Setting/getting key enrollment algorithm is not recommended and not
part of the vanilla PSA or TF-M. For now keep the API just for
backward compatibility with existing projects, and this commit
adds deprecation warnings.
Add `psa_set_key_enrollment_algorithm()` and
`psa_get_key_enrollment_algorithm()` for TF-M targets.
Note: This is deprecated and for backward compatibility only.
Setting an enrollment algorithm is not recommended, because
using the same key with different algorithms can allow some
attacks based on arithmetic relations between different
computations made with the same key, or can escalate harmless
side channels into exploitable ones. Use this function only
if it is necessary to support a protocol for which it has been
verified that the usage of the key with multiple algorithms
is safe.
The vector table needs to be copied from ROM to RAM, in order for us
to set IRQ handlers at run time. The address in RAM is defined by
`NVIC_RAM_VECTOR_ADDRESS` in `cmsis_nvic.h`, but its inclusion
was missing from Musca S1's `cmsis.h` and consequently the vector
table was not copied.
On most targets this results in a memory access error when we set
vectors. But Musca S1's ROM is in its MRAM (which can be accessed
like any RAMs), and this causes the ROM image to be modified
with no error/warning. On the next boot, MCUboot fails the image
integrity check.
This commit adds the missing include, in the same spirit as
01dd997d55.
The script changes are required with respect to TF-M v1.2
integration for this target. The imgtool.py is been replaced with
`wrapper.py` which uses click command to run the signing algorithm.
The version `-v` and dependencies `-d` have been updated to resolve
upgrade issues from TF-M v1.1 --> v1.2
* Partition files are synced with TF-M v1.2
* To have uniformity with TF-M v1.2, rename the following:
** image_macros_preprocessed_ns.c to `signing_layout_ns.c`
** image_macros_preprocessed_s.c to `signing_layout_s.c`
* `MCUBOOT_IMAGE_NUMBER` is set to 2 by default for TF-M v1.2,
therefore it is necessary that Mbed OS compiles the right macros
for when linking and using the partition files.
The script changes are required with respect to TF-M v1.2
integration for this target. The imgtool.py is been replaced with
`wrapper.py` which uses click command to run the signing algorithm.
The version `-v` and dependencies `-d` have been updated to resolve
upgrade issues from TF-M v1.1 --> v1.2
* Partition files are synced with TF-M v1.2
* To have uniformity with TF-M v1.2, rename the following:
** image_macros_preprocessed_ns.c to `signing_layout_ns.c`
** image_macros_preprocessed_s.c to `signing_layout_s.c`
* `MCUBOOT_IMAGE_NUMBER` is set to 2 by default for TF-M v1.2,
therefore it is necessary that Mbed OS compiles the right macros
for when linking and using the partition files
** Workaround **
The `region_defs.h` has an explicit definition of `BL2`, even
though it is already defined in target.json for `ARM_MUSCA_B1`.
This is because of Mbed CLI 1, as it can't seem to use the right
macro when linking the files for Mbed OS application when using
the ARMCLANG toolchain.
The PSA headers imported from TF-M does not contain a declaration of
mbedtls_ecc_group_to_psa(), which is expected by pk.c from Mbed TLS.
This leads to an "undefined symbol" error when using the ARM toolchain
to compile an application for a TF-M target.
These files have been imported/copied from:
* ARMmbed/trusted-firmware-m
* ARMmbed/tf-m-tests
These are generic files, which are required for TF-M v1.2 integration
with Mbed OS for PSA_V8M and PSA_DUAL_CORE targets.
Rather than maintaining a specific `TARGET_TFM_V1_x`, its better to use
more generic name `TARGET_TFM_LATEST` to avoid confusion on the latest
TFM version supported by Mbed OS
* Rename the folder from `TARGET_TFM_V1_1` to `TARGET_TFM_LATEST`
* Update the CmakeLists.txt
* Change the name of the MUSCA targets to maintain uniformity
with TF-M v1.2
* Update target.json for PSA_V8_M to use `TFM_LATEST`
Files have been automatically imported by setting MBED_TLS_RELEASE to
mbedtls-2.24.0 in connectivity/mbedtls/tools/importer/Makefile and
running `make` in that directory.
In `targets.json`, the base target ARM_MPS2_Target does not have `iar`
in `supported_c_libs`. But its inherited targets have `IAR` in
`supported_toolchains`, causing configuration check to fail.
Modify scatter files to specify heap load region and add small libraries
to list of supported libraries in target.json.# Please enter the commit message for your changes. Lines starting
- Make packet trace optional, can be enabled by enabling macro
STM32xx_DEEP_TRACE
- Shorten traces during driver initialisation to avoid problems with
driver startup when soft reset is used.
This needs to be removed as there should not be a
name requirement for application CMake variable name.
Furthermore, in certain uses cases it prevents
successful builds for some Mbed targets. For instance
when building Greentea test applications for Mbed
targets that require post build operations as they do
not define APP_TARGET.
This commit introduces a default application start address (`0x1000`) and size limitation (`0xDF000`) to accomodate the Nordic USB bootloader.
The bootloader consists of a master boot record in flash from address `0x0` to `0x1000` and the actual bootloader application starting at `0xE0000` to the end of flash (`0x100000`). The bootloader enables firmware updates over USB using nRF Connect for Desktop.
More documentation regarding the open bootloader can be found here: https://infocenter.nordicsemi.com/topic/sdk_nrf5_v17.0.2/ble_sdk_app_open_bootloader.html
This commit introduces an option, `ep-atlas.enable-usb-stdio-console`, that will retarget the Mbed stdio console handle to a USBSerial instance if enabled.
Please note that if your application uses USB, it will conflict with this option. You should disable this option and implement a composite USB device in your application if you require stdio over USB.
This option is disabled by default so it will not cause issues with existing user code.
This commit introduces an implementation of the `subtarget_sdk_init` startup hook (called during `mbed_sdk_init`) that configures the internal regulators of the nRF52840.
The configuration sets up the internal regulator to output 3.3V. If this is not done, the default system voltage may be too low for the on-board indicator LEDs to conduct (ie: system voltage is lower than LED forward voltage).
The `mbed_sdk_init` startup hook is implemented at the NRF52-series level and so is unavailable for override. This commit adds an additional startup hook for NRF52 subtargets to perform any other startup initialization required.
Lingkai Dong
Vikas Katariya
Martin Kojtal
Harrison Mutai
Hugues Kamba
Johannes Stratmann
Jost, Chris
Arto Kinnunen
jeromecoutant
George Beckstein