- TF-M - lists.trustedfirmware.org

Re: [TF-M] TF-M Technical Forum Agenda - June 25

by Anton Komlev

Hello, The agenda for today's forum: * PSA Isolation (level 3) design review * Secure Function model * Any other business, if time permitted. See you soon, Anton From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Anton Komlev via TF-M Sent: 17 June 2020 12:55 To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: [TF-M] TF-M Technical Forum call - June 25 Hello, The next Technical Forum is planned on Thursday, June 25 at 15:00-16:00 UTC (US time zone). This is exceptional time zone change because of a public holiday in China that day. Please reply on this email with your proposals for agenda topics. Best regards, Anton Komlev

5 years, 4 months

1
0
0 0

Re: [TF-M] new tf-m-test repository

by Kumar Gala

Curious if the intent is that the tf-m-tests repo would eventually be optional? - k > On Jun 19, 2020, at 5:29 AM, Anton Komlev via TF-M <tf-m(a)lists.trustedfirmware.org> wrote: > > Hi, > > Following TF-M project restructuring, let me bring your attention to the new repository: tf-m-tests repo > The intention is to migrate testing related code/libraries/tools there and clean the main repository. > Patches have been made. Please be aware of the change. > At this moment it does not affect the project development but in the future to test TF-M you will need to use this tf-m-tests repo. > > Thanks, > Anton Komlev > -- > TF-M mailing list > TF-M(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tf-m

5 years, 4 months

2
1
0 0

Re: [TF-M] TF-M v1.1 - Heads up

by Anton Komlev

Hi All, Both trusted-firmware-m and tf-m-tests repositories are tagged with TF-Mv1.1-RC1 tag marking the code freeze and beginning of the release candidate testing. Best regards, Anton Komlev Tech Lead of TF-M in Arm Ltd. From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Shebu Varghese Kuriakose via TF-M Sent: 10 June 2020 18:28 To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: [TF-M] TF-M v1.1 - Heads up Hi All, Just a heads up that TF-Mv1.1 tag is planned for middle to end of July. Code freeze of TF-M master is aimed around end of June to allow enough time for testing. Similar to TF-Mv1.0 and previous tags, v1.1 will include all TF-M changes in TF-M master available till code freeze in end of June. Availability of the tag will be notified via. this mailing list. Thanks, Shebu Technology Manager-TF-M, Arm Ltd.

5 years, 4 months

1
0
0 0

Switch to the original MCUboot as default

by David Vincze

Hi everyone, I would like to inform you about that the default bootloader option in TF-M has been changed from TF-M's MCUBoot fork to the original MCUBoot by a commit that was merged a few hours ago (https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/4551). Due to this you may experience that your TF-M builds are failing after a recent rebase onto master with the following error message: "Missing MCUBoot. Please clone the MCUBoot repo to directory....." . To solve this, you can choose from the following options: 1. Follow the instructions of the 'MCUBoot' section in the docs/getting_started/tfm_secure_boot.rst to clone the MCUBoot repository and fulfill this dependency. 2. Quick but rather temporary solution: Append '-DMCUBOOT_REPO=TF-M' to your CMake configuration command to use the MCUBoot fork from the TF-M repository as before. Example: cmake -G"Unix Makefiles" -DTARGET_PLATFORM=AN521 -DCOMPILER=ARMCLANG -DMCUBOOT_REPO=UPSTREAM ../ Please let me know, if you have any difficulties. Best regards, David Vincze

5 years, 4 months

1
0
0 0

[RFC] PSA Isolation (level 3) design document

by Ken Liu

Hi, We have created one PSA Isolation implementation design document and now call for comments: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/4730 The overall goal is to cover all isolation levels into this one document, and at current stage we take level 3 as an example. The image layout and regions are based on the assumption of the existing TF-M code base. Feel free to put comments, or post under this task: https://developer.trustedfirmware.org/T778 Thanks. /Ken

5 years, 4 months

1
0
0 0

Re: [TF-M] MPU Fault Handler in the 'Test secure irq' test

by Andrej Butok

Hi Mate, Thank you for the confirmation. To avoid the limitation, I have switched the IRQ test service to PSA-RoT in our code. Should the original TFM do the same? Thank you, Andrej From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Mate Toth-Pal via TF-M Sent: Tuesday, June 23, 2020 1:02 PM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] MPU Fault Handler in the 'Test secure irq' test Hi Andrej, Yes, this is a known limitation of the IRQ test case. Because of the limitation you mention in your mail it cannot be run in isolation levels higher than 1. This test is part of the core test positive test suite, which is (by default) is disabled in certain cases (mostly because of these limitations): CommonConfig.cmake: if (CORE_TEST) if (NOT CORE_IPC OR TFM_LVL EQUAL 1) set(CORE_TEST_POSITIVE ON) endif() set(CORE_TEST_INTERACTIVE OFF) endif() It might be a possible workaround to define the IRQ test service as a PRoT as well. Regards, Mate From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Andrej Butok via TF-M Sent: Monday, June 22, 2020 16:45 To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: [TF-M] MPU Fault Handler in the 'Test secure irq' test Hello, During my update to the new TFM version (after one month pause), occurs the MPU Fault Handler in the 'Test secure irq' regression test (TFM_ENABLE_IRQ_TEST is enabled). The reason is that the test partition is defined as APP_ROT (non-privileged), but the test accesses to the NS memory region (dined as Privileged by default): spm_irq_test_1_prepare_test_scenario_internal(enum irq_test_scenario_t irq_test_scenario, struct irq_test_execution_data_t *execution_data) "execution_data" points to a global structure in NS RAM area provided by the NS test. The workaround: Define the IRQ test partition as PSA_ROT (privileged). Is it OK? Is this known issue? Thanks, Andrej Butok

5 years, 4 months

1
0
0 0

Re: [TF-M] MPU Fault Handler in the 'Test secure irq' test

by Mate Toth-Pal

Hi Andrej, Yes, this is a known limitation of the IRQ test case. Because of the limitation you mention in your mail it cannot be run in isolation levels higher than 1. This test is part of the core test positive test suite, which is (by default) is disabled in certain cases (mostly because of these limitations): CommonConfig.cmake: if (CORE_TEST) if (NOT CORE_IPC OR TFM_LVL EQUAL 1) set(CORE_TEST_POSITIVE ON) endif() set(CORE_TEST_INTERACTIVE OFF) endif() It might be a possible workaround to define the IRQ test service as a PRoT as well. Regards, Mate From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Andrej Butok via TF-M Sent: Monday, June 22, 2020 16:45 To: tf-m(a)lists.trustedfirmware.org Subject: [TF-M] MPU Fault Handler in the 'Test secure irq' test Hello, During my update to the new TFM version (after one month pause), occurs the MPU Fault Handler in the 'Test secure irq' regression test (TFM_ENABLE_IRQ_TEST is enabled). The reason is that the test partition is defined as APP_ROT (non-privileged), but the test accesses to the NS memory region (dined as Privileged by default): spm_irq_test_1_prepare_test_scenario_internal(enum irq_test_scenario_t irq_test_scenario, struct irq_test_execution_data_t *execution_data) "execution_data" points to a global structure in NS RAM area provided by the NS test. The workaround: Define the IRQ test partition as PSA_ROT (privileged). Is it OK? Is this known issue? Thanks, Andrej Butok

5 years, 4 months

1
0
0 0

MPU Fault Handler in the 'Test secure irq' test

by Andrej Butok

Hello, During my update to the new TFM version (after one month pause), occurs the MPU Fault Handler in the 'Test secure irq' regression test (TFM_ENABLE_IRQ_TEST is enabled). The reason is that the test partition is defined as APP_ROT (non-privileged), but the test accesses to the NS memory region (dined as Privileged by default): spm_irq_test_1_prepare_test_scenario_internal(enum irq_test_scenario_t irq_test_scenario, struct irq_test_execution_data_t *execution_data) "execution_data" points to a global structure in NS RAM area provided by the NS test. The workaround: Define the IRQ test partition as PSA_ROT (privileged). Is it OK? Is this known issue? Thanks, Andrej Butok

5 years, 4 months

1
0
0 0

Re: [TF-M] new tf-m-test repository

by Kevin Peng

Hi Thomas, Should be review.trustedfirmware.org/c/TF-M/tf-m-tests Just replace "trusted-firmware-m" with "tf-m-tests" in the URL you push patches for TF-M. Best Regards, Kevin From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Thomas Törnblom via TF-M Sent: Monday, June 22, 2020 3:36 PM To: tf-m(a)lists.trustedfirmware.org Subject: Re: [TF-M] new tf-m-test repository What is the URL to push patches to this repo? I attempted to push the IAR RTX libraries but it failed. Cheers, Thomas Den 2020-06-19 kl. 12:29, skrev Anton Komlev via TF-M: Hi, Following TF-M project restructuring, let me bring your attention to the new repository: tf-m-tests repo<https://git.trustedfirmware.org/TF-M/tf-m-tests.git/> The intention is to migrate testing related code/libraries/tools there and clean the main repository. Patches have been made. Please be aware of the change. At this moment it does not affect the project development but in the future to test TF-M you will need to use this tf-m-tests repo. Thanks, Anton Komlev -- Thomas Törnblom, Product Engineer IAR Systems AB Box 23051, Strandbodgatan 1 SE-750 23 Uppsala, SWEDEN Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01 E-mail: thomas.tornblom(a)iar.com<mailto:thomas.tornblom@iar.com> Website: www.iar.com<http://www.iar.com> Twitter: www.twitter.com/iarsystems<http://www.twitter.com/iarsystems>

5 years, 4 months

2
1
0 0

Re: [TF-M] new tf-m-test repository

by Thomas Törnblom

What is the URL to push patches to this repo? I attempted to push the IAR RTX libraries but it failed. Cheers, Thomas Den 2020-06-19 kl. 12:29, skrev Anton Komlev via TF-M: > > Hi, > > Following TF-M project restructuring, let me bring your attention to > the new repository: *tf-m-tests* repo > <https://git.trustedfirmware.org/TF-M/tf-m-tests.git/> > > The intention is to migrate testing related code/libraries/tools there > and clean the main repository. > > Patches have been made. Please be aware of the change. > > At this moment it does not affect the project development but in the > future to test TF-M you will need to use this tf-m-tests repo. > > Thanks, > > Anton Komlev > > -- *Thomas Törnblom*, /Product Engineer/ IAR Systems AB Box 23051, Strandbodgatan 1 SE-750 23 Uppsala, SWEDEN Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01 E-mail: thomas.tornblom(a)iar.com <mailto:thomas.tornblom@iar.com> Website: www.iar.com <http://www.iar.com> Twitter: www.twitter.com/iarsystems <http://www.twitter.com/iarsystems>

5 years, 4 months

1
0
0 0

Re: [TF-M] Ask for final review of symmetric based initial attestation design

by David Hu

Hi all, Symmetric initial attestation patches are merged. Symmetric initial attestation now is enabled in TF-M Profile Small. Thanks a lot for the review and support. Best regards, Hu Ziji From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of David Hu via TF-M Sent: Monday, May 18, 2020 3:34 PM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: [TF-M] Ask for final review of symmetric based initial attestation design Hi all, May I ask for a final round of review on symmetric initial attestation design document on https://review.trustedfirmware.org/c/trusted-firmware-m/+/3898? The document has been reviewed for a long time and received many valuable comments. Thanks a lot. If there is no further critical comment, I'd like to merge this design this Friday. Best regards, Hu Ziji

5 years, 4 months

1
0
0 0

Re: [TF-M] new tf-m-test repository

by Kevin Peng

Thanks Anton. As you may have noticed, the CMSIS RTX libraries have been added to the tf-m-tests. There are also patches<https://review.trustedfirmware.org/q/topic:%22CMSIS_5_to_tfm_tests%22+(stat…> for TF-M to reference the libraries from tf-m-tests. The plan is to merge them before TF-M 1.1 release code freeze (around end of June). You would need to clone the tf-m-tests repo to build TF-M when these patches were merged. Best Regards, Kevin From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Anton Komlev via TF-M Sent: Friday, June 19, 2020 6:30 PM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: [TF-M] new tf-m-test repository Hi, Following TF-M project restructuring, let me bring your attention to the new repository: tf-m-tests repo<https://git.trustedfirmware.org/TF-M/tf-m-tests.git/> The intention is to migrate testing related code/libraries/tools there and clean the main repository. Patches have been made. Please be aware of the change. At this moment it does not affect the project development but in the future to test TF-M you will need to use this tf-m-tests repo. Thanks, Anton Komlev

5 years, 4 months

1
0
0 0

new tf-m-test repository

by Anton Komlev

Hi, Following TF-M project restructuring, let me bring your attention to the new repository: tf-m-tests repo<https://git.trustedfirmware.org/TF-M/tf-m-tests.git/> The intention is to migrate testing related code/libraries/tools there and clean the main repository. Patches have been made. Please be aware of the change. At this moment it does not affect the project development but in the future to test TF-M you will need to use this tf-m-tests repo. Thanks, Anton Komlev

5 years, 4 months

1
0
0 0

Documenting Release cadence and process

by Soby Mathew

Hi Everyone I have pushed the proposal for release cadence and process for here : https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/4635 This mainly follows the TF-A release process. The release cadence period is set to be 4 months with a code freeze of up to 3 weeks. Best Regards Soby Mathew

5 years, 4 months

1
0
0 0

Re: [TF-M] PS => AP ROT

by Jamie Fox

Hi Andrej, The PSA Storage spec (available here https://developer.arm.com/architectures/security-architectures/platform-sec…) states that the Protected Storage service should be implemented inside the Application Root of Trust. The principle is that the PSA Root of Trust should be kept as small as possible, to reduce the attack surface of the most privileged part of the system. As Protected Storage neither needs the privileges of the PSA Root of Trust nor is used by any PSA Root of Trust service, it should be implemented inside the Application Root of Trust. Kind regards, Jamie From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Andrej Butok via TF-M Sent: 18 June 2020 09:16 To: tf-m(a)lists.trustedfirmware.org Subject: [TF-M] PS => AP ROT Hello, I have just notices that the TFM Protected Storage service partition has been changed from PSA ROT to APP ROT. Just curious, what is a reason? May it stay PSA ROT? Thank you in advance, Andrej Butok

5 years, 4 months

2
1
0 0

PS => AP ROT

by Andrej Butok

Hello, I have just notices that the TFM Protected Storage service partition has been changed from PSA ROT to APP ROT. Just curious, what is a reason? May it stay PSA ROT? Thank you in advance, Andrej Butok

5 years, 4 months

1
0
0 0

TF-M Technical Forum call - June 25

by Anton Komlev

Hello, The next Technical Forum is planned on Thursday, June 25 at 15:00-16:00 UTC (US time zone). This is exceptional time zone change because of a public holiday in China that day. Please reply on this email with your proposals for agenda topics. Best regards, Anton Komlev

5 years, 4 months

1
0
0 0

Re: [TF-M] S_MSP_STACK_SIZE_INIT vs S_MSP_STACK_SIZE

by Andrej Butok

Hi Tamas, > I do not know whether the this two phase setting of MSP_LIMIT is still in use or not. If not the no need for S_MSP_STACK_SIZE_INIT. The only place where it's used is the GCC linker file: __msp_init_stack_size__ = S_MSP_STACK_SIZE_INIT So for GCC __msp_init_stack_size__ is in 2 times less (0x400) than for Keil and IAR (0x800) "__msp_init_stack_size__ = S_MSP_STACK_SIZE". From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Tamas Ban via TF-M Sent: Tuesday, June 16, 2020 10:17 AM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] S_MSP_STACK_SIZE_INIT vs S_MSP_STACK_SIZE Hi Andrej, The BOOT_TFM_SHARED_DATA and the MSP_STACK area are overlapping on purpose. The partitions which are expecting to receive data from bootloader is intended to get their own data during the partition init phase with calling tfm_core_get_boot_data() with the partition's major_type. Then the data will be copied from shared area to partition's memory. So after all partition's init is executed then the data from the shared buffer is distributed to the owning partitions and resides in their memory. At this point the shared_data area can be overwritten by growing MSP, without destroying shared data. Originally there was an S_MSP_STACK_SIZE_INIT size which was used to setup the MSP_LIMIT for the init phase to avoid overwriting the shared data area. After the init phase the MSP_LIMIT was set again with its full size S_MSP_STACK_SIZE. I do not know whether the this two phase setting of MSP_LIMIT is still in use or not. If not the no need for S_MSP_STACK_SIZE_INIT. +-> +-> +--------------+ <- Shared boot data base, S_MSP_STACK_SIZE | Shared| | | M | Data | | | S | | | | P | +-> +--------------+ <- S_MSP_STACK_SIZE_INIT | | | | | | | | | +-> +--------------+ <- Top of MSP Tamas From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Andrej Butok via TF-M Sent: 16 June 2020 09:52 To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: [TF-M] S_MSP_STACK_SIZE_INIT vs S_MSP_STACK_SIZE Hello, What is a difference between S_MSP_STACK_SIZE_INIT and S_MSP_STACK_SIZE defined in partition\region_defs.h: #define S_MSP_STACK_SIZE_INIT (0x0000400) #define S_MSP_STACK_SIZE (0x0000800) S_MSP_STACK_SIZE_INIT is used only for gcc. S_MSP_STACK_SIZE is used for armclang and iar. Guess, it should be used only one definition. So in our platform code we are going to use only S_MSP_STACK_SIZE. Should you fix it for all platforms in the original TFM? Thanks, Andrej Butok SW Tech Lead Security & Connectivity, Microcontrollers NXP Semiconductors

5 years, 4 months

1
0
0 0

Re: [TF-M] S_MSP_STACK_SIZE_INIT vs S_MSP_STACK_SIZE

by Tamas Ban

Hi Andrej, The BOOT_TFM_SHARED_DATA and the MSP_STACK area are overlapping on purpose. The partitions which are expecting to receive data from bootloader is intended to get their own data during the partition init phase with calling tfm_core_get_boot_data() with the partition's major_type. Then the data will be copied from shared area to partition's memory. So after all partition's init is executed then the data from the shared buffer is distributed to the owning partitions and resides in their memory. At this point the shared_data area can be overwritten by growing MSP, without destroying shared data. Originally there was an S_MSP_STACK_SIZE_INIT size which was used to setup the MSP_LIMIT for the init phase to avoid overwriting the shared data area. After the init phase the MSP_LIMIT was set again with its full size S_MSP_STACK_SIZE. I do not know whether the this two phase setting of MSP_LIMIT is still in use or not. If not the no need for S_MSP_STACK_SIZE_INIT. +-> +-> +--------------+ <- Shared boot data base, S_MSP_STACK_SIZE | Shared| | | M | Data | | | S | | | | P | +-> +--------------+ <- S_MSP_STACK_SIZE_INIT | | | | | | | | | +-> +--------------+ <- Top of MSP Tamas From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Andrej Butok via TF-M Sent: 16 June 2020 09:52 To: tf-m(a)lists.trustedfirmware.org Subject: [TF-M] S_MSP_STACK_SIZE_INIT vs S_MSP_STACK_SIZE Hello, What is a difference between S_MSP_STACK_SIZE_INIT and S_MSP_STACK_SIZE defined in partition\region_defs.h: #define S_MSP_STACK_SIZE_INIT (0x0000400) #define S_MSP_STACK_SIZE (0x0000800) S_MSP_STACK_SIZE_INIT is used only for gcc. S_MSP_STACK_SIZE is used for armclang and iar. Guess, it should be used only one definition. So in our platform code we are going to use only S_MSP_STACK_SIZE. Should you fix it for all platforms in the original TFM? Thanks, Andrej Butok SW Tech Lead Security & Connectivity, Microcontrollers NXP Semiconductors

5 years, 4 months

1
0
0 0

S_MSP_STACK_SIZE_INIT vs S_MSP_STACK_SIZE

by Andrej Butok

Hello, What is a difference between S_MSP_STACK_SIZE_INIT and S_MSP_STACK_SIZE defined in partition\region_defs.h: #define S_MSP_STACK_SIZE_INIT (0x0000400) #define S_MSP_STACK_SIZE (0x0000800) S_MSP_STACK_SIZE_INIT is used only for gcc. S_MSP_STACK_SIZE is used for armclang and iar. Guess, it should be used only one definition. So in our platform code we are going to use only S_MSP_STACK_SIZE. Should you fix it for all platforms in the original TFM? Thanks, Andrej Butok SW Tech Lead Security & Connectivity, Microcontrollers NXP Semiconductors

5 years, 4 months

1
0
0 0

Crypto code sharing b/w MCUboot and SPE

by Tamas Ban

Hi, This design addressing to share the code of the common crypto primitives(SHA256, RSA, later AES) between MCUboot and runtime SPE. The goal is to reduce the flash footprint of SPE. Design proposal: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/4587 Implementation: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/4583/ TL;DR: SPE binary size can be reduced with 10KB. If image encryption will be turned on then ~12-13KB is the gain. Please let us know if you think this improvements would be useful. @Thomas Törnblom<mailto:thomas.tornblom@iar.com>: Could you check the porting to IAR toolchain? BR, Tamas Ban

5 years, 4 months

1
0
0 0

STM32 support in trutedfirmware

by Michel JAOUEN

Hello, The support of the STM32 boards ( stm32l562e_dk and nucleo_l552ze_q) is now merged in trustedfirmware. Best regards Michel JAOUEN

5 years, 4 months

1
0
0 0

Renaming SST(Secure STorage) to PS(Protected Storage) has been done

by Kevin Peng

Hi all, The patch<https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/3597> of Renaming SST(Secure STorage) to PS(Protected Storage) has been merged. This could have some impacts on your working environments and your work ongoing. As you have noticed, a new supported platform was missed during the renaming. (Quick fix<https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/4562> has been done.) Please do have a check and report any more issues you find, thanks very much. Best Regards, Kevin

5 years, 4 months

1
0
0 0

Re: [TF-M] Does FVP_SSE300_MPS2 target build?

