1. Configure non-secure target name to NU_M2354 (targets/targets.json). No NU_M2354_NS alias
2. Following template target, enable image signing and concatenating in post-build process
(1) Add post-build script (tools/targets).
(2) Enable TF-M custom build by centralize relevant stuff imported from TF-M (COMPONENT_TFM_S_FW).
3. Add M2354Code.merge_secure into whitelist of uvision6 (tools/export/uvision/__init__.py).
4. Add M2354 CMSIS pack database (tools/arm_pack_manager/index.json).
5. Configure stdio baudrate to 115200 to match TF-M port (platform/mbed_lib.json).
6. Define CMSIS_NVIC_VIRTUAL to override NVIC_SystemReset with TF-M version (cmsis_nvic_virtual.h).
7. Override tfm_ns_interface_xxx(...) to enable NS secure call:
(1) At pre-rtos stage
(2) In SVC context
8. Implement secure function call with tfm_platform_ioctl(...).
9. Combine stddriver_secure.h/c and hal_secure.h/c into platform_extra_secure.h/c.
10. Fix peripheral base to non-secure (PeripheralNames.h) (TrustZone-unaware since Mbed OS 6.0).
11. Fix NU_PORT_BASE/NU_GET_GPIO_PIN_DATA/NU_SET_GPIO_PIN_DATA to non-secure (PinNamesCommon.h) (TrustZone-unaware since Mbed OS 6.0).
12. NSC convention for StdDriver sys/clk (both TF-M and Mbed must follow)
(1) SYS_ResetModule
Usage: Replaced with SYS_ResetModule_S on Mbed OS
Action: Make it inaccessible from Mbed (neither source nor NSC). Provide SYS_ResetModule_S on Mbed via platform ioctl instead.
(2) CLK_GetXxx
Usage: Called in bpwm/i2s/qspi/sc/sdh and system_M2354 on Mbed OS
Action: Make them inaccessible from Mbed (neither source nor NSC). Re-provide them on Mbed via platform ioctl instead.
13. Remove DISABLE/ENABLE macro definitions in BSP to avoid name conflict with other modules
14. Change to TMR4/5 from TMR2/3 for implementing us_ticker/lp_ticker because TMR2 is used for TF-M NSPE test
15. Support cmake
NOTE: Export(uvision6) doesn't support TF-M target. To enable it for partial compile on Keil, force below function to return true.
is_target_supported(tools/export/uvision/__init__.py)
Fixes: #14153
The target CYTFM_064B0S2_4343W is signed using `cysecuretools` which
depends on `imgtool` managed by `pip`. However, Arm Musca targets
requires a modified/wrapped version of the image tool copied from
trusted-firmware-m + MCUboot.
To avoid conflicts in the version of `imgtool` used, we should only
add the copied version of `imgtool` to python's system path for
Musca targets instead of doing it globally for all targets.
The API is_PSA_non_secure_target() uses obsolete labels to detect if a
target is PSA non-secure target and is not needed anymore.
Mbed OS depends on TF-M for PSA SPM and services. TF-M is built using
it's own build system. Therefore, we don't need to differentiate secure
and non-secure targets anymore in Mbed OS as all PSA targets in Mbed OS
are non-secure targets.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Current logic `is_TFM_target` relies on the availability of attribute
`tfm_target_name` to identify PSA targets. The API `is_TFM_target` is
used in pytest to validate PSA target configuration which again checks
the availability of `tfm_target_name`. If a target doesn't contain the
attribute `tfm_target_name` then this check will fail instead of
catching it. Therefore, we now check for `TFM` config option in `labels`
attribute.
The API `is_TFM_target()` returns true for Mbed OS PSA targets which are
supported by TF-M also.
Add a new API `is_PSA_target()` which returns true for all Mbed OS PSA
targets.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Add TF-M to Mbed OS, replacing the previous PSA implementation for
TF-M-capable targets. This commit adds files imported from TF-M, without
modification. The version of TF-M imported can be found in
`features/FEATURE_PSA/TARGET_TFM/VERSION.txt`.
These changes switch to TF-M as the sole PSA implementation for v8-M and
dual core targets, with TF-M running on the secure side and Mbed OS
running on the non-secure side. Single core v7-M targets will continue
to have PSA implemented via PSA emulation, implemented by Mbed OS.
Move or remove many PSA-implementing files, as PSA will be provided by
TF-M on non-single-v7-M targets. Delete any files that are not relevant
for PSA emulation mode.
- Remove imported TF-M SPM
- Remove Mbed SPM and tests
- Remove Mbed-implemented PSA services and tests
- Remove PSA_SRV_IMPL, PSA_SRV_IPC, PSA_SRV_EMUL and NSPE.
- Replace PSA_SRV_EMUL and PSA_SRV_IMPL with MBED_PSA_SRV
- Remove any files autogenerated by
"tools/psa/generate_partition_code.py", which no longer exists.
Add new feature `PSA` to support PSA in Mbed OS.
Move the Mbed OS implementation of PSA services for v7-M targets (which
employ PSA emulation, and don't yet use TF-M) to
features/FEATURE_PSA/TARGET_MBED_PSA_SRV. Update the `requires`
attribute in TESTS/configs/baremetal.json to avoid breaking baremetal
testing builds.
Update .astyleignore to match new directory structure
Update Mbed TLS importer to place files into FEATURE_PSA
Create the following generic PSA targets:
* `PSA_Target` (Root level PSA generic target)
* `PSA_V7_M` (Single v7-M PSA generic target)
* `PSA_DUAL_CORE` (Dual-core PSA generic target)
* `PSA_V8_M` (v8-M PSA generic target)
Flatten MUSCA_NS and private MUSCA targets into public MUSCA targets.
