CMSIS: Add TrustZone functions #6483
Conversation
TZ_context functions are part of secure state binary and are used to handle secure stack for thread execution.Template implementation from CMSIS is used, can be enhanced in future.
|
@tkaman Please review |
| @@ -149,7 +149,8 @@ | |||
| "a019acaf8d6fb1f0512414d072f667cc2749b1d9", | |||
| "a884fdc0639ae4e17299838ec9de4fddd83cf93c", | |||
| "6c827cb5879bc096e45efd992dfadcb96c1d50bc", | |||
| "919282322e106b82fea50878f41b6c75a7eb356b" | |||
| "919282322e106b82fea50878f41b6c75a7eb356b", | |||
There was a problem hiding this comment.
Is there a way forward without addingn extra commits here?
There was a problem hiding this comment.
@bulislaw - Can work on that if you have any suggestions. In this case the code is picked from sample implementation and wont even compile as is.
https://github.com/ARM-software/CMSIS_5/blob/develop/CMSIS/RTOS2/RTX/Examples/TrustZoneV8M/RTOS/CM33_s/tz_context.c#L29
I have 3 changes listed below of which I have solution for two, but still for header file we will need a commit, unless you want to track it some other way.
- Update Stack size to 512: Can add PR to CMSIS repo
- Config options : Can remove completely (Cannot add to config files which reside inside RTOS, as the entire folder is skipped during secure lib build)
- Add correct header file.
There was a problem hiding this comment.
You probably won't need the _RTE_ for current version of CMSIS
There was a problem hiding this comment.
Why? Use the #include "RTE_Components.h" and #include CMSIS_device_header the same way my commit does and configure it in config file. Is there something i'm missing?
There was a problem hiding this comment.
@bulislaw - Sorry I missed the header part, but the change I wanted to address was conditional compilation. b93aca2#diff-ae477765d86108e79533ea6617f50737R28
File should be compiled only in case of secure build and not for non-secure build, will check with @theotherjimmy if we can have some option from tools
There was a problem hiding this comment.
Yep. We can have that support in the tools. We currently don't have something like that. Would you like that as part of this PR? or another PR?
deepikabhavnani
force-pushed
the
add_tz_functions
branch
from
a289285 to
5425e82
Compare
Added config parameter for TZ stack size and update code to add correct header file.
deepikabhavnani
force-pushed
the
add_tz_functions
branch
from
5425e82 to
ecf2f86
Compare
I will leave it to you. Commit ecf2f86 is reminder for me, Will remove it once we have support in tools |
@deepikabhavnani @theotherjimmy Are we expecting the tools support anytime soon, is this PR blocked because of it? |
|
@0xc0170 - |
tz_context.c should be compiled only for secure world, definition of API's in tz_context.h should be part of secure binary/bootloader when building mbed-os as non-secure
deepikabhavnani
force-pushed
the
add_tz_functions
branch
from
ecf2f86 to
40e2737
Compare
|
@bulislaw - Please review |
There was a problem hiding this comment.
Approved, we'll need to revisit that when the secure world story is a bit more matured. I wouldn't like people to assume Mbed is supposed to live in TrustZone or that the mbed_tz_context.c is a proper production solution. @SenRamakri
|
/morph build |
There was a problem hiding this comment.
Before I approve, I would like to understand how is this used (the plans) ? As this brings some functions but how to use them, can I? should I?
cmsis/TARGET_CORTEX_M/mbed_tz_context.c - this is our file? From the name it seems, but implementation does not conform to the style we do?
Build : SUCCESSBuild number : 1769 Triggering tests/morph test |
|
@0xc0170 - cmsis/TARGET_CORTEX_M/mbed_tz_context.c is CMSIS file, part of application hence we renamed it to mbed_ - for mbed OS. |
👍 |
Exporter Build : SUCCESSBuild number : 1408 |
Test : SUCCESSBuild number : 1579 |
0xc0170
added
ready for merge
release-version: 5.9.0-rc1
and removed
needs: review
labels
Exporter Build : FAILUREBuild number : 1436 |
Description
Add TZ functions to mbed-os build from CMSIS repo. These functions are required to be part of secure library when RTOS support is required in non-secure mbed-os.
Pull request type
CC @bulislaw