Here is what I could find on Zephyr:
https://docs.zephyrproject.org/1.14.1/reference/power_management/index.html
Any thoughts from anybody on this topic.
thanks
Suresh Marisetty
Infineon Semiconductor Corporation
From: Anton Komlev <Anton.Komlev(a)arm.com>
Sent: Thursday, January 13, 2022 2:19 AM
To: Joseph Yiu <Joseph.Yiu(a)arm.com>; Marisetty Suresh (CYSC CSS ICW SW SSE) <Suresh.Marisetty(a)infineon.com>
Subject: RE: Power management and TFM
Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments unless you validate it is safe<https://intranet-content.infineon.com/explore/aboutinfineon/rules/informati…>.
Hi Suresh,
As you noted, the power management topic is not covered by TF-M, leaving it for a platform or project level handling. Would you like to discuss the topic on TF-M Tech Forum and check what community thinks about it?
Best regards,
Anton
From: Joseph Yiu <Joseph.Yiu(a)arm.com<mailto:Joseph.Yiu@arm.com>>
Sent: Wednesday, January 12, 2022 8:52 PM
To: Suresh.Marisetty(a)infineon.com<mailto:Suresh.Marisetty@infineon.com>; Anton Komlev <Anton.Komlev(a)arm.com<mailto:Anton.Komlev@arm.com>>
Subject: RE: Power management and TFM
Hi Suresh,
> Power management does have an impact on security flows and how it is done.
Agree.
> Not sure if there is a standardized framework and application note on how it can be done on Corte-M with or without Secure Enclave model
Unfortunately there is no standardization of power management interface for Cortex-M systems today.
And given that the low power implementation varies between different vendors significantly, trying to define a power control interface is going to be very challenging.
By the way, I noticed you reply to me only. Is that intentional or would you want to have this conversation on the email list?
Regards,
Joseph
From: Suresh.Marisetty(a)infineon.com<mailto:Suresh.Marisetty@infineon.com> <Suresh.Marisetty(a)infineon.com<mailto:Suresh.Marisetty@infineon.com>>
Sent: 12 January 2022 18:58
To: Joseph Yiu <Joseph.Yiu(a)arm.com<mailto:Joseph.Yiu@arm.com>>
Cc: nd <nd(a)arm.com<mailto:nd@arm.com>>
Subject: RE: Power management and TFM
HI Anton and Joseph,
Power management does have an impact on security flows and how it is done. This is a town down architecture/implementation starting with NSPE and down with expected behavior of SPE (secure boot, TFM context management, etc.), cold boot, warm boot, deep-sleep, hibernate and active modes.
On the Cortex-A, there is PSCI framework couple with ACPI. Not sure if there is a standardized framework and application note on how it can be done on Corte-M with or without Secure Enclave model.
thanks
Suresh Marisetty
Infineon Semiconductor Corporation
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Joseph Yiu via TF-M
Sent: Monday, December 20, 2021 8:04 AM
To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org>
Cc: nd <nd(a)arm.com<mailto:nd@arm.com>>
Subject: Re: [TF-M] Power management and TFM
Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments unless you validate it is safe<https://intranet-content.infineon.com/explore/aboutinfineon/rules/informati…>.
Hi Suresh, Anton,
This is an interesting topic :-)
Armv8-M processors has some power management registers that can be restricted to Secure world access only.
System Control Register (SCR)
- Bit 2 SLEEPDEEP - 0 = Normal Sleep, 1 = Deep Sleep (this can also enable WIC feature). Access permission depends on SLEEPDEEPS.
- Bit 3 SLEEPDEEPS - 0 - NS privileged world can r/w to SLEEPDEEP, 1 - SLEEPDEEP is RAZ/WI to NS privileged world
(This is applicable to Cortex-M23, Cortex-M33, Cortex-M35P, Cortex-M55)
Cortex-M55 also has Implementation defined power model control registers (CPDLPSTATE, DPDLPSTATE)
https://developer.arm.com/documentation/101273/0101/Cortex-M55-Processor-le…
If TrustZone is used (AIRCR.BFHFNMINS is 0), then these registers are Secure privileged access only.
So definitely Secure firmware should provide some APIs for Non-secure software for changing the power control settings. However, I would expect that power control APIs would likely to be at a higher level which also manage other system level power control functions (which, as Anton said, device specific). In such case having APIs for modifying SLEEPDEEP and power model control registers is not helpful (or might even end up with confusions - e.g. if a SW developer trying to use both low level and high level APIs at the same time).