Move mcuboot.bin to flat location (removing prebuilt folder)
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
When python3 is enforced to build the ARM_MUSCA_A1 or ARM_MUSCA_B1
targets, it is unable to find binary utility tool scripts which are
imported from TF-M.
The reason to use the python3 environment is as follows: Mbed OS + TFM
contained a faulty boot record TLV, which failed the attestation test
(TF-M regression). The data in the boot record TLV will be included in
the generated attestation token as 1 item in the SW_COMPONENTS claim.
This data (in the boot record TLV) is pre-encoded in CBOR format at
build time and appended to the image during the image signing process
(done by the imgtool Python3 script).
Signed-off-by: Vikas Katariya <vikas.katariya@arm.com>
Targets that use TF-M for their PSA implementation are not compatible
with exporters at this time. Explicitly block use of exporters with TF-M
using targets, for better error messages.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
The PSA-implementing secure binary is not built using Mbed OS build
tools anymore. Instead, the TrustedFirmware-M (TF-M) build system is
used to produce the secure binary. As such, we remove PSA related hooks
from the build system, remove PSA related scripts from tools/test
folder, and also remove the psa-autogen job from travis which was
running the now unecessary and removed generate_partition_code.py.
Remove the ability to generate new PSA binaries in the old manner, where
Mbed OS implements PSA. We don't yet remove any PSA binaries or break
the currently checked-in Mbed-implemented PSA support. PSA targets
integrated in the old manner will continue working at this point.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
Musca-B1 is a Cortex-M33 based target with security extension enabled.
- ARM_MUSCA_B1 is the non-secure target running mbed-os.
- ARM_MUSCA_B1_S is the secure target running TF-M.
- TF-M sources were imported and patched in previous commits.
- TF-M secure bootloader (McuBoot) for MUSCA_B1 is submitted by a
pre-built binary.
- A post-build hook concatenates The secure and non-secure binaries,
signs it and then concatenates the bootloader with the signed binary.
Change-Id: I4b36290941b5f0bb7aa7c12dda2f38b5c1e39ae2
Signed-off-by: Tamas Kaman <tamas.kaman@arm.com>
Signed-off-by: Gabor Abonyi <gabor.abonyi@arm.com>
Support secure/non-secure combined build for non-PSA target:
1. In secure post-build, deliver built secure image to TARGET_NU_PREBUILD_SECURE
directory which is to combine later.
2. In non-secure post-build, merge non-secure image with secure image saved in
TARGET_NU_PREBUILD_SECURE directory.
3. In non-secure post-build, user can also drop pre-built secure image saved in
TARGET_NU_PREBUILD_SECURE directory and provide its own by adding the line below
in mbed_app.json:
"target.extra_labels_remove": ["NU_PREBUILD_SECURE"]
Musca-A1 is a Cortex-M33 based target with security extension enabled.
- ARM_MUSCA_A1 is the non-secure target running mbed-os.
- ARM_MUSCA_A1_S is the secure target running TF-M.
- TF-M sources were imported and patched in previous commits.
- TF-M secure bootloader (McuBoot) for MUSCA_A1 is submitted by a pre-built binary.
- A post-build hook concatenates The secure and non-secure binaries,
signs it and then concatenates the bootloader with the signed binary.
Change the heuristic for selection of CMSE in the tools python, so that
a non-TrustZone ARMv8 build can happen.
Ideally we would have more direct flagging in the targets, but this
refines the heuristic so the necessary behaviour can be easily
achieved.
* DOMAIN_NS=1 is based purely on the `-NS` suffix on the core name.
* Enabling CMSE in the compiler and outputting a secure import library
is now enabled when the core doesn't have an `-NS` suffix by either
the target label `TFM` being present or the flag `trustzone` being set.
This covers the existing ARMv8-M behaviour - TF-M builds have the TFM
label, as per its documentation; M2351 secure builds have no explicit
flagging, so we ensure that the M2351_NS target has the trustzone flag
set, and the out-of-tree secure target inherits that.
PSA code generation will be called automatically upon mbed invocation.
The autogenerated files will be created under <mbed-os-root>/PSA_AUTOGEN directory.
The "hook tools" were capable of hooking into many commands run by the build system.
To my knowlage, the only hook is the "post-build-hook". The post build hook could be
easier to reason about if the implementation is specialized for just post-build
hooking.
This commit make it much easier to point out where post build hooks are called by
making the call explicit.
Rename the existing PSoC-specific m0_core_img key in targets.json
as a more generic hex_filename key. Update makefile exporter to select
the subset of resources.hex_files matching the hex_filename value.
Without this fix, multiple prebuilt CM0+ hex files are found in the
target resources and erroneously passed to the srec_cat tool.
The fix is generic so other targets that need post-build hex merging
can use this key to pass the correct image to srecord tool.
The fix also removes sub_target key: instead, rely hex_filename json
key to detect if the hex image merging needs to be done.
The sub_target is not used in mbed-os codebase for anything else.
It is possible to override the hex file name in mbed_app.json:
{
"target_overrides": {
"*": {
"target.hex_filename": "my_custom_m0_image.hex"
}
}
Chun-Chieh Li
Lingkai Dong
Vikas Katariya
Gabor Toth
Roman Okhrimenko
Devaraj Ranganna
Rob Walton
Marcelo Salazar
Taylor Heck
Tamas Kaman
Graham Hammond
Michael Schwarcz
Anna Bridge
Kevin Bracey
Lin Gao
Alexander Zilberkant
Jimmy Brisson
Mahesh Mahadevan
Senthil Ramakrishnan
Cruz Monrreal II
deepikabhavnani
Volodymyr Medvid