Hi Chris,
Sorry for the delayed reply. Please check my comments in below. Just about small details. Please correct me if I misunderstand anything.
1. In my own opinion, it can be possible to use IPC to synchronize mailbox services between two cores, during initialization. The synchronization is only trigged when the mailbox mechanism is ready on mailbox server or client. It means that the IPC module should be also configured. Based on the above assumption, using IPC to synchronize the two cores is more generic and convenient than accessing shared memory. If using shared memory to pass status flag, it can be necessary to adjust the address of the shared memory occasionally according to the memory assignment in different applications.
2. I'd like to suggest that we shall discuss more about when the booting HAL APIs are invoked in TF-M. `tfm_core_init()` initializes the TF-M core. Thus in theory, `tfm_core_init()` is irrelevant to the system topology or platform implementations. As a result, IMO, it can be more reasonable to put the HAL APIs outside the `tfm_core_init()`.
3. ` tfm_spm_hal_wait_for_ns_cpu_ready()` can be optional. The secure core acts as a server and it is driven by the request from NS core. The secure core actually doesn't have to wait for an explicit signal to know NS is ready. The synchronization can be guaranteed if NS core starts request via mailbox only after secure core is available.
4. It can be unnecessary to require calling `tfm_spm_hal_wait_for_s_cpu_ready()` in NS `main()`. It might be too early to wait in `main()` and may block other initializations which don't rely on mailbox. This API can be invoked in mailbox functionalities. The whole NS initialization can continue, including enabling application threads, until a NS application requests Secure services via mailbox at the very first time. Thus the whole dual core design can be more generic since the mailbox workflow should be identical on diverse platforms. And we can save the time and effort to hack each RTOS initialization. In other words, I wonder if we can make calling `tfm_spm_hal_wait_for_s_cpu_ready()` in NS `main() as an option and allow other implementations.
Thank you.
Best regards, Hu Ziji
--------------------------------------------------------------------------------------------------------------
Date: Thu, 14 Mar 2019 18:50:56 +0000 From: Christopher Brand chris.brand@cypress.com To: "tf-m@lists.trustedfirmware.org" tf-m@lists.trustedfirmware.org Subject: [TF-M] [RFC] twin cpu bootloader design document Message-ID: BYAPR06MB5301EBF02F4C0B60A9BB7742FE4B0@BYAPR06MB5301.namprd06.prod.outlook.com Content-Type: text/plain; charset="us-ascii"
Hi,
I've posted a design document for bootloader changes to support twin cpu at https://developer.trustedfirmware.org/w/tf_m/design/twin-cpu/bootloader/ Comments appreciated!
Thanks,
Chris