I built with

In T911#10554, @davidhuziji wrote:

I will run the GCC version later to check if there are more warnings. Will collect all the warnings and fix them in one shot later.

Would fix after the release. Mark as a long term goal.

Hi Martin. I was referring to PSA FF-M, not FF-A. See the spec here, in Section 2.1.

Thanks @adrianlshaw for your comment. A multi-core TF-M design is indeed a different thing than this twin-cpu design or any of the implemented designs for multiple CPUs in TF-M.
Do I understand you correctly, that such a multi-core TF-M design would not be possible to design according to PSA FF-A guidelines, because no mutex is defined in these?
How is this problem handled in TF-A as the same PSA guidelines apply there?

Okay, I run into a fault when apply this patch on AN521, may need some investigations :
Running Test Suite Core non-secure interactive tests (TFM_CORE_TEST_2XXX)...

Executing 'TFM_CORE_TEST_2001'

Description: 'Interactive tests'

Segmentation fault

You will need to apply this patch in order for the interactive tests to function as without it the secure part will never build with that part enabled https://review.trustedfirmware.org/c/TF-M/tf-m-tests/+/9431
After applying that and building using:

cmake -DTFM_PLATFORM=lairdconnectivity/bl5340_dvk_cpuapp -GNinja -DTFM_TOOLCHAIN_FILE=../toolchain_GNUARM.cmake -DTEST_S=off -DTEST_NS=on -DCMAKE_BUILD_TYPE=debug -DTFM_INTERACTIVE_TEST=on -DTFM_PERIPH_ACCESS_TEST=ON -DTFM_IRQ_TEST=ON ..

And running it, the first test passes but the freezes at the same point as yours does, it does not continue with the next task

I took a look at this test case, the interactive test suit is disabled by default. Could you append some logs or command on your platform of TFM_CORE_TEST_2001
The test from my side on AN521 will stop after scenario 1:

Executing 'TFM_CORE_TEST_2001'

Description: 'Interactive tests'

Scenario 1 - SequentialTrying to acquire the TFM core from NS [seq_task]NS Lock: acquired [seq_task]Secure call to tfm_spm_core_test_sfn_veneer(&in_vec, 1, NULL, 0) failed, generic!NS Lock: releasing... [seq_task]Scenario 1 - test finished

If the NSPE can use all the ARMv8-M processors, then it makes sense to use a model similar to ARMv8-A. In that model, the request for a secure service is usually handled by the local core - no cross core interaction.

Imo, the implementation can be very platform specific. It is required that the two cores shall be physically isolated.
Besides, when NS requires secure services on the other core, the other core must runs in S world. It is a bit difficult to guarantee.

The concept I am working on would allow for execution of two NS environments both with access to TF-M services. The goal is also to isolate the NS environments from one another to provide safety in case of failure / maliciousness of one NS env. But this safety feature is not necessary for the use case of two Cortex M-33 with NS + TF-M.

@oyvind.ronningstad@nordicsemi.no This issue is on the Nordic platform. Can you take a look at it?

Assigned to Ken for the warning fix.

@MartinSchoenstedt so are you trying to run Non-secure OS + TF-M on both MPS2 AN521 cores?
Are you designing a SMP (symmetric multiprocessing) system for both NS and S? May I know the benefit to run NS + TF-M on both cores, compared to running a single Cortex-M33?

I solved this issue by myself.
The assert state works normally.

Yes this was indeed what I was thinking about. I am now trying to modify the secure enclave implementation to work with both CPUs in the SSE 200 on the MPS2 AN521 image. This would also also both cores to still be used by nonsecure OS / applications

Hi David. What about a scenario where non-secure applications want to use both cores? I think this is what Martin is asking about. Dedicating one M33 to act as a secure enclave can be considered a waste of compute resource (it will be idle most of the time).