If using IPC backend, how much performance and/or memory savings is there when using SFN vs IPC partition model?
I saw FF-M v1.1 recommended SFN partition model but it was not clear to me why it was preferred.
Regards,
Brian Quach SimpleLink MCU Texas Instruments Inc. 12500 TI Blvd, MS F-4000 Dallas, TX 75243 214-479-4076
Hi Brian,
some numbers have been shared in this presentation from a while ago:
Microsoft PowerPoint - TF-M Performance Improvement in v1.5.0.pptx (trustedfirmware.org)https://www.trustedfirmware.org/docs/tf-m_forum_20211209-TF-M_Performance-Improvement-in-v1.5.0.pdf
I believe there should be more updated numbers on more recent versions, but I don't seem to find them, maybe somebody else with more updated benchmarking can help here.
Thanks, Antonio
________________________________ From: Quach, Brian via TF-M tf-m@lists.trustedfirmware.org Sent: Thursday, January 18, 2024 00:26 To: tf-m@lists.trustedfirmware.org tf-m@lists.trustedfirmware.org Subject: [TF-M] SFN vs IPC partition with IPC backend
If using IPC backend, how much performance and/or memory savings is there when using SFN vs IPC partition model?
I saw FF-M v1.1 recommended SFN partition model but it was not clear to me why it was preferred.
Regards,
Brian Quach
SimpleLink MCU
Texas Instruments Inc.
12500 TI Blvd, MS F-4000
Dallas, TX 75243
214-479-4076
Hi Brian,
The TF-M release notes capture the TF-M memory usage on one of the Arm reference platforms. Refer - https://trustedfirmware-m.readthedocs.io/en/latest/releases/2.0.0.html
It is probably worth comparing the flash and RAM usage of individual components in ARoTless and Medium Profiles*. Both profile include almost identical services (except Protected Storage). However, ARoTless uses SFN Isolation level1 while medium profile uses IPC isolation level2. From my understanding, SFN which is function call based is supposedly more light weight in terms of performance and memory compared to the IPC mode. Due to limited security guarantees provided by SFN, it is recommended to be used only in isolation level1. You might already know all this.
The PSA FF-M API calls are more expensive when in IPC mode compared to SFN model. The squad dashboard here tracks the cycle count for the various FF-M PSA API calls for IPC and SFN for various isolation levels. https://qa-reports.linaro.org/tf/tf-m/metrics/?environment=CoreIPC&envir...:
The required build environment and API calls can be selected in the dashboard. I have selected a few for your reference - https://qa-reports.linaro.org/tf/tf-m/metrics/?environment=PERF-AN521-GCC-Le...
Regards, Shebu
* https://trustedfirmware-m.readthedocs.io/en/latest/configuration/profiles/tf... https://trustedfirmware-m.readthedocs.io/en/latest/configuration/profiles/tf...
From: Antonio De Angelis via TF-M tf-m@lists.trustedfirmware.org Sent: Thursday, January 18, 2024 9:34 AM To: tf-m@lists.trustedfirmware.org; Quach, Brian brian@ti.com Subject: [TF-M] Re: SFN vs IPC partition with IPC backend
Hi Brian,
some numbers have been shared in this presentation from a while ago:
Microsoft PowerPoint - TF-M Performance Improvement in v1.5.0.pptx (trustedfirmware.org)https://www.trustedfirmware.org/docs/tf-m_forum_20211209-TF-M_Performance-Improvement-in-v1.5.0.pdf
I believe there should be more updated numbers on more recent versions, but I don't seem to find them, maybe somebody else with more updated benchmarking can help here.
Thanks, Antonio ________________________________ From: Quach, Brian via TF-M <tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org> Sent: Thursday, January 18, 2024 00:26 To: tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org <tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org> Subject: [TF-M] SFN vs IPC partition with IPC backend
If using IPC backend, how much performance and/or memory savings is there when using SFN vs IPC partition model?
I saw FF-M v1.1 recommended SFN partition model but it was not clear to me why it was preferred.
Regards,
Brian Quach
SimpleLink MCU
Texas Instruments Inc.
12500 TI Blvd, MS F-4000
Dallas, TX 75243
214-479-4076
Hi Shebu,
Thanks for the info but I think you are referring to IPC vs SFN backend. IPC backend is needed for Isolation level > 1 as you said. I am using IPC backend. I’m wondering how using SFN vs IPC frontend with the IPC backend affects performance & size. All the partitions in TFM are currently SFN frontend so none of the metrics cover IPC frontend.
Hi Antonio,
Thanks for the presentation but I think it only shows IPC vs SFN backends only.
Regards, Brian
From: Shebu Varghese Kuriakose Shebu.VargheseKuriakose@arm.com Sent: Thursday, January 18, 2024 7:50 AM To: tf-m@lists.trustedfirmware.org; Quach, Brian brian@ti.com Cc: nd nd@arm.com; Antonio De Angelis Antonio.DeAngelis@arm.com Subject: [EXTERNAL] RE: SFN vs IPC partition with IPC backend
Hi Brian, The TF-M release notes capture the TF-M memory usage on one of the Arm reference platforms. Refer - https: //trustedfirmware-m. readthedocs. io/en/latest/releases/2. 0. 0. html It is probably worth comparing the flash and RAM usage of individual ZjQcmQRYFpfptBannerStart This Message Is From an External Sender
This message came from outside your organization.
