April 2021 - TF-M - lists.trustedfirmware.org

Re: [TF-M] Questions on Musca-B1 SE implementation

by Tamas Ban

Hi Suresh, Here is a link how to build images to Musca-B1 SE: https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/platform/e… I have built with GCC and MinSizeRel build type: Profile Medium: Memory region Used Size Region Size %age Used FLASH: 101464 B 381 KB 26.01% RAM: 61304 B 64 KB 93.54% [100%] Built target tfm_s Profile Large: Memory region Used Size Region Size %age Used FLASH: 170448 B 381 KB 43.69% RAM: 62980 B 64 KB 96.10% [ 97%] Built target tfm_s The profiles means different capabilities of TF-M, they were introduced to support constrained devices as well, with limited capability. There is a detailed description about the profiles here: https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/techn… BR, Tamas From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Suresh Marisetty via TF-M Sent: 2021. április 29., csütörtök 21:49 To: tf-m(a)lists.trustedfirmware.org Subject: [TF-M] Questions on Musca-B1 SE implementation I am following up on a question that came up on the TFM Core and MCUBoot image sizes that is built for SE on Musca-B1. We are trying to figure out the resource requirements for SE, to be able to host the TF-M as suggested in the slides below. Wondering if anyone throw more light on the RAM/FLASH requirements for it. Also, does the TFM profile small/medium/large map to this at all or is it different from them. Also, what's are the estimated latencies of boot on SE with all the Flash accesses, etc. https://www.trustedfirmware.org/docs/Musca-B1-Secure-Enclave-Solution.pdf https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/platform/e… Any info on this would be appreciated. thanks Suresh Marisetty Infineon Semiconductor Corporation

3 years, 6 months

2
1
0 0

Re: [TF-M] [FIH lib] : fih question on a specific fault injection

by Raef Coles

I think at the moment that wouldn't get caught by the flow control countermeasures. However, we did have an idea for an improvement (which didn't get implemented), that should resolve it. At the moment, calling a function with FIH_CALL increases the flow control counter by 1. The alternative we considered was to instead increase the counter by a value that was generated based on the function that was called. Exactly how to generate this number is tricky, since we can't really implement a proper hash function in the preprocessor. The compromise we came to was that we could increase it by sizeof(__func__), (the length of the function name). This is accessible to both the call and the ret, and should be reasonably easily implementable. This wouldn't solve your issue immediately, but one function could then be renamed to be of different length. Another alternative is that you could manually increment and check the flow-control counter, though having to do that manually isn't ideal. Do either of these options seem reasonable? Raef ________________________________________ From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> on behalf of Michel JAOUEN via TF-M <tf-m(a)lists.trustedfirmware.org> Sent: 30 April 2021 13:55 To: tf-m(a)lists.trustedfirmware.org Subject: [TF-M] [FIH lib] : fih question on a specific fault injection Hello I start using FIH library and I doubt that it can solve following fault injection : Here are 2 tests function being placed by linker very closed from each other to make possible to jump from test_1 start address to test_2 start address with a fault injection. fih_int test_1(void) { fih_int fih_rc = FIH_FAILURE; fih_rc = fih_int_encode(TFM_PLAT_ERR_SUCCESS); FIH_RET(fih_rc); } fih_int test_2(void) { fih_int fih_rc = FIH_FAILURE; fih_rc = fih_int_encode(TFM_PLAT_ERR_SUCCESS); FIH_RET(fih_rc); } Is the following able to detect that code return from test_2 instead of test_1 after such fault ? FIH_CALL(test_1()); if (fih_not_eq(fih_rc, fih_int_encode(TFM_HAL_SUCCESS))) { tfm_core_panic(); } Best regards Michel

