Hi,
We have created one PSA Isolation implementation design document and now call for comments:
https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/4730
The overall goal is to cover all isolation levels into this one document, and at current stage we take level 3 as an example.
The image layout and regions are based on the assumption of the existing TF-M code base.
Feel free to put comments, or post under this task:
https://developer.trustedfirmware.org/T778
Thanks.
/Ken
Hi Mate,
Thank you for the confirmation.
To avoid the limitation, I have switched the IRQ test service to PSA-RoT in our code. Should the original TFM do the same?
Thank you,
Andrej
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Mate Toth-Pal via TF-M
Sent: Tuesday, June 23, 2020 1:02 PM
To: tf-m(a)lists.trustedfirmware.org
Cc: nd <nd(a)arm.com>
Subject: Re: [TF-M] MPU Fault Handler in the 'Test secure irq' test
Hi Andrej,
Yes, this is a known limitation of the IRQ test case. Because of the limitation you mention in your mail it cannot be run in isolation levels higher than 1.
This test is part of the core test positive test suite, which is (by default) is disabled in certain cases (mostly because of these limitations):
CommonConfig.cmake:
if (CORE_TEST)
if (NOT CORE_IPC OR TFM_LVL EQUAL 1)
set(CORE_TEST_POSITIVE ON)
endif()
set(CORE_TEST_INTERACTIVE OFF)
endif()
It might be a possible workaround to define the IRQ test service as a PRoT as well.
Regards,
Mate
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Andrej Butok via TF-M
Sent: Monday, June 22, 2020 16:45
To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org>
Subject: [TF-M] MPU Fault Handler in the 'Test secure irq' test
Hello,
During my update to the new TFM version (after one month pause),
occurs the MPU Fault Handler in the 'Test secure irq' regression test (TFM_ENABLE_IRQ_TEST is enabled).
The reason is that the test partition is defined as APP_ROT (non-privileged), but the test accesses to the NS memory region (dined as Privileged by default):
spm_irq_test_1_prepare_test_scenario_internal(enum irq_test_scenario_t irq_test_scenario, struct irq_test_execution_data_t *execution_data)
"execution_data" points to a global structure in NS RAM area provided by the NS test.
The workaround:
Define the IRQ test partition as PSA_ROT (privileged). Is it OK?
Is this known issue?
Thanks,
Andrej Butok
Hi Andrej,
Yes, this is a known limitation of the IRQ test case. Because of the limitation you mention in your mail it cannot be run in isolation levels higher than 1.
This test is part of the core test positive test suite, which is (by default) is disabled in certain cases (mostly because of these limitations):
CommonConfig.cmake:
if (CORE_TEST)
if (NOT CORE_IPC OR TFM_LVL EQUAL 1)
set(CORE_TEST_POSITIVE ON)
endif()
set(CORE_TEST_INTERACTIVE OFF)
endif()
It might be a possible workaround to define the IRQ test service as a PRoT as well.
Regards,
Mate
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Andrej Butok via TF-M
Sent: Monday, June 22, 2020 16:45
To: tf-m(a)lists.trustedfirmware.org
Subject: [TF-M] MPU Fault Handler in the 'Test secure irq' test
Hello,
During my update to the new TFM version (after one month pause),
occurs the MPU Fault Handler in the 'Test secure irq' regression test (TFM_ENABLE_IRQ_TEST is enabled).
The reason is that the test partition is defined as APP_ROT (non-privileged), but the test accesses to the NS memory region (dined as Privileged by default):
spm_irq_test_1_prepare_test_scenario_internal(enum irq_test_scenario_t irq_test_scenario, struct irq_test_execution_data_t *execution_data)
"execution_data" points to a global structure in NS RAM area provided by the NS test.
The workaround:
Define the IRQ test partition as PSA_ROT (privileged). Is it OK?
Is this known issue?
Thanks,
Andrej Butok
Hello,
During my update to the new TFM version (after one month pause),
occurs the MPU Fault Handler in the 'Test secure irq' regression test (TFM_ENABLE_IRQ_TEST is enabled).
The reason is that the test partition is defined as APP_ROT (non-privileged), but the test accesses to the NS memory region (dined as Privileged by default):
spm_irq_test_1_prepare_test_scenario_internal(enum irq_test_scenario_t irq_test_scenario, struct irq_test_execution_data_t *execution_data)
"execution_data" points to a global structure in NS RAM area provided by the NS test.
The workaround:
Define the IRQ test partition as PSA_ROT (privileged). Is it OK?
Is this known issue?
Thanks,
Andrej Butok
Hi Thomas,
Should be review.trustedfirmware.org/c/TF-M/tf-m-tests
Just replace "trusted-firmware-m" with "tf-m-tests" in the URL you push patches for TF-M.
