I recommend instead of using printf with plain text strings, to change the concept to event annotations.
This is already implemented in several RTOS systems (i.e. FreeRTOS or RTX).
Event annotations give you more flexibility:
* can be mapped to memory buffer, printf output, or analysers like Event Recorder in MDK or Percepio
* annotations are described in XML file using event groups. Can be mapped to test automation systems and reduce overhead
* no direct mapping to a peripheral. UART may be not available on all systems.
* overall less overhead in the system (as printf is expensive). Can remain in production code when it just goes to memory buffer
Let me know if you want to have further pointers or information.
Reinhard
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
Got 3 feedbacks till now all reports no problem. I am going to merge this one before end of today.
/Ken
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Ken Liu via TF-M
Sent: Monday, January 6, 2020 1:56 PM
To: tf-m(a)lists.trustedfirmware.org
Cc: nd <nd(a)arm.com>
Subject: Re: [TF-M] [Call for cygwin volunteers] Remove the mbed-crypto building workaround
Thanks for the feedback, let me take a note.
/Ken
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Qixiang Xu via TF-M
Sent: Monday, January 6, 2020 1:49 PM
To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org>
Subject: Re: [TF-M] [Call for cygwin volunteers] Remove the mbed-crypto building workaround
Ken,
I have cherry picked the patch and tested it on Cygwin:
$ cmake --version
cmake version 3.11.1
CMake suite maintained and supported by Kitware (kitware.com/cmake).
The patch works and no issue found.
Best Regards,
Qixiang Xu
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Ken Liu via TF-M
Sent: Monday, January 6, 2020 11:00 AM
To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org>
Cc: nd <nd(a)arm.com<mailto:nd@arm.com>>
Subject: [TF-M] [Call for cygwin volunteers] Remove the mbed-crypto building workaround
Hi,
I create a patch for removing the workaround for mbed-crypto building:
https://review.trustedfirmware.org/c/trusted-firmware-m/+/3022
We tried on cmake 3.7 and 3.10 with cygwin and it works; can some Cygwin/mingw user pick this patch and test if it could work in your side?
Thanks for your contribution 😊
/Ken
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
Thanks Thomas, then IAR won't be a difficult part for this.
/Ken
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Thomas Törnblom via TF-M
Sent: Wednesday, January 8, 2020 7:45 PM
To: tf-m(a)lists.trustedfirmware.org
Subject: Re: [TF-M] [Request For Comments] apply "-fno-builtin" as default compiler flags
The IAR toolchain does not produce any special "builtin" calls and thus does not have any flag similar to "-fno-builtin".
/Thomas
Den 2020-01-08 kl. 03:53, skrev Ken Liu via TF-M:
Hi,
�
As TF-M needs runtime APIs so we are creating the Secure Partition runtime library, code is ready but we have not forwarded all necessary runtime APIs to the version TF-M implemented, this was caused by the toolchain optimization for built-in APIs, such as:
�
- Forward printf(%s) to puts if there is only one string parameter.
- ARMCLANG would forward memxxx API into an optimized variant.
�
With the '-fno-builtin' flags set in the toolchain, this optimization would be disabled so that user just implement the same name built-in to replace the toolchain version.
�
Please help to check these point before applying '-fno-builtin' and provide your feedback:
�
- Could toolchains out of ARMCLANG and GNUARM have a similar flag?
- Would it affect your project setting and how does it affect?
�
Please help to feedback. I will keep this thread open for ~1 week and let's get a conclusion after this.
�
Thanks!
�
/Ken
--
Thomas T�rnblom, Product Engineer
IAR Systems AB
Box 23051, Strandbodgatan 1
SE-750 23 Uppsala, SWEDEN
Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01
E-mail: thomas.tornblom(a)iar.com<mailto:thomas.tornblom@iar.com> Website: www.iar.com<http://www.iar.com>
Twitter: www.twitter.com/iarsystems<http://www.twitter.com/iarsystems>
The IAR toolchain does not produce any special "builtin" calls and thus
does not have any flag similar to "-fno-builtin".
