[M2351] Fix binary-compatible across compilers in secure functions

1. Rename m2351_stddriver_sup.h/c to stddriver_secure.h/.c for naming consistency
2. Add hal_secure.h to include hal-exported secure functions
3. Change return/argument type in secure functions:
   (1) Change int to int32_t
   (2) Change PinName to int32_t
   (3) Change time_t to int64_t
4. Update secure lib/bin accordingly

targets/TARGET_NUVOTON/TARGET_M2351/device/cmsis.h

@@ -18,7 +18,7 @@
 #define MBED_CMSIS_H
 
 #include "M2351.h"
-#include "m2351_stddriver_sup.h"
+#include "stddriver_secure.h"
 #include "cmsis_nvic.h"
 #include "partition_M2351.h"
 

targets/TARGET_NUVOTON/TARGET_M2351/device/stddriver_secure.c

@@ -18,7 +18,7 @@
 #include <stdbool.h>
 #include "cmsis.h"
 #include "partition_M2351.h"
-#include "m2351_stddriver_sup.h"
+#include "stddriver_secure.h"
 #include "mbed_error.h"
 
 #if defined (__ARM_FEATURE_CMSE) && (__ARM_FEATURE_CMSE == 3U)

targets/TARGET_NUVOTON/TARGET_M2351/device/stddriver_secure.h

@@ -14,8 +14,8 @@
  * limitations under the License.
  */
 
-#ifndef M2351_STDDRIVER_SUP_H
-#define M2351_STDDRIVER_SUP_H
+#ifndef STDDRIVER_SECURE_H
+#define STDDRIVER_SECURE_H
 
 #include "cmsis.h"
 
@@ -28,6 +28,7 @@ extern "C" {
  * Guard access to secure module from non-secure domain before SYS_ResetModule.
  * Its synopsis is the same as SYS_ResetModule.
  */
+__NONSECURE_ENTRY
 void SYS_ResetModule_S(uint32_t u32ModuleIndex);
 
 /* Secure CLK_SetModuleClock
@@ -35,6 +36,7 @@ void SYS_ResetModule_S(uint32_t u32ModuleIndex);
  * Guard access to secure module from non-secure domain before CLK_SetModuleClock.
  * Its synopsis is the same as CLK_SetModuleClock.
  */
+__NONSECURE_ENTRY
 void CLK_SetModuleClock_S(uint32_t u32ModuleIndex, uint32_t u32ClkSrc, uint32_t u32ClkDiv);
 
 /* Secure CLK_EnableModuleClock
@@ -42,6 +44,7 @@ void CLK_SetModuleClock_S(uint32_t u32ModuleIndex, uint32_t u32ClkSrc, uint32_t
  * Guard access to secure module from non-secure domain before CLK_EnableModuleClock.
  * Its synopsis is the same as CLK_EnableModuleClock.
  */
+__NONSECURE_ENTRY
 void CLK_EnableModuleClock_S(uint32_t u32ModuleIndex);
 
 /* Secure CLK_DisableModuleClock
@@ -49,6 +52,7 @@ void CLK_EnableModuleClock_S(uint32_t u32ModuleIndex);
  * Guard access to secure module from non-secure domain before CLK_DisableModuleClock.
  * Its synopsis is the same as CLK_DisableModuleClock.
  */
+__NONSECURE_ENTRY
 void CLK_DisableModuleClock_S(uint32_t u32ModuleIndex);
 
 /* Secure SYS_LockReg
@@ -56,6 +60,7 @@ void CLK_DisableModuleClock_S(uint32_t u32ModuleIndex);
  * Guard access to secure module from non-secure domain before SYS_LockReg.
  * Its synopsis is the same as SYS_LockReg.
  */
+__NONSECURE_ENTRY
 void SYS_LockReg_S(void);
 
 /* Secure SYS_UnlockReg
@@ -63,6 +68,7 @@ void SYS_LockReg_S(void);
  * Guard access to secure module from non-secure domain before SYS_UnlockReg.
  * Its synopsis is the same as SYS_UnlockReg.
  */
+__NONSECURE_ENTRY
 void SYS_UnlockReg_S(void);
 
