I am trying to follow the instructions provided here:
https://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/contributi…
But I'm stumbling on the very first step:
- Create an issue in http://issues.trustedfirmware.org
to keep others informed about your ongoing work.
When I log into the sight, I have not been able to find how to create an issue.
I see links for "Create Task" and "Create Project" but nothing for "Create Issue".
What am I doing wrong?
Alan
Hi,
We need to keep an eye on some factors which the current prototype ignores. Some that come to my mind:
1. which component shall be the owner of sw dependency info? (Documentation, cmake, something else?).
2. how does the solution scale? (i.e. be able to handle platform specific dependencies).
3. how we handle build configuration specific dependencies? (i.e. if I don't build a service then some dependency is not needed).
4. As Minos mentioned some environment verification is already done by CMake. Is it worth to extract all dependency info (tooling + SW) into a dedicated place?
/George
-----Original Message-----
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Minos Galanakis via TF-M
Sent: 21 October 2019 16:47
To: tf-m(a)lists.trustedfirmware.org
Cc: nd <nd(a)arm.com>
Subject: Re: [TF-M] Python script to generate tf-m dependencies in JSON format
Hi,
Making CMAKE able to output the dependencies it is expecting is the quickest path, but it is only able to resolve a subset of the requirements captured by the documenation. .<https://ci.trustedfirmware.org/job/tf-m-build-test-nightly/lastSuccessfulBu…> For example the cmake version itself, or tools like srec_cat used to produce MUSCA binaries. There are certain dependencies that are provided by other means ( package managers ) .
So while I agree that it looks quite odd, it is hierarchically the origin of the information we are trying to capture.
Minos
________________________________
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> on behalf of Kumar Gala via TF-M <tf-m(a)lists.trustedfirmware.org>
Sent: 21 October 2019 15:25
To: Devaraj Ranganna <Devaraj.Ranganna(a)arm.com>
Cc: tf-m(a)lists.trustedfirmware.org <tf-m(a)lists.trustedfirmware.org>
Subject: Re: [TF-M] Python script to generate tf-m dependencies in JSON format
This feels backwards, parsing rst to determine build steps, dependancies doesn’t feel correct. I think it would be better to codify the build steps in scripts of CMake, etc than reference those in the .rst instead.
- k
> On Oct 21, 2019, at 9:03 AM, Devaraj Ranganna via TF-M <tf-m(a)lists.trustedfirmware.org> wrote:
>
> Hi,
>
> Currently tf-m dependencies are only listed in documentation file (docs/user_guides/tfm_build_instruction.rst) and there is no option to programmatically retrieve it. In order to integrate tf-m into non-secure side RTOSes, it is very essential to be able build tf-m automatically without manual intervention (may be as part of CI).
>
> The tf-m CI build system uses fixed values for dependencies and it is the responsibility of developers who update the dependencies to update the documentation and the CI build system.
>
> If non-secure side RTOSes use fix values for tf-m dependencies then either build or regression tests may fail when tf-m updates dependencies. In order avoid this issue, I’m proposing the following
>
>
> * Use a reStructuredText grid table to define dependencies
> * Python script to produce a json file in the root directory when invoked as standalone script or to return a json string when imported into another python script
>
> I’ve created a patch set (https://review.trustedfirmware.org/c/trusted-firmware-m/+/2333) with above changes. I’d appreciate your inputs/feedback on this proposal.
>
> This will also ensure that dependencies are captured in one place (docs/user_guides/tfm_build_instruction.rst).
>
> Additionally, have another python script as “post-checkout” git hook which can parse dependencies in JSON format and clone them automatically when tf-m repository is cloned or when switching from master to feature branch and vice versa.
>
> Thanks,
> Dev
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
> --
> TF-M mailing list
> TF-M(a)lists.trustedfirmware.org
> https://lists.trustedfirmware.org/mailman/listinfo/tf-m
--
TF-M mailing list
TF-M(a)lists.trustedfirmware.org
https://lists.trustedfirmware.org/mailman/listinfo/tf-m
--
TF-M mailing list
TF-M(a)lists.trustedfirmware.org
https://lists.trustedfirmware.org/mailman/listinfo/tf-m
Hi,
Making CMAKE able to output the dependencies it is expecting is the quickest path, but it is only able to resolve a subset of the requirements captured by the documenation. .<https://ci.trustedfirmware.org/job/tf-m-build-test-nightly/lastSuccessfulBu…> For example the cmake version itself, or tools like srec_cat used to produce MUSCA binaries. There are certain dependencies that are provided by other means ( package managers ) .
So while I agree that it looks quite odd, it is hierarchically the origin of the information we are trying to capture.
Minos
________________________________
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> on behalf of Kumar Gala via TF-M <tf-m(a)lists.trustedfirmware.org>
Sent: 21 October 2019 15:25
To: Devaraj Ranganna <Devaraj.Ranganna(a)arm.com>
Cc: tf-m(a)lists.trustedfirmware.org <tf-m(a)lists.trustedfirmware.org>
Subject: Re: [TF-M] Python script to generate tf-m dependencies in JSON format
This feels backwards, parsing rst to determine build steps, dependancies doesn’t feel correct. I think it would be better to codify the build steps in scripts of CMake, etc than reference those in the .rst instead.
- k
> On Oct 21, 2019, at 9:03 AM, Devaraj Ranganna via TF-M <tf-m(a)lists.trustedfirmware.org> wrote:
>
> Hi,
>
> Currently tf-m dependencies are only listed in documentation file (docs/user_guides/tfm_build_instruction.rst) and there is no option to programmatically retrieve it. In order to integrate tf-m into non-secure side RTOSes, it is very essential to be able build tf-m automatically without manual intervention (may be as part of CI).
>
> The tf-m CI build system uses fixed values for dependencies and it is the responsibility of developers who update the dependencies to update the documentation and the CI build system.
>
> If non-secure side RTOSes use fix values for tf-m dependencies then either build or regression tests may fail when tf-m updates dependencies. In order avoid this issue, I’m proposing the following
>
>
> * Use a reStructuredText grid table to define dependencies
> * Python script to produce a json file in the root directory when invoked as standalone script or to return a json string when imported into another python script
>
> I’ve created a patch set (https://review.trustedfirmware.org/c/trusted-firmware-m/+/2333) with above changes. I’d appreciate your inputs/feedback on this proposal.
>
> This will also ensure that dependencies are captured in one place (docs/user_guides/tfm_build_instruction.rst).
>
> Additionally, have another python script as “post-checkout” git hook which can parse dependencies in JSON format and clone them automatically when tf-m repository is cloned or when switching from master to feature branch and vice versa.
>
> Thanks,
> Dev
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
> --
> TF-M mailing list
> TF-M(a)lists.trustedfirmware.org
> https://lists.trustedfirmware.org/mailman/listinfo/tf-m
--
TF-M mailing list
TF-M(a)lists.trustedfirmware.org
https://lists.trustedfirmware.org/mailman/listinfo/tf-m
This feels backwards, parsing rst to determine build steps, dependancies doesn’t feel correct. I think it would be better to codify the build steps in scripts of CMake, etc than reference those in the .rst instead.
- k
> On Oct 21, 2019, at 9:03 AM, Devaraj Ranganna via TF-M <tf-m(a)lists.trustedfirmware.org> wrote:
>
> Hi,
>
> Currently tf-m dependencies are only listed in documentation file (docs/user_guides/tfm_build_instruction.rst) and there is no option to programmatically retrieve it. In order to integrate tf-m into non-secure side RTOSes, it is very essential to be able build tf-m automatically without manual intervention (may be as part of CI).
>
> The tf-m CI build system uses fixed values for dependencies and it is the responsibility of developers who update the dependencies to update the documentation and the CI build system.
>
> If non-secure side RTOSes use fix values for tf-m dependencies then either build or regression tests may fail when tf-m updates dependencies. In order avoid this issue, I’m proposing the following
>
>
> * Use a reStructuredText grid table to define dependencies
> * Python script to produce a json file in the root directory when invoked as standalone script or to return a json string when imported into another python script
>
> I’ve created a patch set (https://review.trustedfirmware.org/c/trusted-firmware-m/+/2333) with above changes. I’d appreciate your inputs/feedback on this proposal.
>
> This will also ensure that dependencies are captured in one place (docs/user_guides/tfm_build_instruction.rst).
>
> Additionally, have another python script as “post-checkout” git hook which can parse dependencies in JSON format and clone them automatically when tf-m repository is cloned or when switching from master to feature branch and vice versa.
>
> Thanks,
> Dev
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
> --
> TF-M mailing list
> TF-M(a)lists.trustedfirmware.org
> https://lists.trustedfirmware.org/mailman/listinfo/tf-m
Hi,
Currently tf-m dependencies are only listed in documentation file (docs/user_guides/tfm_build_instruction.rst) and there is no option to programmatically retrieve it. In order to integrate tf-m into non-secure side RTOSes, it is very essential to be able build tf-m automatically without manual intervention (may be as part of CI).
The tf-m CI build system uses fixed values for dependencies and it is the responsibility of developers who update the dependencies to update the documentation and the CI build system.
