Ken,
Thanks for your reply. Let me summarize what I have understood:
TF-M SFC mode:
* Allows only one thread at the time to call secure services. * When secure services are called recursively (multiple threads) TF-M goes into 'panic' state. This should not happen with proper mutex locks. * TZ RTOS Context Management interface is only required when "Client Oriented Policy" is used.
I have updated the diagram to reflect what I have understood. Obviously the SVC would be only executed when the call into "secure" is from Thread mode. Is my understanding correct? (diagram is also under: https://developer.trustedfirmware.org/T615) - I just realized that you made a similar picture). [cid:image003.jpg@01D5B197.BE352670] The initial question can be then refined to:
* TZ RTOS Context management is only needed when "Client Oriented Policy" is used. * When and why is "Client Oriented Policy" a requirement on v8-M systems? * Is there a way to disable ""Client Oriented Policy" in the current TF-M Core? * This applies for both the TF-M firmware itself and the related test suite. * What happens worst case when an RTOS does not implement TZ RTOS Context Management?
Reinhard
_______________________________________________________________________________ Reinhard Keil | Phone: +49 89 456040-13 | Email: reinhard.keil@arm.commailto:reinhard.keil@arm.com | www.keil.comhttp://www.keil.com ARM Germany GmbH | Bretonischer Ring 16 | D-85630 Grasbrunn,Germany Sitz der Gesellschaft: Grasbrunn | Handelsregister: München (HRB 175362) Geschäftsführer: Andrew Smith, Joachim Krech, Reinhard Keil
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
Hi Reinhard,
Sorry, to be accurate, the name 'Client Oriented Policy' should be: 'client ID identification'.
Replies to the questions:
* TZ RTOS Context management is only needed when "Client Oriented Policy" is used.
Ken.L: Yes for the existing implementation.
* When and why is "Client Oriented Policy" a requirement on v8-M systems?
Ken.L: The Secure Storage Service (Now is Protected Storage) supports non-client accessing permission checking. It is not a requirement for v8m system but from services.
* Is there a way to disable ""Client Oriented Policy" in the current TF-M Core? * This applies for both the TF-M firmware itself and the related test suite. Ken.L: There is a switch 'TFM_NS_CLIENT_IDENTIFICATION' to disable this function, in that case, all NS thread would have the same client id. And the TZ API can be removed.
* What happens worst case when an RTOS does not implement TZ RTOS Context Management?
Ken.L: If there is no locking protection in NS and multiple ns calling would panic. And obviously, the service can not identify ns clients (but I think now only storage has the requirement and it is optional at least now).
Thanks.
/Ken
From: Reinhard Keil Reinhard.Keil@arm.com Sent: Friday, December 13, 2019 4:29 PM To: tf-m@lists.trustedfirmware.org Cc: Ken Liu (Arm Technology China) Ken.Liu@arm.com Subject: Re: [TF-M] Simplify RTOS / TF-M interface (single thread execution)
Ken,
Thanks for your reply. Let me summarize what I have understood:
TF-M SFC mode:
* Allows only one thread at the time to call secure services. * When secure services are called recursively (multiple threads) TF-M goes into 'panic' state. This should not happen with proper mutex locks. * TZ RTOS Context Management interface is only required when "Client Oriented Policy" is used.
I have updated the diagram to reflect what I have understood. Obviously the SVC would be only executed when the call into "secure" is from Thread mode. Is my understanding correct? (diagram is also under: https://developer.trustedfirmware.org/T615) - I just realized that you made a similar picture). [cid:image002.jpg@01D5B1D7.285D0F10] The initial question can be then refined to:
* TZ RTOS Context management is only needed when "Client Oriented Policy" is used. * When and why is "Client Oriented Policy" a requirement on v8-M systems? * Is there a way to disable ""Client Oriented Policy" in the current TF-M Core? * This applies for both the TF-M firmware itself and the related test suite. * What happens worst case when an RTOS does not implement TZ RTOS Context Management?
Reinhard
_______________________________________________________________________________ Reinhard Keil | Phone: +49 89 456040-13 | Email: reinhard.keil@arm.commailto:reinhard.keil@arm.com | www.keil.comhttp://www.keil.com ARM Germany GmbH | Bretonischer Ring 16 | D-85630 Grasbrunn,Germany Sitz der Gesellschaft: Grasbrunn | Handelsregister: München (HRB 175362) Geschäftsführer: Andrew Smith, Joachim Krech, Reinhard Keil
tf-m@lists.trustedfirmware.org
-
Ken Liu (Arm Technology China) -
Reinhard Keil