313 * @typedef tee_shm_unregister_t
314 *
315 * @brief Callback API to unregister shared memory
316 *
317 * See @a tee_shm_unregister() for argument definitions.
318 */
319 typedef int (*tee_shm_unregister_t)(const struct device *dev, struct tee_shm *shm);
320
321 /**
322 * @typedef tee_suppl_recv_t
323 *
324 * @brief Callback API to receive a request for TEE supplicant
325 *
326 * See @a tee_suppl_recv() for argument definitions.
327 */
328 typedef int (*tee_suppl_recv_t)(const struct device *dev, uint32_t *func, unsigned int *num_params,
329 struct tee_param *param);
330
331 /**
332 * @typedef tee_suppl_send_t
333 *
334 * @brief Callback API to send a request for TEE supplicant
335 *
336 * See @a tee_suppl_send() for argument definitions.
337 */
338 typedef int (*tee_suppl_send_t)(const struct device *dev, unsigned int ret, unsigned int num_params,
339 struct tee_param *param);
340
341 __subsystem struct tee_driver_api {
342 tee_get_version_t get_version;
343 tee_open_session_t open_session;
344 tee_close_session_t close_session;
345 tee_cancel_t cancel;
346 tee_invoke_func_t invoke_func;
347 tee_shm_register_t shm_register;
348 tee_shm_unregister_t shm_unregister;
349 tee_suppl_recv_t suppl_recv;
350 tee_suppl_send_t suppl_send;
351 };
352
353 /**
354 * @brief Get the current TEE version info
355 *
356 * Returns info as tee version info which includes capabilities description
357 *
358 * @param dev TEE device
359 * @param info Structure to return the capabilities
360 *
361 * @retval -ENOSYS If callback was not implemented
362 *
363 * @retval 0 On success, negative on error
364 */
365 __syscall int tee_get_version(const struct device *dev, struct tee_version_info *info);
366
z_impl_tee_get_version(const struct device * dev,struct tee_version_info * info)367 static inline int z_impl_tee_get_version(const struct device *dev, struct tee_version_info *info)
368 {
369 const struct tee_driver_api *api = (const struct tee_driver_api *)dev->api;
370
371 if (!api->get_version) {
372 return -ENOSYS;
373 }
374
375 return api->get_version(dev, info);
376 }
377
378 /**
379 * @brief Open session for Trusted Environment
380 *
381 * Opens the new session to the Trusted Environment
382 *
383 * @param dev TEE device
384 * @param arg Structure with the session arguments
385 * @param num_param Number of the additional params to be passed
386 * @param param List of the params to pass to open_session call
387 * @param session_id Returns id of the created session
388 *
389 * @retval -ENOSYS If callback was not implemented
390 *
391 * @retval 0 On success, negative on error
392 */
393 __syscall int tee_open_session(const struct device *dev, struct tee_open_session_arg *arg,
394 unsigned int num_param, struct tee_param *param,
395 uint32_t *session_id);
396
z_impl_tee_open_session(const struct device * dev,struct tee_open_session_arg * arg,unsigned int num_param,struct tee_param * param,uint32_t * session_id)397 static inline int z_impl_tee_open_session(const struct device *dev,
398 struct tee_open_session_arg *arg,
399 unsigned int num_param, struct tee_param *param,
400 uint32_t *session_id)
401 {
402 const struct tee_driver_api *api = (const struct tee_driver_api *)dev->api;
403
404 if (!api->open_session) {
405 return -ENOSYS;
406 }
407
408 return api->open_session(dev, arg, num_param, param, session_id);
409 }
410
411 /**
412 * @brief Close session for Trusted Environment
413 *
414 * Closes session to the Trusted Environment
415 *
416 * @param dev TEE device
417 * @param session_id session to close
418 *
419 * @retval -ENOSYS If callback was not implemented
420 *
421 * @retval 0 On success, negative on error
422 */
423 __syscall int tee_close_session(const struct device *dev, uint32_t session_id);
424
z_impl_tee_close_session(const struct device * dev,uint32_t session_id)425 static inline int z_impl_tee_close_session(const struct device *dev, uint32_t session_id)
426 {
427 const struct tee_driver_api *api = (const struct tee_driver_api *)dev->api;
428
429 if (!api->close_session) {
430 return -ENOSYS;
431 }
432
