M2351: Enhance secure/non-secure image build flow for non-PSA target #11288
Conversation
|
@ccli8, thank you for your changes. |
ccli8
force-pushed
the
nuvoton_m2351_comb-sec-nonsec
branch
from
8919493 to
a2d47e7
Compare
|
Any update? |
Can this be non breaking change or this target has not been released ? Please add release notes section above. |
|
Add Release Notes section. |
|
Thanks, what is the impact of this change ? What are we breaking ? My previous question still stand: "Can this be non breaking change or this target has not been released ?" We should be aware of the scope of breakages. Are there any migration steps needed? |
This target has been released with target name NUMAKER_PFM_M2351. But to support combined build and further TF-M #10959, target name must be changed. So this PR must be breaking change. The related changes user needs to follow are as Release Notes section describes. |
Yes, there are also PSA targets. #10959 is on-going for it. Actually, there will be four target names for the NuMaker-PFM-M2351 board:
#10959 is blocked with TF-M integration. This PR is an excerpt of #10959 to support combined build on non-PSA target in advance.
For TZ target, prebuilt secure image will place in mbed-os tree. In normal cases, user just needs to build non-secure code. But if user doesn't want the prebuilt secure image and wants to provide his own for e.g. ROM/RAM re-partition on NuMaker-PFM-M2351, he needs to remove the prebuilt one in mbed-os tree. |
|
These target names may be too long for the database that stores them (there is a 20 character limit I believe) |
@mark-edgeworth Which database? Can this be released? |
targets/targets.json
Outdated
| @@ -8353,8 +8353,7 @@ | |||
| "macros_add": ["CMSDK_CM7"], | |||
| "device_has_add": ["MPU"] | |||
| }, | |||
| "NUMAKER_PFM_M2351": { | |||
| "core": "Cortex-M23-NS", | |||
| "NUMAKER_PFM_M2351_CM": { | |||
There was a problem hiding this comment.
This change needs to be replicated into the online database (please ask you TAM representative) and the platform database in https://github.com/ARMmbed/mbed-os-tools
There was a problem hiding this comment.
This change needs to be replicated into the online database (please ask you TAM representative)
OK
the platform database in https://github.com/ARMmbed/mbed-os-tools
The platform name NUMAKER_PFM_M2351 in mbed-os-tools database is kept unchanged for compatibility. Don't want to meet mismatch issue with mbed-os-tools and mbed-os.
There was a problem hiding this comment.
I'm not sure what your comments mean, can you explain? The names need the same in all places or the entire build system, testing and reporting will not work.
mbed-os-tools defines the board type when the product/detect code from the board is detected. This means that some systems will attempts to build based on this board type, which will not be present in mbed-os.
There was a problem hiding this comment.
@madchutney Originally, I want to keep the M2351 platform name in mbed-os-tools unchanged, so users don't need to care about version match between mbed-os and mbed-os-tools. Now that the name must be consistent across different tools, I will send another PR to mbed-os-tools repo to change platform name to NU_PFM_M2351 from NUMAKER_PFM_M2351 after this PR is confirmed. bcf8cc6 is addressing the target name/platform name conversion for M2351 like other PSA targets.
targets/targets.json
Outdated
| "mbed_ram_size" : "0x10000" | ||
| "public": false | ||
| }, | ||
| "NUMAKER_PFM_M2351_NOPSA_NS": { |
There was a problem hiding this comment.
This name is too long as it also needs to be in the online database (max 20 characters)
targets/targets.json
Outdated
| "mbed_ram_start" : "0x30008000", | ||
| "mbed_ram_size" : "0x10000" | ||
| }, | ||
| "NUMAKER_PFM_M2351_NOPSA_S": { |
There was a problem hiding this comment.
This name is too long as it also needs to be in the online database (max 20 characters)
I'm sorry, no. See the inline review comments for why (@madchutney is responding now). |
tools/targets/__init__.py
Outdated
| assert os.path.isfile(ns_hex), "Non-secure image %s must be regular file" % s_hex | ||
|
|
||
| # Keep original non-secure before merge with secure | ||
| ns_nosecure_hex = _ + "_no-secure-merge" + ext |
There was a problem hiding this comment.
