Hi Bohdan,
“About porting files (tfm/bl2 folder). We are planning to use existing porting files. But as you said currently they are not included into the build because BL2=0. So this needs to be fixed to include these porting files when TFM_PARTITION_FIRMWARE_UPDATE
is ON.”
If enable the porting file when TFM_PARTITION_FIRMWARE_UPDATE is ON does not make sense to me. When TFM_PARTITION_FIRMWARE_UPDATE is ON, the user can use their own bootloader which is not MCUboot. But this porting files are only for MCUboot.
So, my proposed solution is creating your bootloader specific CMakeLists.txt under \secure_fw\partitions\firmware_update\bootloader and set the cache entry
TFM_FWU_BOOTLOADER_LIB. It will be included into the firmware update partition automatically. See
https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/secure_fw/partitions/firmware_update/CMakeLists.txt#n46
About DBOOT_DATA_AVAILABLE issue, both the two solutions you proposed should work. But I think a better way is to make
BOOT_DATA_AVAILABLE to be a cache entry. This cache entry should tell TFM whether boot data is available when BL2 is OFF. This will help decouple TFM from MCUboot. I will create a patch for it later.
Regards,
Sherry
From: Bohdan.Hunko@infineon.com <Bohdan.Hunko@infineon.com>
Sent: Friday, October 15, 2021 9:48 PM
To: tf-m@lists.trustedfirmware.org; Sherry Zhang <Sherry.Zhang2@arm.com>; Hennadiy.Kytsun@infineon.com
Cc: nd <nd@arm.com>
Subject: RE: Enablement of external bl2 builds
Hi Sherry,
Returning to our topic about FWU build with BL2=ON
Is there a plan to fix this?
If so when approximately this fix will be available?
Best regards,
Bohdan Hunko
Cypress Semiconductor Ukraine
Engineer
CSUKR CSS ICW SW FW
Mobile: +38099 50 19 714
Bohdan.Hunko@infineon.com
From: TF-M <tf-m-bounces@lists.trustedfirmware.org>
On Behalf Of Bohdan Hunko via TF-M
Sent: 01 October 2021 19:25
To: tf-m@lists.trustedfirmware.org;
Sherry.Zhang2@arm.com; Brand Chris (CSCA CSS ICW SW PSW 1) <Chris.Brand@infineon.com>; Kytsun Hennadiy (CSUKR CSS ICW SW FW) <Hennadiy.Kytsun@infineon.com>;
Mazurak Roman (CSUKR CSS ICW SW FW) <Roman.Mazurak@infineon.com>; Tkachov Kostiantyn (CSUKR CSS ICW SW FW) <Kostiantyn.Tkachov@infineon.com>
Cc: nd@arm.com
Subject: Re: [TF-M] Enablement of external bl2 builds
|
Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments
unless you
validate it is safe. |
Hi Sherry,
So I actually checked issue from last mail
‘When building TFM with CRYPTO_HW_ACCELERATOR=ON and BL2=OFF I am getting this error:’
and turns out everything is fine in master branch, that error is only present in my local branch due to changes I have made.
I am glad we have one bug less
😊
Sorry for wrong report.
Best regards,
Bohdan Hunko
Cypress Semiconductor Ukraine
Engineer
CSUKR CSS ICW SW FW
Mobile: +38099 50 19 714
Bohdan.Hunko@infineon.com
From: Hunko Bohdan (CSUKR CSS ICW SW FW)
Sent: 01 October 2021 12:49
To: Hunko Bohdan (CSUKR CSS ICW SW FW) <Bohdan.Hunko@infineon.com>;
Sherry.Zhang2@arm.com; Brand Chris (CSCA CSS ICW SW PSW 1) <Chris.Brand@infineon.com>; Kytsun Hennadiy (CSUKR CSS ICW SW FW) <Hennadiy.Kytsun@infineon.com>;
Mazurak Roman (CSUKR CSS ICW SW FW) <Roman.Mazurak@infineon.com>; Tkachov Kostiantyn (CSUKR CSS ICW SW FW) <Kostiantyn.Tkachov@infineon.com>
Cc: nd@arm.com
Subject: RE: Enablement of external bl2 builds
Hi all,
One more thing on this topic.
There is one more issue with building TFM without BL2.
When building TFM with CRYPTO_HW_ACCELERATOR=ON and BL2=OFF I am getting this error:
CMake Error at platform/ext/accelerator/CMakeLists.txt:11 (add_library):
No SOURCES given to target: bl2_crypto_hw
So I think this is one more thing that needs to be fixed.
Best regards,
Bohdan Hunko
Cypress Semiconductor Ukraine
Engineer
CSUKR CSS ICW SW FW
Mobile: +38099 50 19 714
Bohdan.Hunko@infineon.com
From: TF-M <tf-m-bounces@lists.trustedfirmware.org>
On Behalf Of Bohdan Hunko via TF-M
Sent: 30 September 2021 17:34
To: Sherry.Zhang2@arm.com;
tf-m@lists.trustedfirmware.org; Brand Chris (CSCA CSS ICW SW PSW 1) <Chris.Brand@infineon.com>; Kytsun Hennadiy (CSUKR CSS ICW SW FW) <Hennadiy.Kytsun@infineon.com>;
Mazurak Roman (CSUKR CSS ICW SW FW) <Roman.Mazurak@infineon.com>; Tkachov Kostiantyn (CSUKR CSS ICW SW FW) <Kostiantyn.Tkachov@infineon.com>
Cc: nd@arm.com
Subject: Re: [TF-M] Enablement of external bl2 builds
|
Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments
unless you
validate it is safe. |
Hi Sherry,
Thanks for patching MCUBOOT_IMAGE_NUMBER issue. It was one of the issues we faced with.
I also agree that mcuboot_config.h should be taken from our BL2 repo. So no changes needed there.
About porting files (tfm/bl2 folder). We are planning to use existing porting files. But as you said currently they are not included into the build because BL2=0. So this needs to be fixed to include these porting files when TFM_PARTITION_FIRMWARE_UPDATE
is ON.
One minor issue we have is BOOT_DATA_AVAILABLE currently it is only defined if BL2=1 and MCUBOOT_MEASURED_BOOT=1. See
this line of code.
I think we can either change that line of code or we can defile BOOT_DATA_AVAILABLE in our platform files using add_definitions(-DBOOT_DATA_AVAILABLE). First way is a bit harder but I thinks it fits better into TFM architecture. Second
way is easier but it seems more like workaround than like solution. Do you have any suggestions about this problem?
We are not blocked by these issues, so no worries here.
Best regards
Bohdan Hunko
Cypress Semiconductor Ukraine
Engineer
CSUKR CSS ICW SW FW
Mobile: +38099 50 19 714
Bohdan.Hunko@infineon.com
From: Sherry Zhang <Sherry.Zhang2@arm.com>
Sent: 30 September 2021 11:38
To: tf-m@lists.trustedfirmware.org; Tkachov Kostiantyn (CSUKR CSS ICW SW FW) <Kostiantyn.Tkachov@infineon.com>; Mazurak Roman (CSUKR CSS ICW SW FW)
<Roman.Mazurak@infineon.com>; Kytsun Hennadiy (CSUKR CSS ICW SW FW) <Hennadiy.Kytsun@infineon.com>; Hunko Bohdan (CSUKR CSS ICW SW FW) <Bohdan.Hunko@infineon.com>
Cc: nd <nd@arm.com>
Subject: RE: Enablement of external bl2 builds
|
Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments
unless you validate it is safe. |
Hi Bohdan,
I tried to build TF-M with FWU service without BL2 with the following command(FWU enabled with shared data while no BL2):
cmake -S . -B cmake_build -DTFM_PLATFORM=arm/musca_b1/sse_200 -DCRYPTO_HW_ACCELERATOR=OFF -DPLATFORM_DUMMY_NV_SEED=ON -DBL2=0 -DMCUBOOT_PATH=../mcuboot
The following issues I met:
I have created a patch to fix it.
https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/11729
Are your blocked by these two issues? Can you share the detailed issue you met if there is more?
Regards,
Sherry
From: TF-M <tf-m-bounces@lists.trustedfirmware.org>
On Behalf Of Bohdan Hunko via TF-M
Sent: Tuesday, September 28, 2021 6:44 PM
To: tf-m@lists.trustedfirmware.org
Cc: Kostiantyn.Tkachov@infineon.com;
Roman.Mazurak@infineon.com;
Hennadiy.Kytsun@infineon.com
Subject: [TF-M] Enablement of external bl2 builds
Hi everyone,
When adding support for new platform we ran into an issue with BL2 variable.
In our architecture we have Bootloader based on MCUboot (aka BL2) but we are not planning to build it with TF-M.
Bootloader would be separate repo and be built separately.
So we need the way to build TF-M with FWU service and shared data definitions when BL2=OFF.
I was trying to add support for this but was not able to do this because build structure is quite complicated.
Does anyone have ideas or suggestions about the way we can implement this feature?
Best regards,
Bohdan Hunko
Cypress Semiconductor Ukraine
Engineer
CSUKR CSS ICW SW FW
Mobile: +38099 50 19 714
Bohdan.Hunko@infineon.com