At high HCLK rate, M2351 cannot provide zero-wait-state flash performance. Besides,
cache is forcibly turned off for non-secure land for internal reason. We locate
'delay_loop_code' from flash to SRAM to achieve zero-wait-state performance.
On ARMC6 with optimization level "-Os", the two functions NVIC_SetVector/NVIC_GetVector
will be translated to illegal instruction for trapping due to NVIC_FLASH_VECTOR_ADDRESS
defined as direct 0. Fixed by defining NVIC_FLASH_VECTOR_ADDRESS as a symbol instead to
avoid such optimization error.
Reimplement atomic code in inline assembly. This can improve
optimisation, and avoids potential architectural problems with using
LDREX/STREX intrinsics.
API further extended:
* Bitwise operations (fetch_and/fetch_or/fetch_xor)
* fetch_add and fetch_sub (like incr/decr, but returning old value -
aligning with C++11)
* compare_exchange_weak
* Explicit memory order specification
* Basic freestanding template overloads for C++
This gives our existing C implementation essentially all the functionality
needed by C++11.
An actual Atomic<T> template based upon these C functions could follow.
On NUC472, on wake-up from power-down mode, we may meet hard fault or some other
unknown error. Before its cause is found, we enter idle mode instead for a workaround.
To simulate power-down mode with idle mode, we also disable us_ticker during
power-down period.
Instead of user defined symbols in assembly files or C files,
use linker scripts to add heap and stack - this is inconsistent
with ARM std linker scripts
Nuvoton M2351 was including generic core_armv8mbl.h from CMSIS - we
need it to be more specific to identify the specific core for
wait_ns. Change to core_cm23.h.
Port of NUC472/M487 crypto AC mgmt work to M2351:
1. Choose mutex to synchronize access to crypto non-SHA AC
2. Choose atomic flag to synchronize access to crypto SHA AC
1. For SHA AC, use atomic flag to manage its ownership.
(1) Nuvoton SHA AC doesn't support SHA context save & restore, so S/W
SHA fallback has been supported before. To make non-blocking 'acquire'
semantics clearer, introduce 'try_acquire' to substitute for 'acquire'.
(2) No biting CPU due to mechanism above.
(3) No deadlock due to mechanism above.
2. For AES/DES/ECC AC, change to mutex to manage their ownership.
(1) Change crypto-misc.c to crypto-misc.cpp to utilize C++ SingletonPtr
which guarantees thread-safe mutex construct-on-first-use.
(2) With change to crypto-misc.cpp, add 'extern "C"' modifier to CRYPTO_IRQHandler()
to avoid name mangling in C++.
(3) No priority inversion because mutex has osMutexPrioInherit attribute
bit set.
(4) No deadlock because these AC are all locked for a short sequence
of operations rather than the whole lifetime of mbedtls context.
(5) For double mbedtls_internal_ecp_init() issue, it has been fixed in upper
mbedtls layer. So no need to change ecc init/free flow.
With support for checking H/W UART initialized or not, we can simplify stdio management:
1. When serial_init(&stdio_uart) calls in, just set the 'stdio_uart_inited' flag.
2. When serial_free(&stdio_uart) calls in, just clear the 'stdio_uart_inited' flag.
Except above, we needn't make special handling with 'stdio_uart'.
The same H/W UART may be shared by multiple serial_t objects. This fix tries to avoid
re-configuring the same H/W UART in serial_init() when there are multiple serial_t
objects constructed. To re-configure UART, call serial_baud() and serial_format()
explicitly. This can avoid confusion when e.g. a newly constructed serial_t object
changes baudrate unexpectedly in serial_init().
RAM/ROM sizes in tools were updated to report entire device size, and in M2351
they were used earlier to report secure/non-secure partition size.
M2351 files are updated to take full RAM/ROM device size and derive secure
and non-secure partition size based on that.
