Add ARM_MUSCA_A1 as a new target platform #8845
Conversation
This commit enables Musca-A1 for mbed. This platform is a Cortex-M33 based target with security extension enabled. This makes possible to have TF-M on the secure domain, while mbed on the non-secure domain. TF-M with its secure bootloader (McuBoot) are submitted by pre-built binaries. TF-M binary is concatenated with the non-secure mbed binary, then signed for McuBoot. Then the signed binary is concatenated to McuBoot. These post-build steps are done in post binary hook. TF-M resources are imported in original form, without any change. TF-M resources: TFM/TFM_API tools/targets/ARM_MUSCA_A1/imgtool_lib tools/targets/ARM_MUSCA_A1/imgtool.py tools/targets/ARM_MUSCA_A1/assemble.py TF-M origin: https://git.trustedfirmware.org/trusted-firmware-m.git/ TF-M 8e0fa7a926bf170f0287e0dabcf3f411bdf88ce1 Change-Id: I5f1e1b5a6c82f232992eda747fd472ac85d95fbb Signed-off-by: Gabor Kertesz <[email protected]>
| @@ -0,0 +1,46 @@ | |||
| /* mbed Microcontroller Library | |||
| * Copyright (c) 2006-2017 ARM Limited | |||
There was a problem hiding this comment.
can you fix the year (2018) in all new files. Worth also adding SPDX identifier: SPDX-License-Identifier: Apache-2.0
There was a problem hiding this comment.
All files that are created this year and haven't been released to anywhere yet, will be updated accordingly.
There was a problem hiding this comment.
Fix commit has been submitted.
| #ifndef uart0_tx_irq_handler | ||
| #error "uart0_tx_irq_handler should be defined, check device_cfg.h!" | ||
| #endif | ||
| void uart0_tx_irq_handler(void) |
There was a problem hiding this comment.
are these using static vector placement rather than dynamic (NVIC Set/Get vector functions)? If yes, why?
There was a problem hiding this comment.
Yes, it's static vector placement. This is a mechanism to make sure the weak function defined in the startup assembly is overriden. So if the expected IRQ handler is not defined, it will be caught by compile time with a proper error message.
There was a problem hiding this comment.
Correct. I was more after why static one is chosen (we use dynamic one) ?
There was a problem hiding this comment.
However there is no explicit argument against dynamic vector allocation, this pattern prefers to define platform configuration as early as possible. Since we know the expected behavior in build time, we preferred to set in that step.
It's a commonly used pattern now in our platforms, already upstreamed in CM3DS:
https://github.com/ARMmbed/mbed-os/blob/master/features/netsocket/emac-drivers/TARGET_ARM_SSG/COMPONENT_SMSC9220/smsc9220_emac.cpp#L35
https://github.com/ARMmbed/mbed-os/blob/master/targets/TARGET_ARM_SSG/TARGET_CM3DS_MPS2/us_ticker.c#L111
|
@ashok-rao 5.11 target? If yes, we should add a version label |
There was a problem hiding this comment.
Thanks @gaborkertesz . Looking great. I've requested some changes and some questions below:
- __init.py -> there are no contents, was this file added in error to the commit? Can you please check?
- PeripheralPins.c -> seems to be missing or not required here? Can you please confirm?
- Can you please attach greentea test logs for ARMC6 and GCC to this PR?
| PA23 = 23, | ||
| PA24 = 24, | ||
| PA25 = 25, | ||
|
|
There was a problem hiding this comment.
@gaborkertesz : Can you add the pins brought out on the Arduino headers as well?
There was a problem hiding this comment.
- __init.py: This is added by purpose in order to import the musca post build Python script as a module. If it's not really needed and I'm wrong, I can remove this of course.
- PeripheralPins.c: I think the required feature is implemented
in pinmap.c. - Can't attach the txt files here, it says: "Something went really wrong, and we can't process that file." Any other suggestion?
There was a problem hiding this comment.
- There are 2 init.py scripts -> tools/targets/ARM_MUSCA_A1/init.py (empty) and tools/targets/init.py in the PR ..
