Move /val and /pal directories into /test_abstraction_layers directory
and combine into one CMake target, mbed-psa-tal. Moved into seperate
directory in order to have own CMakeLists.txt, rather than adding to
/TARGET_MBED_PSA_SRV CMake file.
Assumption that greentea test file is always named main.cpp is
incorrect. Updated mbed_greentea_add_test() macro to make TEST_SOURCES
parameter compulsory, which is used to specify greentea test
file(s). This allows tests to use C, or have a different name.
Therefore also updated all pre-existing greentea test CMake files to
explicity add main.cpp to TEST_SOURCES.
If one called mbed_trace_free() but continued using the trace (which
is a supported use case), the already freed tmp_data buffer was used
by tr_array().
This was spotted by Valgrind on some unit tests which do enable the
trace only temporarily for some of the tests.
Error being fixed in this PR:
--8<--8<--8<---
==5865== Invalid write of size 1
==5865== at 0x2639BB: mbed_trace_array (mbed_trace.c:569)
<...>
==5865== Address 0x5dc79d0 is 0 bytes inside a block of size 128 free'd
==5865== at 0x4C32D3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5865== by 0x262723: mbed_trace_free (mbed_trace.c:192)
<...>
==5865== Block was alloc'd at
==5865== at 0x4C31B0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5865== by 0x262548: mbed_trace_init (mbed_trace.c:162)
<...>
Typically when adding a unit test directory to a CMake project a check
will be used to ensure the subdirectory is added only if the following
are true:
* The BUILD_TESTING option is set to ON.
* The current CMake project is the top-level project.
The reason being, if a downstream project includes our project they
generally don't want to build our unit tests.
In mbed-os, we do correctly specify the above condition before adding
the central UNITTEST subdirectory, which fetches googletest and adds the
"stub" libraries the unit tests depend on. However, we only check if
CMAKE_CROSSCOMPILING is OFF (or undefined) before actually adding the
unit tests. This mismatched logic would lead to unexpected build
failures in various scenarios. One likely case could be: a downstream
project including mbed-os happens to set CMAKE_CROSSCOMPILING to
OFF/undefined for any reason (possibly to build its own unit tests).
mbed-os would go ahead and attempt to build its tests without fetching
googletest or adding the required stub targets.
To fix the issue replace the check for CMAKE_CROSSCOMPILING in the unit
tests with the same BUILD_TESTING idiom we use for adding the central
UNITTESTS subdirectory.
- Remove redundant cmake script as already added the CMake configuration file
- Remove redundant empty_baseline as it is no longer needed with the help of CMake configuration file
1. Configure non-secure target name to NU_M2354 (targets/targets.json). No NU_M2354_NS alias
2. Following template target, enable image signing and concatenating in post-build process
(1) Add post-build script (tools/targets).
(2) Enable TF-M custom build by centralize relevant stuff imported from TF-M (COMPONENT_TFM_S_FW).
3. Add M2354Code.merge_secure into whitelist of uvision6 (tools/export/uvision/__init__.py).
4. Add M2354 CMSIS pack database (tools/arm_pack_manager/index.json).
5. Configure stdio baudrate to 115200 to match TF-M port (platform/mbed_lib.json).
6. Define CMSIS_NVIC_VIRTUAL to override NVIC_SystemReset with TF-M version (cmsis_nvic_virtual.h).
7. Override tfm_ns_interface_xxx(...) to enable NS secure call:
(1) At pre-rtos stage
(2) In SVC context
8. Implement secure function call with tfm_platform_ioctl(...).
9. Combine stddriver_secure.h/c and hal_secure.h/c into platform_extra_secure.h/c.
10. Fix peripheral base to non-secure (PeripheralNames.h) (TrustZone-unaware since Mbed OS 6.0).
11. Fix NU_PORT_BASE/NU_GET_GPIO_PIN_DATA/NU_SET_GPIO_PIN_DATA to non-secure (PinNamesCommon.h) (TrustZone-unaware since Mbed OS 6.0).
12. NSC convention for StdDriver sys/clk (both TF-M and Mbed must follow)
(1) SYS_ResetModule
Usage: Replaced with SYS_ResetModule_S on Mbed OS
Action: Make it inaccessible from Mbed (neither source nor NSC). Provide SYS_ResetModule_S on Mbed via platform ioctl instead.
(2) CLK_GetXxx
Usage: Called in bpwm/i2s/qspi/sc/sdh and system_M2354 on Mbed OS
Action: Make them inaccessible from Mbed (neither source nor NSC). Re-provide them on Mbed via platform ioctl instead.
