Hi Sherry,

Thanks for patching MCUBOOT_IMAGE_NUMBER issue. It was one of the issues we faced with.

I also agree that mcuboot_config.h should be taken from our BL2 repo. So no changes needed there.

About porting files (tfm/bl2 folder). We are planning to use existing porting files. But as you said currently they are not included into the build because BL2=0. So this needs to be fixed to include these porting files when TFM_PARTITION_FIRMWARE_UPDATE is ON.

One minor issue we have is BOOT_DATA_AVAILABLE currently it is only defined if BL2=1 and MCUBOOT_MEASURED_BOOT=1. See this line of code.

I think we can either change that line of code or we can defile BOOT_DATA_AVAILABLE in our platform files using add_definitions(-DBOOT_DATA_AVAILABLE). First way is a bit harder but I thinks it fits better into TFM architecture. Second way is easier but it seems more like workaround than like solution. Do you have any suggestions about this problem?

We are not blocked by these issues, so no worries here.

Best regards

Bohdan Hunko

Cypress Semiconductor Ukraine

Engineer

CSUKR CSS ICW SW FW

Mobile: +38099 50 19 714
Bohdan.Hunko@infineon.com

From: Sherry Zhang <Sherry.Zhang2@arm.com>
Sent: 30 September 2021 11:38
To: tf-m@lists.trustedfirmware.org; Tkachov Kostiantyn (CSUKR CSS ICW SW FW) <Kostiantyn.Tkachov@infineon.com>; Mazurak Roman (CSUKR CSS ICW SW FW) <Roman.Mazurak@infineon.com>; Kytsun Hennadiy (CSUKR CSS ICW SW FW) <Hennadiy.Kytsun@infineon.com>; Hunko Bohdan (CSUKR CSS ICW SW FW) <Bohdan.Hunko@infineon.com>
Cc: nd <nd@arm.com>
Subject: RE: Enablement of external bl2 builds

Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments unless you validate it is safe.

Hi Bohdan,

I tried to build TF-M with FWU service without BL2 with the following command(FWU enabled with shared data while no BL2):

cmake -S . -B cmake_build -DTFM_PLATFORM=arm/musca_b1/sse_200 -DCRYPTO_HW_ACCELERATOR=OFF -DPLATFORM_DUMMY_NV_SEED=ON -DBL2=0 -DMCUBOOT_PATH=../mcuboot

The following issues I met:

Build time error by that ` MCUBOOT_IMAGE_NUMBER ` is passed as an empty macro into the flash_layout.h

I have created a patch to fix it. https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/11729

Build error in ` bootutil_public.c `. The mcuboot_config.h which is generated automatically when the BL2=ON is not found. Also the files( in tf-m/bl2 folder) about porting MCUboot into TF-M is not found by the build system as BL2=0. For the config file, I think, it should be imported from your specific MCUboot repo as it is generated when BL2 image is built. For the MCUboot porting files, are you using the files under tf-m/bl2 folder or using your specific porting files? The FWU service needs the porting source files. See code at https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/secure_fw/partitions/firmware_update/bootloader/mcuboot/CMakeLists.txt#n16.

Are your blocked by these two issues? Can you share the detailed issue you met if there is more?

Regards,

Sherry

From: TF-M <tf-m-bounces@lists.trustedfirmware.org> On Behalf Of Bohdan Hunko via TF-M
Sent: Tuesday, September 28, 2021 6:44 PM
To: tf-m@lists.trustedfirmware.org
Cc: Kostiantyn.Tkachov@infineon.com; Roman.Mazurak@infineon.com; Hennadiy.Kytsun@infineon.com
Subject: [TF-M] Enablement of external bl2 builds

Hi everyone,

When adding support for new platform we ran into an issue with BL2 variable.

In our architecture we have Bootloader based on MCUboot (aka BL2) but we are not planning to build it with TF-M.

Bootloader would be separate repo and be built separately.

So we need the way to build TF-M with FWU service and shared data definitions when BL2=OFF.

I was trying to add support for this but was not able to do this because build structure is quite complicated.

Does anyone have ideas or suggestions about the way we can implement this feature?

Best regards,

Bohdan Hunko

Cypress Semiconductor Ukraine

Engineer

CSUKR CSS ICW SW FW

Mobile: +38099 50 19 714
Bohdan.Hunko@infineon.com