> On Jun 26, 2020, at 3:23 AM, Thomas Törnblom via TF-M <tf-m(a)lists.trustedfirmware.org> wrote:
>
> The merge of "Build: Add support for specifying GNUARM_PREFIX" appears to break GNUARM builds.
>
> [100%] Linking C static library mbedcrypto.a
> /usr/bin/sh: CMAKE_GNUARM_AR-NOTFOUND: command not found
> make[5]: *** [library/mbedcrypto.a] Fel 127
> make[4]: *** [library/CMakeFiles/mbedcrypto.dir/all] Fel 2
> make[3]: *** [all] Fel 2
> make[2]: *** [secure_fw/partitions/crypto/mbedcrypto_lib-prefix/src/mbedcrypto_lib-stamp/mbedcrypto_lib-build] Fel 2
> make[1]: *** [secure_fw/partitions/crypto/CMakeFiles/mbedcrypto_lib.dir/all] Fel 2
> make: *** [all] Fel 2
>
> Excluding this commit is a workaround.
>
> This is on Win 10.
>
> Cheers,
> Thomas
Is this issue seen on any other host OS? Linux, Mac OS X? Which specific toolchain are you using?
- k
ITS defines a few structs with specific alignment requirements, like:
struct __attribute__((__aligned__(ITS_FLASH_MAX_ALIGNMENT)))
its_file_meta_t {
uint32_t lblock; /*!< Logical datablock where file is
* stored
*/
size_t data_idx; /*!< Offset in the logical data block */
size_t cur_size; /*!< Size in storage system for this #
* fragment
*/
size_t max_size; /*!< Maximum size of this file */
uint32_t flags; /*!< Flags set when the file was
created */
uint8_t id[ITS_FILE_ID_SIZE]; /*!< ID of this file */
};
This causes issues with the IAR compiler when these structs are declared
as autos:
static psa_status_t its_mblock_copy_remaining_block_meta(
struct its_flash_fs_ctx_t
*fs_ctx,
uint32_t lblock)
{
struct its_block_meta_t block_meta;
psa_status_t err;
uint32_t meta_block;
size_t pos;
uint32_t scratch_block;
size_t size;
...
The IAR compiler gives these errors if the alignment is 0x10 (the stack
is 8 byte aligned):
struct its_block_meta_t block_meta;
^
"C:\Users\thomasto\Projects\tf-m1\trusted-firmware-m\secure_fw\partitions\internal_trusted_storage\flash_fs\its_flash_fs_mblock.c",415
Error[Ta121]:
Auto variable "block_meta" cannot have a stricter alignment
than the
stack
I assume this alignment is only required for the flash, so the alignment
attributes should be set when declaring variables in the flash, not on
the type.
Comments?
Cheers,
Thomas
--
*Thomas Törnblom*, /Product Engineer/
IAR Systems AB
Box 23051, Strandbodgatan 1
SE-750 23 Uppsala, SWEDEN
Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01
E-mail: thomas.tornblom(a)iar.com <mailto:thomas.tornblom@iar.com>
Website: www.iar.com <http://www.iar.com>
Twitter: www.twitter.com/iarsystems <http://www.twitter.com/iarsystems>
The merge of "Build: Add support for specifying GNUARM_PREFIX" appears
to break GNUARM builds.
[100%] Linking C static library mbedcrypto.a
/usr/bin/sh: CMAKE_GNUARM_AR-NOTFOUND: command not found
make[5]: *** [library/mbedcrypto.a] Fel 127
make[4]: *** [library/CMakeFiles/mbedcrypto.dir/all] Fel 2
make[3]: *** [all] Fel 2
make[2]: ***
[secure_fw/partitions/crypto/mbedcrypto_lib-prefix/src/mbedcrypto_lib-stamp/mbedcrypto_lib-build]
Fel 2
make[1]: ***
[secure_fw/partitions/crypto/CMakeFiles/mbedcrypto_lib.dir/all] Fel 2
make: *** [all] Fel 2
Excluding this commit is a workaround.
This is on Win 10.
Cheers,
Thomas
--
*Thomas Törnblom*, /Product Engineer/
IAR Systems AB
Box 23051, Strandbodgatan 1
SE-750 23 Uppsala, SWEDEN
Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01
E-mail: thomas.tornblom(a)iar.com <mailto:thomas.tornblom@iar.com>
Website: www.iar.com <http://www.iar.com>
Twitter: www.twitter.com/iarsystems <http://www.twitter.com/iarsystems>
Hi,
Please find the presentation materials attached for Secure functions topic.
Reminder, the PSA L3 isolation design is here: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/4730
The best,
Anton
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Anton Komlev via TF-M
Sent: 25 June 2020 13:38
To: tf-m(a)lists.trustedfirmware.org
Cc: nd <nd(a)arm.com>
Subject: Re: [TF-M] TF-M Technical Forum Agenda - June 25
Hello,
The agenda for today's forum:
* PSA Isolation (level 3) design review
* Secure Function model
* Any other business, if time permitted.
See you soon,
Anton
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Anton Komlev via TF-M
Sent: 17 June 2020 12:55
To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org>
Cc: nd <nd(a)arm.com<mailto:nd@arm.com>>
Subject: [TF-M] TF-M Technical Forum call - June 25
Hello,
The next Technical Forum is planned on Thursday, June 25 at 15:00-16:00 UTC (US time zone).
This is exceptional time zone change because of a public holiday in China that day.
Please reply on this email with your proposals for agenda topics.
Best regards,
Anton Komlev
Hello,
The agenda for today's forum:
* PSA Isolation (level 3) design review
* Secure Function model
* Any other business, if time permitted.
