- TF-M - lists.trustedfirmware.org

nucleo_l552ze_q platform does not build since TF-M 1.5

by Michel JAOUEN

Hello, This platform is tested for profile medium and low (-DTFM_PROFILE=profile_small or -DTFM_PROFILE=profile_medium). I just checked on master with medium profile and GNUARM. The default config takes a crypto config with its associated crypto tests that leads to overlap in flash area. (This device has 512Kbytes Flash) Best Regards ST Restricted From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Bøe, Sebastian via TF-M Sent: mercredi 22 décembre 2021 13:40 To: tf-m(a)lists.trustedfirmware.org Subject: [TF-M] nucleo_l552ze_q platform does not build since TF-M 1.5 Hi, I am observing that the nucleo_l552ze_q platform is producing hex files that overlap since the 1.5 release. Tested on master and 1.5. Is there an STM maintainer that could look into this? Steps to reproduce: rm -rf cmake_build && cmake -S . -B cmake_build -DTFM_PLATFORM=stm/nucleo_l552ze_q -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DCMAKE_BUILD_TYPE=MinSizeRel -DTEST_S=ON -DTEST_NS=ON && make -C cmake_build install && /usr/bin/python3.8 /home/sebo/ncs/zephyr/scripts/mergehex.py -o merged.hex $(find cmake_build -name "*.hex") "/usr/bin/python3.8 /home/sebo/ncs/zephyr/scripts/mergehex.py" must be replaced with the preferred hex file merging tool. output: Traceback (most recent call last): File "/home/sebo/ncs/zephyr/scripts/mergehex.py", line 28, in merge_hex_files ih.merge(to_merge, overlap=overlap) File "/home/sebo/.local/lib/python3.8/site-packages/intelhex/__init__.py", line 875, in merge raise AddressOverlapError( intelhex.AddressOverlapError: Data overlapped at address 0xC014400 During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/home/sebo/ncs/zephyr/scripts/mergehex.py", line 56, in <module> main() File "/home/sebo/ncs/zephyr/scripts/mergehex.py", line 52, in main merge_hex_files(args.output, args.input_files, args.overlap) File "/home/sebo/ncs/zephyr/scripts/mergehex.py", line 30, in merge_hex_files raise AddressOverlapError("{} has merge issues".format(hex_file_path)) intelhex.AddressOverlapError: cmake_build/install/outputs/STM/NUCLEO_L552ZE_Q/tfm_s.hex has merge issues PS: Depending on the revision tested, it might be necessary to also apply this patch: modified platform/ext/target/stm/common/stm32l5xx/CMakeLists.txt @@ -90,7 +90,7 @@ target_sources(platform_s ${CMAKE_CURRENT_SOURCE_DIR}/hal/Src/stm32l5xx_hal_gtzc.c ${CMAKE_SOURCE_DIR}/platform/ext/common/tfm_hal_isolation_mpu_v8m.c ${CMAKE_SOURCE_DIR}/platform/ext/common/tfm_hal_nvic.c - $<$<BOOL:${TFM_PARTITION_PLATFORM}>:${CMAKE_CURRENT_SOURCE_DIR}/secure/tfm_platform_system> + $<$<BOOL:${TFM_PARTITION_PLATFORM}>:${CMAKE_CURRENT_SOURCE_DIR}/secure/tfm_platform_system.c> ${CMAKE_CURRENT_SOURCE_DIR}/hal/Src/stm32l5xx_hal_rng.c ${CMAKE_CURRENT_SOURCE_DIR}/hal/Src/stm32l5xx_hal_rng_ex.c PUBLIC