Given that a Secure firmware can setup SLEEPDEEPS easily if it wants to allow/disallow access to SLEEPDEEP control, having an API for this might be overkill.
Access to Cortex-M55's power model control registers is more tricky. Would an 'optional' reference API for updating power model control registers (CPDLPSTATE, DPDLPSTATE) be considered?
Regards,
Joseph
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Anton Komlev via TF-M
Sent: 20 December 2021 12:32
To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org>
Cc: nd <nd(a)arm.com<mailto:nd@arm.com>>
Subject: Re: [TF-M] Power management and TFM
Hi Suresh,
The power management is out of scope of TF-M core or any PSA service. Such functionality is HW platform specific and may vary depending on HW or SW adaptation capabilities. If you concern about a specific use case, where TF-M support is expected - let's discuss it here.
Hope that helps,
Anton
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Suresh Marisetty via TF-M
Sent: Friday, December 17, 2021 8:11 PM
To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org>
Subject: [TF-M] Power management and TFM
Hi,
Wondering if anybody can throw some light on any ongoing efforts on power management on a system with TFM (deep sleep, etc).
thanks
Suresh Marisetty
Infineon Semiconductor Corporation
CYSC CSS ICW SW SSE
Mobile: +5103863997
Suresh.Marisetty(a)infineon.com<mailto:Suresh.Marisetty@infineon.com>
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
Hello TFM owners,
I would like to report an issue for ARMv8-MAIN in TFM.
From GCC9, it may use FPU registers (S16~S31) to backup general purpose registers for better performance.
However, TFM’s library mode is not backup and restore FPU registers (S16~S31) base on EXC_RETURN.FType bit in tfm_core_sfn_request.
(Reference for LR.FType https://developer.arm.com/documentation/100235/0004/the-cortex-m33-processo… )
This may causes FPU registers (S16~S31) to be corrupted in tfm_core_sfn_request, if interrupt happens between two SVC call.
Here is an example to reproduce the issue:
1. Task A uses FPU S16 register to backup GPR R0
2. Task A calls psa_import_key() API
3. After the instruction “SVC %[SVC_REQ]” in tfm_core_sfn_request, the CONTROL.FPCA become “NOT active”
4. Enter FreeRTOS PendSV_Handler and schedule to others task.
* Originally, this should backup S16 due to CONTROL.FPCA is active and EXC_RETURN.FType should be 0.
* But, the EXC_RETURN.FType become 1 due to step3. So the S16 is not backup in stack and changed by others task.
1. Another task uses FPU S16 register (overwrite the value of S16 from Task A)
2. Enter FreeRTOS PendSV_Handler and schedule back to Task A
3. psa_import_key is finished and exit from TFM
4. Task A restore GPR R0 from FPU R16
5. Memory access violation in Task A due to incorrect value of GPR R0.
Stacking FPU s16-s31 in tfm_core_sfn_request can fix this problem. Please check the blue instructions. Thank you.
__attribute__((section("SFN"), naked))
int32_t tfm_core_sfn_request(const struct tfm_sfn_req_s *desc_ptr)
{
__ASM volatile(
"PUSH {r4-r12, lr} \n"
"MRS r4, control \n" /* Check FPCA in control register */
"TST r4, #0x04 \n"
"IT NE \n" /* Stacking S16-S31, if CONTROL.FPCA = 1 */
"VSTMDBNE sp!, {s16-s31} \n"
"PUSH {r4} \n" /* Backup CONTROL register */
"PUSH {r4} \n" /* For 8-bytes alignment to prevent xPSR.BIT9 = 1 */
"SVC %[SVC_REQ] \n" /* To remove upon instruction, xPSR.BIT9 should be masked to 0 in prepare_partition_iovec_ctx(…) */
"MOV r4, #0 \n"
"MOV r5, r4 \n"
"MOV r6, r4 \n"
"MOV r7, r4 \n"
"MOV r8, r4 \n"
"MOV r9, r4 \n"
"MOV r10, r4 \n"
"MOV r11, r4 \n"
"BLX lr \n"
"SVC %[SVC_RET] \n"
"POP {r4} \n" /* Restore CONTROL register */
"POP {r4} \n"
"TST r4, #0x04 \n" /* Check FPCA in control register */
"IT NE \n"
"VLDMIANE sp!, {s16-s31} \n" /* Restore S16-S31, if CONTROL.FPCA = 1 */
"POP {r4-r12, pc} \n"
: : [SVC_REQ] "I" (TFM_SVC_SFN_REQUEST),
[SVC_RET] "I" (TFM_SVC_SFN_RETURN)
);
}
Best regards!
