In Mbed Studio, debugging, based on pyOCD, requires Mbed OS application code starting on the sector boundary.
Modification list:
1. Update TF-M import assets with MCUboot header padding to sector aligned
2. Following above, change header size argument (-H) in wrapper.py command line
3. Following below, fix min-write-size (--align) to 4 (per flash_area_align()) in wrapper.py command line
https://docs.mcuboot.com/design.html#image-trailer
Related issue:
https://github.com/ARMmbed/mbed-os/issues/15417
Due to post-build script not supporting custom board, both the below UART configurations are enabled on NuMaker-IoT-M2354 board:
- UART0 PA7/PA6 enabled by bl2.bin
- UART0 PB9/PB8 enabled by tfm_s.bin and later by mbed
Both PA7/PA6 and PB9/PB8 enabled on UART0, PB8 gets disturbed and stdin mis-behaves on NuMaker-IoT-M2354 board.
NuMaker-M2354 : UART TX/RX = UART0 PA7/PA6
NuMaker-IoT_M2354 : UART TX/RX = UART0 PB9/PB8
This bugfix tries to enable post-build for custom board to some degree (not completely), with Mbed CLI.
NOTE: For Mbed CLI, the build process still sees NuMaker-M2354's partition/ and applies its mcuboot build options. Custom board must align on these.
1. In TF-M, fix NSPE interrupt-disabled NSC call broken. Check:
https://developer.trustedfirmware.org/T966
2. In TF-M, enable mcuboot log enabled forcibly. This is to help check firmware update process.
3. Update readme and script
Change MCUboot image versioning to meet requirements below:
1. Major.Minor.Revision must be non-decremental when used to derive security counter (-s 'auto').
2. Make Major.Minor.Revision+Build incremental to identify the firmware itself through psa_fwu_query().
3. Get around MCUboot failure with TF-M underestimated MAX_BOOT_RECORD_SZ
1. Change from single image boot to multiple image boot
2. SDH is configured to Secure for placing update firmware. It becomes inaccessible to Mbed.
3. Post-build script supports both multiple image boot and single image boot
4. Update readme to reflect above change
5. Increase forced_reset_timeout due to longer booting time for Greentea test
subprocess.PIPE is used to enable the parent process to communicate with
the subprocess via pipes, which mean all stdout and stderr messages are
captured and returned as part of Popen.communicate's result tuple.
In our case, we want to display the error messages on the console, so we
don't need to capture the output from stdout.
Example of a typical error message before this change:
```
Traceback (most recent call last):
File "platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_TFM/TARGET_TFM_LATEST/scripts/generate_mbed_image.py", line 197, in <module>
sign_and_merge_tfm_bin(args.tfm_target, args.target_path, args.non_secure_bin, args.secure_bin)
File "platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_TFM/TARGET_TFM_LATEST/scripts/generate_mbed_image.py", line 81, in sign_and_merge_tfm_bin
" secure binary, Error code: " + str(retcode))
Exception: Unable to sign musca_b1 secure binary, Error code: 1
```
Example of the error message after this change:
```
Traceback (most recent call last):
File "/mbed-os/tools/psa/tfm/bin_utils/wrapper.py", line 13, in <module>
import click
ModuleNotFoundError: No module named 'click'
Traceback (most recent call last):
File "platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_TFM/TARGET_TFM_LATEST/scripts/generate_mbed_image.py", line 194, in <module>
sign_and_merge_tfm_bin(args.tfm_target, args.target_path, args.non_secure_bin, args.secure_bin)
File "platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_TFM/TARGET_TFM_LATEST/scripts/generate_mbed_image.py", line 80, in sign_and_merge_tfm_bin
raise Exception("Unable to sign " + target_name +
Exception: Unable to sign musca_b1 secure binary, Error code: 1
```
This is a significant improvement as now you can see what the reason for
the failure was.
1. Configure non-secure target name to NU_M2354 (targets/targets.json). No NU_M2354_NS alias
2. Following template target, enable image signing and concatenating in post-build process
(1) Add post-build script (tools/targets).
(2) Enable TF-M custom build by centralize relevant stuff imported from TF-M (COMPONENT_TFM_S_FW).
