sdk/fidl/fuchsia.tee/tee.fidl - fuchsia - Git at Google

 // Copyright 2018 The Fuchsia Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 library fuchsia.tee;

 using zx;

 // Trusted Execution Environment (TEE) Interface

 /// UUID identifiers are used to identify the TEE Operating System and individual Trusted
 /// Applications. This structure matches the UUID type as defined by RFC4122.
 type Uuid = struct {
     time_low uint32;
     time_mid uint16;
     time_hi_and_version uint16;
     clock_seq_and_node array<uint8, 8>;
 };

 type OsRevision = table {
     1: major uint32;
     2: minor uint32;
 };

 type OsInfo = table {
     1: uuid Uuid;
     2: revision OsRevision;
     3: is_global_platform_compliant bool;
 };

 /// Communication with the TEE OS and Trusted Applications is performed using opaque parameters.
 /// These parameters can be a mix of small values (Value type) or a buffer reference (Buffer type).
 /// A parameter will be tagged as either an input, output or both (inout).
 type Direction = strict enum : uint32 {
     INPUT = 0;
     OUTPUT = 1;
     INOUT = 2;
 };

 /// An empty parameter type is used as a placeholder for elements in the parameter set that are not
 /// used.
 // TODO(fxbug.dev/8031): Consider making this a table once empty tables do not cause binding issues.
 type None = struct {};

 /// Represents a buffer parameter.
 type Buffer = resource table {
     1: direction Direction;

     /// The VMO is allowed to be not present for situations where the TEE allows for buffer size
     /// checks.
     ///
     /// For example, if the operation to be performed needs an output buffer, but the user cannot
     /// calculate how large that output buffer should be, they can attempt the operation without
     /// a vmo and the Trusted Application will populate the size field so that the operation can
     /// be performed again with an appropriately sized buffer.
     2: vmo zx.handle:VMO;
     3: offset uint64;
     4: size uint64;
 };

 /// Represents a direct value parameter.
 type Value = table {
     1: direction Direction;

     /// This value is optional. If not set, a zero value is sent in its place if it is required by
     /// the calling convention.
     2: a uint64;

     /// This value is optional. If not set, a zero value is sent in its place if it is required by
     /// the calling convention.
     3: b uint64;

     /// This value is optional. If not set, a zero value is sent in its place if it is required by
     /// the calling convention.
     4: c uint64;
 };

 type Parameter = flexible resource union {
     1: none None;
     2: buffer Buffer;
     3: value Value;
 };

 const MAX_PARAMETERSET_COUNT uint32 = 4;
 alias ParameterSet = vector<Parameter>:MAX_PARAMETERSET_COUNT;

 /// Each operation must flow through the device driver and the trusted operating system before
 /// reaching the trusted application (and back). The ReturnOrigin indicates which layer provided the
 /// return code.
 type ReturnOrigin = strict enum : uint32 {
     COMMUNICATION = 0;
     TRUSTED_OS = 1;
     TRUSTED_APPLICATION = 2;
 };

 /// The result of an operation will include a return code, the origin of the result, and the return
 /// of the parameter set. The returned parameter set will be a copy of the input parameter set, but
 /// with the INOUT and OUTPUT parameters updated. If the parameter is a Buffer, it will update the
 /// Buffer.size to the number of bytes written.
 type OpResult = resource table {
     1: return_code uint64;
     2: return_origin ReturnOrigin;
     3: parameter_set ParameterSet;
 };

 /// Provides information about the TEE device.
 @discoverable
 protocol DeviceInfo {
     /// Obtains information about the TEE OS.
     GetOsInfo() -> (struct {
         info OsInfo;
     });
 };

 /// Represents a connection to an application running in the TEE.
 @discoverable
 protocol Application {
     /// Initiates a communication session with the trusted application.
     OpenSession2(resource struct {
         parameter_set ParameterSet;
     }) -> (resource struct {
         session_id uint32;
         op_result OpResult;
     });

     /// Requests the trusted application perform the provided command. The command is unique to the
     /// trusted application.
     InvokeCommand(resource struct {
         session_id uint32;
         command_id uint32;
         parameter_set ParameterSet;
     }) -> (resource struct {
         op_result OpResult;
     });

