Feed All Stories

Yesterday

AlamyLiu created T431: GNUARM 8 support.
Mon, Jul 15, 7:02 PM
msverteczky-arm added a comment to T430: Platform: Unify flash_layout.h across platforms.

The related changes and the reviews can be found on:
https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/1257/

Mon, Jul 15, 2:58 PM
msverteczky-arm triaged T430: Platform: Unify flash_layout.h across platforms as Normal priority.
Mon, Jul 15, 2:58 PM
msverteczky-arm added a comment to T429: Build: Enhance handling of images.

The related changes and the reviews can be found on:
https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/1494/

Mon, Jul 15, 2:53 PM
msverteczky-arm triaged T429: Build: Enhance handling of images as Normal priority.
Mon, Jul 15, 2:51 PM
adeaarm added a comment to T428: Crypto: Update interface file to use Mbed Crypto 1.1.0.

There is no conflict anywhere in the header names of the TF-M project. Your use case is to have both Mbed Crypto and TF-M as part of the same IDE project, at that point is up to you to provide a clear separation of the different include trees of Mbed Crypto and TF-M, and not rely on the fact that having the same names they will have same contents, as they are two different implementations of the same interface, coming from two different projects and not distributed together (i.e. they have different paths by design).

Mon, Jul 15, 2:33 PM · Restricted Project
AndreyButokNXP added a comment to T428: Crypto: Update interface file to use Mbed Crypto 1.1.0.

Symbol renaming is OK.
But I have talked about file names, to avoid conflict when TFM and MbedCrypto referencing to "psa/<same_name.h>".
Guess, using a different include directory e.g. "psa_tfm/<same_name.h>" may solve the issue.
P.S. Different headers files should have different names and path - good practice for any use case.

Mon, Jul 15, 2:25 PM · Restricted Project
adeaarm added a comment to T428: Crypto: Update interface file to use Mbed Crypto 1.1.0.

Not sure what is your use case, but I don't see how it's possible to compile Mbed Crypto and TF-M Crypto as part of the same application without doing symbol renaming of one of the two, given that they export the same symbol names. So I assume you have some way of renaming the symbols of either of the two before compilation, or excluding one of the two at link time.

Mon, Jul 15, 2:12 PM · Restricted Project
AndreyButokNXP added a comment to T428: Crypto: Update interface file to use Mbed Crypto 1.1.0.

It means that you have decided to add the limitation which is possible to avoid.
It is possible to have and compile TFM, MbedCrypto and PSA test suite without splitting to separate libraries/projects.

Mon, Jul 15, 1:59 PM · Restricted Project
adeaarm added a comment to T428: Crypto: Update interface file to use Mbed Crypto 1.1.0.

The expected use case is that an application will have to use a single implementation of the PSA Crypto interface at a time, so there won't be any conflict. In this case the module of the application will just "#include psa/crypto.h" as main header.

Mon, Jul 15, 1:45 PM · Restricted Project
AndreyButokNXP added a comment to T428: Crypto: Update interface file to use Mbed Crypto 1.1.0.

It's probably OK when to compile in multiple libraries. The problem happens when to compile sources of MbedCrypto and TFM in one project.
So, as workaround, we have to add psa_ prefix to TFM PSA headers (as it was done in previous version of TFM).

Mon, Jul 15, 12:58 PM · Restricted Project
adeaarm added a comment to T428: Crypto: Update interface file to use Mbed Crypto 1.1.0.

the only common difference in the headers is the different license used by the headers distributed by TF-M and the ones distributed by Mbed Crypto.

Mon, Jul 15, 12:51 PM · Restricted Project
AndreyButokNXP added a comment to T428: Crypto: Update interface file to use Mbed Crypto 1.1.0.

Hi, PSA header files in mbedCrypto and TFM have the same names but a different content.
Guess, if they have the same name and same path, they should have the same content or a have a different prefix.

Mon, Jul 15, 11:02 AM · Restricted Project
adeaarm added a comment to T428: Crypto: Update interface file to use Mbed Crypto 1.1.0.