/Thomas
Den 2020-01-08 kl. 03:53, skrev Ken Liu via TF-M:
>
> Hi,
>
> As TF-M needs runtime APIs so we are creating the Secure Partition
> runtime library, code is ready but we have not forwarded all necessary
> runtime APIs to the version TF-M implemented, this was caused by the
> toolchain optimization for built-in APIs, such as:
>
> - Forward printf(%s) to puts if there is only one string parameter.
>
> - ARMCLANG would forward memxxx API into an optimized variant.
>
> With the '-fno-builtin' flags set in the toolchain, this optimization
> would be disabled so that user just implement the same name built-in
> to replace the toolchain version.
>
> Please help to check these point before applying '-fno-builtin' and
> provide your feedback:
>
> - Could toolchains out of ARMCLANG and GNUARM have a similar flag?
>
> - Would it affect your project setting and how does it affect?
>
> Please help to feedback. I will keep this thread open for ~1 week and
> let's get a conclusion after this.
>
> Thanks!
>
> /Ken
>
>
--
*Thomas Törnblom*, /Product Engineer/
IAR Systems AB
Box 23051, Strandbodgatan 1
SE-750 23 Uppsala, SWEDEN
Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01
E-mail: thomas.tornblom(a)iar.com <mailto:thomas.tornblom@iar.com>
Website: www.iar.com <http://www.iar.com>
Twitter: www.twitter.com/iarsystems <http://www.twitter.com/iarsystems>
Hi All,
Thanks, Ken and Edison for offering the topics for tomorrow's Tech forum.
The agenda (always open) starts from:
1. Secure Partition Runtime Library
2. PSA FF 1.0.0 alignment
Best regards,
Anton
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Edison Ai via TF-M
Sent: 07 January 2020 08:19
To: 'tf-m(a)lists.trustedfirmware.org' <tf-m(a)lists.trustedfirmware.org>
Cc: nd <nd(a)arm.com>
Subject: Re: [TF-M] TF-M Technical Forum call - January 9
Hi Anton,
I will share something about the PSA FF 1.0.0 alignment. About 10 - 15 minutes.
Thanks,
Edison
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Ken Liu via TF-M
Sent: Tuesday, January 7, 2020 3:33 PM
To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org>
Cc: nd <nd(a)arm.com<mailto:nd@arm.com>>
Subject: Re: [TF-M] TF-M Technical Forum call - January 9
Hi Anton,
I can share the status of Secure Partition Runtime Library in the tech forum.
/Ken
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Anton Komlev via TF-M
Sent: Tuesday, January 7, 2020 1:56 AM
To: TF-M(a)lists.trustedfirmware.org<mailto:TF-M@lists.trustedfirmware.org>
Cc: nd <nd(a)arm.com<mailto:nd@arm.com>>
Subject: [TF-M] TF-M Technical Forum call - January 9
Hello,
Hope that the new year is truly happy for everybody.
The next session of the Technical Forum is planned on the coming Thursday, January 9th.
Regarding the time, I think that the last session was a good compromise to suit majority of the participants so propose to keep the time slot at 7:00-8:00 UTC.
This time suits members in Europe and Asia, although participants from US (specially from the East coast) might have inconveniences.
Reminding that the recorded sessions and materials are available on the web site: https://www.trustedfirmware.org/meetings/tf-m-technical-forum/
Please reply to this email to post your topics for the agenda. Any questions, proposals, concerns are all valid points for our open discussion so do not hesitate to share it.
Best regards,
Anton Komlev
Hi,
As TF-M needs runtime APIs so we are creating the Secure Partition runtime library, code is ready but we have not forwarded all necessary runtime APIs to the version TF-M implemented, this was caused by the toolchain optimization for built-in APIs, such as:
- Forward printf(%s) to puts if there is only one string parameter.
- ARMCLANG would forward memxxx API into an optimized variant.
With the '-fno-builtin' flags set in the toolchain, this optimization would be disabled so that user just implement the same name built-in to replace the toolchain version.
Please help to check these point before applying '-fno-builtin' and provide your feedback:
- Could toolchains out of ARMCLANG and GNUARM have a similar flag?
