Workaround a bug where the boot stack size configuration option is not
passed on to armlink, the Arm Compiler's linker. Prefer
MBED_CONF_TARGET_BOOT_STACK_SIZE if present, as this is what the
configuration system should provide. Fall back to MBED_BOOT_STACK_SIZE
if MBED_CONF_TARGET_BOOT_STACK_SIZE is not defined, as in the case of
buggy tools. If both MBED_CONF_TARGET_BOOT_STACK_SIZE and
MBED_BOOT_STACK_SIZE are not defined, then we fall back to a hard-coded
value provided by the linkerscript. See
https://github.com/ARMmbed/mbed-os/issues/13474 for more information.
To allow overriding of the boot stack size from the Mbed configuration
system, consistently use MBED_CONF_TARGET_BOOT_STACK_SIZE rather than
MBED_BOOT_STACK_SIZE.
Fixes#10319
Add TF-M to Mbed OS, replacing the previous PSA implementation for
TF-M-capable targets. This commit adds files imported from TF-M, without
modification. The version of TF-M imported can be found in
`features/FEATURE_PSA/TARGET_TFM/VERSION.txt`.
These changes switch to TF-M as the sole PSA implementation for v8-M and
dual core targets, with TF-M running on the secure side and Mbed OS
running on the non-secure side. Single core v7-M targets will continue
to have PSA implemented via PSA emulation, implemented by Mbed OS.
Move or remove many PSA-implementing files, as PSA will be provided by
TF-M on non-single-v7-M targets. Delete any files that are not relevant
for PSA emulation mode.
- Remove imported TF-M SPM
- Remove Mbed SPM and tests
- Remove Mbed-implemented PSA services and tests
- Remove PSA_SRV_IMPL, PSA_SRV_IPC, PSA_SRV_EMUL and NSPE.
- Replace PSA_SRV_EMUL and PSA_SRV_IMPL with MBED_PSA_SRV
- Remove any files autogenerated by
"tools/psa/generate_partition_code.py", which no longer exists.
Add new feature `PSA` to support PSA in Mbed OS.
Move the Mbed OS implementation of PSA services for v7-M targets (which
employ PSA emulation, and don't yet use TF-M) to
features/FEATURE_PSA/TARGET_MBED_PSA_SRV. Update the `requires`
attribute in TESTS/configs/baremetal.json to avoid breaking baremetal
testing builds.
Update .astyleignore to match new directory structure
Update Mbed TLS importer to place files into FEATURE_PSA
Create the following generic PSA targets:
* `PSA_Target` (Root level PSA generic target)
* `PSA_V7_M` (Single v7-M PSA generic target)
* `PSA_DUAL_CORE` (Dual-core PSA generic target)
* `PSA_V8_M` (v8-M PSA generic target)
Flatten MUSCA_NS and private MUSCA targets into public MUSCA targets.
Move mcuboot.bin to flat location (removing prebuilt folder)
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
The header `cmsis_nvic.h` defines vector start address in RAM
`NVIC_RAM_VECTOR_ADDRESS` which is used in
`mbed_boot.c:mbed_cpy_nvic()`. But `mbed_boot.c` only includes
`cmsis.h`. Due to this `mbed_cpy_nvic` becomes an empty function and the
vectors don't get relocated to RAM. This causes BusFault error when Mbed
OS tries to update any of the IRQ handlers.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Currently, the final binary (TF-M + Mbed OS) is signed after
concatenating TF-M and Mbed OS binaries. But TF-M signs the images
separately and then concatenates them. Update the Musca B1 signing
strategy to match TF-M.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Use instead the general TF-M v8-M virtual NVIC which will be added in
the commit that replaces Mbed PSA with TF-M PSA:
features/FEATURE_PSA/TARGET_TFM/TARGET_TFM_V8M/src/cmsis_nvic_virtual.c
Make the MUSCA_B1 target TF-M compatible by doing the following:
- Add flash, region definitions, and preprocessed image macros from
TF-M (at version 6e7be077eabe "Core: Add lifecycle API")
- Update the MUSCA_B1 linker script to create a flash image
compatible with TF-M.
- Update the tfm/bin_utils/assemble.py signing script to work with
preprocessed image macros rather than flat C pre-processor defines
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
Make the MUSCA_A1 target TF-M compatible by doing the following:
- Add flash, region definitions, and preprocessed image macros from
TF-M (at version 6e7be077eabe "Core: Add lifecycle API")
- Update the MUSCA_A1 linker script to create a flash image
compatible with TF-M.