Change for this is available here: https://review.trustedfirmware.org/c/trusted-firmware-m/+/1562

Mon, Jul 15, 10:01 AM · Restricted Project
adeaarm triaged T428: Crypto: Update interface file to use Mbed Crypto 1.1.0 as Normal priority.
Mon, Jul 15, 9:56 AM · Restricted Project
jf549 closed T416: PSA header names should be psa/<api>.h as Resolved.
Mon, Jul 15, 9:19 AM · Trusted Firmware M
jf549 closed T417: Add psa/error.h header as Resolved.
Mon, Jul 15, 9:19 AM · Trusted Firmware M
davidhuziji moved T427: Define multi-core specific memory check in Isolation Level 2 policy and APIs from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Mon, Jul 15, 8:04 AM · Restricted Project
davidhuziji created T427: Define multi-core specific memory check in Isolation Level 2 policy and APIs.
Mon, Jul 15, 8:04 AM · Restricted Project
KenLSoft triaged T426: Source strcuture adjustment as Normal priority.
Mon, Jul 15, 7:48 AM · Trusted Firmware M
KenLSoft closed T425: Change the existing IPC design document into .rst format. as Resolved.
Mon, Jul 15, 7:06 AM · Trusted Firmware M
mingyangSun added a comment to T425: Change the existing IPC design document into .rst format..

patch has been successfully merged.

Mon, Jul 15, 7:05 AM · Trusted Firmware M
matetothpal added a comment to T424: TF-M Core init should check SPM HAL function return values during init.

Changes for this issue are:

Mon, Jul 15, 6:30 AM · Trusted Firmware M
KenLSoft closed T394: Move configurations into dedicated directory as Resolved.
Mon, Jul 15, 2:08 AM · Trusted Firmware M
qixiang added a comment to T414: Build failed on AN524/musca_b1 platform when -DMBEDTLS_DEBUG=ON.

Thanks for your feedback.

Mon, Jul 15, 1:46 AM · Restricted Project

Fri, Jul 12

adeaarm added a comment to T414: Build failed on AN524/musca_b1 platform when -DMBEDTLS_DEBUG=ON.

HI @qixiang , the option to build with the debug version of Mbed Crypto or Mbed TLS is presented in our documentation just for the sake of completeness, but it's not something that we actively guarantee (i.e. we can't guarantee that the debug version of the mbedcrypto/mbedtls library will fit on all our platforms, due to different requirements in size). The option should be left as default and overriden only on those platforms that can afford it, and only on designed debug sessions. In my experience so far with the Crypto service, there is no need to debug the mbedcrypto/mbedtls libraries, as that would be out of scope for a TF-M deployment. Please let me know if you have questions or doubts about this.

Fri, Jul 12, 9:50 AM · Restricted Project
mingyangSun added a comment to T425: Change the existing IPC design document into .rst format..

Patch link:
https://review.trustedfirmware.org/c/trusted-firmware-m/+/1533

Fri, Jul 12, 6:08 AM · Trusted Firmware M
mingyangSun changed the edit policy for T425: Change the existing IPC design document into .rst format..
Fri, Jul 12, 6:07 AM · Trusted Firmware M
mingyangSun triaged T425: Change the existing IPC design document into .rst format. as High priority.
Fri, Jul 12, 5:57 AM · Trusted Firmware M
edison-ai added a comment to T412: The compiler produces debug information that is incompatible with Keil-MDK.

Hi Qixiang, could you check the patch on your side?

Fri, Jul 12, 2:12 AM · Trusted Firmware M

Thu, Jul 11

adeaarm added a comment to T420: Audit Log: Use uniform signatures.

https://review.trustedfirmware.org/c/trusted-firmware-m/+/1531

Thu, Jul 11, 2:59 PM · Restricted Project
matetothpal triaged T424: TF-M Core init should check SPM HAL function return values during init as Low priority.
Thu, Jul 11, 11:46 AM · Trusted Firmware M
matetothpal closed T183: Build error: TF-M build fails for gcc version 6.3 for CoreTest configuration as Resolved.

The change for this issue had been merged

Thu, Jul 11, 11:42 AM · Trusted Firmware M
matetothpal closed T32: Implement secure IRQ handling as Resolved.

The changes for this issue had been merged

Thu, Jul 11, 11:41 AM · Trusted Firmware M
tamasban added a comment to T389: Add independent updates for security and non-security in MCUBoot.

you can find the multi-image support here:
https://developer.trustedfirmware.org/T421

Thu, Jul 11, 11:28 AM · Trusted Firmware M
jf549 added a comment to T423: Increase stack size for SST NS test threads.