13. Remove DISABLE/ENABLE macro definitions in BSP to avoid name conflict with other modules
14. Change to TMR4/5 from TMR2/3 for implementing us_ticker/lp_ticker because TMR2 is used for TF-M NSPE test
15. Support cmake
NOTE: Export(uvision6) doesn't support TF-M target. To enable it for partial compile on Keil, force below function to return true.
is_target_supported(tools/export/uvision/__init__.py)
ARM Compiler 6 supports GNU-style assembly with armclang. Instead of
relying on armasm with the legacy syntax, GCC except.S is updated so
that it can be used with ARM as well as GCC_ARM toolchains. CMake is
updated to use this version.
The macros `TARGET_PSA` and `COMPONENT_PSA_SRV_IPC` no longer exist.
The former is replaced by `COMPONENT_PSA` which is also a directory
where the tests are located, so its check can be assumed true.
The latter is not applicable to Mbed OS PSA and can be assumed false.
Note: The entropy_inject test is skipped by default unless a user
manually configures the required `MBEDTLS_ENTROPY_NV_SEED`.
A Greentea test is detectable by Mbed CLI 1 only if it's two-levels
deep inside a `TESTS` directory, e.g. `TESTS/foo/bar/main.cpp`. But
several Mbed OS PSA tests are only one-level deep. This commit fixes
the issue by adding an extra level of directory.
TF-M v1.0 implements an older version of PSA and does not have the macro
`PSA_ALG_ECB_NO_PADDING` required by
`mbedtls_psa_translate_cipher_mode()` in Mbed TLS v2.25.0. Copy this
macro from Mbed TLS to fix the issue.
We have added definitions that are needed by Mbed TLS's PSK key exchange
but missing from TF-M's PSA to `mbedtls_svc_key_id.h`. To pick up those
definitions, TF-M's `psa/crypto_values.h' needs to include
`mbedtls_svc_key_id.h`.
In order for Mbed TLS to use the PSA Crypto API, definitions of
`MBEDTLS_SVC_KEY_ID_INIT`, `mbedtls_svc_key_id_t` and
`mbedtls_svc_key_id_is_null()` need to be present but are not provided
by the PSA headers from TF-M.
To solve this issue, this commit copies those definitions from Mbed
TLS's original `psa/crypto_types.h` and `psa/crypto_values.h` into a
separate `mbedtls_svc_key_id.h` for TF-M PSA.
The gray-on-black color code used for debug level print-out in
mbed_trace is hard to read. Bright-blue-on-black increases the
brightness of the text without over shadowing the info level
default (white-on-black), thus making it easier to read while
maintaining the original intention.
For original color set MBED_TRACE_COLOR_THEME to 1.
We used to require INITIAL_SP as rtx target headers define it. This should not be required, as
cmsis already defines symbol __INITIAL_SP for all toolchains.
Fixes#14432
Include mbedtls_ecc_group_to_psa.h from crypto_extra.h so that clients
of PSA within Mbed OS do not need to behave differently depending on
which PSA implementation they are using.
This solution is not ideal as it makes it more difficult to update the
TF-M-provided psa/crypto_extra.h. We'll have to see what other options
we have for including additional headers based on the Mbed OS
configuration.
We'd like to enable Mbed TLS's PK module in using TF-M's PSA
implementation, even if it doesn't expose the same set of PSA extensions
as Mbed TLS's PSA implementation. To do this, we add
mbedtls_ecc_group_to_psa() in its own header available when using the
latest TF-M.
Add mbedtls_ecc_group_to_psa(), one of Mbed TLS's PSA compatibility
helpers, for internal use by the Mbed TLS PK module. Without this
conversion function, the Mbed TLS PK module is unable to use any PSA
implementation other than one which provides a compatible set of PSA
extensions.
Update CMAKE_MODULE_PATH at once place.
Note, we update also CMAKE_MODULE_PATH in app.cmake. This is temporary until we get a proper way to include
Mbed Os (removing app.cmake need to be included by an application).
CMAKE_CURRENT_LIST_DIR behaves differently in functions. We store it in the CMakeLists itself, so anyone
calling a function would get the actual list dir where the scripts are.
To illustrate: if I call a function from src/CMakelists.txt, function located in src/scripts, `CMAKE_CURRENT_LIST_DIR` in the function would point
to the src/ folder but not to src/scripts.