ZjQcmQRYFpfptBannerEnd Hi Brian,
The TF-M release notes capture the TF-M memory usage on one of the Arm reference platforms. Refer - https://trustedfirmware-m.readthedocs.io/en/latest/releases/2.0.0.htmlhttps://urldefense.com/v3/__https:/trustedfirmware-m.readthedocs.io/en/latest/releases/2.0.0.html__;!!G3vK!WdS1Ml94ptZFNlUAjfnBB4wjgRsaVH4F0psHmbhWAWi7qaLCGpqxpQtL8kmJTOlgvd8qhNW0YoQGZohpDg$
It is probably worth comparing the flash and RAM usage of individual components in ARoTless and Medium Profiles*. Both profile include almost identical services (except Protected Storage). However, ARoTless uses SFN Isolation level1 while medium profile uses IPC isolation level2. From my understanding, SFN which is function call based is supposedly more light weight in terms of performance and memory compared to the IPC mode. Due to limited security guarantees provided by SFN, it is recommended to be used only in isolation level1. You might already know all this.
The PSA FF-M API calls are more expensive when in IPC mode compared to SFN model. The squad dashboard here tracks the cycle count for the various FF-M PSA API calls for IPC and SFN for various isolation levels. https://qa-reports.linaro.org/tf/tf-m/metrics/?environment=CoreIPC&envir...https://urldefense.com/v3/__https:/qa-reports.linaro.org/tf/tf-m/metrics/?environment=CoreIPC&environment=Default&environment=CoreIPCTfmLevel2&environment=DefaultProfileM&environment=DefaultProfileS&metric=:summary__;!!G3vK!WdS1Ml94ptZFNlUAjfnBB4wjgRsaVH4F0psHmbhWAWi7qaLCGpqxpQtL8kmJTOlgvd8qhNW0YoRRnvTpIQ$:
The required build environment and API calls can be selected in the dashboard. I have selected a few for your reference - https://qa-reports.linaro.org/tf/tf-m/metrics/?environment=PERF-AN521-GCC-Le...https://urldefense.com/v3/__https:/qa-reports.linaro.org/tf/tf-m/metrics/?environment=PERF-AN521-GCC-Level1-SFN-Release&environment=PERF-AN521-GCC-Level1-IPC-Release&environment=PERF-AN521-GCC-Level2-IPC-Release&metric=:summary:&metric=ns_psa_call&metric=ns_psa_connect&metric=ns_psa_close&metric=ns_psa_call_stateless&metric=s_psa_call&range_ns_psa_connect=96,100__;!!G3vK!WdS1Ml94ptZFNlUAjfnBB4wjgRsaVH4F0psHmbhWAWi7qaLCGpqxpQtL8kmJTOlgvd8qhNW0YoT7CQggXA$
Regards, Shebu
* https://trustedfirmware-m.readthedocs.io/en/latest/configuration/profiles/tf...https://urldefense.com/v3/__https:/trustedfirmware-m.readthedocs.io/en/latest/configuration/profiles/tfm_profile_medium_arot-less.html__;!!G3vK!WdS1Ml94ptZFNlUAjfnBB4wjgRsaVH4F0psHmbhWAWi7qaLCGpqxpQtL8kmJTOlgvd8qhNW0YoQwsyYTAw$ https://trustedfirmware-m.readthedocs.io/en/latest/configuration/profiles/tf...https://urldefense.com/v3/__https:/trustedfirmware-m.readthedocs.io/en/latest/configuration/profiles/tfm_profile_medium.html__;!!G3vK!WdS1Ml94ptZFNlUAjfnBB4wjgRsaVH4F0psHmbhWAWi7qaLCGpqxpQtL8kmJTOlgvd8qhNW0YoS3fjp54g$
From: Antonio De Angelis via TF-M <tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org> Sent: Thursday, January 18, 2024 9:34 AM To: tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org; Quach, Brian <brian@ti.commailto:brian@ti.com> Subject: [TF-M] Re: SFN vs IPC partition with IPC backend
Hi Brian,
some numbers have been shared in this presentation from a while ago:
Microsoft PowerPoint - TF-M Performance Improvement in v1.5.0.pptx (trustedfirmware.org)https://urldefense.com/v3/__https:/www.trustedfirmware.org/docs/tf-m_forum_20211209-TF-M_Performance-Improvement-in-v1.5.0.pdf__;!!G3vK!WdS1Ml94ptZFNlUAjfnBB4wjgRsaVH4F0psHmbhWAWi7qaLCGpqxpQtL8kmJTOlgvd8qhNW0YoRBkS-bQw$
I believe there should be more updated numbers on more recent versions, but I don't seem to find them, maybe somebody else with more updated benchmarking can help here.
Thanks, Antonio ________________________________ From: Quach, Brian via TF-M <tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org> Sent: Thursday, January 18, 2024 00:26 To: tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org <tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org> Subject: [TF-M] SFN vs IPC partition with IPC backend
If using IPC backend, how much performance and/or memory savings is there when using SFN vs IPC partition model?
I saw FF-M v1.1 recommended SFN partition model but it was not clear to me why it was preferred.
Regards,
Brian Quach
SimpleLink MCU
Texas Instruments Inc.
