22. Non-Secure Identity Manager¶

The ID of the current application/thread is known by TF-M, and the PS service queries the ID of the currently running client via a dedicated API.

The identity of secure clients can be tracked by TF-M core, because it also manages the contexts of the partitions. However to differentiate NS clients, it relies on the services provided by the NS OS.

Tracking of context changes are possible by relying on the NS OS calling the Thread Context Management for Armv8-M TrustZone APIs, as described here

However TF-M needs an extra API, to assign a client ID to the TZ context created as a result of the TZ_MemoryId_t TZ_AllocModuleContext_S (TZ_ModuleId_t module) call. See interface/include/ext/tz_context.h for details of API declarations.

In case the NS OS doesn’t use the Thread Context Management for Armv8-M TrustZone APIs, then TF-M considers the NS SW as a single client, and assigns a client ID to it automatically.