3 years, 6 months

2
1
0 0

[FIH lib] : fih question on a specific fault injection

by Michel JAOUEN

Hello I start using FIH library and I doubt that it can solve following fault injection : Here are 2 tests function being placed by linker very closed from each other to make possible to jump from test_1 start address to test_2 start address with a fault injection. fih_int test_1(void) { fih_int fih_rc = FIH_FAILURE; fih_rc = fih_int_encode(TFM_PLAT_ERR_SUCCESS); FIH_RET(fih_rc); } fih_int test_2(void) { fih_int fih_rc = FIH_FAILURE; fih_rc = fih_int_encode(TFM_PLAT_ERR_SUCCESS); FIH_RET(fih_rc); } Is the following able to detect that code return from test_2 instead of test_1 after such fault ? FIH_CALL(test_1()); if (fih_not_eq(fih_rc, fih_int_encode(TFM_HAL_SUCCESS))) { tfm_core_panic(); } Best regards Michel

3 years, 6 months

1
0
0 0

Re: [TF-M] Questions on Musca-B1 SE implementation

by David Hu

Hi Suresh, Secure Enclave and dual-cpu so far only support IPC model. Therefore Profile Medium and Profile Large can run on SE and dual-cpu platforms. Besides, Profile Large by default enables Fault Injection Hardening library. It requires platform to support Fault Injection Hardening. The secure firmware binary size may vary with different underlying inter-core communication and assigned resources. Best regards, Hu Ziji From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Tamas Ban via TF-M Sent: Friday, April 30, 2021 3:40 PM To: Suresh.Marisetty(a)infineon.com; tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] Questions on Musca-B1 SE implementation Hi Suresh, Here is a link how to build images to Musca-B1 SE: https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/platform/e… I have built with GCC and MinSizeRel build type: Profile Medium: Memory region Used Size Region Size %age Used FLASH: 101464 B 381 KB 26.01% RAM: 61304 B 64 KB 93.54% [100%] Built target tfm_s Profile Large: Memory region Used Size Region Size %age Used FLASH: 170448 B 381 KB 43.69% RAM: 62980 B 64 KB 96.10% [ 97%] Built target tfm_s The profiles means different capabilities of TF-M, they were introduced to support constrained devices as well, with limited capability. There is a detailed description about the profiles here: https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/techn… BR, Tamas From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Suresh Marisetty via TF-M Sent: 2021. április 29., csütörtök 21:49 To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: [TF-M] Questions on Musca-B1 SE implementation I am following up on a question that came up on the TFM Core and MCUBoot image sizes that is built for SE on Musca-B1. We are trying to figure out the resource requirements for SE, to be able to host the TF-M as suggested in the slides below. Wondering if anyone throw more light on the RAM/FLASH requirements for it. Also, does the TFM profile small/medium/large map to this at all or is it different from them. Also, what's are the estimated latencies of boot on SE with all the Flash accesses, etc. https://www.trustedfirmware.org/docs/Musca-B1-Secure-Enclave-Solution.pdf https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/platform/e… Any info on this would be appreciated. thanks Suresh Marisetty Infineon Semiconductor Corporation

3 years, 6 months

1
0
0 0

Questions on Musca-B1 SE implementation

by Suresh.Marisetty＠infineon.com

I am following up on a question that came up on the TFM Core and MCUBoot image sizes that is built for SE on Musca-B1. We are trying to figure out the resource requirements for SE, to be able to host the TF-M as suggested in the slides below. Wondering if anyone throw more light on the RAM/FLASH requirements for it. Also, does the TFM profile small/medium/large map to this at all or is it different from them. Also, what's are the estimated latencies of boot on SE with all the Flash accesses, etc. https://www.trustedfirmware.org/docs/Musca-B1-Secure-Enclave-Solution.pdf https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/platform/e… Any info on this would be appreciated. thanks Suresh Marisetty Infineon Semiconductor Corporation