See you soon,
Anton
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Anton Komlev via TF-M
Sent: 17 June 2020 12:55
To: tf-m(a)lists.trustedfirmware.org
Cc: nd <nd(a)arm.com>
Subject: [TF-M] TF-M Technical Forum call - June 25
Hello,
The next Technical Forum is planned on Thursday, June 25 at 15:00-16:00 UTC (US time zone).
This is exceptional time zone change because of a public holiday in China that day.
Please reply on this email with your proposals for agenda topics.
Best regards,
Anton Komlev
Curious if the intent is that the tf-m-tests repo would eventually be optional?
- k
> On Jun 19, 2020, at 5:29 AM, Anton Komlev via TF-M <tf-m(a)lists.trustedfirmware.org> wrote:
>
> Hi,
>
> Following TF-M project restructuring, let me bring your attention to the new repository: tf-m-tests repo
> The intention is to migrate testing related code/libraries/tools there and clean the main repository.
> Patches have been made. Please be aware of the change.
> At this moment it does not affect the project development but in the future to test TF-M you will need to use this tf-m-tests repo.
>
> Thanks,
> Anton Komlev
> --
> TF-M mailing list
> TF-M(a)lists.trustedfirmware.org
> https://lists.trustedfirmware.org/mailman/listinfo/tf-m
Hi All,
Both trusted-firmware-m and tf-m-tests repositories are tagged with TF-Mv1.1-RC1 tag marking the code freeze and beginning of the release candidate testing.
Best regards,
Anton Komlev
Tech Lead of TF-M in Arm Ltd.
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Shebu Varghese Kuriakose via TF-M
Sent: 10 June 2020 18:28
To: tf-m(a)lists.trustedfirmware.org
Cc: nd <nd(a)arm.com>
Subject: [TF-M] TF-M v1.1 - Heads up
Hi All,
Just a heads up that TF-Mv1.1 tag is planned for middle to end of July. Code freeze of TF-M master is aimed around end of June to allow enough time for testing.
Similar to TF-Mv1.0 and previous tags, v1.1 will include all TF-M changes in TF-M master available till code freeze in end of June.
Availability of the tag will be notified via. this mailing list.
Thanks,
Shebu
Technology Manager-TF-M, Arm Ltd.
Hi everyone,
I would like to inform you about that the default bootloader option in TF-M has been changed from TF-M's MCUBoot fork to the original MCUBoot
by a commit that was merged a few hours ago (https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/4551).
Due to this you may experience that your TF-M builds are failing after a recent rebase onto master with the following error message:
"Missing MCUBoot. Please clone the MCUBoot repo to directory....." . To solve this, you can choose from the following options:
1. Follow the instructions of the 'MCUBoot' section in the docs/getting_started/tfm_secure_boot.rst to clone the MCUBoot repository
and fulfill this dependency.
2. Quick but rather temporary solution: Append '-DMCUBOOT_REPO=TF-M' to your CMake configuration command to use the MCUBoot fork
from the TF-M repository as before. Example:
cmake -G"Unix Makefiles" -DTARGET_PLATFORM=AN521 -DCOMPILER=ARMCLANG -DMCUBOOT_REPO=UPSTREAM ../
Please let me know, if you have any difficulties.
Best regards,
David Vincze
Hi,
We have created one PSA Isolation implementation design document and now call for comments:
https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/4730
The overall goal is to cover all isolation levels into this one document, and at current stage we take level 3 as an example.
The image layout and regions are based on the assumption of the existing TF-M code base.
Feel free to put comments, or post under this task:
https://developer.trustedfirmware.org/T778
Thanks.
/Ken
Hi Mate,
Thank you for the confirmation.
To avoid the limitation, I have switched the IRQ test service to PSA-RoT in our code. Should the original TFM do the same?
Thank you,
Andrej
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Mate Toth-Pal via TF-M
Sent: Tuesday, June 23, 2020 1:02 PM
To: tf-m(a)lists.trustedfirmware.org
Cc: nd <nd(a)arm.com>
Subject: Re: [TF-M] MPU Fault Handler in the 'Test secure irq' test
Hi Andrej,
Yes, this is a known limitation of the IRQ test case. Because of the limitation you mention in your mail it cannot be run in isolation levels higher than 1.
This test is part of the core test positive test suite, which is (by default) is disabled in certain cases (mostly because of these limitations):
CommonConfig.cmake:
if (CORE_TEST)
if (NOT CORE_IPC OR TFM_LVL EQUAL 1)
set(CORE_TEST_POSITIVE ON)
endif()
set(CORE_TEST_INTERACTIVE OFF)
endif()
It might be a possible workaround to define the IRQ test service as a PRoT as well.
Regards,
Mate
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Andrej Butok via TF-M
Sent: Monday, June 22, 2020 16:45
To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org>
Subject: [TF-M] MPU Fault Handler in the 'Test secure irq' test
Hello,
During my update to the new TFM version (after one month pause),
occurs the MPU Fault Handler in the 'Test secure irq' regression test (TFM_ENABLE_IRQ_TEST is enabled).
The reason is that the test partition is defined as APP_ROT (non-privileged), but the test accesses to the NS memory region (dined as Privileged by default):
spm_irq_test_1_prepare_test_scenario_internal(enum irq_test_scenario_t irq_test_scenario, struct irq_test_execution_data_t *execution_data)
"execution_data" points to a global structure in NS RAM area provided by the NS test.
The workaround:
Define the IRQ test partition as PSA_ROT (privileged). Is it OK?
Is this known issue?
Thanks,
Andrej Butok
