The signing keys were previously imported from trusted-firmware-m
and located in mbed-os/tools/targets/musca_* (path for Mbed CLI 1).
This PR copie them into each target's directory as per the
convention of the new tools. Keys in the old path remain untouched
for backward compatibility, but they will be eventually removed
once we stop supporting Mbed CLI 1.
In targets.json, ARM_MUSCA_B1 and ARM_MUSCA_S1 have alias target
names suffixed with `_NS`. They are identical to targets without
`_NS` and exist purely for compatibility with the old naming
convention we had. The CI builds them as separate targets and uses
extra resources.
As we are upgrading Musca targets to TF-M v1.2, it's time to clean
up the aliases.
The vector table needs to be copied from ROM to RAM, in order for us
to set IRQ handlers at run time. The address in RAM is defined by
`NVIC_RAM_VECTOR_ADDRESS` in `cmsis_nvic.h`, but its inclusion
was missing from Musca S1's `cmsis.h` and consequently the vector
table was not copied.
On most targets this results in a memory access error when we set
vectors. But Musca S1's ROM is in its MRAM (which can be accessed
like any RAMs), and this causes the ROM image to be modified
with no error/warning. On the next boot, MCUboot fails the image
integrity check.
This commit adds the missing include, in the same spirit as
01dd997d55.
* Partition files are synced with TF-M v1.2
* To have uniformity with TF-M v1.2, rename the following:
** image_macros_preprocessed_ns.c to `signing_layout_ns.c`
** image_macros_preprocessed_s.c to `signing_layout_s.c`
* `MCUBOOT_IMAGE_NUMBER` is set to 2 by default for TF-M v1.2,
therefore it is necessary that Mbed OS compiles the right macros
for when linking and using the partition files.
* Partition files are synced with TF-M v1.2
* To have uniformity with TF-M v1.2, rename the following:
** image_macros_preprocessed_ns.c to `signing_layout_ns.c`
** image_macros_preprocessed_s.c to `signing_layout_s.c`
* `MCUBOOT_IMAGE_NUMBER` is set to 2 by default for TF-M v1.2,
therefore it is necessary that Mbed OS compiles the right macros
for when linking and using the partition files
** Workaround **
The `region_defs.h` has an explicit definition of `BL2`, even
though it is already defined in target.json for `ARM_MUSCA_B1`.
This is because of Mbed CLI 1, as it can't seem to use the right
macro when linking the files for Mbed OS application when using
the ARMCLANG toolchain.
The heap size was incorrectly calculated.
This fixes it by subtracting the Stack size, any memory chunks allocated
before the start of the application (for vectors and/or crash report), and
finally the size of the application from the total RAM size.
Add license identifier to files which Arm owns the copyright to,
and contain either BSD-3 or Apache-2.0 licenses. This is to address
license errors raised by scancode analysis.
Workaround a bug where the boot stack size configuration option is not
passed on to armlink, the Arm Compiler's linker. Prefer
MBED_CONF_TARGET_BOOT_STACK_SIZE if present, as this is what the
configuration system should provide. Fall back to MBED_BOOT_STACK_SIZE
if MBED_CONF_TARGET_BOOT_STACK_SIZE is not defined, as in the case of
buggy tools. If both MBED_CONF_TARGET_BOOT_STACK_SIZE and
MBED_BOOT_STACK_SIZE are not defined, then we fall back to a hard-coded
value provided by the linkerscript. See
https://github.com/ARMmbed/mbed-os/issues/13474 for more information.
To allow overriding of the boot stack size from the Mbed configuration
system, consistently use MBED_CONF_TARGET_BOOT_STACK_SIZE rather than
MBED_BOOT_STACK_SIZE.
Fixes#10319
Add TF-M to Mbed OS, replacing the previous PSA implementation for
TF-M-capable targets. This commit adds files imported from TF-M, without
modification. The version of TF-M imported can be found in
`features/FEATURE_PSA/TARGET_TFM/VERSION.txt`.
