From c4eec756f38d7357ac7ad14453aee25c20b44a5e Mon Sep 17 00:00:00 2001 From: Laukik Hase Date: Wed, 15 Jan 2025 18:27:56 +0530 Subject: [PATCH] refactor(esp_tee): Revised the secure service ID numbering scheme Also: - Split the secure service table into two parts: one DRAM-resident and the other DROM-resident. The former holds the services invoked when the cache is disabled or suspended while the latter holds rest of the services. --- components/esp_hw_support/include/esp_cpu.h | 10 +- components/esp_tee/CMakeLists.txt | 2 +- .../scripts/esp32c6/secure_service.tbl | 97 +++++++++++-------- .../scripts/secure_service_tbl_parser.py | 25 +++-- .../tee_attestation/esp_tee_att.tbl | 2 +- .../main/core/esp_secure_dispatcher.c | 22 ++--- .../main/core/esp_secure_service_table.c | 16 ++- .../components/test_sec_srv/test.tbl | 34 +++---- components/riscv/include/riscv/rv_utils.h | 40 ++++---- components/riscv/interrupt_plic.c | 2 +- .../example_secure_service/example.tbl | 2 +- 11 files changed, 137 insertions(+), 115 deletions(-) diff --git a/components/esp_hw_support/include/esp_cpu.h b/components/esp_hw_support/include/esp_cpu.h index b0f3e89ed5..3f37a23516 100644 --- a/components/esp_hw_support/include/esp_cpu.h +++ b/components/esp_hw_support/include/esp_cpu.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2020-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2020-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -22,6 +22,10 @@ #include "esp_err.h" #include "esp_attr.h" +#if CONFIG_SECURE_ENABLE_TEE && !NON_OS_BUILD +#include "secure_service_num.h" +#endif + #ifdef __cplusplus extern "C" { #endif @@ -452,9 +456,9 @@ FORCE_INLINE_ATTR void esp_cpu_intr_edge_ack(int intr_num) #ifdef __XTENSA__ xthal_set_intclear((unsigned) (1 << intr_num)); #else -#if CONFIG_SECURE_ENABLE_TEE && !ESP_TEE_BUILD +#if CONFIG_SECURE_ENABLE_TEE && !NON_OS_BUILD extern esprv_int_mgmt_t esp_tee_intr_sec_srv_cb; - esp_tee_intr_sec_srv_cb(2, TEE_INTR_EDGE_ACK_SRV_ID, intr_num); + esp_tee_intr_sec_srv_cb(2, SS_RV_UTILS_INTR_EDGE_ACK, intr_num); #else rv_utils_intr_edge_ack((unsigned) intr_num); #endif diff --git a/components/esp_tee/CMakeLists.txt b/components/esp_tee/CMakeLists.txt index 3c4480e462..96e92e3567 100644 --- a/components/esp_tee/CMakeLists.txt +++ b/components/esp_tee/CMakeLists.txt @@ -88,7 +88,7 @@ set(secure_service_tbl_parser_py set(secure_service_gen_headers ${CONFIG_DIR}/secure_service_num.h ${CONFIG_DIR}/secure_service_dec.h - ${CONFIG_DIR}/secure_service.h + ${CONFIG_DIR}/secure_service_int.h ${CONFIG_DIR}/secure_service_ext.h ) if(CONFIG_SECURE_ENABLE_TEE AND NOT esp_tee_build) diff --git a/components/esp_tee/scripts/esp32c6/secure_service.tbl b/components/esp_tee/scripts/esp32c6/secure_service.tbl index 09e36b7a97..aac502d32f 100644 --- a/components/esp_tee/scripts/esp32c6/secure_service.tbl +++ b/components/esp_tee/scripts/esp32c6/secure_service.tbl @@ -1,45 +1,56 @@ # SS no. API type Function Args 0 custom invalid_secure_service 0 -1 IDF esp_rom_route_intr_matrix 3 -2 IDF rv_utils_intr_enable 1 -3 IDF rv_utils_intr_disable 1 -4 IDF rv_utils_intr_set_priority 2 -5 IDF rv_utils_intr_set_type 2 -6 IDF rv_utils_intr_set_threshold 1 -7 IDF rv_utils_intr_edge_ack 1 -8 IDF rv_utils_intr_global_enable 0 -9 IDF efuse_hal_chip_revision 