- Would it affect your project setting and how does it affect?
Please help to feedback. I will keep this thread open for ~1 week and let's get a conclusion after this.
Thanks!
/Ken
On 07/01/2020 01:23, Ken Liu via TF-M wrote:
> Hi Soby,
>
> Thanks for providing the reference - we have investigated the version in TF-A earlier, the difference part is we are facing the problem about how to flush the formatted data into device - TF-A has full control to the device so it could just output_char() but the secure partition cannot do this due to some driver sharing consideration. We can reference the TF-A implementation after the logging device mechanism is settled down.
>
> One question, the ARM Complier built-in would change printf to puts or some other variants in RVCT like __2printf, I searched TF-A sources found there is no '--fbulit-in' or 'no_scanlib' flags for the compiler but looks like TF-A has not met the scenarios TF-M met? Or...the runtime library mechanism for A and M are different?
>
> /Ken
Hi Ken,
The TF-A uses -fno-builtin compiler flag. Hence it doesn't face this
problem. If the goal is to not to pull in compiler builtin libraries,
setting this flag would be the right approach. The TF-M source tree
would need to provide libc.
Best Regards
Soby Mathew
Hi Anton,
I will share something about the PSA FF 1.0.0 alignment. About 10 - 15 minutes.
Thanks,
Edison
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Ken Liu via TF-M
Sent: Tuesday, January 7, 2020 3:33 PM
To: tf-m(a)lists.trustedfirmware.org
Cc: nd <nd(a)arm.com>
Subject: Re: [TF-M] TF-M Technical Forum call - January 9
Hi Anton,
I can share the status of Secure Partition Runtime Library in the tech forum.
/Ken
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Anton Komlev via TF-M
Sent: Tuesday, January 7, 2020 1:56 AM
To: TF-M(a)lists.trustedfirmware.org<mailto:TF-M@lists.trustedfirmware.org>
Cc: nd <nd(a)arm.com<mailto:nd@arm.com>>
Subject: [TF-M] TF-M Technical Forum call - January 9
Hello,
Hope that the new year is truly happy for everybody.
The next session of the Technical Forum is planned on the coming Thursday, January 9th.
Regarding the time, I think that the last session was a good compromise to suit majority of the participants so propose to keep the time slot at 7:00-8:00 UTC.
This time suits members in Europe and Asia, although participants from US (specially from the East coast) might have inconveniences.
Reminding that the recorded sessions and materials are available on the web site: https://www.trustedfirmware.org/meetings/tf-m-technical-forum/
Please reply to this email to post your topics for the agenda. Any questions, proposals, concerns are all valid points for our open discussion so do not hesitate to share it.
Best regards,
Anton Komlev
Hi Anton,
I can share the status of Secure Partition Runtime Library in the tech forum.
/Ken
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Anton Komlev via TF-M
Sent: Tuesday, January 7, 2020 1:56 AM
To: TF-M(a)lists.trustedfirmware.org
Cc: nd <nd(a)arm.com>
Subject: [TF-M] TF-M Technical Forum call - January 9
Hello,
Hope that the new year is truly happy for everybody.
The next session of the Technical Forum is planned on the coming Thursday, January 9th.
Regarding the time, I think that the last session was a good compromise to suit majority of the participants so propose to keep the time slot at 7:00-8:00 UTC.
This time suits members in Europe and Asia, although participants from US (specially from the East coast) might have inconveniences.
Reminding that the recorded sessions and materials are available on the web site: https://www.trustedfirmware.org/meetings/tf-m-technical-forum/
Please reply to this email to post your topics for the agenda. Any questions, proposals, concerns are all valid points for our open discussion so do not hesitate to share it.
Best regards,
Anton Komlev
Hi Soby,
Thanks for providing the reference - we have investigated the version in TF-A earlier, the difference part is we are facing the problem about how to flush the formatted data into device - TF-A has full control to the device so it could just output_char() but the secure partition cannot do this due to some driver sharing consideration. We can reference the TF-A implementation after the logging device mechanism is settled down.