These changes switch to TF-M as the sole PSA implementation for v8-M and
dual core targets, with TF-M running on the secure side and Mbed OS
running on the non-secure side. Single core v7-M targets will continue
to have PSA implemented via PSA emulation, implemented by Mbed OS.
Move or remove many PSA-implementing files, as PSA will be provided by
TF-M on non-single-v7-M targets. Delete any files that are not relevant
for PSA emulation mode.
- Remove imported TF-M SPM
- Remove Mbed SPM and tests
- Remove Mbed-implemented PSA services and tests
- Remove PSA_SRV_IMPL, PSA_SRV_IPC, PSA_SRV_EMUL and NSPE.
- Replace PSA_SRV_EMUL and PSA_SRV_IMPL with MBED_PSA_SRV
- Remove any files autogenerated by
"tools/psa/generate_partition_code.py", which no longer exists.
Add new feature `PSA` to support PSA in Mbed OS.
Move the Mbed OS implementation of PSA services for v7-M targets (which
employ PSA emulation, and don't yet use TF-M) to
features/FEATURE_PSA/TARGET_MBED_PSA_SRV. Update the `requires`
attribute in TESTS/configs/baremetal.json to avoid breaking baremetal
testing builds.
Update .astyleignore to match new directory structure
Update Mbed TLS importer to place files into FEATURE_PSA
Create the following generic PSA targets:
* `PSA_Target` (Root level PSA generic target)
* `PSA_V7_M` (Single v7-M PSA generic target)
* `PSA_DUAL_CORE` (Dual-core PSA generic target)
* `PSA_V8_M` (v8-M PSA generic target)
Flatten MUSCA_NS and private MUSCA targets into public MUSCA targets.
Move mcuboot.bin to flat location (removing prebuilt folder)
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
The header `cmsis_nvic.h` defines vector start address in RAM
`NVIC_RAM_VECTOR_ADDRESS` which is used in
`mbed_boot.c:mbed_cpy_nvic()`. But `mbed_boot.c` only includes
`cmsis.h`. Due to this `mbed_cpy_nvic` becomes an empty function and the
vectors don't get relocated to RAM. This causes BusFault error when Mbed
OS tries to update any of the IRQ handlers.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Currently, the final binary (TF-M + Mbed OS) is signed after
concatenating TF-M and Mbed OS binaries. But TF-M signs the images
separately and then concatenates them. Update the Musca B1 signing
strategy to match TF-M.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Use instead the general TF-M v8-M virtual NVIC which will be added in
the commit that replaces Mbed PSA with TF-M PSA:
features/FEATURE_PSA/TARGET_TFM/TARGET_TFM_V8M/src/cmsis_nvic_virtual.c
Make the MUSCA_B1 target TF-M compatible by doing the following:
- Add flash, region definitions, and preprocessed image macros from
TF-M (at version 6e7be077eabe "Core: Add lifecycle API")
- Update the MUSCA_B1 linker script to create a flash image
compatible with TF-M.
- Update the tfm/bin_utils/assemble.py signing script to work with
preprocessed image macros rather than flat C pre-processor defines
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
Make the MUSCA_A1 target TF-M compatible by doing the following:
- Add flash, region definitions, and preprocessed image macros from
TF-M (at version 6e7be077eabe "Core: Add lifecycle API")
- Update the MUSCA_A1 linker script to create a flash image
compatible with TF-M.
- Update the tfm/bin_utils/assemble.py signing script to work with
preprocessed image macros rather than flat C pre-processor defines
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
Remove PSA v8-M S target binaries will be built outside of Mbed OS and
added in as binaries which NS targets consume. Mbed OS no longer
implements PSA for v8-M targets, so there is no reason for it to build
PSA S targets.
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
Lingkai Dong
Vikas Katariya
Martin Kojtal
Hugues Kamba
Harrison Mutai
Mark Horvath
Gabor Toth
Jaeden Amero
Marcelo Salazar
Devaraj Ranganna
Gabor Abonyi
Rajkumar Kanagaraj