Hi,

 

Here is the proposal to restructure TF-M following the intention to split it on the essential part and supplementary items with better logical separation.

The proposed new structure, composed from 4 repositories is following:

 

  1. trusted-firmware-m (The essential TF-M core:  SPM + PSA partitions and interface. Documentation)
  2. tf-m-tests
    1. regression
    2. other test
  3. tf-m-tools (additional tools and place for integration glue with 3rd party frameworks)
    1. cmsis
    2. fuzzer
    3. Iat-verifier
  4. tf-m-extras (extra components, used in a specific case, but optional for  common use)
    1. examples

                                                               i.      NS

                                                             ii.      S

    1. S-partitions - (3rd party production partitions)

 

The questions to the community:

  1. Any concern or dependency on the proposed restructure?
  2. Shall we treat tests separately or as one of the extra component? Effectively the question are tests deserves a dedicated repo or a folder in tf-m-extra?
  3. Better name for tf-m-extra? tf-m-apps?

 

Looking for your comments,

Anton

 

From: TF-M <tf-m-bounces@lists.trustedfirmware.org> On Behalf Of Anton Komlev via TF-M
Sent: Thursday, April 15, 2021 12:24 PM
To: tf-m@lists.trustedfirmware.org
Cc: nd <nd@arm.com>
Subject: Re: [TF-M] [Ask for review] Decouple NS specific code from TF-M NS interface

 

Thanks, David,

 

The connected job is to rename tf-m-tests repo to something more general to keep supplementary code and not interfere it with TF-M core on secure side. The first candidate was tf-m-ns to reflect the collection of non-secure elements but it might confuse when using it for custom and examples of secure partitions.

 

Thoughts and proposals for the repo naming are welcome.

 

Regards,

Anton

 

From: TF-M <tf-m-bounces@lists.trustedfirmware.org> On Behalf Of David Hu via TF-M
Sent: Thursday, April 15, 2021 9:12 AM
To: tf-m@lists.trustedfirmware.org
Cc: nd <nd@arm.com>
Subject: [TF-M] [Ask for review] Decouple NS specific code from TF-M NS interface

 

Hi all,

 

May I ask you to take a look at the following patch set to decouple NS specific code from TF-M NS interface?

https://review.trustedfirmware.org/q/topic:%22decouple-ns-interface%22+(status:open%20OR%20status:merged)

 

The decoupled NS code is moved from trusted-firmware-m repo to tf-m-tests repo, as an example of NS implementation.

https://review.trustedfirmware.org/q/topic:%22add-ns-code%22+(status:open%20OR%20status:merged)

 

The purpose of this change is to make it more flexible and simple to integrate NS OS with TF-M NS interface.

Currently TF-M provides some reference implementations of NS interface for NS OS integration. However, it may have limitations during NS OS integration as various NS OSes/application usages prefer different implementations.

 

Therefore, those NS OS specific code  is removed from TF-M interface for NS clients in this patch set. The removed NS code includes NS interface lock ops, os wrappers and NS test specific implementation.

Those NS code can be taken as an example in tf-m-tests. NS developers can follow or replace them during integration with TF-M, according to NS OS implementation and actual scenarios, without hacking trusted-firmware-m repo.

 

This patch set doesn’t change the current integration scheme. Instead, it exports the “tfm_ns_interface_dispatch()” API and enables NS OS to implement it according to NS OS and application specific requirement, such as NS interface lock operations.

 

Any comment is welcome!

 

Best regards,

Hu Ziji