- TF-M - lists.trustedfirmware.org

by Soby Mathew

Hi, For enabling floating point the ARMv8-M architecture allows the flowing possibilities : * Stacking the basic Floating-point context. * Stacking the basic Floating-point context and the additional Floating-point context. * Activation of Lazy Floating-point state preservation. The easiest way would be to enable FP context stacking for every context switch but it would impact every context switch irrespective of whether FP unit is used in that context or not . I guess this is the approach taken by Andrej ? . The Lazy Floating point state preservation would be better for performance but it would have additional complexity in managing the contexts. Just blue sky thinking here: There could be a middle ground wherein some partitions are allowed to use FP while others are not because they don't really need to. The ones allowed to use FP will need to cater for the additional stack requirement to save FP context. The actual save of the context can be done either on context switch to the partition or lazily. This approach could give the benefit of both performance and memory savings but it requires some analysis and design to be done in TF-M. Best Regards Soby Mathew From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Ken Liu via TF-M Sent: 01 June 2020 09:05 To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] DSP instructions and FPU use Hi Andrej, You mean the hardware floatpoint can be used in the Secure Partition? That's a good information, can you share us the compiler flags about float-point you are using? Thanks. /Ken From: Andrej Butok <andrey.butok(a)nxp.com<mailto:andrey.butok@nxp.com>> Sent: Monday, June 1, 2020 2:46 PM To: Ken Liu <Ken.Liu(a)arm.com<mailto:Ken.Liu@arm.com>> Cc: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: RE: DSP instructions and FPU use FYI: >> Can you do some experiments on enabling hardware float point and see if it is working In our SDK, the LPC55S HW Float point is enabled for all TFM projects (Kel, GCC/MCUx), and it works. From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Ken Liu via TF-M Sent: Monday, June 1, 2020 8:41 AM To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: Re: [TF-M] DSP instructions and FPU use Hi Cindy, The reason is we need to estimate the potential security risks after enabling hardware floating-point, so it is set as software FPU as default. Can you do some experiments on enabling hardware float point and see if it is working, and then let's see the patch? That would be helpful for our estimation. During bootup, we cleared the CONTROL.FPCA, and if you access hardware float point in a partition thread should work because it would re-invoke the FPCA bit and make everything work as usual. But as I mentioned, we need to estimate it and give a proper solution and then enable your patch. For DSP, a similar reason is there, we need to take an estimation. But in theory, you can enable the things you have on the hardware, just be caution that the shared resources between S/NS can be the risk (and the resource sharing caused - co-work problem, the context save/load). Thanks. /Ken From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Cindy Chaumont via TF-M Sent: Friday, May 29, 2020 6:39 PM To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: [TF-M] DSP instructions and FPU use Hello, I am using the GNUARM compiler and LPCXpresso55S69-EVK dev board and I would like to use DSP instructions and FPU (in secure image). About FPU, it seems there is no way to use the hardware floating-point support instead of the software support (see "-msoft-float" flag in CommonConfig.cmake file). Is there a reason for that? Maybe some performance reasons? About DSP, in CompilerGNUARMxy.cmake files, architecture definition is preferred to CPU type and, in my case, "-march=armv8-m.main" flags is chosen (without +dsp option). The solution I found is to only define ARM_CPU_TYPE (and not ARM_CPU_ARCHITECTURE) to use "-mcpu=cortex-m33" flag instead of "-march=armv8-m.main". So I can use DSP instructions. However, I am not sure if this is the best solution. Maybe an option could be added to allow or not the use of DSP instructions? Thank you in advance for the answer, Best regards, Cindy

