Configure Mbed TLS to automatically enable PSA as needed. When Mbed OS
is configured to use PSA, configure Mbed TLS to use PSA. This prevents
leaking of the "how to make Mbed TLS use PSA" knowledge up into
targets.json, and thus makes porting simpler. There is now one place
where "how to make TLS use PSA" exists rather than repeated throughout
targets.json for each target that can't inherit from PSA_Target.
Add TF-M to Mbed OS, replacing the previous PSA implementation for
TF-M-capable targets. This commit adds files imported from TF-M, without
modification. The version of TF-M imported can be found in
`features/FEATURE_PSA/TARGET_TFM/VERSION.txt`.
These changes switch to TF-M as the sole PSA implementation for v8-M and
dual core targets, with TF-M running on the secure side and Mbed OS
running on the non-secure side. Single core v7-M targets will continue
to have PSA implemented via PSA emulation, implemented by Mbed OS.
Move or remove many PSA-implementing files, as PSA will be provided by
TF-M on non-single-v7-M targets. Delete any files that are not relevant
for PSA emulation mode.
- Remove imported TF-M SPM
- Remove Mbed SPM and tests
- Remove Mbed-implemented PSA services and tests
- Remove PSA_SRV_IMPL, PSA_SRV_IPC, PSA_SRV_EMUL and NSPE.
- Replace PSA_SRV_EMUL and PSA_SRV_IMPL with MBED_PSA_SRV
- Remove any files autogenerated by
"tools/psa/generate_partition_code.py", which no longer exists.
Add new feature `PSA` to support PSA in Mbed OS.
Move the Mbed OS implementation of PSA services for v7-M targets (which
employ PSA emulation, and don't yet use TF-M) to
features/FEATURE_PSA/TARGET_MBED_PSA_SRV. Update the `requires`
attribute in TESTS/configs/baremetal.json to avoid breaking baremetal
testing builds.
Update .astyleignore to match new directory structure
Update Mbed TLS importer to place files into FEATURE_PSA
Create the following generic PSA targets:
* `PSA_Target` (Root level PSA generic target)
* `PSA_V7_M` (Single v7-M PSA generic target)
* `PSA_DUAL_CORE` (Dual-core PSA generic target)
* `PSA_V8_M` (v8-M PSA generic target)
Flatten MUSCA_NS and private MUSCA targets into public MUSCA targets.
Move mcuboot.bin to flat location (removing prebuilt folder)
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
The header `cmsis_nvic.h` defines vector start address in RAM
`NVIC_RAM_VECTOR_ADDRESS` which is used in
`mbed_boot.c:mbed_cpy_nvic()`. But `mbed_boot.c` only includes
`cmsis.h`. Due to this `mbed_cpy_nvic` becomes an empty function and the
vectors don't get relocated to RAM. This causes BusFault error when Mbed
OS tries to update any of the IRQ handlers.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
BL2 macro is used in `region_defs.h` to define the `BL2_HEADER_SIZE`.
Without BL2 macro, `BL2_HEADER_SIZE` is set to 0. This leads to
incorrect start address (Reset_Handler of Mbed OS) derived by TF-M based
on `region_defs.h` and BL2 macro.
BL2 macro is set for MUSCA B in TF-M.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Currently, the final binary (TF-M + Mbed OS) is signed after
concatenating TF-M and Mbed OS binaries. But TF-M signs the images
separately and then concatenates them. Update the Musca B1 signing
strategy to match TF-M.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Use instead the general TF-M v8-M virtual NVIC which will be added in
the commit that replaces Mbed PSA with TF-M PSA:
features/FEATURE_PSA/TARGET_TFM/TARGET_TFM_V8M/src/cmsis_nvic_virtual.c
Partially revert f38e21fa6c ("Update PSoC 6 BSPs to verion 1.2") to
restore TF-M compatibility.
Make the CY8CKIT_064S2_4343W target TF-M compatible by addding flash and
region definitions from TF-M (at c4f37c18c4a0) and by updating the
CY8CKIT_064S2_4343W linker script to create a flash image compatible
with TF-M.
Fixes: f38e21fa6c ("Update PSoC 6 BSPs to verion 1.2")
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
Since Mbed OS 6.0, secure build is not supported yet. Remove it from master temporarily.
For non-TF-M support (NU_PFM_M2351_NPSA_S/NS), go to mbed-os-5.15 branch and Mbed OS 5.15 release.
For TF-M support (NU_PFM_M2351_S/NS), this needs M2351 integrated into TF-M repo first.
Expect M2351 TF-M support can come back into master after integration with TF-M is finished.
Having Freescale and NXP macro causes compile from both
TARGET_Freescale and TARGET_NXP HAL folders.
Signed-off-by: Mahesh Mahadevan <mahesh.mahadevan@nxp.com>
This allows the application to inject its own resource reservations
immmediately after the BSP (and therefore HAL) is initialized,
ensuring that they can claim require resources before mbed tries
to use them for more flexible purposes. For example, the application
might want to claim a particular timer to make sure that it doesn't
get picked for us_ticker (which can use any arbitrary timer instance).
A running timer will block DeepSleep, which would normally be
good because we don't want the timer to accidentally lose counts.
We don't care about that for us_ticker (If we're requesting deepsleep
the upper layers already determined that they are okay with that),
so explicitly stop the us_ticker timer before we go to sleep and
start it back up afterwards.
PSoC 64 secure BSP post-build hook (cysecuretools image signing)
expects the HEX file with start address 0x10000400 (first KB of
internal FLASH is reserved for MCUboot headers area).
In order to get the correct HEX file produced by ARM fromELF tool,
the ELF file should allocate LR_IROM1 starting from address
0x10000400, not 0x10000000. Otherwise the generated HEX file
allocates rows at addresses 0x10000000 ~ 010000400 and the
final application image is not signed correctly.
Fixes https://github.com/ARMmbed/mbed-os/issues/13058.
Since 5.7 CMSIS update to Mbed OS, __VECTOR_TABLE is defined in cmsis_gcc header
file. Many MCU in NXP uses this symbol as linker definition, therefore we should
check if already defined and undefined it.
Fixes#13062
ARM Compiler 6 does not support placing a zero-initialized variable in a
zero-initialized section with a given name.
The migration path for this feature is what is as done in this commit.
The name of the section is what comes after `.bss.` (`nvictable` in this
case).
Also simplify pre-processor directive to test for Arm compiler.
TF-M and PSA have experimental APIs. Musca targets must initialize the
tfm_ns_lock, via the experimental API tfm_ns_lock_init(), as part of
their ordinary initialization procedure. Therefore, Musca targets must
have experimental APIs present in order to function. Add the
experimental API feature to Musca targets by default to ease usability
of the Musca targets, rather than requiring all users and CI to manually
enable experimental APIs when using these targets.
Make single Armv7-M PSA targets pick up files under TARGET_MBED_PSA_SRV.
We'll be moving the Mbed implementation of PSA to TARGET_MBED_PSA_SRV
folders soon.
Targets (dual-core and Armv8-M) that expect to use TF-M for their PSA
implementation also have MBED_PSA_SRV labels added to them so that they
continue working with the Mbed PSA implementation for the time being.
Roman Okhrimenko
Martin Kojtal
toyowata
Vance Farren
Jaeden Amero
Devaraj Ranganna
Chun-Chieh Li
jeromecoutant
Mahesh Mahadevan
Kyle Kearney
Evelyne Donnaes
Anna Bridge
Volodymyr Medvid
Hugues Kamba
rogeryou