by Jamie Fox

Hi Thomas, My bad, I merged a patch today that broke it. The fix is here https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/4562. I will merge it once the CI has verified it. Kind regards, Jamie From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Thomas Törnblom via TF-M Sent: 12 June 2020 14:00 To: tf-m(a)lists.trustedfirmware.org Subject: [TF-M] Does FVP_SSE300_MPS2 target build? I just noticed the merge of the FVP_SSE300_MPS2 support and I'm trying to build, but it fails with: --- [ 23%] Building C object test/secure_test/CMakeFiles/tfm_secure_tests.dir/suites/ps/secure/psa_ps_s_interface_testsuite.o C:/Users/thomasto/Projects/tf-m1/trusted-firmware-m/test/suites/ps/secure/psa_ps_s_interface_testsuite.c:46:39: error: use of undeclared identifier 'PS_MAX_ASSET_SIZE' static const uint8_t write_asset_data[PS_MAX_ASSET_SIZE] = {0xBF}; ... --- Known issue? Thomas -- Thomas Törnblom, Product Engineer IAR Systems AB Box 23051, Strandbodgatan 1 SE-750 23 Uppsala, SWEDEN Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01 E-mail: thomas.tornblom(a)iar.com<mailto:thomas.tornblom@iar.com> Website: www.iar.com<http://www.iar.com> Twitter: www.twitter.com/iarsystems<http://www.twitter.com/iarsystems>

5 years, 4 months

2
1
0 0

Does FVP_SSE300_MPS2 target build?

by Thomas Törnblom

I just noticed the merge of the FVP_SSE300_MPS2 support and I'm trying to build, but it fails with: --- [ 23%] Building C object test/secure_test/CMakeFiles/tfm_secure_tests.dir/suites/ps/secure/psa_ps_s_interface_testsuite.o C:/Users/thomasto/Projects/tf-m1/trusted-firmware-m/test/suites/ps/secure/psa_ps_s_interface_testsuite.c:46:39: error: use of undeclared identifier 'PS_MAX_ASSET_SIZE' static const uint8_t write_asset_data[PS_MAX_ASSET_SIZE] = {0xBF}; ... --- Known issue? Thomas -- *Thomas Törnblom*, /Product Engineer/ IAR Systems AB Box 23051, Strandbodgatan 1 SE-750 23 Uppsala, SWEDEN Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01 E-mail: thomas.tornblom(a)iar.com <mailto:thomas.tornblom@iar.com> Website: www.iar.com <http://www.iar.com> Twitter: www.twitter.com/iarsystems <http://www.twitter.com/iarsystems>

5 years, 4 months

1
0
0 0

Re: [TF-M] CMake flags

by Kumar Gala

Zephyr uses DT as a means to describe the hardware to the system for things like register address, irq numbers, etc. Instead of the typical runtime usage, it generates code to be used at build time for Cortex-M (and other) devices to address the size cost concern. On the KConfig side Zephyr uses a python implementation of the KConfig parser to allow portability across host build systems. - k > On Jun 12, 2020, at 4:35 AM, Gyorgy Szing via TF-M <tf-m(a)lists.trustedfirmware.org> wrote: > > Hi, > > Just some minor additions. In the TF-M build system Kconfig will most likely generate input for cmake scripts, so the compiler may not have a connection to it. > > The original intention with DT is capturing configuration data to allow hardware independent binaries (for defining base address of peripherals, boot information, etc..), and is mostly parsed runtime. In the Cortex-M space this might be a bit out-of scope. Most likely it will be used as a “standard” language to define “retargeting” information, and a tool will be developed which runs compile time and which allows access to the retargeting data for cmake. Something like CMSIS zone, but closer to established open-source technologies. > In multicore systems having bot Cortex-A and M core DT would allow having a consistent solution for both A and M firmware. This is also a reason why cmake is a better build solution for TF-M than CMSIS Build. > > /George > > From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of David Hu via TF-M > Sent: 12 June 2020 11:16 > To: Thomas Törnblom <thomas.tornblom(a)iar.com>; tf-m(a)lists.trustedfirmware.org > Cc: nd <nd(a)arm.com> > Subject: Re: [TF-M] CMake flags > > Hi Thomas, > > DT is another very attractive topic. TF-M currently doesn’t include any DT support. > So maybe there is mixed preprocessing of DT and Kconfig in Zephyr, but Kconfig can be parsed without any compiler. > > Best regards, > Hu Ziji > > From: Thomas Törnblom <thomas.tornblom(a)iar.com> > Sent: Friday, June 12, 2020 5:09 PM > To: David Hu <David.Hu(a)arm.com>; tf-m(a)lists.trustedfirmware.org > Cc: nd <nd(a)arm.com> > Subject: Re: [TF-M] CMake flags > > Perhaps I'm mixing dts and Kconfig up. > > In Zephyr, dtc is used to generate output that is run through the gcc preprocessor in assembly mode. > > The output from dtc looks like: > --- > /dts-v1/; > > / { > ï¿½ï¿½ï¿½ #address-cells = < 0x1 >; > ï¿½ï¿½ï¿½ #size-cells = < 0x1 >; > ï¿½ï¿½ï¿½ model = "STMicroelectronics STM32F746G DISCOVERY board"; > ï¿½ï¿½ï¿½ compatible = "st,stm32f746g-disco", "st,stm32f746"; > ï¿½ï¿½ï¿½ chosen { > ï¿½ï¿½ï¿½ ï¿½ï¿½ï¿½ zephyr,console = &usart1; > ï¿½ï¿½ï¿½ ï¿½ï¿½ï¿½ zephyr,shell-uart = &usart1; > ï¿½ï¿½ï¿½ ï¿½ï¿½ï¿½ zephyr,sram = &sram0; > ï¿½ï¿½ï¿½ ï¿½ï¿½ï¿½ zephyr,flash = &flash0; > ï¿½ï¿½ï¿½ ï¿½ï¿½ï¿½ zephyr,dtcm = &dtcm; > ï¿½ï¿½ï¿½ }; > ... > --- > > Our preprocessor can not be run in assembler mode and it pukes on the "#address-cells" type elements in the file. > > If this is not what Kconfig is about, then please ignore my comments. > > Thomas > > Den 2020-06-12 kl. 09:43, skrev David Hu: > Hi Thomas, > ï¿½ > Iï¿½ve not met such a problem yet. Could you please give more details about the portability issues in Kconfig? > In our PoC, it firstly parses the Kconfig files and then convert the output Kconfig options into CMake flags. Thus the whole process is not related to any compiler. > I checked Zephyr previously. It looks like Zephyr has the similar idea as our PoC does. > ï¿½ > Best regards, > Hu Ziji > ï¿½ > From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Thomas Tï¿½rnblom via TF-M > Sent: Friday, June 12, 2020 3:36 PM > To: tf-m(a)lists.trustedfirmware.org > Subject: Re: [TF-M] CMake flags > ï¿½ > Introducing a dependency on Kconfig may cause portability issues with some toolchains (IAR for instance) > > I am working on adding support for the IAR toolchain to Zephyr, and Kconfig is one of the issues I've run into. > > At least in Zephyr, the output from Kconfig is run through the C preprocessor and this causes issues with the IAR preprocessor so for now I use gcc for this step. > > Thomas > > Den 2020-06-12 kl. 07:32, skrev David Hu via TF-M: > Hi Adrian, > ï¿½ > Actually we have been investigating configuration alternatives and making some prototypes of Kconfig. > ï¿½ > Kconfig can bring some advantages: > • It can setup configuration and check dependency before CMake starts and therefore it can help CMake simplify dealing with the mutual dependencies. For example, if CPU and arch options can be configured in Kconfig, CMake can avoid the workaround to re-configure compiler after parsing platform files. > • Kconfig can collect together the options which are distributed in various CMake files. Developers can more easily understand the options and their dependencies, compared with searching them all around the build system. > ï¿½ > But Kconfig may not cover all the flags in command line. Flags such as compiler selections, build type and project config file, may vary in each build. It can be inconvenient to put them into Kconfig. > ï¿½ > Best regards, > Hu Ziji > ï¿½ > From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Adrian Shaw via TF-M > Sent: Friday, June 12, 2020 12:24 AM > To: Raef Coles <Raef.Coles(a)arm.com> > Cc: tf-m(a)lists.trustedfirmware.org > Subject: [TF-M] CMake flags > ï¿½ > Hi Raef. Thanks for the presentation today. > ï¿½ > If I remember correctly, TF-M's CMake has quite a lot of command line flags now (the ones that are set with -D). And I think this will grow in the future as more options are needed. > ï¿½ > From a command line point of view, this is kind of annoying because the commands end up being quite long. Do you guys think something like Kconfig could help? > ï¿½ > Adrian > ï¿½ > > ï¿½ > -- > > Thomas Tï¿½rnblom, Product Engineer > IAR Systems AB > Box 23051, Strandbodgatan 1 > SE-750 23 Uppsala, SWEDEN > Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01 > E-mail: thomas.tornblom(a)iar.com Website: www.iar.com > Twitter: www.twitter.com/iarsystems > > -- > > Thomas Tï¿½rnblom, Product Engineer > IAR Systems AB > Box 23051, Strandbodgatan 1 > SE-750 23 Uppsala, SWEDEN > Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01 > E-mail: thomas.tornblom(a)iar.com Website: www.iar.com > Twitter: www.twitter.com/iarsystems > -- > TF-M mailing list > TF-M(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tf-m

5 years, 4 months

1
0
0 0

Re: [TF-M] CMake flags

by Rønningstad, Øyvind

Note that Zephyr has a Cmake function that does this exact thing, if you're interested: https://github.com/zephyrproject-rtos/zephyr/blob/master/cmake/extensions.c… Øyvind Rønningstad -----Original Message----- From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of David Hu via TF-M Sent: Friday, June 12, 2020 11:45 To: Raef Coles <Raef.Coles(a)arm.com>; Gyorgy Szing <Gyorgy.Szing(a)arm.com>; Adrian Shaw <Adrian.Shaw(a)arm.com>; tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] CMake flags Hi Raef, My current prototype is to parse the options from Kconfig output file and "inject" them into CMake (by set()) in a CMake file running at the beginning of build process. Kconfig generation is an optional step before build starts, only if you request to change the configuration. Otherwise, build just starts with previous Kconfig output config as normal. Best regards, Hu Ziji -----Original Message----- From: Raef Coles <Raef.Coles(a)arm.com> Sent: Friday, June 12, 2020 5:34 PM To: Gyorgy Szing <Gyorgy.Szing(a)arm.com>; David Hu <David.Hu(a)arm.com>; Adrian Shaw <Adrian.Shaw(a)arm.com>; tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: CMake flags I think I'd advocate for using a workflow of generating a cfg.cmake file from the kconfig, instead of a txt file with an associated cmake parser. I think it'd be advantageous to not have a parser for an arbitrary config file format in the cmake, since the cmake set(CACHE) statements are already fairly user-readable. It would be different if we could only generate something less readable from the kconfig (i.e. xml/json). It would be ideal if we could generate the statements such that: set(<variable_name> <default_option> CACHE <TYPE> "<docstring> (<valid_option> | <valid_option> | ...)" I'm not sure if we can do this in Kconfig, but it seems plausible, and imo is the ideal solution since it gives the user of later editing the cmake config (even using a cache editor like ccmake) while documenting which choices are sane. Raef ________________________________________ From: Gyorgy Szing <Gyorgy.Szing(a)arm.com> Sent: 12 June 2020 06:56 To: David Hu; Adrian Shaw; Raef Coles; tf-m(a)lists.trustedfirmware.org Cc: nd; nd Subject: RE: CMake flags Hi, This requirement could be addressed with a user specific metadata file which is processed by the build-system. Implementation wise the easiest would be to include a file like UserCfg.cmake. This file could contain set(<option> CACHE <STRING|BOOL|PATH> "") commands to set the option variables. User experience wise a text file parsed by cmake scripts would be the best. Such a file could contain variable=value lines. Longer term when Kconfig support is ready, it could cover these options too. Running Kconfig is a an act done less often, and most of the times, the user is expected to save the Kconfig input and output files. Most of the time the build-system would just use the pre-generated config. I imagine a workflow similar to the one used by the Linux Kernel. Just my two cent's though. /George From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of David Hu via TF-M Sent: 12 June 2020 07:33 To: Adrian Shaw <Adrian.Shaw(a)arm.com>; Raef Coles <Raef.Coles(a)arm.com>; tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] CMake flags Hi Adrian, Actually we have been investigating configuration alternatives and making some prototypes of Kconfig. Kconfig can bring some advantages: * It can setup configuration and check dependency before CMake starts and therefore it can help CMake simplify dealing with the mutual dependencies. For example, if CPU and arch options can be configured in Kconfig, CMake can avoid the workaround to re-configure compiler after parsing platform files. * Kconfig can collect together the options which are distributed in various CMake files. Developers can more easily understand the options and their dependencies, compared with searching them all around the build system. But Kconfig may not cover all the flags in command line. Flags such as compiler selections, build type and project config file, may vary in each build. It can be inconvenient to put them into Kconfig. Best regards, Hu Ziji From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Adrian Shaw via TF-M Sent: Friday, June 12, 2020 12:24 AM To: Raef Coles <Raef.Coles(a)arm.com<mailto:Raef.Coles@arm.com>> Cc: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: [TF-M] CMake flags Hi Raef. Thanks for the presentation today. If I remember correctly, TF-M's CMake has quite a lot of command line flags now (the ones that are set with -D). And I think this will grow in the future as more options are needed. From a command line point of view, this is kind of annoying because the commands end up being quite long. Do you guys think something like Kconfig could help? Adrian -- TF-M mailing list TF-M(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-m

5 years, 4 months

1
0
0 0

Re: [TF-M] CMake flags

by Gyorgy Szing

Hi, This requirement could be addressed with a user specific metadata file which is processed by the build-system. Implementation wise the easiest would be to include a file like UserCfg.cmake. This file could contain set(<option> CACHE <STRING|BOOL|PATH> "") commands to set the option variables. User experience wise a text file parsed by cmake scripts would be the best. Such a file could contain variable=value lines. Longer term when Kconfig support is ready, it could cover these options too. Running Kconfig is a an act done less often, and most of the times, the user is expected to save the Kconfig input and output files. Most of the time the build-system would just use the pre-generated config. I imagine a workflow similar to the one used by the Linux Kernel. Just my two cent's though. /George From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of David Hu via TF-M Sent: 12 June 2020 07:33 To: Adrian Shaw <Adrian.Shaw(a)arm.com>; Raef Coles <Raef.Coles(a)arm.com>; tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] CMake flags Hi Adrian, Actually we have been investigating configuration alternatives and making some prototypes of Kconfig. Kconfig can bring some advantages: * It can setup configuration and check dependency before CMake starts and therefore it can help CMake simplify dealing with the mutual dependencies. For example, if CPU and arch options can be configured in Kconfig, CMake can avoid the workaround to re-configure compiler after parsing platform files. * Kconfig can collect together the options which are distributed in various CMake files. Developers can more easily understand the options and their dependencies, compared with searching them all around the build system. But Kconfig may not cover all the flags in command line. Flags such as compiler selections, build type and project config file, may vary in each build. It can be inconvenient to put them into Kconfig. Best regards, Hu Ziji From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Adrian Shaw via TF-M Sent: Friday, June 12, 2020 12:24 AM To: Raef Coles <Raef.Coles(a)arm.com<mailto:Raef.Coles@arm.com>> Cc: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: [TF-M] CMake flags Hi Raef. Thanks for the presentation today. If I remember correctly, TF-M's CMake has quite a lot of command line flags now (the ones that are set with -D). And I think this will grow in the future as more options are needed. >From a command line point of view, this is kind of annoying because the commands end up being quite long. Do you guys think something like Kconfig could help? Adrian

5 years, 4 months

3
3
0 0

Re: [TF-M] CMake flags

by Gyorgy Szing

Hi, Just some minor additions. In the TF-M build system Kconfig will most likely generate input for cmake scripts, so the compiler may not have a connection to it. The original intention with DT is capturing configuration data to allow hardware independent binaries (for defining base address of peripherals, boot information, etc..), and is mostly parsed runtime. In the Cortex-M space this might be a bit out-of scope. Most likely it will be used as a "standard" language to define "retargeting" information, and a tool will be developed which runs compile time and which allows access to the retargeting data for cmake. Something like CMSIS zone, but closer to established open-source technologies. In multicore systems having bot Cortex-A and M core DT would allow having a consistent solution for both A and M firmware. This is also a reason why cmake is a better build solution for TF-M than CMSIS Build. /George From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of David Hu via TF-M Sent: 12 June 2020 11:16 To: Thomas Törnblom <thomas.tornblom(a)iar.com>; tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] CMake flags Hi Thomas, DT is another very attractive topic. TF-M currently doesn't include any DT support. So maybe there is mixed preprocessing of DT and Kconfig in Zephyr, but Kconfig can be parsed without any compiler. Best regards, Hu Ziji From: Thomas Törnblom <thomas.tornblom(a)iar.com<mailto:thomas.tornblom@iar.com>> Sent: Friday, June 12, 2020 5:09 PM To: David Hu <David.Hu(a)arm.com<mailto:David.Hu@arm.com>>; tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: Re: [TF-M] CMake flags Perhaps I'm mixing dts and Kconfig up. In Zephyr, dtc is used to generate output that is run through the gcc preprocessor in assembly mode. The output from dtc looks like: --- /dts-v1/; / { ï¿½ï¿½ï¿½ #address-cells = < 0x1 >; ï¿½ï¿½ï¿½ #size-cells = < 0x1 >; ï¿½ï¿½ï¿½ model = "STMicroelectronics STM32F746G DISCOVERY board"; ï¿½ï¿½ï¿½ compatible = "st,stm32f746g-disco", "st,stm32f746"; ï¿½ï¿½ï¿½ chosen { ï¿½ï¿½ï¿½ ï¿½ï¿½ï¿½ zephyr,console = &usart1; ï¿½ï¿½ï¿½ ï¿½ï¿½ï¿½ zephyr,shell-uart = &usart1; ï¿½ï¿½ï¿½ ï¿½ï¿½ï¿½ zephyr,sram = &sram0; ï¿½ï¿½ï¿½ ï¿½ï¿½ï¿½ zephyr,flash = &flash0; ï¿½ï¿½ï¿½ ï¿½ï¿½ï¿½ zephyr,dtcm = &dtcm; ï¿½ï¿½ï¿½ }; ... --- Our preprocessor can not be run in assembler mode and it pukes on the "#address-cells" type elements in the file. If this is not what Kconfig is about, then please ignore my comments. Thomas Den 2020-06-12 kl. 09:43, skrev David Hu: Hi Thomas, ï¿½ Iï¿½ve not met such a problem yet. Could you please give more details about the portability issues in Kconfig? In our PoC, it firstly parses the Kconfig files and then convert the output Kconfig options into CMake flags. Thus the whole process is not related to any compiler. I checked Zephyr previously. It looks like Zephyr has the similar idea as our PoC does. ï¿½ Best regards, Hu Ziji ï¿½ From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org><mailto:tf-m-bounces@lists.trustedfirmware.org> On Behalf Of Thomas Tï¿½rnblom via TF-M Sent: Friday, June 12, 2020 3:36 PM To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: Re: [TF-M] CMake flags ï¿½ Introducing a dependency on Kconfig may cause portability issues with some toolchains (IAR for instance) I am working on adding support for the IAR toolchain to Zephyr, and Kconfig is one of the issues I've run into. At least in Zephyr, the output from Kconfig is run through the C preprocessor and this causes issues with the IAR preprocessor so for now I use gcc for this step. Thomas Den 2020-06-12 kl. 07:32, skrev David Hu via TF-M: Hi Adrian, ï¿½ Actually we have been investigating configuration alternatives and making some prototypes of Kconfig. ï¿½ Kconfig can bring some advantages: * It can setup configuration and check dependency before CMake starts and therefore it can help CMake simplify dealing with the mutual dependencies. For example, if CPU and arch options can be configured in Kconfig, CMake can avoid the workaround to re-configure compiler after parsing platform files. * Kconfig can collect together the options which are distributed in various CMake files. Developers can more easily understand the options and their dependencies, compared with searching them all around the build system. ï¿½ But Kconfig may not cover all the flags in command line. Flags such as compiler selections, build type and project config file, may vary in each build. It can be inconvenient to put them into Kconfig. ï¿½ Best regards, Hu Ziji ï¿½ From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org><mailto:tf-m-bounces@lists.trustedfirmware.org> On Behalf Of Adrian Shaw via TF-M Sent: Friday, June 12, 2020 12:24 AM To: Raef Coles <Raef.Coles(a)arm.com><mailto:Raef.Coles@arm.com> Cc: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: [TF-M] CMake flags ï¿½ Hi Raef. Thanks for the presentation today. ï¿½ If I remember correctly, TF-M's CMake has quite a lot of command line flags now (the ones that are set with -D). And I think this will grow in the future as more options are needed. ï¿½ >From a command line point of view, this is kind of annoying because the commands end up being quite long. Do you guys think something like Kconfig could help? ï¿½ Adrian ï¿½ ï¿½ -- Thomas Tï¿½rnblom, Product Engineer IAR Systems AB Box 23051, Strandbodgatan 1 SE-750 23 Uppsala, SWEDEN Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01 E-mail: thomas.tornblom(a)iar.com<mailto:thomas.tornblom@iar.com> Website: www.iar.com<http://www.iar.com> Twitter: www.twitter.com/iarsystems<http://www.twitter.com/iarsystems> -- Thomas Tï¿½rnblom, Product Engineer IAR Systems AB Box 23051, Strandbodgatan 1 SE-750 23 Uppsala, SWEDEN Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01 E-mail: thomas.tornblom(a)iar.com<mailto:thomas.tornblom@iar.com> Website: www.iar.com<http://www.iar.com> Twitter: www.twitter.com/iarsystems<http://www.twitter.com/iarsystems>