6 years

2
1
0 0

Re: [TF-M] DSP instructions and FPU use

by Andrej Butok

FYI: >> Can you do some experiments on enabling hardware float point and see if it is working In our SDK, the LPC55S HW Float point is enabled for all TFM projects (Kel, GCC/MCUx), and it works. From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Ken Liu via TF-M Sent: Monday, June 1, 2020 8:41 AM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] DSP instructions and FPU use Hi Cindy, The reason is we need to estimate the potential security risks after enabling hardware floating-point, so it is set as software FPU as default. Can you do some experiments on enabling hardware float point and see if it is working, and then let's see the patch? That would be helpful for our estimation. During bootup, we cleared the CONTROL.FPCA, and if you access hardware float point in a partition thread should work because it would re-invoke the FPCA bit and make everything work as usual. But as I mentioned, we need to estimate it and give a proper solution and then enable your patch. For DSP, a similar reason is there, we need to take an estimation. But in theory, you can enable the things you have on the hardware, just be caution that the shared resources between S/NS can be the risk (and the resource sharing caused - co-work problem, the context save/load). Thanks. /Ken From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Cindy Chaumont via TF-M Sent: Friday, May 29, 2020 6:39 PM To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: [TF-M] DSP instructions and FPU use Hello, I am using the GNUARM compiler and LPCXpresso55S69-EVK dev board and I would like to use DSP instructions and FPU (in secure image). About FPU, it seems there is no way to use the hardware floating-point support instead of the software support (see "-msoft-float" flag in CommonConfig.cmake file). Is there a reason for that? Maybe some performance reasons? About DSP, in CompilerGNUARMxy.cmake files, architecture definition is preferred to CPU type and, in my case, "-march=armv8-m.main" flags is chosen (without +dsp option). The solution I found is to only define ARM_CPU_TYPE (and not ARM_CPU_ARCHITECTURE) to use "-mcpu=cortex-m33" flag instead of "-march=armv8-m.main". So I can use DSP instructions. However, I am not sure if this is the best solution. Maybe an option could be added to allow or not the use of DSP instructions? Thank you in advance for the answer, Best regards, Cindy

6 years

2
1
0 0

Re: [TF-M] DSP instructions and FPU use

by Ken Liu

Hi Cindy, The reason is we need to estimate the potential security risks after enabling hardware floating-point, so it is set as software FPU as default. Can you do some experiments on enabling hardware float point and see if it is working, and then let's see the patch? That would be helpful for our estimation. During bootup, we cleared the CONTROL.FPCA, and if you access hardware float point in a partition thread should work because it would re-invoke the FPCA bit and make everything work as usual. But as I mentioned, we need to estimate it and give a proper solution and then enable your patch. For DSP, a similar reason is there, we need to take an estimation. But in theory, you can enable the things you have on the hardware, just be caution that the shared resources between S/NS can be the risk (and the resource sharing caused - co-work problem, the context save/load). Thanks. /Ken From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Cindy Chaumont via TF-M Sent: Friday, May 29, 2020 6:39 PM To: tf-m(a)lists.trustedfirmware.org Subject: [TF-M] DSP instructions and FPU use Hello, I am using the GNUARM compiler and LPCXpresso55S69-EVK dev board and I would like to use DSP instructions and FPU (in secure image). About FPU, it seems there is no way to use the hardware floating-point support instead of the software support (see "-msoft-float" flag in CommonConfig.cmake file). Is there a reason for that? Maybe some performance reasons? About DSP, in CompilerGNUARMxy.cmake files, architecture definition is preferred to CPU type and, in my case, "-march=armv8-m.main" flags is chosen (without +dsp option). The solution I found is to only define ARM_CPU_TYPE (and not ARM_CPU_ARCHITECTURE) to use "-mcpu=cortex-m33" flag instead of "-march=armv8-m.main". So I can use DSP instructions. However, I am not sure if this is the best solution. Maybe an option could be added to allow or not the use of DSP instructions? Thank you in advance for the answer, Best regards, Cindy

6 years

1
0
0 0

[IMPORTANT] [SOURCE STRUCTURE] The first structure adjust patch is pushed

by Ken Liu

Hi, As the first commit of 'source_structure' document is merged, here is the first patch to follow the document: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/4315 The patch looks big, even it just adjusts the content inside 'secure_fw'. To make the related sources can pass the building, some files out of the 'secure_fw' need to be changed. The goal of merging is ASAP so that we won't block upcoming features. Please provide the feedback about potential USAGE problem you may meet. As the patch is big, it won't be applicable to make THIS patch perfect to meet all the requirements defined in the document, a series of upcoming patches would come as amending. Also if there are suggestions about the structure document, please write to the mailing list and put discussion in this task: https://developer.trustedfirmware.org/T751 The rendered structure document: https://ci.trustedfirmware.org/job/tf-m-build-test-nightly/252/artifact/bui… BR /Ken

