Hi Roman,

Thanks for the interest and comments.

Let me rephrase the proposal to explain it better. The improvement targeted to NS application development, not a custom service on S side.

As you mentioned in (3) below: S build creates a package for development NS side to enable NS app development independently from S codebase.

The package contains:

1. Current set
• BL2, S binaries,
• PSA API for enabled services
2. Additional set
• Sources for NS platform = subset of files from /platform/ext/target/xxx folder to build platform_ns target
• Each HW platform decides the set
• NS build config options (cpu, etc)
• Each HW platform decides the set
• tools for binary images merging and signing (copy from MCUBoot)

The set 2 is taken (copied) from TF-M S codebase and always in sync with it. In this way NS application developer will deal with much smaller NS codebase,  focusing on application logic. NS app will be linked with PSA_API and platform_ns libraries to generate tfm_ns.bin, out of TF-M S codebase.

The 2^nd idea of separate binaries for secure services was considered and looks attractive but implementation complexity and risks associated with it blocks us from a progress in that direction. I would be happy to review PoC of such solution.

Thanks, and hope that helps,

Anton

Hi Anton,

It sounds interesting. But I see following questions:

1. How to align service with API. It seems that for some services like Crypto or ITS it will be a little bit easier, because such API are more or less stable. But it can be a challenge for services that are under heavy development. My first thought is that version field of a service’s manifest is a good start. So, it will be mandatory to update the version field when there is a change in service API.
2. How to align independent code base of secure and non-secure worlds?
3. TF-M secure build generates binaries, scripts, configurations, etc. that are important during build process of non-secure part. I suppose such package must be integrated into end-user project using project specific approach. TF-M just need to provide a configuration options to specify location of such assets.

We can also think about separating basic services (Crypto, ITS, PS, …) from TF-M core (SPM/platform code). This can be achieved if TF-M provide stable API for services and I think we have it. So, we will have following benefits:

1. SPM can be updated independently with potentially easier bug fixing of core component and/or service components.
2. We can also split services into separate subprojects. So, it will give faster bug fixing cycle for each service. For example we create a separate repository with sources for ITS and provide a tag for it “1.x” (ITS API version “1”). Than the latest version of ITS service that should be released with fixes or improves will have two tags. The first one with tag “1.x” (ITS API version) and tag extended with minor version and patch if needed.
3. It will be a good template for end-user and independent vendors how to create and maintain custom services. And probably less problems with licenses for vendors that would like to provide closed source and/or payed secure partitions – but I’m not sure that this is a real issue now.

Regards,

Roman.