- May 03, 2019
-
-
Gyorgy Szing authored
The official documentation format for TF-M is becoming Restructured Text. This change converts the existing .md files to the new format. Due to support for documentation of external code (/lib) md support is kept. Change-Id: I3c1aef5d22442e0c7c362a40a8d344a266dc0940 Signed-off-by:Gyorgy Szing <Gyorgy.Szing@arm.com>
-
- May 02, 2019
-
-
Gyorgy Szing authored
Technical documentation of TF-M is captured in GitHub flavored markdown files. This change add support for building HTML and PDF output of these files using the Sphinx tool. Change-Id: I8be11256f2c654c248b1974974a5de6190ca0fc3 Signed-off-by:
-
- Apr 30, 2019
-
-
Mate Toth-Pal authored
Change-Id: I2ede0c329b18b11b9b4592b13e178a3705e745e0 Signed-off-by:Mate Toth-Pal <mate.toth-pal@arm.com>
-
- Apr 29, 2019
-
-
Ken Liu authored
To avoid exceeding the command line length limitation, a linker supports extracting parameters from a file instead of processing a long parameter list in the command prompt. CMake puts linker parameters in a response file (typically named as 'objects1.rsp') for linker if there are a lot of parameters to be processed, then assign linker specified flags for the linker to extract parameter from this file. CMake applies GNU 'ld' option '@' as default flag if the flag is not set precisely for a linker, which leads to potential linker error while using ARMCLANG: Fatal error: L6002U: Could not open file @CMakeFiles/tfm_s.dir/objects1.rsp: No such file or directory Precisely set response file extracting flag for each linker to fix this problem: '@' for 'GNUARM' and '--via=' for 'ARMCLANG'. Change-Id: If2ce6644c16aafd0d8c7d8db01e42548ec81825e
-
- Apr 25, 2019
-
-
Edison Ai authored
MAIR_ATTR for all regions are set as ZERO, which indicates all regions as Device-nGnRnE. Set proper MAIR_ATTR settings for dedicated MPU regions. The attributes come from the default memory map. And set the same attribute for Outer and Inner of Normal memory. Device-nGnRE : 0b [Outer]0000 [Inner]0100 Code WT RA : 0b [Outer]1010 [Inner]1010 DATA WBWA RA : 0b [Outer]1111 [Inner]1111 Change-Id: Id1baddc0810681656f2e63d5c9de88bf08187e0a Signed-off-by:Edison Ai <edison.ai@arm.com>
-
Edison Ai authored
MAIR_ATTR for all regions are set as ZERO, which indicates all regions as Device-nGnRnE. Set proper MAIR_ATTR settings for dedicated MPU regions. The attributes come from the default memory map. And set the same attribute for Outer and Inner of Normal memory. Change-Id: I279e2510746f3b98a8537daf9cdc9ccf63cd14ae Signed-off-by: -
Edison Ai authored
In isolation level 2, the veneer function works in thread, unprivileged mode. Move the tfm_nspm_svc_register_client which be called by veneer function to fix the memory fault. Change-Id: I63ccbbcbca590912077452e6f49af098ec623054 Signed-off-by: -
Edison Ai authored
- Move the tfm_psa_api_client.c into ns_callable folder. - Change tfm_psa_api_client.c to tfm_psa_api_veneers.c. Change-Id: I0c6f76b3cb719c74ea40526b8d677e86bb39e0b1 Signed-off-by: -
Edison Ai authored
NS jumping belongs to NSPM thread now, which is already under unprivileged when TFM_LVL is 3 or 2(library model). Change-Id: I043e051f1c0f5707a5d768483452922eff4ea5c2 Signed-off-by: -
Ken Liu authored
The current thread indicator 'CURR_THRD' is NULL before first context switching. This leads to save runtime context into a NULL address and cause a Bus Fault in the specified platform. Create a dedicated scheduler start function to set a CURR_THRD default value and add assert to ensure the integrity of thread pointers. Change-Id: Ifcd3f10c8e648adccadecc2ee3ea70a9c318d7cf Signed-off-by:Ken Liu <ken.liu@arm.com>
-
- Apr 24, 2019
-
-
The build system failed to properly specify compilation switches for armasm when executing debug builds (-DCMAKE_BUILD_TYPE=Debug). As a resolution the "embedded_project_fixup()" processing was changed to define proper compilation switches. Change-Id: I412be8dc3037df860f064e32c4cad2c48c70a30e Signed-off-by: -
Dávid Vincze authored