5 years, 4 months

1
0
0 0

Re: [TF-M] CMake flags

by David Hu

Hi Thomas, I've not met such a problem yet. Could you please give more details about the portability issues in Kconfig? In our PoC, it firstly parses the Kconfig files and then convert the output Kconfig options into CMake flags. Thus the whole process is not related to any compiler. I checked Zephyr previously. It looks like Zephyr has the similar idea as our PoC does. Best regards, Hu Ziji From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Thomas Törnblom via TF-M Sent: Friday, June 12, 2020 3:36 PM To: tf-m(a)lists.trustedfirmware.org Subject: Re: [TF-M] CMake flags Introducing a dependency on Kconfig may cause portability issues with some toolchains (IAR for instance) I am working on adding support for the IAR toolchain to Zephyr, and Kconfig is one of the issues I've run into. At least in Zephyr, the output from Kconfig is run through the C preprocessor and this causes issues with the IAR preprocessor so for now I use gcc for this step. Thomas Den 2020-06-12 kl. 07:32, skrev David Hu via TF-M: Hi Adrian, Actually we have been investigating configuration alternatives and making some prototypes of Kconfig. Kconfig can bring some advantages: * It can setup configuration and check dependency before CMake starts and therefore it can help CMake simplify dealing with the mutual dependencies. For example, if CPU and arch options can be configured in Kconfig, CMake can avoid the workaround to re-configure compiler after parsing platform files. * Kconfig can collect together the options which are distributed in various CMake files. Developers can more easily understand the options and their dependencies, compared with searching them all around the build system. But Kconfig may not cover all the flags in command line. Flags such as compiler selections, build type and project config file, may vary in each build. It can be inconvenient to put them into Kconfig. Best regards, Hu Ziji From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org><mailto:tf-m-bounces@lists.trustedfirmware.org> On Behalf Of Adrian Shaw via TF-M Sent: Friday, June 12, 2020 12:24 AM To: Raef Coles <Raef.Coles(a)arm.com><mailto:Raef.Coles@arm.com> Cc: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: [TF-M] CMake flags Hi Raef. Thanks for the presentation today. If I remember correctly, TF-M's CMake has quite a lot of command line flags now (the ones that are set with -D). And I think this will grow in the future as more options are needed. >From a command line point of view, this is kind of annoying because the commands end up being quite long. Do you guys think something like Kconfig could help? Adrian -- Thomas Törnblom, Product Engineer IAR Systems AB Box 23051, Strandbodgatan 1 SE-750 23 Uppsala, SWEDEN Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01 E-mail: thomas.tornblom(a)iar.com<mailto:thomas.tornblom@iar.com> Website: www.iar.com<http://www.iar.com> Twitter: www.twitter.com/iarsystems<http://www.twitter.com/iarsystems>

5 years, 4 months

2
2
0 0

Re: [TF-M] CMake flags

by Thomas Törnblom

Introducing a dependency on Kconfig may cause portability issues with some toolchains (IAR for instance) I am working on adding support for the IAR toolchain to Zephyr, and Kconfig is one of the issues I've run into. At least in Zephyr, the output from Kconfig is run through the C preprocessor and this causes issues with the IAR preprocessor so for now I use gcc for this step. Thomas Den 2020-06-12 kl. 07:32, skrev David Hu via TF-M: > > Hi Adrian, > > Actually we have been investigating configuration alternatives and > making some prototypes of Kconfig. > > Kconfig can bring some advantages: > > * It can setup configuration and check dependency before CMake > starts and therefore it can help CMake simplify dealing with the > mutual dependencies. For example, if CPU and arch options can be > configured in Kconfig, CMake can avoid the workaround to > re-configure compiler after parsing platform files. > * Kconfig can collect together the options which are distributed in > various CMake files. Developers can more easily understand the > options and their dependencies, compared with searching them all > around the build system. > > But Kconfig may not cover all the flags in command line. Flags such as > compiler selections, build type and project config file, may vary in > each build. It can be inconvenient to put them into Kconfig. > > Best regards, > > Hu Ziji > > *From:* TF-M <tf-m-bounces(a)lists.trustedfirmware.org> *On Behalf Of > *Adrian Shaw via TF-M > *Sent:* Friday, June 12, 2020 12:24 AM > *To:* Raef Coles <Raef.Coles(a)arm.com> > *Cc:* tf-m(a)lists.trustedfirmware.org > *Subject:* [TF-M] CMake flags > > Hi Raef. Thanks for the presentation today. > > If I remember correctly, TF-M's CMake has quite a lot of command line > flags now (the ones that are set with -D). And I think this will grow > in the future as more options are needed. > > From a command line point of view, this is kind of annoying because > the commands end up being quite long. Do you guys think something like > Kconfig could help? > > Adrian > > -- *Thomas Törnblom*, /Product Engineer/ IAR Systems AB Box 23051, Strandbodgatan 1 SE-750 23 Uppsala, SWEDEN Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01 E-mail: thomas.tornblom(a)iar.com <mailto:thomas.tornblom@iar.com> Website: www.iar.com <http://www.iar.com> Twitter: www.twitter.com/iarsystems <http://www.twitter.com/iarsystems>

5 years, 4 months

1
0
0 0

Re: [TF-M] CMake flags

by David Hu

Hi Adrian, Actually we have been investigating configuration alternatives and making some prototypes of Kconfig. Kconfig can bring some advantages: * It can setup configuration and check dependency before CMake starts and therefore it can help CMake simplify dealing with the mutual dependencies. For example, if CPU and arch options can be configured in Kconfig, CMake can avoid the workaround to re-configure compiler after parsing platform files. * Kconfig can collect together the options which are distributed in various CMake files. Developers can more easily understand the options and their dependencies, compared with searching them all around the build system. But Kconfig may not cover all the flags in command line. Flags such as compiler selections, build type and project config file, may vary in each build. It can be inconvenient to put them into Kconfig. Best regards, Hu Ziji From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Adrian Shaw via TF-M Sent: Friday, June 12, 2020 12:24 AM To: Raef Coles <Raef.Coles(a)arm.com> Cc: tf-m(a)lists.trustedfirmware.org Subject: [TF-M] CMake flags Hi Raef. Thanks for the presentation today. If I remember correctly, TF-M's CMake has quite a lot of command line flags now (the ones that are set with -D). And I think this will grow in the future as more options are needed. >From a command line point of view, this is kind of annoying because the commands end up being quite long. Do you guys think something like Kconfig could help? Adrian

5 years, 4 months

1
0
0 0

CMake flags

by Adrian Shaw

Hi Raef. Thanks for the presentation today. If I remember correctly, TF-M's CMake has quite a lot of command line flags now (the ones that are set with -D). And I think this will grow in the future as more options are needed. >From a command line point of view, this is kind of annoying because the commands end up being quite long. Do you guys think something like Kconfig could help? Adrian

5 years, 4 months

1
0
0 0

Re: [TF-M] TF-M Technical Forum call - June 11

by Anton Komlev

Hello, Agenda for today's Tech forum: 1. Ongoing MCUboot alignment update. 2. Build system improvements. Code sharing between bootloader and runtime firmware will be presented on the next call. Best regards, Anton From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of David Vincze via TF-M Sent: 05 June 2020 13:03 To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] TF-M Technical Forum call - June 11 Hi, I also would like to give a brief update on the status of the ongoing MCUboot alignment work. David V From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Tamas Ban via TF-M Sent: 05 June 2020 11:23 To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: Re: [TF-M] TF-M Technical Forum call - June 11 Hi Anton, I would like to give a short presentation about crypto code sharing between bootloader and runtime firmware(SPE). Tamas From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Anton Komlev via TF-M Sent: 03 June 2020 21:21 To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: [TF-M] TF-M Technical Forum call - June 11 Hello, The next Technical Forum is planned on Thursday, June 11 at 15:00-16:00 UTC (US time zone). Please reply on this email with your proposals for agenda topics. Here are some local time examples: Location Local Time Time Zone UTC Offset Vancouver<https://www.timeanddate.com/worldclock/canada/vancouver> (Canada - British Columbia) Thursday, 11 June 2020, 08:00:00 PDT<https://www.timeanddate.com/time/zones/pdt> UTC-7 hours Chicago<https://www.timeanddate.com/worldclock/usa/chicago> (USA - Illinois) Thursday, 11 June 2020, 10:00:00 CDT<https://www.timeanddate.com/time/zones/cdt> UTC-5 hours Cambridge<https://www.timeanddate.com/worldclock/uk/cambridge> (United Kingdom - England) Thursday, 11 June 2020, 16:00:00 BST<https://www.timeanddate.com/time/zones/bst> UTC+1 hour Shanghai<https://www.timeanddate.com/worldclock/china/shanghai> (China - Shanghai Municipality) Thursday, 11 June 2020, 23:00:00 CST<https://www.timeanddate.com/time/zones/cst-china> UTC+8 hours Corresponding UTC (GMT) Thursday, 11 June 2020, 15:00:00<https://www.timeanddate.com/worldclock/fixedtime.html?iso=20200611T1500> Best regards, Anton Komlev

5 years, 4 months

1
0
0 0

TF-M v1.1 - Heads up

by Shebu Varghese Kuriakose

Hi All, Just a heads up that TF-Mv1.1 tag is planned for middle to end of July. Code freeze of TF-M master is aimed around end of June to allow enough time for testing. Similar to TF-Mv1.0 and previous tags, v1.1 will include all TF-M changes in TF-M master available till code freeze in end of June. Availability of the tag will be notified via. this mailing list. Thanks, Shebu Technology Manager-TF-M, Arm Ltd.

5 years, 4 months

1
0
0 0

Re: [TF-M] Gerrit issues

by Kevin Peng

Hi, In case you meet the same issue as Thomas. There are two possible solutions from our experience. One is: * Abandon both the duplicated changes. * Change the change-ID of you patch and then submit * You end up with a whole new patch without the original histories. In this way, you lose both the change history and review history. If you are OK with that, you can quick solve the issue by yourself. Otherwise, the other solution is to contact Benjamin Copeland <ben.copeland(a)linaro.org<mailto:ben.copeland@linaro.org>> to delete one of the duplicates(usually keep the one with histories). And push your new patch set after deletion. Best Regards, Kevin From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Thomas Törnblom via TF-M Sent: Tuesday, June 9, 2020 10:08 PM To: tf-m(a)lists.trustedfirmware.org Subject: Re: [TF-M] Gerrit issues Issue sorted now, thanks to Ben Copeland. Thomas Den 2020-06-09 kl. 08:51, skrev Thomas Törnblom via TF-M: Still having this issue: --- PS C:\Users\thomasto\Projects\tf-m1\trusted-firmware-m> git push ssh://review.trustedfirmware.org/TF-M/trusted-firmware-m.git HEAD:refs/for/master Enumerating objects: 208, done. Counting objects: 100% (207/207), done. Delta compression using up to 4 threads Compressing objects: 100% (131/131), done. Writing objects: 100% (135/135), 16.94 KiB | 1.06 MiB/s, done. Total 135 (delta 97), reused 0 (delta 0), pack-reused 0 remote: Resolving deltas: 100% (97/97) remote: Processing changes: refs: 1, done To ssh://review.trustedfirmware.org/TF-M/trusted-firmware-m.git ! [remote rejected] HEAD -> refs/for/master (I00fb896d2005eb9e64e5a6869e3d6e1d814d43a7 has duplicates) error: failed to push some refs to 'ssh://review.trustedfirmware.org/TF-M/trusted-firmware-m.git' --- Any ideas how to resolve? I guess starting out with a fresh local repo would work, but I have 11 patches waiting to be reviewed and merged. A handful of them appears to be duplicated, and I abandoned those that appeared to be old and had merge conflicts. Unfortunately a majority of those had already been reviewed and the new ones aren't. The new ones has also lost their reviewers So now I'm stuck and I can't update or create new patches. Thomas -- Thomas Törnblom, Product Engineer IAR Systems AB Box 23051, Strandbodgatan 1 SE-750 23 Uppsala, SWEDEN Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01 E-mail: thomas.tornblom(a)iar.com<mailto:thomas.tornblom@iar.com> Website: www.iar.com<http://www.iar.com> Twitter: www.twitter.com/iarsystems<http://www.twitter.com/iarsystems> -- Thomas Törnblom, Product Engineer IAR Systems AB Box 23051, Strandbodgatan 1 SE-750 23 Uppsala, SWEDEN Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01 E-mail: thomas.tornblom(a)iar.com<mailto:thomas.tornblom@iar.com> Website: www.iar.com<http://www.iar.com> Twitter: www.twitter.com/iarsystems<http://www.twitter.com/iarsystems>

5 years, 4 months

1
0
0 0

Re: [TF-M] Gerrit issues

by Thomas Törnblom

Issue sorted now, thanks to Ben Copeland. Thomas Den 2020-06-09 kl. 08:51, skrev Thomas Törnblom via TF-M: > Still having this issue: > --- > PS C:\Users\thomasto\Projects\tf-m1\trusted-firmware-m> git push > ssh://review.trustedfirmware.org/TF-M/trusted-firmware-m.git > HEAD:refs/for/master > Enumerating objects: 208, done. > Counting objects: 100% (207/207), done. > Delta compression using up to 4 threads > Compressing objects: 100% (131/131), done. > Writing objects: 100% (135/135), 16.94 KiB | 1.06 MiB/s, done. > Total 135 (delta 97), reused 0 (delta 0), pack-reused 0 > remote: Resolving deltas: 100% (97/97) > remote: Processing changes: refs: 1, done > To ssh://review.trustedfirmware.org/TF-M/trusted-firmware-m.git > ! [remote rejected] HEAD -> refs/for/master > (I00fb896d2005eb9e64e5a6869e3d6e1d814d43a7 has duplicates) > error: failed to push some refs to > 'ssh://review.trustedfirmware.org/TF-M/trusted-firmware-m.git' > --- > > Any ideas how to resolve? > > I guess starting out with a fresh local repo would work, but I have 11 > patches waiting to be reviewed and merged. > > A handful of them appears to be duplicated, and I abandoned those that > appeared to be old and had merge conflicts. Unfortunately a majority > of those had already been reviewed and the new ones aren't. The new > ones has also lost their reviewers > > So now I'm stuck and I can't update or create new patches. > > Thomas > -- > > *Thomas Törnblom*, /Product Engineer/ > IAR Systems AB > Box 23051, Strandbodgatan 1 > SE-750 23 Uppsala, SWEDEN > Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01 > E-mail: thomas.tornblom(a)iar.com <mailto:thomas.tornblom@iar.com> > Website: www.iar.com <http://www.iar.com> > Twitter: www.twitter.com/iarsystems <http://www.twitter.com/iarsystems> > -- *Thomas Törnblom*, /Product Engineer/ IAR Systems AB Box 23051, Strandbodgatan 1 SE-750 23 Uppsala, SWEDEN Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01 E-mail: thomas.tornblom(a)iar.com <mailto:thomas.tornblom@iar.com> Website: www.iar.com <http://www.iar.com> Twitter: www.twitter.com/iarsystems <http://www.twitter.com/iarsystems>

5 years, 4 months

1
0
0 0

Re: [TF-M] Gerrit issues

by Thomas Törnblom

Still having this issue: --- PS C:\Users\thomasto\Projects\tf-m1\trusted-firmware-m> git push ssh://review.trustedfirmware.org/TF-M/trusted-firmware-m.git HEAD:refs/for/master Enumerating objects: 208, done. Counting objects: 100% (207/207), done. Delta compression using up to 4 threads Compressing objects: 100% (131/131), done. Writing objects: 100% (135/135), 16.94 KiB | 1.06 MiB/s, done. Total 135 (delta 97), reused 0 (delta 0), pack-reused 0 remote: Resolving deltas: 100% (97/97) remote: Processing changes: refs: 1, done To ssh://review.trustedfirmware.org/TF-M/trusted-firmware-m.git ! [remote rejected] HEAD -> refs/for/master (I00fb896d2005eb9e64e5a6869e3d6e1d814d43a7 has duplicates) error: failed to push some refs to 'ssh://review.trustedfirmware.org/TF-M/trusted-firmware-m.git' --- Any ideas how to resolve? I guess starting out with a fresh local repo would work, but I have 11 patches waiting to be reviewed and merged. A handful of them appears to be duplicated, and I abandoned those that appeared to be old and had merge conflicts. Unfortunately a majority of those had already been reviewed and the new ones aren't. The new ones has also lost their reviewers So now I'm stuck and I can't update or create new patches. Thomas -- *Thomas Törnblom*, /Product Engineer/ IAR Systems AB Box 23051, Strandbodgatan 1 SE-750 23 Uppsala, SWEDEN Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01 E-mail: thomas.tornblom(a)iar.com <mailto:thomas.tornblom@iar.com> Website: www.iar.com <http://www.iar.com> Twitter: www.twitter.com/iarsystems <http://www.twitter.com/iarsystems>

5 years, 4 months

1
0
0 0

Re: [TF-M] TF-M URLs update for code and Gerrit review

by Soby Mathew

Also the dashboard has been updated for the project to point to new repo : https://review.trustedfirmware.org/p/TF-M/trusted-firmware-m/+/dashboard/si… Best Regards Soby Mathew From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Minos Galanakis via TF-M Sent: 08 June 2020 17:11 To: tf-m(a)lists.trustedfirmware.org; Thomas Törnblom <thomas.tornblom(a)iar.com> Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] TF-M URLs update for code and Gerrit review Hi Thomas. I have just prepared a patch which is updating the documentation with references to the new repository address. https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/4487 Regards, Minos ________________________________ From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> on behalf of Thomas Törnblom via TF-M <tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org>> Sent: 08 June 2020 13:17 To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> <tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org>> Subject: Re: [TF-M] TF-M URLs update for code and Gerrit review .../docs/processes/contributing.rst should be updated with the new URL also. I checked there when I started having issues, but saw no changes there. Thomas Den 2020-06-08 kl. 14:10, skrev Thomas Törnblom via TF-M: Thanks Anton, that explains things. However now I get some other issues: --- PS C:\Users\thomasto\Projects\tf-m1\trusted-firmware-m> git push ssh://review.trustedfirmware.org/TF-M/trusted-firmware-m.git HEAD:refs/for/master Enumerating objects: 208, done. Counting objects: 100% (207/207), done. Delta compression using up to 4 threads Compressing objects: 100% (131/131), done. Writing objects: 100% (135/135), 16.94 KiB | 1.06 MiB/s, done. Total 135 (delta 97), reused 0 (delta 0), pack-reused 0 remote: Resolving deltas: 100% (97/97) remote: Processing changes: refs: 1, done To ssh://review.trustedfirmware.org/TF-M/trusted-firmware-m.git ! [remote rejected] HEAD -> refs/for/master (I00fb896d2005eb9e64e5a6869e3d6e1d814d43a7 has duplicates) error: failed to push some refs to 'ssh://review.trustedfirmware.org/TF-M/trusted-firmware-m.git' --- Thomas Den 2020-06-08 kl. 13:43, skrev Anton Komlev via TF-M: Hello TF-M code moved to the new location recently with a redirection link from the original URL - for compatibility purpose. Unfortunately, Gerrit got confused with two namespaces and several patches got messed up last week. To prevent it from happen again, the old TF-M location marked as read-only mirror. Please use new TF-M URL for your pushing your commits: ssh://<user-name>@review.trustedfirmware.org:29418/TF-M/trusted-firmware-m New repo URL: https://review.trustedfirmware.org/TF-M/trusted-firmware-m Thanks, Anton -- Thomas Törnblom, Product Engineer IAR Systems AB Box 23051, Strandbodgatan 1 SE-750 23 Uppsala, SWEDEN Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01 E-mail: thomas.tornblom(a)iar.com<mailto:thomas.tornblom@iar.com> Website: www.iar.com<http://www.iar.com> Twitter: www.twitter.com/iarsystems<http://www.twitter.com/iarsystems> -- Thomas Törnblom, Product Engineer IAR Systems AB Box 23051, Strandbodgatan 1 SE-750 23 Uppsala, SWEDEN Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01 E-mail: thomas.tornblom(a)iar.com<mailto:thomas.tornblom@iar.com> Website: www.iar.com<http://www.iar.com> Twitter: www.twitter.com/iarsystems<http://www.twitter.com/iarsystems>

5 years, 4 months

1
0
0 0

Re: [TF-M] TF-M URLs update for code and Gerrit review

by Minos Galanakis

Hi Thomas. I have just prepared a patch which is updating the documentation with references to the new repository address. https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/4487 Regards, Minos ________________________________ From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> on behalf of Thomas Törnblom via TF-M <tf-m(a)lists.trustedfirmware.org> Sent: 08 June 2020 13:17 To: tf-m(a)lists.trustedfirmware.org <tf-m(a)lists.trustedfirmware.org> Subject: Re: [TF-M] TF-M URLs update for code and Gerrit review .../docs/processes/contributing.rst should be updated with the new URL also. I checked there when I started having issues, but saw no changes there. Thomas Den 2020-06-08 kl. 14:10, skrev Thomas Törnblom via TF-M: Thanks Anton, that explains things. However now I get some other issues: --- PS C:\Users\thomasto\Projects\tf-m1\trusted-firmware-m> git push ssh://review.trustedfirmware.org/TF-M/trusted-firmware-m.git HEAD:refs/for/master Enumerating objects: 208, done. Counting objects: 100% (207/207), done. Delta compression using up to 4 threads Compressing objects: 100% (131/131), done. Writing objects: 100% (135/135), 16.94 KiB | 1.06 MiB/s, done. Total 135 (delta 97), reused 0 (delta 0), pack-reused 0 remote: Resolving deltas: 100% (97/97) remote: Processing changes: refs: 1, done To ssh://review.trustedfirmware.org/TF-M/trusted-firmware-m.git ! [remote rejected] HEAD -> refs/for/master (I00fb896d2005eb9e64e5a6869e3d6e1d814d43a7 has duplicates) error: failed to push some refs to 'ssh://review.trustedfirmware.org/TF-M/trusted-firmware-m.git' --- Thomas Den 2020-06-08 kl. 13:43, skrev Anton Komlev via TF-M: Hello TF-M code moved to the new location recently with a redirection link from the original URL – for compatibility purpose. Unfortunately, Gerrit got confused with two namespaces and several patches got messed up last week. To prevent it from happen again, the old TF-M location marked as read-only mirror. Please use new TF-M URL for your pushing your commits: ssh://<user-name>@review.trustedfirmware.org:29418/TF-M/trusted-firmware-m New repo URL: https://review.trustedfirmware.org/TF-M/trusted-firmware-m Thanks, Anton -- Thomas Törnblom, Product Engineer IAR Systems AB Box 23051, Strandbodgatan 1 SE-750 23 Uppsala, SWEDEN Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01 E-mail: thomas.tornblom(a)iar.com<mailto:thomas.tornblom@iar.com> Website: www.iar.com<http://www.iar.com> Twitter: www.twitter.com/iarsystems<http://www.twitter.com/iarsystems> -- Thomas Törnblom, Product Engineer IAR Systems AB Box 23051, Strandbodgatan 1 SE-750 23 Uppsala, SWEDEN Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01 E-mail: thomas.tornblom(a)iar.com<mailto:thomas.tornblom@iar.com> Website: www.iar.com<http://www.iar.com> Twitter: www.twitter.com/iarsystems<http://www.twitter.com/iarsystems>