12500 TI Blvd, MS F-4000
Dallas, TX 75243
214-479-4076
I did some of my own benchmarking with IPC backend (medium profile) and either SFN or IPC frontends. Cycle counts measured using DWT counter. I was expecting SFN frontend to be faster, but it’s actually slightly slower than IPC frontend at least with our platform. Is this expected from the TFM code perspective?
SFN frontend: PSA API benchmarks in cycles: psa_framework_version() call time = 340 BENCH_SP psa_version() call time = 429 BENCH_SP psa_connect() call time = 2884 BENCH_SP psa_call() set TS: call time to = 2470, from = 1155, rt = 3625 BENCH_SP psa_call() NULL 0 invecs: call time to = 1819, from = 1161, rt = 2980 BENCH_SP psa_call() NULL 1 invecs: call time to = 2025, from = 1152, rt = 3177 BENCH_SP psa_call() NULL 2 invecs: call time to = 2153, from = 1152, rt = 3305 BENCH_SP psa_call() NULL 3 invecs: call time to = 2313, from = 1155, rt = 3468
IPC frontend: PSA API benchmarks in cycles: psa_framework_version() call time = 339 BENCH_SP psa_version() call time = 433 BENCH_SP psa_connect() call time = 2866 BENCH_SP psa_call() set TS: call time to = 2458, from = 1147, rt = 3605 BENCH_SP psa_call() NULL 0 invecs: call time to = 1777, from = 1146, rt = 2923 BENCH_SP psa_call() NULL 1 invecs: call time to = 1974, from = 1146, rt = 3120 BENCH_SP psa_call() NULL 2 invecs: call time to = 2109, from = 1133, rt = 3242 BENCH_SP psa_call() NULL 3 invecs: call time to = 2244, from = 1136, rt = 3380
rt = round trip
Regards, Brian
From: Quach, Brian via TF-M tf-m@lists.trustedfirmware.org Sent: Thursday, January 18, 2024 12:08 PM To: Shebu Varghese Kuriakose Shebu.VargheseKuriakose@arm.com; tf-m@lists.trustedfirmware.org Cc: nd nd@arm.com; Antonio De Angelis Antonio.DeAngelis@arm.com Subject: [EXTERNAL] [TF-M] Re: SFN vs IPC partition with IPC backend
Hi Shebu, Thanks for the info but I think you are referring to IPC vs SFN backend. IPC backend is needed for Isolation level > 1 as you said. I am using IPC backend. I’m wondering how using SFN vs IPC frontend with the IPC backend affects ZjQcmQRYFpfptBannerStart This Message Is From an External Sender
This message came from outside your organization.
ZjQcmQRYFpfptBannerEnd Hi Shebu,
Thanks for the info but I think you are referring to IPC vs SFN backend. IPC backend is needed for Isolation level > 1 as you said. I am using IPC backend. I’m wondering how using SFN vs IPC frontend with the IPC backend affects performance & size. All the partitions in TFM are currently SFN frontend so none of the metrics cover IPC frontend.
Hi Antonio,
Thanks for the presentation but I think it only shows IPC vs SFN backends only.
Regards, Brian
From: Shebu Varghese Kuriakose <Shebu.VargheseKuriakose@arm.commailto:Shebu.VargheseKuriakose@arm.com> Sent: Thursday, January 18, 2024 7:50 AM To: tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org; Quach, Brian <brian@ti.commailto:brian@ti.com> Cc: nd <nd@arm.commailto:nd@arm.com>; Antonio De Angelis <Antonio.DeAngelis@arm.commailto:Antonio.DeAngelis@arm.com> Subject: [EXTERNAL] RE: SFN vs IPC partition with IPC backend
Hi Brian, The TF-M release notes capture the TF-M memory usage on one of the Arm reference platforms. Refer - https: //trustedfirmware-m. readthedocs. io/en/latest/releases/2. 0. 0. html It is probably worth comparing the flash and RAM usage of individual ZjQcmQRYFpfptBannerStart This Message Is From an External Sender
This message came from outside your organization.
ZjQcmQRYFpfptBannerEnd Hi Brian,
The TF-M release notes capture the TF-M memory usage on one of the Arm reference platforms. Refer - https://trustedfirmware-m.readthedocs.io/en/latest/releases/2.0.0.htmlhttps://urldefense.com/v3/__https:/trustedfirmware-m.readthedocs.io/en/latest/releases/2.0.0.html__;!!G3vK!WdS1Ml94ptZFNlUAjfnBB4wjgRsaVH4F0psHmbhWAWi7qaLCGpqxpQtL8kmJTOlgvd8qhNW0YoQGZohpDg$
It is probably worth comparing the flash and RAM usage of individual components in ARoTless and Medium Profiles*. Both profile include almost identical services (except Protected Storage). However, ARoTless uses SFN Isolation level1 while medium profile uses IPC isolation level2. From my understanding, SFN which is function call based is supposedly more light weight in terms of performance and memory compared to the IPC mode. Due to limited security guarantees provided by SFN, it is recommended to be used only in isolation level1. You might already know all this.
