Incorrect build options for NS code
Open, Needs TriagePublic


Michel reported an issue where his code is using the __ARM_FEATURE_CMSE macro to determine for which domain (S or NS) a file is compiled for.
This raised the concern whether the current TF-M way to define secure and non secure build domain is right.

Current design:
Currently TF-M build-system uses the macro __DOMAIN_NS to signal to the code which domain a file is compiled for. Also the build-system sets the --mcmse compiler flag for both secure and non-secure code.

Investigation result:
Based on ARM®v8-M Security Extensions: Requirements on Development Tools the current usage of the --mcmse flag is wrong, but using the __DOMAIN_NS macro can not be avoided as the __ARM_FEATURE_CMSE macro is V8M architecture specific.

Suggested actions:

  1. Fix the build-system to not define the --mcmse flag for non-secure projects.
adeaarm added a subscriber: adeaarm.Apr 9 2019, 4:16 PM

Also, please note that __DOMAIN_NS (and later, DOMAIN_NS for later CMSIS versions) is used in the CMSIS_5 project hence our build systems has to define them to be able to build correctly those files.