The MCUBoot files were added from the original MCUBoot repository with version 1.0.0 and since then the code bases have diverged from each other significantly. This patch performs a partial synchronization between the MCUBoot files in TF-M and in the original repo. The hash of source commit in the original MCUBoot repo: 178be54bd6e5f035cc60e98205535682acd26e64. The flash interface has also been extended and this patch includes the implementation of these new functions too. Change-Id: I16897ba884b56f90c9d35f99b709de86704a11ad Signed-off-by:David Vincze <david.vincze@arm.com>
-
- Apr 23, 2019
-
-
Edison Ai authored
The non-secure thread entry is used to replace the idle thread. It takes over the main init process, and jump to the non-secure world at last. - Set the non-secure thread entry with the lowest priority. - Delete the idle thread which is unused anymore. - Refine tfm_pendsv_do_schedule() function, does not need to handle the idle thread. Change-Id: Id2b04647db26b92c61f5f63fb0ac0f814a55aab4 Signed-off-by: -
Ken Liu authored
- Move tfm_pendsv_do_schedule() from tfm_thread.c to tfm_spm.c. - Add isolation level 2 support in tfm_pendsv_do_schedule(). Change-Id: Ida37cd9210710c22a7d336ac8041556eb6a6dba3 Signed-off-by: -
Edison Ai authored
Create the privileged mode change function to change the privileged status for partition thread mode. Change-Id: I68698bb99ef063655b70817364a0c60c19d5e5d0 Signed-off-by:
-
- Apr 22, 2019
-
-
Edison Ai authored
tfm_core.c is the main entry c file for both IPC and library model. Split it by using "TFM_PSA_API" to decrease the code size. Change-Id: I9893a948ceef78469da09a1eec5aa19fea3f1003 Signed-off-by:
-
- Apr 19, 2019
-
-
Edison Ai authored
Use the data region which predefined in the manifest as thread stack. Change-Id: I9f5dad0cdc3fb151563346cdea53128701c982b3 Signed-off-by: -
Edison Ai authored
The added exit function calls SVC to let SPM switch thread status. And put it in the SFN region so that it can be used both in privileged and unprivileged mode. Change-Id: I7803cebf318596ca4ebf34c784f3eb5fb4643baa Signed-off-by: -
Edison Ai authored
Move the PSA APIs in the SFN region so that they can be accessed by both the privileged and unprivileged mode. In isolation level 2, APP RoT works on unprivileged mode while PSA RoT works on privileged mode. Change-Id: Ia5f03b79b893d4ac3558df3f4fa48f6373f9ddff Signed-off-by: -
Edison Ai authored
Add the missed "TFM_SVC_SCHEDULE" in SVCHandler_main() function in IPC model. It is used when processing the tfm_thrd_activate_schedule() function. Change-Id: I0a05154b830b06f44c25f5de5b30ee9bcf2e03d0 Signed-off-by: -
Edison Ai authored
Use MPU region 4 and 5 to configure the resource of APP RoT when MPU init. No dynamical MPU region configuration needed in isolation level 2. Change-Id: I1873404c4fe9591db5aade5311927dc5ac738df7 Signed-off-by: -
Edison Ai authored
Change the type of IPC test service partition from APPLICATION RoT to PSA RoT for the isolation level 2 test. Change-Id: I63650fc11ac7009f4401255f642678619ade481f Signed-off-by: -
Summer Qin authored
In isolation level 2, the secure partition is divided into two modes: privileged mode or unprivileged mode. Add privileged setting check while performing memory check. Change-Id: I3a23df9aea34920f662a36e1389063d591b37119 Signed-off-by:Summer Qin <summer.qin@arm.com>
-
Summer Qin authored
Use TFM predefined return value prototype instead of the hardcode of return value for memory check functions. Change-Id: I453181197abe763e0a552cf4f6b29cf08eaf2ba2 Signed-off-by:
-
- Apr 18, 2019
-
-
Antonio De Angelis authoredThis patch introduces the consistent usage of the keyword volatile to mark inline assembly blocks in order to avoid potential issues with aggressive optimisation modes that could remove them. Change-Id: I304286658b87ec41e738760479ef067895a63464 Signed-off-by:
Antonio de Angelis <antonio.deangelis@arm.com> -
Antonio De Angelis authored