The PSA FF-M API calls are more expensive when in IPC mode compared to SFN model. The squad dashboard here tracks the cycle count for the various FF-M PSA API calls for IPC and SFN for various isolation levels. https://qa-reports.linaro.org/tf/tf-m/metrics/?environment=CoreIPC&envir...https://urldefense.com/v3/__https:/qa-reports.linaro.org/tf/tf-m/metrics/?environment=CoreIPC&environment=Default&environment=CoreIPCTfmLevel2&environment=DefaultProfileM&environment=DefaultProfileS&metric=:summary__;!!G3vK!WdS1Ml94ptZFNlUAjfnBB4wjgRsaVH4F0psHmbhWAWi7qaLCGpqxpQtL8kmJTOlgvd8qhNW0YoRRnvTpIQ$:
The required build environment and API calls can be selected in the dashboard. I have selected a few for your reference - https://qa-reports.linaro.org/tf/tf-m/metrics/?environment=PERF-AN521-GCC-Le...https://urldefense.com/v3/__https:/qa-reports.linaro.org/tf/tf-m/metrics/?environment=PERF-AN521-GCC-Level1-SFN-Release&environment=PERF-AN521-GCC-Level1-IPC-Release&environment=PERF-AN521-GCC-Level2-IPC-Release&metric=:summary:&metric=ns_psa_call&metric=ns_psa_connect&metric=ns_psa_close&metric=ns_psa_call_stateless&metric=s_psa_call&range_ns_psa_connect=96,100__;!!G3vK!WdS1Ml94ptZFNlUAjfnBB4wjgRsaVH4F0psHmbhWAWi7qaLCGpqxpQtL8kmJTOlgvd8qhNW0YoT7CQggXA$
Regards, Shebu
* https://trustedfirmware-m.readthedocs.io/en/latest/configuration/profiles/tf...https://urldefense.com/v3/__https:/trustedfirmware-m.readthedocs.io/en/latest/configuration/profiles/tfm_profile_medium_arot-less.html__;!!G3vK!WdS1Ml94ptZFNlUAjfnBB4wjgRsaVH4F0psHmbhWAWi7qaLCGpqxpQtL8kmJTOlgvd8qhNW0YoQwsyYTAw$ https://trustedfirmware-m.readthedocs.io/en/latest/configuration/profiles/tf...https://urldefense.com/v3/__https:/trustedfirmware-m.readthedocs.io/en/latest/configuration/profiles/tfm_profile_medium.html__;!!G3vK!WdS1Ml94ptZFNlUAjfnBB4wjgRsaVH4F0psHmbhWAWi7qaLCGpqxpQtL8kmJTOlgvd8qhNW0YoS3fjp54g$
From: Antonio De Angelis via TF-M <tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org> Sent: Thursday, January 18, 2024 9:34 AM To: tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org; Quach, Brian <brian@ti.commailto:brian@ti.com> Subject: [TF-M] Re: SFN vs IPC partition with IPC backend
Hi Brian,
some numbers have been shared in this presentation from a while ago:
Microsoft PowerPoint - TF-M Performance Improvement in v1.5.0.pptx (trustedfirmware.org)https://urldefense.com/v3/__https:/www.trustedfirmware.org/docs/tf-m_forum_20211209-TF-M_Performance-Improvement-in-v1.5.0.pdf__;!!G3vK!WdS1Ml94ptZFNlUAjfnBB4wjgRsaVH4F0psHmbhWAWi7qaLCGpqxpQtL8kmJTOlgvd8qhNW0YoRBkS-bQw$
I believe there should be more updated numbers on more recent versions, but I don't seem to find them, maybe somebody else with more updated benchmarking can help here.
Thanks, Antonio ________________________________ From: Quach, Brian via TF-M <tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org> Sent: Thursday, January 18, 2024 00:26 To: tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org <tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org> Subject: [TF-M] SFN vs IPC partition with IPC backend
If using IPC backend, how much performance and/or memory savings is there when using SFN vs IPC partition model?
I saw FF-M v1.1 recommended SFN partition model but it was not clear to me why it was preferred.
Regards,
Brian Quach
SimpleLink MCU
Texas Instruments Inc.
12500 TI Blvd, MS F-4000
Dallas, TX 75243
214-479-4076
Hi Brian,
TF-M itself can be configured at build time to have either IPC or SFN backends. The "frontend" component mentioned in some design docs (i.e. spm_backend.rst) can't be freely chosen and is just an implementation aspect that encapsulates the mechanism to interact with the chosen backend from the same PSA APIs. In particular, if a partition is designed for the SFN model (i.e. "model": "SFN" in the partition manifest) it just means that at build time with the IPC backend there will be an additional implementation specific mechanism to allow scheduling those partitions within the IPC framework. Note that if you're using profile medium, it will automatically select the IPC backend so your profile numbers are probably just profiling the same IPC backend in both cases. Also note that a partition that supports only the IPC model, won't build at all if the selected backend is SFN (but all default partitions support the SFN model anyway). Only way to make sure that the backend is changed is to set the -DCONFIG_TFM_SPM_BACKEND to either IPC or SFN at build time.
The presentation shared in my original message shows the performance improvements that were obtained at that time between releases of TF-M with the IPC backend, and how the SFN backend compared to IPC backend in terms of cycle count on the newest (at that time) release.
Hope this helps.
