The related changes and the reviews can be found on:
https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/1257/
- Queries
- All Stories
- Search
- Advanced Search
Feed All Stories
All Stories
All Stories
Yesterday
Yesterday
The related changes and the reviews can be found on:
https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/1494/
There is no conflict anywhere in the header names of the TF-M project. Your use case is to have both Mbed Crypto and TF-M as part of the same IDE project, at that point is up to you to provide a clear separation of the different include trees of Mbed Crypto and TF-M, and not rely on the fact that having the same names they will have same contents, as they are two different implementations of the same interface, coming from two different projects and not distributed together (i.e. they have different paths by design).
Mon, Jul 15, 2:33 PM · Restricted Project
Symbol renaming is OK.
But I have talked about file names, to avoid conflict when TFM and MbedCrypto referencing to "psa/<same_name.h>".
Guess, using a different include directory e.g. "psa_tfm/<same_name.h>" may solve the issue.
P.S. Different headers files should have different names and path - good practice for any use case.
Mon, Jul 15, 2:25 PM · Restricted Project
Not sure what is your use case, but I don't see how it's possible to compile Mbed Crypto and TF-M Crypto as part of the same application without doing symbol renaming of one of the two, given that they export the same symbol names. So I assume you have some way of renaming the symbols of either of the two before compilation, or excluding one of the two at link time.
Mon, Jul 15, 2:12 PM · Restricted Project
It means that you have decided to add the limitation which is possible to avoid.
It is possible to have and compile TFM, MbedCrypto and PSA test suite without splitting to separate libraries/projects.
Mon, Jul 15, 1:59 PM · Restricted Project
The expected use case is that an application will have to use a single implementation of the PSA Crypto interface at a time, so there won't be any conflict. In this case the module of the application will just "#include psa/crypto.h" as main header.
Mon, Jul 15, 1:45 PM · Restricted Project
It's probably OK when to compile in multiple libraries. The problem happens when to compile sources of MbedCrypto and TFM in one project.
So, as workaround, we have to add psa_ prefix to TFM PSA headers (as it was done in previous version of TFM).
Mon, Jul 15, 12:58 PM · Restricted Project
the only common difference in the headers is the different license used by the headers distributed by TF-M and the ones distributed by Mbed Crypto.
Mon, Jul 15, 12:51 PM · Restricted Project
Hi, PSA header files in mbedCrypto and TFM have the same names but a different content.
Guess, if they have the same name and same path, they should have the same content or a have a different prefix.
Mon, Jul 15, 11:02 AM · Restricted Project
Change for this is available here: https://review.trustedfirmware.org/c/trusted-firmware-m/+/1562
Mon, Jul 15, 10:01 AM · Restricted Project
Mon, Jul 15, 9:56 AM · Restricted Project
davidhuziji moved T427: Define multi-core specific memory check in Isolation Level 2 policy and APIs from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Mon, Jul 15, 8:04 AM · Restricted Project
davidhuziji created T427: Define multi-core specific memory check in Isolation Level 2 policy and APIs.
Mon, Jul 15, 8:04 AM · Restricted Project
patch has been successfully merged.
matetothpal added a comment to T424: TF-M Core init should check SPM HAL function return values during init.
Changes for this issue are:
Thanks for your feedback.
Mon, Jul 15, 1:46 AM · Restricted Project
Fri, Jul 12
Fri, Jul 12
HI @qixiang , the option to build with the debug version of Mbed Crypto or Mbed TLS is presented in our documentation just for the sake of completeness, but it's not something that we actively guarantee (i.e. we can't guarantee that the debug version of the mbedcrypto/mbedtls library will fit on all our platforms, due to different requirements in size). The option should be left as default and overriden only on those platforms that can afford it, and only on designed debug sessions. In my experience so far with the Crypto service, there is no need to debug the mbedcrypto/mbedtls libraries, as that would be out of scope for a TF-M deployment. Please let me know if you have questions or doubts about this.
Fri, Jul 12, 9:50 AM · Restricted Project
mingyangSun changed the edit policy for T425: Change the existing IPC design document into .rst format..
mingyangSun triaged T425: Change the existing IPC design document into .rst format. as High priority.
edison-ai added a comment to T412: The compiler produces debug information that is incompatible with Keil-MDK.
Hi Qixiang, could you check the patch on your side?
Thu, Jul 11
Thu, Jul 11
Thu, Jul 11, 2:59 PM · Restricted Project
matetothpal triaged T424: TF-M Core init should check SPM HAL function return values during init as Low priority.
matetothpal closed T183: Build error: TF-M build fails for gcc version 6.3 for CoreTest configuration as Resolved.
The change for this issue had been merged
The changes for this issue had been merged
you can find the multi-image support here:
https://developer.trustedfirmware.org/T421
cuipingzhang added a comment to T389: Add independent updates for security and non-security in MCUBoot.
Hi Tamasban,
Wed, Jul 10
Wed, Jul 10
Reviews:
- https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/1511/
- https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/1512/
- https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/1512/
- https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/1512/
- https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/1512/
- https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/1512/
https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/1526/
Wed, Jul 10, 1:52 PM · Restricted Project
Please email me at soby.mathew@arm.com
ARM Support have asked me not to post any Cryptocell code publicly.
Hi Neil
The Cryptocell variant supported by TF-A is CC-712 which only has support for RSA 2048.
cuipingzhang added a comment to T389: Add independent updates for security and non-security in MCUBoot.
