Hi,

 

Now we just put code and RODATA into SFN so it works. And your concern really exists – for example, if a string is applied during SFN function, the string is actually out of SFN range and we need to put this string variable into SFN, too.

 

The SFN area should be simplified later one and SFN section should be removed (apply specific section to symbol should be restricted, only some special purposes like init-table usage are allowed). Instead, an overall library should be put in TFM_UNPRIV_CODE and with this: ?.lib (+RO) should work for your case –  does IAR support this scenario with some a.lib (+RO) or it supports .o files only?

 

/Ken

 

 

I would like to discuss the use of the SFN section for the secure image.

During my port of tf-m to the IAR toolchain I ran into issues related to the SFN section. There are quite a few functions that are placed in the SFN section, which is then linked into the TFM_UNPRIV_CODE block.

I don't know how armclang or gcc handles this, but the IAR compiler may generate .rodata initializers, which does not end up in the SFN section, predominantly the in_vec and out_vec structs with debug builds. I've had to manually add the .rodata sections from these object files (tfm_*_secure_api.o) to the TFM_UNPRIV_CODE in the tfm_common linker script in order to work around MemManage_Handler traps.

I would like to suggest that the relevant files are added to the relevant� block in the tfm_common.* linker script instead of using the SFN section. That way one can specify that both the .text (ro code) and .rodata (const) goes into the same block.

Comments?

Thomas