Page MenuHomePhabricator

[TF-M] Proposal to separate vendor components
Open, Needs TriagePublic

Description

This tickect is created based on the mailing list item sent by Roman.Mazurak@infineon.com

Hi all,

The goal of this proposal is to separate TF-M core and platform code to simplify development and support.

Take, for example, the Cypress PSoC 64 platform, we see that a significant amount of code can be committed into the repository.
For end user perspective, it doesn't seem logical that project source tree has a lot of irrelevant stuff. It complicates a performance of IDE, searching and analyzing a code.

Pros :
Platform support can be provided separately without the need to upgrade outdated platforms or problematic platforms :
https://lists.trustedfirmware.org/pipermail/tf-m/2021-January/001454.html
https://developer.trustedfirmware.org/w/collaboration/project-maintenance-process

It should help to avoid or at least to minimize number of patches that requires fixes in platform folders :
https://lists.trustedfirmware.org/pipermail/tf-m/2019-April/000162.html

Reduces the amount of work for core team by delegating promotion of a new API support to vendors :
https://lists.trustedfirmware.org/pipermail/tf-m/2019-November/000506.html

Proposed solution :
There are other projects that face a similar situation, for example OpenWRT, Yocto, Android. Their common feature is that they have many dependencies. The solution they propose is based on the fact that these projects have their own build infrastructure. The user's task is to create a configuration in which you can add your own components.
In its current state, the TF-M already has some tools to implement platform as an external dependency. The user can specify the path to the platform using the TFM_PLATFORM variable. There is also work underway to implement support of external test infrastructure. (https://lists.trustedfirmware.org/pipermail/tf-m/2021-September/001824.html).

There is a need to add support of external secure partitions instead of current solution (https://tf-m-user-guide.trustedfirmware.org/docs/integration_guide/services/tfm_secure_partition_addition.html). I can't say if this issue is directly related to the platform, but it's possible that it will give more opportunities to vendors or will be a useful tool for adding new platforms.

The last question that needs to be addressed is how to link the sources supplied by vendors (platforms or security partitions) to the TF-M sources. Using the git submodule mechanism probably is not a good solution. There are two options :

  1. Platforms, security partitions and test-suits will be listed as a submodule in the TF-M tree. But this approach will not actually solve the main problem of delegating more responsibility to vendors and breaking the connection between the vendors component and TF-M.
  2. The TF-M source tree will be specified as a submodule in modules supplied by vendors. In this case we will have more problems. Because if the user's project will use two or more vendor components (for example, platform and custom security partitions), then TF-M will be mentioned more than once and it is quite possible to have several different revisions of TF-M. So, it will be impossible to properly assemble the project.

Therefore, I see the use of the following approach as an alternative :

  1. External components check the TF-M version using the TFM_VERSION variable.
  2. A project that uses TF-M, as well as the necessary components (platforms, external security partitions, vendor / project test suites) specifies dependencies using any method. The simplest way is to commit TF-M and vendor components as submodules in the user project.
  3. Paths to all dependencies should be transferred from the project to necessary parts of TF-M via CMake variables.

This should be equally convenient for platforms vendors, TF-M components vendors, and TF-M end users.

Risks :
If the project assembled by end user will use several vendor modules (for example platform and custom security partitions). It is possible that the TF-M version required by different vendors modules will be different. But this problem is present at the moment, because any significant change to the TF-M API generates many problems that need to be solved for all supported platforms (mentioned in the pros).

Any feedbacks are welcome.

Event Timeline

KenLSoft created this task.Sep 29 2021, 1:35 AM
KenLSoft created this object with edit policy "Task Author".
This comment was removed by dbharbin.

With a simplified source tree, searching for specific rainbow friends code segments and analyzing the codebase becomes easier for developers. They can locate relevant sections more quickly and focus on understanding and modifying the code as needed.

This is an amazing and informative article that covers so much ground. mario games

I think this is a good proposition. I agree with suggestions like these. 1v1 lol

This article is fantastic in its breadth and depth of coverage. connections game

This is a fantastic post that is very helpful and covers a lot of area. Rainbow Friends

Similar challenges are experienced by other projects, including OpenWRT, Yocto, and Android and insättningsbonus utan omsättningskrav . They all have the trait of having several dependents. They base their solution on the fact that each of these projects has its own built infrastructure. The user's job is to build a configuration that allows for the addition of their own components.

Nebenca added a subscriber: Nebenca.EditedSep 18 2023, 3:35 AM

Thank you, this is a wonderful, educational piece that covers a lot of material. pizza tower

It is essential to separate the TF-M core and platform code to simplify development and support. It helps users a lot. flappy bird

Your proposal for segregating TF M core and platform code makes sense providing a cleaner development environment. Simplifying the user experience and handling dependencies effectively will contribute to a more streamlined TF M project.
Best Import Export Services in Edison NJ

Embark on a journey beyond blocky landscapes and mundane crafting in the captivating world of Infinite Craft Unblocked