- Will check.
- ZIP it up and you can upload the ZIP.
There was a problem hiding this comment.
- Yes and we're talking about tools/targets/ARM_MUSCA_A1/init.py now. That's the one I created in order to import tools.targets.ARM_MUSCA_A1.ARM_MUSCA_A1_TFM in the existing tools/targets/init.py
- ZIP also doesn't work.
ARMC6: http://p.arm.com/?130
GCC: http://p.arm.com/?--g
| @@ -0,0 +1,94 @@ | |||
| /* mbed Microcontroller Library | |||
| * Copyright (c) 2006-2017 ARM Limited | |||
There was a problem hiding this comment.
Can you please change the license header and add the SPDX identifier?
There was a problem hiding this comment.
All files that are created this year and haven't been released to anywhere yet, will be updated accordingly.
There was a problem hiding this comment.
Fix commit has been submitted.
@0xc0170 : Not expecting this to get in for 5.11.0 .. We are expecting this to get in for 5.11.1 atleast. |
Since only mbed 5 is supported by Musca-A1, remove legacy 2. Change-Id: I042e3f019b3bff205e554ffd7a8ab638f286328f
This commit adds digital Arduino connector names. Change-Id: I8ea8bfa5f0c83fab42777e38db5f6baf312d9a81
Update every non-module imported file's licence header. Update to 2018 and SPDX Licence Id. Fixes some minor documentation issues. Change-Id: I2189282ead2bac7b455733394a11c632a37babbe
|
All the PRs need to be engineering ready (marked as "needs: CI") by the end of the day (Austin time). Otherwise it won't make 5.11 and will need to come in the next release (5.12 for features, 5.11.1 for fixes and new platforms). |
|
Moved to 5.11.1 release |
There was a problem hiding this comment.
Tools implementation looks ok besides the questions/issues I raised below. Not 100% sure about all of the details, especially since this is one of the first (the first?) platform implementing TF-M. Also, the lack of IAR support seems to be a missing piece (unless I missed a change in requirements).
It'd be worth having @theotherjimmy take a look as well (binary_hook added, new python package requirement, general arrangement, etc).
| "device_has": ["INTERRUPTIN", "LPTICKER", "SERIAL", "SLEEP", "USTICKER"], | ||
| "macros": ["MBED_TZ_DEFAULT_ACCESS=1", "__STARTUP_CLEAR_BSS", "MBED_FAULT_HANDLER_DISABLED", "CMSIS_NVIC_VIRTUAL", "LPTICKER_DELAY_TICKS=1"], | ||
| "extra_labels": ["ARM_SSG", "MUSCA_A1"], | ||
| "supported_toolchains": ["ARMC6", "GCC_ARM"], |
There was a problem hiding this comment.
@0xc0170 Isn't IAR required for a release_version of "5" as well?
There was a problem hiding this comment.
IAR Is required for release_version 5 for all ARMv6M and ARMv7M devices. Only ARMC6 is must for ARMv8M.
There was a problem hiding this comment.
Ok good to know. May need to tweak this a bit in some tooling checks: https://github.com/ARMmbed/mbed-os/blob/master/tools/build_api.py#L152
There was a problem hiding this comment.
I believe it was done : https://github.com/ARMmbed/mbed-os/blob/master/tools/build_api.py#L188
| try: | ||
| import Crypto | ||
| except ImportError, e: | ||
| print('Please install "pycryptodome" Python module! ("pip install --user pycryptodome")') |
There was a problem hiding this comment.
Looks like you have added a new Python dependency here but you haven't used the Crypto module in this file. Can you please remove the import?
| temporary_files = [concatenated_binary_file, signed_binary_file] | ||
|
|
||
| #1. Run assemble.py to concatenate secure TFM and non-secure mbed binaries | ||
| sys.argv = ['assemble.py', |
There was a problem hiding this comment.
This seems to be a pretty non-standard way of passing arguments to a function. Instead of setting sys.argv, would it be possible to provide these parameters to the relevant function in the assemble module?
There was a problem hiding this comment.
