Skip to content

PSA Bring Your Own Service #10447

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
May 2, 2019
Merged

PSA Bring Your Own Service #10447

merged 5 commits into from
May 2, 2019

Conversation

alzix
Copy link
Contributor

@alzix alzix commented Apr 21, 2019
edited
Loading

Description

Add support for application developers to specify their custom PSA secure partitions.
Custom PSA Secure partition sources expected to be placed under COMPONENT_SPE directory as shown below:

.
├── actuator_control
│   ├── COMPONENT_SPE
│   │   └── control_partition.cpp        <-- secure partition files
│   └── control_manifest_psa.json        <-- PSA manifest
├── mbed-os/
├── mbed-os.lib
└── src
    ├── actuator.c                       <-- library APIs 
    ├── actuator.h
    └── main.cpp                         <-- nonsecure main

Note: When building an application secure images with custom secure partitions use mbed-cli instead of tools/psa/release.py.
Do not forget to add --app-config <mbed-os-root>/tools/psa/tfm/mbed_app.json for TF-M based platforms (e.g. LPC55S69_S)

Targets 5.12.3 patch release. There is a customer waiting for it.

Tested with following compilations:

mbed test --compile -m CY8CKIT_062_WIFI_BT_M0_PSA -t GCC_ARM -n tests-psa-spm_smoke -DUSE_PSA_TEST_PARTITIONS -DUSE_SMOKE_TESTS_PART1
mbed test --compile -m CY8CKIT_062_WIFI_BT_PSA -t GCC_ARM -n tests-psa-spm_smoke -DUSE_PSA_TEST_PARTITIONS -DUSE_SMOKE_TESTS_PART1
mbed compile -m CY8CKIT_062_WIFI_BT_M0_PSA -t GCC_ARM --library
mbed compile -m CY8CKIT_062_WIFI_BT_PSA -t GCC_ARM --library
mbed export -m CY8CKIT_062_WIFI_BT_M0_PSA -i make_gcc_arm
mbed export -m CY8CKIT_062_WIFI_BT_PSA -i make_gcc_arm

mbed test --compile -m K64F -t GCC_ARM -n tests-mbed_hal-rtc
mbed compile -m K64F -t GCC_ARM --library
mbed export -m K64F -i make_gcc_arm


mbed test --compile -m LPC55S69_S -t ARM -n tests-psa-spm_smoke -DUSE_PSA_TEST_PARTITIONS -DUSE_SMOKE_TESTS_PART1 --app-config tools/psa/tfm/mbed_app.json
mbed test --compile -m LPC55S69_NS -t ARM -n tests-psa-spm_smoke -DUSE_PSA_TEST_PARTITIONS -DUSE_SMOKE_TESTS_PART1

mbed compile -m LPC55S69_S -t ARM --app-config mbed-os/tools/psa/tfm/mbed_app.json
mbed export -m LPC55S69_S --app-config mbed-os/tools/psa/tfm/mbed_app.json -i make_armc6

mbed compile -m LPC55S69_NS -t ARM --library
mbed compile -m LPC55S69_NS -t ARM

Pull request type

[ ] Fix
[ ] Refactor
[ ] Target update
[x] Functionality change
[ ] Docs update
[ ] Test update
[ ] Breaking change

Reviewers

@theotherjimmy @bridadan @ndevillard

Release Notes

@alzix
Copy link
Contributor Author

alzix commented Apr 21, 2019

fixed astyle

@ciarmcom ciarmcom requested review from bridadan, ndevillard, theotherjimmy and a team April 21, 2019 15:00
@ciarmcom
Copy link
Member

@alzix, thank you for your changes.
@bridadan @theotherjimmy @ndevillard @ARMmbed/mbed-os-tools @ARMmbed/mbed-os-maintainers please review.

@adbridge
Copy link
Contributor

CI started

@mbed-ci
Copy link

mbed-ci commented Apr 23, 2019

Test run: FAILED

Summary: 3 of 7 test jobs failed
Build number : 1
Build artifacts

Failed test jobs:

  • jenkins-ci/mbed-os-ci_build-ARM
  • jenkins-ci/mbed-os-ci_build-GCC_ARM
  • jenkins-ci/mbed-os-ci_build-IAR

@adbridge
Copy link
Contributor

CI restarted

@mbed-ci
Copy link

mbed-ci commented Apr 24, 2019

Test run: FAILED

Summary: 3 of 7 test jobs failed
Build number : 2
Build artifacts

Failed test jobs:

  • jenkins-ci/mbed-os-ci_build-ARM
  • jenkins-ci/mbed-os-ci_build-GCC_ARM
  • jenkins-ci/mbed-os-ci_build-IAR

@adbridge
Copy link
Contributor

CI restarted

@mbed-ci
Copy link

mbed-ci commented Apr 24, 2019

Test run: FAILED

Summary: 1 of 7 test jobs failed
Build number : 3
Build artifacts

Failed test jobs:

  • jenkins-ci/mbed-os-ci_build-ARM

bulislaw
bulislaw approved these changes Apr 24, 2019
View reviewed changes
Copy link
Member

@bulislaw bulislaw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bridadan please review

bridadan
bridadan reviewed Apr 24, 2019
View reviewed changes
bridadan
bridadan reviewed Apr 25, 2019
View reviewed changes
Copy link
Contributor

@bridadan bridadan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The last thing I would ask for before this comes in is documentation. I understand that all of the generation steps are necessary for this feature, however this is atypical for the rest of the targets. I'm worried that future work on the tools will break the generation step unintentionally.

