1*1bb92983SJerome Forissier /* SPDX-License-Identifier: BSD-2-Clause */ 2b0104773SPascal Brand /* 3b0104773SPascal Brand * Copyright (c) 2014, STMicroelectronics International N.V. 4b0104773SPascal Brand * All rights reserved. 5b0104773SPascal Brand * 6b0104773SPascal Brand * Redistribution and use in source and binary forms, with or without 7b0104773SPascal Brand * modification, are permitted provided that the following conditions are met: 8b0104773SPascal Brand * 9b0104773SPascal Brand * 1. Redistributions of source code must retain the above copyright notice, 10b0104773SPascal Brand * this list of conditions and the following disclaimer. 11b0104773SPascal Brand * 12b0104773SPascal Brand * 2. Redistributions in binary form must reproduce the above copyright notice, 13b0104773SPascal Brand * this list of conditions and the following disclaimer in the documentation 14b0104773SPascal Brand * and/or other materials provided with the distribution. 15b0104773SPascal Brand * 16b0104773SPascal Brand * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 17b0104773SPascal Brand * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18b0104773SPascal Brand * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19b0104773SPascal Brand * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 20b0104773SPascal Brand * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21b0104773SPascal Brand * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22b0104773SPascal Brand * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23b0104773SPascal Brand * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24b0104773SPascal Brand * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25b0104773SPascal Brand * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26b0104773SPascal Brand * POSSIBILITY OF SUCH DAMAGE. 27b0104773SPascal Brand */ 28b0104773SPascal Brand 29b0104773SPascal Brand /* Based on GP TEE Internal API Specification Version 0.22 */ 30b0104773SPascal Brand #ifndef TEE_TA_API_H 31b0104773SPascal Brand #define TEE_TA_API_H 32b0104773SPascal Brand 33b0104773SPascal Brand #include <tee_api_defines.h> 34b0104773SPascal Brand #include <tee_api_types.h> 35b0104773SPascal Brand 36b0104773SPascal Brand /* This is a null define in STE TEE environment */ 37b0104773SPascal Brand #define TA_EXPORT 38b0104773SPascal Brand 39b0104773SPascal Brand /* 40b0104773SPascal Brand * TA Interface 41b0104773SPascal Brand * 42b0104773SPascal Brand * Each Trusted Application must provide the Implementation with a number 43b0104773SPascal Brand * of functions, collectively called the “TA interface”. These functions 44b0104773SPascal Brand * are the entry points called by the Trusted Core Framework to create the 45b0104773SPascal Brand * instance, notify the instance that a new client is connecting, notify 46b0104773SPascal Brand * the instance when the client invokes a command, etc. 47b0104773SPascal Brand * 48b0104773SPascal Brand * Trusted Application Entry Points: 49b0104773SPascal Brand */ 50b0104773SPascal Brand 51b0104773SPascal Brand /* 52b0104773SPascal Brand * The function TA_CreateEntryPoint is the Trusted Application's 53b0104773SPascal Brand * constructor, which the Framework calls when it creates a new instance of 54b0104773SPascal Brand * the Trusted Application. To register instance data, the implementation 55b0104773SPascal Brand * of this constructor can use either global variables or the function 56b0104773SPascal Brand * TEE_InstanceSetData. 57b0104773SPascal Brand * 58b0104773SPascal Brand * Return Value: 59b0104773SPascal Brand * - TEE_SUCCESS: if the instance is successfully created, the function 60b0104773SPascal Brand * must return TEE_SUCCESS. 61b0104773SPascal Brand * - Any other value: if any other code is returned the instance is not 62b0104773SPascal Brand * created, and no other entry points of this instance will be called. 63b0104773SPascal Brand * The Framework MUST reclaim all resources and dereference all objects 64b0104773SPascal Brand * related to the creation of the instance. 65b0104773SPascal Brand * 66b0104773SPascal Brand * If this entry point was called as a result of a client opening a 67b0104773SPascal Brand * session, the error code is returned to the client and the session is 68b0104773SPascal Brand * not opened. 69b0104773SPascal Brand */ 70b0104773SPascal Brand TEE_Result TA_EXPORT TA_CreateEntryPoint(void); 71b0104773SPascal Brand 72b0104773SPascal Brand /* 73b0104773SPascal Brand * The function TA_DestroyEntryPoint is the Trusted Application‟s 74b0104773SPascal Brand * destructor, which the Framework calls when the instance is being 75b0104773SPascal Brand * destroyed. 