Hi Bohdan,
“About porting files (tfm/bl2 folder). We are planning to use existing porting files. But as you said currently they are not included into the build because BL2=0. So this needs to be fixed to include these porting files when TFM_PARTITION_FIRMWARE_UPDATE is ON.” If enable the porting file when TFM_PARTITION_FIRMWARE_UPDATE is ON does not make sense to me. When TFM_PARTITION_FIRMWARE_UPDATE is ON, the user can use their own bootloader which is not MCUboot. But this porting files are only for MCUboot. So, my proposed solution is creating your bootloader specific CMakeLists.txt under \secure_fw\partitions\firmware_update\bootloader and set the cache entry TFM_FWU_BOOTLOADER_LIB. It will be included into the firmware update partition automatically. See https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/secure_fw/p...
About DBOOT_DATA_AVAILABLE issue, both the two solutions you proposed should work. But I think a better way is to make BOOT_DATA_AVAILABLE to be a cache entry. This cache entry should tell TFM whether boot data is available when BL2 is OFF. This will help decouple TFM from MCUboot. I will create a patch for it later.
Regards, Sherry
From: Bohdan.Hunko@infineon.com Bohdan.Hunko@infineon.com Sent: Friday, October 15, 2021 9:48 PM To: tf-m@lists.trustedfirmware.org; Sherry Zhang Sherry.Zhang2@arm.com; Hennadiy.Kytsun@infineon.com Cc: nd nd@arm.com Subject: RE: Enablement of external bl2 builds
Hi Sherry,
Returning to our topic about FWU build with BL2=ON Is there a plan to fix this? If so when approximately this fix will be available?
Best regards, Bohdan Hunko
Cypress Semiconductor Ukraine Engineer CSUKR CSS ICW SW FW Mobile: +38099 50 19 714 Bohdan.Hunko@infineon.commailto:Bohdan.Hunko@infineon.com
From: TF-M <tf-m-bounces@lists.trustedfirmware.orgmailto:tf-m-bounces@lists.trustedfirmware.org> On Behalf Of Bohdan Hunko via TF-M Sent: 01 October 2021 19:25 To: tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org; Sherry.Zhang2@arm.commailto:Sherry.Zhang2@arm.com; Brand Chris (CSCA CSS ICW SW PSW 1) <Chris.Brand@infineon.commailto:Chris.Brand@infineon.com>; Kytsun Hennadiy (CSUKR CSS ICW SW FW) <Hennadiy.Kytsun@infineon.commailto:Hennadiy.Kytsun@infineon.com>; Mazurak Roman (CSUKR CSS ICW SW FW) <Roman.Mazurak@infineon.commailto:Roman.Mazurak@infineon.com>; Tkachov Kostiantyn (CSUKR CSS ICW SW FW) <Kostiantyn.Tkachov@infineon.commailto:Kostiantyn.Tkachov@infineon.com> Cc: nd@arm.commailto:nd@arm.com Subject: Re: [TF-M] Enablement of external bl2 builds
Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments unless you validate it is safehttps://intranet-content.infineon.com/explore/aboutinfineon/rules/informationsecurity/ug/SocialEngineering/Pages/SocialEngineeringElements_en.aspx.
Hi Sherry,
So I actually checked issue from last mail ‘When building TFM with CRYPTO_HW_ACCELERATOR=ON and BL2=OFF I am getting this error:’ and turns out everything is fine in master branch, that error is only present in my local branch due to changes I have made.
I am glad we have one bug less 😊 Sorry for wrong report.