433 return api->close_session(dev, session_id);
434 }
435
436 /**
437 * @brief Cancel session or invoke function for Trusted Environment
438 *
439 * Cancels session or invoke function for TA
440 *
441 * @param dev TEE device
442 * @param session_id session to close
443 * @param cancel_id cancel reason
444 *
445 * @retval -ENOSYS If callback was not implemented
446 *
447 * @retval 0 On success, negative on error
448 */
449 __syscall int tee_cancel(const struct device *dev, uint32_t session_id, uint32_t cancel_id);
450
z_impl_tee_cancel(const struct device * dev,uint32_t session_id,uint32_t cancel_id)451 static inline int z_impl_tee_cancel(const struct device *dev, uint32_t session_id,
452 uint32_t cancel_id)
453 {
454 const struct tee_driver_api *api = (const struct tee_driver_api *)dev->api;
455
456 if (!api->cancel) {
457 return -ENOSYS;
458 }
459
460 return api->cancel(dev, session_id, cancel_id);
461 }
462
463 /**
464 * @brief Invoke function for Trusted Environment Application
465 *
466 * Invokes function to the TA
467 *
468 * @param dev TEE device
469 * @param arg Structure with the invoke function arguments
470 * @param num_param Number of the additional params to be passed
471 * @param param List of the params to pass to open_session call
472 *
473 * @retval -ENOSYS If callback was not implemented
474 *
475 * @retval 0 On success, negative on error
476 */
477 __syscall int tee_invoke_func(const struct device *dev, struct tee_invoke_func_arg *arg,
478 unsigned int num_param, struct tee_param *param);
479
z_impl_tee_invoke_func(const struct device * dev,struct tee_invoke_func_arg * arg,unsigned int num_param,struct tee_param * param)480 static inline int z_impl_tee_invoke_func(const struct device *dev, struct tee_invoke_func_arg *arg,
481 unsigned int num_param, struct tee_param *param)
482 {
483 const struct tee_driver_api *api = (const struct tee_driver_api *)dev->api;
484
485 if (!api->invoke_func) {
486 return -ENOSYS;
487 }
488
489 return api->invoke_func(dev, arg, num_param, param);
490 }
491
492 /**
493 * @brief Helper function to allocate and register shared memory
494 *
495 * Allocates and registers shared memory for TEE
496 *
497 * @param dev TEE device
498 * @param addr Address of the shared memory
499 * @param align Region alignment
500 * @param size Size of the shared memory region
501 * @param flags Flags to set registering parameters
502 * @param shmp Return shared memory structure
503 *
504 * @retval 0 On success, negative on error
505 */
506 int tee_add_shm(const struct device *dev, void *addr, size_t align, size_t size, uint32_t flags,
507 struct tee_shm **shmp);
508
509 /**
510 * @brief Helper function to remove and unregister shared memory
511 *
512 * Removes and unregisters shared memory for TEE
513 *
514 * @param dev TEE device
515 * @param shm Pointer to tee_shm structure
516 *
517 * @retval 0 On success, negative on error
518 */
519 int tee_rm_shm(const struct device *dev, struct tee_shm *shm);
520
521 /**
522 * @brief Register shared memory for Trusted Environment
523 *
524 * Registers shared memory for TEE
525 *
526 * @param dev TEE device
527 * @param addr Address of the shared memory
528 * @param size Size of the shared memory region
529 * @param flags Flags to set registering parameters
530 * @param shm Return shared memory structure
531 *
532 * @retval -ENOSYS If callback was not implemented
533 *
534 * @retval 0 On success, negative on error
535 */
536 __syscall int tee_shm_register(const struct device *dev, void *addr, size_t size,
537 uint32_t flags, struct tee_shm **shm);
538
z_impl_tee_shm_register(const struct device * dev,void * addr,size_t size,uint32_t flags,struct tee_shm ** shm)539 static inline int z_impl_tee_shm_register(const struct device *dev, void *addr, size_t size,
540 uint32_t flags, struct tee_shm **shm)
541 {
542 flags &= ~TEE_SHM_ALLOC;
543 return tee_add_shm(dev, addr, 0, size, flags | TEE_SHM_REGISTER, shm);
544 }
545
546 /**
547 * @brief Unregister shared memory for Trusted Environment
548 *
549 * Unregisters shared memory for TEE
550 *