0 -10 IDF efuse_hal_get_chip_ver_pkg 1 -11 IDF efuse_hal_get_disable_wafer_version_major 0 -12 IDF efuse_hal_get_mac 1 -13 IDF esp_efuse_check_secure_version 1 -14 IDF esp_efuse_read_field_blob 3 -15 IDF esp_flash_encryption_enabled 0 -16 IDF wdt_hal_init 4 -17 IDF wdt_hal_deinit 1 -18 IDF esp_aes_intr_alloc 0 -19 IDF esp_aes_crypt_cbc 6 -20 IDF esp_aes_crypt_cfb8 6 -21 IDF esp_aes_crypt_cfb128 7 -22 IDF esp_aes_crypt_ctr 7 -23 IDF esp_aes_crypt_ecb 4 -24 IDF esp_aes_crypt_ofb 6 -25 IDF esp_sha 4 -26 IDF esp_sha_dma 6 -27 IDF esp_sha_read_digest_state 2 -28 IDF esp_sha_write_digest_state 2 -29 IDF mmu_hal_map_region 6 -30 IDF mmu_hal_unmap_region 3 -31 IDF mmu_hal_vaddr_to_paddr 4 -32 IDF mmu_hal_paddr_to_vaddr 5 -33 custom esp_tee_ota_begin 0 -34 custom esp_tee_ota_write 3 -35 custom esp_tee_ota_end 0 -36 custom esp_tee_sec_storage_init 0 -37 custom esp_tee_sec_storage_gen_key 1 -38 custom esp_tee_sec_storage_get_signature 4 -39 custom esp_tee_sec_storage_get_pubkey 2 -40 custom esp_tee_sec_storage_encrypt 8 -41 custom esp_tee_sec_storage_decrypt 8 -42 custom esp_tee_sec_storage_is_slot_empty 1 -43 custom esp_tee_sec_storage_clear_slot 1 +# ID: 1-47 (47) - External memory (Flash) protection +1 IDF mmu_hal_map_region 6 +2 IDF mmu_hal_unmap_region 3 +3 IDF mmu_hal_vaddr_to_paddr 4 +4 IDF mmu_hal_paddr_to_vaddr 5 +# Services before the ID 48 will be placed in the internal memory table, +# while the rest will be placed in the external memory table. +# ID: 48-71 (24) - Interrupt Handling +48 IDF esp_rom_route_intr_matrix 3 +49 IDF rv_utils_intr_enable 1 +50 IDF rv_utils_intr_disable 1 +51 IDF rv_utils_intr_set_priority 2 +52 IDF rv_utils_intr_set_type 2 +53 IDF rv_utils_intr_set_threshold 1 +54 IDF rv_utils_intr_edge_ack 1 +55 IDF rv_utils_intr_global_enable 0 +# ID: 72-119 (48) - HAL +72 IDF efuse_hal_chip_revision 0 +73 IDF efuse_hal_get_chip_ver_pkg 1 +74 IDF efuse_hal_get_disable_wafer_version_major 0 +75 IDF efuse_hal_get_mac 1 +76 IDF wdt_hal_init 4 +77 IDF wdt_hal_deinit 1 +# ID: 120-167 (48) - Crypto +120 IDF esp_aes_intr_alloc 0 +121 IDF esp_aes_crypt_cbc 6 +122 IDF esp_aes_crypt_cfb8 6 +123 IDF esp_aes_crypt_cfb128 7 +124 IDF esp_aes_crypt_ctr 7 +125 IDF esp_aes_crypt_ecb 4 +126 IDF esp_aes_crypt_ofb 6 +127 IDF esp_sha 4 +128 IDF esp_sha_dma 6 +129 IDF esp_sha_read_digest_state 2 +130 IDF esp_sha_write_digest_state 2 +# ID: 168-183 (16) - eFuse +168 IDF esp_efuse_check_secure_version 1 +169 IDF esp_efuse_read_field_blob 3 +170 IDF esp_flash_encryption_enabled 0 +# ID: 184-249 (66) - Reserved for future use +# ID: 270-293 (24) - Secure Storage +270 custom esp_tee_sec_storage_init 0 +271 custom esp_tee_sec_storage_gen_key 2 +272 custom esp_tee_sec_storage_get_signature 4 +273 custom esp_tee_sec_storage_get_pubkey 2 +274 custom esp_tee_sec_storage_encrypt 8 +275 custom esp_tee_sec_storage_decrypt 8 +276 custom esp_tee_sec_storage_is_slot_empty 1 +277 custom esp_tee_sec_storage_clear_slot 1 +# ID: 294-299 (6) - OTA +294 custom esp_tee_ota_begin 0 +295 custom esp_tee_ota_write 3 +296 custom esp_tee_ota_end 0 +# ID: 300+ - User-defined diff --git a/components/esp_tee/scripts/secure_service_tbl_parser.py b/components/esp_tee/scripts/secure_service_tbl_parser.py index 4617660f81..94cb3f9c2c 100644 --- a/components/esp_tee/scripts/secure_service_tbl_parser.py +++ b/components/esp_tee/scripts/secure_service_tbl_parser.py @@ -5,6 +5,8 @@ import re from typing import List from typing import Tuple +SEC_SRV_TABLE_SPLIT_ID = 48 + def parse_services(secure_service_tbl: str) -> List[Tuple[int, str, int]]: services, service_ids = [], set() @@ -37,8 +39,9 @@ extern "C" { body = '\n'.join(f'#define SS_{name.upper()}\t{nr}' for nr, name, _ in services) footer = f'\n#define MAX_SECURE_SERVICES_ID\t{services[-1][0] + 1 if services else 0}\n' footer += f'#define SECURE_SERVICES_NUM\t{len(services)}\n\n' + footer += f'#define SECURE_SERVICES_SPLIT_ID\t{SEC_SRV_TABLE_SPLIT_ID}\n\n' footer += '''typedef void (*secure_service_t)(void); -typedef struct { int id; secure_service_t func; int nargs; } secure_service_entry_t; +typedef struct { secure_service_t func; int nargs; } secure_service_entry_t; ''' footer += '\n#ifdef __cplusplus\n}\n#endif\n' with open(output_file, 'w') as f: @@ -62,16 +65,22 @@ extern "C" { f.write(header + body + footer) -def generate_table(services: List[Tuple[int, str, int]], output_file: str) -> None: +def generate_table_split(services: List[Tuple[int, str, int]], output_file_1: str, output_file_2: str) -> None: header = '''/** * THIS FILE WAS AUTOMATICALLY GENERATED. DO NOT EDIT! */ #pragma once ''' - body = '\n'.join(f'__SECURE_SERVICE({nr}, {name}, {nargs})' for nr, name, nargs in services) - with open(output_file, 'w') as f: - f.write(header + body) + services_1 = [service for service in services if service[0] < SEC_SRV_TABLE_SPLIT_ID] + services_2 = [service for service in services if service[0] >= SEC_SRV_TABLE_SPLIT_ID] + + body_1 = '\n'.join(f'__SECURE_SERVICE({nr}, {name}, {nargs})' for nr, name, nargs in services_1) + body_2 = '\n'.join(f'__SECURE_SERVICE({nr}, {name}, {nargs})' for nr, name, nargs in services_2) + + with open(output_file_1, 'w') as f1, open(output_file_2, 'w') as f2: + f1.write(header + body_1) + f2.write(header + body_2) def generate_wrap_list(secure_service_tbl: str) -> None: @@ -85,19 +94,19 @@ def main() -> None: parser = argparse.ArgumentParser(description='Generate secure service outputs') parser.add_argument('--wrap', action='store_true', help='Generate linker wrap options') parser.add_argument('secure_service_tbl', type=str, help='Path to secure service table file') - parser.add_argument('output_files', nargs='*', help='Output files: [secure_service_num.h, secure_service_dec.h, secure_service.h]') + parser.add_argument('output_files', nargs='*', help='Output files: [secure_service_num.h, secure_service_dec.h, secure_service_1.h, secure_service_2.h]') args = parser.parse_args() if args.wrap: generate_wrap_list(args.secure_service_tbl) else: - if len(args.output_files) != 3: + if len(args.output_files) != 4: parser.error('Missing output header files!') services = parse_services(args.secure_service_tbl) generate_num_header(services, args.output_files[0]) generate_dec_header(services, args.output_files[1]) - generate_table(services, args.output_files[2]) + generate_table_split(services, args.output_files[2], args.output_files[3]) if __name__ == '__main__': diff --git a/components/esp_tee/subproject/components/tee_attestation/esp_tee_att.tbl b/components/esp_tee/subproject/components/tee_attestation/esp_tee_att.tbl