Hi Robert,
The region IDs in 'tfm_ns_region_e' are used for two purposes in TF-M (just as you mention in your mail):
1. For configuring the SAU. As far as I understood, with the CMSIS-Zone Utility it is possible to generate a 'tz_sau_nvic.c' file, which then can be added to the platform folder of a target in TF-M. The tfm_spm_hal_init_isolation_hw(...) hal function then can call the TZ_Config_SAU(...) function defined in 'tz_sau_nvic.c'. The TZ_Config_SAU(...) uses integer literals to address the different regions of the SAU, but that is OK for this purpose.
2. The tfm_core_memory_permission_check_handler(...) function The idea was that secure services would be able to query whether the caller NS client has access to a certain NS memory region. Implementing this feature would require TF-M core to know whether a region returned by cmse_check_address_range is a Non-Secure memory or not. With the current output of the CMSIS-Zone Utility I don't see this is possible other than looking into the config of the SAU region and check the content of the RLAR register. (Although this would only reveal whether the region is S/NS, code/data differentiation should be done in a different way) However this feature never got implemented, and this is only supported in Library model. Also after removing isolation level 3 from Library model I think there is no point in keeping this function. So the reference to the SAU regions from this function can be removed.
So summarizing the above, I think there is no reason why CMSIS-Zone Utility could not be used in TF-M, and it seems that it could be integrated fairly easily.
Regards, Mate
-----Original Message----- From: TF-M tf-m-bounces@lists.trustedfirmware.org On Behalf Of Robert Rostohar via TF-M Sent: 26 September 2019 09:27 To: Summer Qin (Arm Technology China) Summer.Qin@arm.com Cc: tf-m@lists.trustedfirmware.org Subject: Re: [TF-M] TF-M / CMSIS-Zone Alignment
Hi Summer,
Thanks for looking into this.
Requesting a specific SAU region number for a specific memory region is an inconvenience for CMSIS-Zone. It introduces additional complexity for the user who would need to know and configure this and also for the tool to handle.
Normally the user just configures the memory region (address, size, access. security, privilege, ...) and leaves to the tool to assign a region and generate the SAU setup code.
Having the additional constrain (ex: NS_CODE needs to be assigned to RGN=0) is just another obstacle and source of error in user configuration of the memory layout for TF-M.
I would help if TF-M would remove the constrain on specific region number assignments.
Thanks, Robert
-----Original Message----- From: Summer Qin (Arm Technology China) Summer.Qin@arm.com Sent: Thursday 26 September 2019 08:14 To: Robert Rostohar Robert.Rostohar@arm.com; tf-m@lists.trustedfirmware.org Subject: Re: [TF-M] TF-M / CMSIS-Zone Alignment
Hi Robert,
I think the static defined region number would be much for easier for implementation: First, we need to assign a Region Number together with RBAR and RLAR. Then, we could use the Region Number to stand for the region that is configured by the RBAR and RLAR. It is just like an ID for a block of the memory.
Dose it causes some inconvenience for CMSIS-Zone?
Regards, Summer
On 9/13/19, 6:56 PM, "TF-M on behalf of Robert Rostohar via TF-M" <tf-m-bounces@lists.trustedfirmware.org on behalf of tf-m@lists.trustedfirmware.org> wrote:
Hi,
We are working on CMSIS-Zone Utility [1] which is a GUI tool for configuring a complex system. This includes also TrustZone setup (SAU) and device specific MPC and PPC.
This tool can be also used to configure SAU, MPC and PPC in TF-M.
However TF-M currently requires that a specific region number is used for NS_REGION_CODE (0), NS_REGION_DATA (1), ...
Those region numbers are used when SAU is configured in function sau_and_idau_cfg and the code in function tfm_core_memory_permission_check_handler depends on it.
Is it really necessary that a specific region number is being used and why?
I have received indication that this in not really needed and that the code should be redesigned. This would enable the use of CMSIS-Zone to configure TF-M out of the box.
Thanks, Robert
[1] https://github.com/ARM-software/CMSIS-Zone
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. -- TF-M mailing list TF-M@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-m
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
tf-m@lists.trustedfirmware.org