3 years, 6 months

1
0
0 0

Re: [TF-M] Decouple NS specific code from TF-M NS interface

by David Hu

Hi all, The patch sets to decouple NS code from TF-M secure part have been merged. Sorry for the early merge as other pending patches depend on this patch set. Please rebase your patches if build reports an error about conflicting types of `tfm_ns_interface_init()`. Sorry for any inconvenience. If this decoupling brings any issue in NS integration with TF-M, sorry about the trouble and I'd appreciate it if you can share the issue details. Any further comment or suggestion is welcome. Best regards, Hu Ziji From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of David Hu via TF-M Sent: Tuesday, April 27, 2021 11:50 AM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] [Ask for review] Decouple NS specific code from TF-M NS interface Hi all, Thanks a lot for all your review and comments! I'd like to merge the patch sets *this Friday* if there is no further critical comment. Please feel free to continue to review and comment. Best regards, Hu Ziji From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of David Hu via TF-M Sent: Thursday, April 15, 2021 4:12 PM To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: [TF-M] [Ask for review] Decouple NS specific code from TF-M NS interface Hi all, May I ask you to take a look at the following patch set to decouple NS specific code from TF-M NS interface? https://review.trustedfirmware.org/q/topic:%22decouple-ns-interface%22+(sta… The decoupled NS code is moved from trusted-firmware-m repo to tf-m-tests repo, as an example of NS implementation. https://review.trustedfirmware.org/q/topic:%22add-ns-code%22+(status:open%2… The purpose of this change is to make it more flexible and simple to integrate NS OS with TF-M NS interface. Currently TF-M provides some reference implementations of NS interface for NS OS integration. However, it may have limitations during NS OS integration as various NS OSes/application usages prefer different implementations. Therefore, those NS OS specific code is removed from TF-M interface for NS clients in this patch set. The removed NS code includes NS interface lock ops, os wrappers and NS test specific implementation. Those NS code can be taken as an example in tf-m-tests. NS developers can follow or replace them during integration with TF-M, according to NS OS implementation and actual scenarios, without hacking trusted-firmware-m repo. This patch set doesn't change the current integration scheme. Instead, it exports the "tfm_ns_interface_dispatch()" API and enables NS OS to implement it according to NS OS and application specific requirement, such as NS interface lock operations. Any comment is welcome! Best regards, Hu Ziji

3 years, 6 months

1
0
0 0

Re: [TF-M] Technical Forum call - April 29

by Anton Komlev

Hi, We have no explicit items in the agenda. Let's use this chance to discuss any ongoing topics and questions like: * Planning repo restructuring * S <> NS decoupling * Pended PS reviews and a need for clarification * Your topic See you, Anton From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Anton Komlev via TF-M Sent: Wednesday, April 21, 2021 11:40 PM To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: [TF-M] Technical Forum call - April 29 Hi, The next Technical Forum is planned on Thursday, April 29 , 07:00-08:00 UTC (Asia time zone). Please reply on this email with your proposals for agenda topics. Recording and slides of previous meetings are here: https://www.trustedfirmware.org/meetings/tf-m-technical-forum/ Best regards, Anton

