drivers: entropy: Remove SPM support in cc3xx entropy driver

Remove the support of using SPM secure services in entropy driver for CryptoCell. NCSDK-18317 Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
ivaniushkov · Dec 13, 2022 · 3732e75 · 3732e75
1 parent 22d186a
commit 3732e75
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 20 deletions.
diff --git a/drivers/entropy/Kconfig b/drivers/entropy/Kconfig
@@ -6,7 +6,7 @@
 
 config ENTROPY_CC3XX
 	bool "Arm CC3XX RNG driver for Nordic devices" if !BUILD_WITH_TFM
-	depends on CRYPTOCELL_USABLE || SPM || BUILD_WITH_TFM
+	depends on CRYPTOCELL_USABLE || BUILD_WITH_TFM
 	depends on ENTROPY_GENERATOR
 	select ENTROPY_HAS_DRIVER
 	default y

diff --git a/drivers/entropy/entropy_cc3xx.c b/drivers/entropy/entropy_cc3xx.c
@@ -14,9 +14,7 @@
 #include <zephyr/drivers/entropy.h>
 #include <zephyr/sys/util.h>
 
-#if defined(CONFIG_SPM)
-#include "secure_services.h"
-#elif defined(CONFIG_BUILD_WITH_TFM)
+#if defined(CONFIG_BUILD_WITH_TFM)
 #include <psa/crypto.h>
 #include <psa/crypto_extra.h>
 #include <tfm_ns_interface.h>
@@ -55,19 +53,6 @@ static int entropy_cc3xx_rng_get_entropy(const struct device *dev,
 			chunk_size = length - offset;
 		}
 
-#if defined(CONFIG_SPM)
-		int ret = -EINVAL;
-
-		/* This is a call from a non-secure app that enables secure
-		 * services, in which case entropy is gathered by calling
-		 * through SPM.
-		 */
-		ret = spm_request_random_number(buffer + offset,
-						chunk_size, &olen);
-		if (ret != 0) {
-			return ret;
-		}
-#else
 		int ret = -1;
 
 		/* This is a call from a secure app, in which case entropy is
@@ -81,7 +66,7 @@ static int entropy_cc3xx_rng_get_entropy(const struct device *dev,
 		if (ret != 0) {
 			return -EINVAL;
 		}
-#endif /* defined(CONFIG_SPM) */
+
 		if (olen != chunk_size) {
 			return -EINVAL;
 		}
@@ -108,7 +93,7 @@ static int entropy_cc3xx_rng_init(const struct device *dev)
 	if (status != PSA_SUCCESS) {
 		return -EINVAL;
 	}
-#elif !defined(CONFIG_SPM)
+#else
 	int ret;
 
 	/* When the given context is NULL, a global internal
@@ -136,7 +121,7 @@ static const struct entropy_driver_api entropy_cc3xx_rng_api = {
  * TODO is there a better way to handle this?
  *
  * The problem is that when this driver is configured for use by
- * non-secure applications, calling through SPM leaves our application
+ * non-secure applications, calling through TF-M leaves our application
  * devicetree without an actual cryptocell node, so we fall back on
  * cryptocell_sw. This works, but it's a bit hacky and requires an out
  * of tree zephyr patch.