3. Add M2354Code.merge_secure into whitelist of uvision6 (tools/export/uvision/__init__.py).
4. Add M2354 CMSIS pack database (tools/arm_pack_manager/index.json).
5. Configure stdio baudrate to 115200 to match TF-M port (platform/mbed_lib.json).
6. Define CMSIS_NVIC_VIRTUAL to override NVIC_SystemReset with TF-M version (cmsis_nvic_virtual.h).
7. Override tfm_ns_interface_xxx(...) to enable NS secure call:
(1) At pre-rtos stage
(2) In SVC context
8. Implement secure function call with tfm_platform_ioctl(...).
9. Combine stddriver_secure.h/c and hal_secure.h/c into platform_extra_secure.h/c.
10. Fix peripheral base to non-secure (PeripheralNames.h) (TrustZone-unaware since Mbed OS 6.0).
11. Fix NU_PORT_BASE/NU_GET_GPIO_PIN_DATA/NU_SET_GPIO_PIN_DATA to non-secure (PinNamesCommon.h) (TrustZone-unaware since Mbed OS 6.0).
12. NSC convention for StdDriver sys/clk (both TF-M and Mbed must follow)
(1) SYS_ResetModule
Usage: Replaced with SYS_ResetModule_S on Mbed OS
Action: Make it inaccessible from Mbed (neither source nor NSC). Provide SYS_ResetModule_S on Mbed via platform ioctl instead.
(2) CLK_GetXxx
Usage: Called in bpwm/i2s/qspi/sc/sdh and system_M2354 on Mbed OS
Action: Make them inaccessible from Mbed (neither source nor NSC). Re-provide them on Mbed via platform ioctl instead.
13. Remove DISABLE/ENABLE macro definitions in BSP to avoid name conflict with other modules
14. Change to TMR4/5 from TMR2/3 for implementing us_ticker/lp_ticker because TMR2 is used for TF-M NSPE test
15. Support cmake
NOTE: Export(uvision6) doesn't support TF-M target. To enable it for partial compile on Keil, force below function to return true.
is_target_supported(tools/export/uvision/__init__.py)
Fixes: #14153
The target CYTFM_064B0S2_4343W is signed using `cysecuretools` which
depends on `imgtool` managed by `pip`. However, Arm Musca targets
requires a modified/wrapped version of the image tool copied from
trusted-firmware-m + MCUboot.
To avoid conflicts in the version of `imgtool` used, we should only
add the copied version of `imgtool` to python's system path for
Musca targets instead of doing it globally for all targets.
The script changes are required with respect to TF-M v1.2
integration for this target. The imgtool.py is been replaced with
`wrapper.py` which uses click command to run the signing algorithm.
The version `-v` and dependencies `-d` have been updated to resolve
upgrade issues from TF-M v1.1 --> v1.2
The script changes are required with respect to TF-M v1.2
integration for this target. The imgtool.py is been replaced with
`wrapper.py` which uses click command to run the signing algorithm.
The version `-v` and dependencies `-d` have been updated to resolve
upgrade issues from TF-M v1.1 --> v1.2
- GPIO xml parsing correction (#13711)
- Octo SPI support
- bug correction
- warning style correction
- new TIM_MST choice algo
- full PinNames.h file creation
- output directory is now
targets_custom/TARGET_STM/TARGET_STM32XX/TARGET_STM32XXXX
This applies only to `ARM_MUSCA_B1` target
When MCUBOOT repo: UPSTREAM was set as default as part of TF-M 1.1
release, few things were changed:
MCUBOOT_IMAGE_NUMBER: '2'
MCUBOOT_UPGRADE_STRATEGY: 'OVERWRITE_ONLY'
MCUBOOT_HW_KEY: 'On'(default)
Therefore the signing strategy for Non-secure image (Mbed OS)
needs to be done with its own private key, which is validated during
boot.
Signed-off-by: Vikas Katariya <vikas.katariya@arm.com>
The API is_PSA_non_secure_target() uses obsolete labels to detect if a
target is PSA non-secure target and is not needed anymore.
Mbed OS depends on TF-M for PSA SPM and services. TF-M is built using
it's own build system. Therefore, we don't need to differentiate secure
and non-secure targets anymore in Mbed OS as all PSA targets in Mbed OS
are non-secure targets.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Current logic `is_TFM_target` relies on the availability of attribute
`tfm_target_name` to identify PSA targets. The API `is_TFM_target` is
used in pytest to validate PSA target configuration which again checks
the availability of `tfm_target_name`. If a target doesn't contain the
attribute `tfm_target_name` then this check will fail instead of
catching it. Therefore, we now check for `TFM` config option in `labels`
attribute.
The API `is_TFM_target()` returns true for Mbed OS PSA targets which are
supported by TF-M also.
Add a new API `is_PSA_target()` which returns true for all Mbed OS PSA
targets.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Add TF-M to Mbed OS, replacing the previous PSA implementation for
TF-M-capable targets. This commit adds files imported from TF-M, without
modification. The version of TF-M imported can be found in
`features/FEATURE_PSA/TARGET_TFM/VERSION.txt`.