To add to this, sys.argv is destructively modified; the old value is lost. At the very least, don't do that.
| assemble.main() | ||
|
|
||
| #2. Run imgtool.py to sign the concatenated binary | ||
| sys.argv = ['imgtool.py', |
There was a problem hiding this comment.
This seems to be a pretty non-standard way of passing arguments to a function. Instead of setting sys.argv, would it be possible to provide these parameters to the relevant function in the imgotol module?
| for write_size in [1, 2, 4, 8] | ||
| } | ||
|
|
||
| boot_magic = bytearray([ |
There was a problem hiding this comment.
Is there any documentation for boot_magic?
| print(decode_version("1.2")) | ||
| print(decode_version("1.0")) | ||
| print(decode_version("0.0.2+75")) | ||
| print(decode_version("0.0.0+00")) |
There was a problem hiding this comment.
This seems to be some leftover test code? Probably best to remove this.
| from __future__ import print_function | ||
| from Crypto.Hash import SHA256 | ||
| from Crypto.PublicKey import RSA | ||
| from Crypto.Signature import PKCS1_v1_5, PKCS1_PSS |
There was a problem hiding this comment.
I see you're using the Crypto package here. Can you please add the pycryptodome package to the requirements.txt? https://github.com/ARMmbed/mbed-os/blob/master/requirements.txt
| y+rnmQKBgCh0gfyBT/OKPkfKv+Bbt8HcoxgEj+TyH+vYdeTbP9ZSJ6y5utMbPg7z | ||
| iLLbJ+9IcSwPCwJSmI+I0Om4xEp4ZblCrzAG7hWvG2NNzxQjmoOOrAANyTvJR/ap | ||
| N+UkQA4WrMSKEYyBlRS/hR9Unz31vMc2k9Re0ukWhWh/QksQGDfJ | ||
| -----END RSA PRIVATE KEY----- |
There was a problem hiding this comment.
Disclaimer: not a security expert 😄 But typically you don't expose private keys, is this something like an "insecure default" key?
| fh.write(mcuboot_bin_file) | ||
| fh.seek(mcuboot_image_size) | ||
| fh.write(tfm_mbed_signed_bin_file) | ||
| fh.close |
There was a problem hiding this comment.
Not required, and missing ()
|
@bridadan IAR support requires EWARM8 for v8m support, I think. |
| #1. Run assemble.py to concatenate secure TFM and non-secure mbed binaries | ||
| sys.argv = ['assemble.py', | ||
| '-l', flash_layout_file, | ||
| '-s', tfm_binary_file, |
There was a problem hiding this comment.
This argument, and the prior argument, flash_layout_file, should be configurable by the user.
| sys.argv = ['imgtool.py', | ||
| 'sign', '--layout', flash_layout_file, | ||
| '-k', join(run_dir, 'root-rsa-2048.pem'), | ||
| '--align', '1', '-v', '1.0', '-H', '0x400', '--pad', '0x100000', |
There was a problem hiding this comment.
These "magic values" (--align argument, -v argument, -H argument, --pad argument, flash_layout_file, and -k argument) should all be configurable by the user, if they will ever change. The fact that they're arguments to the TF-M script implies to me that they might change.
| # | ||
|
|
||
| try: | ||
| import Crypto |
There was a problem hiding this comment.
This indentation looks incorrect. Could you make this 4 spaces to match the rest of the file?
| dirname | ||
| ) | ||
| run_dir = dirname(os.path.realpath(__file__)) | ||
| sys.path.append(run_dir) |
There was a problem hiding this comment.
This should not be necessary.
|
|
||
| import assemble | ||
| import imgtool | ||
| import re |
There was a problem hiding this comment.
Could you separate python standard imports from the local module imports?
| sys.path.append(run_dir) | ||
|
|
||
| import assemble | ||
| import imgtool |
There was a problem hiding this comment.
Could you import these modules (which I assume are the local ones) using a relative import?
There was a problem hiding this comment.
