Additions to TF-M source integration

[mikisch81]

Description

• Add common TF-M mbed_lib.json in addition to the secure-side mbed_lib.json.
• Add TF-M defines to mbed_app.json.
• Update list of SHAs in TF-M importer json.
• Add image signing scripts from TF-M bl2 library, which is used by targets ported to TF-M
  • These scripts are used by Musca_a1 (and probably) more targets which will use TF-M as their Secure Kernel.

Pull request type

[X] Fix
[ ] Refactor
[ ] Target update
[ ] Functionality change
[ ] Docs update
[ ] Test update
[ ] Breaking change

Reviewers

@orenc17

Release Notes

[ciarmcom]

@mikisch81, thank you for your changes.
@orenc17 @ARMmbed/mbed-os-tools @ARMmbed/mbed-os-maintainers please review.

[0xc0170]

help - typo? same as previous one

[orenc17]

fixed

[bridadan]

Is it appropriate to disable the fault handler in a library? I looked for a justification for this change in the commit message but I didn't find one.

[orenc17]

when building TFM we are not using parts of mbed-os
Some of those parts are the fault handlers, and this is because TFM implements their own

[bridadan]

Good enough for me!

[orenc17]

@ARMmbed/mbed-os-maintainers can this start CI please ?

[mikisch81]

@orenc17 let's wait for @bridadan approval

[bridadan]

Good enough for me!

[cmonr]

CI started

Please rereview. Changes applied.

[mbed-ci]

Test run: SUCCESS

Summary: 12 of 12 test jobs passed
Build number : 1
Build artifacts

[NirSonnenschein]

@0xc0170 , this has now passed CI, please re-review the fix for your comments so this can be "ready"

[orenc17]

@0xc0170 , this has now passed CI, please re-review the fix for your comments so this can be "ready"

@cmonr i think you got competition for the MOTR award

[cmonr]

What is this suppose to mean?

[orenc17]

This is one TFM properties
security level is corresponding with PSA memory separation level desired

This is an internal TFM config, and a prep for the future when we will have a greater level of memory separation.

[mikisch81]

Added another commit which was cherry-picked from #9221.
It adds image signing scripts from TF-M bl2 library which are used by Musca_a1 post-build hook.
Because more targets which will use TF-M as their Secure Kernel may use these scripts I moved the commit here in order to remove dependency on the Musca PR.
@bridadan can you re-review?

[bridadan]

It's generally ok since I've already reviewed these files. However, my understanding is these scripts are scraping addresses from a flash_layout.h file. We do not scrape info from source files in Mbed OS. We use the configuration system for this and then generate the macros that can be used in the code base. If the intention is to reuse these scripts across targets, I think this needs to be revisited in the future.

[bridadan]

In the future, if this script is going to be reused by other targets, we should be moving "configuration" into the targets.json/mbed_lib.json, not scraping it from the flash_layout.h file.

[mikisch81]

I absolutely agree, this is something we are aware of and will try to use this in the Musca PR

[cmonr]

@mikisch81 @orenc17 Can y'all make and link a Jira issue so that we don't lose this conversation?

We'll start CI in the meanwhile.

[mikisch81]

@cmonr @bridadan @orenc17 @alzix Created IOTSEC-1104 for that.

[cmonr]

CI started

[mbed-ci]

Test run: SUCCESS

Summary: 12 of 12 test jobs passed
Build number : 2
Build artifacts