Best Regards,
Kevin
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Thomas Törnblom via TF-M
Sent: Monday, June 22, 2020 3:36 PM
To: tf-m(a)lists.trustedfirmware.org
Subject: Re: [TF-M] new tf-m-test repository
What is the URL to push patches to this repo?
I attempted to push the IAR RTX libraries but it failed.
Cheers,
Thomas
Den 2020-06-19 kl. 12:29, skrev Anton Komlev via TF-M:
Hi,
Following TF-M project restructuring, let me bring your attention to the new repository: tf-m-tests repo<https://git.trustedfirmware.org/TF-M/tf-m-tests.git/>
The intention is to migrate testing related code/libraries/tools there and clean the main repository.
Patches have been made. Please be aware of the change.
At this moment it does not affect the project development but in the future to test TF-M you will need to use this tf-m-tests repo.
Thanks,
Anton Komlev
--
Thomas Törnblom, Product Engineer
IAR Systems AB
Box 23051, Strandbodgatan 1
SE-750 23 Uppsala, SWEDEN
Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01
E-mail: thomas.tornblom(a)iar.com<mailto:thomas.tornblom@iar.com> Website: www.iar.com<http://www.iar.com>
Twitter: www.twitter.com/iarsystems<http://www.twitter.com/iarsystems>
What is the URL to push patches to this repo?
I attempted to push the IAR RTX libraries but it failed.
Cheers,
Thomas
Den 2020-06-19 kl. 12:29, skrev Anton Komlev via TF-M:
>
> Hi,
>
> Following TF-M project restructuring, let me bring your attention to
> the new repository: *tf-m-tests* repo
> <https://git.trustedfirmware.org/TF-M/tf-m-tests.git/>
>
> The intention is to migrate testing related code/libraries/tools there
> and clean the main repository.
>
> Patches have been made. Please be aware of the change.
>
> At this moment it does not affect the project development but in the
> future to test TF-M you will need to use this tf-m-tests repo.
>
> Thanks,
>
> Anton Komlev
>
>
--
*Thomas Törnblom*, /Product Engineer/
IAR Systems AB
Box 23051, Strandbodgatan 1
SE-750 23 Uppsala, SWEDEN
Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01
E-mail: thomas.tornblom(a)iar.com <mailto:thomas.tornblom@iar.com>
Website: www.iar.com <http://www.iar.com>
Twitter: www.twitter.com/iarsystems <http://www.twitter.com/iarsystems>
Hi all,
Symmetric initial attestation patches are merged. Symmetric initial attestation now is enabled in TF-M Profile Small.
Thanks a lot for the review and support.
Best regards,
Hu Ziji
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of David Hu via TF-M
Sent: Monday, May 18, 2020 3:34 PM
To: tf-m(a)lists.trustedfirmware.org
Cc: nd <nd(a)arm.com>
Subject: [TF-M] Ask for final review of symmetric based initial attestation design
Hi all,
May I ask for a final round of review on symmetric initial attestation design document on https://review.trustedfirmware.org/c/trusted-firmware-m/+/3898?
The document has been reviewed for a long time and received many valuable comments. Thanks a lot.
If there is no further critical comment, I'd like to merge this design this Friday.
Best regards,
Hu Ziji
Thanks Anton.
As you may have noticed, the CMSIS RTX libraries have been added to the tf-m-tests.
There are also patches<https://review.trustedfirmware.org/q/topic:%22CMSIS_5_to_tfm_tests%22+(stat…> for TF-M to reference the libraries from tf-m-tests.
The plan is to merge them before TF-M 1.1 release code freeze (around end of June).
You would need to clone the tf-m-tests repo to build TF-M when these patches were merged.
Best Regards,
Kevin
From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Anton Komlev via TF-M
Sent: Friday, June 19, 2020 6:30 PM
To: tf-m(a)lists.trustedfirmware.org
Cc: nd <nd(a)arm.com>
Subject: [TF-M] new tf-m-test repository
Hi,
Following TF-M project restructuring, let me bring your attention to the new repository: tf-m-tests repo<https://git.trustedfirmware.org/TF-M/tf-m-tests.git/>
The intention is to migrate testing related code/libraries/tools there and clean the main repository.
Patches have been made. Please be aware of the change.
At this moment it does not affect the project development but in the future to test TF-M you will need to use this tf-m-tests repo.
Thanks,
Anton Komlev
Hi,
Following TF-M project restructuring, let me bring your attention to the new repository: tf-m-tests repo<https://git.trustedfirmware.org/TF-M/tf-m-tests.git/>
The intention is to migrate testing related code/libraries/tools there and clean the main repository.
Patches have been made. Please be aware of the change.
At this moment it does not affect the project development but in the future to test TF-M you will need to use this tf-m-tests repo.
Thanks,
Anton Komlev
Hi Everyone
I have pushed the proposal for release cadence and process for here : https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/4635
This mainly follows the TF-A release process. The release cadence period is set to be 4 months with a code freeze of up to 3 weeks.
Best Regards
Soby Mathew
