Hi Poppy,

 

Imoo, these can be two different cases.

 

MCUBoot doesn’t share code with TF-M at the same time. MCUboot executes the shared code at first during booting. It cleans up variables and handles the system over to TF-M. Then TF-M executes the shared code.

 

TF-M SPRTL is shared by multiple SPs in runtime. Compared to code sharing between MCUboot and TF-M, SPRTL requires proper runtime isolation configurations. Therefore, SPRTL shall not consist of any R/W data. Otherwise, it is very difficult to manage those shared R/W data in isolation configurations.

 

As we discussed previously, ETSS can call ITS service API to reuse ITS filesystem. Could you please take a look at PS service which relies on ITS filesystem?

 

Best regards,

Hu Ziji

 

From: Edward Yang <EdwardYang@mxic.com.cn>
Sent: Monday, May 24, 2021 5:44 PM
To: David Hu <David.Hu@arm.com>; Tamas Ban <Tamas.Ban@arm.com>; Raef Coles <Raef.Coles@arm.com>; tf-m@lists.trustedfirmware.org
Cc: nd <nd@arm.com>; tf-m@lists.trustedfirmware.org
Subject: RE: [TF-M] A question on tfm filesystem sharing between secure partitions

 


Hi,

As the design proposal submitted beforehttps://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/8033,we are planning to add a new ETSS partition(External Trusted Secure Storage partition) which supplies

external secure storage services based on secure Flash.

To avoid circular dependency,this new partition needs to access data in external secure Flash on its own rather than relies on tfm ITS service.

Currently,the ETSS reuses tfm ITS filesystem as a temporary solution, it needs to share this filesystem between ITS and ETSS partition to reduce code size.

Should the code sharing between different SP be the same as the code sharing between mcuboot and tf-m runtime firmware implemented as this proposal,https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/4587

or other implementations?

Best Regards,
Poppy Wu

Macronix Microelectronics (Suzhou) Co.,Ltd
http://www.mxic.com.cn


David Hu <David.Hu@arm.com>

2021/05/24 13:48

To

Edward Yang <EdwardYang@mxic.com.cn>, "tf-m@lists.trustedfirmware.org" <tf-m@lists.trustedfirmware.org>

cc

nd <nd@arm.com>

Subject

RE: [TF-M] A question on tfm its filesystem

 




Hi Poppy,
 
SPRT requires the shared library shall not own static R/W data. ITS filesystem may not satisfy this requirement.
Usually, a SP, for example Protected Storage, can rely on ITS service to access data in non-volatile memory.
 
Best regards,
Hu Ziji
 
From: TF-M <tf-m-bounces@lists.trustedfirmware.org> On Behalf Of Edward Yang via TF-M
Sent: Monday, May 24, 2021 12:54 PM
To: tf-m@lists.trustedfirmware.org
Subject: [TF-M] A question on tfm its filesystem
 

Hi,

I'd like to ask a question to see if the filesystem part of tf-m its partition can be moved to lib/sprt folder,to make this filesystem a shared library for PRoT part of tfm.

Therefore,besides its partition, other extra secure partitions can also make use of this filesystem.  

Best Regards,
Poppy Wu

Macronix Microelectronics (Suzhou) Co.,Ltd
Http: //www.mxic.com.cn

CONFIDENTIALITY NOTE:

This e-mail and any attachments may contain confidential information and/or personal data, which is protected by applicable laws. Please be reminded that duplication, disclosure, distribution, or use of this e-mail (and/or its attachments) or any part thereof is prohibited. If you receive this e-mail in error, please notify us immediately and delete this mail as well as its attachment(s) from your system. In addition, please be informed that collection, processing, and/or use of personal data is prohibited unless expressly permitted by personal data protection laws. Thank you for your attention and cooperation.

Macronix International Co., Ltd.

=====================================================================

CONFIDENTIALITY NOTE:

This e-mail and any attachments may contain confidential information and/or personal data, which is protected by applicable laws. Please be reminded that duplication, disclosure, distribution, or use of this e-mail (and/or its attachments) or any part thereof is prohibited. If you receive this e-mail in error, please notify us immediately and delete this mail as well as it attachments from your system. In addition, please be informed that collection, processing, and/or use of personal data is prohibited unless expressly permitted by personal data protection laws. Thank you for your attention and cooperation.

Macronix International Co., Ltd.

=====================================================================