551 * @param dev TEE device
552 * @param shm Shared memory structure
553 *
554 * @retval -ENOSYS If callback was not implemented
555 *
556 * @retval 0 On success, negative on error
557 */
558 __syscall int tee_shm_unregister(const struct device *dev, struct tee_shm *shm);
559
z_impl_tee_shm_unregister(const struct device * dev,struct tee_shm * shm)560 static inline int z_impl_tee_shm_unregister(const struct device *dev, struct tee_shm *shm)
561 {
562 return tee_rm_shm(dev, shm);
563 }
564
565 /**
566 * @brief Allocate shared memory region for Trusted Environment
567 *
568 * Allocate shared memory for TEE
569 *
570 * @param dev TEE device
571 * @param size Region size
572 * @param flags to allocate region
573 * @param shm Return shared memory structure
574 *
575 * @retval -ENOSYS If callback was not implemented
576 *
577 * @retval 0 On success, negative on error
578 */
579 __syscall int tee_shm_alloc(const struct device *dev, size_t size, uint32_t flags,
580 struct tee_shm **shm);
581
z_impl_tee_shm_alloc(const struct device * dev,size_t size,uint32_t flags,struct tee_shm ** shm)582 static inline int z_impl_tee_shm_alloc(const struct device *dev, size_t size, uint32_t flags,
583 struct tee_shm **shm)
584 {
585 return tee_add_shm(dev, NULL, 0, size, flags | TEE_SHM_ALLOC | TEE_SHM_REGISTER, shm);
586 }
587
588 /**
589 * @brief Free shared memory region for Trusted Environment
590 *
591 * Frees shared memory for TEE
592 *
593 * @param dev TEE device
594 * @param shm Shared memory structure
595 *
596 * @retval -ENOSYS If callback was not implemented
597 *
598 * @retval 0 On success, negative on error
599 */
600 __syscall int tee_shm_free(const struct device *dev, struct tee_shm *shm);
601
z_impl_tee_shm_free(const struct device * dev,struct tee_shm * shm)602 static inline int z_impl_tee_shm_free(const struct device *dev, struct tee_shm *shm)
603 {
604 return tee_rm_shm(dev, shm);
605 }
606
607 /**
608 * @brief Receive a request for TEE Supplicant
609 *
610 * @param dev TEE device
611 * @param func Supplicant function
612 * @param num_params Number of parameters to be passed
613 * @param param List of the params for send/receive
614 *
615 * @retval -ENOSYS If callback was not implemented
616 *
617 * @retval 0 On success, negative on error
618 */
619 __syscall int tee_suppl_recv(const struct device *dev, uint32_t *func, unsigned int *num_params,
620 struct tee_param *param);
621
z_impl_tee_suppl_recv(const struct device * dev,uint32_t * func,unsigned int * num_params,struct tee_param * param)622 static inline int z_impl_tee_suppl_recv(const struct device *dev, uint32_t *func,
623 unsigned int *num_params, struct tee_param *param)
624 {
625 const struct tee_driver_api *api = (const struct tee_driver_api *)dev->api;
626
627 if (!api->suppl_recv) {
628 return -ENOSYS;
629 }
630
631 return api->suppl_recv(dev, func, num_params, param);
632 }
633
634 /**
635 * @brief Send a request for TEE Supplicant function
636 *
637 * @param dev TEE device
638 * @param ret supplicant return code
639 * @param num_params Number of parameters to be passed
640 * @param param List of the params for send/receive
641 *
642 * @retval -ENOSYS If callback was not implemented
643 * @retval Return value for sent request
644 *
645 * @retval 0 On success, negative on error
646 */
647 __syscall int tee_suppl_send(const struct device *dev, unsigned int ret, unsigned int num_params,
648 struct tee_param *param);
649
z_impl_tee_suppl_send(const struct device * dev,unsigned int ret,unsigned int num_params,struct tee_param * param)650 static inline int z_impl_tee_suppl_send(const struct device *dev, unsigned int ret,
651 unsigned int num_params, struct tee_param *param)
652 {
653 const struct tee_driver_api *api = (const struct tee_driver_api *)dev->api;
654
655 if (!api->suppl_send) {
656 return -ENOSYS;
657 }
658
659 return api->suppl_send(dev, ret, num_params, param);
660 }
661
662 #ifdef __cplusplus
663 }
664 #endif
665
666 /**
667 * @}
668 */
669
670 #include <zephyr/syscalls/tee.h>
671
672 #endif /* ZEPHYR_INCLUDE_DRIVERS_TEE_H_ */
673