Update PSA porting guide #1416
Update PSA porting guide #1416
Conversation
LDong-Arm
changed the title
LDong-Arm
force-pushed
the
tf-m-v1.2-update
branch
from
9893d5e to
d3e6b6e
Compare
| @@ -466,7 +396,7 @@ To build TF-M and create an Mbed OS pull request: | |||
| python3 build_tfm.py -m <new target> -t <toolchain> --commit | |||
| ``` | |||
|
|
|||
| The command builds TF-M with the config `ConfigCoreIPC.cmake`, copies the TF-M binary to the location defined by the target attribute `tfm_delivery_dir`, and commits the changes to Mbed OS. | |||
| The command builds TF-M with the config `ConfigCoreIPC`, copies the TF-M binary to the location defined by the target attribute `tfm_delivery_dir`, and commits the changes to Mbed OS. | |||
LDong-Arm
force-pushed
the
tf-m-v1.2-update
branch
from
d3e6b6e to
1f5e62d
Compare
| - `TargetName`: PSA non-secure target (NSPE). | ||
| - `TargetName_NPSA_S`: Non-PSA secure target. | ||
| - `TargetName_NPSA`: Non-PSA non-secure target. | ||
|
|
There was a problem hiding this comment.
So what is the new convention ?
For ex, current NUCLEO_L552ZE_Q is used as a legacy coretex M target without trust zone.
When we will support TFM, how this new target should be called ?
There was a problem hiding this comment.
For ex, current NUCLEO_L552ZE_Q is used as a legacy coretex M target without trust zone.
When we will support TFM, how this new target should be called ?
I think it should still be called NUCLEO_L552ZE_Q if we support only one flavour. Unless the intention is to provide users both TF-M and non-TF-M options?
There was a problem hiding this comment.
First intention was to provide both options.
But maybe we need to change our mind.
There was a problem hiding this comment.
First intention was to provide both options.
This should be okay, we can still have two target names (for TF-M and non-TF-M flavours) in this case I think. I removed the naming guideline section from the doc, only because no targets currently follow them.
There was a problem hiding this comment.
I'd recommend removing the naming guideline for now as it is not currently used. As @LDong-Arm says, both options could still be used and so this could be re-visited when a use case arises.
| @@ -466,7 +396,7 @@ To build TF-M and create an Mbed OS pull request: | |||
| python3 build_tfm.py -m <new target> -t <toolchain> --commit | |||
There was a problem hiding this comment.
This is a linux only command ?
Maybe mbed cli2 could be used ? mbedtools tfm -m xxx ?
There was a problem hiding this comment.
It runs on Windows and macOS too, as long as python and dependencies are installed. Mbed CLI 2 support for PSA/TF-M targets and repositories will be added, at which point we'll update the documentation.
LDong-Arm
force-pushed
the
tf-m-v1.2-update
branch
from
1f5e62d to
d21fcad
Compare
LDong-Arm
force-pushed
the
tf-m-v1.2-update
branch
3 times, most recently
from
be70eb1 to
b4c3a65
Compare
| - `TargetName`: PSA non-secure target (NSPE). | ||
| - `TargetName_NPSA_S`: Non-PSA secure target. | ||
| - `TargetName_NPSA`: Non-PSA non-secure target. | ||
|
|
There was a problem hiding this comment.
I'd recommend removing the naming guideline for now as it is not currently used. As @LDong-Arm says, both options could still be used and so this could be re-visited when a use case arises.
For PSA/TF-M targets, Mbed OS provides the non-secure side only, because secure-side binaries are built directly using TF-M's repository and checked into the Mbed OS tree. Having one target name for each board is sufficient, so we remove this outdated section.
To avoid duplicaton, we just need to point users to the mbed-os-tf-m-regression-tests repository which contains up-to-date instructions on how to use our scripts to build and run TF-M, regression tests and PSA compliance tests.
Overriding `inherits` in `mbed_app.json` is not always feasible - if a target already has another inheritance in `targets.json`, the existing one will be overriden. To avoid potential issues, we should not recommend this method of enabling PSA.
LDong-Arm
force-pushed
the
tf-m-v1.2-update
branch
from
b4c3a65 to
498e285
Compare
Add documentation for more TF-M-related configurations: * TF-M version supported * Support for TF-M bootloader and two image slots * post binary hooks Combine documentation for dual-core and Armv8-M targets, as the steps are basically identical. This reduces maintenance required and improves readability.
From TF-M v1.2, ARM_MUSCA_A1 has been deprecated from Mbed OS.
Single-core v7-M targets use Mbed PSA service instead of TF-M.
LDong-Arm
force-pushed
the
tf-m-v1.2-update
branch
from
498e285 to
4bf6847
Compare
LDong-Arm
changed the title
|
@donatieng Could you merge this PR please? |
This PR