If non-secure side RTOSes use fix values for tf-m dependencies then either build or regression tests may fail when tf-m updates dependencies. In order avoid this issue, I’m proposing the following
* Use a reStructuredText grid table to define dependencies
* Python script to produce a json file in the root directory when invoked as standalone script or to return a json string when imported into another python script
I’ve created a patch set (https://review.trustedfirmware.org/c/trusted-firmware-m/+/2333) with above changes. I’d appreciate your inputs/feedback on this proposal.
This will also ensure that dependencies are captured in one place (docs/user_guides/tfm_build_instruction.rst).
Additionally, have another python script as “post-checkout” git hook which can parse dependencies in JSON format and clone them automatically when tf-m repository is cloned or when switching from master to feature branch and vice versa.
Thanks,
Dev
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
Hi Kumar,
there are some internal discussions on how "build system provisioning" and dependency handling can be enhanced. For now the most convenient might be to use the CI configuration files available here: https://git.trustedfirmware.org/ci/dockerfiles.git/tree/xenial-amd64-tf-m-b…
/George
-----Original Message-----
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Kumar Gala via TF-M
Sent: 18 October 2019 15:53
To: David Vincze <David.Vincze(a)arm.com>
Cc: nd <nd(a)arm.com>; tf-m(a)lists.trustedfirmware.org
Subject: Re: [TF-M] New tool requirement in TF-M
My point was that having them in a file that you an pass to pip install -r would be a useful thing and make setup easier for the user.
- k
> On Oct 18, 2019, at 2:59 AM, David Vincze <David.Vincze(a)arm.com> wrote:
>
> Hi Kumar,
>
> We also have one in TF-M:
> https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/2147/4/doc
> s/user_guides/tfm_sw_requirement.rst
>
> David
>
> -----Original Message-----
> From: Kumar Gala <kumar.gala(a)linaro.org>
> Sent: 17 October 2019 15:52
> To: David Vincze <David.Vincze(a)arm.com>
> Cc: tf-m(a)lists.trustedfirmware.org; nd <nd(a)arm.com>
> Subject: Re: [TF-M] New tool requirement in TF-M
>
> Might be good to have some kinda of requirements.txt that lists out all python modules needed.
>
> In zephyr there is:
>
> https://github.com/zephyrproject-rtos/zephyr/blob/master/scripts/requi
> rements.txt
>
> You can see the install/setup guide details here:
>
> https://docs.zephyrproject.org/latest/getting_started/index.html#insta
> ll-python-dependencies
>
> - k
>
>> On Oct 17, 2019, at 5:20 AM, David Vincze via TF-M <tf-m(a)lists.trustedfirmware.org> wrote:
>>
>> Hi All,
>>
>> We will merge this patch (https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/2147/) to TF-M during the day.
>> It adds the cbor 1.0.0 Python package to the list of tools that are
>> required to build TF-M. Once it is merged, this package has to be
>> installed in the build environment, otherwise the builds will fail.
>> The cbor package can be installed with the following command: pip3 install --user cbor (or manually after downloading the package from here: https://pypi.org/project/cbor/).
>>
>> Regards,
>> David Vincze
>> --
>> TF-M mailing list
>> TF-M(a)lists.trustedfirmware.org
>> https://lists.trustedfirmware.org/mailman/listinfo/tf-m
>
--
TF-M mailing list
TF-M(a)lists.trustedfirmware.org
https://lists.trustedfirmware.org/mailman/listinfo/tf-m
Hi All,
We will merge this patch (https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/2147/) to TF-M during the day.
It adds the cbor 1.0.0 Python package to the list of tools that are required to build TF-M. Once it is merged, this package
has to be installed in the build environment, otherwise the builds will fail. The cbor package can be installed with the
following command: pip3 install --user cbor
(or manually after downloading the package from here: https://pypi.org/project/cbor/).
Regards,
David Vincze
Hi all,
I have 3 patches on review (/2149<https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/2149/>, /2148<https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/2148/>, /2147<https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/2147/>) that will change the interface between MCUBoot and the runtime SW. Currently the bootloader passes the measured boot status data
to the attestation service through a shared memory area as individual claims (in TLV format). With these changes the boot status data will be encoded to CBOR format at build time
and will be added to the image manifest during the image signing process. The bootloader will share this data the same way as before (as a new type of TLV), however the attestation
service will have to handle this data differently as it's already CBOR encoded.
This can cause the attestation tests to fail if an older MCUBoot image has been used with a newer build of the secure image or vice versa. To address this issuse / provide backward
compatibility the new 'ATTEST_BOOT_INTERFACE' variable will be introduced in the build system (in one of the above patches) to be able to get back the old behavior. For this the
'ATTEST_BOOT_INTERFACE' variable has to be set to "INDIVIDUAL_CLAIMS" in the CMake configuration step:
"cmake -G"Unix Makefiles" -DPROJ_CONFIG=../configs/ConfigRegression.cmake -DTARGET_PLATFORM=AN521 -DCOMPILER=GNUARM
-DATTEST_BOOT_INTERFACE=INDIVIDUAL_CLAIMS ../"
The old behavior will be retained for a while, however we have an intention to remove it entirely from the code in the future.
Please let me know if you have any questions or concerns. I'd also welcome any feedback on the reviews.
Best regards,
David Vincze
Hi Alan,
Thanks for the suggestion and the clarifications provided to Ken.
During the course of the mail thread, you raised a design principle issue as well as implementation details, and I'll try to address the design principle question later as that is an important topic, but first allow me to touch on one implementation detail for this specific feature:
While convenient in GCC, weak symbols are not defined by the C99 standard and their use and syntax is therefore compiler-specific, which is not good from a portability point of view and may cause difficulties with different toolchains. In my opinion a preprocessor-based solution e.g. in the switch-case of the generic SVC handler would be more portable. Could you check the feasibility of that approach? The default expansion could be empty for platforms that do not implement platform-specific SVC handlers, and an arbitrary list of additional case statements for SVC numbers implemented by the platform code for your platform.
Please let us know your thoughts,
Miklos
-----Original Message-----
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of DeMars, Alan via TF-M
Sent: 10 October 2019 15:45
To: Ken Liu (Arm Technology China) <Ken.Liu(a)arm.com>
Cc: nd <nd(a)arm.com>; tf-m(a)lists.trustedfirmware.org
Subject: Re: [TF-M] [EXTERNAL] Re: augmenting the SVC_Handler_IPC() to support custom services
I agree with the approach you suggest.
I planned to put the non-weak implementation in the same directory as spm_hal.c and target_cfg.c, etc. I’ll name the file “platform_svc_hal.c“ to reflect the common/platform_svc.c it is related to.
Alan
> On Oct 9, 2019, at 9:54 PM, Ken Liu (Arm Technology China) via TF-M <tf-m(a)lists.trustedfirmware.org> wrote:
>
> Well, I was trying to see the whole picture, but looks like they are platform specific and some part is not public.
>
> Back to focus the SVC proposal itself, the weak function looks well, can you considerate these:
>
> - Put the implementation of the weak function under: platform/ext/common/platform_svc.c?
>
> Before this, we need to:
>
> - Reserve a range for platform SVC, and let platform define it by themselves.
>
> The reason is:
>
> - These extended SVCs are from specific vendors, which means from specific platforms. So I think it is reasonable to put it into platform scope. Or do you think it is a common case out of platform scope?
>
> Thanks.
>
> /Ken
>
> -----Original Message-----
> From: DeMars, Alan <ademars(a)ti.com>
> Sent: Thursday, October 10, 2019 12:38 PM
> To: Ken Liu (Arm Technology China) <Ken.Liu(a)arm.com>
> Cc: tf-m(a)lists.trustedfirmware.org; nd <nd(a)arm.com>
> Subject: Re: [TF-M] [EXTERNAL] Re: augmenting the SVC_Handler_IPC() to
> support custom services
>
> I think I’ve already provided the changes I propose. The ‘default’ case will be for the SVC handler to invoke the provided weak defined function as shown. If a non-weak version of the function exists during the link process, the non-weak implementation will be invoked instead.
>
> My intent is to provide a proprietary non-weak implementation of “custom_ipc_svc_handlers()”.
>
> Alan
>
>> On Oct 9, 2019, at 9:22 PM, Ken Liu (Arm Technology China) via TF-M <tf-m(a)lists.trustedfirmware.org> wrote:
>>
>> Hi Alan,
>>
>> The example here is the worst case for APP RoT accessing the peripherals, so you are right with the latency issue in this case. In most cases, the service manipulating the secure hardware can be PSA RoT so they access the peripheral directly.
>>
>> I am curious about the requirements you are facing so I am eager to see the changes.
>>
>> Thanks.
>>
>> /Ken
>>
>>
>> -----Original Message-----
>> From: DeMars, Alan <ademars(a)ti.com>
>> Sent: Thursday, October 10, 2019 12:07 PM
>> To: Ken Liu (Arm Technology China) <Ken.Liu(a)arm.com>
>> Cc: tf-m(a)lists.trustedfirmware.org; nd <nd(a)arm.com>
>> Subject: Re: [EXTERNAL] Re: [TF-M] augmenting the SVC_Handler_IPC()
>> to support custom services
>>
>> Ken,
>>
>> If I understand the proposal, I’m afraid the latency and overhead associated with every peripheral register access (read or write) would be completely unacceptable for our requirements.
