Hi Antonio,

 

Thank you. Has TF-M always used static buffers? We are migrating from TF-Mv1.1 to TF-Mv1.8. With v1.1, we were able to use calloc() calls from mbedcrypto for allocation slot for key storage.

 

Is there a sample platform_calloc_uninit() implementation (in mbedtls’ platform.c) that you could point me to that would use the static buffer for allocations/deallocations?

 

Regards,
Archanaa

 

From: Antonio De Angelis <Antonio.DeAngelis@arm.com>
Sent: Thursday, September 28, 2023 1:10 PM
To: Summer Qin <Summer.Qin@arm.com>; tf-m@lists.trustedfirmware.org; S Krishnan, Archanaa <archanaask@ti.com>
Cc: nd <nd@arm.com>
Subject: [EXTERNAL] Re: Build error with customized mbedcrypto configuration

 

Hi Archanaa,

 

from what I can see the behaviour is expected. You are using calloc() which assumes a heap is available but that is not the case in TF-M. The Crypto service is designed to use a static buffer over which allocations and deallocations happen. Any other behaviour has not been tested and likely requires some deeper reconfiguration of the Crypto service and TF-M linker scripts.

 

Thanks,

Antonio

From: S Krishnan, Archanaa via TF-M <tf-m@lists.trustedfirmware.org>
Sent: Thursday, September 28, 2023 17:11
To: Summer Qin <Summer.Qin@arm.com>; tf-m@lists.trustedfirmware.org <tf-m@lists.trustedfirmware.org>
Cc: nd <nd@arm.com>
Subject: [TF-M] Re: Build error with customized mbedcrypto configuration

 

Hi Summer,

 

Thank you for testing the build on your side. Yes, I have disabled MBEDTLS_MEMORY_BUFFER_ALLOC_C and other configurations that depend on MBEDTLS_PLATFORM_MEMORY and MBEDTLS_PLATFORM_C. Please see attached my modified medium profile and custom mbedcrypto configuration file (config-tidrivers.h).

 

It’s actually the linking phase, not build, during which I get the undefined reference to `end` error. A more detailed error message:

[ 97%] Linking C executable ../bin/tfm_s.axf

arm-none-eabi-gcc/11.2-2022.02-0/library-msp/ga/package/44fcf6b9a7fb86b2586303e3db40189d3b511830/bin/../lib/gcc/arm-none-eabi/11.2.1/../../../../arm-none-eabi/bin/ld: arm-none-eabi-gcc/11.2-2022.02-0/library-msp/ga/package/44fcf6b9a7fb86b2586303e3db40189d3b511830/bin/../lib/gcc/arm-none-eabi/11.2.1/../../../../arm-none-eabi/lib/thumb/v8-m.main+fp/hard/libnosys.a(sbrk.o): in function `_sbrk':

/data/jenkins/workspace/GNU-toolchain/arm-11/src/newlib-cygwin/libgloss/libnosys/sbrk.c:21: undefined reference to `end'

 

We include the mbedcrypoto custom configuration to the build using the following steps:

 

 

# Use mbedTLS conan package

MBEDCRYPTO_PATH = $(MBEDTLS_INSTALL_DIR)/source/third_party/mbedtls

 

# Add extra manifest list files and partition paths

TFM_EXTRA_OPTIONS = \

-DTFM_EXTRA_MANIFEST_LIST_FILES=$(PROJECT_PATH)/tfm_manifest_list.yaml \

-DTFM_EXTRA_PARTITION_PATHS=$(PROJECT_PATH)/

 

# Override default options with custom options and pass additional options

CONFIGURABLE_OPTIONS = \

-DTFM_MBEDCRYPTO_PLATFORM_EXTRA_CONFIG_PATH=$(MBEDCRYPTO_PATH)/ti/configs/config-tidrivers.h \

-DTFM_MBEDCRYPTO_PSA_CRYPTO_CONFIG_PATH=$(PROJECT_PATH)/config/psa_crypto_config.h \

-DPROJECT_CONFIG_HEADER_FILE=$(PROJECT_PATH)/config/config_profile.h \

-DTFM_PARTITION_INITIAL_ATTESTATION=False

 

all: generate configure build

 

# Include the common makefile, which defines the build targets

include $(SDK_INSTALL_DIR)/tfm_s/util/makefile_common.mak

 

 

 

Regards,
Archanaa

 

From: Summer Qin <Summer.Qin@arm.com>
Sent: Wednesday, September 27, 2023 9:56 PM
To: tf-m@lists.trustedfirmware.org; S Krishnan, Archanaa <archanaask@ti.com>
Cc: nd <nd@arm.com>
Subject: [EXTERNAL] Re: Build error with customized mbedcrypto configuration

 

Hi Archanaa,

 

By disabling MBEDTLS_PLATFORM_MEMORY and MBEDTLS_PLATFORM_C, you should also need to disable some other macros like MBEDTLS_MEMORY_BUFFER_ALLOC_C since mbedtls will do some dependency check.

I just used tfm default profile medium config to have a try, it can build successfully. 

Is it possible to show me your customized mbedcrypto configuration and build command? It will be helpful to know the issue you have ~

 

Best Wishes

Summer 

From: S Krishnan, Archanaa via TF-M <tf-m@lists.trustedfirmware.org>
Sent: Thursday, September 28, 2023 6:04 AM
To: tf-m@lists.trustedfirmware.org <tf-m@lists.trustedfirmware.org>
Subject: [TF-M] Build error with customized mbedcrypto configuration

 

Hello,

 

I am trying to build TF-M v1.8 with a custom tfm_mbedcrypto_config_profile_medium.h . I mainly do not want to use a platform specific calloc /free calls, instead use standard free() and calloc(). If I disable MBEDTLS_PLATFORM_MEMORY and MBEDTLS_PLATFORM_C in tfm_mbedcrypto_config_profile_medium.h and attempt to build TF-M, I get the following error:


/arm-none-eabi/lib/thumb/v8-m.main+fp/hard/libnosys.a(sbrk.o): in function `_sbrk':

/data/jenkins/workspace/GNU-toolchain/arm-11/src/newlib-cygwin/libgloss/libnosys/sbrk.c:21: undefined reference to `end'

 

I’m able to build mbedtls package with both MBEDTLS_PLATFORM_MEMORY and MBEDTLS_PLATFORM_C disabled without any errors, the undefined reference error is only seen when building TF-M.

 

Any thoughts on how to resolve this?

 

Regards,
Archanaa