I think having a document inside the tools/psa folder or the docs folder would be fine. Just something that describes the extra scanning and generation steps.

@alzix
Copy link
Contributor Author

alzix commented Apr 28, 2019

Updated commit message to align with the final version of the changes

@alzix
Copy link
Contributor Author

alzix commented Apr 28, 2019

@bridadan,

The last thing I would ask for before this comes in is documentation. I understand that all of the generation steps are necessary for this feature, however this is atypical for the rest of the targets. I'm worried that future work on the tools will break the generation step unintentionally.

I think having a document inside the tools/psa folder or the docs folder would be fine. Just something that describes the extra scanning and generation steps.

Done in b69e67d

bridadan
bridadan approved these changes Apr 29, 2019
View reviewed changes
Copy link
Contributor

@bridadan bridadan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the docs!

Btw, @theotherjimmy is unavailable for the next week or so.

@alzix
Copy link
Contributor Author

alzix commented Apr 29, 2019

Btw, @theotherjimmy is unavailable for the next week or so.

so lets merge this PR before he returns :)

0xc0170
0xc0170 requested changes Apr 30, 2019
View reviewed changes
Copy link
Contributor

@0xc0170 0xc0170 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please provide details to "Update PSA code generator" - the largest commit missing details what this update brings - this one is the functional changes - what is it changing and why? (some details are shared above)

alzix added 2 commits April 30, 2019 14:10
@alzix
Delete autogenerated files
ab01bea
@alzix
Update PSA code generator
8c5ba91 
Unify TF-M and Mbed-SPM code generators:
 - Unify SPM initialization logic:
   - All partitions are registered at once
   - Test partitions are guarded by #ifndef
   - Introduce single template list
 - Beatify template files and add "Autogen-do not modify" notice
Prepare for integration with mbed-os build system:
 - Generate all the files in a single place
Simplify tools/psa/release.py script
alzix and others added 3 commits April 30, 2019 14:41
@alzix
Update PSA includes to autogenerated files
117e3e8
@alzix
Integrate with mbeb-cli build system
9150518 
PSA code generation will be called automatically upon mbed invocation.
The autogenerated files will be created under <mbed-os-root>/PSA_AUTOGEN directory.
Update PSA tools Readme
fe9eac7
@alzix
Copy link
Contributor Author

alzix commented Apr 30, 2019

@0xc0170,

Please provide details to "Update PSA code generator" - the largest commit missing details what this update brings - this one is the functional changes - what is it changing and why? (some details are shared above)

Done

@0xc0170
Copy link
Contributor

0xc0170 commented Apr 30, 2019

CI restarted

@mbed-ci
Copy link

mbed-ci commented Apr 30, 2019

Test run: FAILED

Summary: 1 of 7 test jobs failed
Build number : 4
Build artifacts

Failed test jobs:

  • jenkins-ci/mbed-os-ci_mbed2-build-GCC_ARM

@orenc17
Copy link
Contributor

orenc17 commented May 1, 2019

@ARMmbed/mbed-os-maintainers can someone run the mbed2-build-GCC_ARM again?

@adbridge
Copy link
Contributor

adbridge commented May 1, 2019

@orenc17 the ci seems to think GCC_ARM actually passed so not sure why it is reporting a failure. I've questioned this with the ci guys

@adbridge
Copy link
Contributor

adbridge commented May 1, 2019

OK have restarted GCC_ARM, actually looks like it timed out trying to propagate the results :(

@mbed-ci
Copy link

mbed-ci commented May 1, 2019

Test run: SUCCESS

Summary: 11 of 11 test jobs passed
Build number : 5
Build artifacts

@0xc0170 0xc0170 merged commit 00f461e into ARMmbed:master May 2, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@orenc17 orenc17 orenc17 approved these changes

@bulislaw bulislaw bulislaw approved these changes

@0xc0170 0xc0170 0xc0170 approved these changes

@bridadan bridadan bridadan approved these changes

@ndevillard ndevillard Awaiting requested review from ndevillard

@theotherjimmy theotherjimmy Awaiting requested review from theotherjimmy

Assignees
No one assigned
Labels
release-version: 5.12.3
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@alzix @ciarmcom @adbridge @mbed-ci @0xc0170 @orenc17 @bulislaw @bridadan