Hi Gyorgy,
Yes, it looks that this is the issue. I saw exactly this behavior when optimization was set to -O1. Do you think, that ARM will prepare official fix of this file?
Moreover, when I tried to set optimization to -Os, the regression tests have stopped working at TFM_SST_TEST_1XXX test suite. But I did not try to find the reason why, therefore I cannot say more.
Regards
Stanislav
-----Original Message----- From: TF-M [mailto:tf-m-bounces@lists.trustedfirmware.org] On Behalf Of tf-m-request@lists.trustedfirmware.org Sent: Tuesday, April 16, 2019 2:00 PM To: tf-m@lists.trustedfirmware.org Subject: [EXT] TF-M Digest, Vol 6, Issue 12
WARNING: This email was created outside of NXP. DO NOT CLICK links or attachments unless you recognize the sender and know the content is safe.
Send TF-M mailing list submissions to tf-m@lists.trustedfirmware.org
To subscribe or unsubscribe via the World Wide Web, visit https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.trus... or, via email, send a message with subject or body 'help' to tf-m-request@lists.trustedfirmware.org
You can reach the person managing the list at tf-m-owner@lists.trustedfirmware.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of TF-M digest..."
Today's Topics:
1. FW: Trusted boot - rollback protection (Tamas Ban) 2. TF-M ARM GCC Optimization issue (Stanislav Jancik) 3. Re: TF-M ARM GCC Optimization issue (Gyorgy Szing)
----------------------------------------------------------------------
Message: 1 Date: Mon, 15 Apr 2019 14:52:49 +0000 From: Tamas Ban Tamas.Ban@arm.com To: "tf-m@lists.trustedfirmware.org" tf-m@lists.trustedfirmware.org Subject: [TF-M] FW: Trusted boot - rollback protection Message-ID: AM6PR08MB3126592CF647127402DB91C4E22B0@AM6PR08MB3126.eurprd08.prod.outlook.com
Content-Type: text/plain; charset="utf-8"
Actually the design doc propose to use a distinct security counter from image version (ih_ver in header). But in the most simple case this security counter can be derived from the image version, to have the exact same value (ignoring the build number).
The image signature cover these continues blocks in memory: - image header - image - some part of TLV section (currently not covered, but due to multi image support it is planned to introduce a signed TLV section)
Because these are contiguous regions in the memory it is not possible to place only the (header + TLV section) to the trusted memory but miss out the image itself (at least I cannot see how to solve)
Tamas
-----Original Message----- From: TF-M tf-m-bounces@lists.trustedfirmware.org On Behalf Of Michel JAOUEN via TF-M Sent: 08 April 2019 16:20 To: tf-m@lists.trustedfirmware.org Subject: Re: [TF-M] Trusted boot - rollback protection
For the platform without hardware for NV counter, but having trusted memory It is mentioned that the support is possible as follow : "an active image and related manifest data is stored in trusted memory then the included security counter cannot be compromised."
the impact for this implementation in mcu-boot is limited to :
* The test of the version (security counter is ih_ver from mcuboot header)
* The placement of active image and related manifest data in a trusted memory. Is my understanding correct ?
As the placement of full image in a trusted memory is a constraint. Can we limit the information placed in a trusted memory to :
* image header,
* TLV sections. This seems sufficient to support anti roll back.
Of course additional impact on mcu-boot must be planned but as multi image support is also targeted , the placement of all images in a trusted memory is likely to be unachievable for all configurations.
-- TF-M mailing list TF-M@lists.trustedfirmware.org https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.trus... IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
------------------------------
Message: 2 Date: Tue, 16 Apr 2019 11:21:05 +0000 From: Stanislav Jancik stanislav.jancik@nxp.com To: "tf-m@lists.trustedfirmware.org" tf-m@lists.trustedfirmware.org Subject: [TF-M] TF-M ARM GCC Optimization issue Message-ID: VI1PR04MB63200EB729C45B420D211A2890240@VI1PR04MB6320.eurprd04.prod.outlook.com
Content-Type: text/plain; charset="us-ascii"
Hi,
I am currently working on porting TF-M to our (NXP's) LPC55S69 platform. We have supported armclang compiler and we work on support of armgcc compiler. I found out, that the TF-M is working correctly only with optimization -O0 for secure code. I use "7 2018-q2-update" compiler.
For example, when optimization -O1 is set for secure code, the regression tests are running correctly until TFM_IPC_TEST_1XXX test suite. When I debugged this issue, I found out that function and arguments are not properly assigned in function tfm_core_ns_ipc_request (tfm_psa_api_client.c). When I updated this function so the variables int32_t args[4]; struct tfm_sfn_req_s desc, *desc_ptr = &desc; and nt32_t res; were global instead of local. The tests have started running correctly.
I so similar issue, when optimization was -Os, but only secure test suites run correctly in this case. I did not see such a behavior when I used armclang compiler.
Did you try to use different optimization at Musca boards as well?
Regards
Stanislav
------------------------------
Message: 3 Date: Tue, 16 Apr 2019 11:58:29 +0000 From: Gyorgy Szing Gyorgy.Szing@arm.com To: "tf-m@lists.trustedfirmware.org" tf-m@lists.trustedfirmware.org Cc: nd nd@arm.com Subject: Re: [TF-M] TF-M ARM GCC Optimization issue Message-ID: VE1PR08MB4928420C61B16FA35C6F9A4D91240@VE1PR08MB4928.eurprd08.prod.outlook.com
Content-Type: text/plain; charset="utf-8"
Hi Stanislav,
Can you please check if the issue described here https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeveloper.... is the same as you are reporting?
/George
-----Original Message----- From: TF-M tf-m-bounces@lists.trustedfirmware.org On Behalf Of Stanislav Jancik via TF-M Sent: 16 April 2019 13:21 To: tf-m@lists.trustedfirmware.org Subject: [TF-M] TF-M ARM GCC Optimization issue
Hi,
I am currently working on porting TF-M to our (NXP's) LPC55S69 platform. We have supported armclang compiler and we work on support of armgcc compiler. I found out, that the TF-M is working correctly only with optimization -O0 for secure code. I use "7 2018-q2-update" compiler.
For example, when optimization -O1 is set for secure code, the regression tests are running correctly until TFM_IPC_TEST_1XXX test suite. When I debugged this issue, I found out that function and arguments are not properly assigned in function tfm_core_ns_ipc_request (tfm_psa_api_client.c). When I updated this function so the variables int32_t args[4]; struct tfm_sfn_req_s desc, *desc_ptr = &desc; and nt32_t res; were global instead of local. The tests have started running correctly.
I so similar issue, when optimization was -Os, but only secure test suites run correctly in this case. I did not see such a behavior when I used armclang compiler.
Did you try to use different optimization at Musca boards as well?
Regards
Stanislav -- TF-M mailing list TF-M@lists.trustedfirmware.org https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.trus...
------------------------------
Subject: Digest Footer
TF-M mailing list TF-M@lists.trustedfirmware.org https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.trus...
------------------------------
End of TF-M Digest, Vol 6, Issue 12 ***********************************
tf-m@lists.trustedfirmware.org
-
Stanislav Jancik