5 years, 4 months

1
0
0 0

Re: [TF-M] TF-M URLs update for code and Gerrit review

by Adrian Shaw

Hi Anton, That URL you provided doesn't work: "Not Found". I presume you mean https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/ and respectively https://review.trustedfirmware.org/q/project:TF-M%252Ftrusted-firmware-m<https://review.trustedfirmware.org/q/project:TF-M%252Ftrusted-firmware-m+st…> Adrian ________________________________ From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> on behalf of Anton Komlev via TF-M <tf-m(a)lists.trustedfirmware.org> Sent: 08 June 2020 12:43 To: tf-m(a)lists.trustedfirmware.org <tf-m(a)lists.trustedfirmware.org> Cc: nd <nd(a)arm.com> Subject: [TF-M] TF-M URLs update for code and Gerrit review Hello TF-M code moved to the new location recently with a redirection link from the original URL – for compatibility purpose. Unfortunately, Gerrit got confused with two namespaces and several patches got messed up last week. To prevent it from happen again, the old TF-M location marked as read-only mirror. Please use new TF-M URL for your pushing your commits: ssh://<user-name>@review.trustedfirmware.org:29418/TF-M/trusted-firmware-m New repo URL: https://review.trustedfirmware.org/TF-M/trusted-firmware-m Thanks, Anton

5 years, 4 months

2
1
0 0

Re: [TF-M] TF-M URLs update for code and Gerrit review

by Thomas Törnblom

.../docs/processes/contributing.rst should be updated with the new URL also. I checked there when I started having issues, but saw no changes there. Thomas Den 2020-06-08 kl. 14:10, skrev Thomas Törnblom via TF-M: > Thanks Anton, that explains things. > > However now I get some other issues: > --- > PS C:\Users\thomasto\Projects\tf-m1\trusted-firmware-m> git push > ssh://review.trustedfirmware.org/TF-M/trusted-firmware-m.git > HEAD:refs/for/master > Enumerating objects: 208, done. > Counting objects: 100% (207/207), done. > Delta compression using up to 4 threads > Compressing objects: 100% (131/131), done. > Writing objects: 100% (135/135), 16.94 KiB | 1.06 MiB/s, done. > Total 135 (delta 97), reused 0 (delta 0), pack-reused 0 > remote: Resolving deltas: 100% (97/97) > remote: Processing changes: refs: 1, done > To ssh://review.trustedfirmware.org/TF-M/trusted-firmware-m.git > ! [remote rejected] HEAD -> refs/for/master > (I00fb896d2005eb9e64e5a6869e3d6e1d814d43a7 has duplicates) > error: failed to push some refs to > 'ssh://review.trustedfirmware.org/TF-M/trusted-firmware-m.git' > --- > > Thomas > > Den 2020-06-08 kl. 13:43, skrev Anton Komlev via TF-M: >> >> Hello >> >> TF-M code moved to the new location recently with a redirection link >> from the original URL – for compatibility purpose. >> >> Unfortunately, Gerrit got confused with two namespaces and several >> patches got messed up last week. To prevent it from happen again, the >> old TF-M location marked as read-only mirror. >> >> Please use new TF-M URL for your pushing your commits: >> >> ssh://<user-name>@review.trustedfirmware.org:29418/TF-M/trusted-firmware-m >> >> New repo URL: >> >> https://review.trustedfirmware.org/TF-M/trusted-firmware-m >> >> Thanks, >> >> Anton >> >> > > -- > > *Thomas Törnblom*, /Product Engineer/ > IAR Systems AB > Box 23051, Strandbodgatan 1 > SE-750 23 Uppsala, SWEDEN > Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01 > E-mail: thomas.tornblom(a)iar.com <mailto:thomas.tornblom@iar.com> > Website: www.iar.com <http://www.iar.com> > Twitter: www.twitter.com/iarsystems <http://www.twitter.com/iarsystems> > -- *Thomas Törnblom*, /Product Engineer/ IAR Systems AB Box 23051, Strandbodgatan 1 SE-750 23 Uppsala, SWEDEN Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01 E-mail: thomas.tornblom(a)iar.com <mailto:thomas.tornblom@iar.com> Website: www.iar.com <http://www.iar.com> Twitter: www.twitter.com/iarsystems <http://www.twitter.com/iarsystems>

5 years, 4 months

1
0
0 0

Re: [TF-M] TF-M URLs update for code and Gerrit review

by Thomas Törnblom

Thanks Anton, that explains things. However now I get some other issues: --- PS C:\Users\thomasto\Projects\tf-m1\trusted-firmware-m> git push ssh://review.trustedfirmware.org/TF-M/trusted-firmware-m.git HEAD:refs/for/master Enumerating objects: 208, done. Counting objects: 100% (207/207), done. Delta compression using up to 4 threads Compressing objects: 100% (131/131), done. Writing objects: 100% (135/135), 16.94 KiB | 1.06 MiB/s, done. Total 135 (delta 97), reused 0 (delta 0), pack-reused 0 remote: Resolving deltas: 100% (97/97) remote: Processing changes: refs: 1, done To ssh://review.trustedfirmware.org/TF-M/trusted-firmware-m.git ! [remote rejected] HEAD -> refs/for/master (I00fb896d2005eb9e64e5a6869e3d6e1d814d43a7 has duplicates) error: failed to push some refs to 'ssh://review.trustedfirmware.org/TF-M/trusted-firmware-m.git' --- Thomas Den 2020-06-08 kl. 13:43, skrev Anton Komlev via TF-M: > > Hello > > TF-M code moved to the new location recently with a redirection link > from the original URL – for compatibility purpose. > > Unfortunately, Gerrit got confused with two namespaces and several > patches got messed up last week. To prevent it from happen again, the > old TF-M location marked as read-only mirror. > > Please use new TF-M URL for your pushing your commits: > > ssh://<user-name>@review.trustedfirmware.org:29418/TF-M/trusted-firmware-m > > New repo URL: > > https://review.trustedfirmware.org/TF-M/trusted-firmware-m > > Thanks, > > Anton > > -- *Thomas Törnblom*, /Product Engineer/ IAR Systems AB Box 23051, Strandbodgatan 1 SE-750 23 Uppsala, SWEDEN Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01 E-mail: thomas.tornblom(a)iar.com <mailto:thomas.tornblom@iar.com> Website: www.iar.com <http://www.iar.com> Twitter: www.twitter.com/iarsystems <http://www.twitter.com/iarsystems>

5 years, 4 months

1
0
0 0

Re: [TF-M] Gerrit issues

by Thomas Törnblom

Is this perhaps related to the .gitreview and/or new repo location changes that appears to have been merged after my last push on Friday? If so, how to I fix this in my local repo? Thomas Den 2020-06-08 kl. 11:53, skrev Thomas Törnblom via TF-M: > Is there a problem pushing patches currently, or is there something > I've missed? > > I was able to push a patch on Friday, but today I get errors just > trying to push after a rebase with no changes: > --- > PS C:\Users\thomasto\Projects\tf-m1\trusted-firmware-m> git push > ssh://review.trustedfirmware.org:29418/trusted-firmware-m.git > HEAD:refs/for/master > Enumerating objects: 22731, done. > Counting objects: 100% (22731/22731), done. > Delta compression using up to 4 threads > Compressing objects: 100% (7566/7566), done. > Writing objects: 100% (22731/22731), 11.22 MiB | 6.64 MiB/s, done. > Total 22731 (delta 15732), reused 21321 (delta 14653) > remote: Resolving deltas: 100% (15732/15732) > remote: Processing changes: refs: 1, done > To ssh://review.trustedfirmware.org:29418/trusted-firmware-m.git > ! [remote rejected] HEAD -> refs/for/master (prohibited by Gerrit: > project state does not permit write) > error: failed to push some refs to > 'ssh://review.trustedfirmware.org:29418/trusted-firmware-m.git' > --- > > Thomas > > -- > > *Thomas Törnblom*, /Product Engineer/ > IAR Systems AB > Box 23051, Strandbodgatan 1 > SE-750 23 Uppsala, SWEDEN > Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01 > E-mail: thomas.tornblom(a)iar.com <mailto:thomas.tornblom@iar.com> > Website: www.iar.com <http://www.iar.com> > Twitter: www.twitter.com/iarsystems <http://www.twitter.com/iarsystems> > -- *Thomas Törnblom*, /Product Engineer/ IAR Systems AB Box 23051, Strandbodgatan 1 SE-750 23 Uppsala, SWEDEN Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01 E-mail: thomas.tornblom(a)iar.com <mailto:thomas.tornblom@iar.com> Website: www.iar.com <http://www.iar.com> Twitter: www.twitter.com/iarsystems <http://www.twitter.com/iarsystems>

5 years, 4 months

1
0
0 0

TF-M URLs update for code and Gerrit review

by Anton Komlev

Hello TF-M code moved to the new location recently with a redirection link from the original URL - for compatibility purpose. Unfortunately, Gerrit got confused with two namespaces and several patches got messed up last week. To prevent it from happen again, the old TF-M location marked as read-only mirror. Please use new TF-M URL for your pushing your commits: ssh://<user-name>@review.trustedfirmware.org:29418/TF-M/trusted-firmware-m New repo URL: https://review.trustedfirmware.org/TF-M/trusted-firmware-m Thanks, Anton

5 years, 4 months

1
0
0 0

Gerrit issues

by Thomas Törnblom

Is there a problem pushing patches currently, or is there something I've missed? I was able to push a patch on Friday, but today I get errors just trying to push after a rebase with no changes: --- PS C:\Users\thomasto\Projects\tf-m1\trusted-firmware-m> git push ssh://review.trustedfirmware.org:29418/trusted-firmware-m.git HEAD:refs/for/master Enumerating objects: 22731, done. Counting objects: 100% (22731/22731), done. Delta compression using up to 4 threads Compressing objects: 100% (7566/7566), done. Writing objects: 100% (22731/22731), 11.22 MiB | 6.64 MiB/s, done. Total 22731 (delta 15732), reused 21321 (delta 14653) remote: Resolving deltas: 100% (15732/15732) remote: Processing changes: refs: 1, done To ssh://review.trustedfirmware.org:29418/trusted-firmware-m.git ! [remote rejected] HEAD -> refs/for/master (prohibited by Gerrit: project state does not permit write) error: failed to push some refs to 'ssh://review.trustedfirmware.org:29418/trusted-firmware-m.git' --- Thomas -- *Thomas Törnblom*, /Product Engineer/ IAR Systems AB Box 23051, Strandbodgatan 1 SE-750 23 Uppsala, SWEDEN Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01 E-mail: thomas.tornblom(a)iar.com <mailto:thomas.tornblom@iar.com> Website: www.iar.com <http://www.iar.com> Twitter: www.twitter.com/iarsystems <http://www.twitter.com/iarsystems>

5 years, 4 months

1
0
0 0

Re: [TF-M] TF-M Technical Forum call - June 11

by David Vincze

Hi, I also would like to give a brief update on the status of the ongoing MCUboot alignment work. David V From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Tamas Ban via TF-M Sent: 05 June 2020 11:23 To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] TF-M Technical Forum call - June 11 Hi Anton, I would like to give a short presentation about crypto code sharing between bootloader and runtime firmware(SPE). Tamas From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Anton Komlev via TF-M Sent: 03 June 2020 21:21 To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: [TF-M] TF-M Technical Forum call - June 11 Hello, The next Technical Forum is planned on Thursday, June 11 at 15:00-16:00 UTC (US time zone). Please reply on this email with your proposals for agenda topics. Here are some local time examples: Location Local Time Time Zone UTC Offset Vancouver<https://www.timeanddate.com/worldclock/canada/vancouver> (Canada - British Columbia) Thursday, 11 June 2020, 08:00:00 PDT<https://www.timeanddate.com/time/zones/pdt> UTC-7 hours Chicago<https://www.timeanddate.com/worldclock/usa/chicago> (USA - Illinois) Thursday, 11 June 2020, 10:00:00 CDT<https://www.timeanddate.com/time/zones/cdt> UTC-5 hours Cambridge<https://www.timeanddate.com/worldclock/uk/cambridge> (United Kingdom - England) Thursday, 11 June 2020, 16:00:00 BST<https://www.timeanddate.com/time/zones/bst> UTC+1 hour Shanghai<https://www.timeanddate.com/worldclock/china/shanghai> (China - Shanghai Municipality) Thursday, 11 June 2020, 23:00:00 CST<https://www.timeanddate.com/time/zones/cst-china> UTC+8 hours Corresponding UTC (GMT) Thursday, 11 June 2020, 15:00:00<https://www.timeanddate.com/worldclock/fixedtime.html?iso=20200611T1500> Best regards, Anton Komlev

5 years, 4 months

1
0
0 0

Re: [TF-M] TF-M Technical Forum call - June 11

by Tamas Ban

Hi Anton, I would like to give a short presentation about crypto code sharing between bootloader and runtime firmware(SPE). Tamas From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Anton Komlev via TF-M Sent: 03 June 2020 21:21 To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: [TF-M] TF-M Technical Forum call - June 11 Hello, The next Technical Forum is planned on Thursday, June 11 at 15:00-16:00 UTC (US time zone). Please reply on this email with your proposals for agenda topics. Here are some local time examples: Location Local Time Time Zone UTC Offset Vancouver<https://www.timeanddate.com/worldclock/canada/vancouver> (Canada - British Columbia) Thursday, 11 June 2020, 08:00:00 PDT<https://www.timeanddate.com/time/zones/pdt> UTC-7 hours Chicago<https://www.timeanddate.com/worldclock/usa/chicago> (USA - Illinois) Thursday, 11 June 2020, 10:00:00 CDT<https://www.timeanddate.com/time/zones/cdt> UTC-5 hours Cambridge<https://www.timeanddate.com/worldclock/uk/cambridge> (United Kingdom - England) Thursday, 11 June 2020, 16:00:00 BST<https://www.timeanddate.com/time/zones/bst> UTC+1 hour Shanghai<https://www.timeanddate.com/worldclock/china/shanghai> (China - Shanghai Municipality) Thursday, 11 June 2020, 23:00:00 CST<https://www.timeanddate.com/time/zones/cst-china> UTC+8 hours Corresponding UTC (GMT) Thursday, 11 June 2020, 15:00:00<https://www.timeanddate.com/worldclock/fixedtime.html?iso=20200611T1500> Best regards, Anton Komlev

5 years, 4 months

1
0
0 0

Re: [TF-M] build error

by Gyorgy Szing

Hi, Can you please run the build with "cmake -build ./ -- install VERBOSE=1". This will show compiler command lines which could help. Based on the fact your assembler is complaining not understanding assembly instructions generated by the C compiler, I suspect your compiler is not supported. For "arm-none-eabi-cc -v" I get the following output: ....... gcc version 6.3.1 20170215 (release) [ARM/embedded-6-branch revision 245512] (GNU Tools for ARM Embedded Processors 6-2017-q1-update) (Note I removed some not so interesting lines.) As you can see, the version string includes the release name of "6-2017-q1-update". All gcc binaries built by arm shall have this. Please double check what compiler you are using. The last bullet point in the blue "notes" section here: https://ci.trustedfirmware.org/job/tf-m-build-test-nightly/lastSuccessfulBu… has the link to the download site and also names the releases you can use. /George From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Shawn Shan via TF-M Sent: 04 June 2020 10:21 To: Quach, Brian <brian(a)ti.com>; tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] build error Hi Brian, I would like to correct my last Email: * CMSIS_5 version should be v5.5.0. * Mbedtls is not required anymore. Please refer to the "build instructions" link for the detail: https://ci.trustedfirmware.org/job/tf-m-build-test-nightly/lastSuccessfulBu…. I have tried to reproduce your issue on my side but failed. So please try it again after changing the code version. Besides this, you can also check whether your build environment follows the TF-M user guides: https://ci.trustedfirmware.org/job/tf-m-build-test-nightly/lastSuccessfulBu…. Please connect us again if you met any problems. Thanks, Shawn From: Quach, Brian <brian(a)ti.com<mailto:brian@ti.com>> Sent: Wednesday, June 3, 2020 3:09 AM To: Shawn Shan <Shawn.Shan(a)arm.com<mailto:Shawn.Shan@arm.com>> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: RE: build error Hi Shawn, Yes, I emptied the cmake_build directory. I tried a fresh clone of the tags you specified but still get the same error. I'm using GNU Arm version mentioned in the TF-M user guide (v6.3.1) gcc version 6.3.1 20170620 (15:6.3.1+svn253039-1build1) a0270932@LT74BFJR2 MINGW64 /c/Gits/tfm/trusted-firmware-m (master) $ git log commit b157dca40dcf2051a0420cb16d659a6aa69335d7 (HEAD -> master, origin/master, origin/HEAD) a0270932@LT74BFJR2 MINGW64 /c/Gits/tfm/mbed-crypto ((mbedcrypto-3.0.1)) $ git log commit 1146b4e06011b69a6437e6b728f2af043a06ec19 (HEAD, tag: mbedcrypto-3.0.1) a0270932@LT74BFJR2 MINGW64 /c/Gits/tfm/mbedtls ((mbedtls-2.7.9)) $ git log commit 3187e7ca986fe199313343b0c810e41b543ef78a (HEAD, tag: mbedtls-2.7.9) a0270932@LT74BFJR2 MINGW64 /c/Gits/tfm/CMSIS_5 (Branch_5.2.0) $ git log commit 80cc44bba16cb4c8f495b7aa9709d41ac50e9529 (HEAD -> Branch_5.2.0, tag: 5.2.0) Scanning dependencies of target tfm_s_pp_image_macros_to_preprocess_s_1 [ 0%] Preprocess the /mnt/c/Gits/tfm/trusted-firmware-m/cmake_build/image_macros_to_preprocess_s.c file [ 0%] Built target tfm_s_pp_image_macros_to_preprocess_s_1 Scanning dependencies of target tfm_s_pp_tfm_common_s_1 [ 0%] Preprocess the /mnt/c/Gits/tfm/trusted-firmware-m/platform/ext/common/gcc/tfm_common_s.ld file [ 0%] Built target tfm_s_pp_tfm_common_s_1 Scanning dependencies of target tfm_s_obj_lib [ 1%] Building C object secure_fw/CMakeFiles/tfm_s_obj_lib.dir/spm/spm_api.o [ 1%] Building C object secure_fw/CMakeFiles/tfm_s_obj_lib.dir/spm/spm_func.o /tmp/ccmASnGm.s: Assembler messages: /tmp/ccmASnGm.s:47: Error: syntax error -- `msr psplim,r3' secure_fw/CMakeFiles/tfm_s_obj_lib.dir/build.make:86: recipe for target 'secure_fw/CMakeFiles/tfm_s_obj_lib.dir/spm/spm_func.o' failed make[2]: *** [secure_fw/CMakeFiles/tfm_s_obj_lib.dir/spm/spm_func.o] Error 1 CMakeFiles/Makefile2:189: recipe for target 'secure_fw/CMakeFiles/tfm_s_obj_lib.dir/all' failed make[1]: *** [secure_fw/CMakeFiles/tfm_s_obj_lib.dir/all] Error 2 Makefile:129: recipe for target 'all' failed make: *** [all] Error 2 Regards, Brian From: TF-M [mailto:tf-m-bounces@lists.trustedfirmware.org] On Behalf Of Shawn Shan via TF-M Sent: Monday, June 01, 2020 10:27 PM To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: [EXTERNAL] Re: [TF-M] build error Hi Brian, Did you empty the build directory before you build? And this is the recommended commit id for each of the repositories: Mbed-crypto: 1146b4e06011b69a6437e6b728f2af043a06ec19 Tag mbedcrypto-3.0.1 Mbedtls: 3187e7ca986fe199313343b0c810e41b543ef78a Tag mbedtls-2.7.9 CMSIS_5: 80cc44bba16cb4c8f495b7aa9709d41ac50e9529 Tag 5.2.0 Could you share us the commit id of each repo and the toolchain version (arm-none-eabi-gcc -v) you are using? Thanks, Shawn From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Quach, Brian via TF-M Sent: Tuesday, June 2, 2020 7:25 AM To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: [TF-M] build error Hi All, I'm using the latest TF-M, embedTLS, and CMSIS 5 code (repo HEAD). I renamed embedtls to embed-crypto. I ran "cmake ../ -G"Unix Makefiles" -DTARGET_PLATFORM=AN521 -DCOMPILER=GNUARM" which seemed to execute fine, but I'm getting an error on the next step. Does anyone know the solution? mnt/c/Gits/trusted-firmware-m/cmake_build$ cmake --build ./ -- install [ 0%] Built target tfm_s_pp_image_macros_to_preprocess_s_1 [ 0%] Built target tfm_s_pp_tfm_common_s_1 [ 0%] Building C object secure_fw/CMakeFiles/tfm_s_obj_lib.dir/spm/spm_func.o /tmp/ccpVCp1C.s: Assembler messages: /tmp/ccpVCp1C.s:47: Error: syntax error -- `msr psplim,r3' secure_fw/CMakeFiles/tfm_s_obj_lib.dir/build.make:86: recipe for target 'secure_fw/CMakeFiles/tfm_s_obj_lib.dir/spm/spm_func.o' failed make[2]: *** [secure_fw/CMakeFiles/tfm_s_obj_lib.dir/spm/spm_func.o] Error 1 CMakeFiles/Makefile2:189: recipe for target 'secure_fw/CMakeFiles/tfm_s_obj_lib.dir/all' failed make[1]: *** [secure_fw/CMakeFiles/tfm_s_obj_lib.dir/all] Error 2 Makefile:129: recipe for target 'all' failed make: *** [all] Error 2 Regards, Brian Quach SimpleLink MCU Texas Instruments Inc. 12500 TI Blvd, MS F-4000 Dallas, TX 75243 214-479-4076

