Hi,
are there any known race conditions in IPC/PS that affect TF-M 1.4-ish?
More specifically TF-M revision a199c3047f320a2f82b9a0c27af5b50991184e0f,
which
is 38 commits prior to TF-Mv1.4.0-RC1.
I am observing that adding printfs, or otherwise changing the flash
alignment and therefore runtime of my code will affect whether the PS
reliability test suite passes or not.
More specifically, if it triggers a secure fault after x iterations of
2001, or y iterations of 2002, etc. depending on where I put my printfs or
otherwise affect the alignment of the code.
This is run on the nrf platform as a part of the nrf SDK.
Test Suite PS reliability tests (TFM_PS_TEST_2XXX)...
'repetitive sets and gets in/from an asset'
'repetitive sets, gets and removes'
It does not reproduce under GDB and I am unable to unwind the backtrace
from the secure fault handler. Any tips about recovering a backtrace from a
secure fault handler would also be appreciated.
#0 SecureFault_Handler ()
at
/home/sebo/ncs/modules/tee/tfm/trusted-firmware-m/secure_fw/spm/cmsis_psa/arch/tfm_arch_v8m_main.c:96
#1 0xffffffb4 in ?? ()
I have not been able to reproduce it in the latest upstream TF-M
release/revision, but that could just be because I haven't been able to hit
the race condition.
Sebastian Bøe
Hi,
I worked out a patch<https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/12025> to make the Manifest Tool (tfm_parse_manifest_list.py) aware of the Secure Partition status when building.
Currently, the tool generates everything and then the Build System picks up the files needed.
With the development of FF-M 1.1 feature, we need the tool to be aware of the Secure Partition enabled status to generate SPM configurations.
The patch make use of the feature of CMake command configure_file which substitutes variable values referenced as @VAR@ or ${VAR}.
It requires the "conditional" attributes in manifest lists to be surrounded by "@" for "${}".
Then when you disable some Partition for building, the tool will not generate anything for that Partition such as PID/SID and TF-M Partition load info.
So please out of tree Secure Partition manifest lists do the corresponding change to make the tool aware of that any Partitions are DISABLED.
The tool currently only takes conditional value "OFF" or "FALSE" as Partitions being disabled, all other values are treated as enabled.
This means if you do not make the change in the manifest list, the tool treats all the partitions as enabled always.
Best Regards,
Kevin
Hello,
Following the updated release strategy, presented on the tech forum today I plan to create the release branch on Nov 13, and freeze project features at that moment. Please review and merge all patches intended for v1.5.0 by the end of this week.
Normal development can continue on the main branch without any restriction.
Thanks,
Anton
Hi,
I'm trying to build Musca B1 SE (as part of my work to create a new ns_agent_mailbox partition), and it seems that it has been missed in some HAL API changes:
spm/libtfm_spm.a(backend_ipc.o): In function `ipc_system_run':
.../secure_fw/spm/ffm/backend_ipc.c:132: undefined reference to `tfm_hal_update_boundaries'
spm/libtfm_spm.a(spm_ipc.o): In function `tfm_spm_init':
.../secure_fw/spm/cmsis_psa/spm_ipc.c:643: undefined reference to `tfm_hal_bind_boundaries'
spm/libtfm_spm.a(spm_ipc.o): In function `do_schedule':
.../secure_fw/spm/cmsis_psa/spm_ipc.c:694: undefined reference to `tfm_hal_update_boundaries'
spm/libtfm_spm.a(static_load.o): In function `load_irqs_assuredly':
.../secure_fw/spm/cmsis_psa/static_load.c:195: undefined reference to `tfm_hal_irq_enable'
.../secure_fw/spm/cmsis_psa/static_load.c:198: undefined reference to `tfm_hal_irq_disable'
spm/libtfm_spm.a(psa_api.o): In function `tfm_spm_partition_psa_eoi':
.../secure_fw/spm/ffm/psa_api.c:830: undefined reference to `tfm_hal_irq_clear_pending'
.../secure_fw/spm/ffm/psa_api.c:831: undefined reference to `tfm_hal_irq_enable'
spm/libtfm_spm.a(psa_api.o): In function `tfm_spm_partition_irq_enable':
.../secure_fw/spm/ffm/psa_api.c:858: undefined reference to `tfm_hal_irq_enable'
spm/libtfm_spm.a(psa_api.o): In function `tfm_spm_partition_irq_disable':
.../secure_fw/spm/ffm/psa_api.c:876: undefined reference to `tfm_hal_irq_disable'
spm/libtfm_spm.a(tfm_core_svcalls_ipc.o): In function `tfm_flih_prepare_depriv_flih':
.../secure_fw/spm/cmsis_psa/tfm_core_svcalls_ipc.c:137: undefined reference to `tfm_hal_update_boundaries'
spm/libtfm_spm.a(tfm_core_svcalls_ipc.o): In function `tfm_flih_return_to_isr':
.../secure_fw/spm/cmsis_psa/tfm_core_svcalls_ipc.c:170: undefined reference to `tfm_hal_update_boundaries'
Chris Brand
Cypress Semiconductor (Canada), Inc.