Thanks, Antonio
________________________________ From: Quach, Brian via TF-M tf-m@lists.trustedfirmware.org Sent: Thursday, January 18, 2024 23:52 To: Quach, Brian brian@ti.com; Shebu Varghese Kuriakose Shebu.VargheseKuriakose@arm.com; tf-m@lists.trustedfirmware.org tf-m@lists.trustedfirmware.org Cc: nd nd@arm.com; Antonio De Angelis Antonio.DeAngelis@arm.com Subject: [TF-M] Re: SFN vs IPC partition with IPC backend
I did some of my own benchmarking with IPC backend (medium profile) and either SFN or IPC frontends. Cycle counts measured using DWT counter. I was expecting SFN frontend to be faster, but it’s actually slightly slower than IPC frontend at least with our platform. Is this expected from the TFM code perspective?
SFN frontend:
PSA API benchmarks in cycles:
psa_framework_version() call time = 340
BENCH_SP psa_version() call time = 429
BENCH_SP psa_connect() call time = 2884
BENCH_SP psa_call() set TS: call time to = 2470, from = 1155, rt = 3625
BENCH_SP psa_call() NULL 0 invecs: call time to = 1819, from = 1161, rt = 2980
BENCH_SP psa_call() NULL 1 invecs: call time to = 2025, from = 1152, rt = 3177
BENCH_SP psa_call() NULL 2 invecs: call time to = 2153, from = 1152, rt = 3305
BENCH_SP psa_call() NULL 3 invecs: call time to = 2313, from = 1155, rt = 3468
IPC frontend: PSA API benchmarks in cycles:
psa_framework_version() call time = 339
BENCH_SP psa_version() call time = 433
BENCH_SP psa_connect() call time = 2866
BENCH_SP psa_call() set TS: call time to = 2458, from = 1147, rt = 3605
BENCH_SP psa_call() NULL 0 invecs: call time to = 1777, from = 1146, rt = 2923
BENCH_SP psa_call() NULL 1 invecs: call time to = 1974, from = 1146, rt = 3120
BENCH_SP psa_call() NULL 2 invecs: call time to = 2109, from = 1133, rt = 3242
BENCH_SP psa_call() NULL 3 invecs: call time to = 2244, from = 1136, rt = 3380
rt = round trip
Regards, Brian
From: Quach, Brian via TF-M tf-m@lists.trustedfirmware.org Sent: Thursday, January 18, 2024 12:08 PM To: Shebu Varghese Kuriakose Shebu.VargheseKuriakose@arm.com; tf-m@lists.trustedfirmware.org Cc: nd nd@arm.com; Antonio De Angelis Antonio.DeAngelis@arm.com Subject: [EXTERNAL] [TF-M] Re: SFN vs IPC partition with IPC backend
Hi Shebu, Thanks for the info but I think you are referring to IPC vs SFN backend. IPC backend is needed for Isolation level > 1 as you said. I am using IPC backend. I’m wondering how using SFN vs IPC frontend with the IPC backend affects
ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender
This message came from outside your organization.
ZjQcmQRYFpfptBannerEnd
Hi Shebu,
Thanks for the info but I think you are referring to IPC vs SFN backend. IPC backend is needed for Isolation level > 1 as you said. I am using IPC backend. I’m wondering how using SFN vs IPC frontend with the IPC backend affects performance & size. All the partitions in TFM are currently SFN frontend so none of the metrics cover IPC frontend.
Hi Antonio,
Thanks for the presentation but I think it only shows IPC vs SFN backends only.
Regards, Brian
From: Shebu Varghese Kuriakose <Shebu.VargheseKuriakose@arm.commailto:Shebu.VargheseKuriakose@arm.com> Sent: Thursday, January 18, 2024 7:50 AM To: tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org; Quach, Brian <brian@ti.commailto:brian@ti.com> Cc: nd <nd@arm.commailto:nd@arm.com>; Antonio De Angelis <Antonio.DeAngelis@arm.commailto:Antonio.DeAngelis@arm.com> Subject: [EXTERNAL] RE: SFN vs IPC partition with IPC backend
Hi Brian, The TF-M release notes capture the TF-M memory usage on one of the Arm reference platforms. Refer - https: //trustedfirmware-m. readthedocs. io/en/latest/releases/2. 0. 0. html It is probably worth comparing the flash and RAM usage of individual
ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender
This message came from outside your organization.
ZjQcmQRYFpfptBannerEnd
Hi Brian,
The TF-M release notes capture the TF-M memory usage on one of the Arm reference platforms. Refer - https://trustedfirmware-m.readthedocs.io/en/latest/releases/2.0.0.htmlhttps://urldefense.com/v3/__https:/trustedfirmware-m.readthedocs.io/en/latest/releases/2.0.0.html__;!!G3vK!WdS1Ml94ptZFNlUAjfnBB4wjgRsaVH4F0psHmbhWAWi7qaLCGpqxpQtL8kmJTOlgvd8qhNW0YoQGZohpDg$
It is probably worth comparing the flash and RAM usage of individual components in ARoTless and Medium Profiles*. Both profile include almost identical services (except Protected Storage). However, ARoTless uses SFN Isolation level1 while medium profile uses IPC isolation level2.
From my understanding, SFN which is function call based is supposedly more light weight in terms of performance and memory compared to the IPC mode. Due to limited security guarantees provided by SFN, it is recommended to be used only in isolation level1. You might already know all this.