5 years, 5 months

1
0
0 0

Re: [TF-M] build error

by Shawn Shan

Hi Brian, I would like to correct my last Email: * CMSIS_5 version should be v5.5.0. * Mbedtls is not required anymore. Please refer to the "build instructions" link for the detail: https://ci.trustedfirmware.org/job/tf-m-build-test-nightly/lastSuccessfulBu…. I have tried to reproduce your issue on my side but failed. So please try it again after changing the code version. Besides this, you can also check whether your build environment follows the TF-M user guides: https://ci.trustedfirmware.org/job/tf-m-build-test-nightly/lastSuccessfulBu…. Please connect us again if you met any problems. Thanks, Shawn From: Quach, Brian <brian(a)ti.com> Sent: Wednesday, June 3, 2020 3:09 AM To: Shawn Shan <Shawn.Shan(a)arm.com> Cc: nd <nd(a)arm.com> Subject: RE: build error Hi Shawn, Yes, I emptied the cmake_build directory. I tried a fresh clone of the tags you specified but still get the same error. I'm using GNU Arm version mentioned in the TF-M user guide (v6.3.1) gcc version 6.3.1 20170620 (15:6.3.1+svn253039-1build1) a0270932@LT74BFJR2 MINGW64 /c/Gits/tfm/trusted-firmware-m (master) $ git log commit b157dca40dcf2051a0420cb16d659a6aa69335d7 (HEAD -> master, origin/master, origin/HEAD) a0270932@LT74BFJR2 MINGW64 /c/Gits/tfm/mbed-crypto ((mbedcrypto-3.0.1)) $ git log commit 1146b4e06011b69a6437e6b728f2af043a06ec19 (HEAD, tag: mbedcrypto-3.0.1) a0270932@LT74BFJR2 MINGW64 /c/Gits/tfm/mbedtls ((mbedtls-2.7.9)) $ git log commit 3187e7ca986fe199313343b0c810e41b543ef78a (HEAD, tag: mbedtls-2.7.9) a0270932@LT74BFJR2 MINGW64 /c/Gits/tfm/CMSIS_5 (Branch_5.2.0) $ git log commit 80cc44bba16cb4c8f495b7aa9709d41ac50e9529 (HEAD -> Branch_5.2.0, tag: 5.2.0) Scanning dependencies of target tfm_s_pp_image_macros_to_preprocess_s_1 [ 0%] Preprocess the /mnt/c/Gits/tfm/trusted-firmware-m/cmake_build/image_macros_to_preprocess_s.c file [ 0%] Built target tfm_s_pp_image_macros_to_preprocess_s_1 Scanning dependencies of target tfm_s_pp_tfm_common_s_1 [ 0%] Preprocess the /mnt/c/Gits/tfm/trusted-firmware-m/platform/ext/common/gcc/tfm_common_s.ld file [ 0%] Built target tfm_s_pp_tfm_common_s_1 Scanning dependencies of target tfm_s_obj_lib [ 1%] Building C object secure_fw/CMakeFiles/tfm_s_obj_lib.dir/spm/spm_api.o [ 1%] Building C object secure_fw/CMakeFiles/tfm_s_obj_lib.dir/spm/spm_func.o /tmp/ccmASnGm.s: Assembler messages: /tmp/ccmASnGm.s:47: Error: syntax error -- `msr psplim,r3' secure_fw/CMakeFiles/tfm_s_obj_lib.dir/build.make:86: recipe for target 'secure_fw/CMakeFiles/tfm_s_obj_lib.dir/spm/spm_func.o' failed make[2]: *** [secure_fw/CMakeFiles/tfm_s_obj_lib.dir/spm/spm_func.o] Error 1 CMakeFiles/Makefile2:189: recipe for target 'secure_fw/CMakeFiles/tfm_s_obj_lib.dir/all' failed make[1]: *** [secure_fw/CMakeFiles/tfm_s_obj_lib.dir/all] Error 2 Makefile:129: recipe for target 'all' failed make: *** [all] Error 2 Regards, Brian From: TF-M [mailto:tf-m-bounces@lists.trustedfirmware.org] On Behalf Of Shawn Shan via TF-M Sent: Monday, June 01, 2020 10:27 PM To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: [EXTERNAL] Re: [TF-M] build error Hi Brian, Did you empty the build directory before you build? And this is the recommended commit id for each of the repositories: Mbed-crypto: 1146b4e06011b69a6437e6b728f2af043a06ec19 Tag mbedcrypto-3.0.1 Mbedtls: 3187e7ca986fe199313343b0c810e41b543ef78a Tag mbedtls-2.7.9 CMSIS_5: 80cc44bba16cb4c8f495b7aa9709d41ac50e9529 Tag 5.2.0 Could you share us the commit id of each repo and the toolchain version (arm-none-eabi-gcc -v) you are using? Thanks, Shawn From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Quach, Brian via TF-M Sent: Tuesday, June 2, 2020 7:25 AM To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: [TF-M] build error Hi All, I'm using the latest TF-M, embedTLS, and CMSIS 5 code (repo HEAD). I renamed embedtls to embed-crypto. I ran "cmake ../ -G"Unix Makefiles" -DTARGET_PLATFORM=AN521 -DCOMPILER=GNUARM" which seemed to execute fine, but I'm getting an error on the next step. Does anyone know the solution? mnt/c/Gits/trusted-firmware-m/cmake_build$ cmake --build ./ -- install [ 0%] Built target tfm_s_pp_image_macros_to_preprocess_s_1 [ 0%] Built target tfm_s_pp_tfm_common_s_1 [ 0%] Building C object secure_fw/CMakeFiles/tfm_s_obj_lib.dir/spm/spm_func.o /tmp/ccpVCp1C.s: Assembler messages: /tmp/ccpVCp1C.s:47: Error: syntax error -- `msr psplim,r3' secure_fw/CMakeFiles/tfm_s_obj_lib.dir/build.make:86: recipe for target 'secure_fw/CMakeFiles/tfm_s_obj_lib.dir/spm/spm_func.o' failed make[2]: *** [secure_fw/CMakeFiles/tfm_s_obj_lib.dir/spm/spm_func.o] Error 1 CMakeFiles/Makefile2:189: recipe for target 'secure_fw/CMakeFiles/tfm_s_obj_lib.dir/all' failed make[1]: *** [secure_fw/CMakeFiles/tfm_s_obj_lib.dir/all] Error 2 Makefile:129: recipe for target 'all' failed make: *** [all] Error 2 Regards, Brian Quach SimpleLink MCU Texas Instruments Inc. 12500 TI Blvd, MS F-4000 Dallas, TX 75243 214-479-4076

5 years, 5 months

1
0
0 0

Re: [TF-M] [IMPORTANT] [SOURCE STRUCTURE] The first structure adjust patch is pushed

by Ken Liu

Hi, There are few comments on the structure document, so let's merge the first patch as a signal. This merging does not mean it is the decided shape - the structure related comments are always open, feedback on the mailing list or the task: https://developer.trustedfirmware.org/T751 Or, to be direct, put comments on the ongoing updates to the design doc: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/4415 Thanks. /Ken From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Ken Liu via TF-M Sent: Monday, June 1, 2020 2:11 PM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: [TF-M] [IMPORTANT] [SOURCE STRUCTURE] The first structure adjust patch is pushed Hi, As the first commit of 'source_structure' document is merged, here is the first patch to follow the document: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/4315 The patch looks big, even it just adjusts the content inside 'secure_fw'. To make the related sources can pass the building, some files out of the 'secure_fw' need to be changed. The goal of merging is ASAP so that we won't block upcoming features. Please provide the feedback about potential USAGE problem you may meet. As the patch is big, it won't be applicable to make THIS patch perfect to meet all the requirements defined in the document, a series of upcoming patches would come as amending. Also if there are suggestions about the structure document, please write to the mailing list and put discussion in this task: https://developer.trustedfirmware.org/T751 The rendered structure document: https://ci.trustedfirmware.org/job/tf-m-build-test-nightly/252/artifact/bui… BR /Ken

5 years, 5 months

1
0
0 0

[RFC] [Logging API] Design document call for review

by Shawn Shan

Hi all, I have created a draft design document of the TF-M logging system. Could you please help review it https://review.trustedfirmware.org/c/trusted-firmware-m/+/4417 ? Welcome your comments and suggestions.😊 Best regards, Shawn

5 years, 5 months

1
0
0 0

TF-M Technical Forum call - June 11

by Anton Komlev

Hello, The next Technical Forum is planned on Thursday, June 11 at 15:00-16:00 UTC (US time zone). Please reply on this email with your proposals for agenda topics. Here are some local time examples: Location Local Time Time Zone UTC Offset Vancouver<https://www.timeanddate.com/worldclock/canada/vancouver> (Canada - British Columbia) Thursday, 11 June 2020, 08:00:00 PDT<https://www.timeanddate.com/time/zones/pdt> UTC-7 hours Chicago<https://www.timeanddate.com/worldclock/usa/chicago> (USA - Illinois) Thursday, 11 June 2020, 10:00:00 CDT<https://www.timeanddate.com/time/zones/cdt> UTC-5 hours Cambridge<https://www.timeanddate.com/worldclock/uk/cambridge> (United Kingdom - England) Thursday, 11 June 2020, 16:00:00 BST<https://www.timeanddate.com/time/zones/bst> UTC+1 hour Shanghai<https://www.timeanddate.com/worldclock/china/shanghai> (China - Shanghai Municipality) Thursday, 11 June 2020, 23:00:00 CST<https://www.timeanddate.com/time/zones/cst-china> UTC+8 hours Corresponding UTC (GMT) Thursday, 11 June 2020, 15:00:00<https://www.timeanddate.com/worldclock/fixedtime.html?iso=20200611T1500> Best regards, Anton Komlev

5 years, 5 months

1
0
0 0

Re: [TF-M] Changes required to enable Zephyr integration as External_Project

by Tamas Ban

Hi Kumar, We are going to check and merge changes from Kevin before v1.1 release. Tamas -----Original Message----- From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Kumar Gala via TF-M Sent: 03 June 2020 13:02 To: Anton Komlev <Anton.Komlev(a)arm.com> Cc: nd <nd(a)arm.com>; tf-m(a)lists.trustedfirmware.org Subject: Re: [TF-M] Changes required to enable Zephyr integration as External_Project Than I ask that the changes Kevin has posted be looked at for TFM v1.1 as the are relatively small and than the CMake rework can be done on top of them if its able to land for v1.1. - k > On Jun 3, 2020, at 3:30 AM, Anton Komlev via TF-M <tf-m(a)lists.trustedfirmware.org> wrote: > > Hi, > > There was a plan to include the new build system into TFM v1.1 but looking onto change size and interdependencies with other ongoing changes like code restructuring, the delivery of new CMake in TFM v1.1 is optional. > The intention is to be safe and test more instead of delivery ahead and fix later. > > Anton > > -----Original Message----- > From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Kumar > Gala via TF-M > Sent: 02 June 2020 13:50 > To: Raef Coles <Raef.Coles(a)arm.com> > Cc: tf-m(a)lists.trustedfirmware.org > Subject: Re: [TF-M] Changes required to enable Zephyr integration as > External_Project > > What’s the timeframe expectation with the new cmake work? Is this something that is planned for TFM 1.1? > > - k > >> On Jun 2, 2020, at 7:11 AM, Raef Coles via TF-M <tf-m(a)lists.trustedfirmware.org> wrote: >> >> Hi, >> >> Thank you very much for the changes to the image signing script - those look like great QOL improvements. >> >> WRT Ninja and externalproject support, there is currently an ongoing effort to improve the TF-M build system by rewriting it to use more modern and streamlined cmake. I haven't tested it as an externalproject yet, but am pretty confident that it should now work "out of the box". When it gets to the stage that it can be submitted to trustedfirmware.org as a patch I'll try to reply to this so you can test that. >> >> I personally hadn't used Ninja much, but am pleasantly surprised with how fast it is. I will do my best to make sure that the new cmake also works with ninja, since support should be relatively simple. >> >> Raef >> >> ________________________________________ >> From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> on behalf of >> Kevin Townsend via TF-M <tf-m(a)lists.trustedfirmware.org> >> Sent: 02 June 2020 12:11 >> To: Thomas Törnblom via TF-M >> Subject: [TF-M] Changes required to enable Zephyr integration as >> External_Project >> >> Hi, >> >> The following task lists some of the changes that we had to make to >> enable TF-M to be built using ExternalProject_Add from Zephyr, as >> well as enabling the use of ninja for TF-M builds (which is often >> significantly faster than using classic >> makefiles): https://developer.trustedfirmware.org/T760 >> >> The ninja changes have been tested with: >> >> $ cmake -GNinja -DPROJ_CONFIG=`readlink -f ../configs/ConfigDefault.cmake` -DTARGET_PLATFORM=LPC55S69 -DBL2=False -DCOMPILER=GNUARM .. >> $ ninja >> >> The changes to imgtool.py resolve some platform issues when signing binaries, and add a convenience requirements.txt file that can be run in CI to ensure that all of the Python dependencies are met for this tool. >> >> Any concerns or feedback on these are welcome, but I would be >> interested to hear any opinions on ninja which is often considerably >> faster out of the box when compiling (at least on Linux and native OS X, which is what I use for my builds). >> >> Best regards, >> Kevin >> -- >> TF-M mailing list >> TF-M(a)lists.trustedfirmware.org >> https://lists.trustedfirmware.org/mailman/listinfo/tf-m > > -- > TF-M mailing list > TF-M(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tf-m > -- > TF-M mailing list > TF-M(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tf-m -- TF-M mailing list TF-M(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-m

5 years, 5 months

1
0
0 0

Re: [TF-M] Changes required to enable Zephyr integration as External_Project

by Kumar Gala

Than I ask that the changes Kevin has posted be looked at for TFM v1.1 as the are relatively small and than the CMake rework can be done on top of them if its able to land for v1.1. - k > On Jun 3, 2020, at 3:30 AM, Anton Komlev via TF-M <tf-m(a)lists.trustedfirmware.org> wrote: > > Hi, > > There was a plan to include the new build system into TFM v1.1 but looking onto change size and interdependencies with other ongoing changes like code restructuring, the delivery of new CMake in TFM v1.1 is optional. > The intention is to be safe and test more instead of delivery ahead and fix later. > > Anton > > -----Original Message----- > From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Kumar Gala via TF-M > Sent: 02 June 2020 13:50 > To: Raef Coles <Raef.Coles(a)arm.com> > Cc: tf-m(a)lists.trustedfirmware.org > Subject: Re: [TF-M] Changes required to enable Zephyr integration as External_Project > > What’s the timeframe expectation with the new cmake work? Is this something that is planned for TFM 1.1? > > - k > >> On Jun 2, 2020, at 7:11 AM, Raef Coles via TF-M <tf-m(a)lists.trustedfirmware.org> wrote: >> >> Hi, >> >> Thank you very much for the changes to the image signing script - those look like great QOL improvements. >> >> WRT Ninja and externalproject support, there is currently an ongoing effort to improve the TF-M build system by rewriting it to use more modern and streamlined cmake. I haven't tested it as an externalproject yet, but am pretty confident that it should now work "out of the box". When it gets to the stage that it can be submitted to trustedfirmware.org as a patch I'll try to reply to this so you can test that. >> >> I personally hadn't used Ninja much, but am pleasantly surprised with how fast it is. I will do my best to make sure that the new cmake also works with ninja, since support should be relatively simple. >> >> Raef >> >> ________________________________________ >> From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> on behalf of Kevin >> Townsend via TF-M <tf-m(a)lists.trustedfirmware.org> >> Sent: 02 June 2020 12:11 >> To: Thomas Törnblom via TF-M >> Subject: [TF-M] Changes required to enable Zephyr integration as >> External_Project >> >> Hi, >> >> The following task lists some of the changes that we had to make to >> enable TF-M to be built using ExternalProject_Add from Zephyr, as well >> as enabling the use of ninja for TF-M builds (which is often >> significantly faster than using classic >> makefiles): https://developer.trustedfirmware.org/T760 >> >> The ninja changes have been tested with: >> >> $ cmake -GNinja -DPROJ_CONFIG=`readlink -f ../configs/ConfigDefault.cmake` -DTARGET_PLATFORM=LPC55S69 -DBL2=False -DCOMPILER=GNUARM .. >> $ ninja >> >> The changes to imgtool.py resolve some platform issues when signing binaries, and add a convenience requirements.txt file that can be run in CI to ensure that all of the Python dependencies are met for this tool. >> >> Any concerns or feedback on these are welcome, but I would be >> interested to hear any opinions on ninja which is often considerably >> faster out of the box when compiling (at least on Linux and native OS X, which is what I use for my builds). >> >> Best regards, >> Kevin >> -- >> TF-M mailing list >> TF-M(a)lists.trustedfirmware.org >> https://lists.trustedfirmware.org/mailman/listinfo/tf-m > > -- > TF-M mailing list > TF-M(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tf-m > -- > TF-M mailing list > TF-M(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tf-m

5 years, 5 months

1
0
0 0

Invitation: TF-M Tech Forum (US TZ) @ Thu 25 Jun 2020 16:00 - 17:00 (BST) (tf-m@lists.trustedfirmware.org)

by Bill Fletcher

You have been invited to the following event. Title: TF-M Tech Forum (US TZ) ** 25th June call rescheduled (due to holidays in China) **About TF-M Tech forum:This is an open forum for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC.Feel free to forward it to colleagues.Details of previous meetings are here: https://www.trustedfirmware.org/meetings/tf-m-technical-forum/Tr… Firmware is inviting you to a scheduled Zoom meeting.Join Zoom Meetinghttps://zoom.us/j/9159704974Meeting ID: 915 970 4974One tap mobile+16465588656,,9159704974# US (New York)+16699009128,,9159704974# US (San Jose)Dial by your location        +1 646 558 8656 US (New York)        +1 669 900 9128 US (San Jose)        877 853 5247 US Toll-free        888 788 0099 US Toll-freeMeeting ID: 915 970 4974Find your local number: https://zoom.us/u/ad27hc6t7h   When: Thu 25 Jun 2020 16:00 – 17:00 United Kingdom Time Where: Via Zoom Calendar: tf-m(a)lists.trustedfirmware.org Who: * Bill Fletcher- creator * tf-m(a)lists.trustedfirmware.org Event details: https://www.google.com/calendar/event?action=VIEW&eid=MGFmdnVlcmltYjB1M2Y1O… Invitation from Google Calendar: https://www.google.com/calendar/ You are receiving this courtesy email at the account tf-m(a)lists.trustedfirmware.org because you are an attendee of this event. To stop receiving future updates for this event, decline this event. Alternatively, you can sign up for a Google Account at https://www.google.com/calendar/ and control your notification settings for your entire calendar. Forwarding this invitation could allow any recipient to send a response to the organiser and be added to the guest list, invite others regardless of their own invitation status or to modify your RSVP. Learn more at https://support.google.com/calendar/answer/37135#forwarding

5 years, 5 months

1
0
0 0

Cancelled event with note: TF-M tech Forum (Asia TZ) @ Thu 25 Jun 2020 07:00 - 08:00 (BST) (tf-m@lists.trustedfirmware.org)

by Bill Fletcher

This event has been cancelled with this note: "Due to holidays in China, the event in this time slot is cancelled. " Title: TF-M tech Forum (Asia TZ) About TF-M Tech forum:This is an open forum for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC.Feel free to forward it to colleagues.Details of previous meetings are here: https://www.trustedfirmware.org/meetings/tf-m-technical-forum/Tr… Firmware is inviting you to a scheduled Zoom meeting.Join Zoom Meetinghttps://zoom.us/j/9159704974Meeting ID: 915 970 4974One tap mobile+16465588656,,9159704974# US (New York)+16699009128,,9159704974# US (San Jose)Dial by your location        +1 646 558 8656 US (New York)        +1 669 900 9128 US (San Jose)        877 853 5247 US Toll-free        888 788 0099 US Toll-freeMeeting ID: 915 970 4974Find your local number: https://zoom.us/u/ad27hc6t7h   When: Thu 25 Jun 2020 07:00 – 08:00 United Kingdom Time Calendar: tf-m(a)lists.trustedfirmware.org Who: * Bill Fletcher- creator * tf-m(a)lists.trustedfirmware.org Invitation from Google Calendar: https://www.google.com/calendar/ You are receiving this courtesy email at the account tf-m(a)lists.trustedfirmware.org because you are an attendee of this event. To stop receiving future updates for this event, decline this event. Alternatively, you can sign up for a Google Account at https://www.google.com/calendar/ and control your notification settings for your entire calendar. Forwarding this invitation could allow any recipient to send a response to the organiser and be added to the guest list, invite others regardless of their own invitation status or to modify your RSVP. Learn more at https://support.google.com/calendar/answer/37135#forwarding