3 years, 6 months

2
1
0 0

nucleo_l552ze_q platform does not build since TF-M 1.5

by Bøe, Sebastian

Hi, I am observing that the nucleo_l552ze_q platform is producing hex files that overlap since the 1.5 release. Tested on master and 1.5. Is there an STM maintainer that could look into this? Steps to reproduce: rm -rf cmake_build && cmake -S . -B cmake_build -DTFM_PLATFORM=stm/nucleo_l552ze_q -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DCMAKE_BUILD_TYPE=MinSizeRel -DTEST_S=ON -DTEST_NS=ON && make -C cmake_build install && /usr/bin/python3.8 /home/sebo/ncs/zephyr/scripts/mergehex.py -o merged.hex $(find cmake_build -name "*.hex") "/usr/bin/python3.8 /home/sebo/ncs/zephyr/scripts/mergehex.py" must be replaced with the preferred hex file merging tool. output: Traceback (most recent call last): File "/home/sebo/ncs/zephyr/scripts/mergehex.py", line 28, in merge_hex_files ih.merge(to_merge, overlap=overlap) File "/home/sebo/.local/lib/python3.8/site-packages/intelhex/__init__.py", line 875, in merge raise AddressOverlapError( intelhex.AddressOverlapError: Data overlapped at address 0xC014400 During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/home/sebo/ncs/zephyr/scripts/mergehex.py", line 56, in <module> main() File "/home/sebo/ncs/zephyr/scripts/mergehex.py", line 52, in main merge_hex_files(args.output, args.input_files, args.overlap) File "/home/sebo/ncs/zephyr/scripts/mergehex.py", line 30, in merge_hex_files raise AddressOverlapError("{} has merge issues".format(hex_file_path)) intelhex.AddressOverlapError: cmake_build/install/outputs/STM/NUCLEO_L552ZE_Q/tfm_s.hex has merge issues PS: Depending on the revision tested, it might be necessary to also apply this patch: modified platform/ext/target/stm/common/stm32l5xx/CMakeLists.txt @@ -90,7 +90,7 @@ target_sources(platform_s ${CMAKE_CURRENT_SOURCE_DIR}/hal/Src/stm32l5xx_hal_gtzc.c ${CMAKE_SOURCE_DIR}/platform/ext/common/tfm_hal_isolation_mpu_v8m.c ${CMAKE_SOURCE_DIR}/platform/ext/common/tfm_hal_nvic.c - $<$<BOOL:${TFM_PARTITION_PLATFORM}>:${CMAKE_CURRENT_SOURCE_DIR}/secure/tfm_platform_system> + $<$<BOOL:${TFM_PARTITION_PLATFORM}>:${CMAKE_CURRENT_SOURCE_DIR}/secure/tfm_platform_system.c> ${CMAKE_CURRENT_SOURCE_DIR}/hal/Src/stm32l5xx_hal_rng.c ${CMAKE_CURRENT_SOURCE_DIR}/hal/Src/stm32l5xx_hal_rng_ex.c PUBLIC

3 years, 6 months

1
0
0 0

Eliminate unnecessary space in tfm_s.bin

by Sherry Zhang

Hi, Currently, in the compiler link script, the CMSE VENEER section is placed at a fixed address which is at the end of tfm code. See code for armclang<https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/platform/e…> and gnu arm<https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/platform/e…>. Placing the veneers at the fixed address has the benefit that the when the secure image updates, the veneer symbols remain unchanged. So, the nonsecure image does not have to be updated together. The problem is that the size of tfm_s.bin is always the same in different TF-M build configurations(debug mode, release mode, profile small, profile large and so on). So, there can be large empty space between the end of tfm code and the veneer section. As we discussed on today's tech forum meeting, I propose to move the LR_VENEER from the end of tfm code to right after the secure vector table. In this way, the space between the tfm code and the veneers section is eliminated. Also, the supported number of interrupts for each platform is fixed. So, the size of the vector table is fixed for each platform. So, the start address of veneer section is still fixed for each platform. The size of tfm_s.bin is reduced significantly after this change. Take the AN521 platform for example, the size of tfm_s.bin has a 70 percent reduction. The link script change for armclang<https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/12620/6/plat…> and gnu arm<https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/12620/6/plat…> in this patch<https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/12620/> can help me demonstrating my proposal. I am not hurry asking for review and merge this patch. As it impacts all the platforms, I want to get confirmed that all platforms which are using the common link script are happy with this proposal. Any comments or especially concerns on this proposal? Thanks, Regards, Sherry Zhang

3 years, 6 months

3
5
0 0

Power management and TFM

by Suresh.Marisetty＠infineon.com

Hi, Wondering if anybody can throw some light on any ongoing efforts on power management on a system with TFM (deep sleep, etc). thanks Suresh Marisetty Infineon Semiconductor Corporation CYSC CSS ICW SW SSE Mobile: +5103863997 Suresh.Marisetty(a)infineon.com<mailto:Suresh.Marisetty@infineon.com>

3 years, 6 months

3
2
0 0

Re: [TF-M] Change in ...trusted-firmware-m[master]: Platform: Refine image flash layout

by Thomas Törnblom

I'm working on the IAR part of this and I'm having a problem with the following test in isolation level 3: --- Running Test Suite TFM IRQ Test (TFM_IRQ_TEST_1xxx)... > Executing 'TFM_NS_IRQ_TEST_SLIH_1001' Description: 'SLIH HANDLING Case 1' --- If I run the test at full speed, it will run into a MemManage fault while if I single step through the entire test it will pass. Is there a race condition somewhere in there? If I disable the SLIH tests it succeeds. The exception happens when dereferencing "dev" in this function: bool timer_cmsdk_is_initialized(const struct timer_cmsdk_dev_t* dev) { return dev->data->is_initialized; } dev is 0x30002440 at the time. I've been trying to figure out what part of the memory protection system it is that is causing the exception. DACCVIOL is set and MMFAR shows the faulting address. Ideas? The build line: cmake -GNinja -S .. -B . -DTFM_PLATFORM=arm/musca_b1/sse_200 "-DTFM_TOOLCHAIN_FILE=..\toolchain_IARARM.cmake" -DTEST_NS=ON -DTEST_S=ON -DCMAKE_BUILD_TYPE=Debug -DBL2=ON -DTFM_ISOLATION_LEVEL=3 -DTEST_NS_SLIH_IRQ=ON -DTEST_NS_QCBOR=OFF Notice that this build runs into a linker bug in the IAR toolchain and I have a non-released fixed version I'm using, in case anyone is attempting to replicate the issue. Cheers, Thomas Den 2021-12-17 kl. 11:30, skrev TrustedFirmware Code Review (Code Review): > > Attention is currently required from: Kevin Peng, Ken Liu, David Hu, > Chris Brand, Anton Komlev, Thomas Törnblom. > > "Build Successful > > http://ci.trustedfirmware.org/job/tf-m-static/3226/display/redirect : > SUCCESS" > > Patch set 16:Verified +1 > > View Change > <https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/12620> > > To view, visit change 12620 > <https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/12620>. > To unsubscribe, or for help writing mail filters, visit settings > <https://review.trustedfirmware.org/settings>. > > Gerrit-Project: TF-M/trusted-firmware-m > Gerrit-Branch: master > Gerrit-Change-Id: I0084aef576d90af45513c7eaae58ba6c6dbbddab > Gerrit-Change-Number: 12620 > Gerrit-PatchSet: 16 > Gerrit-Owner: sherryzhang <sherry.zhang2(a)arm.com> > Gerrit-Reviewer: Anton Komlev <Anton.Komlev(a)arm.com> > Gerrit-Reviewer: David Hu <david.hu(a)arm.com> > Gerrit-Reviewer: Ken Liu <ken.liu(a)arm.com> > Gerrit-Reviewer: Sebastian Bøe <Sebastian.boe(a)nordicsemi.no> > Gerrit-Reviewer: Thomas Törnblom <thomas.tornblom(a)iar.com> > Gerrit-Reviewer: TrustedFirmware Code Review > Gerrit-Reviewer: sherryzhang <sherry.zhang2(a)arm.com> > Gerrit-CC: Andrej Butok <andrey.butok(a)nxp.com> > Gerrit-CC: Chris Brand <chris.brand(a)cypress.com> > Gerrit-CC: Gabor Abonyi <gabor.abonyi(a)arm.com> > Gerrit-CC: Kevin Peng <kevin.peng(a)arm.com> > Gerrit-CC: Michel Jaouen > Gerrit-CC: Márk Horváth <mark.horvath(a)arm.com> > Gerrit-CC: Satish Kumar <satish.kumar01(a)arm.com> > Gerrit-CC: jamie.mccrae(a)lairdconnect.com > Gerrit-Attention: Kevin Peng <kevin.peng(a)arm.com> > Gerrit-Attention: Ken Liu <ken.liu(a)arm.com> > Gerrit-Attention: David Hu <david.hu(a)arm.com> > Gerrit-Attention: Chris Brand <chris.brand(a)cypress.com> > Gerrit-Attention: Anton Komlev <Anton.Komlev(a)arm.com> > Gerrit-Attention: Thomas Törnblom <thomas.tornblom(a)iar.com> > Gerrit-Comment-Date: Fri, 17 Dec 2021 10:30:20 +0000 > Gerrit-HasComments: No > Gerrit-Has-Labels: Yes > Gerrit-MessageType: comment -- *Thomas Törnblom*, /Product Engineer/ IAR Systems AB Box 23051, Strandbodgatan 1 SE-750 23 Uppsala, SWEDEN Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01 E-mail: thomas.tornblom(a)iar.com Website: www.iar.com <http://www.iar.com> Twitter: www.twitter.com/iarsystems <http://www.twitter.com/iarsystems>

