Hi David,
I am glad you could review it. Great to get these inputs from you!
Please see my answers below. Will be happy for any kind of further discussion regarding the details.
1. I mean the main() in the secure core (CM0+). This system boots on the secure core, and main() runs and enables the non-secure core.
The wait loop I described should be in this secure core main() right after enabling the non-secure core.
Let me know if I am missing your point here…
1. Sure. I will be happy to discuss the details.
Basically, the idea is:
* The queue items carry data / pointers to data * After an item is added to the queue, an event is sent to notify about this new queue item (can be optimized by notifying only if this item was added to an empty queue) * SPM checks data validity and might copy data from non-secure memory to secure memory
1. I can go on and add these details. But maybe it is better if we can get some kind of approval to the direction we are taking.
Thanks, Danny
From: David Hu (Arm Technology China) David.Hu@arm.com Sent: Wednesday, February 20, 2019 13:11 To: tf-m@lists.trustedfirmware.org; Danny Shavit Danny.Shavit@arm.com Cc: nd nd@arm.com Subject: Some comments on twincpu mailbox design
Hi Danny,
Could you please check my comments on [Mailbox design](https://developer.trustedfirmware.org/w/tf_m/design/twin-cpu/mailbox-hal/) in below?
I’d like to discuss about some high-level designs at the very first time. We can discuss about details later. 😊
1. As designed in Concepts section, secure core has a single dispatcher thread, which is the main thread on the secure core.
AFAIK, there is no such main thread in current TF-M Inter-Process Communication model implementation. Do you mind taking a look at the section "Interaction in thread model" in our [TF-M presentation](https://events.linuxfoundation.org/wp-content/uploads/2017/12/OpenIoT-Summit...
On the other hand, implementing a dedicated thread in TF-M to handling the mailbox events can be a solution. But it might also bring some difficulties in implementation. I'd like to discuss in detail with Transport Layer together.
2. I like the concept of mailbox event. One of the key points is, after the information carried via mailbox arrives in TF-M, how to deliver it to TF-M core. We can have further discussions on the details.
3. PSA Firmware Framework specifies the parameters and return value for PSA Client APIs. Do you think if it is necessary to cover the mailbox message structure containing information of parameters and return value in mailbox design?
Thank you.
Best regards, Hu Ziji IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.