index 03c4bf3ebc..5541be8625 100644 --- a/components/esp_tee/subproject/components/tee_attestation/esp_tee_att.tbl +++ b/components/esp_tee/subproject/components/tee_attestation/esp_tee_att.tbl @@ -1,2 +1,2 @@ # SS no. API type Function Args -101 custom esp_tee_att_generate_token 6 +250 custom esp_tee_att_generate_token 6 diff --git a/components/esp_tee/subproject/main/core/esp_secure_dispatcher.c b/components/esp_tee/subproject/main/core/esp_secure_dispatcher.c index 5c6f308430..323c715164 100644 --- a/components/esp_tee/subproject/main/core/esp_secure_dispatcher.c +++ b/components/esp_tee/subproject/main/core/esp_secure_dispatcher.c @@ -13,29 +13,21 @@ static const char *TAG = "esp_tee_sec_disp"; -extern const secure_service_entry_t tee_secure_service_table[]; +extern const secure_service_entry_t tee_sec_srv_tbl_int_mem[]; +extern const secure_service_entry_t tee_sec_srv_tbl_ext_mem[]; /* ---------------------------------------------- Secure Service Dispatcher ------------------------------------------------- */ -const secure_service_entry_t *find_service_by_id(uint32_t id) +static const secure_service_entry_t *find_service_by_id(uint32_t id) { if (id >= MAX_SECURE_SERVICES_ID) { return NULL; } - size_t left = 0; - size_t right = SECURE_SERVICES_NUM; - - while (left < right) { - size_t mid = left + (right - left) / 2; - - if (tee_secure_service_table[mid].id == id) { - return &tee_secure_service_table[mid]; - } else if (tee_secure_service_table[mid].id < id) { - left = mid + 1; - } else { - right = mid; - } + if (id < SECURE_SERVICES_SPLIT_ID) { + return &tee_sec_srv_tbl_int_mem[id]; + } else { + return &tee_sec_srv_tbl_ext_mem[id]; } return NULL; diff --git a/components/esp_tee/subproject/main/core/esp_secure_service_table.c b/components/esp_tee/subproject/main/core/esp_secure_service_table.c index 587072a2e1..df5faa33aa 100644 --- a/components/esp_tee/subproject/main/core/esp_secure_service_table.c +++ b/components/esp_tee/subproject/main/core/esp_secure_service_table.c @@ -13,10 +13,20 @@ #pragma GCC diagnostic ignored "-Woverride-init" #endif -const DRAM_ATTR secure_service_entry_t tee_secure_service_table[] = { -#define __SECURE_SERVICE(NR, SYM, ARGC) { .id = NR, .func = _ss_##SYM, .nargs = ARGC }, -#include "secure_service.h" +const DRAM_ATTR secure_service_entry_t tee_sec_srv_tbl_int_mem[] = { + [0 ... SECURE_SERVICES_SPLIT_ID - 1] = { .func = NULL, .nargs = 0 }, +#define __SECURE_SERVICE(NR, SYM, ARGC) [NR] = { .func = _ss_##SYM, .nargs = ARGC }, +#include "secure_service_int.h" +#undef __SECURE_SERVICE }; + +const secure_service_entry_t tee_sec_srv_tbl_ext_mem[] = { + [0 ... MAX_SECURE_SERVICES_ID] = { .func = NULL, .nargs = 0 }, +#define __SECURE_SERVICE(NR, SYM, ARGC) [NR] = { .func = _ss_##SYM, .nargs = ARGC }, +#include "secure_service_ext.h" +#undef __SECURE_SERVICE +}; + #ifdef __GNUC__ #pragma GCC diagnostic pop #endif diff --git a/components/esp_tee/test_apps/tee_test_fw/components/test_sec_srv/test.tbl b/components/esp_tee/test_apps/tee_test_fw/components/test_sec_srv/test.tbl index 5a6c311103..b93f500728 100644 --- a/components/esp_tee/test_apps/tee_test_fw/components/test_sec_srv/test.tbl +++ b/components/esp_tee/test_apps/tee_test_fw/components/test_sec_srv/test.tbl @@ -1,18 +1,18 @@ # SS no. API type Function Args -201 custom esp_tee_service_add 6 -202 custom esp_tee_service_sub 6 -203 custom esp_tee_service_mul 6 -204 custom esp_tee_service_div 6 -205 custom esp_tee_test_timer_init 6 -206 custom esp_tee_secure_int_test 6 -207 custom esp_tee_non_secure_int_test 6 -208 custom esp_tee_test_int_count 6 -209 custom esp_tee_test_resv_reg1_write_violation 0 -210 custom esp_tee_test_resv_reg1_exec_violation 0 -211 custom esp_tee_test_iram_reg1_write_violation 0 -212 custom esp_tee_test_iram_reg2_write_violation 0 -213 custom esp_tee_test_dram_reg1_exec_violation 0 -214 custom esp_tee_test_dram_reg2_exec_violation 0 -215 custom esp_tee_test_illegal_instruction 0 -216 custom dummy_secure_service 6 -217 custom add_in_loop 6 +300 custom esp_tee_service_add 2 +301 custom esp_tee_service_sub 2 +302 custom esp_tee_service_mul 2 +303 custom esp_tee_service_div 2 +304 custom esp_tee_test_timer_init 1 +305 custom esp_tee_secure_int_test 0 +306 custom esp_tee_non_secure_int_test 1 +307 custom esp_tee_test_int_count 1 +308 custom esp_tee_test_resv_reg1_write_violation 0 +309 custom esp_tee_test_resv_reg1_exec_violation 0 +310 custom esp_tee_test_iram_reg1_write_violation 0 +311 custom esp_tee_test_iram_reg2_write_violation 0 +312 custom esp_tee_test_dram_reg1_exec_violation 0 +313 custom esp_tee_test_dram_reg2_exec_violation 0 +314 custom esp_tee_test_illegal_instruction 0 +315 custom dummy_secure_service 0 +316 custom add_in_loop 3 diff --git a/components/riscv/include/riscv/rv_utils.h b/components/riscv/include/riscv/rv_utils.h index fcf9b3bfcf..efac01397d 100644 --- a/components/riscv/include/riscv/rv_utils.h +++ b/components/riscv/include/riscv/rv_utils.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2020-2024 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2020-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -17,6 +17,10 @@ #include "riscv/csr_pie.h" #include "sdkconfig.h" +#if CONFIG_SECURE_ENABLE_TEE && !NON_OS_BUILD +#include "secure_service_num.h" +#endif + #ifdef __cplusplus extern "C" { #endif @@ -28,15 +32,7 @@ extern "C" { #define IS_PRV_M_MODE() (1UL) #endif -#if CONFIG_SECURE_ENABLE_TEE && !ESP_TEE_BUILD -/* [ESP-TEE] Secure service call IDs for interrupt management */ -#define TEE_INTR_ENABLE_SRV_ID (2) -#define TEE_INTR_DISABLE_SRV_ID (3) -#define TEE_INTR_SET_PRIORITY_SRV_ID (4) -#define TEE_INTR_SET_TYPE_SRV_ID (5) -#define TEE_INTR_SET_THRESHOLD_SRV_ID (6) -#define TEE_INTR_EDGE_ACK_SRV_ID (7) -#define TEE_INTR_GLOBAL_EN_SRV_ID (8) +#if CONFIG_SECURE_ENABLE_TEE && !NON_OS_BUILD /* [ESP-TEE] Callback function for accessing interrupt management services through REE */ extern esprv_int_mgmt_t esp_tee_intr_sec_srv_cb; #endif @@ -157,8 +153,8 @@ FORCE_INLINE_ATTR void rv_utils_set_xtvec(uint32_t xtvec_val) FORCE_INLINE_ATTR void rv_utils_intr_enable(uint32_t intr_mask) { -#if CONFIG_SECURE_ENABLE_TEE && !ESP_TEE_BUILD - esp_tee_intr_sec_srv_cb(2, TEE_INTR_ENABLE_SRV_ID, intr_mask); +#if CONFIG_SECURE_ENABLE_TEE && !NON_OS_BUILD + esp_tee_intr_sec_srv_cb(2, SS_RV_UTILS_INTR_ENABLE, intr_mask); #else // Disable all interrupts to make updating of the interrupt mask atomic. unsigned old_mstatus = RV_CLEAR_CSR(mstatus, MSTATUS_MIE); @@ -169,8 +165,8 @@ FORCE_INLINE_ATTR void