Patch: https://review.trustedfirmware.org/c/trusted-firmware-m/+/1529

Thu, Jul 11, 10:56 AM · Trusted Firmware M
jf549 triaged T423: Increase stack size for SST NS test threads as High priority.
Thu, Jul 11, 10:55 AM · Trusted Firmware M
adeaarm closed T404: Test: Refactor the os_wrapper layer as Resolved.
Thu, Jul 11, 8:43 AM · Trusted Firmware M
adeaarm closed T415: Build: Add support for latest versions of CMSIS_5 as Resolved.
Thu, Jul 11, 8:42 AM · Trusted Firmware M
edison-ai added a comment to T422: Disable core test from ConfigCoreIPC.cmake.

Patch link: https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/1528/

Thu, Jul 11, 5:45 AM · Trusted Firmware M
edison-ai created T422: Disable core test from ConfigCoreIPC.cmake.
Thu, Jul 11, 5:44 AM · Trusted Firmware M
cuipingzhang added a comment to T389: Add independent updates for security and non-security in MCUBoot.

Hi Tamasban,

Thu, Jul 11, 1:46 AM · Trusted Firmware M

Wed, Jul 10

davidvincze updated the task description for T421: Add multi-image support to MCUBoot.
Wed, Jul 10, 3:28 PM · Trusted Firmware M
davidvincze added a comment to T421: Add multi-image support to MCUBoot.

Reviews:

  1. https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/1511/
  2. https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/1512/
  3. https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/1512/
  4. https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/1512/
  5. https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/1512/
  6. https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/1512/

https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/1526/

Wed, Jul 10, 3:09 PM · Trusted Firmware M
davidvincze triaged T421: Add multi-image support to MCUBoot as High priority.
Wed, Jul 10, 3:07 PM · Trusted Firmware M
adeaarm triaged T420: Audit Log: Use uniform signatures as Low priority.
Wed, Jul 10, 1:52 PM · Restricted Project
soby-mathew added a comment to T418: Cryptocell Key Sizes.

Please email me at soby.mathew@arm.com

Wed, Jul 10, 10:44 AM · Trusted Firmware A
neil-jones-work added a comment to T418: Cryptocell Key Sizes.

ARM Support have asked me not to post any Cryptocell code publicly.

Wed, Jul 10, 10:00 AM · Trusted Firmware A
soby-mathew added a comment to T418: Cryptocell Key Sizes.

Hi Neil
The Cryptocell variant supported by TF-A is CC-712 which only has support for RSA 2048.

Wed, Jul 10, 9:30 AM · Trusted Firmware A
neil-jones-work updated the task description for T418: Cryptocell Key Sizes.
Wed, Jul 10, 9:17 AM · Trusted Firmware A
neil-jones-work updated the task description for T418: Cryptocell Key Sizes.
Wed, Jul 10, 9:17 AM · Trusted Firmware A
cuipingzhang added a comment to T389: Add independent updates for security and non-security in MCUBoot.

Hi Tamasban,

Wed, Jul 10, 3:38 AM · Trusted Firmware M
cuipingzhang added a comment to T389: Add independent updates for security and non-security in MCUBoot.

Hi Tamasban,

Wed, Jul 10, 1:05 AM · Trusted Firmware M

Tue, Jul 9

shebuk edited the content of Roadmap.
Tue, Jul 9, 6:23 PM
adeaarm triaged T419: Build: Review build default defines as Wishlist priority.
Tue, Jul 9, 9:33 AM · Trusted Firmware M
adeaarm added a project to T415: Build: Add support for latest versions of CMSIS_5: Trusted Firmware M.
Tue, Jul 9, 9:32 AM · Trusted Firmware M
tamasban added a comment to T389: Add independent updates for security and non-security in MCUBoot.

multi-image boot support solution is going to be available in review during this week.

Tue, Jul 9, 9:20 AM · Trusted Firmware M
neil-jones-work added a project to T418: Cryptocell Key Sizes: Trusted Firmware A.
Tue, Jul 9, 8:48 AM · Trusted Firmware A
cuipingzhang added a comment to T389: Add independent updates for security and non-security in MCUBoot.

$ git push origin master
remote: Not Found
fatal: repository 'http://review.trustedfirmware.org/' not found

Tue, Jul 9, 8:08 AM · Trusted Firmware M
cuipingzhang added a comment to T389: Add independent updates for security and non-security in MCUBoot.

git push http://review.trustedfirmware.org
remote: Not Found
fatal: repository 'http://review.trustedfirmware.org/' not found

Tue, Jul 9, 7:57 AM · Trusted Firmware M
KenLSoft added a comment to T394: Move configurations into dedicated directory.