5 years, 5 months

1
0
0 0

Re: [TF-M] TF-M PSA key management

by Soby Mathew

Hi Brian, The struct you have mentioned is part of the implementation defined `psa_key_attributes_t` data structure. The key algorithm and policy are accessed via appropriate get/set API's (like psa_set_key_algorithm/ psa_get_key_algorithm). Hence these fields are not meant to be directly accessed by the clients but are an implementation detail of crypto Service. The only reason the 2 algorithm fields exists now is because the mbedcrypto defined the structure that way. I have a patch in flight which cleans up the client view of the psa_key_attributes_t such that only fields required by client are defined. The patch is available for review here : https://review.trustedfirmware.org/c/trusted-firmware-m/+/4217 Regarding psa_open_key() and psa_close_key(), TF-M tries to implement PSA Crypto 1.0 Beta 3 version of the spec whereas the APIs are removed in 1.0 version. Currently mbedcrypto does not support 1.0 version fully yet. Once 1.0 is supported mbedcrypto, then TF-M will also make the migrate the APIs to 1.0. This is expected to happen during Q3 timeframe. Best Regards Soby Mathew From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Quach, Brian via TF-M Sent: 02 June 2020 23:44 To: tf-m(a)lists.trustedfirmware.org Subject: [TF-M] TF-M PSA key management Hi All, I see that the PSA crypto API v1.0 spec says "This specification only defines policies that restrict keys to a single algorithm, which is consistent with both common practice and security good practice. ", but the TF-M code defines two algs in the policy struct. Which will be the path going forward? struct psa_key_policy_s { psa_key_usage_t usage; psa_algorithm_t alg; psa_algorithm_t alg2; }; I also see psa_open_key() and psa_close_key() were removed from the spec. Any plans to remove from TF-M code in the future? Regards, Brian Quach SimpleLink MCU Texas Instruments Inc. 12500 TI Blvd, MS F-4000 Dallas, TX 75243 214-479-4076

5 years, 5 months

1
0
0 0

Re: [TF-M] Changes required to enable Zephyr integration as External_Project

by Anton Komlev

Hi, There was a plan to include the new build system into TFM v1.1 but looking onto change size and interdependencies with other ongoing changes like code restructuring, the delivery of new CMake in TFM v1.1 is optional. The intention is to be safe and test more instead of delivery ahead and fix later. Anton -----Original Message----- From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Kumar Gala via TF-M Sent: 02 June 2020 13:50 To: Raef Coles <Raef.Coles(a)arm.com> Cc: tf-m(a)lists.trustedfirmware.org Subject: Re: [TF-M] Changes required to enable Zephyr integration as External_Project What’s the timeframe expectation with the new cmake work? Is this something that is planned for TFM 1.1? - k > On Jun 2, 2020, at 7:11 AM, Raef Coles via TF-M <tf-m(a)lists.trustedfirmware.org> wrote: > > Hi, > > Thank you very much for the changes to the image signing script - those look like great QOL improvements. > > WRT Ninja and externalproject support, there is currently an ongoing effort to improve the TF-M build system by rewriting it to use more modern and streamlined cmake. I haven't tested it as an externalproject yet, but am pretty confident that it should now work "out of the box". When it gets to the stage that it can be submitted to trustedfirmware.org as a patch I'll try to reply to this so you can test that. > > I personally hadn't used Ninja much, but am pleasantly surprised with how fast it is. I will do my best to make sure that the new cmake also works with ninja, since support should be relatively simple. > > Raef > > ________________________________________ > From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> on behalf of Kevin > Townsend via TF-M <tf-m(a)lists.trustedfirmware.org> > Sent: 02 June 2020 12:11 > To: Thomas Törnblom via TF-M > Subject: [TF-M] Changes required to enable Zephyr integration as > External_Project > > Hi, > > The following task lists some of the changes that we had to make to > enable TF-M to be built using ExternalProject_Add from Zephyr, as well > as enabling the use of ninja for TF-M builds (which is often > significantly faster than using classic > makefiles): https://developer.trustedfirmware.org/T760 > > The ninja changes have been tested with: > > $ cmake -GNinja -DPROJ_CONFIG=`readlink -f ../configs/ConfigDefault.cmake` -DTARGET_PLATFORM=LPC55S69 -DBL2=False -DCOMPILER=GNUARM .. > $ ninja > > The changes to imgtool.py resolve some platform issues when signing binaries, and add a convenience requirements.txt file that can be run in CI to ensure that all of the Python dependencies are met for this tool. > > Any concerns or feedback on these are welcome, but I would be > interested to hear any opinions on ninja which is often considerably > faster out of the box when compiling (at least on Linux and native OS X, which is what I use for my builds). > > Best regards, > Kevin > -- > TF-M mailing list > TF-M(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tf-m -- TF-M mailing list TF-M(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-m

5 years, 5 months

1
0
0 0

TF-M PSA key management

by Quach, Brian

Hi All, I see that the PSA crypto API v1.0 spec says "This specification only defines policies that restrict keys to a single algorithm, which is consistent with both common practice and security good practice. ", but the TF-M code defines two algs in the policy struct. Which will be the path going forward? struct psa_key_policy_s { psa_key_usage_t usage; psa_algorithm_t alg; psa_algorithm_t alg2; }; I also see psa_open_key() and psa_close_key() were removed from the spec. Any plans to remove from TF-M code in the future? Regards, Brian Quach SimpleLink MCU Texas Instruments Inc. 12500 TI Blvd, MS F-4000 Dallas, TX 75243 214-479-4076

5 years, 5 months

1
0
0 0

Re: [TF-M] DSP instructions and FPU use

by Joseph Yiu

Hi Ken, Soby, In additional to FPCCR_S.TS, You should also set FPCCR_S.CLRONRET and FPCCR_S.CLRONRETS. FPCCR_S.CLRONRET ensures that FPU register contents are cleared when return from a Secure exception to the Non-secure world, and FPCCR_S.CLRONRETS ensures that the Non-secure world cannot change the FPCCR_S.CLRONRET setting. Regards, Joseph From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Soby Mathew via TF-M Sent: 02 June 2020 04:36 To: Ken Liu <Ken.Liu(a)arm.com>; TF-M mailing list <tf-m(a)lists.trustedfirmware.org> Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] DSP instructions and FPU use Hi Ken, I agree that FPCCR_S.TS (in addition to other setting for FP) should be set if FPU needs to be used in secure world. The FPCCR.LSPEN allows saving the context lazily which was what I was referring to previously. Eventhough the hardware is performing the stacking, the policy chosen (lazy stacking/stack always) affects interrupt latency which should be considered for the design for FPU usage in TF-M. Best Regards Soby Mathew From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Ken Liu via TF-M Sent: 01 June 2020 15:55 To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: Re: [TF-M] DSP instructions and FPU use Hi Soby & Andrej, The FP context is managed by hardware automatically in M-profile architecture. While booting we clear FPCA since we are not using FP under handler mode, we don't want FP get involved during initialization and need extra clean up job. But if a thread uses FP the FPCA is set to 1 automatically, and if exceptions are happening the FP context stacked automatically by hardware - the secure scheduler just keep the EXC_RETURN which contains FP context and finally recover it back. Which means if you enabled hardware FP unintentional it can work, the only place a problem may occur should be the non-secure preempting secure execution case. I think the only thing we are missing now is we did not set FPCCR_S.TS = 1 since we did not realize that user would enable FP in secure world. This would cause the FP register may contain secure information while Non-secure preempting secure execution. Need to go through the settings and double-check. So at least before we finish the estimation I think FPCCR_S.TS should be set to ensure the security. Andrej, have you set this bit while you are using hardware FP? Or just let it go (use default TF-M setting)? Thanks. /Ken From: Soby Mathew <Soby.Mathew(a)arm.com<mailto:Soby.Mathew@arm.com>> Sent: Monday, June 1, 2020 5:25 PM To: Ken Liu <Ken.Liu(a)arm.com<mailto:Ken.Liu@arm.com>>; tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: RE: DSP instructions and FPU use Hi, For enabling floating point the ARMv8-M architecture allows the flowing possibilities : * Stacking the basic Floating-point context. * Stacking the basic Floating-point context and the additional Floating-point context. * Activation of Lazy Floating-point state preservation. The easiest way would be to enable FP context stacking for every context switch but it would impact every context switch irrespective of whether FP unit is used in that context or not . I guess this is the approach taken by Andrej ? . The Lazy Floating point state preservation would be better for performance but it would have additional complexity in managing the contexts. Just blue sky thinking here: There could be a middle ground wherein some partitions are allowed to use FP while others are not because they don't really need to. The ones allowed to use FP will need to cater for the additional stack requirement to save FP context. The actual save of the context can be done either on context switch to the partition or lazily. This approach could give the benefit of both performance and memory savings but it requires some analysis and design to be done in TF-M. Best Regards Soby Mathew From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Ken Liu via TF-M Sent: 01 June 2020 09:05 To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: Re: [TF-M] DSP instructions and FPU use Hi Andrej, You mean the hardware floatpoint can be used in the Secure Partition? That's a good information, can you share us the compiler flags about float-point you are using? Thanks. /Ken From: Andrej Butok <andrey.butok(a)nxp.com<mailto:andrey.butok@nxp.com>> Sent: Monday, June 1, 2020 2:46 PM To: Ken Liu <Ken.Liu(a)arm.com<mailto:Ken.Liu@arm.com>> Cc: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: RE: DSP instructions and FPU use FYI: >> Can you do some experiments on enabling hardware float point and see if it is working In our SDK, the LPC55S HW Float point is enabled for all TFM projects (Kel, GCC/MCUx), and it works. From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Ken Liu via TF-M Sent: Monday, June 1, 2020 8:41 AM To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: Re: [TF-M] DSP instructions and FPU use Hi Cindy, The reason is we need to estimate the potential security risks after enabling hardware floating-point, so it is set as software FPU as default. Can you do some experiments on enabling hardware float point and see if it is working, and then let's see the patch? That would be helpful for our estimation. During bootup, we cleared the CONTROL.FPCA, and if you access hardware float point in a partition thread should work because it would re-invoke the FPCA bit and make everything work as usual. But as I mentioned, we need to estimate it and give a proper solution and then enable your patch. For DSP, a similar reason is there, we need to take an estimation. But in theory, you can enable the things you have on the hardware, just be caution that the shared resources between S/NS can be the risk (and the resource sharing caused - co-work problem, the context save/load). Thanks. /Ken From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Cindy Chaumont via TF-M Sent: Friday, May 29, 2020 6:39 PM To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: [TF-M] DSP instructions and FPU use Hello, I am using the GNUARM compiler and LPCXpresso55S69-EVK dev board and I would like to use DSP instructions and FPU (in secure image). About FPU, it seems there is no way to use the hardware floating-point support instead of the software support (see "-msoft-float" flag in CommonConfig.cmake file). Is there a reason for that? Maybe some performance reasons? About DSP, in CompilerGNUARMxy.cmake files, architecture definition is preferred to CPU type and, in my case, "-march=armv8-m.main" flags is chosen (without +dsp option). The solution I found is to only define ARM_CPU_TYPE (and not ARM_CPU_ARCHITECTURE) to use "-mcpu=cortex-m33" flag instead of "-march=armv8-m.main". So I can use DSP instructions. However, I am not sure if this is the best solution. Maybe an option could be added to allow or not the use of DSP instructions? Thank you in advance for the answer, Best regards, Cindy

5 years, 5 months

1
0
0 0

Re: [TF-M] Changes required to enable Zephyr integration as External_Project

by Kumar Gala

What’s the timeframe expectation with the new cmake work? Is this something that is planned for TFM 1.1? - k > On Jun 2, 2020, at 7:11 AM, Raef Coles via TF-M <tf-m(a)lists.trustedfirmware.org> wrote: > > Hi, > > Thank you very much for the changes to the image signing script - those look like great QOL improvements. > > WRT Ninja and externalproject support, there is currently an ongoing effort to improve the TF-M build system by rewriting it to use more modern and streamlined cmake. I haven't tested it as an externalproject yet, but am pretty confident that it should now work "out of the box". When it gets to the stage that it can be submitted to trustedfirmware.org as a patch I'll try to reply to this so you can test that. > > I personally hadn't used Ninja much, but am pleasantly surprised with how fast it is. I will do my best to make sure that the new cmake also works with ninja, since support should be relatively simple. > > Raef > > ________________________________________ > From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> on behalf of Kevin Townsend via TF-M <tf-m(a)lists.trustedfirmware.org> > Sent: 02 June 2020 12:11 > To: Thomas Törnblom via TF-M > Subject: [TF-M] Changes required to enable Zephyr integration as External_Project > > Hi, > > The following task lists some of the changes that we had to make to enable > TF-M to be built using ExternalProject_Add from Zephyr, as well as enabling the > use of ninja for TF-M builds (which is often significantly faster than using classic > makefiles): https://developer.trustedfirmware.org/T760 > > The ninja changes have been tested with: > > $ cmake -GNinja -DPROJ_CONFIG=`readlink -f ../configs/ConfigDefault.cmake` -DTARGET_PLATFORM=LPC55S69 -DBL2=False -DCOMPILER=GNUARM .. > $ ninja > > The changes to imgtool.py resolve some platform issues when signing binaries, and add a convenience requirements.txt file that can be run in CI to ensure that all of the Python dependencies are met for this tool. > > Any concerns or feedback on these are welcome, but I would be interested to hear > any opinions on ninja which is often considerably faster out of the box when compiling > (at least on Linux and native OS X, which is what I use for my builds). > > Best regards, > Kevin > -- > TF-M mailing list > TF-M(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/tf-m

5 years, 5 months

1
0
0 0

Re: [TF-M] Changes required to enable Zephyr integration as External_Project

by Raef Coles

Hi, Thank you very much for the changes to the image signing script - those look like great QOL improvements. WRT Ninja and externalproject support, there is currently an ongoing effort to improve the TF-M build system by rewriting it to use more modern and streamlined cmake. I haven't tested it as an externalproject yet, but am pretty confident that it should now work "out of the box". When it gets to the stage that it can be submitted to trustedfirmware.org as a patch I'll try to reply to this so you can test that. I personally hadn't used Ninja much, but am pleasantly surprised with how fast it is. I will do my best to make sure that the new cmake also works with ninja, since support should be relatively simple. Raef ________________________________________ From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> on behalf of Kevin Townsend via TF-M <tf-m(a)lists.trustedfirmware.org> Sent: 02 June 2020 12:11 To: Thomas Törnblom via TF-M Subject: [TF-M] Changes required to enable Zephyr integration as External_Project Hi, The following task lists some of the changes that we had to make to enable TF-M to be built using ExternalProject_Add from Zephyr, as well as enabling the use of ninja for TF-M builds (which is often significantly faster than using classic makefiles): https://developer.trustedfirmware.org/T760 The ninja changes have been tested with: $ cmake -GNinja -DPROJ_CONFIG=`readlink -f ../configs/ConfigDefault.cmake` -DTARGET_PLATFORM=LPC55S69 -DBL2=False -DCOMPILER=GNUARM .. $ ninja The changes to imgtool.py resolve some platform issues when signing binaries, and add a convenience requirements.txt file that can be run in CI to ensure that all of the Python dependencies are met for this tool. Any concerns or feedback on these are welcome, but I would be interested to hear any opinions on ninja which is often considerably faster out of the box when compiling (at least on Linux and native OS X, which is what I use for my builds). Best regards, Kevin

5 years, 5 months

1
0
0 0

Changes required to enable Zephyr integration as External_Project

by Kevin Townsend

Hi, The following task lists some of the changes that we had to make to enable TF-M to be built using ExternalProject_Add from Zephyr, as well as enabling the use of ninja for TF-M builds (which is often significantly faster than using classic makefiles): https://developer.trustedfirmware.org/T760 The ninja changes have been tested with: $ cmake -GNinja -DPROJ_CONFIG=`readlink -f ../configs/ConfigDefault.cmake` -DTARGET_PLATFORM=LPC55S69 -DBL2=False -DCOMPILER=GNUARM .. $ ninja The changes to imgtool.py resolve some platform issues when signing binaries, and add a convenience requirements.txt file that can be run in CI to ensure that all of the Python dependencies are met for this tool. Any concerns or feedback on these are welcome, but I would be interested to hear any opinions on ninja which is often considerably faster out of the box when compiling (at least on Linux and native OS X, which is what I use for my builds). Best regards, Kevin

5 years, 5 months

1
0
0 0

Re: [TF-M] DSP instructions and FPU use

by Soby Mathew

Hi Ken, I agree that FPCCR_S.TS (in addition to other setting for FP) should be set if FPU needs to be used in secure world. The FPCCR.LSPEN allows saving the context lazily which was what I was referring to previously. Eventhough the hardware is performing the stacking, the policy chosen (lazy stacking/stack always) affects interrupt latency which should be considered for the design for FPU usage in TF-M. Best Regards Soby Mathew From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Ken Liu via TF-M Sent: 01 June 2020 15:55 To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] DSP instructions and FPU use Hi Soby & Andrej, The FP context is managed by hardware automatically in M-profile architecture. While booting we clear FPCA since we are not using FP under handler mode, we don't want FP get involved during initialization and need extra clean up job. But if a thread uses FP the FPCA is set to 1 automatically, and if exceptions are happening the FP context stacked automatically by hardware - the secure scheduler just keep the EXC_RETURN which contains FP context and finally recover it back. Which means if you enabled hardware FP unintentional it can work, the only place a problem may occur should be the non-secure preempting secure execution case. I think the only thing we are missing now is we did not set FPCCR_S.TS = 1 since we did not realize that user would enable FP in secure world. This would cause the FP register may contain secure information while Non-secure preempting secure execution. Need to go through the settings and double-check. So at least before we finish the estimation I think FPCCR_S.TS should be set to ensure the security. Andrej, have you set this bit while you are using hardware FP? Or just let it go (use default TF-M setting)? Thanks. /Ken From: Soby Mathew <Soby.Mathew(a)arm.com<mailto:Soby.Mathew@arm.com>> Sent: Monday, June 1, 2020 5:25 PM To: Ken Liu <Ken.Liu(a)arm.com<mailto:Ken.Liu@arm.com>>; tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: RE: DSP instructions and FPU use Hi, For enabling floating point the ARMv8-M architecture allows the flowing possibilities : * Stacking the basic Floating-point context. * Stacking the basic Floating-point context and the additional Floating-point context. * Activation of Lazy Floating-point state preservation. The easiest way would be to enable FP context stacking for every context switch but it would impact every context switch irrespective of whether FP unit is used in that context or not . I guess this is the approach taken by Andrej ? . The Lazy Floating point state preservation would be better for performance but it would have additional complexity in managing the contexts. Just blue sky thinking here: There could be a middle ground wherein some partitions are allowed to use FP while others are not because they don't really need to. The ones allowed to use FP will need to cater for the additional stack requirement to save FP context. The actual save of the context can be done either on context switch to the partition or lazily. This approach could give the benefit of both performance and memory savings but it requires some analysis and design to be done in TF-M. Best Regards Soby Mathew From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Ken Liu via TF-M Sent: 01 June 2020 09:05 To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: Re: [TF-M] DSP instructions and FPU use Hi Andrej, You mean the hardware floatpoint can be used in the Secure Partition? That's a good information, can you share us the compiler flags about float-point you are using? Thanks. /Ken From: Andrej Butok <andrey.butok(a)nxp.com<mailto:andrey.butok@nxp.com>> Sent: Monday, June 1, 2020 2:46 PM To: Ken Liu <Ken.Liu(a)arm.com<mailto:Ken.Liu@arm.com>> Cc: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: RE: DSP instructions and FPU use FYI: >> Can you do some experiments on enabling hardware float point and see if it is working In our SDK, the LPC55S HW Float point is enabled for all TFM projects (Kel, GCC/MCUx), and it works. From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Ken Liu via TF-M Sent: Monday, June 1, 2020 8:41 AM To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: Re: [TF-M] DSP instructions and FPU use Hi Cindy, The reason is we need to estimate the potential security risks after enabling hardware floating-point, so it is set as software FPU as default. Can you do some experiments on enabling hardware float point and see if it is working, and then let's see the patch? That would be helpful for our estimation. During bootup, we cleared the CONTROL.FPCA, and if you access hardware float point in a partition thread should work because it would re-invoke the FPCA bit and make everything work as usual. But as I mentioned, we need to estimate it and give a proper solution and then enable your patch. For DSP, a similar reason is there, we need to take an estimation. But in theory, you can enable the things you have on the hardware, just be caution that the shared resources between S/NS can be the risk (and the resource sharing caused - co-work problem, the context save/load). Thanks. /Ken From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Cindy Chaumont via TF-M Sent: Friday, May 29, 2020 6:39 PM To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: [TF-M] DSP instructions and FPU use Hello, I am using the GNUARM compiler and LPCXpresso55S69-EVK dev board and I would like to use DSP instructions and FPU (in secure image). About FPU, it seems there is no way to use the hardware floating-point support instead of the software support (see "-msoft-float" flag in CommonConfig.cmake file). Is there a reason for that? Maybe some performance reasons? About DSP, in CompilerGNUARMxy.cmake files, architecture definition is preferred to CPU type and, in my case, "-march=armv8-m.main" flags is chosen (without +dsp option). The solution I found is to only define ARM_CPU_TYPE (and not ARM_CPU_ARCHITECTURE) to use "-mcpu=cortex-m33" flag instead of "-march=armv8-m.main". So I can use DSP instructions. However, I am not sure if this is the best solution. Maybe an option could be added to allow or not the use of DSP instructions? Thank you in advance for the answer, Best regards, Cindy

