Hi everyone,
When adding support for new platform we ran into an issue with BL2 variable. In our architecture we have Bootloader based on MCUboot (aka BL2) but we are not planning to build it with TF-M. Bootloader would be separate repo and be built separately. So we need the way to build TF-M with FWU service and shared data definitions when BL2=OFF. I was trying to add support for this but was not able to do this because build structure is quite complicated. Does anyone have ideas or suggestions about the way we can implement this feature?
Best regards, Bohdan Hunko
Cypress Semiconductor Ukraine Engineer CSUKR CSS ICW SW FW Mobile: +38099 50 19 714 Bohdan.Hunko@infineon.commailto:Bohdan.Hunko@infineon.com
Hi Bohdan,
Could you share a bit more info on the issue with BL2 variable? As you know, TF-M uses MCUBoot from a separate repo also. Believe it's not difficult to build TF-M without BL2 but not sure what is your problem exactly.
True, the build system is a bit complicated, but on positive side- that is the simplified version. It was discussed on the tech forumhttps://www.trustedfirmware.org/meetings/tf-m-technical-forum/ twice, first on 11.06.2020 and second on 01.10.2020. By some reason, materials from the 2nd session are not available so I attached the slides here.
We can touch the topic on the forum tomorrow, if you wish.
Hope that helps, Anton
From: TF-M tf-m-bounces@lists.trustedfirmware.org On Behalf Of Bohdan Hunko via TF-M Sent: Tuesday, September 28, 2021 11:44 AM To: tf-m@lists.trustedfirmware.org Cc: Kostiantyn.Tkachov@infineon.com; Roman.Mazurak@infineon.com; Hennadiy.Kytsun@infineon.com Subject: [TF-M] Enablement of external bl2 builds
Hi everyone,
When adding support for new platform we ran into an issue with BL2 variable. In our architecture we have Bootloader based on MCUboot (aka BL2) but we are not planning to build it with TF-M. Bootloader would be separate repo and be built separately. So we need the way to build TF-M with FWU service and shared data definitions when BL2=OFF. I was trying to add support for this but was not able to do this because build structure is quite complicated. Does anyone have ideas or suggestions about the way we can implement this feature?
Best regards, Bohdan Hunko
Cypress Semiconductor Ukraine Engineer CSUKR CSS ICW SW FW Mobile: +38099 50 19 714 Bohdan.Hunko@infineon.commailto:Bohdan.Hunko@infineon.com
Hi Bohdan,
I tried to build TF-M with FWU service without BL2 with the following command(FWU enabled with shared data while no BL2):
cmake -S . -B cmake_build -DTFM_PLATFORM=arm/musca_b1/sse_200 -DCRYPTO_HW_ACCELERATOR=OFF -DPLATFORM_DUMMY_NV_SEED=ON -DBL2=0 -DMCUBOOT_PATH=../mcuboot
The following issues I met:
1. Build time error by that ` MCUBOOT_IMAGE_NUMBER ` is passed as an empty macro into the flash_layout.h
I have created a patch to fix it. https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/11729
1. Build error in ` bootutil_public.c `. The mcuboot_config.h which is generated automatically when the BL2=ON is not found. Also the files( in tf-m/bl2 folder) about porting MCUboot into TF-M is not found by the build system as BL2=0. For the config file, I think, it should be imported from your specific MCUboot repo as it is generated when BL2 image is built. For the MCUboot porting files, are you using the files under tf-m/bl2 folder or using your specific porting files? The FWU service needs the porting source files. See code at https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/secure_fw/p....
Are your blocked by these two issues? Can you share the detailed issue you met if there is more?
Regards,
Sherry
From: TF-M tf-m-bounces@lists.trustedfirmware.org On Behalf Of Bohdan Hunko via TF-M Sent: Tuesday, September 28, 2021 6:44 PM To: tf-m@lists.trustedfirmware.org Cc: Kostiantyn.Tkachov@infineon.com; Roman.Mazurak@infineon.com; Hennadiy.Kytsun@infineon.com Subject: [TF-M] Enablement of external bl2 builds
Hi everyone,
When adding support for new platform we ran into an issue with BL2 variable. In our architecture we have Bootloader based on MCUboot (aka BL2) but we are not planning to build it with TF-M. Bootloader would be separate repo and be built separately. So we need the way to build TF-M with FWU service and shared data definitions when BL2=OFF. I was trying to add support for this but was not able to do this because build structure is quite complicated. Does anyone have ideas or suggestions about the way we can implement this feature?
Best regards, Bohdan Hunko
Cypress Semiconductor Ukraine Engineer CSUKR CSS ICW SW FW Mobile: +38099 50 19 714 Bohdan.Hunko@infineon.commailto:Bohdan.Hunko@infineon.com
Hi Sherry,
Thanks for patching MCUBOOT_IMAGE_NUMBER issue. It was one of the issues we faced with.