     /// Closes an established session.
     CloseSession(struct {
         session_id uint32;
     }) -> ();
 };
	// Copyright 2018 The Fuchsia Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.
	library fuchsia.tee;

	using zx;

	// Trusted Execution Environment (TEE) Interface

	/// UUID identifiers are used to identify the TEE Operating System and individual Trusted
	/// Applications. This structure matches the UUID type as defined by RFC4122.
	type Uuid = struct {
	time_low uint32;
	time_mid uint16;
	time_hi_and_version uint16;
	clock_seq_and_node array<uint8, 8>;
	};

	type OsRevision = table {
	1: major uint32;
	2: minor uint32;
	};

	type OsInfo = table {
	1: uuid Uuid;
	2: revision OsRevision;
	3: is_global_platform_compliant bool;
	};

	/// Communication with the TEE OS and Trusted Applications is performed using opaque parameters.
	/// These parameters can be a mix of small values (Value type) or a buffer reference (Buffer type).
	/// A parameter will be tagged as either an input, output or both (inout).
	type Direction = strict enum : uint32 {
	INPUT = 0;
	OUTPUT = 1;
	INOUT = 2;
	};

	/// An empty parameter type is used as a placeholder for elements in the parameter set that are not
	/// used.
	// TODO(fxbug.dev/8031): Consider making this a table once empty tables do not cause binding issues.
	type None = struct {};

	/// Represents a buffer parameter.
	type Buffer = resource table {
	1: direction Direction;

	/// The VMO is allowed to be not present for situations where the TEE allows for buffer size
	/// checks.
	///
	/// For example, if the operation to be performed needs an output buffer, but the user cannot
	/// calculate how large that output buffer should be, they can attempt the operation without
	/// a vmo and the Trusted Application will populate the size field so that the operation can
	/// be performed again with an appropriately sized buffer.
	2: vmo zx.handle:VMO;
	3: offset uint64;
	4: size uint64;
	};

	/// Represents a direct value parameter.
	type Value = table {
	1: direction Direction;

	/// This value is optional. If not set, a zero value is sent in its place if it is required by
	/// the calling convention.
	2: a uint64;

	/// This value is optional. If not set, a zero value is sent in its place if it is required by
	/// the calling convention.
	3: b uint64;

	/// This value is optional. If not set, a zero value is sent in its place if it is required by
	/// the calling convention.
	4: c uint64;
	};

	type Parameter = flexible resource union {
	1: none None;
	2: buffer Buffer;
	3: value Value;
	};

	const MAX_PARAMETERSET_COUNT uint32 = 4;
	alias ParameterSet = vector<Parameter>:MAX_PARAMETERSET_COUNT;

	/// Each operation must flow through the device driver and the trusted operating system before
	/// reaching the trusted application (and back). The ReturnOrigin indicates which layer provided the
	/// return code.
	type ReturnOrigin = strict enum : uint32 {
	COMMUNICATION = 0;
	TRUSTED_OS = 1;
	TRUSTED_APPLICATION = 2;
	};

	/// The result of an operation will include a return code, the origin of the result, and the return
	/// of the parameter set. The returned parameter set will be a copy of the input parameter set, but
	/// with the INOUT and OUTPUT parameters updated. If the parameter is a Buffer, it will update the
	/// Buffer.size to the number of bytes written.
	type OpResult = resource table {
	1: return_code uint64;
	2: return_origin ReturnOrigin;
	3: parameter_set ParameterSet;
	};

	/// Provides information about the TEE device.
	@discoverable
	protocol DeviceInfo {
	/// Obtains information about the TEE OS.
	GetOsInfo() -> (struct {
	info OsInfo;
	});
	};

	/// Represents a connection to an application running in the TEE.
	@discoverable
	protocol Application {
	/// Initiates a communication session with the trusted application.
	OpenSession2(resource struct {
	parameter_set ParameterSet;
	}) -> (resource struct {
	session_id uint32;
	op_result OpResult;
	});

	/// Requests the trusted application perform the provided command. The command is unique to the
	/// trusted application.
	InvokeCommand(resource struct {
	session_id uint32;
	command_id uint32;
	parameter_set ParameterSet;
	}) -> (resource struct {
	op_result OpResult;
	});

	/// Closes an established session.
	CloseSession(struct {
	session_id uint32;
	}) -> ();
	};