One question, the ARM Complier built-in would change printf to puts or some other variants in RVCT like __2printf, I searched TF-A sources found there is no '--fbulit-in' or 'no_scanlib' flags for the compiler but looks like TF-A has not met the scenarios TF-M met? Or...the runtime library mechanism for A and M are different?
/Ken
-----Original Message-----
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Soby Mathew via TF-M
Sent: Monday, January 6, 2020 9:35 PM
To: Anton Komlev <Anton.Komlev(a)arm.com>; TF-M(a)lists.trustedfirmware.org
Cc: nd <nd(a)arm.com>
Subject: Re: [TF-M] The logging mechanism change in TF-M
On 06/01/2020 11:45, Anton Komlev via TF-M wrote:
> Hi Ken, All,
>
> I like your approach of providing a minimalistic version of printf()
> for the logging purpose only.
>
> This would benefit to code size and performance while rich print
> formatting has no practical needs in this project.
>
> Best regards,
>
> Anton
>
> *From:* TF-M <tf-m-bounces(a)lists.trustedfirmware.org> *On Behalf Of
> *Ken Liu via TF-M
> *Sent:* 27 December 2019 03:38
> *To:* tf-m(a)lists.trustedfirmware.org
> *Cc:* nd <nd(a)arm.com>
> *Subject:* [TF-M] The logging mechanism change in TF-M
>
> Hi,
>
> We met some issues while implementing logging APIs like printf:
>
> * The build-in symbol optimization references other toolchain provided
> symbols into image (like change ‘printf’ to ‘puts’ or ‘xxxprintf’),
> this would happen in both we are implementing your ‘printf’ and
> referencing toolchain ‘printf’. Use a -fno-builtin would suppress
> this but this needs a compiler flag requirement for developers.
> * If we don’t provide necessary symbol but somewhere in program
> referenced it, ARMCLANG would provide one for us which contains the
> semihosting things, this increases the code size and cause trouble
> while the device is not running under semihosting env.
> * Also there are CMSIS user reports that __stdout would affect
> multiple thread object initialization. (No detail about the root
> cause, anyone could help provide something?)
>
> So it would be better that we remove the reference to toolchain stdout
> APIs, this could simplify the logging implementation since firmware
> logging MAY not need rich format (Comments?). A customized printf-like
> API is provided for logging but not being named as ‘printf’ directly.
>
> Due to the default logging device (UART) driver may be implemented for
> threads only, the logging functionality in exceptions is going to be
> suppressed for a while until we figure out how the logging in
> exceptions can be – there is a trade-off between security
> consideration (isolation) and performance (Routing the logging API to somewhere costs).
>
> Please provide your thinking, or what kind of logging API you are using.
>
> Thanks
>
> /Ken
>
The TF-A code base provides a reduced printf() functionality due to similar concerns and to reduce stack/memory usage
https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/lib/libc/p…
Also be aware that mbedTLS requires snprintf() so if printf() is being custom implemented, then it makes sense to do the same to snprintf() as well.
Best Regards
Soby Mathew
--
TF-M mailing list
TF-M(a)lists.trustedfirmware.org
https://lists.trustedfirmware.org/mailman/listinfo/tf-m
This event has been changed.
Title: TF-M Tech Forum
This is an open forum for anyone to participate and it is not restricted to
Trusted Firmware project members. It will operate under the guidance of the
TF TSC.Due to expected attendees from Asia, Europe and the Americas, the
timeslot is challenging. We hope it's not too difficult for anyone - we can
review after the first couple of meetings.Initially we propose a bi-weekly
call and then we'll change cadence depending on interest Feel free to
forward it to colleagues.──────────Bill Fletcher is inviting you to a
scheduled Zoom meeting.Join Zoom Meetinghttps://zoom.us/j/5810428000Meeting
ID: 581 042 8000One tap mobile+16465588656,,5810428000# US (New
York)+16699009128,,5810428000# US (San Jose)Dial by your location +1
646 558 8656 US (New York) +1 669 900 9128 US (San Jose) 877
853 5247 US Toll-free 888 788 0099 US Toll-freeMeeting ID: 581 042
8000Find your local number: https://zoom.us/u/aerUYXPhSL──────────
When: Thu 9 Jan 2020 07:00 – 08:00 United Kingdom Time
Where: https://zoom.us/j/5810428000
Calendar: tf-m(a)lists.trustedfirmware.org
Who:
(Guest list has been hidden at organiser's request)
Event details:
https://www.google.com/calendar/event?action=VIEW&eid=NTZtNXZwM3BsaGltanJkb…
Invitation from Google Calendar: https://www.google.com/calendar/
You are receiving this courtesy email at the account
tf-m(a)lists.trustedfirmware.org because you are an attendee of this event.