76b0104773SPascal Brand * 77b0104773SPascal Brand * When the function TA_DestroyEntryPoint is called, the Framework 78b0104773SPascal Brand * guarantees that no client session is currently open. Once the call to 79b0104773SPascal Brand * TA_DestroyEntryPoint has been completed, no other entry point of this 80b0104773SPascal Brand * instance will ever be called. 81b0104773SPascal Brand * 82b0104773SPascal Brand * Note that when this function is called, all resources opened by the 83b0104773SPascal Brand * instance are still available. It is only after the function returns that 84b0104773SPascal Brand * the Implementation MUST start automatically reclaiming resources left 85b0104773SPascal Brand * opened. 86b0104773SPascal Brand * 87b0104773SPascal Brand * Return Value: 88b0104773SPascal Brand * This function can return no success or error code. After this function 89b0104773SPascal Brand * returns the Implementation MUST consider the instance destroyed and 90b0104773SPascal Brand * reclaims all resources left open by the instance. 91b0104773SPascal Brand */ 92b0104773SPascal Brand void TA_EXPORT TA_DestroyEntryPoint(void); 93b0104773SPascal Brand 94b0104773SPascal Brand /* 95b0104773SPascal Brand * The Framework calls the function TA_OpenSessionEntryPoint when a client 96b0104773SPascal Brand * requests to open a session with the Trusted Application. The open 97b0104773SPascal Brand * session request may result in a new Trusted Application instance being 98b0104773SPascal Brand * created as defined in section 4.5. 99b0104773SPascal Brand * 100b0104773SPascal Brand * The client can specify parameters in an open operation which are passed 101b0104773SPascal Brand * to the Trusted Application instance in the arguments paramTypes and 102b0104773SPascal Brand * params. These arguments can also be used by the Trusted Application 103b0104773SPascal Brand * instance to transfer response data back to the client. See section 4.3.6 104b0104773SPascal Brand * for a specification of how to handle the operation parameters. 105b0104773SPascal Brand * 106b0104773SPascal Brand * If this function returns TEE_SUCCESS, the client is connected to a 107b0104773SPascal Brand * Trusted Application instance and can invoke Trusted Application 108b0104773SPascal Brand * commands. When the client disconnects, the Framework will eventually 109b0104773SPascal Brand * call the TA_CloseSessionEntryPoint entry point. 110b0104773SPascal Brand * 111b0104773SPascal Brand * If the function returns any error, the Framework rejects the connection 112b0104773SPascal Brand * and returns the error code and the current content of the parameters the 113b0104773SPascal Brand * client. The return origin is then set to TEE_ORIGIN_TRUSTED_APP. 114b0104773SPascal Brand * 115b0104773SPascal Brand * The Trusted Application instance can register a session data pointer by 116b0104773SPascal Brand * setting *psessionContext. The value of this pointer is not interpreted 117b0104773SPascal Brand * by the Framework, and is simply passed back to other TA_ functions 118b0104773SPascal Brand * within this session. Note that *sessionContext may be set with a pointer 119b0104773SPascal Brand * to a memory allocated by the Trusted Application instance or with 120b0104773SPascal Brand * anything else, like an integer, a handle etc. The Framework will not 121b0104773SPascal Brand * automatically free *sessionContext when the session is closed; the 122b0104773SPascal Brand * Trusted Application instance is responsible for freeing memory if 123b0104773SPascal Brand * required. 124b0104773SPascal Brand * 125b0104773SPascal Brand * During the call to TA_OpenSessionEntryPoint the client may request to 126b0104773SPascal Brand * cancel the operation. See section 4.10 for more details on 127b0104773SPascal Brand * cancellations. If the call to TA_OpenSessionEntryPoint returns 128b0104773SPascal Brand * TEE_SUCCESS, the client must consider the session as successfully opened 129b0104773SPascal Brand * and explicitly close it if necessary. 130b0104773SPascal Brand * 131b0104773SPascal Brand * Parameters: 132b0104773SPascal Brand * - paramTypes: the types of the four parameters. 133b0104773SPascal Brand * - params: a pointer to an array of four parameters. 134b0104773SPascal Brand * - sessionContext: A pointer to a variable that can be filled by the 135b0104773SPascal Brand * Trusted Application instance with an opaque void* data pointer 136b0104773SPascal Brand * 137b0104773SPascal Brand * Return Value: 138b0104773SPascal Brand * - TEE_SUCCESS if the session is successfully opened. 139b0104773SPascal Brand * - Any other value if the session could not be open. 140b0104773SPascal Brand * o The error code may be one of the pre-defined codes, or may be a new 141b0104773SPascal Brand * error code defined by the Trusted Application implementation itself. 