An Infineon Technologies Company
Sr Prin Software Engr
CSCA CSS ICW SW PSW 1
Office: +1 778 234 0515
Chris.Brand(a)infineon.com<mailto:Chris.Brand@infineon.com>
International Place 13700
V6V 2X8 Richmond
Canada
www.infineon.com<www.cypress.com> www.cypress.com<http://www.cypress.com> Discoveries<http://www.infineon.com/discoveries> Facebook<http://www.facebook.com/infineon> Twitter<http://www.twitter.com/Infineon> LinkedIn<http://www.linkedin.com/company/infineon-technologies>
Part of your life. Part of tomorrow.
NOTICE: The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material of Infineon Technologies AG and its affiliated entities which is for the exclusive use of the individual designated above as the recipient. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact immediately the sender by returning e-mail and delete the material from any computer. If you are not the specified recipient, you are hereby notified that all disclosure, reproduction, distribution or action taken on the basis of this message is prohibited.
Hi,
The next Technical Forum is planned on Thursday, Nov 11, 7:00-8:00 UTC (Asia time zone).
Please reply on this email with your proposals for agenda topics.
Recording and slides of previous meetings are here:
https://www.trustedfirmware.org/meetings/tf-m-technical-forum/
Best regards,
Anton
Hi guys,
I am trying to put tf-m running in the PSoC64 board. However, I have a
board that is slightly different from the one used by default in the tf-m.
(I have *CYB06447BZI-D54* and the default tf-m is prepared to
*CYS0644xxZI-S2D44).
*For what I saw, the main difference among them is in memory, *CYB06447BZI-D54
*has 1MB of flash and 256kB of RAM and *CYS0644xxZI-S2D44 *has 2MB of
Flash and 1MB of RAM.
So now I'm trying to make a small port from tf-m to *CYB06447BZI-D54. *
I changed the flash size in the flash_layout.h file to meet the
*CYB06447BZI-D54 *flash size, however, I am having some difficulties in
changing the RAM size. I am trying to change the RAM partitions size in
region_defs.h and the smpu definitions of that partitions in smpu_config.h,
but without much success.
My question are:
- Is possible to do the porting? Or does *CYB06447BZI-D54* not have
enough memory to run tf-m?
- If possible, what is I missing? Are more changes needed than I'm
making?
Best regards,
Cristiano Rodrigues
Hi,
I need to derive a new key from the HUK using HKDF, but are we able to
request key derivation with the HUK from the NS side, or would we need to
create a custom ARoT partittion for that?
The requirements are identical to what PS does here with HKDF -- no salt
and a fixed 'info' value, resulting in a key that is device-bound and can
be regenerated at startup with no storage requirements:
https://tf-m-user-guide.trustedfirmware.org/docs/technical_references/desig…
(that API usage looks to be out of date, BTW, since "psa_open_key" now
takes two params).
I tried to do something similar from the NS side, modifying this code
https://github.com/zephyrproject-rtos/zephyr/blob/main/samples/tfm_integrat…
..., but get an error when trying to open the HUK with
"TFM_CRYPTO_KEY_ID_HUK".
That isn't surprising, but is there any alternative to generate keys from
the HUK without a custom ARoT service? The fact that no storage is required
when deriving from the HUK is significant.
Best regards,
Kevin
Hi all,
Does anyone know if using software random generator seeded with TRNG to provide random delays for Fault Injection Hardening library is correct from PSA Level 3 certification point of view?
The basic idea is to :
1. Use TRNG to provide seed for software random generator on fih_delay_init.
2. Use software random generator to implement fih_delay_random.
3. Periodically reseed software random generator with data from TRNG (optional).
Thanks,
Roman.