The new Apple M1 Mac computers are ARM based. When compiling and running
unit tests on an M1 Mac, the architecture is defined as __arm__
An extra check for __aarch64__ is needed to set MBED_EXCLUSIVE_ACCESS to 0U for the M1
Mac
If not, compilation fails with "Unknown ARM architecture for exclusive access" error
Some host operating systems are case-insensitive and cannot
distinguish (for example) `semaphore.h` in `os_wrapper` from
`Semaphore.h` from Mbed OS `rtos`. This causes the wrong header to be
included.
By adding `os_wrapper/.mbedignore`, we guarantee that
#include "Semaphore.h"
always points to `rtos/Semaphore.h`, while the fully-qualified include
#include "os_wrapper/semaphore.h"
continues to work because its parent directory is still in the include
path.
Previous, we patched TF-M to replace its OS wrapper with CMSIS RTOS
to resolve manage management issue when integrated with Mbed OS. But
as of TF-M v1.2, the OS wrapper has been reworked in the vanilla TF-M,
and now it makes identical calls to its underlying CMSIS RTOS as our
patches do. So, we remove our patches and use vanilla TF-M's OS
wrapper instead to avoid extra maintenance overhead.
This commit re-imports TF-M files associated with the OS wrapper.
This commit adds post binary hook support for TF-M targets.
To apply this hook to a TF-M target, do the following in the target's
`CMakeLists.txt`:
* include `mbed_set_post_build_tfm.cmake`
* call `mbed_post_build_tfm_sign_image()`, passing
- Mbed OS target name
- TF-M target name
- path containing the target's bootloader, layout files and signing
keys
- path to the secure binary
- path to the non-secure binary (i.e. the "raw" Mbed application)
Mbed TLS 2.24.0 requires a few new macros and an inline function in
the PSA Crypto header. This PR adds them to make sure the TF-M v1.0
target (specifically CYTFM_064B0S2_4343W) continues to compile with
the new Mbed TLS.
Note: Support for older versions of TF-M than v1.2 will be dropped,
so existing TF-M targets should migrate to TF-M v1.2 as soon as
possible.
Setting/getting key enrollment algorithm is not recommended and not
part of the vanilla PSA or TF-M. For now keep the API just for
backward compatibility with existing projects, and this commit
adds deprecation warnings.
Add `psa_set_key_enrollment_algorithm()` and
`psa_get_key_enrollment_algorithm()` for TF-M targets.
Note: This is deprecated and for backward compatibility only.
Setting an enrollment algorithm is not recommended, because
using the same key with different algorithms can allow some
attacks based on arithmetic relations between different
computations made with the same key, or can escalate harmless
side channels into exploitable ones. Use this function only
if it is necessary to support a protocol for which it has been
verified that the usage of the key with multiple algorithms
is safe.
The PSA headers imported from TF-M does not contain a declaration of
mbedtls_ecc_group_to_psa(), which is expected by pk.c from Mbed TLS.
This leads to an "undefined symbol" error when using the ARM toolchain
to compile an application for a TF-M target.
These files have been imported/copied from:
* ARMmbed/trusted-firmware-m
* ARMmbed/tf-m-tests
These are generic files, which are required for TF-M v1.2 integration
with Mbed OS for PSA_V8M and PSA_DUAL_CORE targets.
Rather than maintaining a specific `TARGET_TFM_V1_x`, its better to use
more generic name `TARGET_TFM_LATEST` to avoid confusion on the latest
TFM version supported by Mbed OS
* Rename the folder from `TARGET_TFM_V1_1` to `TARGET_TFM_LATEST`
* Update the CmakeLists.txt
* Change the name of the MUSCA targets to maintain uniformity
with TF-M v1.2
* Update target.json for PSA_V8_M to use `TFM_LATEST`
Files have been automatically imported by setting MBED_TLS_RELEASE to
mbedtls-2.24.0 in connectivity/mbedtls/tools/importer/Makefile and
running `make` in that directory.
Hari Limaye
Arto Kinnunen
Antti Kauppila
Tero Jääskö
Tymoteusz Bloch
Meano
mbedmain
Martin Kojtal
Robert Walton
Rajkumar Kanagaraj
Chun-Chieh Li
Werner Lewis
Anna Bridge
Lingkai Dong
Jaeden Amero
Marcus Chang
plan-do-break-fix
Maciej Bogusz
Ladislas de Toldi
George Psimenos
jeromecoutant
Saheer Babu
Vikas Katariya
caodd
Hugues Kamba
Marc Emmers