>>
>> Alan
>>
>>>> On Oct 9, 2019, at 8:47 PM, Ken Liu (Arm Technology China) via TF-M <tf-m(a)lists.trustedfirmware.org> wrote:
>>>
>>> Hi Alan,
>>>
>>> The secure service is allowed to access some peripherals they want (introduce them in the manifest file), which means if you want to access a I2C device you can just (ALL CODE HERE IS PSEUDO CODE AND IS NOT REAL):
>>>
>>> I2c_write (I2C_ADDR, SLAVE_ADDR, value);
>>>
>>> While:
>>> I2c_write(addr, value) { *host_reg_slave_addr = addr;
>>> *host_reg_slave_data = value; *host_reg_control_go = 1; }
>>>
>>> The reason of providing the SVC interface is because the APP RoT Service may want to access some registers but they could not because those registers may be set as privileged.
>>>
>>> The secure service needs to handle the hardware driver in their own domain instead of putting all drivers into core.
>>>
>>> So the in the handler there would be permission checking:
>>>
>>> case SVC_ACCESS_RESOUCE:
>>> If (spm_check_address_ownership(addr, CURRENT_SP))
>>> ret = do_access(addr, data, sz, flags);
>>>
>>> And the IIC_WRITE was implemented as:
>>> I2c_write(addr, value) { *host_reg_slave_addr = addr;
>>> *host_reg_slave_data = value; *host_reg_control_go = 1; }
>>>
>>> Now turned into:
>>> I2c_write(addr, value) { SVC_ACCESS(host_reg_slave_addr, addr,
>>> flag), SVC_ACCESS(host_reg_slave_data, value, flag),
>>> SVC_ACCESS(host_reg_control_go, 1, flag)}
>>>
>>> But if you are saying that, there are some even more complex logics for example some I2C devices can be accessed under privileged only while all the rest can be accessed freely, yes, the interface I proposed is limited. In this case you can introduce the customized logic into core with some new SVC.
>>>
>>> If the previous line is your case, please go on with the modification in the first mail, the modification looks okay, and let's discuss base on the patches.
>>>
>>> Thanks.
>>>
>>> /Ken
>>>
>>> -----Original Message-----
>>> From: DeMars, Alan <ademars(a)ti.com>
>>> Sent: Thursday, October 10, 2019 11:14 AM
>>> To: Ken Liu (Arm Technology China) <Ken.Liu(a)arm.com>
>>> Cc: nd <nd(a)arm.com>
>>> Subject: RE: augmenting the SVC_Handler_IPC() to support custom
>>> services
>>>
>>> I think the TFM_SVC_ACCESS_RESOURCE proposal is too limiting. What if (as is true in our case) there is a complex sequence of writes/reads and careful timing that must be performed to access a resource?
>>>
>>> I'm not sure why TF-M is wanting/needing to limit what I can do with the secure SVC handler. You've claimed ownership of the standard mechanism for entering secure privileged mode and are more-or-less dictating the set of APIs that can be provided/implemented with this standard mechanism.
>>>
>>> Alan
>>>
>>> -----Original Message-----
>>> From: Ken Liu (Arm Technology China) [mailto:Ken.Liu@arm.com]
>>> Sent: Wednesday, October 9, 2019 7:47 PM
>>> To: DeMars, Alan
>>> Cc: nd
>>> Subject: [EXTERNAL] RE: augmenting the SVC_Handler_IPC() to support
>>> custom services
>>>
>>> Hi Alan,
>>>
>>> Since the peripheral accessing functionality is missing now, the way you mentioned would be the only choice. We got a plan to implement some function for accessing privileged resources, can you promote your function into a common implementation so that we could re-use your code for future development?
>>>
>>> The proposed way would be:
>>> TFM_SVC_ACCESS_RESOURCE
>>>
>>> And the parameter would be:
>>>
>>> uintptr_t resource_addr /* The address you want to access */ void
>>> *p_user_buffer /* User-provided buffer */ size_t size /* size of
>>> user buffer */ uint32_t flags /* Flags, like read/write */
>>>
>>> Or you can define a customized structure for the parameter (if you put more than 4 parameters svc_handler need to dispatch customized aapcs which makes life hard) when you are accessing some serial connected devices?
>>>
>>> Thanks.
>>>
>>> /Ken
>>>
>>> -----Original Message-----
>>> From: DeMars, Alan <ademars(a)ti.com>
>>> Sent: Thursday, October 10, 2019 10:27 AM
>>> To: Ken Liu (Arm Technology China) <Ken.Liu(a)arm.com>
>>> Cc: nd <nd(a)arm.com>
>>> Subject: RE: augmenting the SVC_Handler_IPC() to support custom
>>> services
>>>
>>> Ken,
>>>
>>> There are certain resources that can only be interrogated in secure privilege mode on our platform. Nonetheless, unprivileged SP code (ie level 2) will need to be informed of content available in those privileged resources. As TFM has claimed ownership of the SVC handler, I need to extend that SVC handler to provide the functionality our SP services require.
>>>
>>> Alan
>>>
>>> -----Original Message-----
>>> From: TF-M [mailto:tf-m-bounces@lists.trustedfirmware.org] On Behalf
>>> Of Ken Liu (Arm Technology China) via TF-M
>>> Sent: Wednesday, October 9, 2019 7:04 PM
>>> To: tf-m(a)lists.trustedfirmware.org
>>> Cc: nd
>>> Subject: [EXTERNAL] Re: [TF-M] augmenting the SVC_Handler_IPC() to
>>> support custom services
>>>
>>> Hi Alan,
>>>
>>> Looks like you are working under IPC model, and you need something to do in core/spm. If you can provide more details then it will be great.
>>>
>>> From the code change itself, it has no problem, I am planning a re-structure on this part so if there are issues we can fix them later one. But when we look at the service programming model, we need to know the newly added SVC function is really an 'spm/core' function.
>>>
>>> Calling an SVC typically happen when we want to access privileged resource (registers or restricted memory), or some other customized behaviours.
>>> We need to be careful when we adding core functionalities because TF-M IPC model maintains a very small core and provide only necessary core functionalities (scheduling, spm). There are PSA RoT Services who has a higher privileged level already, and secure partition can access the peripheral they want.
>>>
>>> Thanks.
>>>
>>> /Ken
>>>
>>> -----Original Message-----
>>> From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of
>>> DeMars, Alan via TF-M
>>> Sent: Thursday, October 10, 2019 4:38 AM
>>> To: 'tf-m(a)lists.trustedfirmware.org'
>>> <tf-m(a)lists.trustedfirmware.org>
>>> Subject: [TF-M] augmenting the SVC_Handler_IPC() to support custom
>>> services
>>>
>>> I need to add custom SPM APIs to augment our SP services. Consequently, I need to extend the set of SVCs supported in SVC_Handler_IPC().
>>>
>>> I propose to modify the SVC_Handler_IPC() function's 'default' handler to invoke a locally defined weak function such as below:
>>>
>>> default:
>>> return (custom_ipc_svc_handlers(svc_num, ctx, lr));
>>>
>>> __attribute__((weak))
>>> int32_t custom_ipc_svc_handlers(tfm_svc_number_t svc_num, uint32_t *ctx, uint32_t lr) {
>>> LOG_MSG("Unknown SVC number requested!");
>>> return PSA_ERROR_GENERIC_ERROR; }
>>>
>>> This will allow a 'strong'ly defined custom_ipc_svc_handlers() function to be invoked if provided.
>>>
>>> Is this OK?
>>>
>>> Another approach is for me to hijack the root SVC handler in the secure vector table, but this seems too heavy handed to me.
>>>
>>> Alan
>>> --
>>> TF-M mailing list
>>> TF-M(a)lists.trustedfirmware.org
>>> https://lists.trustedfirmware.org/mailman/listinfo/tf-m
>>> --
>>> TF-M mailing list
>>> TF-M(a)lists.trustedfirmware.org
>>> https://lists.trustedfirmware.org/mailman/listinfo/tf-m
>>> --
>>> TF-M mailing list
>>> TF-M(a)lists.trustedfirmware.org
>>> https://lists.trustedfirmware.org/mailman/listinfo/tf-m
>> --
>> TF-M mailing list
>> TF-M(a)lists.trustedfirmware.org
>> https://lists.trustedfirmware.org/mailman/listinfo/tf-m
> --
> TF-M mailing list
> TF-M(a)lists.trustedfirmware.org
> https://lists.trustedfirmware.org/mailman/listinfo/tf-m
--
TF-M mailing list
TF-M(a)lists.trustedfirmware.org
https://lists.trustedfirmware.org/mailman/listinfo/tf-m
I agree with the approach you suggest.
I planned to put the non-weak implementation in the same directory as spm_hal.c and target_cfg.c, etc. I’ll name the file “platform_svc_hal.c“ to reflect the common/platform_svc.c it is related to.
Alan
> On Oct 9, 2019, at 9:54 PM, Ken Liu (Arm Technology China) via TF-M <tf-m(a)lists.trustedfirmware.org> wrote:
>
> Well, I was trying to see the whole picture, but looks like they are platform specific and some part is not public.
>
> Back to focus the SVC proposal itself, the weak function looks well, can you considerate these:
>
> - Put the implementation of the weak function under: platform/ext/common/platform_svc.c?
>
> Before this, we need to:
>
> - Reserve a range for platform SVC, and let platform define it by themselves.