These changes switch to TF-M as the sole PSA implementation for v8-M and
dual core targets, with TF-M running on the secure side and Mbed OS
running on the non-secure side. Single core v7-M targets will continue
to have PSA implemented via PSA emulation, implemented by Mbed OS.
Move or remove many PSA-implementing files, as PSA will be provided by
TF-M on non-single-v7-M targets. Delete any files that are not relevant
for PSA emulation mode.
- Remove imported TF-M SPM
- Remove Mbed SPM and tests
- Remove Mbed-implemented PSA services and tests
- Remove PSA_SRV_IMPL, PSA_SRV_IPC, PSA_SRV_EMUL and NSPE.
- Replace PSA_SRV_EMUL and PSA_SRV_IMPL with MBED_PSA_SRV
- Remove any files autogenerated by
"tools/psa/generate_partition_code.py", which no longer exists.
Add new feature `PSA` to support PSA in Mbed OS.
Move the Mbed OS implementation of PSA services for v7-M targets (which
employ PSA emulation, and don't yet use TF-M) to
features/FEATURE_PSA/TARGET_MBED_PSA_SRV. Update the `requires`
attribute in TESTS/configs/baremetal.json to avoid breaking baremetal
testing builds.
Update .astyleignore to match new directory structure
Update Mbed TLS importer to place files into FEATURE_PSA
Create the following generic PSA targets:
* `PSA_Target` (Root level PSA generic target)
* `PSA_V7_M` (Single v7-M PSA generic target)
* `PSA_DUAL_CORE` (Dual-core PSA generic target)
* `PSA_V8_M` (v8-M PSA generic target)
Flatten MUSCA_NS and private MUSCA targets into public MUSCA targets.
Move mcuboot.bin to flat location (removing prebuilt folder)
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
Currently, the final binary (TF-M + Mbed OS) is signed after
concatenating TF-M and Mbed OS binaries. But TF-M signs the images
separately and then concatenates them. Update the Musca B1 signing
strategy to match TF-M.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
When python3 is enforced to build the ARM_MUSCA_A1 or ARM_MUSCA_B1
targets, it is unable to find binary utility tool scripts which are
imported from TF-M.
The reason to use the python3 environment is as follows: Mbed OS + TFM
contained a faulty boot record TLV, which failed the attestation test
(TF-M regression). The data in the boot record TLV will be included in
the generated attestation token as 1 item in the SW_COMPONENTS claim.
This data (in the boot record TLV) is pre-encoded in CBOR format at
build time and appended to the image during the image signing process
(done by the imgtool Python3 script).
Signed-off-by: Vikas Katariya <vikas.katariya@arm.com>
Make the MUSCA_B1 target TF-M compatible by doing the following:
- Add flash, region definitions, and preprocessed image macros from
TF-M (at version 6e7be077eabe "Core: Add lifecycle API")
- Update the MUSCA_B1 linker script to create a flash image
compatible with TF-M.
- Update the tfm/bin_utils/assemble.py signing script to work with
preprocessed image macros rather than flat C pre-processor defines
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
Make the MUSCA_A1 target TF-M compatible by doing the following:
- Add flash, region definitions, and preprocessed image macros from
TF-M (at version 6e7be077eabe "Core: Add lifecycle API")
- Update the MUSCA_A1 linker script to create a flash image
compatible with TF-M.
- Update the tfm/bin_utils/assemble.py signing script to work with
preprocessed image macros rather than flat C pre-processor defines
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
Targets that use TF-M for their PSA implementation are not compatible
with exporters at this time. Explicitly block use of exporters with TF-M
using targets, for better error messages.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
The PSA-implementing secure binary is not built using Mbed OS build
tools anymore. Instead, the TrustedFirmware-M (TF-M) build system is
used to produce the secure binary. As such, we remove PSA related hooks
from the build system, remove PSA related scripts from tools/test
folder, and also remove the psa-autogen job from travis which was
running the now unecessary and removed generate_partition_code.py.
Remove the ability to generate new PSA binaries in the old manner, where
Mbed OS implements PSA. We don't yet remove any PSA binaries or break
the currently checked-in Mbed-implemented PSA support. PSA targets
integrated in the old manner will continue working at this point.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
Remove PSA v8-M S target binaries will be built outside of Mbed OS and
added in as binaries which NS targets consume. Mbed OS no longer
implements PSA for v8-M targets, so there is no reason for it to build
PSA S targets.
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
Chun-Chieh Li
Jaeden Amero
Robert Walton
Meano
Lingkai Dong
Vikas Katariya
jeromecoutant
Martin Kojtal
Gabor Toth
Roman Okhrimenko
Raymond Ngun
Devaraj Ranganna
Marcelo Salazar
George Beckstein
Taylor Heck