Hi,

The document is updated due to a change in MPU regions part:

In original design, some partition libraries like 'thread_exit' is going to be linked with partition statically, which means there would be multiple copies of these libraries for each partition. This provided strict protection of isolation but it looks over-protect.

If we keep one shared code region for each partition to call these libraries, we could: * Save memory * The protection is enough if we mark the code area as read-only.

In this case, the unprivileged code and RO region needs to be kept and these shared codes could be put there. The requirement of these codes are: * These codes must be thread safe and reentrant * These codes must be put in read-only region

The change mainly happen under section "Linker script sections re-arrangement". Please help to comment.

Thanks!

-Ken

-----Original Message----- From: TF-M tf-m-bounces@lists.trustedfirmware.org On Behalf Of Ken Liu (Arm Technology China) via TF-M Sent: Thursday, March 21, 2019 3:20 PM To: tf-m@lists.trustedfirmware.org Cc: nd nd@arm.com Subject: Re: [TF-M] [RFC] Design document of isolation level 2 on TF-M

Hi, The document is updated, and keep open for comments ; )

The updated content is:

1. Available MPU regions for peripheral has number limitation based on

platform. If a SP needs many un-continuous peripheral registers and the number exceeds available MPU number, it needs further investigation. 2. Rely on linker to clean the unused object files instead of remove them in scatter before the dependency is fully figured out.

Thanks!

-Ken

From: Ken Liu (Arm Technology China) Sent: Tuesday, February 19, 2019 6:44 PM To: tf-m@lists.trustedfirmware.org Cc: nd nd@arm.com Subject: [RFC] Design document of isolation level 2 on TF-M

Hello, The first IPC implementation works under isolation level 1. The high isolation levels need to be there to get compatible with PSA Firmware Framework. A design document is created about implementing isolation level 2 for IPC model: https://developer.trustedfirmware.org/w/tf_m/design/trusted_firmware- m_isolation_level_2/

The mainly change of isolation level 2 compare to isolation level 1 is:

• Put AppRoT Secure Partitions' components with same attribute (code, read-

only data, read-write data) into the same region, which helps MPU setting region attributes.

• Change Secure Partition privileged setting based on Secure Partition type while

scheduling.

• Change mechanism of privileged API, such as printf.

If you have any comments please share it. You can reply in mailing list if there is no place for putting comments on the page.

Thank you!

-Ken

-- TF-M mailing list TF-M@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-m