Add TF-M to Mbed OS, replacing the previous PSA implementation for
TF-M-capable targets. This commit adds files imported from TF-M, without
modification. The version of TF-M imported can be found in
`features/FEATURE_PSA/TARGET_TFM/VERSION.txt`.
These changes switch to TF-M as the sole PSA implementation for v8-M and
dual core targets, with TF-M running on the secure side and Mbed OS
running on the non-secure side. Single core v7-M targets will continue
to have PSA implemented via PSA emulation, implemented by Mbed OS.
Move or remove many PSA-implementing files, as PSA will be provided by
TF-M on non-single-v7-M targets. Delete any files that are not relevant
for PSA emulation mode.
- Remove imported TF-M SPM
- Remove Mbed SPM and tests
- Remove Mbed-implemented PSA services and tests
- Remove PSA_SRV_IMPL, PSA_SRV_IPC, PSA_SRV_EMUL and NSPE.
- Replace PSA_SRV_EMUL and PSA_SRV_IMPL with MBED_PSA_SRV
- Remove any files autogenerated by
"tools/psa/generate_partition_code.py", which no longer exists.
Add new feature `PSA` to support PSA in Mbed OS.
Move the Mbed OS implementation of PSA services for v7-M targets (which
employ PSA emulation, and don't yet use TF-M) to
features/FEATURE_PSA/TARGET_MBED_PSA_SRV. Update the `requires`
attribute in TESTS/configs/baremetal.json to avoid breaking baremetal
testing builds.
Update .astyleignore to match new directory structure
Update Mbed TLS importer to place files into FEATURE_PSA
Create the following generic PSA targets:
* `PSA_Target` (Root level PSA generic target)
* `PSA_V7_M` (Single v7-M PSA generic target)
* `PSA_DUAL_CORE` (Dual-core PSA generic target)
* `PSA_V8_M` (v8-M PSA generic target)
Flatten MUSCA_NS and private MUSCA targets into public MUSCA targets.
Move mcuboot.bin to flat location (removing prebuilt folder)
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
Make the MUSCA_A1 target TF-M compatible by doing the following:
- Add flash, region definitions, and preprocessed image macros from
TF-M (at version 6e7be077eabe "Core: Add lifecycle API")
- Update the MUSCA_A1 linker script to create a flash image
compatible with TF-M.
- Update the tfm/bin_utils/assemble.py signing script to work with
preprocessed image macros rather than flat C pre-processor defines
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
The PSA-implementing secure binary is not built using Mbed OS build
tools anymore. Instead, the TrustedFirmware-M (TF-M) build system is
used to produce the secure binary. As such, we remove PSA related hooks
from the build system, remove PSA related scripts from tools/test
folder, and also remove the psa-autogen job from travis which was
running the now unecessary and removed generate_partition_code.py.
Remove the ability to generate new PSA binaries in the old manner, where
Mbed OS implements PSA. We don't yet remove any PSA binaries or break
the currently checked-in Mbed-implemented PSA support. PSA targets
integrated in the old manner will continue working at this point.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
Add a copyright header and a shebang to the Mbed OS TrustedFirmware-M
tooling.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
The psa_setup.c.tpl jinja template would strip whitespace from before
the partition name comment when inserting non-test partition database
entries. Fix the template to generate psa_setup.c with the partition
name comment properly indented.
Ideally, there is nothing wrong, but it seems to produce AStyle
error when release script runs for PSA Auto-generated files.
Therefore removed the spaces from the problematic line.
Fixes#12084
Signed-off-by: Vikas Katariya <Vikas.Katariya@arm.com>
Since the offline build is made to auto-generate PSA related components
and services for Secure targets, we can change the output directory to
update the files in the respective locations.
TARGET_PSA
--TARGET_MBED_SPM
--COMPONENT_SPE
psa_setup.c
--TARGET_TFM
--COMPONENT_SPE
--inc
tfm_partition_defs.inc
tfm_partition_list.inc
tfm_service_list.inc
tfm_spm_signal_defs.h
--services
--inc
autogen_sid.h
mbed_spm_partitions.h
The release script is been modified to commit these files if there are
any changes detected when `--commit` argument is passed.
Cleaning of auto-generated is been removed as it uses the main directory
for its operations, but PSA auto-generation will work if any of the
service and application-based manifests are updated.
Signed-off-by: Vikas Katariya <Vikas.Katariya@arm.com>
The release script must be run from mbed-os root, otherwise the test
partition binaries will not be created. Add a note in the tool's README
to make this clear and hopefully help save someone some debugging time
in the future.
Unify TF-M and Mbed-SPM code generators:
- Unify SPM initialization logic:
- All partitions are registered at once
- Test partitions are guarded by #ifndef
- Introduce single template list
- Beatify template files and add "Autogen-do not modify" notice
Prepare for integration with mbed-os build system:
- Generate all the files in a single place
Simplify tools/psa/release.py script
* Unify PSA generators
* Replace scanning for mbed_spm templates with json
* Make generate_source_files and parse_manifests common
* Make assert_int an internal function
* Use parse_manifests in pytests
* Update docs
* Replace call with check_call to throw exception on failure
* Check if binaries actually been changes before calling git commit
* Docstrings for all functions
* Small refactor
Jaeden Amero
Devaraj Ranganna
Vikas Katariya
Juhani Puurula
jeromecoutant
Alexander Zilberkant
Alexander Zilberkant
Oren Cohen
Oren Cohen
David Saada
Martin Kojtal
Netanel Gonen
kegilbert
Nir Sonnenschein
Amanda Butler
Cruz Monrreal
Michael Schwarcz