The conflicts in source code include but not limited to the following list

1. TF-M secure data section size overflow in current PSoC 6 Flash layout. In the very first try, GCC report Flash section overflow in ConfigRegressionIPC config. It could be worse with more test cases enabled.

/opt/gcc-arm-none-eabi-7-2018-q2-update/bin/../lib/gcc/arm-none-eabi/7.3.1/../../../../arm-none-eabi/bin/ld: ../unit_test/tfm_s.axf section `.TFM_DATA' will not fit in region `FLASH'
/opt/gcc-arm-none-eabi-7-2018-q2-update/bin/../lib/gcc/arm-none-eabi/7.3.1/../../../../arm-none-eabi/bin/ld: region `FLASH' overflowed by 544 bytes

1. • Two options:
     • Add corresponding options to make some optional test cases to be selected/deselected by platforms. Thus PSoC 6 tests can drop unnecessary test case and make sure the whole image size can fit current Flash layout. (Patch under review: https://review.trustedfirmware.org/c/trusted-firmware-m/+/1823/)
     • Adjust PSoC 6 Flash layout to increase secure image size. (Patch under review: https://review.trustedfirmware.org/c/trusted-firmware-m/+/1828)
2. Code structure adjustment on master branch:
   • Move PSA header files into secure_fw/core/include/psa
   • Move header files under secure_fw/core into secure_fw/core/include (Merged patch: https://review.trustedfirmware.org/c/trusted-firmware-m/+/1561)
   • Some header files are merged into other files, such as tfm_spm.h are combined into spm_api.h
3. Changes to align with PSA spec on master branch:
   • Additional type parameter in psa_call()
   • Default return error code of psa_connect() is changed to TFM_ERROR_CONNECTION_BUSY
   • Default return error code in RPC should be changed to TFM_ERROR_GENERIC
4. Test selection on master branch.
   • IRQ test
     • IRQ test is enabled by default on Isolation Level 1. Need an option to disable IRQ tests until IRQ support is ready on multi-core. A patch is merged on master branch: https://review.trustedfirmware.org/c/trusted-firmware-m/+/1776
     • Several IRQ handling HAL APIs are added. They require dummy functions on PSoC 6.
   • Peripheral Access test case in Core test service on Isolation Level 2, which just switches on and off LEDs. It requires platform to implement two LED control APIs but actually doesn't verify any secure requirements.
     • The two LED control APIs are for that test case only but the test case will check the return value to see if LED status is the same as expected. Rather than adding dummy functions to play a trick on static variable, I'd prefer to propose a patch to add a preprocessor flag to select that Peripheral Access test case. It is either unnecessary to port the whole GPIO/LED drivers from PSoC 6, just to pass such a test case. (Patch under review: https://review.trustedfirmware.org/c/trusted-firmware-m/+/1812)
     • The best solution is to select this test case in manifest. However, current PSA spec doesn't specify a field to deselect a test case. The only way to remove a test case from final manifest is to provide another manifest, which will definitely asset another problem of manifests management on diverse platforms. Thus the current plan is to just select this test case via preprocessor flag during compiling.
5. Changes in boot
   • Update PSoC 6 flash_layout.h to fit the changes in image tools already merged.
   • Some pending features will be merged soon. Update flash_layout.h and region_defs.h
     • Boot: Replace flash partitioning terminology https://review.trustedfirmware.org/c/trusted-firmware-m/+/1518
     • Boot: Extend flash layout for multiple images https://review.trustedfirmware.org/c/trusted-firmware-m/+/1518
   • Boot: Move BL2 shared area definitions to region_defs.h: https://review.trustedfirmware.org/c/trusted-firmware-m/+/1906
6. NS interface in multi-core topology
   • NS side OS wrapper on master branch. OS wrappers are added into abstract the mutex/semaphore and other common ops from RTOSs. NS part in feature-twincpu needs some refactor to fit latest master branch implementation
     • mutex wrappers in multi-core PSA client call
     • Additional topology specific implementations, such as tfm_ns_interface_init() and NS lock. I'd prefer to keep multi-core specific implementation of NS interface since multi-core NS interface may require different lock mechanism than that in single-core platform.
   • Additional type parameter in psa_call()
7. Changes to TF-M Core on master branch
   • Potential changes to key structures and exception handler may affect Armv6-M/Armv7-M arch support.
   • Structure names changes, such as spm_partition_desc_t
8. Some platform HAL APIs return code change to enum tfm_plat_err_t
   • tfm_spm_hal_set_secure_irq_priority()
   • tfm_spm_hal_init_isolation_hw()
   • tfm_spm_hal_setup_isolation_hw()
9. master branch adds some platform specific APIs in tfm_core_init(). It requires dummy functions to fulfill those APIs declarations. However, it concerns me if it is really necessary to split a whole platform_hw_init() into so many small steps.
   • tfm_spm_hal_enable_fault_handlers()
   • tfm_spm_hal_system_reset_cfg()
   • tfm_spm_hal_init_debug()
10. Memory check process
    • master branch already splits the single core memory check process from other general secure operations in tfm_secure_api.c/.h (https://review.trustedfirmware.org/c/trusted-firmware-m/+/1718) but feature-twincpu still keep them together in tfm_secure_api.c/.h. Thus, feature-twincpu currently implements some duplicated code to keep decoupled to single memory check and the whole tfm_secure_api.c/.h. After rebasing, feature-twincpu should remove those duplicated code and re-use those general ops from tfm_secure_api.c/.h
11. mmio_region in test secure service manifest. Latest test secure services on master branch include mmio_region in manifest. Although these secure services are general, the mmio_region is actually bound to platform specific HW resource information. It requires PSoC 6 to add dummy definitions in platform_peripherals_def.h to fit the files in mmio_region. It is impractical to bound a general secure partition manifest with platform specific HW setting. Need to confirm with PSA FF spec writer.
    • Dummy TFM_PERIPHERAL_FPGA_IO

Changes to build environment after rebasing/merging

1. mbed-crypto
   • master branch switches to use mbed-crypto *1.1.0* since https://review.trustedfirmware.org/c/trusted-firmware-m/+/1562. After rebasing/merging, mbed-crypto should be updated to 1.1.0 from 1.0.0.
2. CMSIS 5.5
   • master branch changes to use CMSIS 5.5 since https://review.trustedfirmware.org/c/trusted-firmware-m/+/1421.
   • TF-M can co-work with both 5.2 and 5.5. But after the CMSIS is updated to 5.5, it is required to manually to fetch the CMSIS RTOS v2 binaries via git-lfs

curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh |sudo bash
sudo apt-get install git-lfs
git lfs install
cd CMSIS_5
git-lfs pull

3. Generate auto-generated manifest files
   • The auto-generated manifest files should be updated as well. But it is recommended to generate the manifest files via Python tool before first use. Please double check if any modification is not included in generated manifest file.