5 years, 5 months

1
0
0 0

Re: [TF-M] build error

by Shawn Shan

Hi Brian, Did you empty the build directory before you build? And this is the recommended commit id for each of the repositories: Mbed-crypto: 1146b4e06011b69a6437e6b728f2af043a06ec19 Tag mbedcrypto-3.0.1 Mbedtls: 3187e7ca986fe199313343b0c810e41b543ef78a Tag mbedtls-2.7.9 CMSIS_5: 80cc44bba16cb4c8f495b7aa9709d41ac50e9529 Tag 5.2.0 Could you share us the commit id of each repo and the toolchain version (arm-none-eabi-gcc -v) you are using? Thanks, Shawn From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Quach, Brian via TF-M Sent: Tuesday, June 2, 2020 7:25 AM To: tf-m(a)lists.trustedfirmware.org Subject: [TF-M] build error Hi All, I'm using the latest TF-M, embedTLS, and CMSIS 5 code (repo HEAD). I renamed embedtls to embed-crypto. I ran "cmake ../ -G"Unix Makefiles" -DTARGET_PLATFORM=AN521 -DCOMPILER=GNUARM" which seemed to execute fine, but I'm getting an error on the next step. Does anyone know the solution? mnt/c/Gits/trusted-firmware-m/cmake_build$ cmake --build ./ -- install [ 0%] Built target tfm_s_pp_image_macros_to_preprocess_s_1 [ 0%] Built target tfm_s_pp_tfm_common_s_1 [ 0%] Building C object secure_fw/CMakeFiles/tfm_s_obj_lib.dir/spm/spm_func.o /tmp/ccpVCp1C.s: Assembler messages: /tmp/ccpVCp1C.s:47: Error: syntax error -- `msr psplim,r3' secure_fw/CMakeFiles/tfm_s_obj_lib.dir/build.make:86: recipe for target 'secure_fw/CMakeFiles/tfm_s_obj_lib.dir/spm/spm_func.o' failed make[2]: *** [secure_fw/CMakeFiles/tfm_s_obj_lib.dir/spm/spm_func.o] Error 1 CMakeFiles/Makefile2:189: recipe for target 'secure_fw/CMakeFiles/tfm_s_obj_lib.dir/all' failed make[1]: *** [secure_fw/CMakeFiles/tfm_s_obj_lib.dir/all] Error 2 Makefile:129: recipe for target 'all' failed make: *** [all] Error 2 Regards, Brian Quach SimpleLink MCU Texas Instruments Inc. 12500 TI Blvd, MS F-4000 Dallas, TX 75243 214-479-4076

5 years, 5 months

1
0
0 0

build error

by Quach, Brian

Hi All, I'm using the latest TF-M, embedTLS, and CMSIS 5 code (repo HEAD). I renamed embedtls to embed-crypto. I ran "cmake ../ -G"Unix Makefiles" -DTARGET_PLATFORM=AN521 -DCOMPILER=GNUARM" which seemed to execute fine, but I'm getting an error on the next step. Does anyone know the solution? mnt/c/Gits/trusted-firmware-m/cmake_build$ cmake --build ./ -- install [ 0%] Built target tfm_s_pp_image_macros_to_preprocess_s_1 [ 0%] Built target tfm_s_pp_tfm_common_s_1 [ 0%] Building C object secure_fw/CMakeFiles/tfm_s_obj_lib.dir/spm/spm_func.o /tmp/ccpVCp1C.s: Assembler messages: /tmp/ccpVCp1C.s:47: Error: syntax error -- `msr psplim,r3' secure_fw/CMakeFiles/tfm_s_obj_lib.dir/build.make:86: recipe for target 'secure_fw/CMakeFiles/tfm_s_obj_lib.dir/spm/spm_func.o' failed make[2]: *** [secure_fw/CMakeFiles/tfm_s_obj_lib.dir/spm/spm_func.o] Error 1 CMakeFiles/Makefile2:189: recipe for target 'secure_fw/CMakeFiles/tfm_s_obj_lib.dir/all' failed make[1]: *** [secure_fw/CMakeFiles/tfm_s_obj_lib.dir/all] Error 2 Makefile:129: recipe for target 'all' failed make: *** [all] Error 2 Regards, Brian Quach SimpleLink MCU Texas Instruments Inc. 12500 TI Blvd, MS F-4000 Dallas, TX 75243 214-479-4076

5 years, 5 months

1
0
0 0

Re: [TF-M] DSP instructions and FPU use

by Soby Mathew

Hi, For enabling floating point the ARMv8-M architecture allows the flowing possibilities : * Stacking the basic Floating-point context. * Stacking the basic Floating-point context and the additional Floating-point context. * Activation of Lazy Floating-point state preservation. The easiest way would be to enable FP context stacking for every context switch but it would impact every context switch irrespective of whether FP unit is used in that context or not . I guess this is the approach taken by Andrej ? . The Lazy Floating point state preservation would be better for performance but it would have additional complexity in managing the contexts. Just blue sky thinking here: There could be a middle ground wherein some partitions are allowed to use FP while others are not because they don't really need to. The ones allowed to use FP will need to cater for the additional stack requirement to save FP context. The actual save of the context can be done either on context switch to the partition or lazily. This approach could give the benefit of both performance and memory savings but it requires some analysis and design to be done in TF-M. Best Regards Soby Mathew From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Ken Liu via TF-M Sent: 01 June 2020 09:05 To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] DSP instructions and FPU use Hi Andrej, You mean the hardware floatpoint can be used in the Secure Partition? That's a good information, can you share us the compiler flags about float-point you are using? Thanks. /Ken From: Andrej Butok <andrey.butok(a)nxp.com<mailto:andrey.butok@nxp.com>> Sent: Monday, June 1, 2020 2:46 PM To: Ken Liu <Ken.Liu(a)arm.com<mailto:Ken.Liu@arm.com>> Cc: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: RE: DSP instructions and FPU use FYI: >> Can you do some experiments on enabling hardware float point and see if it is working In our SDK, the LPC55S HW Float point is enabled for all TFM projects (Kel, GCC/MCUx), and it works. From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Ken Liu via TF-M Sent: Monday, June 1, 2020 8:41 AM To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: Re: [TF-M] DSP instructions and FPU use Hi Cindy, The reason is we need to estimate the potential security risks after enabling hardware floating-point, so it is set as software FPU as default. Can you do some experiments on enabling hardware float point and see if it is working, and then let's see the patch? That would be helpful for our estimation. During bootup, we cleared the CONTROL.FPCA, and if you access hardware float point in a partition thread should work because it would re-invoke the FPCA bit and make everything work as usual. But as I mentioned, we need to estimate it and give a proper solution and then enable your patch. For DSP, a similar reason is there, we need to take an estimation. But in theory, you can enable the things you have on the hardware, just be caution that the shared resources between S/NS can be the risk (and the resource sharing caused - co-work problem, the context save/load). Thanks. /Ken From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Cindy Chaumont via TF-M Sent: Friday, May 29, 2020 6:39 PM To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: [TF-M] DSP instructions and FPU use Hello, I am using the GNUARM compiler and LPCXpresso55S69-EVK dev board and I would like to use DSP instructions and FPU (in secure image). About FPU, it seems there is no way to use the hardware floating-point support instead of the software support (see "-msoft-float" flag in CommonConfig.cmake file). Is there a reason for that? Maybe some performance reasons? About DSP, in CompilerGNUARMxy.cmake files, architecture definition is preferred to CPU type and, in my case, "-march=armv8-m.main" flags is chosen (without +dsp option). The solution I found is to only define ARM_CPU_TYPE (and not ARM_CPU_ARCHITECTURE) to use "-mcpu=cortex-m33" flag instead of "-march=armv8-m.main". So I can use DSP instructions. However, I am not sure if this is the best solution. Maybe an option could be added to allow or not the use of DSP instructions? Thank you in advance for the answer, Best regards, Cindy

5 years, 5 months

2
1
0 0

Re: [TF-M] DSP instructions and FPU use

by Andrej Butok

FYI: >> Can you do some experiments on enabling hardware float point and see if it is working In our SDK, the LPC55S HW Float point is enabled for all TFM projects (Kel, GCC/MCUx), and it works. From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Ken Liu via TF-M Sent: Monday, June 1, 2020 8:41 AM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] DSP instructions and FPU use Hi Cindy, The reason is we need to estimate the potential security risks after enabling hardware floating-point, so it is set as software FPU as default. Can you do some experiments on enabling hardware float point and see if it is working, and then let's see the patch? That would be helpful for our estimation. During bootup, we cleared the CONTROL.FPCA, and if you access hardware float point in a partition thread should work because it would re-invoke the FPCA bit and make everything work as usual. But as I mentioned, we need to estimate it and give a proper solution and then enable your patch. For DSP, a similar reason is there, we need to take an estimation. But in theory, you can enable the things you have on the hardware, just be caution that the shared resources between S/NS can be the risk (and the resource sharing caused - co-work problem, the context save/load). Thanks. /Ken From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Cindy Chaumont via TF-M Sent: Friday, May 29, 2020 6:39 PM To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: [TF-M] DSP instructions and FPU use Hello, I am using the GNUARM compiler and LPCXpresso55S69-EVK dev board and I would like to use DSP instructions and FPU (in secure image). About FPU, it seems there is no way to use the hardware floating-point support instead of the software support (see "-msoft-float" flag in CommonConfig.cmake file). Is there a reason for that? Maybe some performance reasons? About DSP, in CompilerGNUARMxy.cmake files, architecture definition is preferred to CPU type and, in my case, "-march=armv8-m.main" flags is chosen (without +dsp option). The solution I found is to only define ARM_CPU_TYPE (and not ARM_CPU_ARCHITECTURE) to use "-mcpu=cortex-m33" flag instead of "-march=armv8-m.main". So I can use DSP instructions. However, I am not sure if this is the best solution. Maybe an option could be added to allow or not the use of DSP instructions? Thank you in advance for the answer, Best regards, Cindy

5 years, 5 months

2
1
0 0

Re: [TF-M] DSP instructions and FPU use

by Ken Liu

Hi Cindy, The reason is we need to estimate the potential security risks after enabling hardware floating-point, so it is set as software FPU as default. Can you do some experiments on enabling hardware float point and see if it is working, and then let's see the patch? That would be helpful for our estimation. During bootup, we cleared the CONTROL.FPCA, and if you access hardware float point in a partition thread should work because it would re-invoke the FPCA bit and make everything work as usual. But as I mentioned, we need to estimate it and give a proper solution and then enable your patch. For DSP, a similar reason is there, we need to take an estimation. But in theory, you can enable the things you have on the hardware, just be caution that the shared resources between S/NS can be the risk (and the resource sharing caused - co-work problem, the context save/load). Thanks. /Ken From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Cindy Chaumont via TF-M Sent: Friday, May 29, 2020 6:39 PM To: tf-m(a)lists.trustedfirmware.org Subject: [TF-M] DSP instructions and FPU use Hello, I am using the GNUARM compiler and LPCXpresso55S69-EVK dev board and I would like to use DSP instructions and FPU (in secure image). About FPU, it seems there is no way to use the hardware floating-point support instead of the software support (see "-msoft-float" flag in CommonConfig.cmake file). Is there a reason for that? Maybe some performance reasons? About DSP, in CompilerGNUARMxy.cmake files, architecture definition is preferred to CPU type and, in my case, "-march=armv8-m.main" flags is chosen (without +dsp option). The solution I found is to only define ARM_CPU_TYPE (and not ARM_CPU_ARCHITECTURE) to use "-mcpu=cortex-m33" flag instead of "-march=armv8-m.main". So I can use DSP instructions. However, I am not sure if this is the best solution. Maybe an option could be added to allow or not the use of DSP instructions? Thank you in advance for the answer, Best regards, Cindy

5 years, 5 months

1
0
0 0

[IMPORTANT] [SOURCE STRUCTURE] The first structure adjust patch is pushed

by Ken Liu

Hi, As the first commit of 'source_structure' document is merged, here is the first patch to follow the document: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/4315 The patch looks big, even it just adjusts the content inside 'secure_fw'. To make the related sources can pass the building, some files out of the 'secure_fw' need to be changed. The goal of merging is ASAP so that we won't block upcoming features. Please provide the feedback about potential USAGE problem you may meet. As the patch is big, it won't be applicable to make THIS patch perfect to meet all the requirements defined in the document, a series of upcoming patches would come as amending. Also if there are suggestions about the structure document, please write to the mailing list and put discussion in this task: https://developer.trustedfirmware.org/T751 The rendered structure document: https://ci.trustedfirmware.org/job/tf-m-build-test-nightly/252/artifact/bui… BR /Ken

5 years, 5 months

1
0
0 0

DSP instructions and FPU use

by Cindy Chaumont

Hello, I am using the GNUARM compiler and LPCXpresso55S69-EVK dev board and I would like to use DSP instructions and FPU (in secure image). About FPU, it seems there is no way to use the hardware floating-point support instead of the software support (see "-msoft-float" flag in CommonConfig.cmake file). Is there a reason for that? Maybe some performance reasons? About DSP, in CompilerGNUARMxy.cmake files, architecture definition is preferred to CPU type and, in my case, "-march=armv8-m.main" flags is chosen (without +dsp option). The solution I found is to only define ARM_CPU_TYPE (and not ARM_CPU_ARCHITECTURE) to use "-mcpu=cortex-m33" flag instead of "-march=armv8-m.main". So I can use DSP instructions. However, I am not sure if this is the best solution. Maybe an option could be added to allow or not the use of DSP instructions? Thank you in advance for the answer, Best regards, Cindy

5 years, 5 months

1
0
0 0

TF-M Profile Small patches merged

by David Hu

Hi all, TF-M Profile Small patches are merged in TF-M master branch. Thanks a lot for all your review, comments and support. I'd appreciate it if you could feedback and share ideas while enabling Profile Small in your actual use cases. If there is any issue, please feel free to let us know. Thank you. The next step will bring in symmetric key algorithm based Initial Attestation and then Profile Small can have a full set of features. Best regards, Hu Ziji

5 years, 5 months

1
0
0 0

Correction - MMIO region is not sharable between partitions

by Ken Liu

Hi, In the tech forum I mentioned a potential way of sharing MMIO regions - this is not correct. Double checked the PSA FF and it is defined explicitly in the spec page 43: "A Secure Partition always has exclusive access to an MMIO region. Secure Partitions are not allowed to share MMIO regions with other Secure Partitions and MMIO regions are not allowed to overlap." Sorry for the confusion. BR /Ken

5 years, 5 months

1
0
0 0

Re: [TF-M] [Compiler related] Unify necessary and minimal set compiler definitions for SPM

by Jonatan Antoni

Hi Gyorgy, Ken, Let me add one statement to Gyorgy's > It became a de-facto standard and most compilers support it. Compilers not yet supported can be easily added, if required. Cheers, Jonatan From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Gyorgy Szing via TF-M Sent: 27 May 2020 10:45 To: Ken Liu <Ken.Liu(a)arm.com>; tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] [Compiler related] Unify necessary and minimal set compiler definitions for SPM Hi Ken, One of the most well working part of CMSIS is the compiler abstraction layer: * It does wat is needed. * Most functionality can not be coded in a different way (i.e. intrinsics). * It became a de-facto standard and most compilers support it. What are the benefits driving re-implementation? /George From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Ken Liu via TF-M Sent: 27 May 2020 02:39 To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: Re: [TF-M] [Compiler related] Unify necessary and minimal set compiler definitions for SPM Hi Jamie, At the current stage: * The CMSIS headers dependency has been moved into HAL, the SPM native code would not rely on specific system provided definitions. * These usages are quite TF-M specific and small so there is less significance to upstream back, we can revisit if need to do this after extended the header content - but this extending is out of original design expectation. BR /Ken From: Jamie Fox <Jamie.Fox(a)arm.com<mailto:Jamie.Fox@arm.com>> Sent: Tuesday, May 26, 2020 10:52 PM To: Ken Liu <Ken.Liu(a)arm.com<mailto:Ken.Liu@arm.com>>; tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: RE: [Compiler related] Unify necessary and minimal set compiler definitions for SPM Hi Ken, Many similar abstractions for compiler C language extensions are provided by cmsis_compiler.h, already copied into the TF-M code base. If it does not meet all of our needs, should we consider proposing improvements to the upstream CMSIS project? Kind regards, Jamie From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Ken Liu via TF-M Sent: 25 May 2020 05:02 To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: [TF-M] [Compiler related] Unify necessary and minimal set compiler definitions for SPM Hi, We created a proposal to define a minimal set of compiler specific-definitions for SPM. The reason is to avoid many #ifdef inside SPM code. Only limited definitions are defined. Platform sources need to use platform defined headers for these definitions, such as CMSIS headers. Special usage such as 'weak' or 'noreturn' are forbidden inside SPM. Please put comments for this change: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/4211 Or reply here. This is just an example patch, the follow up would apply this defined headers to all SPM sources. Thanks /Ken

5 years, 5 months

1
0
0 0

Re: [TF-M] [Compiler related] Unify necessary and minimal set compiler definitions for SPM

by Gyorgy Szing

Hi Ken, One of the most well working part of CMSIS is the compiler abstraction layer: * It does wat is needed. * Most functionality can not be coded in a different way (i.e. intrinsics). * It became a de-facto standard and most compilers support it. What are the benefits driving re-implementation? /George From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Ken Liu via TF-M Sent: 27 May 2020 02:39 To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] [Compiler related] Unify necessary and minimal set compiler definitions for SPM Hi Jamie, At the current stage: * The CMSIS headers dependency has been moved into HAL, the SPM native code would not rely on specific system provided definitions. * These usages are quite TF-M specific and small so there is less significance to upstream back, we can revisit if need to do this after extended the header content - but this extending is out of original design expectation. BR /Ken From: Jamie Fox <Jamie.Fox(a)arm.com<mailto:Jamie.Fox@arm.com>> Sent: Tuesday, May 26, 2020 10:52 PM To: Ken Liu <Ken.Liu(a)arm.com<mailto:Ken.Liu@arm.com>>; tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: RE: [Compiler related] Unify necessary and minimal set compiler definitions for SPM Hi Ken, Many similar abstractions for compiler C language extensions are provided by cmsis_compiler.h, already copied into the TF-M code base. If it does not meet all of our needs, should we consider proposing improvements to the upstream CMSIS project? Kind regards, Jamie From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Ken Liu via TF-M Sent: 25 May 2020 05:02 To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: [TF-M] [Compiler related] Unify necessary and minimal set compiler definitions for SPM Hi, We created a proposal to define a minimal set of compiler specific-definitions for SPM. The reason is to avoid many #ifdef inside SPM code. Only limited definitions are defined. Platform sources need to use platform defined headers for these definitions, such as CMSIS headers. Special usage such as 'weak' or 'noreturn' are forbidden inside SPM. Please put comments for this change: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/4211 Or reply here. This is just an example patch, the follow up would apply this defined headers to all SPM sources. Thanks /Ken

5 years, 5 months

2
1
0 0

Re: [TF-M] Pre-provisioned keys

by Tamas Ban

Hi Brian, The pre-provisioned keys are highly platform dependent. TF-M just provide an API to access them, but currently we have no standard/general solution to storing them. There was question a few weeks ago related to same topic. I just copied Shebu's past answer here: "Provisioning was added as a future roadmap item in anticipation of a PSA Provisioning Specification. The Specification (Factory or application specific) hasn't happened so far. There is no active work ongoing in TF-M around provisioning. TF-M using provisioned keys in CC-312 on MuscaB1 platform is available as an example. See details here<https://ci.trustedfirmware.org/job/tf-m-build-test-nightly/lastSuccessfulBu…> under CC312 heading. In TrustedFirmware TSC, provisioning has been a discussion topic sometime back. Search for provisioning in the minutes below. https://github.com/microbuilder/certificate_chains/blob/master/rfc_tfm.md is an RFC that Kevin prepared during those discussions for TF-M devices to use certificate chain. " I hope this helps! Tamas From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Ken Liu via TF-M Sent: 27 May 2020 03:41 To: tf-m(a)lists.trustedfirmware.org; Quach, Brian <brian(a)ti.com> Cc: nd <nd(a)arm.com> Subject: [TF-M] FW: Pre-provisioned keys Hi Folks, Brian got one question about pre-provisioned keys, anyone could reply? Hi Brian, you can subscribe the mailing list here: https://lists.trustedfirmware.org/mailman/listinfo/tf-m Thanks. /Ken From: Quach, Brian <brian(a)ti.com<mailto:brian@ti.com>> Sent: Wednesday, May 27, 2020 6:36 AM Subject: Pre-provisioned keys Hi Ken, Does TF-M have a plan for storing and accessing persistent keys (such as HUK) installed to flash at the factory prior to provisioning of the device? I had seen these as being stored outside of ITS flash in some compile time defined location and being read-only. Regards, Brian

5 years, 5 months

1
0
0 0

FW: Pre-provisioned keys

by Ken Liu

Hi Folks, Brian got one question about pre-provisioned keys, anyone could reply? Hi Brian, you can subscribe the mailing list here: https://lists.trustedfirmware.org/mailman/listinfo/tf-m Thanks. /Ken From: Quach, Brian <brian(a)ti.com> Sent: Wednesday, May 27, 2020 6:36 AM Subject: Pre-provisioned keys Hi Ken, Does TF-M have a plan for storing and accessing persistent keys (such as HUK) installed to flash at the factory prior to provisioning of the device? I had seen these as being stored outside of ITS flash in some compile time defined location and being read-only. Regards, Brian

5 years, 5 months

1
0
0 0

Re: [TF-M] [Compiler related] Unify necessary and minimal set compiler definitions for SPM

by Jamie Fox

Hi Ken, Many similar abstractions for compiler C language extensions are provided by cmsis_compiler.h, already copied into the TF-M code base. If it does not meet all of our needs, should we consider proposing improvements to the upstream CMSIS project? Kind regards, Jamie From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Ken Liu via TF-M Sent: 25 May 2020 05:02 To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: [TF-M] [Compiler related] Unify necessary and minimal set compiler definitions for SPM Hi, We created a proposal to define a minimal set of compiler specific-definitions for SPM. The reason is to avoid many #ifdef inside SPM code. Only limited definitions are defined. Platform sources need to use platform defined headers for these definitions, such as CMSIS headers. Special usage such as 'weak' or 'noreturn' are forbidden inside SPM. Please put comments for this change: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/4211 Or reply here. This is just an example patch, the follow up would apply this defined headers to all SPM sources. Thanks /Ken

