I see the discussion of today’s tech forum agenda has begun ahead of time. J

 

Individual public key operations can take ms even when accelerated with HW. Further, the HW accelerators operate as math coprocessors with a series of math operations stitched together by SW.

 

No doubt existing models in TF-M have the benefit of simplicity for the secure code analysis. However, their simplicity complicates the scheduling of the non-trusted code.

The qualifier in this statement “No impact to time deterministic execution on the NS side unless two threads call secure services” is the issue.

I believe we need a middle ground to drive additional adoption.

 

Erik Shreve, PSEM

Software Security Engineer & Architect (CMCU Platform Development)

 

From: TF-M [mailto:tf-m-bounces@lists.trustedfirmware.org] On Behalf Of DeMars, Alan via TF-M
Sent: Thursday, April 02, 2020 9:47 AM
To: Reinhard Keil; tf-m@lists.trustedfirmware.org
Cc: nd
Subject: [EXTERNAL] Re: [TF-M] Multi-threaded single-scheduler model proposal

 

I used crypto accelerator as a hypothetical example.

In a real world use case we are faced with, the process kicked off by the secure service may take a long time (ie several ms).

It is not acceptable to be parked in wfe during that time.

 

Alan

 

From: Reinhard Keil [mailto:Reinhard.Keil@arm.com]
Sent: Thursday, April 2, 2020 6:52 AM
To: DeMars, Alan; tf-m@lists.trustedfirmware.org
Cc: nd
Subject: [EXTERNAL] RE: [TF-M] Multi-threaded single-scheduler model proposal

 

Alan,

 

I was afraid that this was the proposal. No lower priority NS threads can run while waiting for the secure interrupt. Only higher priority threads that are initiated by a NS interrupt can run.

 

You are correct, scheduling of lower priority NS threads would be not possible.  This is definitely a shortcoming of the solution.


May I ask:  how long does a hardware crypto operation take?  What time could be used for low priority NS thread execution?


Reinhard