Hi Poppy,
SPRT requires the shared library shall not own static R/W data. ITS filesystem may not satisfy this requirement. Usually, a SP, for example Protected Storage, can rely on ITS service to access data in non-volatile memory.
Best regards, Hu Ziji
From: TF-M tf-m-bounces@lists.trustedfirmware.org On Behalf Of Edward Yang via TF-M Sent: Monday, May 24, 2021 12:54 PM To: tf-m@lists.trustedfirmware.org Subject: [TF-M] A question on tfm its filesystem
Hi,
I'd like to ask a question to see if the filesystem part of tf-m its partition can be moved to lib/sprt folder,to make this filesystem a shared library for PRoT part of tfm.
Therefore,besides its partition, other extra secure partitions can also make use of this filesystem.
Best Regards, Poppy Wu
Macronix Microelectronics (Suzhou) Co.,Ltd Http: //www.mxic.com.cn
CONFIDENTIALITY NOTE:
This e-mail and any attachments may contain confidential information and/or personal data, which is protected by applicable laws. Please be reminded that duplication, disclosure, distribution, or use of this e-mail (and/or its attachments) or any part thereof is prohibited. If you receive this e-mail in error, please notify us immediately and delete this mail as well as its attachment(s) from your system. In addition, please be informed that collection, processing, and/or use of personal data is prohibited unless expressly permitted by personal data protection laws. Thank you for your attention and cooperation.
Macronix International Co., Ltd.
=====================================================================
Hi,
As the design proposal submitted before, https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/8033,we are planning to add a new ETSS partition(External Trusted Secure Storage partition) which supplies
external secure storage services based on secure Flash.
To avoid circular dependency,this new partition needs to access data in external secure Flash on its own rather than relies on tfm ITS service.
Currently,the ETSS reuses tfm ITS filesystem as a temporary solution, it needs to share this filesystem between ITS and ETSS partition to reduce code size.
Should the code sharing between different SP be the same as the code sharing between mcuboot and tf-m runtime firmware implemented as this proposal, https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/4587
or other implementations?
Best Regards, Poppy Wu
Macronix Microelectronics (Suzhou) Co.,Ltd http://www.mxic.com.cn
David Hu David.Hu@arm.com 2021/05/24 13:48
To Edward Yang EdwardYang@mxic.com.cn, "tf-m@lists.trustedfirmware.org" tf-m@lists.trustedfirmware.org cc nd nd@arm.com Subject RE: [TF-M] A question on tfm its filesystem
Hi Poppy,
SPRT requires the shared library shall not own static R/W data. ITS filesystem may not satisfy this requirement. Usually, a SP, for example Protected Storage, can rely on ITS service to access data in non-volatile memory.
Best regards, Hu Ziji
From: TF-M tf-m-bounces@lists.trustedfirmware.org On Behalf Of Edward Yang via TF-M Sent: Monday, May 24, 2021 12:54 PM To: tf-m@lists.trustedfirmware.org Subject: [TF-M] A question on tfm its filesystem
Hi,
I'd like to ask a question to see if the filesystem part of tf-m its partition can be moved to lib/sprt folder,to make this filesystem a shared library for PRoT part of tfm.
Therefore,besides its partition, other extra secure partitions can also make use of this filesystem.
Best Regards, Poppy Wu
Macronix Microelectronics (Suzhou) Co.,Ltd Http: //www.mxic.com.cn CONFIDENTIALITY NOTE: This e-mail and any attachments may contain confidential information and/or personal data, which is protected by applicable laws. Please be reminded that duplication, disclosure, distribution, or use of this e-mail (and/or its attachments) or any part thereof is prohibited. If you receive this e-mail in error, please notify us immediately and delete this mail as well as its attachment(s) from your system. In addition, please be informed that collection, processing, and/or use of personal data is prohibited unless expressly permitted by personal data protection laws. Thank you for your attention and cooperation. Macronix International Co., Ltd. =====================================================================
============================================================================
CONFIDENTIALITY NOTE:
This e-mail and any attachments may contain confidential information and/or personal data, which is protected by applicable laws. Please be reminded that duplication, disclosure, distribution, or use of this e-mail (and/or its attachments) or any part thereof is prohibited. If you receive this e-mail in error, please notify us immediately and delete this mail as well as it attachments from your system. In addition, please be informed that collection, processing, and/or use of personal data is prohibited unless expressly permitted by personal data protection laws. Thank you for your attention and cooperation.