- Update the tfm/bin_utils/assemble.py signing script to work with
preprocessed image macros rather than flat C pre-processor defines
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
Remove PSA v8-M S target binaries will be built outside of Mbed OS and
added in as binaries which NS targets consume. Mbed OS no longer
implements PSA for v8-M targets, so there is no reason for it to build
PSA S targets.
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
Musca-B1 is a Cortex-M33 based target with security extension enabled.
- ARM_MUSCA_B1 is the non-secure target running mbed-os.
- ARM_MUSCA_B1_S is the secure target running TF-M.
- TF-M sources were imported and patched in previous commits.
- TF-M secure bootloader (McuBoot) for MUSCA_B1 is submitted by a
pre-built binary.
- A post-build hook concatenates The secure and non-secure binaries,
signs it and then concatenates the bootloader with the signed binary.
Change-Id: I4b36290941b5f0bb7aa7c12dda2f38b5c1e39ae2
Signed-off-by: Tamas Kaman <tamas.kaman@arm.com>
Signed-off-by: Gabor Abonyi <gabor.abonyi@arm.com>
ARM Compiler 6.13 testing revealed linker errors pointing out
conflicting use of `__user_setup_stackheap` and
`__user_initial_stackheap` in some targets. Remove the unwanted
`__user_initial_stackheap` from the targets - the setup is
centralised in the common platform code.
Looking into this, a number of other issues were highlighted
* Almost all targets had `__initial_sp` hardcoded in assembler,
rather than getting it from the scatter file. This was behind
issue #11313. Fix this generally.
* A few targets' `__initial_sp` values did not match the scatter
file layout, in some cases meaning they were overlapping heap
space. They now all use the area reserved in the scatter file.
If any problems are seen, then there is an error in the
scatter file.
* A number of targets were reserving unneeded space for heap and
stack in their startup assembler, on top of the space reserved in
the scatter file, so wasting a few K. A couple were using that
space for the stack, rather than the space in the scatter file.
To clarify expected behaviour:
* Each scatter file contains empty regions `ARM_LIB_HEAP` and
`ARM_LIB_STACK` to reserve space. `ARM_LIB_STACK` is sized
by the macro `MBED_BOOT_STACK_SIZE`, which is set by the tools.
`ARM_LIB_HEAP` is generally the space left over after static
RAM and stack.
* The address of the end of `ARM_LIB_STACK` is written into the
vector table and on reset the CPU sets MSP to that address.
* The common platform code in Mbed OS provides `__user_setup_stackheap`
for the ARM library. The ARM library calls this during startup, and
it calls `__mbed_user_setup_stackheap`.
* The default weak definition of `__mbed_user_setup_stackheap` does not
modify SP, so we remain on the boot stack, and the heap is set to
the region described by `ARM_LIB_HEAP`. If `ARM_LIB_HEAP` doesn't
exist, then the heap is the space from the end of the used data in
`RW_IRAM1` to the start of `ARM_LIB_STACK`.
* Targets can override `__mbed_user_setup_stackheap` if they want.
Currently only Renesas (ARMv7-A class) devices do.
* If microlib is in use, then it doesn't call `__user_setup_stackheap`.
Instead it just finds and uses `ARM_LIB_STACK` and `ARM_LIB_HEAP`
itself.
After adding DEVICE_SERIAL_FC guards to serial_api.h
serial_set_flow_control is not available. In case of this
implementation, this function is a no-op and may be safely removed.
Imports working McuBoot for reset.
Updates microsec ticker driver.
Default baudrate is set to 115200 to see TF-M boot messages.
Stack top is set to scatter file dependent and not hard-coded.
Musca-A1 is a Cortex-M33 based target with security extension enabled.
- ARM_MUSCA_A1 is the non-secure target running mbed-os.
- ARM_MUSCA_A1_S is the secure target running TF-M.
- TF-M sources were imported and patched in previous commits.
- TF-M secure bootloader (McuBoot) for MUSCA_A1 is submitted by a pre-built binary.
- A post-build hook concatenates The secure and non-secure binaries,
signs it and then concatenates the bootloader with the signed binary.
Martin Kojtal
Mark Horvath
Gabor Toth
Jaeden Amero
Vikas Katariya
Marcelo Salazar
Devaraj Ranganna
Gabor Abonyi
Rajkumar Kanagaraj
Tamas Kaman
Bence Kaposzta
Kevin Bracey
Filip Jagodzinski
Maciej Bocianski
Oren Cohen
Gabor Kertesz
Michael Schwarcz
Shawn Shan