The PSA FF-M API calls are more expensive when in IPC mode compared to SFN model. The squad dashboard here tracks the cycle count for the various FF-M PSA API calls for IPC and SFN for various isolation levels.
https://qa-reports.linaro.org/tf/tf-m/metrics/?environment=CoreIPC&envir...https://urldefense.com/v3/__https:/qa-reports.linaro.org/tf/tf-m/metrics/?environment=CoreIPC&environment=Default&environment=CoreIPCTfmLevel2&environment=DefaultProfileM&environment=DefaultProfileS&metric=:summary__;!!G3vK!WdS1Ml94ptZFNlUAjfnBB4wjgRsaVH4F0psHmbhWAWi7qaLCGpqxpQtL8kmJTOlgvd8qhNW0YoRRnvTpIQ$:
The required build environment and API calls can be selected in the dashboard. I have selected a few for your reference - https://qa-reports.linaro.org/tf/tf-m/metrics/?environment=PERF-AN521-GCC-Le...https://urldefense.com/v3/__https:/qa-reports.linaro.org/tf/tf-m/metrics/?environment=PERF-AN521-GCC-Level1-SFN-Release&environment=PERF-AN521-GCC-Level1-IPC-Release&environment=PERF-AN521-GCC-Level2-IPC-Release&metric=:summary:&metric=ns_psa_call&metric=ns_psa_connect&metric=ns_psa_close&metric=ns_psa_call_stateless&metric=s_psa_call&range_ns_psa_connect=96,100__;!!G3vK!WdS1Ml94ptZFNlUAjfnBB4wjgRsaVH4F0psHmbhWAWi7qaLCGpqxpQtL8kmJTOlgvd8qhNW0YoT7CQggXA$
Regards,
Shebu
* https://trustedfirmware-m.readthedocs.io/en/latest/configuration/profiles/tf...https://urldefense.com/v3/__https:/trustedfirmware-m.readthedocs.io/en/latest/configuration/profiles/tfm_profile_medium_arot-less.html__;!!G3vK!WdS1Ml94ptZFNlUAjfnBB4wjgRsaVH4F0psHmbhWAWi7qaLCGpqxpQtL8kmJTOlgvd8qhNW0YoQwsyYTAw$
https://trustedfirmware-m.readthedocs.io/en/latest/configuration/profiles/tf...https://urldefense.com/v3/__https:/trustedfirmware-m.readthedocs.io/en/latest/configuration/profiles/tfm_profile_medium.html__;!!G3vK!WdS1Ml94ptZFNlUAjfnBB4wjgRsaVH4F0psHmbhWAWi7qaLCGpqxpQtL8kmJTOlgvd8qhNW0YoS3fjp54g$
From: Antonio De Angelis via TF-M <tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org> Sent: Thursday, January 18, 2024 9:34 AM To: tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org; Quach, Brian <brian@ti.commailto:brian@ti.com> Subject: [TF-M] Re: SFN vs IPC partition with IPC backend
Hi Brian,
some numbers have been shared in this presentation from a while ago:
Microsoft PowerPoint - TF-M Performance Improvement in v1.5.0.pptx (trustedfirmware.org)https://urldefense.com/v3/__https:/www.trustedfirmware.org/docs/tf-m_forum_20211209-TF-M_Performance-Improvement-in-v1.5.0.pdf__;!!G3vK!WdS1Ml94ptZFNlUAjfnBB4wjgRsaVH4F0psHmbhWAWi7qaLCGpqxpQtL8kmJTOlgvd8qhNW0YoRBkS-bQw$
I believe there should be more updated numbers on more recent versions, but I don't seem to find them, maybe somebody else with more updated benchmarking can help here.
Thanks,
Antonio
________________________________
From: Quach, Brian via TF-M <tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org> Sent: Thursday, January 18, 2024 00:26 To: tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org <tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org> Subject: [TF-M] SFN vs IPC partition with IPC backend
If using IPC backend, how much performance and/or memory savings is there when using SFN vs IPC partition model?
I saw FF-M v1.1 recommended SFN partition model but it was not clear to me why it was preferred.
Regards,
Brian Quach
SimpleLink MCU
Texas Instruments Inc.
12500 TI Blvd, MS F-4000
Dallas, TX 75243
214-479-4076
Just to add on top of my previous email: I believe what you're really benchmarking here is the additional overhead of running an "SFN model" partition with IPC backend, if what you're really changing in the benchmark below is just the model of the partition.
If this is the case, of course the recommendation would be just to use IPC model partitions with the IPC backendto get rid of this overhead. The recommendations made in the docs (or in the FF-M spec) where the SFN model is recommended for constrained devices is different, in the sense that is the SFN backend that is being recommended for such use cases. But if you need to use higher level of isolation, the SFN backend is not an option, and in that case you will be better using IPC model partitions with the IPC backend.
Thanks, Antonio
________________________________ From: Antonio De Angelis via TF-M tf-m@lists.trustedfirmware.org Sent: Friday, January 19, 2024 10:42 To: Quach, Brian brian@ti.com; Shebu Varghese Kuriakose Shebu.VargheseKuriakose@arm.com; tf-m@lists.trustedfirmware.org tf-m@lists.trustedfirmware.org Cc: nd nd@arm.com Subject: [TF-M] Re: SFN vs IPC partition with IPC backend
Hi Brian,
TF-M itself can be configured at build time to have either IPC or SFN backends. The "frontend" component mentioned in some design docs (i.e. spm_backend.rst) can't be freely chosen and is just an implementation aspect that encapsulates the mechanism to interact with the chosen backend from the same PSA APIs. In particular, if a partition is designed for the SFN model (i.e. "model": "SFN" in the partition manifest) it just means that at build time with the IPC backend there will be an additional implementation specific mechanism to allow scheduling those partitions within the IPC framework. Note that if you're using profile medium, it will automatically select the IPC backend so your profile numbers are probably just profiling the same IPC backend in both cases. Also note that a partition that supports only the IPC model, won't build at all if the selected backend is SFN (but all default partitions support the SFN model anyway). Only way to make sure that the backend is changed is to set the -DCONFIG_TFM_SPM_BACKEND to either IPC or SFN at build time.
