On mask being zero, it means any match, not exact match.
NOTE: This fix only targets CAN (M453/M487), not CAN-FD (M467).
NOTE: NUC472 CAN doesn't support filter.
1. The same Message Object number cannot use for both Tx and Rx simultaneously.
For Tx, Message Object number 31 is reserved instead of 0.
For Rx, Message Object numbers 0~30 are used and for filters.
2. NewDat bit (CAN_IsNewDataReceived()) isn't exclusive to Rx.
Recognize Rx interrupt by Message Object number other than 31.
NOTE: This fix only targets CAN (NUC472/M453/M487), not CAN-FD (M467).
Major modifications:
1. Handle Rx interrupt based on Message Object interrupt (CAN_IIDR=0x0001~0x0020) instead of CAN_STATUS.RxOK
2. Also handle Tx interrupt following above for consistency
Other related modifications:
1. Fix signature type error in CAN_CLR_INT_PENDING_BIT()
2. Add CAN_CLR_INT_PENDING_ONLY_BIT() which doesn't clear NewDat flag so that user can fetch received message in thread context
NOTE: This fix only targets CAN (NUC472/M453/M487), not CAN-FD (M467).
In Mbed Studio, debugging, based on pyOCD, requires Mbed OS application code starting on the sector boundary.
Modification list:
1. Update TF-M import assets with MCUboot header padding to sector aligned
2. Following above, change header size argument (-H) in wrapper.py command line
3. Following below, fix min-write-size (--align) to 4 (per flash_area_align()) in wrapper.py command line
https://docs.mcuboot.com/design.html#image-trailer
Related issue:
https://github.com/ARMmbed/mbed-os/issues/15417
1. Update BSP CANFD driver
2. Notes for implementation
(1) Each CANFD instance supports two IRQ lines. Use only line 0. Line 1 is not used.
(2) For Rx disabling multiple filter handles,
1) Map all filter handles to filter handle 0
2) Use Rx FIFO 0 for filter handle 0
(3) For Rx enabling multiple filter handles,
1) Use Rx FIFO 0 for filter handle 0
2) Use Rx FIFO 1 for filter handle through first invoking can_filter()
3) Use dedicated Rx Buffer for other filter handles
NOTE: H/W supports mask on Rx FIFO 0/1 but not on dedicated Rx Buffer.
(4) For Tx, use only dedicated Tx Buffer. BSP CANFD driver doesn't support Tx FIFO/Queue.
(5) Support no CAN FD.
Pinout comparison between NuMaker-M467HJ and NuMaker-IoT-M467 boards:
1. UNO are unchanged
2. LEDs are unchanged
3. Buttons are unchanged, except button names
4. NuMaker-M467HJ has HBI but NuMaker-IoT-M467 does
5. NuMaker-M467HJ doesn't have ESP8266 but NuMaker-IoT-M467 does
6. SDHC are unchanged
Some M460 chips don't support AES/SHA/ECC/RSA H/W.
Make them removable from mbedtls H/W port through '"target.macros_remove": ["MBEDTLS_CONFIG_HW_SUPPORT"]'.
1. Crypto RSA H/W supports 1024/2048/3072/4096 key bits. Fall back to software implementation for other key bits.
2. For decrypt, if MBEDTLS_RSA_NO_CRT isn't defined, go CRT, or normal.
3. For decrypt, when blinding (f_rng != NULL), enable SCAP mode.
4. Recover from Crypto RSA H/W failure:
(1) Enable timed-out wait to escape from RSA H/W trap
(2) On RSA H/W timeout, stop this RSA H/W operation
(3) Fall back to S/W implementation on failure
NOTE: RSA 4096 key bits can fail with default mbedtls configuration MBEDTLS_MPI_MAX_SIZE.
Enlarge MBEDTLS_MPI_MAX_SIZE to 1024 or larger if this feature is required.
NOTE: Fixed in BSP RSA driver, for non-CRT+SCAP mode, temporary buffer for MADDR6 requires to be key length plus 128 bits.
NOTE: Fixed in BSP RSA driver, DMA buffer must be 4-word aligned, or RSA H/W will trap.
1. Prepare crypto common code
2. Support list
- SHA
- ECC
NOTE: AES/RSA are to support in other works
NOTE: Compared to M487, M467's SHA supports context save & restore (DMA Cascade mode) and so no software fallback is needed.
NOTE: M467's ECC, following M487, goes partial-module replacement and it can just improve primitives e.g. point addition/doubling by 2X,
and cannot improve high level point multiplication because MbedTLS doesn’t open it.
To improve performance best, full-module replacement is needed.
NOTE: Continuing above, add support for Montgomery curve
1. For GCC, support multi-block .data/.bss initialization
2. HyperRAM is mapped to two regions: 0x0A000000 and 0x80000000
According to default system address map, 0x0A000000 is located at 'Code' region and 0x80000000 at 'RAM' region.