Hi Jamie,
The change has been merged. Sorry for the possible inconveniences caused by end of the year holidays.
Best regards,
Anton
From: Jamie Mccrae via TF-M <tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org>>
Sent: Tuesday, January 11, 2022 4:03 PM
To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org>
Subject: [TF-M] Pending PR needs merging
Hi,
Would it be possible to get this PR merged https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/12686 due to a pending update for Zephyr?
Thanks,
Jamie
THIS MESSAGE, ANY ATTACHMENT(S), AND THE INFORMATION CONTAINED HEREIN MAY BE PROPRIETARY TO LAIRD CONNECTIVITY, LLC. AND/OR ANOTHER PARTY, AND MAY FURTHER BE INTENDED TO BE KEPT CONFIDENTIAL. IF YOU ARE NOT THE INTENDED RECIPIENT, PLEASE DELETE THE EMAIL AND ANY ATTACHMENTS, AND IMMEDIATELY NOTIFY THE SENDER BY RETURN EMAIL. THIS MESSAGE AND ITS CONTENTS ARE THE PROPERTY OF LAIRD CONNECTIVITY, LLC. AND MAY NOT BE REPRODUCED OR USED WITHOUT THE EXPRESS WRITTEN CONSENT OF LAIRD CONNECTIVITY, LLC.
Hi,
Would it be possible to get this PR merged https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/12686 due to a pending update for Zephyr?
Thanks,
Jamie
THIS MESSAGE, ANY ATTACHMENT(S), AND THE INFORMATION CONTAINED HEREIN MAY BE PROPRIETARY TO LAIRD CONNECTIVITY, LLC. AND/OR ANOTHER PARTY, AND MAY FURTHER BE INTENDED TO BE KEPT CONFIDENTIAL. IF YOU ARE NOT THE INTENDED RECIPIENT, PLEASE DELETE THE EMAIL AND ANY ATTACHMENTS, AND IMMEDIATELY NOTIFY THE SENDER BY RETURN EMAIL. THIS MESSAGE AND ITS CONTENTS ARE THE PROPERTY OF LAIRD CONNECTIVITY, LLC. AND MAY NOT BE REPRODUCED OR USED WITHOUT THE EXPRESS WRITTEN CONSENT OF LAIRD CONNECTIVITY, LLC.
Hi all,
TF-M CI is back to normal. Please feel free to use it. 😊
BR,
Xinyu
From: Xinyu Zhang
Sent: Monday, January 10, 2022 11:07 AM
To: TF-M mailing list <tf-m(a)lists.trustedfirmware.org>
Cc: nd <nd(a)arm.com>
Subject: TF-M Open CI Fails to Run Tests
Hi all,
Sorry to inform you that TF-M Open CI is down for the time being – tests cannot be run.
I’ll let you know as long as CI is back to normal.
Apologize for any inconvenience!
Thanks,
Xinyu
Hi all,
Sorry to inform you that TF-M Open CI is down for the time being - tests cannot be run.
I'll let you know as long as CI is back to normal.
Apologize for any inconvenience!
Thanks,
Xinyu
Hi,
Thank Chris made a couple of changes to move the mailbox mechanism from a kernel-coupled one into a partition-based one, which simplifies the programming model much.
And mailbox-related platforms (musca-b1 secure enclave and corstone 1000) may get affected after merged, please mentioned platform owners take a try on these patches. Another solution is we can merge them and then fix the problems found.
Will wait for one more week for the last patch (Patches no affecting platforms out of PSoC are merged already).
I think checkout this one should bring all related changes into local:
https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/12311
Feel free to comment, thanks.
/Ken
Hi,
The next Technical Forum is planned on Thursday, Jan 6, 7:00-8:00 UTC (Asia time zone).
Please reply on this email with your proposals for agenda topics.
Recording and slides of previous meetings are here:
https://www.trustedfirmware.org/meetings/tf-m-technical-forum/
Best regards,
Anton
Hi everyone,
While taking a look into PSA header files from interface/include/psa/ folder I have found out that they are actually slightly different from PSA headers in build_folder/lib/ext/mbedcrypto-src/include/psa/ folder.
Here is list of files that are different:
* crypto.h
* crypto_compat.h
* crypto_extra.h
* crypto_sizes.h
* crypto_struct.h
* crypto_types.h
* crypto_values.h
My expectation was that PSA interface (header files) should be the same in both folders.
Maybe we should use only one version of those files (remove files from interface/include/psa/ and just use files from build_folder/lib/ext/mbedcrypto-src/include/psa/)?