To stop receiving future updates for this event, decline this event.
Alternatively, you can sign up for a Google Account at
https://www.google.com/calendar/ and control your notification settings for
your entire calendar.
Forwarding this invitation could allow any recipient to send a response to
the organiser and be added to the guest list, invite others regardless of
their own invitation status or to modify your RSVP. Learn more at
https://support.google.com/calendar/answer/37135#forwarding
You have been invited to the following event.
Title: TF-M Tech Forum
This is an open forum for anyone to participate and it is not restricted to
Trusted Firmware project members. It will operate under the guidance of the
TF TSC.Due to expected attendees from Asia, Europe and the Americas, the
timeslot is challenging. We hope it's not too difficult for anyone - we can
review after the first couple of meetings.Initially we propose a bi-weekly
call and then we'll change cadence depending on interest Feel free to
forward it to colleagues.──────────Bill Fletcher is inviting you to a
scheduled Zoom meeting.Join Zoom Meetinghttps://zoom.us/j/5810428000Meeting
ID: 581 042 8000One tap mobile+16465588656,,5810428000# US (New
York)+16699009128,,5810428000# US (San Jose)Dial by your location +1
646 558 8656 US (New York) +1 669 900 9128 US (San Jose) 877
853 5247 US Toll-free 888 788 0099 US Toll-freeMeeting ID: 581 042
8000Find your local number: https://zoom.us/u/aerUYXPhSL──────────
When: Thu 9 Jan 2020 07:00 – 08:00 United Kingdom Time
Where: https://zoom.us/j/5810428000
Joining info: Join Hangouts Meet
https://meet.google.com/xdb-txmc-xje
Or dial:
+44 20 3956 3237 (PIN:: 515715720)
More phone numbers: https://tel.meet/xdb-txmc-xje?pin=7033981256503&hs=0
Calendar: tf-m(a)lists.trustedfirmware.org
Who:
(Guest list has been hidden at organiser's request)
Event details:
https://www.google.com/calendar/event?action=VIEW&eid=NTZtNXZwM3BsaGltanJkb…
Invitation from Google Calendar: https://www.google.com/calendar/
You are receiving this courtesy email at the account
tf-m(a)lists.trustedfirmware.org because you are an attendee of this event.
To stop receiving future updates for this event, decline this event.
Alternatively, you can sign up for a Google Account at
https://www.google.com/calendar/ and control your notification settings for
your entire calendar.
Forwarding this invitation could allow any recipient to send a response to
the organiser and be added to the guest list, invite others regardless of
their own invitation status or to modify your RSVP. Learn more at
https://support.google.com/calendar/answer/37135#forwarding
Hello,
Hope that the new year is truly happy for everybody.
The next session of the Technical Forum is planned on the coming Thursday, January 9th.
Regarding the time, I think that the last session was a good compromise to suit majority of the participants so propose to keep the time slot at 7:00-8:00 UTC.
This time suits members in Europe and Asia, although participants from US (specially from the East coast) might have inconveniences.
Reminding that the recorded sessions and materials are available on the web site: https://www.trustedfirmware.org/meetings/tf-m-technical-forum/
Please reply to this email to post your topics for the agenda. Any questions, proposals, concerns are all valid points for our open discussion so do not hesitate to share it.
Best regards,
Anton Komlev
> Just a question: For Isolation Level 1, the hardware features of v8-M should be sufficient to implement interrupts natively. Is this correct understanding or did I miss anything?