3 years, 6 months

2
2
0 0

Any existing efforts on enabling X.509 certificate support inside TF-M

by Li, Jun R

Hi everyone, I’m wondering if there is any existing effort on enabling X.509 CSR generation and certificate verification inside TF-M? Our project has some custom secure partitions which need to generate the CSR and verify the issued certificates by themselves. The current TF-M implementation hasn’t added X.509’s support. So, I’m wondering if any open source project already does that which we can leverage? Regards, Jun Li Intel Corporation, CA

3 years, 6 months

3
3
0 0

Technical Forum call - Dec 23 CANCELLED

by Anton Komlev

Hello, In the light of the end of the year celebrations expecting not many joiners on Dec 23, specially for US time zone, hence let's cancel the forum at the next week. Thanks and wish you the great holidays, Anton

3 years, 6 months

1
0
0 0

Tip on cloning TF-M on OS X Monterey

by Kevin Townsend

I recently switched to a new MBP that ships with OS X Monterey, and on both 12.0 and 12.1 (released this week) git clone seems to be broken when you're using HTTP rather than SSH: digital envelope routines:CRYPTO_internal:bad key length In order to clone TF-M, I had to make the following changes. 1. Add these details to $HOME/.ssh/config (microbuilder being my github username, associated with my TF-M account): Host trustedfirmware.org User microbuilder Hostname review.trustedfirmware.org Port 29418 IdentityFile ~/.ssh/id_rsa IdentitiesOnly yes 2. Then try to clone with: $ git clone trustedfirmware.org:/TF-M/trusted-firmware-m.git This fails, however, since it tries to clone tf-m-tests.git, so: 3. Edit lib/ext/tf-m-tests/fetch_repo.cmake, changing: FetchContent_Declare(tfm_test_repo GIT_REPOSITORY trustedfirmware.org:TF-M/tf-m-tests.git # GIT_REPOSITORY https://git.trustedfirmware.org/TF-M/tf-m-tests.git GIT_TAG ${TFM_TEST_REPO_VERSION} GIT_PROGRESS TRUE ) This let me at least clone TF-M until the issues with HTTP-based cloning are fixed. Hope this is useful to someone else working on OS X natively. Kevin

3 years, 6 months

2
1
0 0

Technical Forum call - Dec 9

by Anton Komlev

Hi, The next Technical Forum is planned on Thursday, Dec 9, 7:00-8:00 UTC (Asia time zone). Please reply on this email with your proposals for agenda topics. Recording and slides of previous meetings are here: https://www.trustedfirmware.org/meetings/tf-m-technical-forum/ Best regards, Anton

3 years, 6 months

2
3
0 0

Commit 65064c56 causes cmake errors for AN547 for all toolchains

by Thomas Törnblom

While working on IAR support for AN547 (M55) I notice that this commit causes cmake errors for all toolchains. cmake -GNinja -S .. -B . -DTFM_PLATFORM=arm/mps3/an547 "-DTFM_TOOLCHAIN_FILE=..\toolchain_ARMCLANG.cmake" -DTEST_NS=ON -DTEST_S=ON -DCMAKE_BUILD_TYPE=Debug -DBL2=ON ... CMake Error at tools/CMakeLists.txt:65 (file): file STRINGS file "D:/Projects/tf-m1/trusted-firmware-m/tools" cannot be read. Call Stack (most recent call first): tools/CMakeLists.txt:84 (parse_field_from_yaml) CMake Error at tools/CMakeLists.txt:65 (file): file STRINGS file "D:/Projects/tf-m1/trusted-firmware-m/armclang/lib/ext/tfm_test_repo-src/test/test_services" cannot be read. Call Stack (most recent call first): tools/CMakeLists.txt:84 (parse_field_from_yaml) Thomas -- *Thomas Törnblom*, /Product Engineer/ IAR Systems AB Box 23051, Strandbodgatan 1 SE-750 23 Uppsala, SWEDEN Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01 E-mail: thomas.tornblom(a)iar.com Website: www.iar.com <http://www.iar.com> Twitter: www.twitter.com/iarsystems <http://www.twitter.com/iarsystems>

3 years, 6 months

5
7
0 0

2025

2024

2023

2022

2021

2020

2019

2018

TF-M