>
> The reason is:
>
> - These extended SVCs are from specific vendors, which means from specific platforms. So I think it is reasonable to put it into platform scope. Or do you think it is a common case out of platform scope?
>
> Thanks.
>
> /Ken
>
> -----Original Message-----
> From: DeMars, Alan <ademars(a)ti.com>
> Sent: Thursday, October 10, 2019 12:38 PM
> To: Ken Liu (Arm Technology China) <Ken.Liu(a)arm.com>
> Cc: tf-m(a)lists.trustedfirmware.org; nd <nd(a)arm.com>
> Subject: Re: [TF-M] [EXTERNAL] Re: augmenting the SVC_Handler_IPC() to support custom services
>
> I think I’ve already provided the changes I propose. The ‘default’ case will be for the SVC handler to invoke the provided weak defined function as shown. If a non-weak version of the function exists during the link process, the non-weak implementation will be invoked instead.
>
> My intent is to provide a proprietary non-weak implementation of “custom_ipc_svc_handlers()”.
>
> Alan
>
>> On Oct 9, 2019, at 9:22 PM, Ken Liu (Arm Technology China) via TF-M <tf-m(a)lists.trustedfirmware.org> wrote:
>>
>> Hi Alan,
>>
>> The example here is the worst case for APP RoT accessing the peripherals, so you are right with the latency issue in this case. In most cases, the service manipulating the secure hardware can be PSA RoT so they access the peripheral directly.
>>
>> I am curious about the requirements you are facing so I am eager to see the changes.
>>
>> Thanks.
>>
>> /Ken
>>
>>
>> -----Original Message-----
>> From: DeMars, Alan <ademars(a)ti.com>
>> Sent: Thursday, October 10, 2019 12:07 PM
>> To: Ken Liu (Arm Technology China) <Ken.Liu(a)arm.com>
>> Cc: tf-m(a)lists.trustedfirmware.org; nd <nd(a)arm.com>
>> Subject: Re: [EXTERNAL] Re: [TF-M] augmenting the SVC_Handler_IPC() to
>> support custom services
>>
>> Ken,
>>
>> If I understand the proposal, I’m afraid the latency and overhead associated with every peripheral register access (read or write) would be completely unacceptable for our requirements.
>>
>> Alan
>>
>>>> On Oct 9, 2019, at 8:47 PM, Ken Liu (Arm Technology China) via TF-M <tf-m(a)lists.trustedfirmware.org> wrote:
>>>
>>> Hi Alan,
>>>
>>> The secure service is allowed to access some peripherals they want (introduce them in the manifest file), which means if you want to access a I2C device you can just (ALL CODE HERE IS PSEUDO CODE AND IS NOT REAL):
>>>
>>> I2c_write (I2C_ADDR, SLAVE_ADDR, value);
>>>
>>> While:
>>> I2c_write(addr, value) { *host_reg_slave_addr = addr;
>>> *host_reg_slave_data = value; *host_reg_control_go = 1; }
>>>
>>> The reason of providing the SVC interface is because the APP RoT Service may want to access some registers but they could not because those registers may be set as privileged.
>>>
>>> The secure service needs to handle the hardware driver in their own domain instead of putting all drivers into core.
>>>
>>> So the in the handler there would be permission checking:
>>>
>>> case SVC_ACCESS_RESOUCE:
>>> If (spm_check_address_ownership(addr, CURRENT_SP))
>>> ret = do_access(addr, data, sz, flags);
>>>
>>> And the IIC_WRITE was implemented as:
>>> I2c_write(addr, value) { *host_reg_slave_addr = addr;
>>> *host_reg_slave_data = value; *host_reg_control_go = 1; }
>>>
>>> Now turned into:
>>> I2c_write(addr, value) { SVC_ACCESS(host_reg_slave_addr, addr, flag),
>>> SVC_ACCESS(host_reg_slave_data, value, flag),
>>> SVC_ACCESS(host_reg_control_go, 1, flag)}
>>>
>>> But if you are saying that, there are some even more complex logics for example some I2C devices can be accessed under privileged only while all the rest can be accessed freely, yes, the interface I proposed is limited. In this case you can introduce the customized logic into core with some new SVC.
>>>
>>> If the previous line is your case, please go on with the modification in the first mail, the modification looks okay, and let's discuss base on the patches.
>>>
>>> Thanks.
>>>
>>> /Ken
>>>
>>> -----Original Message-----
>>> From: DeMars, Alan <ademars(a)ti.com>
>>> Sent: Thursday, October 10, 2019 11:14 AM
>>> To: Ken Liu (Arm Technology China) <Ken.Liu(a)arm.com>
>>> Cc: nd <nd(a)arm.com>
>>> Subject: RE: augmenting the SVC_Handler_IPC() to support custom
>>> services
>>>
>>> I think the TFM_SVC_ACCESS_RESOURCE proposal is too limiting. What if (as is true in our case) there is a complex sequence of writes/reads and careful timing that must be performed to access a resource?
>>>
>>> I'm not sure why TF-M is wanting/needing to limit what I can do with the secure SVC handler. You've claimed ownership of the standard mechanism for entering secure privileged mode and are more-or-less dictating the set of APIs that can be provided/implemented with this standard mechanism.
>>>
>>> Alan
>>>
>>> -----Original Message-----
>>> From: Ken Liu (Arm Technology China) [mailto:Ken.Liu@arm.com]
>>> Sent: Wednesday, October 9, 2019 7:47 PM
>>> To: DeMars, Alan
>>> Cc: nd
>>> Subject: [EXTERNAL] RE: augmenting the SVC_Handler_IPC() to support
>>> custom services
>>>
>>> Hi Alan,
>>>
>>> Since the peripheral accessing functionality is missing now, the way you mentioned would be the only choice. We got a plan to implement some function for accessing privileged resources, can you promote your function into a common implementation so that we could re-use your code for future development?
>>>
>>> The proposed way would be:
>>> TFM_SVC_ACCESS_RESOURCE
>>>
>>> And the parameter would be:
>>>
>>> uintptr_t resource_addr /* The address you want to access */ void
>>> *p_user_buffer /* User-provided buffer */ size_t size /* size of user
>>> buffer */ uint32_t flags /* Flags, like read/write */
>>>
>>> Or you can define a customized structure for the parameter (if you put more than 4 parameters svc_handler need to dispatch customized aapcs which makes life hard) when you are accessing some serial connected devices?
>>>
>>> Thanks.
>>>
>>> /Ken
>>>
>>> -----Original Message-----
>>> From: DeMars, Alan <ademars(a)ti.com>
>>> Sent: Thursday, October 10, 2019 10:27 AM
>>> To: Ken Liu (Arm Technology China) <Ken.Liu(a)arm.com>
>>> Cc: nd <nd(a)arm.com>
>>> Subject: RE: augmenting the SVC_Handler_IPC() to support custom
>>> services
>>>
>>> Ken,
>>>
>>> There are certain resources that can only be interrogated in secure privilege mode on our platform. Nonetheless, unprivileged SP code (ie level 2) will need to be informed of content available in those privileged resources. As TFM has claimed ownership of the SVC handler, I need to extend that SVC handler to provide the functionality our SP services require.
>>>
>>> Alan
>>>
>>> -----Original Message-----
>>> From: TF-M [mailto:tf-m-bounces@lists.trustedfirmware.org] On Behalf
>>> Of Ken Liu (Arm Technology China) via TF-M
>>> Sent: Wednesday, October 9, 2019 7:04 PM
>>> To: tf-m(a)lists.trustedfirmware.org
>>> Cc: nd
>>> Subject: [EXTERNAL] Re: [TF-M] augmenting the SVC_Handler_IPC() to
>>> support custom services
>>>
>>> Hi Alan,
>>>
>>> Looks like you are working under IPC model, and you need something to do in core/spm. If you can provide more details then it will be great.
>>>
>>> From the code change itself, it has no problem, I am planning a re-structure on this part so if there are issues we can fix them later one. But when we look at the service programming model, we need to know the newly added SVC function is really an 'spm/core' function.
>>>
>>> Calling an SVC typically happen when we want to access privileged resource (registers or restricted memory), or some other customized behaviours.
>>> We need to be careful when we adding core functionalities because TF-M IPC model maintains a very small core and provide only necessary core functionalities (scheduling, spm). There are PSA RoT Services who has a higher privileged level already, and secure partition can access the peripheral they want.
>>>
>>> Thanks.
>>>
>>> /Ken
>>>
>>> -----Original Message-----
>>> From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of
>>> DeMars, Alan via TF-M
>>> Sent: Thursday, October 10, 2019 4:38 AM
>>> To: 'tf-m(a)lists.trustedfirmware.org' <tf-m(a)lists.trustedfirmware.org>
>>> Subject: [TF-M] augmenting the SVC_Handler_IPC() to support custom
>>> services
>>>
>>> I need to add custom SPM APIs to augment our SP services. Consequently, I need to extend the set of SVCs supported in SVC_Handler_IPC().
