Hi,
ER_INITIAL_PSP section was used as the Trustzone NS Agent partition stack in IPC model.
Since Trustzone NS Agent partition has changed to use private variables as its stack, ER_INITIAL_PSP related definitions and references can be removed.
Change: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/13186
This change involves all the platforms for IPC model, it removes:
* Definition of ER_INITIAL_PSP section in the linker script
* Reference of ER_INITIAL_PSP for isolation configuration in platform HALs
This can simplify the linker script a bit.
This patch is going to be put there for a while as there are holidays, but please do review it when you see this mail. Plan to merge it before end of Jan, as soon as all concerns get addressed (if there are).
Regards,
Mingyang
Hi all,
I'd like to introduce a code size analyse tool to you. The tool is developed to help optimize TF-M code size by gathering the data from map file and output friendly.
These python scripts can
- Get a database to implement data tables from ARMCLANG or GNUARM map file.
- Supply an UI for developers to scan sorted information of sections, libraries, object files, functions and data.
- Help analyse the biggest or smallest targets in certain image. It can also help search functions or data to locate their address and detail information.
- Diff two databases to see the code size increment or decrement between two different build results.
The patch is: [tf-m-tools]<https://review.trustedfirmware.org/c/TF-M/tf-m-tools/+/12665>, it also contains the document for users.
Hope this tool can help you measure code size in the daily work. Please let me know if anything can be improved. I'd like to merge this tool this Friday if no critical comment.
Best Regards
Jianliang Shen
Here is what I could find on Zephyr:
https://docs.zephyrproject.org/1.14.1/reference/power_management/index.html
Any thoughts from anybody on this topic.
thanks
Suresh Marisetty
Infineon Semiconductor Corporation
From: Anton Komlev <Anton.Komlev(a)arm.com>
Sent: Thursday, January 13, 2022 2:19 AM
To: Joseph Yiu <Joseph.Yiu(a)arm.com>; Marisetty Suresh (CYSC CSS ICW SW SSE) <Suresh.Marisetty(a)infineon.com>
Subject: RE: Power management and TFM
Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments unless you validate it is safe<https://intranet-content.infineon.com/explore/aboutinfineon/rules/informati…>.
Hi Suresh,
As you noted, the power management topic is not covered by TF-M, leaving it for a platform or project level handling. Would you like to discuss the topic on TF-M Tech Forum and check what community thinks about it?
Best regards,
Anton
From: Joseph Yiu <Joseph.Yiu(a)arm.com<mailto:Joseph.Yiu@arm.com>>
Sent: Wednesday, January 12, 2022 8:52 PM
To: Suresh.Marisetty(a)infineon.com<mailto:Suresh.Marisetty@infineon.com>; Anton Komlev <Anton.Komlev(a)arm.com<mailto:Anton.Komlev@arm.com>>
Subject: RE: Power management and TFM
Hi Suresh,
> Power management does have an impact on security flows and how it is done.
Agree.
> Not sure if there is a standardized framework and application note on how it can be done on Corte-M with or without Secure Enclave model
Unfortunately there is no standardization of power management interface for Cortex-M systems today.
And given that the low power implementation varies between different vendors significantly, trying to define a power control interface is going to be very challenging.
By the way, I noticed you reply to me only. Is that intentional or would you want to have this conversation on the email list?
Regards,
Joseph
From: Suresh.Marisetty(a)infineon.com<mailto:Suresh.Marisetty@infineon.com> <Suresh.Marisetty(a)infineon.com<mailto:Suresh.Marisetty@infineon.com>>
Sent: 12 January 2022 18:58
To: Joseph Yiu <Joseph.Yiu(a)arm.com<mailto:Joseph.Yiu@arm.com>>
Cc: nd <nd(a)arm.com<mailto:nd@arm.com>>
Subject: RE: Power management and TFM
HI Anton and Joseph,
Power management does have an impact on security flows and how it is done. This is a town down architecture/implementation starting with NSPE and down with expected behavior of SPE (secure boot, TFM context management, etc.), cold boot, warm boot, deep-sleep, hibernate and active modes.
On the Cortex-A, there is PSCI framework couple with ACPI. Not sure if there is a standardized framework and application note on how it can be done on Corte-M with or without Secure Enclave model.
thanks
Suresh Marisetty
Infineon Semiconductor Corporation
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Joseph Yiu via TF-M
Sent: Monday, December 20, 2021 8:04 AM
To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org>
Cc: nd <nd(a)arm.com<mailto:nd@arm.com>>
Subject: Re: [TF-M] Power management and TFM
Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments unless you validate it is safe<https://intranet-content.infineon.com/explore/aboutinfineon/rules/informati…>.
