1. Change to support MP chip. Original M2355 BSP is for test chip.
2. UART0, used for USB VCOM, has change in clock enable bit. So chip/board version and BSP version must match.
3. Remove TF-M legacy code.
In test chip, byte-read (LDRB) last byte of flash in non-secure world always gets 0xFF.
This is got around by overriding flash_read(...). Now, the override can remove in MP chip.
1. Enable IAR on non-secure targets
2. Disable IAR on secure targets because:
(1) IAR toolchain bug: As of IAR 8.32, cmse_nonsecure_caller() is not always inlined.
(2) TFM hasn't supported IAR yet.
1. Enable GCC support on non-secure targets
2. Disable GCC support on secure targets becasue of GCC bug (as of 9-2019-q4-major): In non-secure entry function, callee-saved registers must be restored, but they are incorrectly cleared at optimization level "Os".
1. Re-organize to make clear all targets/toolchains support in single startup file
2. Inline assembly syntax is limited, esp. on IAR. Try paving the way for accessing external symbols still in inline assembly instead of re-write in assembly.
3. Update GCC C run-time sequence to fit future GCC script file.
In most cases, we can control degraded QSPI H/W to standard through BSP SPI driver directly as if it is just SPI H/W.
However, BSP SPI driver distinguishes among SPI H/W instances in below functions:
- SPI_Open
- SPI_Close
- SPI_SetBusClock
- SPI_GetBusClock
In these cases, we must change to QSPI version instead for QSPI H/W.
Change target:
- NU_M2354*
In this new memory partition, secure program is most simplified and non-secure program can make most use of memory for its large application like Pelion:
- Flash (512KiB in total): 64KiB for secure and 448KiB for nonsecure.
- SRAM (96KiB in total): 8KiB for secure and 88KiB for nonsecure.
Besides, to make secure program fit into 8KiB:
- Decrease boot stack size to 0x600 bytes
- Remove serial support
- Remove LPTICKER
Re-build default secure image/gateway library to favor Pelion client application
Consider the following factors to define WDT reset delay:
1. Cannot be too small. This is to avoid premature WDT reset in pieces of timeout cascading.
2. Cannot be too large. This is to pass Greentea reset_reason/watchdog_reset tests, which have e.g. 50~100 reset delay tolerance.
Original implementation doesn't enable watchdog reset in pieces of cascaded timeout, except the last one. This is to guarantee re-configuration can be in time, but in interrupt disabled scenario e.g. Hard Fault, watchdog reset can cease to be effective.
This change enables watchdog reset all the way of cascaded timeout. With trade-off, guaranteed watchdog reset function is more significant than re-configuration in time.
At IAR linking, the default method of 'initialize by copy' is 'auto', which will estimate
different packing algorithms, including complex 'lz77', for smallest memory footprint. But
the algorithm itself can consume some SRAM and cause OOM at linking time for NANO130, which
just has 16KiB SRAM. To avoid this error, always choose 'none' packing algorithm.
These targets below just support PRNG, not real TRNG. They cannot annouce TRNG.
- NUMAKER_PFM_NUC472
- NUMAKER_PFM_M487
- NUMAKER_IOT_M487
On targets without TRNG, to run mbedtls applications which require entropy source,
there are two alternatives to TRNG:
- Custom entropy source:
Define MBEDTLS_ENTROPY_HARDWARE_ALT and provide custom mbedtls_hardware_poll(...)
- NV seed:
1. Define MBEDTLS_ENTROPY_NV_SEED
2. Define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO/MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO and provide custom mbedtls_nv_seed_read(...)/mbedtls_nv_seed_write(...).
3. Don't define MBEDTLS_PSA_INJECT_ENTROPY. Meet mbedtls_psa_inject_entropy(...) undefined and then provide custom one, which must be compatible with mbedtls_nv_seed_read(...)/mbedtls_nv_seed_write(...) above.
4. For development, simulating partial provision process, inject entropy seed via mbedtls_psa_inject_entropy(...) pre-main.
Reasons to remove TRNG support:
1. M252 just has 32KiB SRAM and cannot afford mbedtls application.
2. Implementing TRNG HAL with PRNG H/W has security concern.
cyliangtw
Martin Kojtal
Chun-Chieh Li
int_szyk