>>>
>>> I propose to modify the SVC_Handler_IPC() function's 'default' handler to invoke a locally defined weak function such as below:
>>>
>>> default:
>>> return (custom_ipc_svc_handlers(svc_num, ctx, lr));
>>>
>>> __attribute__((weak))
>>> int32_t custom_ipc_svc_handlers(tfm_svc_number_t svc_num, uint32_t *ctx, uint32_t lr) {
>>> LOG_MSG("Unknown SVC number requested!");
>>> return PSA_ERROR_GENERIC_ERROR; }
>>>
>>> This will allow a 'strong'ly defined custom_ipc_svc_handlers() function to be invoked if provided.
>>>
>>> Is this OK?
>>>
>>> Another approach is for me to hijack the root SVC handler in the secure vector table, but this seems too heavy handed to me.
>>>
>>> Alan
>>> --
>>> TF-M mailing list
>>> TF-M(a)lists.trustedfirmware.org
>>> https://lists.trustedfirmware.org/mailman/listinfo/tf-m
>>> --
>>> TF-M mailing list
>>> TF-M(a)lists.trustedfirmware.org
>>> https://lists.trustedfirmware.org/mailman/listinfo/tf-m
>>> --
>>> TF-M mailing list
>>> TF-M(a)lists.trustedfirmware.org
>>> https://lists.trustedfirmware.org/mailman/listinfo/tf-m
>> --
>> TF-M mailing list
>> TF-M(a)lists.trustedfirmware.org
>> https://lists.trustedfirmware.org/mailman/listinfo/tf-m
> --
> TF-M mailing list
> TF-M(a)lists.trustedfirmware.org
> https://lists.trustedfirmware.org/mailman/listinfo/tf-m
I think I’ve already provided the changes I propose. The ‘default’ case will be for the SVC handler to invoke the provided weak defined function as shown. If a non-weak version of the function exists during the link process, the non-weak implementation will be invoked instead.
My intent is to provide a proprietary non-weak implementation of “custom_ipc_svc_handlers()”.
Alan
> On Oct 9, 2019, at 9:22 PM, Ken Liu (Arm Technology China) via TF-M <tf-m(a)lists.trustedfirmware.org> wrote:
>
> Hi Alan,
>
> The example here is the worst case for APP RoT accessing the peripherals, so you are right with the latency issue in this case. In most cases, the service manipulating the secure hardware can be PSA RoT so they access the peripheral directly.
>
> I am curious about the requirements you are facing so I am eager to see the changes.
>
> Thanks.
>
> /Ken
>
>
> -----Original Message-----
> From: DeMars, Alan <ademars(a)ti.com>
> Sent: Thursday, October 10, 2019 12:07 PM
> To: Ken Liu (Arm Technology China) <Ken.Liu(a)arm.com>
> Cc: tf-m(a)lists.trustedfirmware.org; nd <nd(a)arm.com>
> Subject: Re: [EXTERNAL] Re: [TF-M] augmenting the SVC_Handler_IPC() to support custom services
>
> Ken,
>
> If I understand the proposal, I’m afraid the latency and overhead associated with every peripheral register access (read or write) would be completely unacceptable for our requirements.
>
> Alan
>
>> On Oct 9, 2019, at 8:47 PM, Ken Liu (Arm Technology China) via TF-M <tf-m(a)lists.trustedfirmware.org> wrote:
>>
>> Hi Alan,
>>
>> The secure service is allowed to access some peripherals they want (introduce them in the manifest file), which means if you want to access a I2C device you can just (ALL CODE HERE IS PSEUDO CODE AND IS NOT REAL):
>>
>> I2c_write (I2C_ADDR, SLAVE_ADDR, value);
>>
>> While:
>> I2c_write(addr, value) { *host_reg_slave_addr = addr;
>> *host_reg_slave_data = value; *host_reg_control_go = 1; }
>>
>> The reason of providing the SVC interface is because the APP RoT Service may want to access some registers but they could not because those registers may be set as privileged.
>>
>> The secure service needs to handle the hardware driver in their own domain instead of putting all drivers into core.
>>
>> So the in the handler there would be permission checking:
>>
>> case SVC_ACCESS_RESOUCE:
>> If (spm_check_address_ownership(addr, CURRENT_SP))
>> ret = do_access(addr, data, sz, flags);
>>
>> And the IIC_WRITE was implemented as:
>> I2c_write(addr, value) { *host_reg_slave_addr = addr;
>> *host_reg_slave_data = value; *host_reg_control_go = 1; }
>>
>> Now turned into:
>> I2c_write(addr, value) { SVC_ACCESS(host_reg_slave_addr, addr, flag),
>> SVC_ACCESS(host_reg_slave_data, value, flag),
>> SVC_ACCESS(host_reg_control_go, 1, flag)}
>>
>> But if you are saying that, there are some even more complex logics for example some I2C devices can be accessed under privileged only while all the rest can be accessed freely, yes, the interface I proposed is limited. In this case you can introduce the customized logic into core with some new SVC.
>>
>> If the previous line is your case, please go on with the modification in the first mail, the modification looks okay, and let's discuss base on the patches.
>>
>> Thanks.
>>
>> /Ken
>>
>> -----Original Message-----
>> From: DeMars, Alan <ademars(a)ti.com>
>> Sent: Thursday, October 10, 2019 11:14 AM
>> To: Ken Liu (Arm Technology China) <Ken.Liu(a)arm.com>
>> Cc: nd <nd(a)arm.com>
>> Subject: RE: augmenting the SVC_Handler_IPC() to support custom
>> services
>>
>> I think the TFM_SVC_ACCESS_RESOURCE proposal is too limiting. What if (as is true in our case) there is a complex sequence of writes/reads and careful timing that must be performed to access a resource?
>>
>> I'm not sure why TF-M is wanting/needing to limit what I can do with the secure SVC handler. You've claimed ownership of the standard mechanism for entering secure privileged mode and are more-or-less dictating the set of APIs that can be provided/implemented with this standard mechanism.
>>
>> Alan
>>
>> -----Original Message-----
>> From: Ken Liu (Arm Technology China) [mailto:Ken.Liu@arm.com]
>> Sent: Wednesday, October 9, 2019 7:47 PM
>> To: DeMars, Alan
>> Cc: nd
>> Subject: [EXTERNAL] RE: augmenting the SVC_Handler_IPC() to support
>> custom services
>>
>> Hi Alan,
>>
>> Since the peripheral accessing functionality is missing now, the way you mentioned would be the only choice. We got a plan to implement some function for accessing privileged resources, can you promote your function into a common implementation so that we could re-use your code for future development?
>>
>> The proposed way would be:
>> TFM_SVC_ACCESS_RESOURCE
>>
>> And the parameter would be:
>>
>> uintptr_t resource_addr /* The address you want to access */ void
>> *p_user_buffer /* User-provided buffer */ size_t size /* size of user
>> buffer */ uint32_t flags /* Flags, like read/write */
>>
>> Or you can define a customized structure for the parameter (if you put more than 4 parameters svc_handler need to dispatch customized aapcs which makes life hard) when you are accessing some serial connected devices?
>>
>> Thanks.
>>
>> /Ken
>>
>> -----Original Message-----
>> From: DeMars, Alan <ademars(a)ti.com>
>> Sent: Thursday, October 10, 2019 10:27 AM
>> To: Ken Liu (Arm Technology China) <Ken.Liu(a)arm.com>
>> Cc: nd <nd(a)arm.com>
>> Subject: RE: augmenting the SVC_Handler_IPC() to support custom
>> services
>>
>> Ken,
>>
>> There are certain resources that can only be interrogated in secure privilege mode on our platform. Nonetheless, unprivileged SP code (ie level 2) will need to be informed of content available in those privileged resources. As TFM has claimed ownership of the SVC handler, I need to extend that SVC handler to provide the functionality our SP services require.
>>
>> Alan
>>
>> -----Original Message-----
>> From: TF-M [mailto:tf-m-bounces@lists.trustedfirmware.org] On Behalf
>> Of Ken Liu (Arm Technology China) via TF-M
>> Sent: Wednesday, October 9, 2019 7:04 PM
>> To: tf-m(a)lists.trustedfirmware.org
>> Cc: nd
>> Subject: [EXTERNAL] Re: [TF-M] augmenting the SVC_Handler_IPC() to
>> support custom services
>>
>> Hi Alan,
>>
>> Looks like you are working under IPC model, and you need something to do in core/spm. If you can provide more details then it will be great.
>>
>> From the code change itself, it has no problem, I am planning a re-structure on this part so if there are issues we can fix them later one. But when we look at the service programming model, we need to know the newly added SVC function is really an 'spm/core' function.
>>
>> Calling an SVC typically happen when we want to access privileged resource (registers or restricted memory), or some other customized behaviours.
>> We need to be careful when we adding core functionalities because TF-M IPC model maintains a very small core and provide only necessary core functionalities (scheduling, spm). There are PSA RoT Services who has a higher privileged level already, and secure partition can access the peripheral they want.
>>
>> Thanks.
>>
>> /Ken
>>
>> -----Original Message-----
>> From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of
>> DeMars, Alan via TF-M
>> Sent: Thursday, October 10, 2019 4:38 AM
>> To: 'tf-m(a)lists.trustedfirmware.org' <tf-m(a)lists.trustedfirmware.org>
>> Subject: [TF-M] augmenting the SVC_Handler_IPC() to support custom
>> services
>>
>> I need to add custom SPM APIs to augment our SP services. Consequently, I need to extend the set of SVCs supported in SVC_Handler_IPC().