This patch refactors the tfm_core_ns_ipc_request() function in order to minimise the inline assembly required. This improves maintainability and reduces the potential of incorrect code generation when aggressive optimisation modes are used during compilation. Change-Id: I871f49a4d9c3cf07ebaf29246855c5265b91773c Signed-off-by:Antonio de Angelis <antonio.deangelis@arm.com> -
This patch fixes an issue where NS execution can mask or preempt the secure PendSV interrupt, by making sure that the priority number of the secure PendSV is high enough not to be preempted or masked by the NS execution. Change-Id: Iab0ff351efc4e45d92fd80538e0594e65d64623a Signed-off-by:
-
- Apr 17, 2019
-
-
Ken Liu authored
MAIR_ATTR for all regions are set as ZERO, which indicates all regions as Device-nGnRnE. Set proper MAIR_ATTR settings for dedicated MPU regions. The attributes come from the default memory map. And set the same attribute for Outer and Inner of Normal memory. Device-nGnRE : 0b [Outer]0000 [Inner]0100 Code WT RA : 0b [Outer]1010 [Inner]1010 DATA WBWA RA : 0b [Outer]1111 [Inner]1111 Change-Id: I2c669b693890e722219f2951fb5f72b61a411cc6 Signed-off-by: -
Edison Ai authored
The start address and end address of App RoT memory region are used to config MPU in Level 2. Only support AN521 with ARMCLANG now. Change-Id: I7913296b91c9ab8dbb1138c87168c2df0c7fadf8 Signed-off-by: -
Edison Ai authored
In isolation level 2, App RoT has different memory character with PSA RoT. It needs to re-arrange the placement of secure partition into two groups so that the data in same group can share one MPU region. Only support AN521 with ARMCLANG now. Change-Id: I03ad063d54a6c7eeecce12fc9e2cb76c82e43bfe Signed-off-by: -
Jamie Fox authored
Expands the Musca board flashing instructions to clarify the steps that need to be followed to successfully flash the board. Change-Id: I5b4dd9f90a02637171b9bf2ba9fa5a0f988793a2 Signed-off-by:Jamie Fox <jamie.fox@arm.com>
-
Jamie Fox authored
Updates documents and comments to consistently refer to Musca-A, rather than using a mix of Musca-A and Musca-A1. Change-Id: I3a22b604cb06621842ddc4d6904c145dc0fcb890 Signed-off-by: -
This address the unaligned memory issue with the previous design. Change-Id: I69660d1bc3aeb260f7603f881d2c9e5ac94c75e8 Signed-off-by:Laurence Lundblade <lgl@securitytheory.com>
-
Tamas Ban authored
A hard coded value of challenge object is defined twice. Change-Id: Ieb3b1f16f96f8a3c30acf010bfd825f7905d3a17 Signed-off-by:Tamas Ban <tamas.ban@arm.com>
-
Special option flags (for test purpose) can be passed in for attestation service. These flags are encoded in the challenge object. Previously a 36 bytes long challenge object was used to carry these 4 extra bytes, but attestation API requires the challenge object to be only 32, 48 or 64 bytes long. With this change the option flags are packed in a 64 bytes long challenge object which has a predefined value. If the challenge object is 64 byte long and the bytes from 4 to 63 have 0 value in this case the first 4 bytes are handled as the option flags. Change-Id: I2a4d0bf417905d74cca0fbdb5070cdef085fe308 Signed-off-by:
-
Tamas Ban authored
Introduce wrapper structure to simplify the handling of boot status data. Change-Id: I4fecbf2b346e4e773a898b6013c0b351bcf5beeb Signed-off-by: -
Tamas Ban authored
Reduce dependency of NS app in case of default config build. Change-Id: Ib02e3dcdd2255385fe9c99a9fb1a753ee4de3b15 Signed-off-by: -
Tamas Ban authored
Move a define to be able to use it from other source files as well. Change-Id: If9ce2ea57acb792df586096c98ccf1b3b68fdb3c Signed-off-by: -
Tamas Ban authored
Integrate attestation test suite with CBOR/COSE parser: - Parse the token and verify the presence and the value of the claims - Verify the signature of the token Change-Id: I169eb0ba96eb81ff759328a5628a5147545ccd13 Signed-off-by: -
This consists of three sub-parts: 1) an implementation of COSE signature verifcation, 2) an implementaiton of token decoding, 3) test that do comparison to expected values. Change-Id: I37dfebf97a4658741ff0721a5b769781b2634ea7 Signed-off-by:
-
