Hi Chris,

 

Conditional dependency is not supported by FF-M.

So I think changing the check_config.cmake will clearly tell the users the dependencies.

 

Best Regards,

Kevin

 

From: Chris.Brand--- via TF-M <tf-m@lists.trustedfirmware.org>
Sent: Saturday, June 25, 2022 12:56 AM
To: tf-m@lists.trustedfirmware.org
Subject: [TF-M] PS partition dependencies

 

I’m experimenting with a build with the SFN backend, and I’ve hit an error.

 

cmake -S . -B build_musca_sse200_GNUARM_Release -DTFM_PLATFORM=arm/musca_b1/sse_200 -DCONFIG_TFM_SPM_BACKEND=SFN -DTFM_PARTITION_PLATFORM=OFF -DTFM_PARTITION_FIRMWARE_UPDATE=OFF -DPS_ROLLBACK_PROTECTION=OFF

cmake --build build_musca_sse200_GNUARM_Release

 

results in

 

…/build_musca_sse200_GNUARM_Release/generated/secure_fw/partitions/protected_storage/auto_generated/load_info_tfm_protected_storage.c:85:9: error: 'TFM_SP_PLATFORM_NV_COUNTER_SID' undeclared here (not in a function); did you mean 'TFM_SP_NON_SECURE_ID'?

         TFM_SP_PLATFORM_NV_COUNTER_SID,

         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

         TFM_SP_NON_SECURE_ID

 

Config/check_config.cmake line 93 is

tfm_invalid_config((TFM_PARTITION_PROTECTED_STORAGE AND PS_ROLLBACK_PROTECTION) AND NOT TFM_PARTITION_PLATFORM)

 

but secure_fw/partitions/protected_storage/tfm_protected_storage.yaml lists TFM_SP_PLATFORM_NV_COUNTER as a dependency unconditionally.

 

The easy fix is to change check_config.cmake to have the PS partition unconditionally require the platform partition, but it seems that the intent is that it should still be possible to enable PS without rollback protection.

 

Chris Brand

 

Cypress Semiconductor (Canada), Inc.

An Infineon Technologies Company

Sr Prin Software Engr

CSCA CSS ICW SW PSW 1

Office: +1 778 234 0515

Chris.Brand@infineon.com

 

International Place 13700

V6V 2X8 Richmond

Canada

 

www.infineon.com  www.cypress.com  Discoveries  Facebook  Twitter  LinkedIn

 

Part of your life. Part of tomorrow.

 

NOTICE: The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material of Infineon Technologies AG and its affiliated entities which is for the exclusive use of the individual designated above as the recipient. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact immediately the sender by returning e-mail and delete the material from any computer. If you are not the specified recipient, you are hereby notified that all disclosure, reproduction, distribution or action taken on the basis of this message is prohibited.