The presentation shared in my original message shows the performance improvements that were obtained at that time between releases of TF-M with the IPC backend, and how the SFN backend compared to IPC backend in terms of cycle count on the newest (at that time) release.
Hope this helps.
Thanks, Antonio
________________________________ From: Quach, Brian via TF-M tf-m@lists.trustedfirmware.org Sent: Thursday, January 18, 2024 23:52 To: Quach, Brian brian@ti.com; Shebu Varghese Kuriakose Shebu.VargheseKuriakose@arm.com; tf-m@lists.trustedfirmware.org tf-m@lists.trustedfirmware.org Cc: nd nd@arm.com; Antonio De Angelis Antonio.DeAngelis@arm.com Subject: [TF-M] Re: SFN vs IPC partition with IPC backend
I did some of my own benchmarking with IPC backend (medium profile) and either SFN or IPC frontends. Cycle counts measured using DWT counter. I was expecting SFN frontend to be faster, but it’s actually slightly slower than IPC frontend at least with our platform. Is this expected from the TFM code perspective?
SFN frontend:
PSA API benchmarks in cycles:
psa_framework_version() call time = 340
BENCH_SP psa_version() call time = 429
BENCH_SP psa_connect() call time = 2884
BENCH_SP psa_call() set TS: call time to = 2470, from = 1155, rt = 3625
BENCH_SP psa_call() NULL 0 invecs: call time to = 1819, from = 1161, rt = 2980
BENCH_SP psa_call() NULL 1 invecs: call time to = 2025, from = 1152, rt = 3177
BENCH_SP psa_call() NULL 2 invecs: call time to = 2153, from = 1152, rt = 3305
BENCH_SP psa_call() NULL 3 invecs: call time to = 2313, from = 1155, rt = 3468
IPC frontend: PSA API benchmarks in cycles:
psa_framework_version() call time = 339
BENCH_SP psa_version() call time = 433
BENCH_SP psa_connect() call time = 2866
BENCH_SP psa_call() set TS: call time to = 2458, from = 1147, rt = 3605
BENCH_SP psa_call() NULL 0 invecs: call time to = 1777, from = 1146, rt = 2923
BENCH_SP psa_call() NULL 1 invecs: call time to = 1974, from = 1146, rt = 3120
BENCH_SP psa_call() NULL 2 invecs: call time to = 2109, from = 1133, rt = 3242
BENCH_SP psa_call() NULL 3 invecs: call time to = 2244, from = 1136, rt = 3380
rt = round trip
Regards, Brian
From: Quach, Brian via TF-M tf-m@lists.trustedfirmware.org Sent: Thursday, January 18, 2024 12:08 PM To: Shebu Varghese Kuriakose Shebu.VargheseKuriakose@arm.com; tf-m@lists.trustedfirmware.org Cc: nd nd@arm.com; Antonio De Angelis Antonio.DeAngelis@arm.com Subject: [EXTERNAL] [TF-M] Re: SFN vs IPC partition with IPC backend
Hi Shebu, Thanks for the info but I think you are referring to IPC vs SFN backend. IPC backend is needed for Isolation level > 1 as you said. I am using IPC backend. I’m wondering how using SFN vs IPC frontend with the IPC backend affects
ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender
This message came from outside your organization.
ZjQcmQRYFpfptBannerEnd
Hi Shebu,
Thanks for the info but I think you are referring to IPC vs SFN backend. IPC backend is needed for Isolation level > 1 as you said. I am using IPC backend. I’m wondering how using SFN vs IPC frontend with the IPC backend affects performance & size. All the partitions in TFM are currently SFN frontend so none of the metrics cover IPC frontend.
Hi Antonio,
Thanks for the presentation but I think it only shows IPC vs SFN backends only.
Regards, Brian
From: Shebu Varghese Kuriakose <Shebu.VargheseKuriakose@arm.commailto:Shebu.VargheseKuriakose@arm.com> Sent: Thursday, January 18, 2024 7:50 AM To: tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org; Quach, Brian <brian@ti.commailto:brian@ti.com> Cc: nd <nd@arm.commailto:nd@arm.com>; Antonio De Angelis <Antonio.DeAngelis@arm.commailto:Antonio.DeAngelis@arm.com> Subject: [EXTERNAL] RE: SFN vs IPC partition with IPC backend
Hi Brian, The TF-M release notes capture the TF-M memory usage on one of the Arm reference platforms. Refer - https: //trustedfirmware-m. readthedocs. io/en/latest/releases/2. 0. 0. html It is probably worth comparing the flash and RAM usage of individual
ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender
This message came from outside your organization.
