Hi all,
I am working on integrating our IP(PUFcc) into TF-Mv2.1.0, with the PUFcc located at address 0x51700000.
The PUFcc can be access on bl2 stage, however, it cannot be access on booting tf-m stage.
The exception log as below:
[cid:image002.png@01DAEFC7.96FE4EB0]FATAL ERROR: HardFault
Here is some context for the exception:
EXC_RETURN (LR): 0xFFFFFFF1
Exception came from secure FW in handler mode.
xPSR: 0x00000003
MSP: 0x31000B18
PSP: 0x31000BF8
MSP_NS: 0xFFFFFFFC
PSP_NS: 0xFFFFFFFC
Exception frame at: 0x31000B18
R0: 0x31000B60
R1: 0x00000000
R2: 0x0000001B
R3: 0x00000002
R12: 0x00000000
LR: 0x38009EF7
PC: 0x3800AB02
xPSR: 0x6100000B
Callee saved register state: R4: 0xFFFFFFF9
R5: 0x31000B60
R6: 0x00000002
R7: 0x00000002
R8: 0x38030F24
R9: 0x0000001B
R10: 0x00000011
R11: 0x38030F11
CFSR: 0x00008200
BFSR: 0x00000082
BFAR: 0x00000004
MMFSR: 0x00000000
MMFAR: Not Valid
UFSR: 0x00000000
HFSR: 0x40000000
SFSR: 0x00000000
SFAR: Not Valid
The diff patch as below:
[cid:image003.png@01DAEFC7.96FE4EB0]--- a/secure_fw/spm/core/main.c
+++ b/secure_fw/spm/core/main.c
@@ -56,6 +56,9 @@ static fih_int tfm_core_init(void)
*/
SPMLOG_INFMSG("\033[1;34mBooting TF-M "VERSION_FULLSTR"\033[0m\r\n");
+ uint32_t* p_s = (uint32_t *)0x51700000;
+ printf("p_s = %08x\n", (uint32_t)*p_s);
Could you provide any suggestions on this issue?
Best regards,
Mark Chen
Research & Development Division II
PUFsecurity Corporation
Tel: 886-3-5601010 ext. 3110
Fax: 886-3-5601177
Email: mark(a)pufsecurity.com<mailto:mark@pufsecurity.com>
[cid:image001.png@01DAEFC5.FD4AE270]
From: Andy Chen <andychen(a)pufsecurity.com<mailto:andychen@pufsecurity.com>>
Sent: Thursday, August 1, 2024 12:12 AM
To: Anton Komlev <Anton.Komlev(a)arm.com<mailto:Anton.Komlev@arm.com>>
Cc: Randy Liu <randyliu(a)pufsecurity.com<mailto:randyliu@pufsecurity.com>>; Victor Huang <victor(a)pufsecurity.com<mailto:victor@pufsecurity.com>>; Neil Chen <neilchen(a)pufsecurity.com<mailto:neilchen@pufsecurity.com>>; Antonio De Angelis <Antonio.DeAngelis(a)arm.com<mailto:Antonio.DeAngelis@arm.com>>; Shebu Varghese Kuriakose <Shebu.VargheseKuriakose(a)arm.com<mailto:Shebu.VargheseKuriakose@arm.com>>
Subject: Re: [Technical Loop] PSA Crypto API with PUFcc on the TF-M platform
Hi Anton,
Thank you and enjoy your time!!!
Best,
Andy
________________________________
寄件者: Anton Komlev <Anton.Komlev(a)arm.com<mailto:Anton.Komlev@arm.com>>
寄件日期: Wednesday, July 31, 2024 11:34:48 PM
收件者: Andy Chen <andychen(a)pufsecurity.com<mailto:andychen@pufsecurity.com>>
副本: Randy Liu <randyliu(a)pufsecurity.com<mailto:randyliu@pufsecurity.com>>; Victor Huang <victor(a)pufsecurity.com<mailto:victor@pufsecurity.com>>; Neil Chen <neilchen(a)pufsecurity.com<mailto:neilchen@pufsecurity.com>>; Antonio De Angelis <Antonio.DeAngelis(a)arm.com<mailto:Antonio.DeAngelis@arm.com>>; Shebu Varghese Kuriakose <Shebu.VargheseKuriakose(a)arm.com<mailto:Shebu.VargheseKuriakose@arm.com>>
主旨: RE: [Technical Loop] PSA Crypto API with PUFcc on the TF-M platform
HI Andy,
Great to hear good news.
I will be in annual leave from tomorrow, Aug 1st, but Antonio (coped) could help you and can redirect the possible questions to appropriate team members.
With the occasion, I would appreciate if your team evaluates and follows TF-M documentation and gives us feedback on possible confusion or missing information.
Best regards,
Anton
From: Andy Chen <andychen(a)pufsecurity.com<mailto:andychen@pufsecurity.com>>
Sent: Wednesday, July 31, 2024 3:26 PM
To: Anton Komlev <Anton.Komlev(a)arm.com<mailto:Anton.Komlev@arm.com>>
Cc: Randy Liu <randyliu(a)pufsecurity.com<mailto:randyliu@pufsecurity.com>>; Victor Huang <victor(a)pufsecurity.com<mailto:victor@pufsecurity.com>>; Neil Chen <neilchen(a)pufsecurity.com<mailto:neilchen@pufsecurity.com>>
Subject: [Technical Loop] PSA Crypto API with PUFcc on the TF-M platform
#Set a new mail loop
Hi Anton,
We set a kick-off meeting of "PSA Crypto API with PUFcc on the TF-M platform" this week.
• TF-M v2.1.0
• PSA Crypto API - v1.2.1
• PSA Certified APIs Architecture Test Suite - v1.6
• MPS3 with AN552
Randy, Victor, and Neil are members of this project.
We would have many issues when developing that need your help to solve it.
Please feel free to add your teams. Let's make the project successful.
Thank you very much.
Have a Nice Day,
Andy
[cid:image001.png@01DAEFC5.FD4AE270]
熵碼科技股份有限公司
Tel: 886-3-5601010 #2119
Email: andychen(a)pufsecurity.com<mailto:andychen@pufsecurity.com>
Website: https://www.pufsecurity.com/
-------- Disclaimer: This e-mail is from PUFsecurity Corporation. This e-mail may contain privileged and confidential information. It is intended for the named recipient(s) only. Disclosure, copying, distribution, or use of the contents of this e-mail by persons other than the intended recipient may violate applicable laws. If you are not an intended recipient, please notify us immediately (by reply e-mail) and delete this e-mail from your system. Our postal address is 8F-1, No. 5, Tai-Yuan 1st St., Jhubei City, Hsinchu County 302082, Taiwan.--------
-------- Disclaimer: This e-mail is from PUFsecurity Corporation. This e-mail may contain privileged and confidential information. It is intended for the named recipient(s) only. Disclosure, copying, distribution, or use of the contents of this e-mail by persons other than the intended recipient may violate applicable laws. If you are not an intended recipient, please notify us immediately (by reply e-mail) and delete this e-mail from your system. Our postal address is 8F-1, No. 5, Tai-Yuan 1st St., Jhubei City, Hsinchu County 302082, Taiwan.--------
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
-------- Disclaimer: This e-mail is from PUFsecurity Corporation. This e-mail may contain privileged and confidential information. It is intended for the named recipient(s) only. Disclosure, copying, distribution, or use of the contents of this e-mail by persons other than the intended recipient may violate applicable laws. If you are not an intended recipient, please notify us immediately (by reply e-mail) and delete this e-mail from your system. Our postal address is 8F-1, No. 5, Tai-Yuan 1st St., Jhubei City, Hsinchu County 302082, Taiwan.--------
-------- Disclaimer: This e-mail is from PUFsecurity Corporation. This e-mail may contain privileged and confidential information. It is intended for the named recipient(s) only. Disclosure, copying, distribution, or use of the contents of this e-mail by persons other than the intended recipient may violate applicable laws. If you are not an intended recipient, please notify us immediately (by reply e-mail) and delete this e-mail from your system. Our postal address is 8F-1, No. 5, Tai-Yuan 1st St., Jhubei City, Hsinchu County 302082, Taiwan.--------
-------- Disclaimer: This e-mail is from PUFsecurity Corporation. This e-mail may contain privileged and confidential information. It is intended for the named recipient(s) only. Disclosure, copying, distribution, or use of the contents of this e-mail by persons other than the intended recipient may violate applicable laws. If you are not an intended recipient, please notify us immediately (by reply e-mail) and delete this e-mail from your system. Our postal address is 8F-1, No. 5, Tai-Yuan 1st St., Jhubei City, Hsinchu County 302082, Taiwan.--------
Hello,
We noticed that build of TF-M for CM33 platform generates ELF file for which architecture is armv3m. Step to reproduce:
1. Build TF-M secure image for CM33 platform with armclang (used 6.19).
2. Use arm-none-eabi-objdump provided with arm-gnu-toolchain-11.3.rel1-mingw-w64-i686-arm-none-eabi to print headers:
* arm-none-eabi-objdump -x tfm_s.axf
You will see following output:
tfm_s.axf
architecture: armv3m, flags 0x00000012:
EXEC_P, HAS_SYMS
While fromelf (from armclang) prints following:
========================================================================
** ELF Header Information
File Name: tfm_s.axf
Machine class: ELFCLASS32 (32-bit)
Data encoding: ELFDATA2LSB (Little endian)
Header version: EV_CURRENT (Current version)
Operating System ABI: none
ABI Version: 0
File Type: ET_EXEC (Executable) (2)
Machine: EM_ARM (ARM)
Image Entry point: 0x16004319
Flags: EF_ARM_HASENTRY + EF_ARM_ABI_FLOAT_HARD (0x05000402)
ARM ELF revision: 5 (ABI version 2)
Is't expected? Because we have problems with debugging images generated by armclang in eclipse with gdb.
Regards,
Roman.
Hi all,
I have pushed for review a change to improve the TF-M linker scripts / scatter files: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/30316
There are two ideas behind the change:
* Merge the isolation level 3 features from the tfm_isolation_l3 linker files into tfm_common_s, so that one linker file can support all TF-M isolation levels.
* Group the memory by its desired memory protection attribute as far as possible, so that as much of the memory map as possible can be covered by MPU regions to restrict the attributes to no more than needed. The main advantage of this is to reduce how much of the memory is executable.
There are more details in the commit message.
Since it could be a disruptive change, the new linker files are added in addition to the existing tfm_common_s.sct/ld/icf and tfm_isolation_l3.sct/ld/icf ones and only platforms that are already using the common tfm_hal_isolation_v8m.c are switched over for now. But the idea is that platforms can gradually migrate and eventually the existing linker files can be removed.
Kind regards,
Jamie
Hi TF-M teams,
This is Andy from PUFsecurity, and we have a project with ARM.
We try to integrate the PSA Crypto API with PUFcc (Our Crypto Engine) on TF-M.
However, there are multiple versions included, and we need your assistance for specification clarification.
Please ensure the versions match your recommendations.
For TF-M, we plan to integrate with:
TF-M v2.1.0
PSA Crypto API - v1.1.0
PSA Certified APIs Architecture Test Suite - v1.6
TF-M
It would be beneficial to use the same hardware (FPGA) and tools as the ARM development team.
If we can confirm which models are used for TF-M , scripts or details with the ARM hardware That would be grateful.
PSA Crypto API -
The test bench is using the PSA Crypto API v1.1.0, and it is published in 2022.
And Now is v1.2.1 in March 2024. I not sure it is a good choose or not.
[cid:983ad4d1-6d7d-4acb-a22d-5a49b94594d4]
Test Bench -
For the "PSA Certified APIs Architecture Test Suite - v1.6," we would like to identify which test codes (test_c001 to test_c067) are relevant for TF-M.
Thank you very much!!!
Have a Nice Day,
Andy
[cid:2fcb4633-c50b-4a64-8161-c5020f3b1ad3]
熵碼科技股份有限公司
Tel: 886-3-5601010 #2119
Email: andychen(a)pufsecurity.com<mailto:andychen@pufsecurity.com>
Website: https://www.pufsecurity.com/
-------- Disclaimer: This e-mail is from PUFsecurity Corporation. This e-mail may contain privileged and confidential information. It is intended for the named recipient(s) only. Disclosure, copying, distribution, or use of the contents of this e-mail by persons other than the intended recipient may violate applicable laws. If you are not an intended recipient, please notify us immediately (by reply e-mail) and delete this e-mail from your system. Our postal address is 8F-1, No. 5, Tai-Yuan 1st St., Jhubei City, Hsinchu County 302082, Taiwan.--------
-------- Disclaimer: This e-mail is from PUFsecurity Corporation. This e-mail may contain privileged and confidential information. It is intended for the named recipient(s) only. Disclosure, copying, distribution, or use of the contents of this e-mail by persons other than the intended recipient may violate applicable laws. If you are not an intended recipient, please notify us immediately (by reply e-mail) and delete this e-mail from your system. Our postal address is 8F-1, No. 5, Tai-Yuan 1st St., Jhubei City, Hsinchu County 302082, Taiwan.--------
Hi all,
I would like to propose a unified logging library in TF-M. The primary aim of this is to combine the fragmented logging we have across TF-M into a single logging library, with a single top-level API. Currently, different components (BL1, SPM, secure partition, etc.) have different logging APIs and these also have different underlying implementations. Some call directly into the UART output string function and others call printf. Sometimes using one logging API in a different component leads to build failures, or nothing ending up on the UART at all.
The primary aim here is for users to be able to use the same API throughout TF-M and for it to always work. This API will naturally be split into different logging levels, with build configuration controlled whether or not the string is actually output. Note that the underlying implementation can be different for different components - there can be hooks within the library which allow components to specify how they want to output the string. Initially, these can be used to maintain the existing underlying implementation. In the longer term, however, it would be useful to unify the underlying implementation also whether that be by using printf or with our own custom printf format parser.
