* Start working on fixing doxygen warnings
* Upgrade doxyfile to Doxygen 1.9.1
* Clean up some unmatched groups and add some exclusions
* Fix docs for rtos::ThisThread not showing up
* Fix up KV store docs
* Fix incorrect @files, some more incorrect groups
* Fix lots of broken links
* Start fixing mbedtls groups
* Fix more mbedtls docs
* Fix remaining mbedtls files with missing or incorrect grouping
* Fix a huge amount of PSA docs errors
* Fix a few more mbedtls docs errors
* Fix __cplusplus not defined for docs, clean up call in callback typedef, fix some docs errors
* Fix some broken doc links in HAL headers
* Fix more PSA doc errors
* Fix some doxygen errors in networking code
* Fix lots of network related doc errors
* Try and fix some CI failures
* Use Doxygen Action instead of doxygen in Mbed container to get the right version
* Try removing docs check
* Add first part of doxygen action
* Add next part of doxygen action
* Fix yaml syntax error
* Add in license check fix
* Try using verbose scancode
* Fix some more docs issues, workaround scancode-toolkit#3179
* Clean up the LoRaRadio get_state() function on each implementation. Also fix some other compile and doc errors.
* Fix all remaining doxygen errors
* Fix escaping, for realsies this time
* Remove Doxygen unsupported config options, fix some more get_status() declarations
* Fix some UNITTESTS build errors
* Fix one more compile error
* Another unittest error
* First attempt at converting to OBJECT libraries. Not working due to more object library limitations
* Only compile the main libraries as OBJECT, because that's all that CMake can be made to do right now.
* Fix availability of target-specific flags
* Missed some usages
* Fix some STM32 ethernet stuff that was not linking correctly
* More fixes for STM32 ethernet and weak symbols
* Fix prebuilt object file linking for MUSCA_S1
* Fix STM32 eth init license headers
PSA_ALG_AEAD_WITH_TAG_LENGTH has been replaced with
PSA_ALG_AEAD_WITH_SHORTENED_TAG upstream. We could just update
psa_util.h to use the new macro, but we still have some targets that
only support older versions of PSA, so we reinstate the removed macro.
We have added definitions that are needed by Mbed TLS's PSK key exchange
but missing from TF-M's PSA to `mbedtls_svc_key_id.h`. To pick up those
definitions, TF-M's `psa/crypto_values.h' needs to include
`mbedtls_svc_key_id.h`.
Include mbedtls_ecc_group_to_psa.h from crypto_extra.h so that clients
of PSA within Mbed OS do not need to behave differently depending on
which PSA implementation they are using.
This solution is not ideal as it makes it more difficult to update the
TF-M-provided psa/crypto_extra.h. We'll have to see what other options
we have for including additional headers based on the Mbed OS
configuration.
tfm_ns_interface.c is intended to be overriden by clients to support
different targets. We copy this file from upstream into the mbed-os
platform library. We also have a specific "strong" overridden version
for the NU_M2354 target, which is located in its target library.
Previously the implementations in the platform library were decorated
with __attribute__(weak), and we provided a strong definition for the
NU_M2354 target. This worked fine because of weak linking, the linker
will pick the first "strong" definition and use that, avoiding any ODR
violations. However, upstream have removed __attribute__(weak) from the
function definitions, which caused multiply defined symbol errors when
trying to build the NU_M2354 target.
To work around the above issue, we remove the common definition in the
platform library; instead we copy the file to the Musca B1 and Musca S1
target libaries. This means the appropriate tfm_ns_interface.c is only
included in the build when compiling for the specific target which uses
it.
The PSA Attestation test suite requires full RTOS. There is no need
to explicitly check PSA support, because when we build all greentea
tests from the top of Mbed OS, PSA tests only get included if PSA is
enabled.
On a target that doesn't support Firmware Update, compilation still works, and any attempt to call the Firmware Update API returns a runtime error which is good enough.