This is essentially correct. As this is outside of the PSA-FF at present, TF-M would need to design and document how to integrate such IRQ handlers with its interrupt management framework, and how the interrupt handler can interact with the secure service code. For example, this might be achieved by resuming a SFC call that is waiting for a hardware operation to complete or delivering a signal to an IPC mode Secure Partition.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
On 06/01/2020 11:45, Anton Komlev via TF-M wrote:
> Hi Ken, All,
>
> I like your approach of providing a minimalistic version of printf() for
> the logging purpose only.
>
> This would benefit to code size and performance while rich print
> formatting has no practical needs in this project.
>
> Best regards,
>
> Anton
>
> *From:* TF-M <tf-m-bounces(a)lists.trustedfirmware.org> *On Behalf Of *Ken
> Liu via TF-M
> *Sent:* 27 December 2019 03:38
> *To:* tf-m(a)lists.trustedfirmware.org
> *Cc:* nd <nd(a)arm.com>
> *Subject:* [TF-M] The logging mechanism change in TF-M
>
> Hi,
>
> We met some issues while implementing logging APIs like printf:
>
> * The build-in symbol optimization references other toolchain provided
> symbols into image (like change ‘printf’ to ‘puts’ or ‘xxxprintf’),
> this would happen in both we are implementing your ‘printf’ and
> referencing toolchain ‘printf’. Use a -fno-builtin would suppress
> this but this needs a compiler flag requirement for developers.
> * If we don’t provide necessary symbol but somewhere in program
> referenced it, ARMCLANG would provide one for us which contains the
> semihosting things, this increases the code size and cause trouble
> while the device is not running under semihosting env.
> * Also there are CMSIS user reports that __stdout would affect
> multiple thread object initialization. (No detail about the root
> cause, anyone could help provide something?)
>
> So it would be better that we remove the reference to toolchain stdout
> APIs, this could simplify the logging implementation since firmware
> logging MAY not need rich format (Comments?). A customized printf-like
> API is provided for logging but not being named as ‘printf’ directly.
>
> Due to the default logging device (UART) driver may be implemented for
> threads only, the logging functionality in exceptions is going to be
> suppressed for a while until we figure out how the logging in exceptions
> can be – there is a trade-off between security consideration (isolation)
> and performance (Routing the logging API to somewhere costs).
>
> Please provide your thinking, or what kind of logging API you are using.
>
> Thanks
>
> /Ken
>
The TF-A code base provides a reduced printf() functionality due to
similar concerns and to reduce stack/memory usage
https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/lib/libc/p…
Also be aware that mbedTLS requires snprintf() so if printf() is being
custom implemented, then it makes sense to do the same to snprintf() as
well.
Best Regards
Soby Mathew
Hi Ken, All,
I like your approach of providing a minimalistic version of printf() for the logging purpose only.
This would benefit to code size and performance while rich print formatting has no practical needs in this project.
Best regards,
Anton
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Ken Liu via TF-M
Sent: 27 December 2019 03:38
To: tf-m(a)lists.trustedfirmware.org
Cc: nd <nd(a)arm.com>
Subject: [TF-M] The logging mechanism change in TF-M
Hi,
We met some issues while implementing logging APIs like printf:
* The build-in symbol optimization references other toolchain provided symbols into image (like change 'printf' to 'puts' or 'xxxprintf'), this would happen in both we are implementing your 'printf' and referencing toolchain 'printf'. Use a -fno-builtin would suppress this but this needs a compiler flag requirement for developers.
* If we don't provide necessary symbol but somewhere in program referenced it, ARMCLANG would provide one for us which contains the semihosting things, this increases the code size and cause trouble while the device is not running under semihosting env.
* Also there are CMSIS user reports that __stdout would affect multiple thread object initialization. (No detail about the root cause, anyone could help provide something?)
So it would be better that we remove the reference to toolchain stdout APIs, this could simplify the logging implementation since firmware logging MAY not need rich format (Comments?). A customized printf-like API is provided for logging but not being named as 'printf' directly.