rv_utils_intr_enable(uint32_t intr_mask) FORCE_INLINE_ATTR void rv_utils_intr_disable(uint32_t intr_mask) { -#if CONFIG_SECURE_ENABLE_TEE && !ESP_TEE_BUILD - esp_tee_intr_sec_srv_cb(2, TEE_INTR_DISABLE_SRV_ID, intr_mask); +#if CONFIG_SECURE_ENABLE_TEE && !NON_OS_BUILD + esp_tee_intr_sec_srv_cb(2, SS_RV_UTILS_INTR_DISABLE, intr_mask); #else // Disable all interrupts to make updating of the interrupt mask atomic. unsigned old_mstatus = RV_CLEAR_CSR(mstatus, MSTATUS_MIE); @@ -181,8 +177,8 @@ FORCE_INLINE_ATTR void rv_utils_intr_disable(uint32_t intr_mask) FORCE_INLINE_ATTR void rv_utils_intr_global_enable(void) { -#if CONFIG_SECURE_ENABLE_TEE && !ESP_TEE_BUILD - esp_tee_intr_sec_srv_cb(1, TEE_INTR_GLOBAL_EN_SRV_ID); +#if CONFIG_SECURE_ENABLE_TEE && !NON_OS_BUILD + esp_tee_intr_sec_srv_cb(1, SS_RV_UTILS_INTR_GLOBAL_ENABLE); #else RV_SET_CSR(mstatus, MSTATUS_MIE); #endif @@ -203,8 +199,8 @@ FORCE_INLINE_ATTR void rv_utils_intr_global_disable(void) FORCE_INLINE_ATTR void rv_utils_intr_set_type(int intr_num, enum intr_type type) { -#if CONFIG_SECURE_ENABLE_TEE && !ESP_TEE_BUILD - esp_tee_intr_sec_srv_cb(3, TEE_INTR_SET_TYPE_SRV_ID, intr_num, type); +#if CONFIG_SECURE_ENABLE_TEE && !NON_OS_BUILD + esp_tee_intr_sec_srv_cb(3, SS_RV_UTILS_INTR_SET_TYPE, intr_num, type); #else esprv_int_set_type(intr_num, type); #endif @@ -212,8 +208,8 @@ FORCE_INLINE_ATTR void rv_utils_intr_set_type(int intr_num, enum intr_type type) FORCE_INLINE_ATTR void rv_utils_intr_set_priority(int rv_int_num, int priority) { -#if CONFIG_SECURE_ENABLE_TEE && !ESP_TEE_BUILD - esp_tee_intr_sec_srv_cb(3, TEE_INTR_SET_PRIORITY_SRV_ID, rv_int_num, priority); +#if CONFIG_SECURE_ENABLE_TEE && !NON_OS_BUILD + esp_tee_intr_sec_srv_cb(3, SS_RV_UTILS_INTR_SET_PRIORITY, rv_int_num, priority); #else esprv_int_set_priority(rv_int_num, priority); #endif @@ -221,8 +217,8 @@ FORCE_INLINE_ATTR void rv_utils_intr_set_priority(int rv_int_num, int priority) FORCE_INLINE_ATTR void rv_utils_intr_set_threshold(int priority_threshold) { -#if CONFIG_SECURE_ENABLE_TEE && !ESP_TEE_BUILD - esp_tee_intr_sec_srv_cb(2, TEE_INTR_SET_THRESHOLD_SRV_ID, priority_threshold); +#if CONFIG_SECURE_ENABLE_TEE && !NON_OS_BUILD + esp_tee_intr_sec_srv_cb(2, SS_RV_UTILS_INTR_SET_THRESHOLD, priority_threshold); #else esprv_int_set_threshold(priority_threshold); #endif diff --git a/components/riscv/interrupt_plic.c b/components/riscv/interrupt_plic.c index 9c7aa0d2bf..808610ade5 100644 --- a/components/riscv/interrupt_plic.c +++ b/components/riscv/interrupt_plic.c @@ -59,7 +59,7 @@ bool esprv_int_is_vectored(int rv_int_num) } -#if CONFIG_SECURE_ENABLE_TEE && !ESP_TEE_BUILD +#if CONFIG_SECURE_ENABLE_TEE && !NON_OS_BUILD DRAM_ATTR esprv_int_mgmt_t esp_tee_intr_sec_srv_cb = NULL; void esprv_int_setup_mgmt_cb(void *fptr) diff --git a/examples/security/tee/tee_basic/components/example_secure_service/example.tbl b/examples/security/tee/tee_basic/components/example_secure_service/example.tbl index 72bd61ff34..e801439ed5 100644 --- a/examples/security/tee/tee_basic/components/example_secure_service/example.tbl +++ b/examples/security/tee/tee_basic/components/example_secure_service/example.tbl @@ -1,2 +1,2 @@ # SS no. API type Function Args -201 custom example_sec_serv_aes_op 6 +300 custom example_sec_serv_aes_op 5