When building greentea tests, each test is an executable with its
own output binary path. This is also the case when a user project
produces multiple executables. But the current implementation of
post-build operations always assumes there's only one executable,
at the root of the build directory.
The post-build command depends on Mbed target, and it always takes
the the executable we build as an input file. To achieve this, we
let each Mbed target (that has a post-build command) define a function
function(mbed_post_build_function target)
which takes a CMake executable target as an argument from which it can
get its binary path using generator expressions. It generates and adds
to the passed executable target a post-build custom command.
Notes:
* The function name needs to be exact, because CMake only supports
literal function calls - CMake can't dereference a function name from
a variable. To avoid multiple definitions of this function, each Mbed
target needs to guard it with a macro to check if the user is
building this Mbed target.
* `mbed_post_build_function()` is a function, but it is usually
defined by another macro rather than a parent function, because
nesting functions would make many variables inaccessible inside the
innermost `mbed_post_build_function()`.
* There's no more need to force regenerate images. Previously, post-
build commands were custom *targets* which always got to run, so we
force regenerated images on every build to avoid patching an image
that's already been patched once on previous build. Now post-build
commands are custom *commands* of the same executable target, and they
are only run if the executable target itself is rebuilt.
subprocess.PIPE is used to enable the parent process to communicate with
the subprocess via pipes, which mean all stdout and stderr messages are
captured and returned as part of Popen.communicate's result tuple.
In our case, we want to display the error messages on the console, so we
don't need to capture the output from stdout.
Example of a typical error message before this change:
```
Traceback (most recent call last):
File "platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_TFM/TARGET_TFM_LATEST/scripts/generate_mbed_image.py", line 197, in <module>
sign_and_merge_tfm_bin(args.tfm_target, args.target_path, args.non_secure_bin, args.secure_bin)
File "platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_TFM/TARGET_TFM_LATEST/scripts/generate_mbed_image.py", line 81, in sign_and_merge_tfm_bin
" secure binary, Error code: " + str(retcode))
Exception: Unable to sign musca_b1 secure binary, Error code: 1
```
Example of the error message after this change:
```
Traceback (most recent call last):
File "/mbed-os/tools/psa/tfm/bin_utils/wrapper.py", line 13, in <module>
import click
ModuleNotFoundError: No module named 'click'
Traceback (most recent call last):
File "platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_TFM/TARGET_TFM_LATEST/scripts/generate_mbed_image.py", line 194, in <module>
sign_and_merge_tfm_bin(args.tfm_target, args.target_path, args.non_secure_bin, args.secure_bin)
File "platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_TFM/TARGET_TFM_LATEST/scripts/generate_mbed_image.py", line 80, in sign_and_merge_tfm_bin
raise Exception("Unable to sign " + target_name +
Exception: Unable to sign musca_b1 secure binary, Error code: 1
```
This is a significant improvement as now you can see what the reason for
the failure was.
Move /val and /pal directories into /test_abstraction_layers directory
and combine into one CMake target, mbed-psa-tal. Moved into seperate
directory in order to have own CMakeLists.txt, rather than adding to
/TARGET_MBED_PSA_SRV CMake file.
The macros `TARGET_PSA` and `COMPONENT_PSA_SRV_IPC` no longer exist.
The former is replaced by `COMPONENT_PSA` which is also a directory
where the tests are located, so its check can be assumed true.
The latter is not applicable to Mbed OS PSA and can be assumed false.
Note: The entropy_inject test is skipped by default unless a user
manually configures the required `MBEDTLS_ENTROPY_NV_SEED`.
A Greentea test is detectable by Mbed CLI 1 only if it's two-levels
deep inside a `TESTS` directory, e.g. `TESTS/foo/bar/main.cpp`. But
several Mbed OS PSA tests are only one-level deep. This commit fixes
the issue by adding an extra level of directory.
TF-M v1.0 implements an older version of PSA and does not have the macro
`PSA_ALG_ECB_NO_PADDING` required by
`mbedtls_psa_translate_cipher_mode()` in Mbed TLS v2.25.0. Copy this
macro from Mbed TLS to fix the issue.