>>
>> I propose to modify the SVC_Handler_IPC() function's 'default' handler to invoke a locally defined weak function such as below:
>>
>> default:
>> return (custom_ipc_svc_handlers(svc_num, ctx, lr));
>>
>> __attribute__((weak))
>> int32_t custom_ipc_svc_handlers(tfm_svc_number_t svc_num, uint32_t *ctx, uint32_t lr) {
>> LOG_MSG("Unknown SVC number requested!");
>> return PSA_ERROR_GENERIC_ERROR; }
>>
>> This will allow a 'strong'ly defined custom_ipc_svc_handlers() function to be invoked if provided.
>>
>> Is this OK?
>>
>> Another approach is for me to hijack the root SVC handler in the secure vector table, but this seems too heavy handed to me.
>>
>> Alan
>> --
>> TF-M mailing list
>> TF-M(a)lists.trustedfirmware.org
>> https://lists.trustedfirmware.org/mailman/listinfo/tf-m
>> --
>> TF-M mailing list
>> TF-M(a)lists.trustedfirmware.org
>> https://lists.trustedfirmware.org/mailman/listinfo/tf-m
>> --
>> TF-M mailing list
>> TF-M(a)lists.trustedfirmware.org
>> https://lists.trustedfirmware.org/mailman/listinfo/tf-m
> --
> TF-M mailing list
> TF-M(a)lists.trustedfirmware.org
> https://lists.trustedfirmware.org/mailman/listinfo/tf-m
Ken,
If I understand the proposal, I’m afraid the latency and overhead associated with every peripheral register access (read or write) would be completely unacceptable for our requirements.
Alan
> On Oct 9, 2019, at 8:47 PM, Ken Liu (Arm Technology China) via TF-M <tf-m(a)lists.trustedfirmware.org> wrote:
>
> Hi Alan,
>
> The secure service is allowed to access some peripherals they want (introduce them in the manifest file), which means if you want to access a I2C device you can just (ALL CODE HERE IS PSEUDO CODE AND IS NOT REAL):
>
> I2c_write (I2C_ADDR, SLAVE_ADDR, value);
>
> While:
> I2c_write(addr, value) { *host_reg_slave_addr = addr; *host_reg_slave_data = value; *host_reg_control_go = 1; }
>
> The reason of providing the SVC interface is because the APP RoT Service may want to access some registers but they could not because those registers may be set as privileged.
>
> The secure service needs to handle the hardware driver in their own domain instead of putting all drivers into core.
>
> So the in the handler there would be permission checking:
>
> case SVC_ACCESS_RESOUCE:
> If (spm_check_address_ownership(addr, CURRENT_SP))
> ret = do_access(addr, data, sz, flags);
>
> And the IIC_WRITE was implemented as:
> I2c_write(addr, value) { *host_reg_slave_addr = addr; *host_reg_slave_data = value; *host_reg_control_go = 1; }
>
> Now turned into:
> I2c_write(addr, value) { SVC_ACCESS(host_reg_slave_addr, addr, flag), SVC_ACCESS(host_reg_slave_data, value, flag), SVC_ACCESS(host_reg_control_go, 1, flag)}
>
> But if you are saying that, there are some even more complex logics for example some I2C devices can be accessed under privileged only while all the rest can be accessed freely, yes, the interface I proposed is limited. In this case you can introduce the customized logic into core with some new SVC.
>
> If the previous line is your case, please go on with the modification in the first mail, the modification looks okay, and let's discuss base on the patches.
>
> Thanks.
>
> /Ken
>
> -----Original Message-----
> From: DeMars, Alan <ademars(a)ti.com>
> Sent: Thursday, October 10, 2019 11:14 AM
> To: Ken Liu (Arm Technology China) <Ken.Liu(a)arm.com>
> Cc: nd <nd(a)arm.com>
> Subject: RE: augmenting the SVC_Handler_IPC() to support custom services
>
> I think the TFM_SVC_ACCESS_RESOURCE proposal is too limiting. What if (as is true in our case) there is a complex sequence of writes/reads and careful timing that must be performed to access a resource?
>
> I'm not sure why TF-M is wanting/needing to limit what I can do with the secure SVC handler. You've claimed ownership of the standard mechanism for entering secure privileged mode and are more-or-less dictating the set of APIs that can be provided/implemented with this standard mechanism.
>
> Alan
>
> -----Original Message-----
> From: Ken Liu (Arm Technology China) [mailto:Ken.Liu@arm.com]
> Sent: Wednesday, October 9, 2019 7:47 PM
> To: DeMars, Alan
> Cc: nd
> Subject: [EXTERNAL] RE: augmenting the SVC_Handler_IPC() to support custom services
>
> Hi Alan,
>
> Since the peripheral accessing functionality is missing now, the way you mentioned would be the only choice. We got a plan to implement some function for accessing privileged resources, can you promote your function into a common implementation so that we could re-use your code for future development?
>
> The proposed way would be:
> TFM_SVC_ACCESS_RESOURCE
>
> And the parameter would be:
>
> uintptr_t resource_addr /* The address you want to access */ void *p_user_buffer /* User-provided buffer */ size_t size /* size of user buffer */ uint32_t flags /* Flags, like read/write */
>
> Or you can define a customized structure for the parameter (if you put more than 4 parameters svc_handler need to dispatch customized aapcs which makes life hard) when you are accessing some serial connected devices?
>
> Thanks.
>
> /Ken
>
> -----Original Message-----
> From: DeMars, Alan <ademars(a)ti.com>
> Sent: Thursday, October 10, 2019 10:27 AM
> To: Ken Liu (Arm Technology China) <Ken.Liu(a)arm.com>
> Cc: nd <nd(a)arm.com>
> Subject: RE: augmenting the SVC_Handler_IPC() to support custom services
>
> Ken,
>
> There are certain resources that can only be interrogated in secure privilege mode on our platform. Nonetheless, unprivileged SP code (ie level 2) will need to be informed of content available in those privileged resources. As TFM has claimed ownership of the SVC handler, I need to extend that SVC handler to provide the functionality our SP services require.
>
> Alan
>
> -----Original Message-----
> From: TF-M [mailto:tf-m-bounces@lists.trustedfirmware.org] On Behalf Of Ken Liu (Arm Technology China) via TF-M
> Sent: Wednesday, October 9, 2019 7:04 PM
> To: tf-m(a)lists.trustedfirmware.org
> Cc: nd
> Subject: [EXTERNAL] Re: [TF-M] augmenting the SVC_Handler_IPC() to support custom services
>
> Hi Alan,
>
> Looks like you are working under IPC model, and you need something to do in core/spm. If you can provide more details then it will be great.
>
> From the code change itself, it has no problem, I am planning a re-structure on this part so if there are issues we can fix them later one. But when we look at the service programming model, we need to know the newly added SVC function is really an 'spm/core' function.
>
> Calling an SVC typically happen when we want to access privileged resource (registers or restricted memory), or some other customized behaviours.
> We need to be careful when we adding core functionalities because TF-M IPC model maintains a very small core and provide only necessary core functionalities (scheduling, spm). There are PSA RoT Services who has a higher privileged level already, and secure partition can access the peripheral they want.
>
> Thanks.
>
> /Ken
>
> -----Original Message-----
> From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of DeMars, Alan via TF-M
> Sent: Thursday, October 10, 2019 4:38 AM
> To: 'tf-m(a)lists.trustedfirmware.org' <tf-m(a)lists.trustedfirmware.org>
> Subject: [TF-M] augmenting the SVC_Handler_IPC() to support custom services
>
> I need to add custom SPM APIs to augment our SP services. Consequently, I need to extend the set of SVCs supported in SVC_Handler_IPC().
>
> I propose to modify the SVC_Handler_IPC() function's 'default' handler to invoke a locally defined weak function such as below:
>
> default:
> return (custom_ipc_svc_handlers(svc_num, ctx, lr));
>
> __attribute__((weak))
> int32_t custom_ipc_svc_handlers(tfm_svc_number_t svc_num, uint32_t *ctx, uint32_t lr) {
> LOG_MSG("Unknown SVC number requested!");
> return PSA_ERROR_GENERIC_ERROR;
> }
>
> This will allow a 'strong'ly defined custom_ipc_svc_handlers() function to be invoked if provided.
>
> Is this OK?
>
> Another approach is for me to hijack the root SVC handler in the secure vector table, but this seems too heavy handed to me.
>
> Alan
> --
> TF-M mailing list
> TF-M(a)lists.trustedfirmware.org
> https://lists.trustedfirmware.org/mailman/listinfo/tf-m
> --
> TF-M mailing list
> TF-M(a)lists.trustedfirmware.org
> https://lists.trustedfirmware.org/mailman/listinfo/tf-m
> --
> TF-M mailing list
> TF-M(a)lists.trustedfirmware.org
> https://lists.trustedfirmware.org/mailman/listinfo/tf-m
Hi Alan,
The secure service is allowed to access some peripherals they want (introduce them in the manifest file), which means if you want to access a I2C device you can just (ALL CODE HERE IS PSEUDO CODE AND IS NOT REAL):
I2c_write (I2C_ADDR, SLAVE_ADDR, value);
While:
I2c_write(addr, value) { *host_reg_slave_addr = addr; *host_reg_slave_data = value; *host_reg_control_go = 1; }
The reason of providing the SVC interface is because the APP RoT Service may want to access some registers but they could not because those registers may be set as privileged.