`flash_get_erase_value` is added in hal/TARGET_FLASH_CMSIS_ALGO/flash_common_algo.c
duplicate copy of same function in targets/TARGET_NUVOTON/TARGET_M2351/flash_api.c
resulted in build issues with secure build
--legacyalign, --no_legacyalign are deprecated from ARMC6 compiler, in order to
remove deprecated flags all linker files (GCC and IAR as well to have uniformity)
should strictly align to 8-byte boundary
Set the ISR stack to be 1KB. https://github.com/ARMmbed/mbed-os/pull/7238
Set the heap size to 3KB(2KB + overhead + spare) so that atleast 2KB free ram is
available for testing.
With dynamic heap size, explicit size is not required. IAR 7.8 supports
static heap, hence the change is needed in IAR linker files.
Replace wait_us with nu_busy_wait_us in lp_ticker since wait_us is not allowed in sleep test
which would suspend us ticker layer on which wait_us relies. nu_busy_wait_us is implemented
by calling us ticker HAL API directly rather than relying on us ticker layer.
If us_ticker/lp_ticker is scheduled and then the interrupt is disabled, the originally scheduled
interrupt may still become pending. If this occurs, then an interrupt will fire twice on the next
call to us_ticker_set_interrupt/lp_ticker_set_interrupt - once immediately and then a second time
at the appropriate time.
This patch prevents the first interrupt by clearing interrupts in
us_ticker_set_interrupt/lp_ticker_set_interrupt before calling NVIC_EnableIRQ.
1. Modify PinMode enum to fully support GPIO I/O modes.
2. Translate input pull mode/direction to I/O mode, where H/W doesn't support
separate configuration for input pull mode/direction.
3. Allow for configuring I/O mode in addition to input pull mode.
1. Rename m2351_stddriver_sup.h/c to stddriver_secure.h/.c for naming consistency
2. Add hal_secure.h to include hal-exported secure functions
3. Change return/argument type in secure functions:
(1) Change int to int32_t
(2) Change PinName to int32_t
(3) Change time_t to int64_t
4. Update secure lib/bin accordingly
1. Power down RTC access from CPU domain in rtc_free. After rtc_free, RTC gets
inaccessible from CPU domain but keeps counting.
2. Fix RTC cannot cross reset cycle.
To change TRNG security state, we need to:
1. Change CRPT/CRYPTO bit in NVIC/SCU in partition_M2351.h
2. Add/remove TRNG in device_has list in targets.json to match partition_M2351.h
NSC location has the following requirements:
1. By IDAU, 0~0x4000 is secure. NSC can only locate in 0x4000~0x10000000.
2. Greentea flash IAP uses last 4 sectors for its test. Avoid this range.
3. Greentea NVSTORE uses last 2 sectors or 4KB x 2 for its test. Avoid this range.
In Mbed OS, page size is program unit, which is different than FMC definition.
After fixing page size, we can pass NVSTORE test (mbed-os-features-nvstore-tests-nvstore-functionality).
1. Replace SYS_ResetModule/CLK_SetModuleClock/CLK_EnableModuleClock/CLK_DisableModuleClock with TrustZone-aware versions.
2. Configure all UART to secure
3. Support asynchronous transfer
4. Remove sleep management code, which has been replaced with Sleep Manager.
The rework includes the following:
1. Remove ticker overflow handling because upper layer (mbed_ticker_api.c) has done with it.
This makes us_ticker/lp_ticker implementation more succinct and avoids potential error.
2. Refine timer register access with low-power clock source
Chun-Chieh Li
Rajkumar Kanagaraj
Martin Kojtal
Martin Kojtal
Kevin Bracey
Shrikant Tudavekar
Cruz Monrreal
deepikabhavnani
Przemyslaw Stekiel
Russ Butler
cyliangtw
Senthil Ramakrishnan
David Saada
Anna Bridge
Amanda Butler
Yossi Levy
Oren Cohen