On IAR, configure heap to 1KiB at a minimum and expandable, dependent on available SRAM. This requires IAR 8.x.
Support targets:
- NUMAKER_PFM_NUC472 w/ and w/o XRAM
- NUMAKER_PFM_M453
- NUMAKER_PFM_M487/NUMAKER_IOT_M487
- NUMAKER_IOT_M263A
- NUMAKER_M252KG
At IAR linking, the default method of 'initialize by copy' is 'auto', which will estimate
different packing algorithms, including complex 'lz77', for smallest memory footprint. But
the algorithm itself can consume some SRAM and cause OOM at linking time for NANO130, which
just has 16KiB SRAM. To avoid this error, always choose 'none' packing algorithm.
These targets below just support PRNG, not real TRNG. They cannot annouce TRNG.
- NUMAKER_PFM_NUC472
- NUMAKER_PFM_M487
- NUMAKER_IOT_M487
On targets without TRNG, to run mbedtls applications which require entropy source,
there are two alternatives to TRNG:
- Custom entropy source:
Define MBEDTLS_ENTROPY_HARDWARE_ALT and provide custom mbedtls_hardware_poll(...)
- NV seed:
1. Define MBEDTLS_ENTROPY_NV_SEED
2. Define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO/MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO and provide custom mbedtls_nv_seed_read(...)/mbedtls_nv_seed_write(...).
3. Don't define MBEDTLS_PSA_INJECT_ENTROPY. Meet mbedtls_psa_inject_entropy(...) undefined and then provide custom one, which must be compatible with mbedtls_nv_seed_read(...)/mbedtls_nv_seed_write(...) above.
4. For development, simulating partial provision process, inject entropy seed via mbedtls_psa_inject_entropy(...) pre-main.
In this new memory partition, secure program is most simplified and non-secure program can make most use of memory for its large application like Pelion:
- Flash (512KiB in total): 64KiB for secure and 448KiB for nonsecure.
- SRAM (96KiB in total): 8KiB for secure and 88KiB for nonsecure.
Besides, to make secure program fit into 8KiB:
- Decrease boot stack size to 0x600 bytes
- Remove serial support
Reasons to remove TRNG support:
1. M252 just has 32KiB SRAM and cannot afford mbedtls application.
2. Implementing TRNG HAL with PRNG H/W has security concern.
Without free-up of peripheral pins, peripheral pins of the same peripheral may
share by multiple ports after port iteration, and this peripheral may fail with
pin interference.
In Nuvoton, only new-design chips support GPIO input pull-high/pull-low modes.
Targets not supporting this feature are listed below:
- NUMAKER_PFM_NANO130
- NUMAKER_PFM_NUC472
- NUMAKER_PFM_M453
Fix logic error on replying NACK at the end of transfer.
This is also to fix FPGA CI test mbed_hal_fpga_ci_test_shield-i2c/
i2c - test single byte read i2c API.
Better IP initialization sequence:
1. Configure IP pins
2. Select IP clock source and then enable it
3. Reset the IP (SYS_ResetModule)
NOTE1: IP reset takes effect regardless of IP clock. So it doesn't matter if
IP clock enable is before IP reset.
NOTE2: Non-configured pins may disturb IP's state, so IP pinout first and then
IP reset.
NOTE3: IP reset at the end of IP initialization sequence can cover unexpected
situation.
Without free-up of peripheral pins, peripheral pins of the same peripheral may
share by multiple ports after port iteration, and this peripheral may fail with
pin interference.
In Nuvoton, only new-design chips support GPIO input pull-high/pull-low modes.
Targets not supporting this feature are listed below:
- NUMAKER_PFM_NANO130
- NUMAKER_PFM_NUC472
- NUMAKER_PFM_M453
Fix logic error on replying NACK at the end of transfer.
This is also to fix FPGA CI test mbed_hal_fpga_ci_test_shield-i2c/
i2c - test single byte read i2c API.
Better IP initialization sequence:
1. Configure IP pins
2. Select IP clock source and then enable it
3. Reset the IP (SYS_ResetModule)
NOTE1: IP reset takes effect regardless of IP clock. So it doesn't matter if
IP clock enable is before IP reset.
NOTE2: Non-configured pins may disturb IP's state, so IP pinout first and then
IP reset.
NOTE3: IP reset at the end of IP initialization sequence can cover unexpected
situation.