The secure service needs to handle the hardware driver in their own domain instead of putting all drivers into core.
So the in the handler there would be permission checking:
case SVC_ACCESS_RESOUCE:
If (spm_check_address_ownership(addr, CURRENT_SP))
ret = do_access(addr, data, sz, flags);
And the IIC_WRITE was implemented as:
I2c_write(addr, value) { *host_reg_slave_addr = addr; *host_reg_slave_data = value; *host_reg_control_go = 1; }
Now turned into:
I2c_write(addr, value) { SVC_ACCESS(host_reg_slave_addr, addr, flag), SVC_ACCESS(host_reg_slave_data, value, flag), SVC_ACCESS(host_reg_control_go, 1, flag)}
But if you are saying that, there are some even more complex logics for example some I2C devices can be accessed under privileged only while all the rest can be accessed freely, yes, the interface I proposed is limited. In this case you can introduce the customized logic into core with some new SVC.
If the previous line is your case, please go on with the modification in the first mail, the modification looks okay, and let's discuss base on the patches.
Thanks.
/Ken
-----Original Message-----
From: DeMars, Alan <ademars(a)ti.com>
Sent: Thursday, October 10, 2019 11:14 AM
To: Ken Liu (Arm Technology China) <Ken.Liu(a)arm.com>
Cc: nd <nd(a)arm.com>
Subject: RE: augmenting the SVC_Handler_IPC() to support custom services
I think the TFM_SVC_ACCESS_RESOURCE proposal is too limiting. What if (as is true in our case) there is a complex sequence of writes/reads and careful timing that must be performed to access a resource?
I'm not sure why TF-M is wanting/needing to limit what I can do with the secure SVC handler. You've claimed ownership of the standard mechanism for entering secure privileged mode and are more-or-less dictating the set of APIs that can be provided/implemented with this standard mechanism.
Alan
-----Original Message-----
From: Ken Liu (Arm Technology China) [mailto:Ken.Liu@arm.com]
Sent: Wednesday, October 9, 2019 7:47 PM
To: DeMars, Alan
Cc: nd
Subject: [EXTERNAL] RE: augmenting the SVC_Handler_IPC() to support custom services
Hi Alan,
Since the peripheral accessing functionality is missing now, the way you mentioned would be the only choice. We got a plan to implement some function for accessing privileged resources, can you promote your function into a common implementation so that we could re-use your code for future development?
The proposed way would be:
TFM_SVC_ACCESS_RESOURCE
And the parameter would be:
uintptr_t resource_addr /* The address you want to access */ void *p_user_buffer /* User-provided buffer */ size_t size /* size of user buffer */ uint32_t flags /* Flags, like read/write */
Or you can define a customized structure for the parameter (if you put more than 4 parameters svc_handler need to dispatch customized aapcs which makes life hard) when you are accessing some serial connected devices?
Thanks.
/Ken
-----Original Message-----
From: DeMars, Alan <ademars(a)ti.com>
Sent: Thursday, October 10, 2019 10:27 AM
To: Ken Liu (Arm Technology China) <Ken.Liu(a)arm.com>
Cc: nd <nd(a)arm.com>
Subject: RE: augmenting the SVC_Handler_IPC() to support custom services
Ken,
There are certain resources that can only be interrogated in secure privilege mode on our platform. Nonetheless, unprivileged SP code (ie level 2) will need to be informed of content available in those privileged resources. As TFM has claimed ownership of the SVC handler, I need to extend that SVC handler to provide the functionality our SP services require.
Alan
-----Original Message-----
From: TF-M [mailto:tf-m-bounces@lists.trustedfirmware.org] On Behalf Of Ken Liu (Arm Technology China) via TF-M
Sent: Wednesday, October 9, 2019 7:04 PM
To: tf-m(a)lists.trustedfirmware.org
Cc: nd
Subject: [EXTERNAL] Re: [TF-M] augmenting the SVC_Handler_IPC() to support custom services
Hi Alan,
Looks like you are working under IPC model, and you need something to do in core/spm. If you can provide more details then it will be great.
From the code change itself, it has no problem, I am planning a re-structure on this part so if there are issues we can fix them later one. But when we look at the service programming model, we need to know the newly added SVC function is really an 'spm/core' function.
Calling an SVC typically happen when we want to access privileged resource (registers or restricted memory), or some other customized behaviours.
We need to be careful when we adding core functionalities because TF-M IPC model maintains a very small core and provide only necessary core functionalities (scheduling, spm). There are PSA RoT Services who has a higher privileged level already, and secure partition can access the peripheral they want.
Thanks.
/Ken
-----Original Message-----
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of DeMars, Alan via TF-M
Sent: Thursday, October 10, 2019 4:38 AM
To: 'tf-m(a)lists.trustedfirmware.org' <tf-m(a)lists.trustedfirmware.org>
Subject: [TF-M] augmenting the SVC_Handler_IPC() to support custom services
I need to add custom SPM APIs to augment our SP services. Consequently, I need to extend the set of SVCs supported in SVC_Handler_IPC().
I propose to modify the SVC_Handler_IPC() function's 'default' handler to invoke a locally defined weak function such as below:
default:
return (custom_ipc_svc_handlers(svc_num, ctx, lr));
__attribute__((weak))
int32_t custom_ipc_svc_handlers(tfm_svc_number_t svc_num, uint32_t *ctx, uint32_t lr) {
LOG_MSG("Unknown SVC number requested!");
return PSA_ERROR_GENERIC_ERROR;
}
This will allow a 'strong'ly defined custom_ipc_svc_handlers() function to be invoked if provided.
Is this OK?
Another approach is for me to hijack the root SVC handler in the secure vector table, but this seems too heavy handed to me.
Alan
--
TF-M mailing list
TF-M(a)lists.trustedfirmware.org
https://lists.trustedfirmware.org/mailman/listinfo/tf-m
--
TF-M mailing list
TF-M(a)lists.trustedfirmware.org
https://lists.trustedfirmware.org/mailman/listinfo/tf-m
Hi Alan,
Looks like you are working under IPC model, and you need something to do in core/spm. If you can provide more details then it will be great.
From the code change itself, it has no problem, I am planning a re-structure on this part so if there are issues we can fix them later one. But when we look at the service programming model, we need to know the newly added SVC function is really an 'spm/core' function.
Calling an SVC typically happen when we want to access privileged resource (registers or restricted memory), or some other customized behaviours.
We need to be careful when we adding core functionalities because TF-M IPC model maintains a very small core and provide only necessary core functionalities (scheduling, spm). There are PSA RoT Services who has a higher privileged level already, and secure partition can access the peripheral they want.
Thanks.
/Ken
-----Original Message-----
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of DeMars, Alan via TF-M
Sent: Thursday, October 10, 2019 4:38 AM
To: 'tf-m(a)lists.trustedfirmware.org' <tf-m(a)lists.trustedfirmware.org>
Subject: [TF-M] augmenting the SVC_Handler_IPC() to support custom services
I need to add custom SPM APIs to augment our SP services. Consequently, I need to extend the set of SVCs supported in SVC_Handler_IPC().
I propose to modify the SVC_Handler_IPC() function's 'default' handler to invoke a locally defined weak function such as below:
default:
return (custom_ipc_svc_handlers(svc_num, ctx, lr));
__attribute__((weak))
int32_t custom_ipc_svc_handlers(tfm_svc_number_t svc_num, uint32_t *ctx, uint32_t lr) {
LOG_MSG("Unknown SVC number requested!");
return PSA_ERROR_GENERIC_ERROR;
}
This will allow a 'strong'ly defined custom_ipc_svc_handlers() function to be invoked if provided.
Is this OK?
Another approach is for me to hijack the root SVC handler in the secure vector table, but this seems too heavy handed to me.
Alan
--
TF-M mailing list
TF-M(a)lists.trustedfirmware.org
https://lists.trustedfirmware.org/mailman/listinfo/tf-m
I need to add custom SPM APIs to augment our SP services. Consequently, I need to extend the set of SVCs supported in SVC_Handler_IPC().
I propose to modify the SVC_Handler_IPC() function's 'default' handler to invoke a locally defined weak function such as below:
default:
return (custom_ipc_svc_handlers(svc_num, ctx, lr));
__attribute__((weak))
int32_t custom_ipc_svc_handlers(tfm_svc_number_t svc_num, uint32_t *ctx, uint32_t lr)
{
LOG_MSG("Unknown SVC number requested!");
return PSA_ERROR_GENERIC_ERROR;
}
This will allow a 'strong'ly defined custom_ipc_svc_handlers() function to be invoked if provided.
Is this OK?
Another approach is for me to hijack the root SVC handler in the secure vector table, but this seems too heavy handed to me.
Alan
Hi All,
I'm planning to change the way secure services are called in Library model.
The design proposal can be found here: https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/2201/
Please note that the changes proposed by this document does not affect the PSA dev API, and does not affect IPC model.
Please share your opinion in gerrit comments
Thanks,
Mate
Hi,
This would test the interface for NS and S with the set, get and remove with maximum `SST_MAX_ASSET_SIZE` and different sizes for all platforms (including feature-twincpu targets in the near future).