We have added definitions that are needed by Mbed TLS's PSK key exchange
but missing from TF-M's PSA to `mbedtls_svc_key_id.h`. To pick up those
definitions, TF-M's `psa/crypto_values.h' needs to include
`mbedtls_svc_key_id.h`.
In order for Mbed TLS to use the PSA Crypto API, definitions of
`MBEDTLS_SVC_KEY_ID_INIT`, `mbedtls_svc_key_id_t` and
`mbedtls_svc_key_id_is_null()` need to be present but are not provided
by the PSA headers from TF-M.
To solve this issue, this commit copies those definitions from Mbed
TLS's original `psa/crypto_types.h` and `psa/crypto_values.h` into a
separate `mbedtls_svc_key_id.h` for TF-M PSA.
Include mbedtls_ecc_group_to_psa.h from crypto_extra.h so that clients
of PSA within Mbed OS do not need to behave differently depending on
which PSA implementation they are using.
This solution is not ideal as it makes it more difficult to update the
TF-M-provided psa/crypto_extra.h. We'll have to see what other options
we have for including additional headers based on the Mbed OS
configuration.
We'd like to enable Mbed TLS's PK module in using TF-M's PSA
implementation, even if it doesn't expose the same set of PSA extensions
as Mbed TLS's PSA implementation. To do this, we add
mbedtls_ecc_group_to_psa() in its own header available when using the
latest TF-M.
Add mbedtls_ecc_group_to_psa(), one of Mbed TLS's PSA compatibility
helpers, for internal use by the Mbed TLS PK module. Without this
conversion function, the Mbed TLS PK module is unable to use any PSA
implementation other than one which provides a compatible set of PSA
extensions.
Update CMAKE_MODULE_PATH at once place.
Note, we update also CMAKE_MODULE_PATH in app.cmake. This is temporary until we get a proper way to include
Mbed Os (removing app.cmake need to be included by an application).
CMAKE_CURRENT_LIST_DIR behaves differently in functions. We store it in the CMakeLists itself, so anyone
calling a function would get the actual list dir where the scripts are.
To illustrate: if I call a function from src/CMakelists.txt, function located in src/scripts, `CMAKE_CURRENT_LIST_DIR` in the function would point
to the src/ folder but not to src/scripts.
Some host operating systems are case-insensitive and cannot
distinguish (for example) `semaphore.h` in `os_wrapper` from
`Semaphore.h` from Mbed OS `rtos`. This causes the wrong header to be
included.
By adding `os_wrapper/.mbedignore`, we guarantee that
#include "Semaphore.h"
always points to `rtos/Semaphore.h`, while the fully-qualified include
#include "os_wrapper/semaphore.h"
continues to work because its parent directory is still in the include
path.
Previous, we patched TF-M to replace its OS wrapper with CMSIS RTOS
to resolve manage management issue when integrated with Mbed OS. But
as of TF-M v1.2, the OS wrapper has been reworked in the vanilla TF-M,
and now it makes identical calls to its underlying CMSIS RTOS as our
patches do. So, we remove our patches and use vanilla TF-M's OS
wrapper instead to avoid extra maintenance overhead.
This commit re-imports TF-M files associated with the OS wrapper.
This commit adds post binary hook support for TF-M targets.
To apply this hook to a TF-M target, do the following in the target's
`CMakeLists.txt`:
* include `mbed_set_post_build_tfm.cmake`
* call `mbed_post_build_tfm_sign_image()`, passing
- Mbed OS target name
- TF-M target name
- path containing the target's bootloader, layout files and signing
keys
- path to the secure binary
- path to the non-secure binary (i.e. the "raw" Mbed application)
Jamie Smith
Jay Sridharan
Jamie Smith
Robert Walton
Lingkai Dong
Jaeden Amero
Martin Kojtal
Chun-Chieh Li
Hari Limaye
plan-do-break-fix