Another (final) patch:
https://review.trustedfirmware.org/c/trusted-firmware-m/+/1487

Tue, Jul 9, 5:09 AM · Trusted Firmware M

Sat, Jul 6

davidhuziji edited the content of Mailbox Design for TF-M on Dual Core System.
Sat, Jul 6, 8:49 AM · Restricted Project
davidhuziji edited the content of Communication Prototype Between NSPE And SPE In Dual Core System.
Sat, Jul 6, 8:46 AM · Restricted Project
davidhuziji moved T198: Arch: CPU architecture specific implementation from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Sat, Jul 6, 8:16 AM · Restricted Project
davidhuziji moved T297: TF-M Core/ SPM changes -initial implementation from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Sat, Jul 6, 8:16 AM · Restricted Project
davidhuziji moved T201: Mailbox driver design from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Sat, Jul 6, 8:16 AM · Restricted Project
davidhuziji moved T220: NS<->S communication code abstraction from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Sat, Jul 6, 8:16 AM · Restricted Project
davidhuziji moved T368: Rebase from TF-M master to feature branch from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Sat, Jul 6, 8:16 AM · Restricted Project
davidhuziji added a comment to T368: Rebase from TF-M master to feature branch.

Rebase is done and verified

Sat, Jul 6, 8:16 AM · Restricted Project

Fri, Jul 5

adeaarm added a comment to T378: Allow NS secure call in interrupt-disabled context.

Possible refactoring available here: https://review.trustedfirmware.org/c/trusted-firmware-m/+/1460

Fri, Jul 5, 10:03 AM · Trusted Firmware M
neil-jones-work created T418: Cryptocell Key Sizes.
Fri, Jul 5, 8:57 AM · Trusted Firmware A

Thu, Jul 4

jf549 added a comment to T417: Add psa/error.h header.

Patch: https://review.trustedfirmware.org/c/trusted-firmware-m/+/1459/

Thu, Jul 4, 2:27 PM · Trusted Firmware M
jf549 added a project to T416: PSA header names should be psa/<api>.h: Trusted Firmware M.
Thu, Jul 4, 2:27 PM · Trusted Firmware M
jf549 triaged T417: Add psa/error.h header as Normal priority.
Thu, Jul 4, 2:26 PM · Trusted Firmware M
jf549 added a comment to T416: PSA header names should be psa/<api>.h.

Patch: https://review.trustedfirmware.org/c/trusted-firmware-m/+/1458/

Thu, Jul 4, 2:25 PM · Trusted Firmware M
jf549 triaged T416: PSA header names should be psa/<api>.h as Normal priority.
Thu, Jul 4, 2:25 PM · Trusted Firmware M
ccli8 added a comment to T378: Allow NS secure call in interrupt-disabled context.

The WEAK mechanism sounds OK, but I think not just OS abtraction layer, the TFM NS interface (tfm_ns_lock_dispatch(...), tfm_ns_lock_init()) also needs to be WEAK. For the interrupt-disable scenario, the mutex-like reference implementation cannot apply, and the TFM NS interface may need to implement in a wholly different way.

Thu, Jul 4, 10:01 AM · Trusted Firmware M
adeaarm added a comment to T378: Allow NS secure call in interrupt-disabled context.

We have discussed this matter and we would like to propose a solution which might be feasible for you.

Thu, Jul 4, 9:21 AM · Trusted Firmware M

Wed, Jul 3

adeaarm added a comment to T415: Build: Add support for latest versions of CMSIS_5.

https://review.trustedfirmware.org/c/trusted-firmware-m/+/1421

Wed, Jul 3, 1:18 PM · Trusted Firmware M
adeaarm triaged T415: Build: Add support for latest versions of CMSIS_5 as Low priority.
Wed, Jul 3, 1:17 PM · Trusted Firmware M
KenLSoft added a comment to T412: The compiler produces debug information that is incompatible with Keil-MDK.

Thanks, that is helpful. Will let you know after the feature is created.

Wed, Jul 3, 6:49 AM · Trusted Firmware M
qixiang added a comment to T412: The compiler produces debug information that is incompatible with Keil-MDK.

Product: DS-5 Ultimate Edition 5.29.1
Component: ARM Compiler 6.10.1
Tool: armclang [5d143200]

Wed, Jul 3, 6:47 AM · Trusted Firmware M
KenLSoft added a comment to T414: Build failed on AN524/musca_b1 platform when -DMBEDTLS_DEBUG=ON.