Regards,
Bohdan Hunko
Cypress Semiconductor Ukraine
Engineer
CSUKR CSS ICW SW FW
Mobile: +38099 50 19 714
Bohdan.Hunko(a)infineon.com<mailto:Bohdan.Hunko@infineon.com>
Back after the holidays I have tested a few builds and I've noticed that
a few builds fail a bunch of tests.
Fails on all tool chains.
Is this a known issue?
psoc64, musca_s1 works.
Musca_B1 (nxp lpcxpresso55s69 also fails:
PS D:\Projects\tf-m6\trusted-firmware-m\armclang> cmake -GNinja -S .. -B
. -DTFM_PLATFORM=arm/musca_b1/sse_200
"-DTFM_TOOLCHAIN_FILE=..\toolchain_ARMCLANG.cmake" -DTEST_NS=ON
-DTEST_S=ON -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBL2=ON
...
Running Test Suite PSA internal trusted storage S interface tests
(TFM_S_ITS_TEST_1XXX)...
> Executing 'TFM_S_ITS_TEST_1001'
Description: 'Set interface'
Set should not fail with valid UID (Failed at
D:/Projects/tf-m6/trusted-firmware-m/armclang/lib/ext/tfm_test_repo-src/test/suites/its/its_tests_common.c:32)
TEST: TFM_S_ITS_TEST_1001 - FAILED!
> Executing 'TFM_S_ITS_TEST_1002'
Description: 'Set interface with create flags'
Set should not fail with no flags (Failed at
D:/Projects/tf-m6/trusted-firmware-m/armclang/lib/ext/tfm_test_repo-src/test/suites/its/its_tests_common.c:91)
TEST: TFM_S_ITS_TEST_1002 - FAILED!
> Executing 'TFM_S_ITS_TEST_1003'
Description: 'Set interface with NULL data pointer'
Set should succeed with NULL data pointer and zero length (Failed at
D:/Projects/tf-m6/trusted-firmware-m/armclang/lib/ext/tfm_test_repo-src/test/suites/its/its_tests_common.c:115)
TEST: TFM_S_ITS_TEST_1003 - FAILED!
> Executing 'TFM_S_ITS_TEST_1004'
Description: 'Set interface with write once UID'
Set should not rewrite a write once UID (Failed at
D:/Projects/tf-m6/trusted-firmware-m/armclang/lib/ext/tfm_test_repo-src/test/suites/its/its_tests_common.c:138)
TEST: TFM_S_ITS_TEST_1004 - FAILED!
> Executing 'TFM_S_ITS_TEST_1005'
Description: 'Get interface with valid data'
Set should not fail (Failed at
D:/Projects/tf-m6/trusted-firmware-m/armclang/lib/ext/tfm_test_repo-src/test/suites/its/its_tests_common.c:186)
TEST: TFM_S_ITS_TEST_1005 - FAILED!
> Executing 'TFM_S_ITS_TEST_1006'
Description: 'Get interface with zero data length'
Set should not fail (Failed at
D:/Projects/tf-m6/trusted-firmware-m/armclang/lib/ext/tfm_test_repo-src/test/suites/its/its_tests_common.c:293)
TEST: TFM_S_ITS_TEST_1006 - FAILED!
...
(lots more failed tests)
...
*** Non-secure test suites summary ***
Test suite 'PSA protected storage NS interface tests
(TFM_NS_PS_TEST_1XXX)' has PASSED
Test suite 'PSA internal trusted storage NS interface tests
(TFM_NS_ITS_TEST_1XXX)' has FAILED
Test suite 'Crypto non-secure interface test (TFM_NS_CRYPTO_TEST_1XXX)'
has FAILED
Test suite 'Platform Service Non-Secure interface
tests(TFM_NS_PLATFORM_TEST_1XXX)' has PASSED
Test suite 'Initial Attestation Service non-secure interface
tests(TFM_NS_ATTEST_TEST_1XXX)' has PASSED
Test suite 'QCBOR regression test(TFM_NS_QCBOR_TEST_1XXX)' has PASSED
Test suite 'T_COSE regression test(TFM_NS_T_COSE_TEST_1XXX)' has PASSED
Test suite 'PSA firmware update NS interface tests
(TFM_NS_FWU_TEST_1xxx)' has PASSED
Test suite 'Core non-secure positive tests (TFM_NS_CORE_TEST_1XXX)' has
PASSED
Test suite 'IPC non-secure interface test (TFM_NS_IPC_TEST_1XXX)' has PASSED
Test suite 'TFM IRQ Test (TFM_IRQ_TEST_1xxx)' has PASSED
*** End of Non-secure test suites ***
--
*Thomas Törnblom*, /Product Engineer/
IAR Systems AB
Box 23051, Strandbodgatan 1
SE-750 23 Uppsala, SWEDEN
Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01
E-mail: thomas.tornblom(a)iar.com Website: www.iar.com <http://www.iar.com>
Twitter: www.twitter.com/iarsystems <http://www.twitter.com/iarsystems>
Hello,
This platform is tested for profile medium and low (-DTFM_PROFILE=profile_small or -DTFM_PROFILE=profile_medium). I just checked on master with medium profile and GNUARM.
