Hi Sherry,

 

Yes, you are correct – the check is only done if FWU_DEVICE_CONFIG_FILE is not defined.

 

BUT this is still a problem because even if FWU_DEVICE_CONFIG_FILE is defined it still may be generated (same way as if FWU_DEVICE_CONFIG_FILE is not defined it is generated). So default TFM implementation use generated file as FWU_DEVICE_CONFIG_FILE but restricts user from doing so.

 

So in current implementation FWU_DEVICE_CONFIG_FILE must be present on cmake config time and can not be generated. I see this as unnecessary limitation.

 

Actually this is not hypothetical problem, I only brought this problem up because I hit this issue when trying to use custom FWU_DEVICE_CONFIG_FILE and this custom file is generated (same way as default one is).

 

So my proposal is to remove this check, this will make the implementation more flexible.

 

Regards,

Bohdan Hunko

 

Cypress Semiconductor Ukraine

Engineer

CSUKR CSS ICW SW FW

Mobile: +38099 50 19 714
Bohdan.Hunko@infineon.com

 

 

From: Sherry Zhang <Sherry.Zhang2@arm.com>
Sent: Wednesday, November 15, 2023 04:32
To: Hunko Bohdan (CSS ICW SW FW 3) <Bohdan.Hunko@infineon.com>; tf-m@lists.trustedfirmware.org
Cc: nd <nd@arm.com>
Subject: RE: Redundant check on FWU_DEVICE_CONFIG_FILE

 

Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments unless you validate it is safe.

 

Hi Bohdan,

 

The code you posted is in the else routine of FWU_DEVICE_CONFIG_FILE not defined condition(see https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/secure_fw/partitions/firmware_update/CMakeLists.txt#n56):

 

if (NOT FWU_DEVICE_CONFIG_FILE)

    configure_file(${CMAKE_SOURCE_DIR}/interface/include/psa/fwu_config.h.in

                   ${CMAKE_BINARY_DIR}/generated/interface/include/psa/fwu_config.h

                   @ONLY)

    set(FWU_DEVICE_CONFIG_FILE "${CMAKE_BINARY_DIR}/generated/interface/include/psa/fwu_config.h")

else()

    # FWU_DEVICE_CONFIG_FILE exists and is a file

    if(NOT EXISTS ${FWU_DEVICE_CONFIG_FILE})

        message(FATAL_ERROR "FWU_DEVICE_CONFIG_FILE:${FWU_DEVICE_CONFIG_FILE} does not exist.")

    elseif(IS_DIRECTORY ${FWU_DEVICE_CONFIG_FILE})

        message(FATAL_ERROR "FWU_DEVICE_CONFIG_FILE:${FWU_DEVICE_CONFIG_FILE} is a folder while a file is expected.")

    endif()

endif()

 

If FWU_DEVICE_CONFIG_FILE is defined, it should be an existing file. The default routine is FWU_DEVICE_CONFIG_FILE not-defined(the if routine).

 

Regards,

Sherry Zhang

 

From: Bohdan.Hunko--- via TF-M <tf-m@lists.trustedfirmware.org>
Sent: Tuesday, November 14, 2023 11:43 PM
To: tf-m@lists.trustedfirmware.org
Subject: [TF-M] Redundant check on FWU_DEVICE_CONFIG_FILE

 

Hi all

It seems to me like following check

 

    # FWU_DEVICE_CONFIG_FILE exists and is a file

    if(NOT EXISTS ${FWU_DEVICE_CONFIG_FILE})

        message(FATAL_ERROR "FWU_DEVICE_CONFIG_FILE:${FWU_DEVICE_CONFIG_FILE} does not exist.")

    elseif(IS_DIRECTORY ${FWU_DEVICE_CONFIG_FILE})

        message(FATAL_ERROR "FWU_DEVICE_CONFIG_FILE:${FWU_DEVICE_CONFIG_FILE} is a folder while a file is expected.")

    endif()

 

in secure_fw/partitions/firmware_update/CMakeLists.txt is redundant as FWU_DEVICE_CONFIG_FILE may be generated, thus not present when cmake performs EXISTS check (note that by default FWU_DEVICE_CONFIG_FILE is generated so I dont see point in limiting user from using generated file)

 

So i propose to remove this check.

 

 

Regards,

Bohdan Hunko

 

Cypress Semiconductor Ukraine

Engineer

CSUKR CSS ICW SW FW

Mobile: +38099 50 19 714
Bohdan.Hunko@infineon.com