6 years

1
0
0 0

DSP instructions and FPU use

by Cindy Chaumont

Hello, I am using the GNUARM compiler and LPCXpresso55S69-EVK dev board and I would like to use DSP instructions and FPU (in secure image). About FPU, it seems there is no way to use the hardware floating-point support instead of the software support (see "-msoft-float" flag in CommonConfig.cmake file). Is there a reason for that? Maybe some performance reasons? About DSP, in CompilerGNUARMxy.cmake files, architecture definition is preferred to CPU type and, in my case, "-march=armv8-m.main" flags is chosen (without +dsp option). The solution I found is to only define ARM_CPU_TYPE (and not ARM_CPU_ARCHITECTURE) to use "-mcpu=cortex-m33" flag instead of "-march=armv8-m.main". So I can use DSP instructions. However, I am not sure if this is the best solution. Maybe an option could be added to allow or not the use of DSP instructions? Thank you in advance for the answer, Best regards, Cindy

6 years

1
0
0 0

TF-M Profile Small patches merged

by David Hu

Hi all, TF-M Profile Small patches are merged in TF-M master branch. Thanks a lot for all your review, comments and support. I'd appreciate it if you could feedback and share ideas while enabling Profile Small in your actual use cases. If there is any issue, please feel free to let us know. Thank you. The next step will bring in symmetric key algorithm based Initial Attestation and then Profile Small can have a full set of features. Best regards, Hu Ziji

6 years

1
0
0 0

Correction - MMIO region is not sharable between partitions

by Ken Liu

Hi, In the tech forum I mentioned a potential way of sharing MMIO regions - this is not correct. Double checked the PSA FF and it is defined explicitly in the spec page 43: "A Secure Partition always has exclusive access to an MMIO region. Secure Partitions are not allowed to share MMIO regions with other Secure Partitions and MMIO regions are not allowed to overlap." Sorry for the confusion. BR /Ken

6 years

1
0
0 0

Re: [TF-M] [Compiler related] Unify necessary and minimal set compiler definitions for SPM

by Jonatan Antoni

Hi Gyorgy, Ken, Let me add one statement to Gyorgy's > It became a de-facto standard and most compilers support it. Compilers not yet supported can be easily added, if required. Cheers, Jonatan From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Gyorgy Szing via TF-M Sent: 27 May 2020 10:45 To: Ken Liu <Ken.Liu(a)arm.com>; tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] [Compiler related] Unify necessary and minimal set compiler definitions for SPM Hi Ken, One of the most well working part of CMSIS is the compiler abstraction layer: * It does wat is needed. * Most functionality can not be coded in a different way (i.e. intrinsics). * It became a de-facto standard and most compilers support it. What are the benefits driving re-implementation? /George From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Ken Liu via TF-M Sent: 27 May 2020 02:39 To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: Re: [TF-M] [Compiler related] Unify necessary and minimal set compiler definitions for SPM Hi Jamie, At the current stage: * The CMSIS headers dependency has been moved into HAL, the SPM native code would not rely on specific system provided definitions. * These usages are quite TF-M specific and small so there is less significance to upstream back, we can revisit if need to do this after extended the header content - but this extending is out of original design expectation. BR /Ken From: Jamie Fox <Jamie.Fox(a)arm.com<mailto:Jamie.Fox@arm.com>> Sent: Tuesday, May 26, 2020 10:52 PM To: Ken Liu <Ken.Liu(a)arm.com<mailto:Ken.Liu@arm.com>>; tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: RE: [Compiler related] Unify necessary and minimal set compiler definitions for SPM Hi Ken, Many similar abstractions for compiler C language extensions are provided by cmsis_compiler.h, already copied into the TF-M code base. If it does not meet all of our needs, should we consider proposing improvements to the upstream CMSIS project? Kind regards, Jamie From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Ken Liu via TF-M Sent: 25 May 2020 05:02 To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: [TF-M] [Compiler related] Unify necessary and minimal set compiler definitions for SPM Hi, We created a proposal to define a minimal set of compiler specific-definitions for SPM. The reason is to avoid many #ifdef inside SPM code. Only limited definitions are defined. Platform sources need to use platform defined headers for these definitions, such as CMSIS headers. Special usage such as 'weak' or 'noreturn' are forbidden inside SPM. Please put comments for this change: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/4211 Or reply here. This is just an example patch, the follow up would apply this defined headers to all SPM sources. Thanks /Ken