The default config takes a crypto config with its associated crypto tests that leads to overlap in flash area. (This device has 512Kbytes Flash)
Best Regards
ST Restricted
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Bøe, Sebastian via TF-M
Sent: mercredi 22 décembre 2021 13:40
To: tf-m(a)lists.trustedfirmware.org
Subject: [TF-M] nucleo_l552ze_q platform does not build since TF-M 1.5
Hi,
I am observing that the nucleo_l552ze_q platform is producing hex files that overlap
since the 1.5 release. Tested on master and 1.5.
Is there an STM maintainer that could look into this?
Steps to reproduce:
rm -rf cmake_build && cmake -S . -B cmake_build -DTFM_PLATFORM=stm/nucleo_l552ze_q -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DCMAKE_BUILD_TYPE=MinSizeRel -DTEST_S=ON -DTEST_NS=ON && make -C cmake_build install && /usr/bin/python3.8 /home/sebo/ncs/zephyr/scripts/mergehex.py -o merged.hex $(find cmake_build -name "*.hex")
"/usr/bin/python3.8 /home/sebo/ncs/zephyr/scripts/mergehex.py" must be replaced
with the preferred hex file merging tool.
output:
Traceback (most recent call last):
File "/home/sebo/ncs/zephyr/scripts/mergehex.py", line 28, in merge_hex_files
ih.merge(to_merge, overlap=overlap)
File "/home/sebo/.local/lib/python3.8/site-packages/intelhex/__init__.py", line 875, in merge
raise AddressOverlapError(
intelhex.AddressOverlapError: Data overlapped at address 0xC014400
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/sebo/ncs/zephyr/scripts/mergehex.py", line 56, in <module>
main()
File "/home/sebo/ncs/zephyr/scripts/mergehex.py", line 52, in main
merge_hex_files(args.output, args.input_files, args.overlap)
File "/home/sebo/ncs/zephyr/scripts/mergehex.py", line 30, in merge_hex_files
raise AddressOverlapError("{} has merge issues".format(hex_file_path))
intelhex.AddressOverlapError: cmake_build/install/outputs/STM/NUCLEO_L552ZE_Q/tfm_s.hex has merge issues
PS: Depending on the revision tested, it might be necessary to also apply this patch:
modified platform/ext/target/stm/common/stm32l5xx/CMakeLists.txt
@@ -90,7 +90,7 @@ target_sources(platform_s
${CMAKE_CURRENT_SOURCE_DIR}/hal/Src/stm32l5xx_hal_gtzc.c
${CMAKE_SOURCE_DIR}/platform/ext/common/tfm_hal_isolation_mpu_v8m.c
${CMAKE_SOURCE_DIR}/platform/ext/common/tfm_hal_nvic.c
- $<$<BOOL:${TFM_PARTITION_PLATFORM}>:${CMAKE_CURRENT_SOURCE_DIR}/secure/tfm_platform_system>
+ $<$<BOOL:${TFM_PARTITION_PLATFORM}>:${CMAKE_CURRENT_SOURCE_DIR}/secure/tfm_platform_system.c>
${CMAKE_CURRENT_SOURCE_DIR}/hal/Src/stm32l5xx_hal_rng.c
${CMAKE_CURRENT_SOURCE_DIR}/hal/Src/stm32l5xx_hal_rng_ex.c
PUBLIC
Hi,
I am observing that the nucleo_l552ze_q platform is producing hex files that overlap
since the 1.5 release. Tested on master and 1.5.
Is there an STM maintainer that could look into this?