It uses a common 4K buffer in total to assist with read and write of asset data.
We need to make sure we are able to perform this operation flawlessly on all the targets.
Patch Review Request:
https://review.trustedfirmware.org/c/trusted-firmware-m/+/2167https://review.trustedfirmware.org/c/trusted-firmware-m/+/2168
Thanks & Best Regards,
Vikas Katariya
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
Hi Thomas,
One way this can happen is if the QSPI driver is being executed in place from QSPI, so the device is never idle because instructions are being fetched from it.
On Musca-A, MCUboot is copied to Code SRAM before being executed to avoid this issue. There is some code in the Armclang/GCC scatter/startup files to support this. Is there something similar implemented for the IAR port?
Best wishes,
Jamie
-----Original Message-----
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Thomas Törnblom via TF-M
Sent: 27 September 2019 15:40
To: tf-m(a)lists.trustedfirmware.org
Subject: [TF-M] Issues with qspi_ip6514e_set_spi_mode with IAR
I'm trying to bring up TF-M on the Musca A with IAR Embedded Workbench and I'm having issues in mcuboot where the boot hangs with the following
stack:
---
qspi_ip6514e_is_idle
qspi_ip6514e_set_spi_mode
set_spi_mode
mt25ql_config_mode
ARM_Flash_Initialize
main
[_call_main + 0xd]
---
Apparently the idle bit (31) in the qspi_cfg register (0x4010a000) never gets set so it loops there.
I have no programmers manual for the Cadence qspi ip6514e so I'm at a bit of a loss as to what the issue might be.
Obviously something is different between the images built with armclang and gcc, which works properly, and the image I've built with IAR.
Ideas anyone?
/Thomas
--
*Thomas Törnblom*, /Product Engineer/
IAR Systems AB
Box 23051, Strandbodgatan 1
SE-750 23 Uppsala, SWEDEN
Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01
E-mail: thomas.tornblom(a)iar.com <mailto:thomas.tornblom@iar.com>
Website: www.iar.com <http://www.iar.com>
Twitter: www.twitter.com/iarsystems <http://www.twitter.com/iarsystems>
--
TF-M mailing list
TF-M(a)lists.trustedfirmware.org
https://lists.trustedfirmware.org/mailman/listinfo/tf-m
I'm trying to bring up TF-M on the Musca A with IAR Embedded Workbench
and I'm having issues in mcuboot where the boot hangs with the following
stack:
---
qspi_ip6514e_is_idle
qspi_ip6514e_set_spi_mode
set_spi_mode
mt25ql_config_mode
ARM_Flash_Initialize
main
[_call_main + 0xd]
---
Apparently the idle bit (31) in the qspi_cfg register (0x4010a000) never
gets set so it loops there.
I have no programmers manual for the Cadence qspi ip6514e so I'm at a
bit of a loss as to what the issue might be.
Obviously something is different between the images built with armclang
and gcc, which works properly, and the image I've built with IAR.
Ideas anyone?
/Thomas
--
*Thomas Törnblom*, /Product Engineer/
IAR Systems AB
Box 23051, Strandbodgatan 1
SE-750 23 Uppsala, SWEDEN
Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01
E-mail: thomas.tornblom(a)iar.com <mailto:thomas.tornblom@iar.com>
Website: www.iar.com <http://www.iar.com>
Twitter: www.twitter.com/iarsystems <http://www.twitter.com/iarsystems>
Hi,
In case of no further comment on the proposal I'm planning to merge it by Monday.
https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/1453/
Tamas
-----Original Message-----
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Tamas Ban via TF-M
Sent: 24 September 2019 10:22
To: tf-m(a)lists.trustedfirmware.org
Cc: nd <nd(a)arm.com>
Subject: Re: [TF-M] Design proposal for HW crypto key integration in TF-M secure boot
Hi,
The design proposal about the integration of TF-M secure bootloader (MCUBoot) with HW key(s) are close to finalize:
https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/1453/
If you are interested in the topic and have a comment / suggestion then please share it.
Tamas
From: Tamas Ban
Sent: 03 July 2019 17:50
To: tf-m(a)lists.trustedfirmware.org
Cc: nd <nd(a)arm.com>
Subject: Design proposal for HW crypto key integration in TF-M secure boot
Hi all,
PSA Trusted Boot and Firmware Update specification requires the support of at least one immutable root of trust public key (ROTPK) for firmware verification. It is beneficial to be able to provision these keys during the factory life-cycle of the device independently from any software components. The current key handling solution in TF-M secure boot does not supports this key provisioning process. MCUBoot requires compile time built-in public key(s) for image verification.
The following design proposal addressing this issue:
https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/1453/
Feel free to add any comments you want on the review!
BR,
Tamas
--
TF-M mailing list
TF-M(a)lists.trustedfirmware.org
https://lists.trustedfirmware.org/mailman/listinfo/tf-m
Hi Thomas,
We tried to enable the "-pedantic-errors" flags and finished some fix. Some of them mentioned in your last
mail has been pushed, and updated at:
https://developer.trustedfirmware.org/T475
The reason we do not enable it as default is that there some sources files from the external project, which
causes inconvenience to enable this.
Please help to review these patch to see if it is acceptable for the issue for now, after that we could find a
chance to merge it. And we can enable this flag internally and create more patches to fix the tf-m native source
in future.
Thanks.
/Ken
-----Original Message-----
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Ken Liu (Arm Technology China) via TF-M
Sent: Saturday, August 17, 2019 5:48 PM
To: tf-m(a)lists.trustedfirmware.org
Cc: nd <nd(a)arm.com>
Subject: Re: [TF-M] Please enable -pedantic-errors for gcc builds
Hi Thomas,
This is a very helpful suggestion. Since I am doing some cleanup these days, let me try this option and see how much we need to improve.
I have created an task for tracking this: https://developer.trustedfirmware.org/T475
And, do you have an error report could be share? You can attch the log in the task if you do have some.
Thanks.
/Ken
________________________________
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> on behalf of Thomas Törnblom via TF-M <tf-m(a)lists.trustedfirmware.org>
Sent: Friday, August 16, 2019 4:24 PM
To: tf-m(a)lists.trustedfirmware.org <tf-m(a)lists.trustedfirmware.org>
Subject: [TF-M] Please enable -pedantic-errors for gcc builds
I'm now looking at compilation issues with our standards compliant compiler, and I run into one issue after another that are due to the use of non-standard C allowed by gcc and armclang.
Things like zero sized arrays, which are fairly easy to fix by making sure that they have at least one element, but there are other issues that may not be as easy to solve.
The latest issue is illegal pointer arithmetic on void * in the IPC code.
---
...
[ 20%] Building C object
app/secure_fw/CMakeFiles/tfm_s_obj_lib.dir/core/ipc/tfm_svcalls.o
msg->invec[invec_idx].base += bytes;
^
"C:\Users\thomasto\Projects\tf-m7\trusted-firmware-m\secure_fw\core\ipc\tfm_svcalls.c",595
Error[Pe852]:
expression must be a pointer to a complete object type
msg->invec[invec_idx].base += num_bytes;
^
"C:\Users\thomasto\Projects\tf-m7\trusted-firmware-m\secure_fw\core\ipc\tfm_svcalls.c",666
Error[Pe852]:
expression must be a pointer to a complete object type
tfm_memcpy(msg->outvec[outvec_idx].base +
msg->outvec[outvec_idx].len,
^
"C:\Users\thomasto\Projects\tf-m7\trusted-firmware-m\secure_fw\core\ipc\tfm_svcalls.c",750
Error[Pe852]:
expression must be a pointer to a complete object type ...
---
I suggest enabling "-pedantic-errors" for gcc, and also for clang, if it has a similar setting, to avoid having illegal C code creeping into tf-m.
Comments?
/Thomas
--
*Thomas Törnblom*, /Product Engineer/
IAR Systems AB
Box 23051, Strandbodgatan 1
SE-750 23 Uppsala, SWEDEN
Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01
E-mail: thomas.tornblom(a)iar.com <mailto:thomas.tornblom@iar.com>
Website: www.iar.com<http://www.iar.com> <http://www.iar.com>
Twitter: www.twitter.com/iarsystems<http://www.twitter.com/iarsystems> <http://www.twitter.com/iarsystems>
--
TF-M mailing list
TF-M(a)lists.trustedfirmware.org
https://lists.trustedfirmware.org/mailman/listinfo/tf-m
--
TF-M mailing list
TF-M(a)lists.trustedfirmware.org
https://lists.trustedfirmware.org/mailman/listinfo/tf-m
This is a notification of a patch I pushed yesterday.
It consists of standard C source cleanup and initial toolchain support
for IAR Embedded Workbench.
The target is Musca A and I will provide further support for the psoc6
once the twincpu branch has been merged to master.
The Musca A port is not yet fully functional but debugging is in progress.
Thanks,
/Thomas
--
*Thomas Törnblom*, /Product Engineer/
IAR Systems AB
Box 23051, Strandbodgatan 1
SE-750 23 Uppsala, SWEDEN
Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01
E-mail: thomas.tornblom(a)iar.com <mailto:thomas.tornblom@iar.com>
Website: www.iar.com <http://www.iar.com>
Twitter: www.twitter.com/iarsystems <http://www.twitter.com/iarsystems>