6 years

1
0
0 0

Re: [TF-M] [Compiler related] Unify necessary and minimal set compiler definitions for SPM

by Gyorgy Szing

Hi Ken, One of the most well working part of CMSIS is the compiler abstraction layer: * It does wat is needed. * Most functionality can not be coded in a different way (i.e. intrinsics). * It became a de-facto standard and most compilers support it. What are the benefits driving re-implementation? /George From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Ken Liu via TF-M Sent: 27 May 2020 02:39 To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] [Compiler related] Unify necessary and minimal set compiler definitions for SPM Hi Jamie, At the current stage: * The CMSIS headers dependency has been moved into HAL, the SPM native code would not rely on specific system provided definitions. * These usages are quite TF-M specific and small so there is less significance to upstream back, we can revisit if need to do this after extended the header content - but this extending is out of original design expectation. BR /Ken From: Jamie Fox <Jamie.Fox(a)arm.com<mailto:Jamie.Fox@arm.com>> Sent: Tuesday, May 26, 2020 10:52 PM To: Ken Liu <Ken.Liu(a)arm.com<mailto:Ken.Liu@arm.com>>; tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: RE: [Compiler related] Unify necessary and minimal set compiler definitions for SPM Hi Ken, Many similar abstractions for compiler C language extensions are provided by cmsis_compiler.h, already copied into the TF-M code base. If it does not meet all of our needs, should we consider proposing improvements to the upstream CMSIS project? Kind regards, Jamie From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Ken Liu via TF-M Sent: 25 May 2020 05:02 To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: [TF-M] [Compiler related] Unify necessary and minimal set compiler definitions for SPM Hi, We created a proposal to define a minimal set of compiler specific-definitions for SPM. The reason is to avoid many #ifdef inside SPM code. Only limited definitions are defined. Platform sources need to use platform defined headers for these definitions, such as CMSIS headers. Special usage such as 'weak' or 'noreturn' are forbidden inside SPM. Please put comments for this change: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/4211 Or reply here. This is just an example patch, the follow up would apply this defined headers to all SPM sources. Thanks /Ken

6 years

2
1
0 0

Re: [TF-M] Pre-provisioned keys

by Tamas Ban

Hi Brian, The pre-provisioned keys are highly platform dependent. TF-M just provide an API to access them, but currently we have no standard/general solution to storing them. There was question a few weeks ago related to same topic. I just copied Shebu's past answer here: "Provisioning was added as a future roadmap item in anticipation of a PSA Provisioning Specification. The Specification (Factory or application specific) hasn't happened so far. There is no active work ongoing in TF-M around provisioning. TF-M using provisioned keys in CC-312 on MuscaB1 platform is available as an example. See details here<https://ci.trustedfirmware.org/job/tf-m-build-test-nightly/lastSuccessfulBu…> under CC312 heading. In TrustedFirmware TSC, provisioning has been a discussion topic sometime back. Search for provisioning in the minutes below. https://github.com/microbuilder/certificate_chains/blob/master/rfc_tfm.md is an RFC that Kevin prepared during those discussions for TF-M devices to use certificate chain. " I hope this helps! Tamas From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Ken Liu via TF-M Sent: 27 May 2020 03:41 To: tf-m(a)lists.trustedfirmware.org; Quach, Brian <brian(a)ti.com> Cc: nd <nd(a)arm.com> Subject: [TF-M] FW: Pre-provisioned keys Hi Folks, Brian got one question about pre-provisioned keys, anyone could reply? Hi Brian, you can subscribe the mailing list here: https://lists.trustedfirmware.org/mailman/listinfo/tf-m Thanks. /Ken From: Quach, Brian <brian(a)ti.com<mailto:brian@ti.com>> Sent: Wednesday, May 27, 2020 6:36 AM Subject: Pre-provisioned keys Hi Ken, Does TF-M have a plan for storing and accessing persistent keys (such as HUK) installed to flash at the factory prior to provisioning of the device? I had seen these as being stored outside of ITS flash in some compile time defined location and being read-only. Regards, Brian

6 years

1
0
0 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

TF-M