TF-M v1.2 support #91
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fixes: #12
This update is related to making `CoreIPC.config` working with TF-M v1.2. `build_tfm.py`: * Remove MCUboot and mbed-crypto cloning * Change TF-M v1.2 config command * Log additional info when copying files and folders * Fix building all TF-M targets * Use Ninja to build `psa_builder.py` * Cosmetic changes * Update repository URL's `tfm_ns_import.yaml` * Update paths, files and folder names The TF-M v1.1 had `image_macros_preprocessed_xx.c` files with preprocessed macros. In the new TF-M v1.2, the preprocessed `image_macros_preprocessed_xx.c` have been renamed to `signing_layout_xx.c` files. For Example: The CMake build system runs them through the preprocessor and then uses those output files. Because the `macro_parser.py` used during signing operation, can't actually resolve any of the macros into their addresses, all it does is handle the brackets and additions that are left over after resolving the macros. Therefore using preprocessed `signing_layout_xx.o` from respective build folder and renaming to `.c` works for Mbed CLI 1. Why TF-M v1.2 can't use `signing_layout_xx.c` directly for linking? The problem is that CMake doesn't have a proper mechanism for changing the file extension of output files, and we need the proper object files to have the `.o` extension so that the linker scripts work. We can't get cmake to differentiate between just running the preprocessor and running a full compile in terms of the extension.
This is only going to build `CoreIPC.config` with Mbed OS `feature-tf-m-1.2-integration` branch.
This commit makes the following updates to enable TF-M v1.2 regression tests with Mbed OS: `tfm_ns_import.yaml`: * Add the list of test libraries to copy `build_tfm.py`: * Copy test libraries according to `tfm_ns_import.yaml` * Enable the IRQ test module and the peripheral access test module
PSA compliance test suites can be built directly from TF-Mv1.2 onwards. `build_tfm.py`: * Update script to copy the PSA compliance libraries. `test_psa_target.py` * Use only `build_tfm.py` directly to build PSA compliance test suites. Fix code formatting.
These logs are in sync with TF-M v1.2 PSA compliance test suites run.
These logs are in sync with TF-M v1.2 PSA compliance test suites run.
These contain platform base address and peripherals definitions. Files are imported from TF-M v1.2.
Since TF-M V1.2, the PSA compliance tests suite doesn't require an additional step of cloning: https://github.com/ARM-software/psa-arch-tests build and link it, as TF-M v1.2 repository is now capable of performing through their build system. The advantage of `build_psa_compliance.py` was to provide the granularity to break the test suites further (for example: MUSCA_A1) which have small flash and RAM to fit a large test suite. This issue has been raised for TF-M support: https://developer.trustedfirmware.org/T884
Cypress targets are not supported for TF-M v1.2
The IPC configurations `Config<...>IPC.cmake` are legacies of TF-M v1.1, and those .cmake files do not exist for TF-M v1.2 anymore. So this commit simplifies the configuration names to remove legacy references.
From TF-M v1.2 we have switched the CMake generator to Ninja as it builds the project faster than Makefiles.
Updating packages before installing new packages helps to avoid dependency mismatch.
Fetching repositories in Vagrant scripts means extra maintenance when we update TF-M to a new release. Instead, limit the vagrant script to set up the environment only. Note that the installation of python requirements depends on the mbed-os repo existing locally, so we ask users to install them. This commit also removes the steps to build the vanilla TF-M from `vagrant/README.md` accordingly, and adds more details of how to use the virtual machine.
This commit does the following changes to README.md: * Bump TF-M version to v1.2 * Remove duplication in the introduction * Clarify development environment setup * Make it more visible that the Mbed OS application is compiled right after a test suite * Clarify the test automation by the Greentea framework * Add a section: "Expected test results"
Changes to `psa_builder.py`: * Rename remote `tf-m` to `mbed-tfm` name * Add remote `upstream-tfm` details Note: ** `mbed-tfm` contains additional Mbed OS patches with a specific TF-M release. ** `upstream-tfm` is the latest TF-M release * Clone repository with a remote name instead of default `origin` name * Fetch only remote repository * Checkout into a local branch Changes to `build_tfm.py`: * Pass the dependencies name which specifies the remote name for checkout/clone operation. It is helpful to differentiate branches from different remotes and repository.
Mbed OS needs some additional patches to use a TF-M release. The objective of this script is to rebase those Mbed OS patches onto latest external TF-M version, this ensures the effectiveness of future Mbed OS (patches) + TF-M (latest) integration work. These are the steps performed by the script: * Clone `upstream-tfm` repositories * Checkout `mbed-tfm` repositories (these contain Mbed OS patches) * Perform rebase operation
The path in a commit message auto-generated by `--commit` should be relative to `mbed-os`.
Fixes #24 The issue on Windows (Host OS) is that it clones dependencies in read-only mode, which creates an issue when deleting them if `test_psa_target.py` or `build_tfm.py` is executed. Therefore handle the permission issue by setting them in read-write mode.
Use `mbed-tfm-rebase-check` branches of respective remote and repository (dependencies) instead of `mbed-tfm`. This helps to resolve any rebase issues on the Mbed OS patches required for TF-M latest implementation. Additionally, clone `psa-arch-tests` repository which is used by TF-M + Mbed OS.
`build_tfm.py`: This feature deletes the cloned dependencies directory enabling user to start in a clean state. `test_psa_target.py`: Since this script calls the `build_tfm.py` therefore this functionality is extended. Note: This would be an expensive operation as every time it would delete the cloned dependencies directory, forcing it to set up the dependencies again.
`build_tfm.py`: This feature skips the cloning/checkout of TF-M dependencies enabling user to work with their setup. Note: This feature will be overridden if `--clean` option is used. `test_psa_target`: Since this script calls the `build_tfm.py` therefore this functionality is extended.
This feature skips the copying of TF-M dependencies files and folders to Mbed OS.
The purpose of this script is to use cloned TF-M dependencies and build TF-M regression and PSA compliance test suites. This is to support internal CI run.
Relative paths allow users to build tests in a VM/container and run them in a host without worrying about paths.
The python format checker in `.github/workflows/main.yml` was not previously enabled for the branch tf-m-v1.2-integration. Running that manually gives us some format errors.
The python format checker in `.github/workflows/main.yml` was not previously enabled for the branch tf-m-v1.2-integration. Running that manually gives us some format errors.
Some TF-M target names are multi-level. For example: `nuvoton/m2354` Fixes generated TF-M `s_veneers.o` copy path. Fixes #85
|
I accidentally cancelled "Travis CI - Branch" (regular run on each branch), but it's the same as "Travis CI - Pull Request" which is running, so it should be fine. |
evedon
approved these changes
Mar 3, 2021
OK |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As TF-M v1.2 support has been merged to Mbed OS, this PR brings in all the update we have made to support the regression tests and PSA compliance tests: