Hello TFM owners,
I would like to report an issue for ARMv8-MAIN in TFM.
From GCC9, it may use FPU registers (S16~S31) to backup general purpose registers for better performance.
However, TFM’s library mode is not backup and restore FPU registers (S16~S31) base on EXC_RETURN.FType bit in tfm_core_sfn_request.
(Reference for LR.FType https://developer.arm.com/documentation/100235/0004/the-cortex-m33-processo… )
This may causes FPU registers (S16~S31) to be corrupted in tfm_core_sfn_request, if interrupt happens between two SVC call.
Here is an example to reproduce the issue:
1. Task A uses FPU S16 register to backup GPR R0
2. Task A calls psa_import_key() API
3. After the instruction “SVC %[SVC_REQ]” in tfm_core_sfn_request, the CONTROL.FPCA become “NOT active”
4. Enter FreeRTOS PendSV_Handler and schedule to others task.
* Originally, this should backup S16 due to CONTROL.FPCA is active and EXC_RETURN.FType should be 0.
* But, the EXC_RETURN.FType become 1 due to step3. So the S16 is not backup in stack and changed by others task.
1. Another task uses FPU S16 register (overwrite the value of S16 from Task A)
2. Enter FreeRTOS PendSV_Handler and schedule back to Task A
3. psa_import_key is finished and exit from TFM
4. Task A restore GPR R0 from FPU R16
5. Memory access violation in Task A due to incorrect value of GPR R0.
Stacking FPU s16-s31 in tfm_core_sfn_request can fix this problem. Please check the blue instructions. Thank you.
__attribute__((section("SFN"), naked))
int32_t tfm_core_sfn_request(const struct tfm_sfn_req_s *desc_ptr)
{
__ASM volatile(
"PUSH {r4-r12, lr} \n"
"MRS r4, control \n" /* Check FPCA in control register */
"TST r4, #0x04 \n"
"IT NE \n" /* Stacking S16-S31, if CONTROL.FPCA = 1 */
"VSTMDBNE sp!, {s16-s31} \n"
"PUSH {r4} \n" /* Backup CONTROL register */
"PUSH {r4} \n" /* For 8-bytes alignment to prevent xPSR.BIT9 = 1 */
"SVC %[SVC_REQ] \n" /* To remove upon instruction, xPSR.BIT9 should be masked to 0 in prepare_partition_iovec_ctx(…) */
"MOV r4, #0 \n"
"MOV r5, r4 \n"
"MOV r6, r4 \n"
"MOV r7, r4 \n"
"MOV r8, r4 \n"
"MOV r9, r4 \n"
"MOV r10, r4 \n"
"MOV r11, r4 \n"
"BLX lr \n"
"SVC %[SVC_RET] \n"
"POP {r4} \n" /* Restore CONTROL register */
"POP {r4} \n"
"TST r4, #0x04 \n" /* Check FPCA in control register */
"IT NE \n"
"VLDMIANE sp!, {s16-s31} \n" /* Restore S16-S31, if CONTROL.FPCA = 1 */
"POP {r4-r12, pc} \n"
: : [SVC_REQ] "I" (TFM_SVC_SFN_REQUEST),
[SVC_RET] "I" (TFM_SVC_SFN_RETURN)
);
}
Best regards!
Hi Jamie,
The change has been merged. Sorry for the possible inconveniences caused by end of the year holidays.
Best regards,
Anton
From: Jamie Mccrae via TF-M <tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org>>
Sent: Tuesday, January 11, 2022 4:03 PM
To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org>
Subject: [TF-M] Pending PR needs merging
Hi,
Would it be possible to get this PR merged https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/12686 due to a pending update for Zephyr?
Thanks,
Jamie
THIS MESSAGE, ANY ATTACHMENT(S), AND THE INFORMATION CONTAINED HEREIN MAY BE PROPRIETARY TO LAIRD CONNECTIVITY, LLC. AND/OR ANOTHER PARTY, AND MAY FURTHER BE INTENDED TO BE KEPT CONFIDENTIAL. IF YOU ARE NOT THE INTENDED RECIPIENT, PLEASE DELETE THE EMAIL AND ANY ATTACHMENTS, AND IMMEDIATELY NOTIFY THE SENDER BY RETURN EMAIL. THIS MESSAGE AND ITS CONTENTS ARE THE PROPERTY OF LAIRD CONNECTIVITY, LLC. AND MAY NOT BE REPRODUCED OR USED WITHOUT THE EXPRESS WRITTEN CONSENT OF LAIRD CONNECTIVITY, LLC.
Hi,
Would it be possible to get this PR merged https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/12686 due to a pending update for Zephyr?
Thanks,
Jamie
THIS MESSAGE, ANY ATTACHMENT(S), AND THE INFORMATION CONTAINED HEREIN MAY BE PROPRIETARY TO LAIRD CONNECTIVITY, LLC. AND/OR ANOTHER PARTY, AND MAY FURTHER BE INTENDED TO BE KEPT CONFIDENTIAL. IF YOU ARE NOT THE INTENDED RECIPIENT, PLEASE DELETE THE EMAIL AND ANY ATTACHMENTS, AND IMMEDIATELY NOTIFY THE SENDER BY RETURN EMAIL. THIS MESSAGE AND ITS CONTENTS ARE THE PROPERTY OF LAIRD CONNECTIVITY, LLC. AND MAY NOT BE REPRODUCED OR USED WITHOUT THE EXPRESS WRITTEN CONSENT OF LAIRD CONNECTIVITY, LLC.
Hi all,
TF-M CI is back to normal. Please feel free to use it. 😊
BR,
Xinyu
From: Xinyu Zhang
Sent: Monday, January 10, 2022 11:07 AM
To: TF-M mailing list <tf-m(a)lists.trustedfirmware.org>
Cc: nd <nd(a)arm.com>
Subject: TF-M Open CI Fails to Run Tests
Hi all,
Sorry to inform you that TF-M Open CI is down for the time being – tests cannot be run.
I’ll let you know as long as CI is back to normal.
Apologize for any inconvenience!
Thanks,
Xinyu
Hi all,
Sorry to inform you that TF-M Open CI is down for the time being - tests cannot be run.
I'll let you know as long as CI is back to normal.
Apologize for any inconvenience!
Thanks,
Xinyu
Hi,
Thank Chris made a couple of changes to move the mailbox mechanism from a kernel-coupled one into a partition-based one, which simplifies the programming model much.
And mailbox-related platforms (musca-b1 secure enclave and corstone 1000) may get affected after merged, please mentioned platform owners take a try on these patches. Another solution is we can merge them and then fix the problems found.
Will wait for one more week for the last patch (Patches no affecting platforms out of PSoC are merged already).
I think checkout this one should bring all related changes into local:
https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/12311
Feel free to comment, thanks.
/Ken
Hi,
The next Technical Forum is planned on Thursday, Jan 6, 7:00-8:00 UTC (Asia time zone).
Please reply on this email with your proposals for agenda topics.
Recording and slides of previous meetings are here:
https://www.trustedfirmware.org/meetings/tf-m-technical-forum/
Best regards,
Anton
Hi everyone,
While taking a look into PSA header files from interface/include/psa/ folder I have found out that they are actually slightly different from PSA headers in build_folder/lib/ext/mbedcrypto-src/include/psa/ folder.
Here is list of files that are different:
* crypto.h
* crypto_compat.h
* crypto_extra.h
* crypto_sizes.h
* crypto_struct.h
* crypto_types.h
* crypto_values.h
My expectation was that PSA interface (header files) should be the same in both folders.
Maybe we should use only one version of those files (remove files from interface/include/psa/ and just use files from build_folder/lib/ext/mbedcrypto-src/include/psa/)?
Regards,
Bohdan Hunko
Cypress Semiconductor Ukraine
Engineer
CSUKR CSS ICW SW FW
Mobile: +38099 50 19 714
Bohdan.Hunko(a)infineon.com<mailto:Bohdan.Hunko@infineon.com>
Back after the holidays I have tested a few builds and I've noticed that
a few builds fail a bunch of tests.
Fails on all tool chains.
Is this a known issue?
psoc64, musca_s1 works.
Musca_B1 (nxp lpcxpresso55s69 also fails:
PS D:\Projects\tf-m6\trusted-firmware-m\armclang> cmake -GNinja -S .. -B
. -DTFM_PLATFORM=arm/musca_b1/sse_200
"-DTFM_TOOLCHAIN_FILE=..\toolchain_ARMCLANG.cmake" -DTEST_NS=ON
-DTEST_S=ON -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBL2=ON
...