Steps to reproduce:
rm -rf cmake_build && cmake -S . -B cmake_build -DTFM_PLATFORM=stm/nucleo_l552ze_q -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DCMAKE_BUILD_TYPE=MinSizeRel -DTEST_S=ON -DTEST_NS=ON && make -C cmake_build install && /usr/bin/python3.8 /home/sebo/ncs/zephyr/scripts/mergehex.py -o merged.hex $(find cmake_build -name "*.hex")
"/usr/bin/python3.8 /home/sebo/ncs/zephyr/scripts/mergehex.py" must be replaced
with the preferred hex file merging tool.
output:
Traceback (most recent call last):
File "/home/sebo/ncs/zephyr/scripts/mergehex.py", line 28, in merge_hex_files
ih.merge(to_merge, overlap=overlap)
File "/home/sebo/.local/lib/python3.8/site-packages/intelhex/__init__.py", line 875, in merge
raise AddressOverlapError(
intelhex.AddressOverlapError: Data overlapped at address 0xC014400
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/sebo/ncs/zephyr/scripts/mergehex.py", line 56, in <module>
main()
File "/home/sebo/ncs/zephyr/scripts/mergehex.py", line 52, in main
merge_hex_files(args.output, args.input_files, args.overlap)
File "/home/sebo/ncs/zephyr/scripts/mergehex.py", line 30, in merge_hex_files
raise AddressOverlapError("{} has merge issues".format(hex_file_path))
intelhex.AddressOverlapError: cmake_build/install/outputs/STM/NUCLEO_L552ZE_Q/tfm_s.hex has merge issues
PS: Depending on the revision tested, it might be necessary to also apply this patch:
modified platform/ext/target/stm/common/stm32l5xx/CMakeLists.txt
@@ -90,7 +90,7 @@ target_sources(platform_s
${CMAKE_CURRENT_SOURCE_DIR}/hal/Src/stm32l5xx_hal_gtzc.c
${CMAKE_SOURCE_DIR}/platform/ext/common/tfm_hal_isolation_mpu_v8m.c
${CMAKE_SOURCE_DIR}/platform/ext/common/tfm_hal_nvic.c
- $<$<BOOL:${TFM_PARTITION_PLATFORM}>:${CMAKE_CURRENT_SOURCE_DIR}/secure/tfm_platform_system>
+ $<$<BOOL:${TFM_PARTITION_PLATFORM}>:${CMAKE_CURRENT_SOURCE_DIR}/secure/tfm_platform_system.c>
${CMAKE_CURRENT_SOURCE_DIR}/hal/Src/stm32l5xx_hal_rng.c
${CMAKE_CURRENT_SOURCE_DIR}/hal/Src/stm32l5xx_hal_rng_ex.c
PUBLIC
Hi,
Currently, in the compiler link script, the CMSE VENEER section is placed at a fixed address which is at the end of tfm code. See code for armclang<https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/platform/e…> and gnu arm<https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/platform/e…>.
Placing the veneers at the fixed address has the benefit that the when the secure image updates, the veneer symbols remain unchanged. So, the nonsecure image does not have to be updated together.
The problem is that the size of tfm_s.bin is always the same in different TF-M build configurations(debug mode, release mode, profile small, profile large and so on). So, there can be large empty space between the end of tfm code and the veneer section.
As we discussed on today's tech forum meeting, I propose to move the LR_VENEER from the end of tfm code to right after the secure vector table. In this way, the space between the tfm code and the veneers section is eliminated. Also, the supported number of interrupts for each platform is fixed. So, the size of the vector table is fixed for each platform. So, the start address of veneer section is still fixed for each platform. The size of tfm_s.bin is reduced significantly after this change. Take the AN521 platform for example, the size of tfm_s.bin has a 70 percent reduction.
The link script change for armclang<https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/12620/6/plat…> and gnu arm<https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/12620/6/plat…> in this patch<https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/12620/> can help me demonstrating my proposal. I am not hurry asking for review and merge this patch. As it impacts all the platforms, I want to get confirmed that all platforms which are using the common link script are happy with this proposal.
Any comments or especially concerns on this proposal?
Thanks,
Regards,
Sherry Zhang
Hi,
Wondering if anybody can throw some light on any ongoing efforts on power management on a system with TFM (deep sleep, etc).
thanks
Suresh Marisetty
Infineon Semiconductor Corporation
CYSC CSS ICW SW SSE
Mobile: +5103863997
Suresh.Marisetty(a)infineon.com<mailto:Suresh.Marisetty@infineon.com>
I'm working on the IAR part of this and I'm having a problem with the
following test in isolation level 3:
---
Running Test Suite TFM IRQ Test (TFM_IRQ_TEST_1xxx)...
> Executing 'TFM_NS_IRQ_TEST_SLIH_1001'
Description: 'SLIH HANDLING Case 1'
---
If I run the test at full speed, it will run into a MemManage fault
while if I single step through the entire test it will pass.
