Hi Anton,

 

Sure, lets discuss it on tech forum.

 

I also agree that the question is only about where to place those files, so we can discuss that, because both ways have their pros and cons.

 

Yes, we do plan to do this work if TFM will not have such a files when we need them. We plan to do this probably in the middle of 2023. If TFM will already provide the files we need then we will not have to do anything 😊.

 

 

Regards,

Bohdan Hunko

 

Cypress Semiconductor Ukraine

Engineer

CSUKR CSS ICW SW FW

Mobile: +38099 50 19 714
Bohdan.Hunko@infineon.com

 

 

From: Anton Komlev <Anton.Komlev@arm.com>
Sent: 27 December 2022 16:34
To: Hunko Bohdan (CSUKR CSS ICW SW FW 3) <Bohdan.Hunko@infineon.com>; David Hu <David.Hu@arm.com>; tf-m@lists.trustedfirmware.org
Cc: nd <nd@arm.com>
Subject: RE: Default implementation of tfm_ns_interface_dispatch()

 

Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments unless you validate it is safe.

 

Hi Bohdan, All

 

Fully support the intention to be more user friendly and there are yet many places for UX improvement.

Regarding this topic I see no contradiction and the point of discussion is where to place the typical implementations. Technically those are the same code and functionality wrapped in

  1. Use-case example
  2. Set of APIs in interface folder

Personally, I see option (a) is cleaner and more straightforward while (b) can lead to a confusion of multiple implementations of the same APIs and always obscure a particular use-case.

If you are doing it anyway it’s worth to think on how to utilize your efforts, assuming you are willing to share it on common benefit.

 

I think it’s worth to discuss it online on the tech forum next week.

 

Cheers,

Anton

 

 

From: Bohdan.Hunko@infineon.com <Bohdan.Hunko@infineon.com>
Sent: Monday, December 26, 2022 1:18 PM
To: David Hu <David.Hu@arm.com>; Anton Komlev <Anton.Komlev@arm.com>; tf-m@lists.trustedfirmware.org
Cc: nd <nd@arm.com>
Subject: RE: Default implementation of tfm_ns_interface_dispatch()

 

Hi all,

 

I agree that TFM should focus on Secure side, but I also think that TFM should be user friendly, because having secure firmware that is hard to integrate is not a good roadmap…

 

Having examples surely helps, BUT we should understand that typically people who are developing NS firmware are not aware of secure side of thing and don’t want to spend time understanding  why implementation of TFM function is not present, where they can find the implementation or how to write it.

I think providing most common implementations of this function as part of NS interface is a good solution because:

  1. This is now a big function and it only uses Semaphores interface, thus it should be fairly easy to write and maintain
  2. User still can write its own implementation if needed
  3. Having this function as part of NS interface install folder simplifies integration process for NSPE developers.

 

Also we can provide descriptive comments in those files to state in which use case scenarios default implementation can and can’t be used.

 

I think our team will do this for our platform any way, so I think it may be effort free for upstream to take the files that we have implemented and place them in common code. We are planning to do this work somewhere around mid-2023.

 

Regards,

Bohdan Hunko

 

Cypress Semiconductor Ukraine

Engineer

CSUKR CSS ICW SW FW

Mobile: +38099 50 19 714
Bohdan.Hunko@infineon.com

 

 

From: David Hu <David.Hu@arm.com>
Sent: 23 December 2022 05:54
To: Anton Komlev <Anton.Komlev@arm.com>; Hunko Bohdan (CSUKR CSS ICW SW FW 3) <Bohdan.Hunko@infineon.com>; tf-m@lists.trustedfirmware.org
Cc: nd <nd@arm.com>
Subject: RE: Default implementation of tfm_ns_interface_dispatch()

 

Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments unless you validate it is safe.

 

Hi Bohdan,

 

The example implementation of tfm_ns_interface_dispatch() based on CMSIS-RTOS is in tf-m-tests tfm_ns_interface.c [1].
The implementation of tfm_ns_interface_dispatch()  depends on usage scenarios and NS OS/bare metal implementation. The implementation/requirement may vary in various use cases and NS RTOS. Therefore, trusted-firmware-m provides an example [2], rather than an actual implementation.
It is aligned with purpose of trusted-firmware-m that trusted-firmware-m focuses on secure side implementation and makes NS side implementation flexible for users/integration.
 
Anton’s proposal looks reasonable and promising. Users can develop their own NS interface implementation based on those examples, according to the usage scenarios.
 
[1] https://git.trustedfirmware.org/TF-M/tf-m-tests.git/tree/app/tfm_ns_interface.c#n18
[2] https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/interface/src/tfm_ns_interface.c.example

 

From: Anton Komlev via TF-M <tf-m@lists.trustedfirmware.org>
Sent: Friday, December 23, 2022 12:43 AM
To: Bohdan.Hunko@infineon.com; tf-m@lists.trustedfirmware.org
Subject: [TF-M] Re: Default implementation of tfm_ns_interface_dispatch()

 

Hi Bohdan,

 

Right, this integration process can be improved. If I understand you correctly you propose to generate several implementations of the interface for typical use cases.

I see an alternative in creating a set of typical integration examples in tf-m-extras repo. Ahead of that we need to split and decouple S <> NS build process for simplicity and avoid redo examples later.

 

Cheers and looking for other opinions,

Anton

 

From: Bohdan.Hunko--- via TF-M <tf-m@lists.trustedfirmware.org>
Sent: Thursday, December 22, 2022 3:24 PM
To: tf-m@lists.trustedfirmware.org
Subject: [TF-M] Default implementation of tfm_ns_interface_dispatch()

 

Hi all,

 

While working on TFM TZ related stuff I have noticed that TFM docs/integration_guide/index.rst states that

 

  • On Armv8-M TrustZone based platforms, NS OS shall implement interface API ``tfm_ns_interface_dispatch()`` to integrate with TF-M implementation of PSA APIs.

 

But currently  neither CMSIS RToS nor FreeRToS implements this function, also there is no default implementation for bare metal case. So currently it is user responsibility to implement this function. Also currently for TFM tests it is implemented in test repository (<tf-m-tests repo>/ app/tfm_ns_interface.c).

 

I think this is bad user experience because each user have to implement this function. I think TFM should provide implementation of this function for most common use cases (for example, CMSIS RToS, AWS FreeRToS, bare metal, …). Files with implementation should be installed during build process.

Default implementations will cover most of use cases and will fit for majority of the users.

 

This way TFM will be more user friendly.

 

What are your thoughts on this topic? Will TFM accept such a patch?

 

Regards,

Bohdan Hunko

 

Cypress Semiconductor Ukraine

Engineer

CSUKR CSS ICW SW FW

Mobile: +38099 50 19 714
Bohdan.Hunko@infineon.com