Please don't use _ as variable name, convention says this can be used when a return value is not required but then to actually use it is wrong.
tools/targets/__init__.py
Outdated
| t_self.notify.info("Found secure image %s" % s_hex) | ||
|
|
||
| _, ext = os.path.splitext(s_hex) | ||
| assert ext == ".hex", "Secure image %s must be in Intel HEX format" % s_hex |
There was a problem hiding this comment.
This assert does not seem to be checking for a programming assertion but rather a test for the file retrieved.
|
For target name exceeding 20 characters limited by on-line, I will change to:
Their base name NUMAKER_PFM_M2351_CM will rename to NU_PFM_M2351_CM. |
ccli8
force-pushed
the
nuvoton_m2351_comb-sec-nonsec
branch
from
a2d47e7 to
5a87dbb
Compare
|
Make modifications:
|
|
Any update? |
adbridge
added
needs: work
release-version: 5.14.0-rc3
and removed
release-version: 5.14.0-rc2
labels
This will add back immediately after target renaming is done.
1. Create a private target name NU_PFM_M2351_CM which stands for the
NuMaker-PFM-M2351 board and is to be extended.
2. NU_PFM_M2351_NPSA_S/NS target names for non-PSA secure/non-secure targets
respectively.
3. The original target name NUMAKER_PFM_M2351 is recycled and cannot be used.
Use NU_PFM_M2351_S/NS for non-PSA secure/non-secure targets instead.
NOTE: Target name doesn't follow the rule below because online database has
limit of max 20 chars:
NUMAKER_PFM_M2351_PSA/NOPSA_S/NS
Instead, it has the rule:
NU_PFM_M2351_[NPSA_]S/NS
NU_PFM_M2351_S/NS for PSA targets. This is to be consistent with current
PSA target naming. So the resolved target names are:
NU_PFM_M2351_S : PSA secure target
NU_PFM_M2351_NS : PSA non-secure target
NU_PFM_M2351_NPSA_S : Non-PSA secure target
NU_PFM_M2351_NPSA_NS : Non-PSA non-secure target
Support secure/non-secure combined build for non-PSA target:
1. In secure post-build, deliver built secure image to TARGET_NU_PREBUILD_SECURE
directory which is to combine later.
2. In non-secure post-build, merge non-secure image with secure image saved in
TARGET_NU_PREBUILD_SECURE directory.
3. In non-secure post-build, user can also drop pre-built secure image saved in
TARGET_NU_PREBUILD_SECURE directory and provide its own by adding the line below
in mbed_app.json:
"target.extra_labels_remove": ["NU_PREBUILD_SECURE"]
NOTE1: USB UART is partitioned for non-secure world. Secure world still can share
it with limit that its interrupt cannot use in secure world.
NOTE2: In secure world, USB UART is only for Greentea and STDIO. Developers shouldn't
use it for other purposes.
This is necessary for exporting M2351 uvision project.
ccli8
force-pushed
the
nuvoton_m2351_comb-sec-nonsec
branch
from
b1ca3e1 to
0ed126b
Compare
|
Make modifications:
|
|
@ccli8 Thanks for the modifications. |
|
CI started dependency is in! |
Test run: FAILEDSummary: 2 of 4 test jobs failed Failed test jobs:
|
|
CI restarted |
Test run: SUCCESSSummary: 11 of 11 test jobs passed |
|
This is now ready for integration |
Description
This PR is to enhance secure/non-secure image build flow for non-PSA target. Its update is abstracted from #10959 just for the non-PSA part to improve build UX. It is expected that this PR and #10959 are compatible for the build flow. It has the following modifications:
The above modifications enhance build flow but at the same time cause incompatibility with current one:
TARGET_NU_PREBUILD_SECUREdirectory and provide its own by adding the line below in mbed_app.json instead of removing it through .mbedignore:Pull request type
Release Notes
Changes for NuMaker-PFM-M2351: