Hi Reinhard,
Sorry, to be accurate, the name 'Client Oriented Policy' should be: 'client ID identification'.
Replies to the questions:
* TZ RTOS Context management is only needed when "Client Oriented Policy" is used.
Ken.L: Yes for the existing implementation.
* When and why is "Client Oriented Policy" a requirement on v8-M systems?
Ken.L: The Secure Storage Service (Now is Protected Storage) supports non-client accessing permission checking. It is not a requirement for v8m system but from services.
* Is there a way to disable ""Client Oriented Policy" in the current TF-M Core? * This applies for both the TF-M firmware itself and the related test suite. Ken.L: There is a switch 'TFM_NS_CLIENT_IDENTIFICATION' to disable this function, in that case, all NS thread would have the same client id. And the TZ API can be removed.
* What happens worst case when an RTOS does not implement TZ RTOS Context Management?
Ken.L: If there is no locking protection in NS and multiple ns calling would panic. And obviously, the service can not identify ns clients (but I think now only storage has the requirement and it is optional at least now).
Thanks.
/Ken
From: Reinhard Keil Reinhard.Keil@arm.com Sent: Friday, December 13, 2019 4:29 PM To: tf-m@lists.trustedfirmware.org Cc: Ken Liu (Arm Technology China) Ken.Liu@arm.com Subject: Re: [TF-M] Simplify RTOS / TF-M interface (single thread execution)
Ken,
Thanks for your reply. Let me summarize what I have understood:
TF-M SFC mode:
* Allows only one thread at the time to call secure services. * When secure services are called recursively (multiple threads) TF-M goes into 'panic' state. This should not happen with proper mutex locks. * TZ RTOS Context Management interface is only required when "Client Oriented Policy" is used.
I have updated the diagram to reflect what I have understood. Obviously the SVC would be only executed when the call into "secure" is from Thread mode. Is my understanding correct? (diagram is also under: https://developer.trustedfirmware.org/T615) - I just realized that you made a similar picture). [cid:image002.jpg@01D5B1D7.285D0F10] The initial question can be then refined to:
* TZ RTOS Context management is only needed when "Client Oriented Policy" is used. * When and why is "Client Oriented Policy" a requirement on v8-M systems? * Is there a way to disable ""Client Oriented Policy" in the current TF-M Core? * This applies for both the TF-M firmware itself and the related test suite. * What happens worst case when an RTOS does not implement TZ RTOS Context Management?
Reinhard
_______________________________________________________________________________ Reinhard Keil | Phone: +49 89 456040-13 | Email: reinhard.keil@arm.commailto:reinhard.keil@arm.com | www.keil.comhttp://www.keil.com ARM Germany GmbH | Bretonischer Ring 16 | D-85630 Grasbrunn,Germany Sitz der Gesellschaft: Grasbrunn | Handelsregister: München (HRB 175362) Geschäftsführer: Andrew Smith, Joachim Krech, Reinhard Keil