Best regards, Bohdan Hunko
Cypress Semiconductor Ukraine Engineer CSUKR CSS ICW SW FW Mobile: +38099 50 19 714 Bohdan.Hunko@infineon.commailto:Bohdan.Hunko@infineon.com
From: Hunko Bohdan (CSUKR CSS ICW SW FW) Sent: 01 October 2021 12:49 To: Hunko Bohdan (CSUKR CSS ICW SW FW) <Bohdan.Hunko@infineon.commailto:Bohdan.Hunko@infineon.com>; Sherry.Zhang2@arm.commailto:Sherry.Zhang2@arm.com; Brand Chris (CSCA CSS ICW SW PSW 1) <Chris.Brand@infineon.commailto:Chris.Brand@infineon.com>; Kytsun Hennadiy (CSUKR CSS ICW SW FW) <Hennadiy.Kytsun@infineon.commailto:Hennadiy.Kytsun@infineon.com>; Mazurak Roman (CSUKR CSS ICW SW FW) <Roman.Mazurak@infineon.commailto:Roman.Mazurak@infineon.com>; Tkachov Kostiantyn (CSUKR CSS ICW SW FW) <Kostiantyn.Tkachov@infineon.commailto:Kostiantyn.Tkachov@infineon.com> Cc: nd@arm.commailto:nd@arm.com Subject: RE: Enablement of external bl2 builds
Hi all,
One more thing on this topic. There is one more issue with building TFM without BL2. When building TFM with CRYPTO_HW_ACCELERATOR=ON and BL2=OFF I am getting this error:
CMake Error at platform/ext/accelerator/CMakeLists.txt:11 (add_library): No SOURCES given to target: bl2_crypto_hw
So I think this is one more thing that needs to be fixed.
Best regards, Bohdan Hunko
Cypress Semiconductor Ukraine Engineer CSUKR CSS ICW SW FW Mobile: +38099 50 19 714 Bohdan.Hunko@infineon.commailto:Bohdan.Hunko@infineon.com
From: TF-M <tf-m-bounces@lists.trustedfirmware.orgmailto:tf-m-bounces@lists.trustedfirmware.org> On Behalf Of Bohdan Hunko via TF-M Sent: 30 September 2021 17:34 To: Sherry.Zhang2@arm.commailto:Sherry.Zhang2@arm.com; tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org; Brand Chris (CSCA CSS ICW SW PSW 1) <Chris.Brand@infineon.commailto:Chris.Brand@infineon.com>; Kytsun Hennadiy (CSUKR CSS ICW SW FW) <Hennadiy.Kytsun@infineon.commailto:Hennadiy.Kytsun@infineon.com>; Mazurak Roman (CSUKR CSS ICW SW FW) <Roman.Mazurak@infineon.commailto:Roman.Mazurak@infineon.com>; Tkachov Kostiantyn (CSUKR CSS ICW SW FW) <Kostiantyn.Tkachov@infineon.commailto:Kostiantyn.Tkachov@infineon.com> Cc: nd@arm.commailto:nd@arm.com Subject: Re: [TF-M] Enablement of external bl2 builds
Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments unless you validate it is safehttps://intranet-content.infineon.com/explore/aboutinfineon/rules/informationsecurity/ug/SocialEngineering/Pages/SocialEngineeringElements_en.aspx.
Hi Sherry,
Thanks for patching MCUBOOT_IMAGE_NUMBER issue. It was one of the issues we faced with.
I also agree that mcuboot_config.h should be taken from our BL2 repo. So no changes needed there.
About porting files (tfm/bl2 folder). We are planning to use existing porting files. But as you said currently they are not included into the build because BL2=0. So this needs to be fixed to include these porting files when TFM_PARTITION_FIRMWARE_UPDATE is ON.
One minor issue we have is BOOT_DATA_AVAILABLE currently it is only defined if BL2=1 and MCUBOOT_MEASURED_BOOT=1. See this line of codehttps://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/secure_fw/spm/CMakeLists.txt#n110. I think we can either change that line of code or we can defile BOOT_DATA_AVAILABLE in our platform files using add_definitions(-DBOOT_DATA_AVAILABLE). First way is a bit harder but I thinks it fits better into TFM architecture. Second way is easier but it seems more like workaround than like solution. Do you have any suggestions about this problem?
We are not blocked by these issues, so no worries here.
Best regards Bohdan Hunko
Cypress Semiconductor Ukraine Engineer CSUKR CSS ICW SW FW Mobile: +38099 50 19 714 Bohdan.Hunko@infineon.commailto:Bohdan.Hunko@infineon.com
From: Sherry Zhang <Sherry.Zhang2@arm.commailto:Sherry.Zhang2@arm.com> Sent: 30 September 2021 11:38 To: tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org; Tkachov Kostiantyn (CSUKR CSS ICW SW FW) <Kostiantyn.Tkachov@infineon.commailto:Kostiantyn.Tkachov@infineon.com>; Mazurak Roman (CSUKR CSS ICW SW FW) <Roman.Mazurak@infineon.commailto:Roman.Mazurak@infineon.com>; Kytsun Hennadiy (CSUKR CSS ICW SW FW) <Hennadiy.Kytsun@infineon.commailto:Hennadiy.Kytsun@infineon.com>; Hunko Bohdan (CSUKR CSS ICW SW FW) <Bohdan.Hunko@infineon.commailto:Bohdan.Hunko@infineon.com> Cc: nd <nd@arm.commailto:nd@arm.com> Subject: RE: Enablement of external bl2 builds
Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments unless you validate it is safehttps://intranet-content.infineon.com/explore/aboutinfineon/rules/informationsecurity/ug/SocialEngineering/Pages/SocialEngineeringElements_en.aspx.
Hi Bohdan,
I tried to build TF-M with FWU service without BL2 with the following command(FWU enabled with shared data while no BL2):
cmake -S . -B cmake_build -DTFM_PLATFORM=arm/musca_b1/sse_200 -DCRYPTO_HW_ACCELERATOR=OFF -DPLATFORM_DUMMY_NV_SEED=ON -DBL2=0 -DMCUBOOT_PATH=../mcuboot
The following issues I met:
1. Build time error by that ` MCUBOOT_IMAGE_NUMBER ` is passed as an empty macro into the flash_layout.h
I have created a patch to fix it. https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/11729
1. Build error in ` bootutil_public.c `. The mcuboot_config.h which is generated automatically when the BL2=ON is not found. Also the files( in tf-m/bl2 folder) about porting MCUboot into TF-M is not found by the build system as BL2=0. For the config file, I think, it should be imported from your specific MCUboot repo as it is generated when BL2 image is built. For the MCUboot porting files, are you using the files under tf-m/bl2 folder or using your specific porting files? The FWU service needs the porting source files. See code at https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/secure_fw/p....
Are your blocked by these two issues? Can you share the detailed issue you met if there is more?
Regards,
Sherry
From: TF-M <tf-m-bounces@lists.trustedfirmware.orgmailto:tf-m-bounces@lists.trustedfirmware.org> On Behalf Of Bohdan Hunko via TF-M Sent: Tuesday, September 28, 2021 6:44 PM To: tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org Cc: Kostiantyn.Tkachov@infineon.commailto:Kostiantyn.Tkachov@infineon.com; Roman.Mazurak@infineon.commailto:Roman.Mazurak@infineon.com; Hennadiy.Kytsun@infineon.commailto:Hennadiy.Kytsun@infineon.com Subject: [TF-M] Enablement of external bl2 builds
Hi everyone,
When adding support for new platform we ran into an issue with BL2 variable. In our architecture we have Bootloader based on MCUboot (aka BL2) but we are not planning to build it with TF-M. Bootloader would be separate repo and be built separately. So we need the way to build TF-M with FWU service and shared data definitions when BL2=OFF. I was trying to add support for this but was not able to do this because build structure is quite complicated. Does anyone have ideas or suggestions about the way we can implement this feature?
Best regards, Bohdan Hunko
Cypress Semiconductor Ukraine Engineer CSUKR CSS ICW SW FW Mobile: +38099 50 19 714 Bohdan.Hunko@infineon.commailto:Bohdan.Hunko@infineon.com