ZjQcmQRYFpfptBannerEnd
Hi Brian,
The TF-M release notes capture the TF-M memory usage on one of the Arm reference platforms. Refer - https://trustedfirmware-m.readthedocs.io/en/latest/releases/2.0.0.htmlhttps://urldefense.com/v3/__https:/trustedfirmware-m.readthedocs.io/en/latest/releases/2.0.0.html__;!!G3vK!WdS1Ml94ptZFNlUAjfnBB4wjgRsaVH4F0psHmbhWAWi7qaLCGpqxpQtL8kmJTOlgvd8qhNW0YoQGZohpDg$
It is probably worth comparing the flash and RAM usage of individual components in ARoTless and Medium Profiles*. Both profile include almost identical services (except Protected Storage). However, ARoTless uses SFN Isolation level1 while medium profile uses IPC isolation level2.
From my understanding, SFN which is function call based is supposedly more light weight in terms of performance and memory compared to the IPC mode. Due to limited security guarantees provided by SFN, it is recommended to be used only in isolation level1. You might already know all this.
The PSA FF-M API calls are more expensive when in IPC mode compared to SFN model. The squad dashboard here tracks the cycle count for the various FF-M PSA API calls for IPC and SFN for various isolation levels.
https://qa-reports.linaro.org/tf/tf-m/metrics/?environment=CoreIPC&envir...https://urldefense.com/v3/__https:/qa-reports.linaro.org/tf/tf-m/metrics/?environment=CoreIPC&environment=Default&environment=CoreIPCTfmLevel2&environment=DefaultProfileM&environment=DefaultProfileS&metric=:summary__;!!G3vK!WdS1Ml94ptZFNlUAjfnBB4wjgRsaVH4F0psHmbhWAWi7qaLCGpqxpQtL8kmJTOlgvd8qhNW0YoRRnvTpIQ$:
The required build environment and API calls can be selected in the dashboard. I have selected a few for your reference - https://qa-reports.linaro.org/tf/tf-m/metrics/?environment=PERF-AN521-GCC-Le...https://urldefense.com/v3/__https:/qa-reports.linaro.org/tf/tf-m/metrics/?environment=PERF-AN521-GCC-Level1-SFN-Release&environment=PERF-AN521-GCC-Level1-IPC-Release&environment=PERF-AN521-GCC-Level2-IPC-Release&metric=:summary:&metric=ns_psa_call&metric=ns_psa_connect&metric=ns_psa_close&metric=ns_psa_call_stateless&metric=s_psa_call&range_ns_psa_connect=96,100__;!!G3vK!WdS1Ml94ptZFNlUAjfnBB4wjgRsaVH4F0psHmbhWAWi7qaLCGpqxpQtL8kmJTOlgvd8qhNW0YoT7CQggXA$
Regards,
Shebu
* https://trustedfirmware-m.readthedocs.io/en/latest/configuration/profiles/tf...https://urldefense.com/v3/__https:/trustedfirmware-m.readthedocs.io/en/latest/configuration/profiles/tfm_profile_medium_arot-less.html__;!!G3vK!WdS1Ml94ptZFNlUAjfnBB4wjgRsaVH4F0psHmbhWAWi7qaLCGpqxpQtL8kmJTOlgvd8qhNW0YoQwsyYTAw$
https://trustedfirmware-m.readthedocs.io/en/latest/configuration/profiles/tf...https://urldefense.com/v3/__https:/trustedfirmware-m.readthedocs.io/en/latest/configuration/profiles/tfm_profile_medium.html__;!!G3vK!WdS1Ml94ptZFNlUAjfnBB4wjgRsaVH4F0psHmbhWAWi7qaLCGpqxpQtL8kmJTOlgvd8qhNW0YoS3fjp54g$
From: Antonio De Angelis via TF-M <tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org> Sent: Thursday, January 18, 2024 9:34 AM To: tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org; Quach, Brian <brian@ti.commailto:brian@ti.com> Subject: [TF-M] Re: SFN vs IPC partition with IPC backend
Hi Brian,
some numbers have been shared in this presentation from a while ago:
Microsoft PowerPoint - TF-M Performance Improvement in v1.5.0.pptx (trustedfirmware.org)https://urldefense.com/v3/__https:/www.trustedfirmware.org/docs/tf-m_forum_20211209-TF-M_Performance-Improvement-in-v1.5.0.pdf__;!!G3vK!WdS1Ml94ptZFNlUAjfnBB4wjgRsaVH4F0psHmbhWAWi7qaLCGpqxpQtL8kmJTOlgvd8qhNW0YoRBkS-bQw$
I believe there should be more updated numbers on more recent versions, but I don't seem to find them, maybe somebody else with more updated benchmarking can help here.
Thanks,
Antonio
________________________________
From: Quach, Brian via TF-M <tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org> Sent: Thursday, January 18, 2024 00:26 To: tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org <tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org> Subject: [TF-M] SFN vs IPC partition with IPC backend
If using IPC backend, how much performance and/or memory savings is there when using SFN vs IPC partition model?
I saw FF-M v1.1 recommended SFN partition model but it was not clear to me why it was preferred.
Regards,
Brian Quach
SimpleLink MCU
Texas Instruments Inc.
12500 TI Blvd, MS F-4000
Dallas, TX 75243
214-479-4076
tf-m@lists.trustedfirmware.org
-
Antonio De Angelis -
Quach, Brian -
Shebu Varghese Kuriakose