In Mbed Studio, debugging, based on pyOCD, requires Mbed OS application code starting on the sector boundary.
Modification list:
1. Update TF-M import assets with MCUboot header padding to sector aligned
2. Following above, change header size argument (-H) in wrapper.py command line
3. Following below, fix min-write-size (--align) to 4 (per flash_area_align()) in wrapper.py command line
https://docs.mcuboot.com/design.html#image-trailer
Related issue:
https://github.com/ARMmbed/mbed-os/issues/15417
1. In TF-M, fix NSPE interrupt-disabled NSC call broken. Check:
https://developer.trustedfirmware.org/T966
2. In TF-M, enable mcuboot log enabled forcibly. This is to help check firmware update process.
3. Update readme and script
Change MCUboot image versioning to meet requirements below:
1. Major.Minor.Revision must be non-decremental when used to derive security counter (-s 'auto').
2. Make Major.Minor.Revision+Build incremental to identify the firmware itself through psa_fwu_query().
3. Get around MCUboot failure with TF-M underestimated MAX_BOOT_RECORD_SZ
We were previously relying on the global MBED_PATH variable to provide
the root for the include path to the post build hooks. We can't
guarantee that MBED_PATH will be set by any application building us, so
use CMAKE_MODULE_PATH (which we always set) like we do for the other
post-build hooks.
1. Change from single image boot to multiple image boot
2. SDH is configured to Secure for placing update firmware. It becomes inaccessible to Mbed.
3. Post-build script supports both multiple image boot and single image boot
4. Update readme to reflect above change
5. Increase forced_reset_timeout due to longer booting time for Greentea test
When building greentea tests, each test is an executable with its
own output binary path. This is also the case when a user project
produces multiple executables. But the current implementation of
post-build operations always assumes there's only one executable,
at the root of the build directory.
The post-build command depends on Mbed target, and it always takes
the the executable we build as an input file. To achieve this, we
let each Mbed target (that has a post-build command) define a function
function(mbed_post_build_function target)
which takes a CMake executable target as an argument from which it can
get its binary path using generator expressions. It generates and adds
to the passed executable target a post-build custom command.
Notes:
* The function name needs to be exact, because CMake only supports
literal function calls - CMake can't dereference a function name from
a variable. To avoid multiple definitions of this function, each Mbed
target needs to guard it with a macro to check if the user is
building this Mbed target.
* `mbed_post_build_function()` is a function, but it is usually
defined by another macro rather than a parent function, because
nesting functions would make many variables inaccessible inside the
innermost `mbed_post_build_function()`.
* There's no more need to force regenerate images. Previously, post-
build commands were custom *targets* which always got to run, so we
force regenerated images on every build to avoid patching an image
that's already been patched once on previous build. Now post-build
commands are custom *commands* of the same executable target, and they
are only run if the executable target itself is rebuilt.
1. Configure non-secure target name to NU_M2354 (targets/targets.json). No NU_M2354_NS alias
2. Following template target, enable image signing and concatenating in post-build process
(1) Add post-build script (tools/targets).
(2) Enable TF-M custom build by centralize relevant stuff imported from TF-M (COMPONENT_TFM_S_FW).
3. Add M2354Code.merge_secure into whitelist of uvision6 (tools/export/uvision/__init__.py).
4. Add M2354 CMSIS pack database (tools/arm_pack_manager/index.json).
5. Configure stdio baudrate to 115200 to match TF-M port (platform/mbed_lib.json).
6. Define CMSIS_NVIC_VIRTUAL to override NVIC_SystemReset with TF-M version (cmsis_nvic_virtual.h).
7. Override tfm_ns_interface_xxx(...) to enable NS secure call:
(1) At pre-rtos stage
(2) In SVC context
8. Implement secure function call with tfm_platform_ioctl(...).
9. Combine stddriver_secure.h/c and hal_secure.h/c into platform_extra_secure.h/c.
10. Fix peripheral base to non-secure (PeripheralNames.h) (TrustZone-unaware since Mbed OS 6.0).
11. Fix NU_PORT_BASE/NU_GET_GPIO_PIN_DATA/NU_SET_GPIO_PIN_DATA to non-secure (PinNamesCommon.h) (TrustZone-unaware since Mbed OS 6.0).
12. NSC convention for StdDriver sys/clk (both TF-M and Mbed must follow)
(1) SYS_ResetModule
Usage: Replaced with SYS_ResetModule_S on Mbed OS
Action: Make it inaccessible from Mbed (neither source nor NSC). Provide SYS_ResetModule_S on Mbed via platform ioctl instead.
(2) CLK_GetXxx
Usage: Called in bpwm/i2s/qspi/sc/sdh and system_M2354 on Mbed OS
Action: Make them inaccessible from Mbed (neither source nor NSC). Re-provide them on Mbed via platform ioctl instead.
13. Remove DISABLE/ENABLE macro definitions in BSP to avoid name conflict with other modules
14. Change to TMR4/5 from TMR2/3 for implementing us_ticker/lp_ticker because TMR2 is used for TF-M NSPE test
15. Support cmake
NOTE: Export(uvision6) doesn't support TF-M target. To enable it for partial compile on Keil, force below function to return true.
is_target_supported(tools/export/uvision/__init__.py)
Chun-Chieh Li
Jaeden Amero
Robert Walton
Lingkai Dong