Hi Tamasban,
cuipingzhang added a comment to T389: Add independent updates for security and non-security in MCUBoot.
Hi Tamasban,
Tue, Jul 9
Tue, Jul 9
adeaarm added a project to T415: Build: Add support for latest versions of CMSIS_5: Trusted Firmware M.
multi-image boot support solution is going to be available in review during this week.
cuipingzhang added a comment to T389: Add independent updates for security and non-security in MCUBoot.
$ git push origin master
remote: Not Found
fatal: repository 'http://review.trustedfirmware.org/' not found
cuipingzhang added a comment to T389: Add independent updates for security and non-security in MCUBoot.
git push http://review.trustedfirmware.org
remote: Not Found
fatal: repository 'http://review.trustedfirmware.org/' not found
Another (final) patch:
https://review.trustedfirmware.org/c/trusted-firmware-m/+/1487
Sat, Jul 6
Sat, Jul 6
Sat, Jul 6, 8:49 AM · Restricted Project
Sat, Jul 6, 8:46 AM · Restricted Project
davidhuziji moved T198: Arch: CPU architecture specific implementation from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Sat, Jul 6, 8:16 AM · Restricted Project
davidhuziji moved T297: TF-M Core/ SPM changes -initial implementation from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Sat, Jul 6, 8:16 AM · Restricted Project
davidhuziji moved T201: Mailbox driver design from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Sat, Jul 6, 8:16 AM · Restricted Project
davidhuziji moved T220: NS<->S communication code abstraction from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Sat, Jul 6, 8:16 AM · Restricted Project
davidhuziji moved T368: Rebase from TF-M master to feature branch from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Sat, Jul 6, 8:16 AM · Restricted Project
Rebase is done and verified
Sat, Jul 6, 8:16 AM · Restricted Project
Fri, Jul 5
Fri, Jul 5
Possible refactoring available here: https://review.trustedfirmware.org/c/trusted-firmware-m/+/1460
Thu, Jul 4
Thu, Jul 4
The WEAK mechanism sounds OK, but I think not just OS abtraction layer, the TFM NS interface (tfm_ns_lock_dispatch(...), tfm_ns_lock_init()) also needs to be WEAK. For the interrupt-disable scenario, the mutex-like reference implementation cannot apply, and the TFM NS interface may need to implement in a wholly different way.
We have discussed this matter and we would like to propose a solution which might be feasible for you.
Wed, Jul 3
Wed, Jul 3
KenLSoft added a comment to T412: The compiler produces debug information that is incompatible with Keil-MDK.
Thanks, that is helpful. Will let you know after the feature is created.
qixiang added a comment to T412: The compiler produces debug information that is incompatible with Keil-MDK.
Product: DS-5 Ultimate Edition 5.29.1
Component: ARM Compiler 6.10.1
Tool: armclang [5d143200]
Hi Kevin,
Can you help to take a look?
-Ken
Wed, Jul 3, 5:47 AM · Restricted Project
KenLSoft assigned T414: Build failed on AN524/musca_b1 platform when -DMBEDTLS_DEBUG=ON to kevin-peng-hao.
Wed, Jul 3, 5:46 AM · Restricted Project
KenLSoft added a comment to T412: The compiler produces debug information that is incompatible with Keil-MDK.
Hi Qixiang,
Can you help to :
- provide the version customer are using
- provide the solution you have created?
Tue, Jul 2
Tue, Jul 2
Tue, Jul 2, 8:45 AM · Restricted Project
Mon, Jul 1
Mon, Jul 1
qixiang updated subscribers of T412: The compiler produces debug information that is incompatible with Keil-MDK.
Fri, Jun 28
Fri, Jun 28
matetothpal closed T400: Build: Debug setting RELWITHDEBINFO should define macro NDEBUG as Resolved.
Fix for this issue had been merged
So the NS lock in TF-M is a reference implementation. Proprietary implementation may be needed to meet target platform. But per my mbed-os/tf-m port, mbed-os team follows the rule of importing TF-M and not making modification to such as this NS lock implementation for its maintenance. That's one of my dilemma. My biggest dilemma is still how to make secure call in interrupt-disabled context at NS side of mbed-os. The NS lock mechanism with mutex apparently collides with interrupt-disabled context.
Additional change: https://review.trustedfirmware.org/c/trusted-firmware-m/+/1420/
TF-M does not need to be aware of any solution applied on the non-secure side to ensure serialization of secure calls. TF-M does not check the status of the NS lock, what it does is detects concurrent calls to the secure domain using a secure lock that is independent of the NS side implementation.
What we have in the repository for the NS lock is a reference implementation for a generic solution, but use of the non-secure lock is not - and cannot - be enforced by SPM. So if the NS OS you are using in your build exposes the functions you mention, your application is free to call them. It does not need support in the TF-M repository.
The only thing to note is that any proprietary implementation should ensure single entry to the secure domain as any concurrent calls would be flagged up as severe security violations. Any NS policy that avoids this scenario is transparent and acceptable.
One idea for heuristic. With NS secure call run-to-completion, it can run in interrupt-disabled context with mutex removed. For example, disable task switch during NS secure call period:
Thu, Jun 27
Thu, Jun 27
Wed, Jun 26
Wed, Jun 26
AndreyButokNXP added a comment to T410: Add preprocessor based project content defintition techique.
Thanks, hope it will be implemented.