Due to the default logging device (UART) driver may be implemented for threads only, the logging functionality in exceptions is going to be suppressed for a while until we figure out how the logging in exceptions can be - there is a trade-off between security consideration (isolation) and performance (Routing the logging API to somewhere costs).
Please provide your thinking, or what kind of logging API you are using.
Thanks
/Ken
This patch will add a new system reset function for SPM without using the existing platform_hal_system_reset(). The basic thinking is to create a dedicated HAL function for SPM to split with services, and not affect the secure partition work.
I am not sure if this will bring some problems or any potential risk for platform porting.
Please give feedback about this in this mail thread.
Thanks,
Edison
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Edison Ai via TF-M
Sent: Monday, December 30, 2019 3:43 PM
To: 'tf-m(a)lists.trustedfirmware.org' <tf-m(a)lists.trustedfirmware.org>
Cc: nd <nd(a)arm.com>
Subject: [TF-M] System reset SPM HAL function
Hi All,
To align with PSA FF 1.0.0, the SPM needs to restart the entire system when some programmer error or panics are detected. So I had upstream a patch to add a system reset HAL function for SPM: https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/2780/.
The basic idea is to add a weak common function so that the platform can use this weak function to do reset. Please note, the platform needs to add its own implementation if there is any different.
Unfortunately, there is no such test to test the system reset function curreetly. So please call psa_panic() in secure services for simple testing based on the top of this link: https://review.trustedfirmware.org/#/q/topic:tfm_panic+(status:open+OR+stat….
You can send mail or add comments directly in patches if you have any questions or comments.
Thanks,
Edison
Hi,
After couples of patches get merged, the Secure Partition runtime library prototype is available. The purpose of this library (aka SPRTL) is to provide a place for shared functions between secure partitions under isolation level 2/3 which could avoid duplicated code symbols in Secure Partitions. The situation is:
- There is a folder for SPE dedicated function implementation: 'secure_fw/lib/sprt'. More APIs can be put in SPRTL by modifying the makefiles under this folder.
- Keep using toolchain provided 'memset/memcpy' due to inherit them is a bit complicated (of course these toolchain symbols are put in the shared region to avoid duplication). And we keep the customized candidate in source code for further investigation to see if we need this customized version or the default version.
- Overriding toolchain 'memcmp' into a customized version to show security consideration.
- Implemented a customized 'tfm_log_printf' to replace 'printf', which could avoid involving complicated STDIO mechanism into the code base.
- PSA FF APIs are now in it.
These changes are now working under the code base, some other functions are not available yet and to be done later due to no actual requirement for them, such as:
- Heap APIs, now crypto uses its own implemented heap while other services do not need them.
- RoT Service APIs, would request service owner to move the existing RoT Service APIs into SPRTL (should be just some function attribute change, let's check it).
Any feedbacks or issue reporting is welcome, please reply in the mailing list or create an issue at developer.trustedfirmware.org and assign to 'KenLSoft'.
BR and thanks.
/Ken
Thanks for the feedback, let me take a note.
/Ken
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Qixiang Xu via TF-M
Sent: Monday, January 6, 2020 1:49 PM
To: tf-m(a)lists.trustedfirmware.org
Subject: Re: [TF-M] [Call for cygwin volunteers] Remove the mbed-crypto building workaround
Ken,
I have cherry picked the patch and tested it on Cygwin:
$ cmake --version
cmake version 3.11.1
CMake suite maintained and supported by Kitware (kitware.com/cmake).
The patch works and no issue found.
Best Regards,
Qixiang Xu
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Ken Liu via TF-M
Sent: Monday, January 6, 2020 11:00 AM
To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org>
Cc: nd <nd(a)arm.com<mailto:nd@arm.com>>
Subject: [TF-M] [Call for cygwin volunteers] Remove the mbed-crypto building workaround
Hi,
I create a patch for removing the workaround for mbed-crypto building:
https://review.trustedfirmware.org/c/trusted-firmware-m/+/3022
We tried on cmake 3.7 and 3.10 with cygwin and it works; can some Cygwin/mingw user pick this patch and test if it could work in your side?