Macronix International Co., Ltd.
=====================================================================
Hi Poppy,
Imoo, these can be two different cases.
MCUBoot doesn’t share code with TF-M at the same time. MCUboot executes the shared code at first during booting. It cleans up variables and handles the system over to TF-M. Then TF-M executes the shared code.
TF-M SPRTL is shared by multiple SPs in runtime. Compared to code sharing between MCUboot and TF-M, SPRTL requires proper runtime isolation configurations. Therefore, SPRTL shall not consist of any R/W data. Otherwise, it is very difficult to manage those shared R/W data in isolation configurations.
As we discussed previously, ETSS can call ITS service API to reuse ITS filesystem. Could you please take a look at PS service which relies on ITS filesystem?
Best regards, Hu Ziji
From: Edward Yang EdwardYang@mxic.com.cn Sent: Monday, May 24, 2021 5:44 PM To: David Hu David.Hu@arm.com; Tamas Ban Tamas.Ban@arm.com; Raef Coles Raef.Coles@arm.com; tf-m@lists.trustedfirmware.org Cc: nd nd@arm.com; tf-m@lists.trustedfirmware.org Subject: RE: [TF-M] A question on tfm filesystem sharing between secure partitions
Hi,
As the design proposal submitted before,https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/8033,we are planning to add a new ETSS partition(External Trusted Secure Storage partition) which supplies
external secure storage services based on secure Flash.
To avoid circular dependency,this new partition needs to access data in external secure Flash on its own rather than relies on tfm ITS service.
Currently,the ETSS reuses tfm ITS filesystem as a temporary solution, it needs to share this filesystem between ITS and ETSS partition to reduce code size.
Should the code sharing between different SP be the same as the code sharing between mcuboot and tf-m runtime firmware implemented as this proposal,https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/4587
or other implementations?
Best Regards, Poppy Wu
Macronix Microelectronics (Suzhou) Co.,Ltd http://www.mxic.com.cnhttp://www.mxic.com.cn/
David Hu <David.Hu@arm.commailto:David.Hu@arm.com>
2021/05/24 13:48 To Edward Yang <EdwardYang@mxic.com.cnmailto:EdwardYang@mxic.com.cn>, "tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org" <tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org> cc nd <nd@arm.commailto:nd@arm.com> Subject RE: [TF-M] A question on tfm its filesystem
Hi Poppy,
SPRT requires the shared library shall not own static R/W data. ITS filesystem may not satisfy this requirement. Usually, a SP, for example Protected Storage, can rely on ITS service to access data in non-volatile memory.
Best regards, Hu Ziji
From: TF-M <tf-m-bounces@lists.trustedfirmware.orgmailto:tf-m-bounces@lists.trustedfirmware.org> On Behalf Of Edward Yang via TF-M Sent: Monday, May 24, 2021 12:54 PM To: tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org Subject: [TF-M] A question on tfm its filesystem
Hi,
I'd like to ask a question to see if the filesystem part of tf-m its partition can be moved to lib/sprt folder,to make this filesystem a shared library for PRoT part of tfm.
Therefore,besides its partition, other extra secure partitions can also make use of this filesystem.
Best Regards, Poppy Wu
Macronix Microelectronics (Suzhou) Co.,Ltd Http: //www.mxic.com.cn
CONFIDENTIALITY NOTE:
This e-mail and any attachments may contain confidential information and/or personal data, which is protected by applicable laws. Please be reminded that duplication, disclosure, distribution, or use of this e-mail (and/or its attachments) or any part thereof is prohibited. If you receive this e-mail in error, please notify us immediately and delete this mail as well as its attachment(s) from your system. In addition, please be informed that collection, processing, and/or use of personal data is prohibited unless expressly permitted by personal data protection laws. Thank you for your attention and cooperation.
Macronix International Co., Ltd.
=====================================================================
CONFIDENTIALITY NOTE:
This e-mail and any attachments may contain confidential information and/or personal data, which is protected by applicable laws. Please be reminded that duplication, disclosure, distribution, or use of this e-mail (and/or its attachments) or any part thereof is prohibited. If you receive this e-mail in error, please notify us immediately and delete this mail as well as it attachments from your system. In addition, please be informed that collection, processing, and/or use of personal data is prohibited unless expressly permitted by personal data protection laws. Thank you for your attention and cooperation.
Macronix International Co., Ltd.
=====================================================================
tf-m@lists.trustedfirmware.org
-
David Hu -
Edward Yang