Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
# IoT Reference Integration for Arm Corstone-3xx with CMSIS-RTOS2
## Introduction
This reference integration demonstrates how to develop cloud connected
applications and update them securely by integrating
[CMSIS-FreeRTOS](https://arm-software.github.io/CMSIS-FreeRTOS/main/index.html)
([FreeRTOS kernel](https://www.freertos.org/RTOS.html) with a
[CMSIS-RTOSv2](https://arm-software.github.io/CMSIS_5/RTOS2/html/index.html) compatibility layer),
and utilizing hardware enforced security based on [Arm TrustZone (Armv8-M)](https://www.arm.com/architecture/learn-the-architecture/m-profile).
To utilize the hardware enforced security, this integration uses PSA Certified
reference implementation [Trusted Firmware-M](https://www.trustedfirmware.org/projects/tf-m/).
Trusted Firmware-M provides various Secure services such as Secure boot, Crypto, Secure Storage,
Attestation and Update services meeting [PSA Certified requirements](https://www.psacertified.org/blog/psa-certified-10-security-goals-explained/).
Developers and partners can use this integration as a starting point to build
CMSIS-FreeRTOS based software stack on top of Arm Cortex-M based
platforms. All the components are put together in a modular manner to make
porting of this integration across platforms easy.
## Architecture
The following diagram illustrates the architecture of the CMSIS-RTOS2 FRI project.
The Secure services provided by Trusted Firmware-M can be seen on the
right-hand side of the image. These include Crypto, Attestation and Secure
Storage. It also provides secure boot via a bootloader (MCUboot). The Secure
Partition Manager (SPM) in Trusted Firmware-M provides the runtime for Secure
services.
On the left-hand side, the Non-secure software
stack is shown. This includes the FreeRTOS kernel with a CMSIS-RTOSv2
compatibility layer. These two layers are packaged together as one component
called CMSIS-FreeRTOS. The Blinky example, which uses CMSIS-RTOSv2 APIs, can be
seen above these two layers. FreeRTOS tasks can utilise Trusted Firmware-M
secure services via the PSA functional APIs.
## Supported Targets
Arm Corstone-3xx targets include an example subsystem based on the Cortex-M
CPU and Ethos NPU, alongside a range of other components in a scalable and
flexible reference package. This enables designers to build secure,
AI-capable SoCs faster.
Arm's [Fixed Virtual Platform](https://www.arm.com/products/development-tools/simulation/fixed-virtual-platforms)
is used to run the application artefacts.
The [currently released version <11.24.22>](https://developer.arm.com/downloads/-/arm-ecosystem-fvps)
of FVP is supported by the CMSIS-RTOS2 FRI project.
* [Corstone-315](https://developer.arm.com/Processors/Corstone-315)
* Arm Cortex-M85 CPU, Ethos-U65 NPU and Mali-C55 ISP
* [Corstone-310](https://developer.arm.com/Processors/Corstone-310)
* Arm Cortex-M85 CPU and Ethos-U55 NPU
* [Corstone-300](https://developer.arm.com/Processors/Corstone-300)
* Arm Cortex-M55 CPU and Ethos-U55 NPU
## Supported Toolchains
* Arm GNU Toolchain (arm-none-eabi-gcc)
* Arm Compiler for Embedded (armclang)
> Note:
The build script `./tools/scripts/build.sh` assumes
`Arm GNU Toolchain (arm-none-eabi-gcc)` by default, append the extra option
`--toolchain ARMCLANG` to build using Arm Compiler for Embedded Toolchain.
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
## Project organisation
The [document](docs/project_organisation.md) describes the organistation of the project in detail.
## Examples
This reference integration contains the following example:
* [Blinky example](docs/applications/blinky.md)
* Demonstrates CMSIS-FreeRTOS and TF-M integration
## Software Components
### Fetching
Generally all the components used within the CMSIS-RTOS2 FRI project are fetched using `git submodules` from their official repositories into `components/` directory. Exact location and the version are recorded in the [manifest.yml](manifest.yml).
### Trusted Firmware-M
Trusted Firmware-M (TF-M) implements the Secure Processing Environment (SPE)
for Armv8-M, Armv8.1-M architectures (e.g. the Cortex-M33, Cortex-M23,
Cortex-M55, Cortex-M85 processors) and dual-core platforms. It is the platform
security architecture reference implementation aligning with PSA Certified
guidelines, enabling chips, Real Time Operating Systems and devices to become
PSA Certified. Follow the [link](https://tf-m-user-guide.trustedfirmware.org/introduction/readme.html)
for more information on Trusted Firmware-M. To have a better overview of how Trusted Firmware-M is integrated with the CMSIS-RTOS2 FRI project, you're kindly asked to check [Trusted Firmware-M component document](docs/components/trusted_firmware-m/trusted_firmware-m.md)
## License
Source code located in the *applications* directory is
available under the terms of the MIT License. See the [LICENSE](./LICENSE) file
for more details.
Other files in the repository are available under the terms specified in each
source file.