 #ifdef __cplusplus

targets/TARGET_NUVOTON/TARGET_M2351/hal_secure.h

@@ -0,0 +1,79 @@
+/* mbed Microcontroller Library
+ * Copyright (c) 2017-2018 Nuvoton
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef HAL_SECURE_H
+#define HAL_SECURE_H
+
+#include "cmsis.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* pin_function (secure version)
+ *
+ * Guard access to secure GPIO from non-secure domain.
+ * 
+ * Its synopsis is the same as normal version except change of return/argument type for
+ * binary-compatible across compilers.
+ */
+__NONSECURE_ENTRY
+void pin_function_s(int32_t pin, int32_t data);
+
+/* NOTE: time_t
+ *
+ * time_t may be defined to int32_t/int64_t dependent on compilers. For binary-compatible
+ * among compilers, we must replace time_t with int32_t/int64_t explicitly in rtc secure
+ * functions. We determine to choose int64_t rather than int32_t to avoid 'Year 2038 problem'.
+ */
+
+/* rtc_init (secure version) */
+__NONSECURE_ENTRY
+void rtc_init_s(void);
+
+/* rtc_free (secure version) */
+__NONSECURE_ENTRY
+void rtc_free_s(void);
+
+/* rtc_isenabled (secure version)
+ *
+ * Its synopsis is the same as normal version except change of return/argument type for
+ * binary-compatible across compilers.
+ */
+__NONSECURE_ENTRY
+int32_t rtc_isenabled_s(void);
+
+/* rtc_read (secure version)
+ *
+ * Its synopsis is the same as normal version except change of return/argument type for
+ * binary-compatible across compilers.
+ */
+__NONSECURE_ENTRY
+int64_t rtc_read_s(void);
+
+/* rtc_write (secure version)
+ *
+ * Its synopsis is the same as normal version except change of return/argument type for
+ * binary-compatible across compilers.
+ */
+__NONSECURE_ENTRY
+void rtc_write_s(int64_t t);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif

targets/TARGET_NUVOTON/TARGET_M2351/pinmap.c

@@ -20,32 +20,15 @@
 #include "PortNames.h"
 #include "mbed_error.h"
 #include "partition_M2351.h"
+#include "hal_secure.h"
 
 /**
  * Configure pin multi-function
  */
-
-#if defined (__ARM_FEATURE_CMSE) && (__ARM_FEATURE_CMSE == 3U)
-__NONSECURE_ENTRY
 void pin_function(PinName pin, int data)
 {
-    MBED_ASSERT(pin != (PinName)NC);
-    uint32_t pin_index = NU_PINNAME_TO_PIN(pin);
-    uint32_t port_index = NU_PINNAME_TO_PORT(pin);
-    
-    /* Guard access to secure GPIO from non-secure domain */
-    if (cmse_nonsecure_caller() && 
-        (! (SCU_INIT_IONSSET_VAL & (1 << (port_index + 0))))) {
-        error("Non-secure domain tries to control secure or undefined GPIO.");
-    }
-
-    __IO uint32_t *GPx_MFPx = ((__IO uint32_t *) &SYS->GPA_MFPL) + port_index * 2 + (pin_index / 8);
-    uint32_t MFP_Msk = NU_MFP_MSK(pin_index);
-    
-    // E.g.: SYS->GPA_MFPL  = (SYS->GPA_MFPL & (~SYS_GPA_MFPL_PA0MFP_Msk) ) | SYS_GPA_MFPL_PA0MFP_SC0_CD  ;
-    *GPx_MFPx  = (*GPx_MFPx & (~MFP_Msk)) | data;
+    pin_function_s(pin, data);
 }
-#endif
 
 /**
  * Configure pin pull-up/pull-down
@@ -84,3 +67,25 @@ void pin_mode(PinName pin, PinMode mode)
     
