PSA tools: Find secure image at post-build

[mikisch81]

Description

Add a common function which finds the relevant secure image of a non-secure target.
This function will be called during the post-build hook which merges the secure and non-secure images together.

The logic was taken from the PSOC6 post-build hook

Tested with Musca_a1.

Pull request type

[X] Fix
[ ] Refactor
[ ] Target update
[ ] Functionality change
[ ] Docs update
[ ] Test update
[ ] Breaking change

Reviewers

@theotherjimmy @orenc17

Release Notes

[ciarmcom]

@mikisch81, thank you for your changes.
@orenc17 @ARMmbed/mbed-os-tools @ARMmbed/mbed-os-maintainers please review.

[theotherjimmy]

Resources has a notifier too, and if you're only using the notifier from the toolchain, pass in the notifier please.

[mikisch81]

Ok

[mikisch81]

Well it didn't work for resources notifier:

Traceback (most recent call last):
  File "C:\miki_dev\mbed-os_backup\tools\test_api.py", line 2210, in build_test_worker
    bin_file, _ = build_project(*args, **kwargs)
  File "C:\miki_dev\mbed-os_backup\tools\build_api.py", line 584, in build_project
    res, _ = toolchain.link_program(resources, build_path, name)
  File "C:\miki_dev\mbed-os_backup\tools\toolchains\__init__.py", line 654, in link_program
    self.binary(r, elf, bin)
  File "C:\miki_dev\mbed-os_backup\tools\hooks.py", line 54, in wrapper
    post_res = tooldesc["post"](t_self, *args, **kwargs)
  File "C:\miki_dev\mbed-os_backup\tools\targets\__init__.py", line 604, in binary_hook
    secure_bin = find_secure_image(t_self, resources, binf, configured_secure_image_filename, FileType.BIN)
  File "C:\miki_dev\mbed-os_backup\tools\psa\__init__.py", line 12, in find_secure_image
    resources.notify.debug("Secure image file found: %s." % secure_image)
AttributeError: 'Resources' object has no attribute 'notify'

[theotherjimmy]

Probably private then. Pass in a notifier instead.

[theotherjimmy]

Resources has a notifier too, and if you're only using the notifier from the toolchain, pass in the notifier please.

[mikisch81]

Ok

[theotherjimmy]

@mikisch81 I'm not seeing a change that calls this new function. How does this get invoked?

[mikisch81]

@mikisch81 I'm not seeing a change that calls this new function. How does this get invoked?

By the musca post-build hook

This is currently in a branch and will be added to #9221

[theotherjimmy]

@mikisch81 That code is not on master or in the diff, so this looks like you're adding dead code, because from the perspective of this branch you are adding dead code. Could you include the modification to the post-build hook too?

[mikisch81]

Do you suggest adding the musca post build hook here?

[theotherjimmy]

@mikisch81 That could work, and I would be alright with that. but:

The logic was taken from the PSOC6 post-build hook

So why is the PSOC6 post-build hook not refactored to use this?

[theotherjimmy]

Notifier changes requested offline.

[theotherjimmy]

Suggested change

	toolchain.notify.debug("Secure image file found: %s." % secure_image)
	notify.debug("Secure image file found: %s." % secure_image)

[mikisch81]

done

[theotherjimmy]

Suggested change

	toolchain.notify.debug("Secure image file %s not found. Aborting." % configured_s_image_path)
	notify.debug("Secure image file %s not found. Aborting." % configured_s_image_path)

[mikisch81]

done

[theotherjimmy]

Suggested change

	def find_secure_image(toolchain, resources, ns_image_path, configured_s_image_path, image_type):
	def find_secure_image(notify, resources, ns_image_path, configured_s_image_path, image_type):

[mikisch81]

done

[theotherjimmy]

Could you change this into a doc comment? You would place this in a string as the first statement inside the body of the function.

E.G.

def find_secure_image(toolchain, resources, ns_image_path, configured_s_image_path, image_type):
    """ Find secure image. """

[mikisch81]

done

[orenc17]

@mikisch81 That could work, and I would be alright with that. but:

The logic was taken from the PSOC6 post-build hook

So why is the PSOC6 post-build hook not refactored to use this?

@theotherjimmy
Psoc6 postbuild hook is being used by a variety of platforms some support PSA some not
This change comes to provide a unified solution for PSA targets only

[theotherjimmy]

@orenc17 That does not make sense. If the PSOC6 has the same logic within it, then replacing that logic with this logic works regardless of PSA or any other three letter acronym you care to use.

[theotherjimmy]

My tone on my comments has been rather harsh. My apologies, I'll be editing my comments better in the future.

I had a discussion with the authors outside of this thread, and we will be working to wire this new method into the tools in the next few days so that it's tested and verified in this PR, or the PR that contains it.

[NirSonnenschein]

starting CI

[mikisch81]

@ARMmbed/mbed-os-maintainers This PR needs to be for 5.12.0, #9910 will need this.

[NirSonnenschein]

@theotherjimmy , please re-review this PR

[mbed-ci]

Test run: SUCCESS

Summary: 13 of 13 test jobs passed
Build number : 1
Build artifacts

[orenc17]

This PR is required for #9910

[mikisch81]

@theotherjimmy see this comment to see the proposed usage of this function in #9910

[mikisch81]

@0xc0170 is it possible to merge, and if any new comments from @theotherjimmy come up a new PR will be opened?

[mikisch81]

@theotherjimmy I added tests

[theotherjimmy]

Have test. Looks great

[mikisch81]

@0xc0170 Is it possible to start CI? @theotherjimmy approved

[theotherjimmy]

@cmonr Your timezone starts soon. running CI appreciated. (this passed travis, so it should be the same result as current master)

[0xc0170]

@0xc0170 Is it possible to start CI? @theotherjimmy approved

We are now focusing on rc1 PRs and nightly job has some failures we are investigating. We will start when able.

[mikisch81]

Adding @maclobdell

[0xc0170]

I'll run one job here (exporters will fail as master has one bug) but at least to get the rest tested now

[0xc0170]

CI started

[mbed-ci]

Test run: FAILED

Summary: 1 of 13 test jobs failed
Build number : 2
Build artifacts

Failed test jobs:

• jenkins-ci/mbed-os-ci_exporter

[0xc0170]

Failure in the exporters will be fixed, tracked here #9938

[mikisch81]

@ARMmbed/mbed-os-maintainers Can we re-run the exporter job?

[NirSonnenschein]

restarted exporter to check if issue is resolved

[0xc0170]

missing license header here

[mikisch81]

Done

[0xc0170]

license addition needed

[mikisch81]

@0xc0170 Added missing license header

[0xc0170]

CI started

[ghost]

Meets post freeze criteria, PSA related. Approved.

[mbed-ci]

Test run: SUCCESS

Summary: 13 of 13 test jobs passed
Build number : 3
Build artifacts