mbed-os/tools/psa
Jaeden Amero 5c81d19bc1 psa: Document a test partition creation gotcha
The release script must be run from mbed-os root, otherwise the test
partition binaries will not be created. Add a note in the tool's README
to make this clear and hopefully help save someone some debugging time
in the future.
2019-09-02 17:10:59 +01:00
..
templates Update PSA code generator 2019-04-30 14:10:23 +03:00
tfm Update PSA code generator 2019-04-30 14:10:23 +03:00
README.md psa: Document a test partition creation gotcha 2019-09-02 17:10:59 +01:00
__init__.py Update PSA code generator 2019-04-30 14:10:23 +03:00
generate_partition_code.py Update PSA code generator 2019-04-30 14:10:23 +03:00
mbed_spm_tfm_common.py Update PSA code generator 2019-04-30 14:10:23 +03:00
partition_description_schema.json Consolidating tools/tfm and tools/spm into tools/psa 2019-02-19 15:19:06 +02:00
release.py PSA release script update: add toolchain option 2019-05-17 16:32:49 +02:00
spm_template_file_list.json Update PSA code generator 2019-04-30 14:10:23 +03:00

README.md

PSA tools

Code generation script

Mbed-OS contains two implementations of PSA Firmware Framework:

  • Mbed-SPM - Implementation for dual-core v7 targets.
  • TF-M - Implementation for v8 targets.

Both PSA Firmware Framework implementation impose the following requirements:

  • PSA manifests must be valid according to the JSON schema file provided by PSA FF spec.
  • There are no conflicts between various PSA manifests (duplicate SIDs and PIDs, dependencies, etc.)
  • Secure partition initialization code to be present at mbed-os core compile time.

To satisfy the requirement listed above, Mbed-OS build system invokes generate_partition_code.py script during the build process for PSA targets.

PSA code generation step has the following effects:

  • Scan the whole source tree for PSA manifest files, including application (in case invoked from application directory) and all the TESTS directories.
  • All found PSA manifest files get parsed and validated.
  • Source and header files for initializing SPM are generated. Test related partitions and SIDs are disabled by default by #ifndef guards. To enable them following defines must be passed to build command (typically done automatically via release.py):
    • -DUSE_PSA_TEST_PARTITIONS
    • -DUSE_<name> where <name> corresponds to the name in PSA manifest file ("name" property).

Secure image generation

release.py is the script assigned with compiling the default secure images.

For an application with custom secure portions, the secure image should be generated by invoking mbed-cli directly.

Note: when building targets utilizing TF-M PSA implementations, add the following arguments to a build command for the secure image: --app-config <mbed-os-root>/tools/psa/tfm/mbed_app.json

Usage

usage: release.py [-h] [-m MCU] [-t TC] [-d] [-q] [-l] [--commit]
                  [--skip-tests] [-x ...]

optional arguments:
  -h, --help           show this help message and exit
  -m MCU, --mcu MCU    build for the given MCU
  -t TC, --tc TC       build for the given tool chain (default is
                       default_toolchain)
  -d, --debug          set build profile to debug
  -q, --quiet          No Build log will be printed
  -l, --list           Print supported PSA secure targets
  --commit             create a git commit for each platform
  --skip-tests         skip the test build phase
  -x ..., --extra ...  additional build parameters
  • The script must be run from the mbed-os folder via tools/psa/release.py, otherwise the list of available tests will not be accurate and the test partitions will not be properly generated.
  • When MCU is not specified, the script compiles all the images for all the targets.
  • When -t/--tc is not specified, the script compiles with the default_toolchain speciified in targets.json.
  • When -d/--debug is not specified, the script compiles the images using the release profile.
  • When --commit is not specified, the script will not commit the images to git.
  • A user can specify additional commands that will be passed on to the build commands (Ex. -D for compilation defines).

This script should be run in following scenarios:

  • Release.
  • Update to files originating in the secure side.
  • Drivers update.
  • PSA updates.