5 years, 5 months

2
1
0 0

Re: [TF-M] TF-M Technical Forum call - May 28

by Edison Ai

Hi Anton, I want to give an introduction about the HAL for TF-M core, about 30 mins. Thanks, Edison From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Anton Komlev via TF-M Sent: Tuesday, May 19, 2020 9:46 PM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: [TF-M] TF-M Technical Forum call - May 28 Hello, The next Technical Forum is planned on Thursday, May 28 at 6:00-7:00 UTC (Asia time zone). Please reply on this email with your proposals for agenda topics. Here are some local time examples: Location Local Time Time Zone UTC Offset Vancouver<https://www.timeanddate.com/worldclock/canada/vancouver> (Canada - British Columbia) Wednesday, 27 May 2020, 23:00:00 PDT<https://www.timeanddate.com/time/zones/pdt> UTC-7 hours Chicago<https://www.timeanddate.com/worldclock/usa/chicago> (USA - Illinois) Thursday, 28 May 2020, 01:00:00 CDT<https://www.timeanddate.com/time/zones/cdt> UTC-5 hours Cambridge<https://www.timeanddate.com/worldclock/uk/cambridge> (United Kingdom - England) Thursday, 28 May 2020, 07:00:00 BST<https://www.timeanddate.com/time/zones/bst> UTC+1 hour Shanghai<https://www.timeanddate.com/worldclock/china/shanghai> (China - Shanghai Municipality) Thursday, 28 May 2020, 14:00:00 CST<https://www.timeanddate.com/time/zones/cst-china> UTC+8 hours Corresponding UTC (GMT) Thursday, 28 May 2020, 06:00:00<https://www.timeanddate.com/worldclock/fixedtime.html?iso=20200528T0600> Best regards, Anton Komlev

5 years, 5 months

1
0
0 0

by Ken Liu

Hi, We created a proposal to define a minimal set of compiler specific-definitions for SPM. The reason is to avoid many #ifdef inside SPM code. Only limited definitions are defined. Platform sources need to use platform defined headers for these definitions, such as CMSIS headers. Special usage such as 'weak' or 'noreturn' are forbidden inside SPM. Please put comments for this change: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/4211 Or reply here. This is just an example patch, the follow up would apply this defined headers to all SPM sources. Thanks /Ken

5 years, 5 months

1
0
0 0

Simplify the veneers of library model

by Mingyang Sun

Hi all, In the current implementation, every secure function has an associated veneer function. Therefore, there are so many veneer functions in ‘tfm_veneers.c’, which have a similar prototype. This would lead to: * Waste of the veneer and secure function size – these APIs have a similar prototype, and they have unified NS dispatcher already. * More secure functions lead to more veneers and potential re-configuration of the non-secure callable area. This patch tries to unify the service entry so that: * Similar function codes do not need to be duplicated. * Keeping almost the same performance. This is also an experiment patch to start the journey to the SFN model Andrew proposed. Let’s see the feedbacks and decide what to do in the next step. https://review.trustedfirmware.org/c/trusted-firmware-m/+/4115 Please do feedback, especially the library model users – please check what kinds of the inconvenience it brings so that we can discuss the correct shape. Here are some details in the patch: Prototype of the unified veneer function: psa_status_t tfm_sfc_call(uint32_t ctrl, psa_invec *in_vec, psa_outvec *out_vec); where: the uint32_t type parameter ‘ctrl’ is a pack of parameters - psa invec length, psa outvec length, and function identifier. [8 bits for inlen][8 bits for outlen][16 bits for function identifier] This is to avoid the condition that 5 parameters will cause re-wrapping of parameters. Time cost and code size measurement: github-tracking Use the unified veneer cost of a veneer call is 1264 cost of an interrupt is 941 veneer used 832B, region size 832B, 100% cost of a veneer call is 1274 cost of an interrupt is 941 veneer used 64B, region size 832B, 7.69% Thanks, Mingyang

5 years, 5 months

1
0
0 0

Re: [TF-M] TF-M and provisioning

by Shebu Varghese Kuriakose

Hi Gernot, Provisioning was added as a future roadmap item in anticipation of a PSA Provisioning Specification. The Specification (Factory or application specific) hasn't happened so far. There is no active work ongoing in TF-M around provisioning. TF-M using provisioned keys in CC-312 on MuscaB1 platform is available as an example. See details here<https://ci.trustedfirmware.org/job/tf-m-build-test-nightly/lastSuccessfulBu…> under CC312 heading. In TrustedFirmware TSC, provisioning has been a discussion topic sometime back. Search for provisioning in the minutes below. https://github.com/microbuilder/certificate_chains/blob/master/rfc_tfm.md is an RFC that Kevin prepared during those discussions for TF-M devices to use certificate chain. Regards, Shebu https://lists.trustedfirmware.org/pipermail/tsc/2019-September/000044.html https://lists.trustedfirmware.org/pipermail/tsc/2019-October/000048.html https://lists.trustedfirmware.org/pipermail/tsc/2019-November/000052.html https://lists.trustedfirmware.org/pipermail/tsc/2019-December/000068.html https://lists.trustedfirmware.org/pipermail/tsc/2020-January/000072.html https://lists.trustedfirmware.org/pipermail/tsc/2020-February/000076.html -----Original Message----- From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Gernot Kvas via TF-M Sent: Tuesday, May 19, 2020 10:03 PM To: tf-m(a)lists.trustedfirmware.org Subject: [TF-M] TF-M and provisioning Hello, I would like to understand the background behind roadmap item "Provisioning" that is mentioned here [1] (Slide 31) and here [2]. What provisioning functionality would we be talking here, is it provisioning as in "RoT provisioning", so more towards manufacturing as defined in the PSA security lifecycle, or provisioning when the device is in state "Secured", so more towards application specific-data? I would assume the latter, but couldn't find any more information on this subject. Any pointers would be highly appreciated. Thanks for your help & kind regards, Gernot [1] https://static.linaro.org/connect/san19/presentations/san19-203.pdf [2] https://developer.trustedfirmware.org/w/tf_m/planning/ -- TF-M mailing list TF-M(a)lists.trustedfirmware.org<mailto:TF-M@lists.trustedfirmware.org> https://lists.trustedfirmware.org/mailman/listinfo/tf-m

5 years, 5 months

1
0
0 0

TF-M and provisioning

by Gernot Kvas

Hello, I would like to understand the background behind roadmap item "Provisioning" that is mentioned here [1] (Slide 31) and here [2]. What provisioning functionality would we be talking here, is it provisioning as in "RoT provisioning", so more towards manufacturing as defined in the PSA security lifecycle, or provisioning when the device is in state "Secured", so more towards application specific-data? I would assume the latter, but couldn't find any more information on this subject. Any pointers would be highly appreciated. Thanks for your help & kind regards, Gernot [1] https://static.linaro.org/connect/san19/presentations/san19-203.pdf [2] https://developer.trustedfirmware.org/w/tf_m/planning/

5 years, 5 months

1
0
0 0

Re: [TF-M] TF-M Technical Forum call - May 14

by Anton Komlev

Ups, please ignore this invitation with outdated subject. I have sent a better one. Sorry for confusion. Anton From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Anton Komlev via TF-M Sent: 19 May 2020 13:58 To: tf-m(a)lists.trustedfirmware.org Subject: [TF-M] TF-M Technical Forum call - May 14 Hello, The next Technical Forum is planned on Thursday, May 28 at 6:00-7:00 UTC (Asia time zone). Please reply on this email with your proposals for agenda topics. Here are some local time examples: Location Local Time Time Zone UTC Offset Vancouver<https://www.timeanddate.com/worldclock/canada/vancouver> (Canada - British Columbia) Wednesday, 27 May 2020, 23:00:00 PDT<https://www.timeanddate.com/time/zones/pdt> UTC-7 hours Chicago<https://www.timeanddate.com/worldclock/usa/chicago> (USA - Illinois) Thursday, 28 May 2020, 01:00:00 CDT<https://www.timeanddate.com/time/zones/cdt> UTC-5 hours Cambridge<https://www.timeanddate.com/worldclock/uk/cambridge> (United Kingdom - England) Thursday, 28 May 2020, 07:00:00 BST<https://www.timeanddate.com/time/zones/bst> UTC+1 hour Shanghai<https://www.timeanddate.com/worldclock/china/shanghai> (China - Shanghai Municipality) Thursday, 28 May 2020, 14:00:00 CST<https://www.timeanddate.com/time/zones/cst-china> UTC+8 hours Corresponding UTC (GMT) Thursday, 28 May 2020, 06:00:00<https://www.timeanddate.com/worldclock/fixedtime.html?iso=20200528T0600> Best regards, Anton Komlev

5 years, 5 months

1
0
0 0

TF-M Technical Forum call - May 28

by Anton Komlev

Hello, The next Technical Forum is planned on Thursday, May 28 at 6:00-7:00 UTC (Asia time zone). Please reply on this email with your proposals for agenda topics. Here are some local time examples: Location Local Time Time Zone UTC Offset Vancouver<https://www.timeanddate.com/worldclock/canada/vancouver> (Canada - British Columbia) Wednesday, 27 May 2020, 23:00:00 PDT<https://www.timeanddate.com/time/zones/pdt> UTC-7 hours Chicago<https://www.timeanddate.com/worldclock/usa/chicago> (USA - Illinois) Thursday, 28 May 2020, 01:00:00 CDT<https://www.timeanddate.com/time/zones/cdt> UTC-5 hours Cambridge<https://www.timeanddate.com/worldclock/uk/cambridge> (United Kingdom - England) Thursday, 28 May 2020, 07:00:00 BST<https://www.timeanddate.com/time/zones/bst> UTC+1 hour Shanghai<https://www.timeanddate.com/worldclock/china/shanghai> (China - Shanghai Municipality) Thursday, 28 May 2020, 14:00:00 CST<https://www.timeanddate.com/time/zones/cst-china> UTC+8 hours Corresponding UTC (GMT) Thursday, 28 May 2020, 06:00:00<https://www.timeanddate.com/worldclock/fixedtime.html?iso=20200528T0600> Best regards, Anton Komlev

5 years, 5 months

1
0
0 0

TF-M Technical Forum call - May 14

by Anton Komlev

Hello, The next Technical Forum is planned on Thursday, May 28 at 6:00-7:00 UTC (Asia time zone). Please reply on this email with your proposals for agenda topics. Here are some local time examples: Location Local Time Time Zone UTC Offset Vancouver<https://www.timeanddate.com/worldclock/canada/vancouver> (Canada - British Columbia) Wednesday, 27 May 2020, 23:00:00 PDT<https://www.timeanddate.com/time/zones/pdt> UTC-7 hours Chicago<https://www.timeanddate.com/worldclock/usa/chicago> (USA - Illinois) Thursday, 28 May 2020, 01:00:00 CDT<https://www.timeanddate.com/time/zones/cdt> UTC-5 hours Cambridge<https://www.timeanddate.com/worldclock/uk/cambridge> (United Kingdom - England) Thursday, 28 May 2020, 07:00:00 BST<https://www.timeanddate.com/time/zones/bst> UTC+1 hour Shanghai<https://www.timeanddate.com/worldclock/china/shanghai> (China - Shanghai Municipality) Thursday, 28 May 2020, 14:00:00 CST<https://www.timeanddate.com/time/zones/cst-china> UTC+8 hours Corresponding UTC (GMT) Thursday, 28 May 2020, 06:00:00<https://www.timeanddate.com/worldclock/fixedtime.html?iso=20200528T0600> Best regards, Anton Komlev

5 years, 5 months

1
0
0 0

Re: [TF-M] PSA documentation page

by Ken Liu

Now we linked the home page (https://developer.arm.com/architectures/security-architectures/platform-sec…) of PSA in the readme (https://ci.trustedfirmware.org/job/tf-m-build-test-nightly/lastSuccessfulBu…), are you proposing to update to this documentation link? /Ken From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Adrian Shaw via TF-M Sent: Monday, May 18, 2020 6:12 PM To: tf-m(a)lists.trustedfirmware.org Subject: [TF-M] PSA documentation page For anyone who is interested in a more comprehensive list of the PSA documents, the following page is now available on developer.arm.com that lists the documents, the latest specification versions and their current quality status. https://developer.arm.com/architectures/security-architectures/platform-sec… Best, Adrian

5 years, 5 months

1
0
0 0

[RFC] Compiler-specific configurations and architecture registers

by Summer Qin

Hi, Even the ongoing HAL design abstracts all platform-specific operations, there are still some operations that need to be performed directly in TF-M, such as architecture-related operations. These operations are common for all platforms, such as: * generic assembler code for AAPCS based context management. * assign attributes to specific functions. These operations rely on compiler and architecture much instead of the platform. So, define a CORE-specific compiler configuration header file would be a straight requirement. With these unified headers, writing the architecture-specific code would be much safer because it won't involve hardcode compiler related changes. The minimal set of mandatory architecture registers is also planned to be defined. Here send out a mail to collect for the feedbacks - is it worthy of doing this to decouple the architecture from the platform, or we can just re-use the platform provided headers? Any comments are welcome:) Best Regards, Summer

5 years, 5 months

1
0
0 0

PSA documentation page

by Adrian Shaw

For anyone who is interested in a more comprehensive list of the PSA documents, the following page is now available on developer.arm.com that lists the documents, the latest specification versions and their current quality status. https://developer.arm.com/architectures/security-architectures/platform-sec… Best, Adrian

5 years, 5 months

1
0
0 0

Proposal to add sub-folders to collect documents under design_documents folder

by David Hu

Hi all, I'd like to propose to add sub-folders under docs/design_documents to collect the documents on the same topic. Currently, there are already 21 documents in total under docs/design_documents and the number may grow rapidly. It can be more clear if we can organize the documents on the same topic into a dedicated sub-folder under docs/design_documents. Please help review the patch set https://review.trustedfirmware.org/q/topic:%22design-doc-subdir%22+(status:… if the proposal sound interesting. I move dual-cpu and TF-M Profiles related documents to their dedicated folder respectively in the patches. Any comment is welcome! In current patches, the html pages are still put in the same level during Sphinx build. It is because design documents are grouped by document status, instead of document hierarchy. The html pages can be further organized as well if we switch to group html according to folder structures. Best regards, Hu Ziji

5 years, 5 months

1
0
0 0

Ask for final review of symmetric based initial attestation design

by David Hu

Hi all, May I ask for a final round of review on symmetric initial attestation design document on https://review.trustedfirmware.org/c/trusted-firmware-m/+/3898? The document has been reviewed for a long time and received many valuable comments. Thanks a lot. If there is no further critical comment, I'd like to merge this design this Friday. Best regards, Hu Ziji

5 years, 5 months

1
0
0 0

[RFC] [Source Structure] Design document is availiable.

by Ken Liu

Hi, There is an upcoming source structure adjustment for TF-M. The basic idea is to make the structure simple and easy to be understood by users. The significant change would be a long term goal so no worry. In the beginning, there would be changes in core and platform to align with HAL changes. Please help to put comments on the design documents - after aligned, this document would be a user guide document to describe the source structure of TF-M. The patch is here: https://review.trustedfirmware.org/c/trusted-firmware-m/+/4112 And the issue link: https://developer.trustedfirmware.org/T751 Feel free to put any comments or ask questions. Thanks. /Ken

5 years, 5 months

1
0
0 0

IRQ testing tool available for review

by Mate Toth-Pal

Hi All, The IRQ testing tool proposed for TF-M earlier, and presented in one of the TF-M tech forum is available for code review: https://review.trustedfirmware.org/c/trusted-firmware-m/+/4078/1 https://review.trustedfirmware.org/c/trusted-firmware-m/+/4079/1 The presentation can be viewed here: https://zoom.us/rec/share/3epSNYjX519Oeony5HH8WIgqXb7peaa82iYf_vZYmBuPbFktC… (Extended) Slides: https://www.trustedfirmware.org/docs/Automated_testing_of_interrupt_handlin… Please give feedback in gerrit review comments. Thanks, Mate

5 years, 5 months

1
0
0 0

Re: [TF-M] Attestation: is there an usage example for that somewhere

by Adrian Shaw

Hi Reinhard, Attestation is implemented in TF-M. There is a whitepaper here explaining attestation use cases and usage models https://www.psacertified.org/app/uploads/2020/02/PSA-Certified-Entity-Attes… The API is documented in the specification ARM IHI 0085, which you can find here https://developer.arm.com/-/media/Files/pdf/PlatformSecurityArchitecture/Im… Best, Adrian On 14 May 2020, at 15:55, Reinhard Keil via TF-M <tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org>> wrote: Is Attestation already implemented? Is there somewhere information on how Attestation is used. I’m looking for user oriented information. Thanks for your help. Reinhard -- TF-M mailing list TF-M(a)lists.trustedfirmware.org<mailto:TF-M@lists.trustedfirmware.org> https://lists.trustedfirmware.org/mailman/listinfo/tf-m

5 years, 5 months

1
0
0 0

Attestation: is there an usage example for that somewhere

by Reinhard Keil

Is Attestation already implemented? Is there somewhere information on how Attestation is used. I'm looking for user oriented information. Thanks for your help. Reinhard

5 years, 5 months

1
0
0 0

Re: [TF-M] Boot seed in TFM Attestation tests

by Andrej Butok

Hi Tamas, The patch has eliminated the test fail. Thank you, Andrej From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Tamas Ban via TF-M Sent: Thursday, May 14, 2020 2:32 PM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] Boot seed in TFM Attestation tests Hi Andrej, The value of boot_seed is compared against a hard coded value. This behaviour can be turned off in test/suites/attestation/attest_token_test_values.h. Then only the presence of boot_seed claim will be checked but its value not. Could you test this patch: diff --git a/test/suites/attestation/attest_token_test_values.h b/test/suites/attestation/attest_token_test_values.h index 5910524..fe2b9d4 100644 --- a/test/suites/attestation/attest_token_test_values.h +++ b/test/suites/attestation/attest_token_test_values.h @@ -110,6 +110,8 @@ /* A 32 byte mostly random value. Binary. * platform/ext/common/template/attest_hal.c */ +#define TOKEN_TEST_VALUE_BOOT_SEED NULL_Q_USEFUL_BUF_C +/* #define TOKEN_TEST_VALUE_BOOT_SEED \ (struct q_useful_buf_c) {\ (uint8_t[]){ \ @@ -120,6 +122,7 @@ },\ 32\ } +*/ #define TOKEN_TEST_REQUIRE_BOOT_SEED true /* Mandatory claim */ /* A text string in EAN 13 format Tamas From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Andrej Butok via TF-M Sent: 14 May 2020 12:06 To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: [TF-M] Boot seed in TFM Attestation tests Hello, Using a real boot seed instead of the dummy one is causing a Attestation Service regression fail. The log: Running Test Suite Initial Attestation Service non-secure interface tests(TFM_ATTEST_TEST_2XXX)... > Executing 'TFM_ATTEST_TEST_2004' Description: 'ECDSA signature test of attest token' decode_test_normal_sig() returned: -55 Attest token decode_test_normal_sig() has failed (Failed at ../../../../../../middleware/tfm/test/suites/attestation/non_secure/attestation_ns_interface_testsuite.c:136) TEST FAILED! Is it know issue? Probably, it's better to use a real boot seed by the Attestation tests, returned by tfm_plat_get_initial_attest_key()? Thank you, Andrej Butok

5 years, 5 months

2
1
0 0

TF-M repository restructure

by Anton Komlev

Hello, Let me announce the changes in TF-M project repository structure. To allow project grow up in a more organized way the existing codebase will be split on multiple repositories and placed under TF-M folder. This is the similar structure as all other projects have in git.trustedfirmware.org<https://git.trustedfirmware.org>. This weekend TF-M git repository will be moved from https://git.trustedfirmware.org/trusted-firmware-m.git to https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git The original URL will be supported for some time (as a link to the new one) giving time for adjustment. Current plan is to keep the redirection for 6 months but let me know please, if it makes any conflict and another depreciation period is better. Best regards, Anton Komlev

5 years, 5 months

1
0
0 0

Re: [TF-M] Boot seed in TFM Attestation tests

by Tamas Ban

Hi Andrej, The value of boot_seed is compared against a hard coded value. This behaviour can be turned off in test/suites/attestation/attest_token_test_values.h. Then only the presence of boot_seed claim will be checked but its value not. Could you test this patch: diff --git a/test/suites/attestation/attest_token_test_values.h b/test/suites/attestation/attest_token_test_values.h index 5910524..fe2b9d4 100644 --- a/test/suites/attestation/attest_token_test_values.h +++ b/test/suites/attestation/attest_token_test_values.h @@ -110,6 +110,8 @@ /* A 32 byte mostly random value. Binary. * platform/ext/common/template/attest_hal.c */ +#define TOKEN_TEST_VALUE_BOOT_SEED NULL_Q_USEFUL_BUF_C +/* #define TOKEN_TEST_VALUE_BOOT_SEED \ (struct q_useful_buf_c) {\ (uint8_t[]){ \ @@ -120,6 +122,7 @@ },\ 32\ } +*/ #define TOKEN_TEST_REQUIRE_BOOT_SEED true /* Mandatory claim */ /* A text string in EAN 13 format Tamas From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Andrej Butok via TF-M Sent: 14 May 2020 12:06 To: tf-m(a)lists.trustedfirmware.org Subject: [TF-M] Boot seed in TFM Attestation tests Hello, Using a real boot seed instead of the dummy one is causing a Attestation Service regression fail. The log: Running Test Suite Initial Attestation Service non-secure interface tests(TFM_ATTEST_TEST_2XXX)... > Executing 'TFM_ATTEST_TEST_2004' Description: 'ECDSA signature test of attest token' decode_test_normal_sig() returned: -55 Attest token decode_test_normal_sig() has failed (Failed at ../../../../../../middleware/tfm/test/suites/attestation/non_secure/attestation_ns_interface_testsuite.c:136) TEST FAILED! Is it know issue? Probably, it's better to use a real boot seed by the Attestation tests, returned by tfm_plat_get_initial_attest_key()? Thank you, Andrej Butok

5 years, 5 months

1
0
0 0

Boot seed in TFM Attestation tests

by Andrej Butok

Hello, Using a real boot seed instead of the dummy one is causing a Attestation Service regression fail. The log: Running Test Suite Initial Attestation Service non-secure interface tests(TFM_ATTEST_TEST_2XXX)... > Executing 'TFM_ATTEST_TEST_2004' Description: 'ECDSA signature test of attest token' decode_test_normal_sig() returned: -55 Attest token decode_test_normal_sig() has failed (Failed at ../../../../../../middleware/tfm/test/suites/attestation/non_secure/attestation_ns_interface_testsuite.c:136) TEST FAILED! Is it know issue? Probably, it's better to use a real boot seed by the Attestation tests, returned by tfm_plat_get_initial_attest_key()? Thank you, Andrej Butok

5 years, 5 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

TF-M