Running Test Suite PSA internal trusted storage S interface tests
(TFM_S_ITS_TEST_1XXX)...
> Executing 'TFM_S_ITS_TEST_1001'
Description: 'Set interface'
Set should not fail with valid UID (Failed at
D:/Projects/tf-m6/trusted-firmware-m/armclang/lib/ext/tfm_test_repo-src/test/suites/its/its_tests_common.c:32)
TEST: TFM_S_ITS_TEST_1001 - FAILED!
> Executing 'TFM_S_ITS_TEST_1002'
Description: 'Set interface with create flags'
Set should not fail with no flags (Failed at
D:/Projects/tf-m6/trusted-firmware-m/armclang/lib/ext/tfm_test_repo-src/test/suites/its/its_tests_common.c:91)
TEST: TFM_S_ITS_TEST_1002 - FAILED!
> Executing 'TFM_S_ITS_TEST_1003'
Description: 'Set interface with NULL data pointer'
Set should succeed with NULL data pointer and zero length (Failed at
D:/Projects/tf-m6/trusted-firmware-m/armclang/lib/ext/tfm_test_repo-src/test/suites/its/its_tests_common.c:115)
TEST: TFM_S_ITS_TEST_1003 - FAILED!
> Executing 'TFM_S_ITS_TEST_1004'
Description: 'Set interface with write once UID'
Set should not rewrite a write once UID (Failed at
D:/Projects/tf-m6/trusted-firmware-m/armclang/lib/ext/tfm_test_repo-src/test/suites/its/its_tests_common.c:138)
TEST: TFM_S_ITS_TEST_1004 - FAILED!
> Executing 'TFM_S_ITS_TEST_1005'
Description: 'Get interface with valid data'
Set should not fail (Failed at
D:/Projects/tf-m6/trusted-firmware-m/armclang/lib/ext/tfm_test_repo-src/test/suites/its/its_tests_common.c:186)
TEST: TFM_S_ITS_TEST_1005 - FAILED!
> Executing 'TFM_S_ITS_TEST_1006'
Description: 'Get interface with zero data length'
Set should not fail (Failed at
D:/Projects/tf-m6/trusted-firmware-m/armclang/lib/ext/tfm_test_repo-src/test/suites/its/its_tests_common.c:293)
TEST: TFM_S_ITS_TEST_1006 - FAILED!
...
(lots more failed tests)
...
*** Non-secure test suites summary ***
Test suite 'PSA protected storage NS interface tests
(TFM_NS_PS_TEST_1XXX)' has PASSED
Test suite 'PSA internal trusted storage NS interface tests
(TFM_NS_ITS_TEST_1XXX)' has FAILED
Test suite 'Crypto non-secure interface test (TFM_NS_CRYPTO_TEST_1XXX)'
has FAILED
Test suite 'Platform Service Non-Secure interface
tests(TFM_NS_PLATFORM_TEST_1XXX)' has PASSED
Test suite 'Initial Attestation Service non-secure interface
tests(TFM_NS_ATTEST_TEST_1XXX)' has PASSED
Test suite 'QCBOR regression test(TFM_NS_QCBOR_TEST_1XXX)' has PASSED
Test suite 'T_COSE regression test(TFM_NS_T_COSE_TEST_1XXX)' has PASSED
Test suite 'PSA firmware update NS interface tests
(TFM_NS_FWU_TEST_1xxx)' has PASSED
Test suite 'Core non-secure positive tests (TFM_NS_CORE_TEST_1XXX)' has
PASSED
Test suite 'IPC non-secure interface test (TFM_NS_IPC_TEST_1XXX)' has PASSED
Test suite 'TFM IRQ Test (TFM_IRQ_TEST_1xxx)' has PASSED
*** End of Non-secure test suites ***
--
*Thomas Törnblom*, /Product Engineer/
IAR Systems AB
Box 23051, Strandbodgatan 1
SE-750 23 Uppsala, SWEDEN
Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01
E-mail: thomas.tornblom(a)iar.com Website: www.iar.com <http://www.iar.com>
Twitter: www.twitter.com/iarsystems <http://www.twitter.com/iarsystems>