I also agree that mcuboot_config.h should be taken from our BL2 repo. So no changes needed there.
About porting files (tfm/bl2 folder). We are planning to use existing porting files. But as you said currently they are not included into the build because BL2=0. So this needs to be fixed to include these porting files when TFM_PARTITION_FIRMWARE_UPDATE is ON.
One minor issue we have is BOOT_DATA_AVAILABLE currently it is only defined if BL2=1 and MCUBOOT_MEASURED_BOOT=1. See this line of codehttps://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/secure_fw/spm/CMakeLists.txt#n110. I think we can either change that line of code or we can defile BOOT_DATA_AVAILABLE in our platform files using add_definitions(-DBOOT_DATA_AVAILABLE). First way is a bit harder but I thinks it fits better into TFM architecture. Second way is easier but it seems more like workaround than like solution. Do you have any suggestions about this problem?
We are not blocked by these issues, so no worries here.
Best regards Bohdan Hunko
Cypress Semiconductor Ukraine Engineer CSUKR CSS ICW SW FW Mobile: +38099 50 19 714 Bohdan.Hunko@infineon.commailto:Bohdan.Hunko@infineon.com
From: Sherry Zhang Sherry.Zhang2@arm.com Sent: 30 September 2021 11:38 To: tf-m@lists.trustedfirmware.org; Tkachov Kostiantyn (CSUKR CSS ICW SW FW) Kostiantyn.Tkachov@infineon.com; Mazurak Roman (CSUKR CSS ICW SW FW) Roman.Mazurak@infineon.com; Kytsun Hennadiy (CSUKR CSS ICW SW FW) Hennadiy.Kytsun@infineon.com; Hunko Bohdan (CSUKR CSS ICW SW FW) Bohdan.Hunko@infineon.com Cc: nd nd@arm.com Subject: RE: Enablement of external bl2 builds
Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments unless you validate it is safehttps://intranet-content.infineon.com/explore/aboutinfineon/rules/informationsecurity/ug/SocialEngineering/Pages/SocialEngineeringElements_en.aspx.
Hi Bohdan,
I tried to build TF-M with FWU service without BL2 with the following command(FWU enabled with shared data while no BL2):
cmake -S . -B cmake_build -DTFM_PLATFORM=arm/musca_b1/sse_200 -DCRYPTO_HW_ACCELERATOR=OFF -DPLATFORM_DUMMY_NV_SEED=ON -DBL2=0 -DMCUBOOT_PATH=../mcuboot
The following issues I met:
1. Build time error by that ` MCUBOOT_IMAGE_NUMBER ` is passed as an empty macro into the flash_layout.h
I have created a patch to fix it. https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/11729
1. Build error in ` bootutil_public.c `. The mcuboot_config.h which is generated automatically when the BL2=ON is not found. Also the files( in tf-m/bl2 folder) about porting MCUboot into TF-M is not found by the build system as BL2=0. For the config file, I think, it should be imported from your specific MCUboot repo as it is generated when BL2 image is built. For the MCUboot porting files, are you using the files under tf-m/bl2 folder or using your specific porting files? The FWU service needs the porting source files. See code at https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/secure_fw/p....
Are your blocked by these two issues? Can you share the detailed issue you met if there is more?
Regards,
Sherry
From: TF-M <tf-m-bounces@lists.trustedfirmware.orgmailto:tf-m-bounces@lists.trustedfirmware.org> On Behalf Of Bohdan Hunko via TF-M Sent: Tuesday, September 28, 2021 6:44 PM To: tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org Cc: Kostiantyn.Tkachov@infineon.commailto:Kostiantyn.Tkachov@infineon.com; Roman.Mazurak@infineon.commailto:Roman.Mazurak@infineon.com; Hennadiy.Kytsun@infineon.commailto:Hennadiy.Kytsun@infineon.com Subject: [TF-M] Enablement of external bl2 builds
Hi everyone,
When adding support for new platform we ran into an issue with BL2 variable. In our architecture we have Bootloader based on MCUboot (aka BL2) but we are not planning to build it with TF-M. Bootloader would be separate repo and be built separately. So we need the way to build TF-M with FWU service and shared data definitions when BL2=OFF. I was trying to add support for this but was not able to do this because build structure is quite complicated. Does anyone have ideas or suggestions about the way we can implement this feature?
Best regards, Bohdan Hunko
Cypress Semiconductor Ukraine Engineer CSUKR CSS ICW SW FW Mobile: +38099 50 19 714 Bohdan.Hunko@infineon.commailto:Bohdan.Hunko@infineon.com
tf-m@lists.trustedfirmware.org
-
Anton Komlev -
Bohdan.Hunko@infineon.com -
Sherry Zhang