     GPIO_SetMode(gpio_base, 1 << pin_index, mode_intern);
 }
+
+#if defined (__ARM_FEATURE_CMSE) && (__ARM_FEATURE_CMSE == 3U)
+__NONSECURE_ENTRY
+void pin_function_s(int32_t pin, int32_t data)
+{
+    MBED_ASSERT(pin != (PinName)NC);
+    uint32_t pin_index = NU_PINNAME_TO_PIN(pin);
+    uint32_t port_index = NU_PINNAME_TO_PORT(pin);
+    
+    /* Guard access to secure GPIO from non-secure domain */
+    if (cmse_nonsecure_caller() && 
+        (! (SCU_INIT_IONSSET_VAL & (1 << (port_index + 0))))) {
+        error("Non-secure domain tries to control secure or undefined GPIO.");
+    }
+
+    __IO uint32_t *GPx_MFPx = ((__IO uint32_t *) &SYS->GPA_MFPL) + port_index * 2 + (pin_index / 8);
+    uint32_t MFP_Msk = NU_MFP_MSK(pin_index);
+    
+    // E.g.: SYS->GPA_MFPL  = (SYS->GPA_MFPL & (~SYS_GPA_MFPL_PA0MFP_Msk) ) | SYS_GPA_MFPL_PA0MFP_SC0_CD  ;
+    *GPx_MFPx  = (*GPx_MFPx & (~MFP_Msk)) | data;
+}
+#endif

targets/TARGET_NUVOTON/TARGET_M2351/rtc_api.c

@@ -24,6 +24,7 @@
 #include "nu_miscutil.h"
 #include "mbed_mktime.h"
 #include "partition_M2351.h"
+#include "hal_secure.h"
 
 /* NOTE: BSP RTC driver judges secure/non-secure RTC by PC. This implementation cannot support non-secure RTC
  *       controlled by secure executable. A better way would be that secure/non-secure RTC base is passed
@@ -33,21 +34,32 @@
 #error("Limited by BSP/RTC, we can only support secure RTC.")
 #endif
 
-#if defined (__ARM_FEATURE_CMSE) && (__ARM_FEATURE_CMSE == 3U)
+void rtc_init(void)
+{
+    rtc_init_s();
+}
 
-/* As of ARM Compiler 6.9, we meet some NSC functions are missing in secure gateway
- * import library (cmse_lib.o) in secure build. Per test, we could get around it by
- * adding declaration for NSC functions. */
-__NONSECURE_ENTRY
-void rtc_init(void);
-__NONSECURE_ENTRY
-void rtc_free(void);
-__NONSECURE_ENTRY
-int rtc_isenabled(void);
-__NONSECURE_ENTRY
-time_t rtc_read(void);
-__NONSECURE_ENTRY
-void rtc_write(time_t t);
+void rtc_free(void)
+{
+    rtc_free_s();
+}
+
+int rtc_isenabled(void)
+{
+    return rtc_isenabled_s();
+}
+
+time_t rtc_read(void)
+{
+    return rtc_read_s();
+}
+
+void rtc_write(time_t t)
+{
+    rtc_write_s(t);
+}
+
+#if defined (__ARM_FEATURE_CMSE) && (__ARM_FEATURE_CMSE == 3U)
 
 /* Micro seconds per second */
 #define NU_US_PER_SEC               1000000
@@ -112,7 +124,7 @@ static void rtc_convert_datetime_hwrtc_to_tm(struct tm *datetime_tm, const S_RTC
 static const struct nu_modinit_s rtc_modinit = {RTC_0, RTC_MODULE, 0, 0, 0, RTC_IRQn, NULL};
 
 __NONSECURE_ENTRY
-void rtc_init(void)
+void rtc_init_s(void)
 {
     if (rtc_isenabled()) {
         return;
@@ -125,13 +137,13 @@ void rtc_init(void)
 }
 
 __NONSECURE_ENTRY
-void rtc_free(void)
+void rtc_free_s(void)
 {
     CLK_DisableModuleClock_S(rtc_modinit.clkidx);
 }
 
 __NONSECURE_ENTRY
-int rtc_isenabled(void)
+int32_t rtc_isenabled_s(void)
 {
     // NOTE: To access (RTC) registers, clock must be enabled first.
     if (! (CLK->APBCLK0 & CLK_APBCLK0_RTCCKEN_Msk)) {
@@ -146,7 +158,7 @@ int rtc_isenabled(void)
 }
 
 __NONSECURE_ENTRY
-time_t rtc_read(void)
+int64_t rtc_read_s(void)
 {
     /* NOTE: After boot, RTC time registers are not synced immediately, about 1 sec latency.
      *       RTC time got (through RTC_GetDateAndTime()) in this sec would be last-synced and incorrect.
@@ -195,7 +207,7 @@ time_t rtc_read(void)
 }
 
 __NONSECURE_ENTRY
-void rtc_write(time_t t)
+void rtc_write_s(int64_t t)
 {
     if (! rtc_isenabled()) {
         rtc_init();