Hi Suresh, Anton,
This is an interesting topic :-)
Armv8-M processors has some power management registers that can be restricted to Secure world access only.
System Control Register (SCR)
- Bit 2 SLEEPDEEP - 0 = Normal Sleep, 1 = Deep Sleep (this can also enable WIC feature). Access permission depends on SLEEPDEEPS.
- Bit 3 SLEEPDEEPS - 0 - NS privileged world can r/w to SLEEPDEEP, 1 - SLEEPDEEP is RAZ/WI to NS privileged world
(This is applicable to Cortex-M23, Cortex-M33, Cortex-M35P, Cortex-M55)
Cortex-M55 also has Implementation defined power model control registers (CPDLPSTATE, DPDLPSTATE)
https://developer.arm.com/documentation/101273/0101/Cortex-M55-Processor-le…
If TrustZone is used (AIRCR.BFHFNMINS is 0), then these registers are Secure privileged access only.
So definitely Secure firmware should provide some APIs for Non-secure software for changing the power control settings. However, I would expect that power control APIs would likely to be at a higher level which also manage other system level power control functions (which, as Anton said, device specific). In such case having APIs for modifying SLEEPDEEP and power model control registers is not helpful (or might even end up with confusions - e.g. if a SW developer trying to use both low level and high level APIs at the same time).
Given that a Secure firmware can setup SLEEPDEEPS easily if it wants to allow/disallow access to SLEEPDEEP control, having an API for this might be overkill.
Access to Cortex-M55's power model control registers is more tricky. Would an 'optional' reference API for updating power model control registers (CPDLPSTATE, DPDLPSTATE) be considered?
Regards,
Joseph
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Anton Komlev via TF-M
Sent: 20 December 2021 12:32
To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org>
Cc: nd <nd(a)arm.com<mailto:nd@arm.com>>
Subject: Re: [TF-M] Power management and TFM
Hi Suresh,
The power management is out of scope of TF-M core or any PSA service. Such functionality is HW platform specific and may vary depending on HW or SW adaptation capabilities. If you concern about a specific use case, where TF-M support is expected - let's discuss it here.
Hope that helps,
Anton
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Suresh Marisetty via TF-M
Sent: Friday, December 17, 2021 8:11 PM
To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org>
Subject: [TF-M] Power management and TFM
Hi,
Wondering if anybody can throw some light on any ongoing efforts on power management on a system with TFM (deep sleep, etc).
thanks
Suresh Marisetty
Infineon Semiconductor Corporation
CYSC CSS ICW SW SSE
Mobile: +5103863997
Suresh.Marisetty(a)infineon.com<mailto:Suresh.Marisetty@infineon.com>
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
Hello TFM owners,
I would like to report an issue for ARMv8-MAIN in TFM.
From GCC9, it may use FPU registers (S16~S31) to backup general purpose registers for better performance.
However, TFM’s library mode is not backup and restore FPU registers (S16~S31) base on EXC_RETURN.FType bit in tfm_core_sfn_request.
(Reference for LR.FType https://developer.arm.com/documentation/100235/0004/the-cortex-m33-processo… )
This may causes FPU registers (S16~S31) to be corrupted in tfm_core_sfn_request, if interrupt happens between two SVC call.
Here is an example to reproduce the issue:
1. Task A uses FPU S16 register to backup GPR R0
2. Task A calls psa_import_key() API
3. After the instruction “SVC %[SVC_REQ]” in tfm_core_sfn_request, the CONTROL.FPCA become “NOT active”
4. Enter FreeRTOS PendSV_Handler and schedule to others task.
* Originally, this should backup S16 due to CONTROL.FPCA is active and EXC_RETURN.FType should be 0.
* But, the EXC_RETURN.FType become 1 due to step3. So the S16 is not backup in stack and changed by others task.
1. Another task uses FPU S16 register (overwrite the value of S16 from Task A)
2. Enter FreeRTOS PendSV_Handler and schedule back to Task A
3. psa_import_key is finished and exit from TFM
4. Task A restore GPR R0 from FPU R16
5. Memory access violation in Task A due to incorrect value of GPR R0.
Stacking FPU s16-s31 in tfm_core_sfn_request can fix this problem. Please check the blue instructions. Thank you.