Fix SPI module index error in modidx_ns_tab table in CLK_SetModuleClock_S().
Need to update secure image for this bugfix.
This is also to fix FPGA CI test mbed_hal_fpga_ci_test_shield-spi/
SPI - init/free test all pins.
M451 series can classify by M45xD/M45xC and M45xG/M45xE. To support this
classification:
1. Create TARGET_M45xD_M45xC and TARGET_M45xG_M45xE targets.
2. Mark NUMAKER_PFM_M453 belongs to TARGET_M45xG_M45xE by 'extra_labels_add'
in targets.json.
3. Fix pin name table according to the classification.
4. Fix pinmap table according to the classification.
MOSI1/MISO1 are used in second bit of 2-bit transfer mode and cannot be used
for normal MOSI/MISO. Remove them from pinmap.
This is also to fix FPGA CI test mbed_hal_fpga_ci_test_shield-spi/
SPI - basic test.
Without free-up of peripheral pins, peripheral pins of the same peripheral may
share by multiple ports after port iteration, and this peripheral may fail with
pin interference.
In Nuvoton, only new-design chips support GPIO input pull-high/pull-low modes.
Targets not supporting this feature are listed below:
- NUMAKER_PFM_NANO130
- NUMAKER_PFM_NUC472
- NUMAKER_PFM_M453
Fix logic error on replying NACK at the end of transfer.
This is also to fix FPGA CI test mbed_hal_fpga_ci_test_shield-i2c/
i2c - test single byte read i2c API.
Better IP initialization sequence:
1. Configure IP pins
2. Select IP clock source and then enable it
3. Reset the IP (SYS_ResetModule)
NOTE1: IP reset takes effect regardless of IP clock. So it doesn't matter if
IP clock enable is before IP reset.
NOTE2: Non-configured pins may disturb IP's state, so IP pinout first and then
IP reset.
NOTE3: IP reset at the end of IP initialization sequence can cover unexpected
situation.
Originally, nu_delay_cycle_x4(...) is borrowed from mbed test code for delay
cycle. Currently, it is not used on Nuvoton targets. If delay cycle is needed,
use wait_ns(...) instead which has strict implementation and has passed tests.
1. Add missing header file for mbed_mpu_manager_lock_ram_execution()/
mbed_mpu_manager_unlock_ram_execution() to avoid compile warning.
2. Locate delay_loop_code() on 16-byte boundary (sync to common version).
3. Optimize delay_loop macro (sync to common version).
At high HCLK rate, M2351 cannot provide zero-wait-state flash performance. Besides,
cache is forcibly turned off for non-secure land for internal reason. We locate
'delay_loop_code' from flash to SRAM to achieve zero-wait-state performance.
On ARMC6 with optimization level "-Os", the two functions NVIC_SetVector/NVIC_GetVector
will be translated to illegal instruction for trapping due to NVIC_FLASH_VECTOR_ADDRESS
defined as direct 0. Fixed by defining NVIC_FLASH_VECTOR_ADDRESS as a symbol instead to
avoid such optimization error.
Reimplement atomic code in inline assembly. This can improve
optimisation, and avoids potential architectural problems with using
LDREX/STREX intrinsics.
API further extended:
* Bitwise operations (fetch_and/fetch_or/fetch_xor)
* fetch_add and fetch_sub (like incr/decr, but returning old value -
aligning with C++11)
* compare_exchange_weak
* Explicit memory order specification
* Basic freestanding template overloads for C++
This gives our existing C implementation essentially all the functionality
needed by C++11.
An actual Atomic<T> template based upon these C functions could follow.
On NUC472, on wake-up from power-down mode, we may meet hard fault or some other
unknown error. Before its cause is found, we enter idle mode instead for a workaround.
To simulate power-down mode with idle mode, we also disable us_ticker during
power-down period.
Instead of user defined symbols in assembly files or C files,
use linker scripts to add heap and stack - this is inconsistent
with ARM std linker scripts
Nuvoton M2351 was including generic core_armv8mbl.h from CMSIS - we
need it to be more specific to identify the specific core for
wait_ns. Change to core_cm23.h.
Port of NUC472/M487 crypto AC mgmt work to M2351:
1. Choose mutex to synchronize access to crypto non-SHA AC
2. Choose atomic flag to synchronize access to crypto SHA AC
1. For SHA AC, use atomic flag to manage its ownership.
(1) Nuvoton SHA AC doesn't support SHA context save & restore, so S/W
SHA fallback has been supported before. To make non-blocking 'acquire'
semantics clearer, introduce 'try_acquire' to substitute for 'acquire'.