Is there a race condition somewhere in there?
If I disable the SLIH tests it succeeds.
The exception happens when dereferencing "dev" in this function:
bool timer_cmsdk_is_initialized(const struct timer_cmsdk_dev_t* dev)
{
return dev->data->is_initialized;
}
dev is 0x30002440 at the time.
I've been trying to figure out what part of the memory protection system
it is that is causing the exception.
DACCVIOL is set and MMFAR shows the faulting address.
Ideas?
The build line:
cmake -GNinja -S .. -B . -DTFM_PLATFORM=arm/musca_b1/sse_200
"-DTFM_TOOLCHAIN_FILE=..\toolchain_IARARM.cmake" -DTEST_NS=ON
-DTEST_S=ON -DCMAKE_BUILD_TYPE=Debug -DBL2=ON -DTFM_ISOLATION_LEVEL=3
-DTEST_NS_SLIH_IRQ=ON -DTEST_NS_QCBOR=OFF
Notice that this build runs into a linker bug in the IAR toolchain and I
have a non-released fixed version I'm using, in case anyone is
attempting to replicate the issue.
Cheers,
Thomas
Den 2021-12-17 kl. 11:30, skrev TrustedFirmware Code Review (Code Review):
>
> Attention is currently required from: Kevin Peng, Ken Liu, David Hu,
> Chris Brand, Anton Komlev, Thomas Törnblom.
>
> "Build Successful
>
> http://ci.trustedfirmware.org/job/tf-m-static/3226/display/redirect :
> SUCCESS"
>
> Patch set 16:Verified +1
>
> View Change
> <https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/12620>
>
> To view, visit change 12620
> <https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/12620>.
> To unsubscribe, or for help writing mail filters, visit settings
> <https://review.trustedfirmware.org/settings>.
>
> Gerrit-Project: TF-M/trusted-firmware-m
> Gerrit-Branch: master
> Gerrit-Change-Id: I0084aef576d90af45513c7eaae58ba6c6dbbddab
> Gerrit-Change-Number: 12620
> Gerrit-PatchSet: 16
> Gerrit-Owner: sherryzhang <sherry.zhang2(a)arm.com>
> Gerrit-Reviewer: Anton Komlev <Anton.Komlev(a)arm.com>
> Gerrit-Reviewer: David Hu <david.hu(a)arm.com>
> Gerrit-Reviewer: Ken Liu <ken.liu(a)arm.com>
> Gerrit-Reviewer: Sebastian Bøe <Sebastian.boe(a)nordicsemi.no>
> Gerrit-Reviewer: Thomas Törnblom <thomas.tornblom(a)iar.com>
> Gerrit-Reviewer: TrustedFirmware Code Review
> Gerrit-Reviewer: sherryzhang <sherry.zhang2(a)arm.com>
> Gerrit-CC: Andrej Butok <andrey.butok(a)nxp.com>
> Gerrit-CC: Chris Brand <chris.brand(a)cypress.com>
> Gerrit-CC: Gabor Abonyi <gabor.abonyi(a)arm.com>
> Gerrit-CC: Kevin Peng <kevin.peng(a)arm.com>
> Gerrit-CC: Michel Jaouen
> Gerrit-CC: Márk Horváth <mark.horvath(a)arm.com>
> Gerrit-CC: Satish Kumar <satish.kumar01(a)arm.com>
> Gerrit-CC: jamie.mccrae(a)lairdconnect.com
> Gerrit-Attention: Kevin Peng <kevin.peng(a)arm.com>
> Gerrit-Attention: Ken Liu <ken.liu(a)arm.com>
> Gerrit-Attention: David Hu <david.hu(a)arm.com>
> Gerrit-Attention: Chris Brand <chris.brand(a)cypress.com>
> Gerrit-Attention: Anton Komlev <Anton.Komlev(a)arm.com>
> Gerrit-Attention: Thomas Törnblom <thomas.tornblom(a)iar.com>
> Gerrit-Comment-Date: Fri, 17 Dec 2021 10:30:20 +0000
> Gerrit-HasComments: No
> Gerrit-Has-Labels: Yes
> Gerrit-MessageType: comment
--
*Thomas Törnblom*, /Product Engineer/
IAR Systems AB
Box 23051, Strandbodgatan 1
SE-750 23 Uppsala, SWEDEN
Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01
E-mail: thomas.tornblom(a)iar.com Website: www.iar.com <http://www.iar.com>
Twitter: www.twitter.com/iarsystems <http://www.twitter.com/iarsystems>
Hi everyone,
I’m wondering if there is any existing effort on enabling X.509 CSR generation and certificate verification inside TF-M? Our project has some custom secure partitions which need to generate the CSR and verify the issued certificates by themselves. The current TF-M implementation hasn’t added X.509’s support. So, I’m wondering if any open source project already does that which we can leverage?