142b0104773SPascal Brand */ 143b0104773SPascal Brand TEE_Result TA_EXPORT TA_OpenSessionEntryPoint(uint32_t paramTypes, 14468540524SIgor Opaniuk TEE_Param params[TEE_NUM_PARAMS], 145b0104773SPascal Brand void **sessionContext); 146b0104773SPascal Brand 147b0104773SPascal Brand /* 148b0104773SPascal Brand * The Framework calls this function to close a client session. During the 149b0104773SPascal Brand * call to this function the implementation can use any session functions. 150b0104773SPascal Brand * 151b0104773SPascal Brand * The Trusted Application implementation is responsible for freeing any 152b0104773SPascal Brand * resources consumed by the session being closed. Note that the Trusted 153b0104773SPascal Brand * Application cannot refuse to close a session, but can hold the closing 154b0104773SPascal Brand * until it returns from TA_CloseSessionEntryPoint. This is why this 155b0104773SPascal Brand * function cannot return an error code. 156b0104773SPascal Brand * 157b0104773SPascal Brand * Parameters: 158b0104773SPascal Brand * - sessionContext: The value of the void* opaque data pointer set by the 159b0104773SPascal Brand * Trusted Application in the function TA_OpenSessionEntryPoint for this 160b0104773SPascal Brand * session. 161b0104773SPascal Brand */ 162b0104773SPascal Brand void TA_EXPORT TA_CloseSessionEntryPoint(void *sessionContext); 163b0104773SPascal Brand 164b0104773SPascal Brand /* 165b0104773SPascal Brand * The Framework calls this function when the client invokes a command 166b0104773SPascal Brand * within the given session. 167b0104773SPascal Brand * 168b0104773SPascal Brand * The Trusted Application can access the parameters sent by the client 169b0104773SPascal Brand * through the paramTypes and params arguments. It can also use these 170b0104773SPascal Brand * arguments to transfer response data back to the client. 171b0104773SPascal Brand * 172b0104773SPascal Brand * During the call to TA_InvokeCommandEntryPoint the client may request to 173b0104773SPascal Brand * cancel the operation. 174b0104773SPascal Brand * 175b0104773SPascal Brand * A command is always invoked within the context of a client session. 176b0104773SPascal Brand * Thus, any session function can be called by the command implementation. 177b0104773SPascal Brand * 178b0104773SPascal Brand * Parameter: 179b0104773SPascal Brand * - sessionContext: The value of the void* opaque data pointer set by the 180b0104773SPascal Brand * Trusted Application in the function TA_OpenSessionEntryPoint. 181b0104773SPascal Brand * - commandID: A Trusted Application-specific code that identifies the 182b0104773SPascal Brand * command to be invoked. 183b0104773SPascal Brand * - paramTypes: the types of the four parameters. 184b0104773SPascal Brand * - params: a pointer to an array of four parameters. 185b0104773SPascal Brand * 186b0104773SPascal Brand * Return Value: 187b0104773SPascal Brand * - TEE_SUCCESS: if the command is successfully executed, the function 188b0104773SPascal Brand * must return this value. 189b0104773SPascal Brand * - Any other value: if the invocation of the command fails for any 190b0104773SPascal Brand * reason. 191b0104773SPascal Brand * o The error code may be one of the pre-defined codes, or may be a new 192b0104773SPascal Brand * error code defined by the Trusted Application implementation itself. 193b0104773SPascal Brand */ 194b0104773SPascal Brand 195b0104773SPascal Brand TEE_Result TA_EXPORT TA_InvokeCommandEntryPoint(void *sessionContext, 196b0104773SPascal Brand uint32_t commandID, 197b0104773SPascal Brand uint32_t paramTypes, 19868540524SIgor Opaniuk TEE_Param params[TEE_NUM_PARAMS]); 199b0104773SPascal Brand 200b0104773SPascal Brand /* 201b0104773SPascal Brand * Correspondance Client Functions <--> TA Functions 202b0104773SPascal Brand * 203b0104773SPascal Brand * TEE_OpenSession or TEE_OpenTASession: 204b0104773SPascal Brand * If a new Trusted Application instance is needed to handle the session, 205b0104773SPascal Brand * TA_CreateEntryPoint is called. 206b0104773SPascal Brand * Then, TA_OpenSessionEntryPoint is called. 207b0104773SPascal Brand * 208b0104773SPascal Brand * 209b0104773SPascal Brand * TEE_InvokeCommand or TEE_InvokeTACommand: 210b0104773SPascal Brand * TA_InvokeCommandEntryPoint is called. 211b0104773SPascal Brand * 212b0104773SPascal Brand * 213b0104773SPascal Brand * TEE_CloseSession or TEE_CloseTASession: 214b0104773SPascal Brand * TA_CloseSessionEntryPoint is called. 215b0104773SPascal Brand * For a multi-instance TA or for a single-instance, non keep-alive TA, if 216b0104773SPascal Brand * the session closed was the last session on the instance, then 217b0104773SPascal Brand * TA_DestroyEntryPoint is called. Otherwise, the instance is kept until 218b0104773SPascal Brand * the TEE shuts down. 219b0104773SPascal Brand * 220b0104773SPascal Brand */ 221b0104773SPascal Brand 222b0104773SPascal Brand #endif 223