Hi Øyvind,

Thank you for the proposal. Believe all agreed that NS side shall be separated from S side and be OS independent. There were multiple efforts recently toward this direction like repo split and build system refactoring. I think currently we almost achieve it. Assume you have seen that new build system allows creates S, NS, BL targets independently.

Could you specify the remaining dependencies, you concern?

Thanks, Anton

-----Original Message----- From: TF-M tf-m-bounces@lists.trustedfirmware.org On Behalf Of Rønningstad, Øyvind via TF-M Sent: 02 September 2020 13:31 To: tf-m@lists.trustedfirmware.org Subject: [TF-M] Simpler integration into other projects

Hi list I have a proposal to make it easier to integrate TF-M into other existing projects, e.g. RTOSes such as Zephyr. I'm using Zephyr as an example, but I mean that it should apply to any external project that wants to integrate TF-M.

I'm assuming the project wants to use the secure FW as is, so no change is needed there. However, in the NS FW we want to integrate the NS callable (PSA) API into native Zephyr applications, but the NS ("app") part of TF-M has some OS dependencies that interfere with this.

My proposal is that the TF-M build system creates OS-independent NS libs that can be linked directly into the native Zephyr app. Ideally, the Zephyr build system should need to only do the following: - Call TF-M build system. - Retrieve S binaries (and optionally mcuboot binary). - Link NS lib(s) into project app. - Add include directories to NS callable API.

Additionally, the RTOS will likely need to make an OS wrapper to support the OS functions needed.

Please tell me your thoughts. I'm not an expert in Cmake and libs, so please also tell me if the above is infeasible in any way. I think making such integrations as simple as possible will be very beneficial, not just when doing the initial integration, but continuously, since changes in TF-M will eventually require tweaks in the integration.

Best regards, Øyvind Rønningstad