3 years, 6 months

1
0
0 0

Re: [TF-M] Supporting integrated Non-Secure RTOS applications that use the FPU

by Feder Liang

Hi, Ioannis Sorry for late response. I am out of office these two days. Thank you very much for sharing your problem here. As Keven mentioned, could you please report your problem on phabricator first with more details? This will be very helpful for us to analyze the problem you mentioned. 1. Which cortex-m core? 2. TF-M changeset you are using and compiler version. 3. Please list all changes you did for TF-M while integrated to your project. 4. More information about the crash: * IPC mode, right? Which isolation level? * Detail sequences of actions between NS and S when crash. * Lzay FP enabled? Crash when FPCCR_NS.LSPACT = 1 or something else? * Which PSA calls causes the crash, or all PSA calls? * How about the occurrence of crash? Always crash or sometimes? * Which fault entered? Value of registers and stack frame in memory at crash time are very useful for analysis. * ……., Other information if possible. The more information the better, please try to attached them in phabricator. Thank you. Best Regards Feder From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Glaropoulos, Ioannis via TF-M Sent: Thursday, April 22, 2021 3:24 PM To: Kevin Townsend (kevin.townsend(a)linaro.org) <kevin.townsend(a)linaro.org>; tf-m(a)lists.trustedfirmware.org Subject: Re: [TF-M] Supporting integrated Non-Secure RTOS applications that use the FPU Hi Kevin, Thanks for the link to the presentation 😊 I guess, then, Feder Liang, as the author of the presentation, should be able to provide some feedback on the questions I raised? Once more, I am stressing that our questions concern the usage of FPU in Non-Secure applications that integrate with TF-M today; it is not about future improvements for FPU support inside TF-M, which was (I guess) the main point of this presentation. Best, Ioannis From: Kevin Townsend <kevin.townsend(a)linaro.org<mailto:kevin.townsend@linaro.org>> Sent: Wednesday, April 21, 2021 8:03 PM To: Glaropoulos, Ioannis <Ioannis.Glaropoulos(a)nordicsemi.no<mailto:Ioannis.Glaropoulos@nordicsemi.no>> Cc: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: Re: [TF-M] Supporting integrated Non-Secure RTOS applications that use the FPU On Wed, 21 Apr 2021 at 18:56, Glaropoulos, Ioannis via TF-M <tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org>> wrote: I would like to ask the community whether these issues have been raised in the past – and if so, please, inform me what the conclusions have been. Are there current activities that attempt to address the problems raised above? Not been able to fully utilize the FP context stacking in Non-Secure Zephyr applications that integrate with TF-M removes value of our TF-M based solutions. Thanks! I am looking forward to hearing the thoughts of the community. Hi Ioannis, The previous technical forum call did discuss FP usage ... I don't think you were on the call at the time, but the presentation and video can be viewed here, and should point to the people to follow up with here on the mailing list of on phabricator, etc. Presentation: https://www.trustedfirmware.org/docs/FP-support-in-TF-M.pdf<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.trust…> Video link(s) available here: https://www.trustedfirmware.org/meetings/tf-m-technical-forum/<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.trust…> Best rehards, Kevin

3 years, 6 months

2
1
0 0

Re: [TF-M] [Ask for review] Decouple NS specific code from TF-M NS interface

by David Hu

Hi all, Thanks a lot for all your review and comments! I'd like to merge the patch sets *this Friday* if there is no further critical comment. Please feel free to continue to review and comment. Best regards, Hu Ziji From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of David Hu via TF-M Sent: Thursday, April 15, 2021 4:12 PM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: [TF-M] [Ask for review] Decouple NS specific code from TF-M NS interface Hi all, May I ask you to take a look at the following patch set to decouple NS specific code from TF-M NS interface? https://review.trustedfirmware.org/q/topic:%22decouple-ns-interface%22+(sta… The decoupled NS code is moved from trusted-firmware-m repo to tf-m-tests repo, as an example of NS implementation. https://review.trustedfirmware.org/q/topic:%22add-ns-code%22+(status:open%2… The purpose of this change is to make it more flexible and simple to integrate NS OS with TF-M NS interface. Currently TF-M provides some reference implementations of NS interface for NS OS integration. However, it may have limitations during NS OS integration as various NS OSes/application usages prefer different implementations. Therefore, those NS OS specific code is removed from TF-M interface for NS clients in this patch set. The removed NS code includes NS interface lock ops, os wrappers and NS test specific implementation. Those NS code can be taken as an example in tf-m-tests. NS developers can follow or replace them during integration with TF-M, according to NS OS implementation and actual scenarios, without hacking trusted-firmware-m repo. This patch set doesn't change the current integration scheme. Instead, it exports the "tfm_ns_interface_dispatch()" API and enables NS OS to implement it according to NS OS and application specific requirement, such as NS interface lock operations. Any comment is welcome! Best regards, Hu Ziji

3 years, 6 months

1
0
0 0

Temporary moving 'tfm_spm_hal_configure_default_isolation' out of FIH mointoring

by Ken Liu

Hi, We are refining the HAL logics for MMIO, so this legacy API 'tfm_spm_hal_configure_default_isolation', which is now monitored under FIH library would be out of monitoring for a while. The successors for this API would be added back after the refining is done, unless there are coming FIH updates. Moving this single function out of FIH monitoring won't trigger problems - in most of the cases this API just returns without actions as few partition has bound MMIOs. Thanks. /Ken

3 years, 6 months

1
0
0 0

2024

2023

2022

2021

2020

2019

2018

TF-M April 2021