Thanks for your contribution 😊
/Ken
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
Ken,
I have cherry picked the patch and tested it on Cygwin:
$ cmake --version
cmake version 3.11.1
CMake suite maintained and supported by Kitware (kitware.com/cmake).
The patch works and no issue found.
Best Regards,
Qixiang Xu
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Ken Liu via TF-M
Sent: Monday, January 6, 2020 11:00 AM
To: tf-m(a)lists.trustedfirmware.org
Cc: nd <nd(a)arm.com>
Subject: [TF-M] [Call for cygwin volunteers] Remove the mbed-crypto building workaround
Hi,
I create a patch for removing the workaround for mbed-crypto building:
https://review.trustedfirmware.org/c/trusted-firmware-m/+/3022
We tried on cmake 3.7 and 3.10 with cygwin and it works; can some Cygwin/mingw user pick this patch and test if it could work in your side?
Thanks for your contribution 😊
/Ken
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
Hi,
I create a patch for removing the workaround for mbed-crypto building:
https://review.trustedfirmware.org/c/trusted-firmware-m/+/3022
We tried on cmake 3.7 and 3.10 with cygwin and it works; can some Cygwin/mingw user pick this patch and test if it could work in your side?
Thanks for your contribution 😊
/Ken
Hi Andrew,
Thanks for the reply and the confirmation of the flexibility of the PSA-FF
Just a question: For Isolation Level 1, the hardware features of v8-M should be sufficient to implement interrupts natively. Is this correct understanding or did I miss anything?
Reinhard
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
Hi TF-Mers,
Happy new year!
Till now, the core has evolved much and keep evolving. Let's take a breath before we go further, some updates are on the table and wait for comments. Most of the core changes will not affect the usage, but there do have interface related parts needs to be mentioned. Here are the overall topics for comments:
- SPM/core sources renaming and changes, I think this part won't affect user much except those who copied sources into your own project and do the integration.
- The HAL design is on the way, this part do affect the existing platform integration, please take apart in the discussions for this topic (The design would come first).
- Some interface sources changing. Those PSA APIs won't be changed, but the folder name and place may be updated so you may need to change your project setting.
We also got some new features, the design would go first and they would be merged after the update is done (Ideally ;)). Such as interrupt logic/test publish.
These changes are trying to make the platform integration easier, so your feedback is important before these changes take place. And, it also makes the contribution to core logic easier. If you find something is missing, feel free to propose it here and we can discuss how much we could cover.
The detailed topics would be sent one by one (avoid makes everyone too busy).
Please put comments ;)
Thanks
/Ken
Almost miss the link 😉
https://review.trustedfirmware.org/c/trusted-firmware-m/+/2964
/Ken
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Ken Liu via TF-M
Sent: Monday, December 30, 2019 6:45 PM
To: tf-m(a)lists.trustedfirmware.org
Cc: nd <nd(a)arm.com>
Subject: [TF-M] Initialize IPC SPM in handler mode
Hi,
The existing SPM initialization is done in thread mode with PSP, because library model needs to enumerate the partition initialization function in thread mode. And IPC SPM re-uses the code so it is get initialized in this mode, too.
For IPC SPM, it needs to initial thread context and push the initial EXC_RETURN context in each thread’s stack, and the veneer thread (which belongs to non-secure partition instance) re-uses the stack of initial thread mode. This may cause problem since SPM is manipulating the stack it is now standing on. It does not cause problem now is because SPM initialization is working at the low end of stack pointer while the thread context is written at high end stack bottom, and SPM initialization would not return to thread, it just enters PendSV and then go away.
So SPM must work under MSP to avoid touching his standing place – and, the used part of initial thread stack needs to be clean up, for security issues. Now we can’t find a better way to clean both the used PSP stack and the MSP stack, unless we clear the PSP manually while working with MSP, and do a EXC_RETURN from handler mode to reset the MSP stack usage by hardware.
The patches is on the way for this purpose – and follows the patches of jumping to ns without cmse call – cmse call consumes secure stack during the calling while we want a known stack position to identify the caller frames in handler mode.
Patches would come later (I am testing if it could on different platforms).
Thanks.
/Ken