Regards,
Jun Li
Intel Corporation, CA
Hello,
In the light of the end of the year celebrations expecting not many joiners on Dec 23, specially for US time zone, hence
let's cancel the forum at the next week.
Thanks and wish you the great holidays,
Anton
I recently switched to a new MBP that ships with OS X Monterey, and on both
12.0 and 12.1 (released this week) git clone seems to be broken when you're
using HTTP rather than SSH:
digital envelope routines:CRYPTO_internal:bad key length
In order to clone TF-M, I had to make the following changes.
1. Add these details to $HOME/.ssh/config (microbuilder being my github
username, associated with my TF-M account):
Host trustedfirmware.org
User microbuilder
Hostname review.trustedfirmware.org
Port 29418
IdentityFile ~/.ssh/id_rsa
IdentitiesOnly yes
2. Then try to clone with:
$ git clone trustedfirmware.org:/TF-M/trusted-firmware-m.git
This fails, however, since it tries to clone tf-m-tests.git, so:
3. Edit lib/ext/tf-m-tests/fetch_repo.cmake, changing:
FetchContent_Declare(tfm_test_repo
GIT_REPOSITORY trustedfirmware.org:TF-M/tf-m-tests.git
# GIT_REPOSITORY https://git.trustedfirmware.org/TF-M/tf-m-tests.git
GIT_TAG ${TFM_TEST_REPO_VERSION}
GIT_PROGRESS TRUE
)
This let me at least clone TF-M until the issues with HTTP-based cloning
are fixed.
Hope this is useful to someone else working on OS X natively.
Kevin
Hi,
The next Technical Forum is planned on Thursday, Dec 9, 7:00-8:00 UTC (Asia time zone).
Please reply on this email with your proposals for agenda topics.
Recording and slides of previous meetings are here:
https://www.trustedfirmware.org/meetings/tf-m-technical-forum/
Best regards,
Anton
Hi,
for PSA Certification level 2 a log of significant security events is required. Which I assume
should be done with the Audit log service.
But the Audit log service does not support IPC mode.
Should PSA Certification level 2 be done with IPC mode or with library mode?
Hello,
TF-M project released v1.5.0 in release/v1.5.x<https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/log/?h=release/…> branch and tagged as TF-Mv1.5.0.
In the following days the changes from the release branch will be integrated with the main branch.
Please take a look into the release notes for the new features and changes:
https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/relea…
The HTML version will be available after the main branch update.
New major features are:
* MCUboot updated to v1.8.0.
* Thread mode SPM.
* Add Non-secure Client Extension (NSCE) for non-secure client ID management support.
* Secure Function model support in framework.
* Support Memory-mapped IOVECs.
* Decouple documentation and binary builds.
* Manifest tool skips disabled Secure Partitions.
* Provisioning and OTP are supported.
* PSA Protected Storage, Internal Trusted Storage, Initial Attestation services are converted to Stateless services.
* Support out-of-tree build of Secure Partitions.
* Support out-of-tree build of platform specific test suites.
* Introduce platform binding HAL.
* ITS enhancement for harden ITS module against invalid data in Flash.
* Support to select/deselect single or multiple TF-M regression test cases.
* Decouple regression test flag configuration from TF-M.
* New platforms added.
Thank you, everyone who contributed to this milestone.
Anton Komlev
Hello,
Having no items to discuss - let's cancel the forum today.
Have a happy Thanksgiving day and enjoy your turkey if you celebrate it.
Thanks,
Anton
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Anton Komlev via TF-M
Sent: Monday, November 22, 2021 12:04 PM
To: tf-m(a)lists.trustedfirmware.org
Cc: nd <nd(a)arm.com>
Subject: [TF-M] Technical Forum call - Nov-25
Hi,
The next Technical Forum is planned on Thursday, Nov 25, 15:00-16:00 UTC (US time zone).
This is Thanksgiving day and public holiday in US so we might want to cancel the forum expecting fewer participants unless we have a good topic to discuss.
Please reply on this email with your proposals for agenda topics.
Recording and slides of previous meetings are here:
https://www.trustedfirmware.org/meetings/tf-m-technical-forum/
Best regards,
Anton