Please let me know any thoughts or concerns about the above suggestion.
Thanks,
Jackson
Hello everyone,
Thank you for giving us the opportunity to understand more about you and how we can design the technical information for your needs. For those who weren’t on the technical forum call today, here’s a summary of what these interviews are about:
We’re calling for volunteers to help us better understand who our users are and how we can improve your technical documentation journey. We’ll be conducting 45 minute – 1 hour interviews over Zoom to ask questions about your role, the tasks you perform, how you learn, and how you use our documentation. In today’s forum, Lisa Durbin (Principal Technical Content Developer) will run through the details about the interviews and how you can take part.
If you’re interested in taking part in the interviews, please do both of the following:
1. Fill out the consent form here on the Microsoft Forms site<https://forms.office.com/Pages/ResponsePage.aspx?id=eVlO89lXqkqtTbEipmIYTWl…>.
2. Book a 1 hour Zoom session with me here on the Office Bookings site.<https://outlook.office.com/bookwithme/user/5b86408b60db4f51ba9459930fbc64a3…>
Please note, I’m based in Cambridge UK and my availability is during BST office hours. I’ll be running the sessions starting July 8th until September 30th, 2024.
If you have any questions or would like further information, please feel free to email me directly. Thank you again for your help.
Kind regards,
Lisa Durbin
Lisa Durbin | Principal Technical Content Developer
She/her
CE-SW Technology Management team
Cambridge
Hi All,
I pushed for review a Request For Comments (RFC) patch where I remove specific attributes for sections introduced a while ago.
At that time, it was fixing an issue with Armclang builds.
However it has been noticed that with GCC, those functions are not placed within the .text section, as otherwise expected.
With the proposed RFC patch https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/29755,
I ran a few tests and builds and the "old" issue with Armclang does not appear anymore and the functions are correctly placed within the .text section.
I would like to ask the community to cherry pick the patch and build & run their tests, to further verify that we are not breaking anything else.
If no issues are reported in a week or so, I will remove the RFC and then the patch will go through the final review.
Many thanks in advance for your cooperation.
Best regards,
Nicola Mazzucato (he/him/his) | CE Software group | Arm
110 Fulbourn Rd, CB1 9NJ, Cambridge UK
At Arm we work flexibly and globally, if you receive this email outside of your usual working hours please do not feel that you have to respond immediately.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
Hi TF-M and mbedtls community,
I am new to TF-M, I have a few questions about CryptoCell and random number generation. Thank you in advance.
1.
I figure there seems to have two CryptoCell 312 implementations within TF-M. One under lib/ext/cryptocell-312-runtime and the other under platform/ext/accelerator/cc312/cc312-rom. What are the difference between these two?
2.
For lib/ext/cryptocell-312-runtime, it does not define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG whereas /ext/accelerator/cc312/cc312-rom does. Does that mean cryptocell-312-runtime is initiating RNG cryptodriver by using mbedtls_entropy_add_source whereas cc312-rom is using mbedtls_psa_external_get_random<https://github.com/zephyrproject-rtos/trusted-firmware-m/blob/8df9cc8baf462…>. If so, may I ask why these two cryptocells take two different approaches? I read from one of the documentation that mbedtls_psa_external_get_random is used when entropy is sufficient. So if entropy is sufficient, is it always preferred to have MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG defined and implements mbedtls_psa_external_get_random? What are the differences between the two approaches.
3.
I also found cryptocell-312-runtime defines the entry point function cc3xx_init_random<https://github.com/zephyrproject-rtos/trusted-firmware-m/blob/8df9cc8baf462…>. But since PSA random number entry point funciton is not complete, the cc3xx_init_random is not being called anywhere, right?
[https://opengraph.githubassets.com/17cdebc400b0ed807c620b586b21f3f77ff9c5d3…]<https://github.com/zephyrproject-rtos/trusted-firmware-m/blob/8df9cc8baf462…>
trusted-firmware-m/platform/ext/accelerator/cc312/cc312-rom/psa_driver_api/src/cc3xx_psa_random.c at 8df9cc8baf46252fd188bba1d87333a8daa9a5e8 · zephyrproject-rtos/trusted-firmware-m<https://github.com/zephyrproject-rtos/trusted-firmware-m/blob/8df9cc8baf462…>
Zephyr repository tracking https://git.trustedfirmware.org/trusted-firmware-m.git/ - zephyrproject-rtos/trusted-firmware-m
github.com
4.
I know random number generation PSA entry point function is in development, may I ask when that would be expected to complete?
Thank you very much!
Best regards,
Hao