Mbed OS will not be using the following components of TF-M, and they should not be integrated into the Mbed OS repo:
- MCUBoot - Mbed OS has it's own secure boot requirements and will not be using MCU Boot. It should be removed and replaced with an Mbed OS bootloader before merging
- psa_sst_api.h and related components should be removed. Mbed OS TDBStore, implementing the documented PSA Storage APIs, will replace it.
- Mbed OS will not us the TF-M Audit logging service, and it should be removed
- Mbed OS will choose it's own version of Mbed Crypto, so all crypto related components should be removed
|
@ARMmbed/mbed-os-maintainers - FYI, this PR uses |
If that's the case, then If it's needed to simply build, I'm not sure what additional requirements this had on the CI |
|
The plan moving forward with this PR is as follows:
These changes will be merged into the Mbed OS master branch for the 5.12 release. Partners who wish to support PSA partitioning with Mbed OS on their platforms should continue to contribute to the TF-M project. Periodic snapshots of TF-M will be taken by the Mbed OS team, and assistance from the partners will be required in porting platform-specific features. |
@ashok-rao @MarceloSalazar @screamerbg Fyi.
Does this mean that this PR needs to be stripped down. or is something new going to come in?
PSA Mbed OS team, or Mbed OS Core, or a different team? |
|
Something new is going to come in, and the work will be done by the PSA MBed OS team.
Get Outlook for iOS<https://aka.ms/o0ukef>
…________________________________
From: Cruz Monrreal <[email protected]>
Sent: Friday, December 14, 2018 12:40 AM
To: ARMmbed/mbed-os
Cc: Derek Miller; Comment
Subject: Re: [ARMmbed/mbed-os] Add ARM_MUSCA_A1 as a new target platform (#8845)
Partners who wish to support PSA partitioning with Mbed OS on their platforms should continue to contribute to the TF-M project. Periodic snapshots of TF-M will be taken by the Mbed OS team, and assistance from the partners will be required in porting platform-specific features.
@ashok-rao<https://github.com/ashok-rao> @MarceloSalazar<https://github.com/MarceloSalazar> @screamerbg<https://github.com/screamerbg> Fyi.
The TF-M SPM will be taken as is, with changes only to the build system and whatever tweaks are necessary.
Does this mean that this PR needs to be stripped down. or is something new going to come in?
The Mbed OS team will replace the TF-M crypto implementation with a snapshot of Mbed Crypto.
PSA Mbed OS team, or Mbed OS Core, or a different team?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub<#8845 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AD1LXFdxtcax3B6NzZK0Ipc6T5cjRWRyks5u4vNogaJpZM4Yv1ZM>.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
|
|
Thanks @dreemkiller. Will close this for now, expecting a new PR. |
|
@gaborkertesz @tamasolaszi .. FYI . |
Description
This commit enables Musca-A1 for mbed. This platform is a Cortex-M33
based target with security extension enabled.
This makes possible to have TF-M on the secure domain, while mbed on
the non-secure domain.
TF-M with its secure bootloader (McuBoot) are submitted by pre-built
binaries.
TF-M binary is concatenated with the non-secure mbed binary, then
signed for McuBoot. Then the signed binary is concatenated to McuBoot.
These post-build steps are done in post binary hook.
TF-M resources are imported in original form, without any change.
TF-M resources:
TF-M origin:
McuBoot and TF-M boots first and it's printing to UART by
115200 BaudRate, which is not configurable, since these are
pre-built binaries.
After secure initilazation, the non-secure mbed starts to boot.
All GreenTea tests are passed by ARMC6 compiler:
mbedgt: test case results: 513 OK
mbedgt: completed in 12944.13 sec
All GreenTea tests are passed by GCC_ARM compiler:
mbedgt: test case results: 513 OK
mbedgt: completed in 12943.59 sec
The following APIs are implemented:
Low-Power Ticker, MicroSec Ticker, Serial, Sleep, Interruptin
Due to a HW limitation, GPIO in Musca-A1 is Secure only,
so secure service should be used for GPIO in NS domain.
At this stage TF-M doesn't include this service, so GPIO is
added by dummy implementation in order to pass tests.
mbed-ls pull request adding this new platform:
ARMmbed/mbed-ls#404
Pull request type