Hi Mark,
Thank you, I think your observation is right.
I have opened the following ticket to fix: https://developer.trustedfirmware.org/T749
Tamas
From: TF-M tf-m-bounces@lists.trustedfirmware.org On Behalf Of Mark Horvath via TF-M Sent: 13 May 2020 17:13 To: 'tf-m@lists.trustedfirmware.org' tf-m@lists.trustedfirmware.org Subject: [TF-M] BL2 scatter file issue
Hi,
I think there is an error in the usual BL2 scatter file, for example in platformhttp://git.trustedfirmware.org/trusted-firmware-m.git/tree/platform/exthttp://git.trustedfirmware.org/trusted-firmware-m.git/tree/platform/ext/targethttp://git.trustedfirmware.org/trusted-firmware-m.git/tree/platform/ext/target/musca_b1http://git.trustedfirmware.org/trusted-firmware-m.git/tree/platform/ext/target/musca_b1/Devicehttp://git.trustedfirmware.org/trusted-firmware-m.git/tree/platform/ext/target/musca_b1/Device/Sourcehttp://git.trustedfirmware.org/trusted-firmware-m.git/tree/platform/ext/target/musca_b1/Device/Source/armclanghttp://git.trustedfirmware.org/trusted-firmware-m.git/tree/platform/ext/target/musca_b1/Device/Source/armclang/musca_bl2.scthttp://git.trustedfirmware.org/trusted-firmware-m.git/tree/platform/ext/target/musca_b1/Device/Source/armclang/musca_bl2.sct The maximum size of the region ER_DATA is set to BL2_DATA_SIZE which is usually equals to the size of the available RAM. But not just the ER_DATA region have to be placed into RAM but also the BOOT_DATA, the heap and the MSP stack.
In addition if the TFM_MULTI_CORE_TOPOLOGY macro is set then the BOOT_DATA is not placed at the start of the RAM in TF-M but after unprivileged data.
So I would recommend to use the same check like in tfm_common_s.sct and adjust BOOT_DATA start:
--- a/platform/ext/target/musca_b1/Device/Source/armclang/musca_bl2.sct +++ b/platform/ext/target/musca_b1/Device/Source/armclang/musca_bl2.sct @@ -24,10 +24,10 @@ LR_CODE BL2_CODE_START { * (+RO) }
- TFM_SHARED_DATA BL2_DATA_START ALIGN 32 EMPTY BOOT_TFM_SHARED_DATA_SIZE { + TFM_SHARED_DATA BOOT_TFM_SHARED_DATA_BASE ALIGN 32 EMPTY BOOT_TFM_SHARED_DATA_SIZE { }
- ER_DATA +0 BL2_DATA_SIZE { + ER_DATA +0 { * (+ZI +RW) }
@@ -37,4 +37,15 @@ LR_CODE BL2_CODE_START {
ARM_LIB_HEAP +0 ALIGN 8 EMPTY BL2_HEAP_SIZE { } + + /* This empty, zero long execution region is here to mark the limit address + * of the last execution region that is allocated in SRAM. + */ + SRAM_WATERMARK +0 EMPTY 0x0 { + } + + /* Make sure that the sections allocated in the SRAM does not exceed the + * size of the SRAM available. + */ + ScatterAssert(ImageLimit(SRAM_WATERMARK) <= BL2_DATA_START + BL2_DATA_SIZE) }
What are your thoughts?
Best regards, Mark