__attribute__((section("SFN"), naked))
int32_t tfm_core_sfn_request(const struct tfm_sfn_req_s *desc_ptr)
{
__ASM volatile(
"PUSH {r4-r12, lr} \n"
"MRS r4, control \n" /* Check FPCA in control register */
"TST r4, #0x04 \n"
"IT NE \n" /* Stacking S16-S31, if CONTROL.FPCA = 1 */
"VSTMDBNE sp!, {s16-s31} \n"
"PUSH {r4} \n" /* Backup CONTROL register */
"PUSH {r4} \n" /* For 8-bytes alignment to prevent xPSR.BIT9 = 1 */
"SVC %[SVC_REQ] \n" /* To remove upon instruction, xPSR.BIT9 should be masked to 0 in prepare_partition_iovec_ctx(…) */
"MOV r4, #0 \n"
"MOV r5, r4 \n"
"MOV r6, r4 \n"
"MOV r7, r4 \n"
"MOV r8, r4 \n"
"MOV r9, r4 \n"
"MOV r10, r4 \n"
"MOV r11, r4 \n"
"BLX lr \n"
"SVC %[SVC_RET] \n"
"POP {r4} \n" /* Restore CONTROL register */
"POP {r4} \n"
"TST r4, #0x04 \n" /* Check FPCA in control register */
"IT NE \n"
"VLDMIANE sp!, {s16-s31} \n" /* Restore S16-S31, if CONTROL.FPCA = 1 */
"POP {r4-r12, pc} \n"
: : [SVC_REQ] "I" (TFM_SVC_SFN_REQUEST),
[SVC_RET] "I" (TFM_SVC_SFN_RETURN)
);
}
Best regards!
Hi Jamie,
The change has been merged. Sorry for the possible inconveniences caused by end of the year holidays.
Best regards,
Anton
From: Jamie Mccrae via TF-M <tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org>>
Sent: Tuesday, January 11, 2022 4:03 PM
To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org>
Subject: [TF-M] Pending PR needs merging
Hi,
Would it be possible to get this PR merged https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/12686 due to a pending update for Zephyr?
Thanks,
Jamie
THIS MESSAGE, ANY ATTACHMENT(S), AND THE INFORMATION CONTAINED HEREIN MAY BE PROPRIETARY TO LAIRD CONNECTIVITY, LLC. AND/OR ANOTHER PARTY, AND MAY FURTHER BE INTENDED TO BE KEPT CONFIDENTIAL. IF YOU ARE NOT THE INTENDED RECIPIENT, PLEASE DELETE THE EMAIL AND ANY ATTACHMENTS, AND IMMEDIATELY NOTIFY THE SENDER BY RETURN EMAIL. THIS MESSAGE AND ITS CONTENTS ARE THE PROPERTY OF LAIRD CONNECTIVITY, LLC. AND MAY NOT BE REPRODUCED OR USED WITHOUT THE EXPRESS WRITTEN CONSENT OF LAIRD CONNECTIVITY, LLC.
Hi,
Would it be possible to get this PR merged https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/12686 due to a pending update for Zephyr?
Thanks,
Jamie
THIS MESSAGE, ANY ATTACHMENT(S), AND THE INFORMATION CONTAINED HEREIN MAY BE PROPRIETARY TO LAIRD CONNECTIVITY, LLC. AND/OR ANOTHER PARTY, AND MAY FURTHER BE INTENDED TO BE KEPT CONFIDENTIAL. IF YOU ARE NOT THE INTENDED RECIPIENT, PLEASE DELETE THE EMAIL AND ANY ATTACHMENTS, AND IMMEDIATELY NOTIFY THE SENDER BY RETURN EMAIL. THIS MESSAGE AND ITS CONTENTS ARE THE PROPERTY OF LAIRD CONNECTIVITY, LLC. AND MAY NOT BE REPRODUCED OR USED WITHOUT THE EXPRESS WRITTEN CONSENT OF LAIRD CONNECTIVITY, LLC.
Hi all,
TF-M CI is back to normal. Please feel free to use it. 😊
BR,
Xinyu
From: Xinyu Zhang
Sent: Monday, January 10, 2022 11:07 AM
To: TF-M mailing list <tf-m(a)lists.trustedfirmware.org>
Cc: nd <nd(a)arm.com>
Subject: TF-M Open CI Fails to Run Tests
Hi all,
Sorry to inform you that TF-M Open CI is down for the time being – tests cannot be run.
I’ll let you know as long as CI is back to normal.
Apologize for any inconvenience!
Thanks,
Xinyu
Hi all,
Sorry to inform you that TF-M Open CI is down for the time being - tests cannot be run.
I'll let you know as long as CI is back to normal.
Apologize for any inconvenience!
Thanks,
Xinyu
Hi,
Thank Chris made a couple of changes to move the mailbox mechanism from a kernel-coupled one into a partition-based one, which simplifies the programming model much.
And mailbox-related platforms (musca-b1 secure enclave and corstone 1000) may get affected after merged, please mentioned platform owners take a try on these patches. Another solution is we can merge them and then fix the problems found.
Will wait for one more week for the last patch (Patches no affecting platforms out of PSoC are merged already).
I think checkout this one should bring all related changes into local:
https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/12311
Feel free to comment, thanks.
/Ken
