PSOC6_SB: initial integration of Cypress Secure Boot target CY8CPROTO_064_SB

[romanjoe]

Kind request for ARM team!!!

Could you please make a review as soon as possible - we need this for our customer. Ideally at start on the next week.

Description

This PR brings the following major updates to the Cypress PSoC 6 targets for Mbed OS 5.13:

• Initial implementation of the Cypress Secure Boot enabled target CY8CPROTO_064_SB (targets/TARGET_Cypress/TARGET_PSOC6/TARGET_CY8CPROTO_064_SB)
• Initial implementation of the Cypress Secure Boot tools to support CY8CPROTO_064_SB development (targets/TARGET_Cypress/TARGET_PSOC6/sb-tools)
• Added post build functions to integrate Secure Image creation in standard mbed-os build flow.
  (tools/targets/PSOC6.py)

Dependencies;

• This PR is based on changes introduced in PSOC6: initial integration of Cypress HAL #10692 and is relying on them

Testing results*:
LIN_064_ARMC6_bg.txt
LIN_064_ARMC6_bg_b.txt
LIN_064_GCC_ARM_bg.txt
LIN_064_GCC_ARM_bg_b.txt
MAC_064_GCC_ARM_bg.txt
MAC_064_GCC_ARM_bg_b.txt
WIN_064_ARMC6_bg.txt
WIN_064_ARMC6_bg_b.txt
WIN_064_GCC_ARM_bg.txt
WIN_064_GCC_ARM_bg_b.txt
WIN_064_IAR_bg.txt
WIN_064_IAR_bg_b.txt

(_bg.txt - basic greentea run
(_bg_b.txt - basic greentea buildlog)

• there are 2 tests which fail right now. Their root cause is specific implementation of HAL. Our team address this issue right now. And fix will be uploaded.

Pull request type

[ ] Fix
[ ] Refactor
[X] Target update
[ ] Functionality change
[ ] Docs update
[ ] Test update
[ ] Breaking change

Reviewers

Please suggest

Release Notes

[ciarmcom]

@romanjoe, thank you for your changes.
@ARMmbed/mbed-os-maintainers @ARMmbed/mbed-os-pan @ARMmbed/mbed-os-storage @ARMmbed/mbed-os-tools @ARMmbed/mbed-os-ipcore please review.

[artokin]

@romanjoe , #10692 is now merged to master. Would you rebase?

[romanjoe]

@romanjoe , #10692 is now merged to master. Would you rebase.

Hi, thank you for response.

I have made a fork from official master right after #10692 was merged to master. So my PR branch has that changes.

[mbed-ci]

Test run: FAILED

Summary: 3 of 4 test jobs failed
Build number : 1
Build artifacts

Failed test jobs:

• jenkins-ci/mbed-os-ci_build-ARM
• jenkins-ci/mbed-os-ci_build-GCC_ARM
• jenkins-ci/mbed-os-ci_build-IAR

[romanjoe]

I found an error message from CI log

ImportError: No module named pathlib

this module is required by post build script of Secure Boot tools and is present in requirements.txt targets/TARGET_Cypress/TARGET-PSOC6/sb-tools.

What should i do in this case?

[ifyall]

@maclobdell Can you ping someone to assist @romanjoe with the question regarding the post-build script?

[SeppoTakalo]

@ARMmbed/mbed-os-tools Can you tel us how those dependencies are handled from platform specific build scripts? Are there any limitations, or should we just accept all dependencies?

[mark-edgeworth]

I'm sorry, we do not have enough experience yet with this build system to answer this.

[SeppoTakalo]

@ARMmbed/mbed-os-test Are we OK on adding dependencies on per-platform build scripts? Should those be added into main requirements.txt?

[SeppoTakalo]

@romanjoe Due the summer holiday period, we have very delayed responses from developer teams. Therefore I have no clear answer how to handle those Python requirements.

In the mean time, I would like to suggest that you add your requirements into the root requirements.txt or find another way around it. That would allow us the test this change, as the CI will dynamically install dependencies.

[romanjoe]

Hi @SeppoTakalo, thank you for response. I added platform specific requirements to main requirements.txt of mbed-os.

But i see another problem with CI. Our target uses a specific set of post build tools. To use these tools set of cryptography keys must be generated. These keys are then used for signing hex files, generated by mbed-os.

Problem is, that these keys should be generated by user before starting work with our target. Keys should be unique every time for each user from security perspective reasons. Without keys in targets/TARGET_Cypress/TARGET_PSOC6/sb-tools/keys, mbed-os hexes will be built successfully, but not signed in post build hook which will lead to script error and CI failure.

How we can manage this issue?

PS: We use keys generation as one of jobs on our CI now. No default keys can be used in repositories.

[cmonr]

@romanjoe Please review the python failures in Travis CI:

https://travis-ci.org/ARMmbed/mbed-os/jobs/563750975#L247

[romanjoe]

Hi, I got this message from travis-ci/tools-py2.7 runner.

Could not find a version that satisfies the requirement trollius==1.0.4 (from pyshark-legacy->icetea<1.3,>=1.2.1->-r requirements.txt (line 21)) (from versions: 2.1, 2.1.post2, 2.2, 2.2.post1)
No matching distribution found for trollius==1.0.4 (from pyshark-legacy->icetea<1.3,>=1.2.1->-r requirements.txt (line 21))
The command "pip install -r requirements.txt" failed and exited with 1 during .

This issue is already tracked in #11124 and is reproducible on all mbed-os versions due to external dependencies.

[romanjoe]

Hi, as issue #11124 is resolved and closed now, all automatic CIs are completed.

Only CI needed to be ran is

continuous-integration/jenkins/pr-head

[romanjoe]

Hi, again.

Before running last CI stage, which is continuous-integration/jenkins/pr-head please review my comment above #11018 (comment).

Also please consider to review attached GreenTea test reports, generated by our CI system.

[romanjoe]

New Ci started

Ni @0xc0170, you have just merger PR11353 from Cypress - changes introduced there can potentially introduce merge conflicts for this PR - should I rebase against master now?

[mbed-ci]

Test run: FAILED

Summary: 1 of 4 test jobs failed
Build number : 7
Build artifacts

Failed test jobs:

• jenkins-ci/mbed-os-ci_build-IAR

[0xc0170]

I dont see any merge conflicts, but rebase won't hurt. @romanjoe if you can do it now before I restart CI

[0xc0170]

Let me know asap

[romanjoe]

@0xc0170 PR rebased - sorry it took more time, because there was a fix needed considering changes is that PR i mentioned

[0xc0170]

CI started

[mbed-ci]

Test run: FAILED

Summary: 3 of 4 test jobs failed
Build number : 8
Build artifacts

Failed test jobs:

• jenkins-ci/mbed-os-ci_build-GCC_ARM
• jenkins-ci/mbed-os-ci_build-IAR
• jenkins-ci/mbed-os-ci_build-ARM

[0xc0170]

The error above fixed, restarting CI

[mbed-ci]

Test run: SUCCESS

Summary: 11 of 11 test jobs passed
Build number : 9
Build artifacts