(2) No biting CPU due to mechanism above.
(3) No deadlock due to mechanism above.
2. For AES/DES/ECC AC, change to mutex to manage their ownership.
(1) Change crypto-misc.c to crypto-misc.cpp to utilize C++ SingletonPtr
which guarantees thread-safe mutex construct-on-first-use.
(2) With change to crypto-misc.cpp, add 'extern "C"' modifier to CRYPTO_IRQHandler()
to avoid name mangling in C++.
(3) No priority inversion because mutex has osMutexPrioInherit attribute
bit set.
(4) No deadlock because these AC are all locked for a short sequence
of operations rather than the whole lifetime of mbedtls context.
(5) For double mbedtls_internal_ecp_init() issue, it has been fixed in upper
mbedtls layer. So no need to change ecc init/free flow.
With support for checking H/W UART initialized or not, we can simplify stdio management:
1. When serial_init(&stdio_uart) calls in, just set the 'stdio_uart_inited' flag.
2. When serial_free(&stdio_uart) calls in, just clear the 'stdio_uart_inited' flag.
Except above, we needn't make special handling with 'stdio_uart'.
The same H/W UART may be shared by multiple serial_t objects. This fix tries to avoid
re-configuring the same H/W UART in serial_init() when there are multiple serial_t
objects constructed. To re-configure UART, call serial_baud() and serial_format()
explicitly. This can avoid confusion when e.g. a newly constructed serial_t object
changes baudrate unexpectedly in serial_init().
RAM/ROM sizes in tools were updated to report entire device size, and in M2351
they were used earlier to report secure/non-secure partition size.
M2351 files are updated to take full RAM/ROM device size and derive secure
and non-secure partition size based on that.
`flash_get_erase_value` is added in hal/TARGET_FLASH_CMSIS_ALGO/flash_common_algo.c
duplicate copy of same function in targets/TARGET_NUVOTON/TARGET_M2351/flash_api.c
resulted in build issues with secure build
--legacyalign, --no_legacyalign are deprecated from ARMC6 compiler, in order to
remove deprecated flags all linker files (GCC and IAR as well to have uniformity)
should strictly align to 8-byte boundary
Set the ISR stack to be 1KB. https://github.com/ARMmbed/mbed-os/pull/7238
Set the heap size to 3KB(2KB + overhead + spare) so that atleast 2KB free ram is
available for testing.
With dynamic heap size, explicit size is not required. IAR 7.8 supports
static heap, hence the change is needed in IAR linker files.
Replace wait_us with nu_busy_wait_us in lp_ticker since wait_us is not allowed in sleep test
which would suspend us ticker layer on which wait_us relies. nu_busy_wait_us is implemented
by calling us ticker HAL API directly rather than relying on us ticker layer.
If us_ticker/lp_ticker is scheduled and then the interrupt is disabled, the originally scheduled
interrupt may still become pending. If this occurs, then an interrupt will fire twice on the next
call to us_ticker_set_interrupt/lp_ticker_set_interrupt - once immediately and then a second time
at the appropriate time.
This patch prevents the first interrupt by clearing interrupts in
us_ticker_set_interrupt/lp_ticker_set_interrupt before calling NVIC_EnableIRQ.
1. Modify PinMode enum to fully support GPIO I/O modes.
2. Translate input pull mode/direction to I/O mode, where H/W doesn't support
separate configuration for input pull mode/direction.
3. Allow for configuring I/O mode in addition to input pull mode.
1. Rename m2351_stddriver_sup.h/c to stddriver_secure.h/.c for naming consistency
2. Add hal_secure.h to include hal-exported secure functions
3. Change return/argument type in secure functions:
(1) Change int to int32_t
(2) Change PinName to int32_t
(3) Change time_t to int64_t
4. Update secure lib/bin accordingly
ccli8
Martin Kojtal
cyliangtw
int_szyk
Anna Bridge
Rajkumar Kanagaraj
Martin Kojtal
Kevin Bracey
Shrikant Tudavekar
Cruz Monrreal
deepikabhavnani
Przemyslaw Stekiel
Russ Butler
Senthil Ramakrishnan
David Saada
Amanda Butler
Yossi Levy
Oren Cohen