Hi Kevin,
Can you help to take a look?
-Ken

Wed, Jul 3, 5:47 AM · Restricted Project
KenLSoft assigned T414: Build failed on AN524/musca_b1 platform when -DMBEDTLS_DEBUG=ON to kevin-peng-hao.
Wed, Jul 3, 5:46 AM · Restricted Project
KenLSoft claimed T412: The compiler produces debug information that is incompatible with Keil-MDK.
Wed, Jul 3, 5:45 AM · Trusted Firmware M
KenLSoft added a comment to T412: The compiler produces debug information that is incompatible with Keil-MDK.

Hi Qixiang,
Can you help to :

  1. provide the version customer are using
  2. provide the solution you have created?
Wed, Jul 3, 5:45 AM · Trusted Firmware M

Tue, Jul 2

qixiang created T414: Build failed on AN524/musca_b1 platform when -DMBEDTLS_DEBUG=ON.
Tue, Jul 2, 8:45 AM · Restricted Project

Mon, Jul 1

qixiang updated subscribers of T412: The compiler produces debug information that is incompatible with Keil-MDK.
Mon, Jul 1, 8:40 AM · Trusted Firmware M
TTornblom created T413: Experimental support for IAR Embedded Workbench for Arm tool chain.
Mon, Jul 1, 6:23 AM
qixiang created T412: The compiler produces debug information that is incompatible with Keil-MDK.
Mon, Jul 1, 3:38 AM · Trusted Firmware M

Fri, Jun 28

matetothpal closed T400: Build: Debug setting RELWITHDEBINFO should define macro NDEBUG as Resolved.

Fix for this issue had been merged

Fri, Jun 28, 11:55 AM · Trusted Firmware M
ccli8 added a comment to T378: Allow NS secure call in interrupt-disabled context.

So the NS lock in TF-M is a reference implementation. Proprietary implementation may be needed to meet target platform. But per my mbed-os/tf-m port, mbed-os team follows the rule of importing TF-M and not making modification to such as this NS lock implementation for its maintenance. That's one of my dilemma. My biggest dilemma is still how to make secure call in interrupt-disabled context at NS side of mbed-os. The NS lock mechanism with mutex apparently collides with interrupt-disabled context.

Fri, Jun 28, 9:56 AM · Trusted Firmware M
adeaarm added a comment to T408: Refactor UART stdio retargeting.

Additional change: https://review.trustedfirmware.org/c/trusted-firmware-m/+/1420/

Fri, Jun 28, 9:56 AM · Trusted Firmware M
wmnt updated subscribers of T378: Allow NS secure call in interrupt-disabled context.

TF-M does not need to be aware of any solution applied on the non-secure side to ensure serialization of secure calls. TF-M does not check the status of the NS lock, what it does is detects concurrent calls to the secure domain using a secure lock that is independent of the NS side implementation.
What we have in the repository for the NS lock is a reference implementation for a generic solution, but use of the non-secure lock is not - and cannot - be enforced by SPM. So if the NS OS you are using in your build exposes the functions you mention, your application is free to call them. It does not need support in the TF-M repository.
The only thing to note is that any proprietary implementation should ensure single entry to the secure domain as any concurrent calls would be flagged up as severe security violations. Any NS policy that avoids this scenario is transparent and acceptable.

Fri, Jun 28, 9:29 AM · Trusted Firmware M
ccli8 added a comment to T378: Allow NS secure call in interrupt-disabled context.

One idea for heuristic. With NS secure call run-to-completion, it can run in interrupt-disabled context with mutex removed. For example, disable task switch during NS secure call period:

Fri, Jun 28, 8:46 AM · Trusted Firmware M

Thu, Jun 27

ashutoshksingh edited the content of Cooperative Scheduling Rules.
Thu, Jun 27, 3:11 PM
tamasban added a comment to T411: Attestation token verifier script.

Related changes:
https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/1404/
https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/1405/
https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/1406/
https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/1407/

Thu, Jun 27, 1:36 PM · Trusted Firmware M
tamasban triaged T411: Attestation token verifier script as Normal priority.
Thu, Jun 27, 1:34 PM · Trusted Firmware M

Wed, Jun 26

AndreyButokNXP added a comment to T410: Add preprocessor based project content defintition techique.

Thanks, hope it will be implemented.

Wed, Jun 26, 12:26 PM · Trusted Firmware M
gyuri-szing created T410: Add preprocessor based project content defintition techique.
Wed, Jun 26, 12:09 PM · Trusted Firmware M