With MPU enabled on Mbed OS, 'Code' region is write-never and 'RAM' region execute-never.
0x80000000 is chosen because 'RAM' regioin is naturally for HyperRAM.
3. Configurable multi-function pins for HBI
4. To locate code/data at external HyperRAM:
- Specify __attribute__((section(".text.nu.exthyperram"))) for RO/.text/readonly section type
Invoke mbed_mpu_manager_lock_ram_execution()/mbed_mpu_manager_unlock_ram_execution() to run HyperRAM code
- Specify __attribute__((section(".data.nu.exthyperram"))) for RW/.data/readwrite section type
- Specify __attribute__((section(".bss.nu.exthyperram"))) for ZI/.bss/zeroinit section type
5. Add readme
1. Based on alpha version BSP (85564a2716548e7b6d6a79a490c6d94a24cf9bcf)
2. Continuing above, tweak BSP:
(1) Add EPWM_ConfigOutputChannel2() to enable below 1Hz and below 1% duty cycle for PWM output (m460_epwm.h/c).
(2) Add dummy RTC_WaitAccessEnable() for consistency with previous ports (m460_rtc.h).
3. Target NuMaker-M467HJ V0.1 board temporarily
4. Support Arduino UNO form factor for NUMAKER_IOT_M467 target
5. Enable export to Keil/IAR project
- tools/arm_pack_manager/index.json
- tools/export/iar/iar_definitions.json
The HAL gpio_irq_api stores object IDs, which serve as a form of context
for the dispatch of the interrupt handler in the drivers level
InterruptIn Class. The way this is achieved is that the InterruptIn
Class casts its address to uint32_t, which is stored as the ID.
This results in compilation failure when the size of an object pointer
is greater than uint32_t, for example when building on a PC for unit
testing.
In order to allow Unit Testing of the InterruptIn Class, we replace the
use of uint32_t with uintptr_t (type capable of holding a pointer),
which allows portability and expresses intentions more clearly.
In aid of this latter goal, we also replace the use of the name "id"
with "context", to improve clarity - these are addresses of the context
related to that callback.
Fix the following issues in TF-M to avoid emergence in the future:
1. Enable initial stack not located in SRAM bank0
On reset, only SRAM bank0 is enabled. And SRAM bank1/2 will be enabled in immediately following SystemInit().
When initial stack is located in SRAM bank1/2, we will meet trouble because SystemInit() itself needs to use initial stack.
To conquer the dilemma, we add preceding code in front of original Systeminit(), which is responsible for enabling SRAM bank1/2 and guarantees no using initial stack.
2. Fix sector maps of internal/external (SDH) Flash are incompatible, caused by TF-M's MCUboot port.
This is done by adapting external (SDH) Flash sector size to internal Flash's.
3. Enlarge firmware upgrade scratch size. There are two advantages:
(1) Get around MCUboot limit which requires scratch size not smaller than image trailer size
(2) Improve wear leveling for the scratch area
1. In TF-M, enlarge ITS max asset number/size
NOTE: RSA key size is larger
2. In TF-M, enlarge mbedtls dedicated heap
NOTE: RSA algorithm needs more memory.
NOTE: psa_aead_decrypt() (for mbedtls_ssl_read()) needs memory proportional to data size.
The HAL can_api stores an array of IDs in order to dispatch interrupts
to the correct CAN object. The drivers level CAN Class casts a pointer
to itself to an uint32_t, which is stored as the ID and then cast back
to a CAN * in order to call the correct handler. This results in
compilation failure when the size of an object pointer is greater than
uint32_t, for example when building on a PC for unit testing.
In order to allow Unit Testing of the CAN Class, we replace the use of
uint32_t with uintptr_t (type capable of holding a pointer), which
allows portability and expresses intentions more clearly. In aid of this
latter goal, we also replace the use of the name "id" with "context",
to improve clarity. These are addresses of the context related to that
callback.
1. In TF-M, fix NSPE interrupt-disabled NSC call broken. Check:
https://developer.trustedfirmware.org/T966
2. In TF-M, enable mcuboot log enabled forcibly. This is to help check firmware update process.
3. Update readme and script
Change MCUboot image versioning to meet requirements below:
1. Major.Minor.Revision must be non-decremental when used to derive security counter (-s 'auto').
2. Make Major.Minor.Revision+Build incremental to identify the firmware itself through psa_fwu_query().
3. Get around MCUboot failure with TF-M underestimated MAX_BOOT_RECORD_SZ
Chun-Chieh Li
Martin Kojtal
cyliang tw
Martin Kojtal
wally0258
Hari Limaye
Wally
Robert Walton